keepalived实现LVS-DR双主模式的高可用
环境准备
五台机器:
client:10.0.0.150/24 MySQL
ka1+lvs:10.0.0.7/24 virtual router ID:66
ka2+lvs:10.0.0.17/24 virtual router ID:66
rs1:10.0.0.27/24 httpd+MySQL
lo:VIP:10.0.0.10/32 80
lo:VIP:10.0.0.20/32 3306
rs2:10.0.0.37/24 httpd+MySQL
lo:VIP:10.0.0.10/32 80
lo:VIP:10.0.0.20/32 3306
#ka1节点的配置
[root@ka1 conf.d]#pwd
/etc/keepalived/conf.d
[root@ka1 conf.d]#cat ka2.conf
vrrp_instance ka2 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:2
}
unicast_src_ip 10.0.0.7
unicast_peer{
10.0.0.17
}
}
[root@ka1 conf.d]#cat ka2_lvs.conf
virtual_server 10.0.0.20 3306 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.27 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.37 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ka1 conf.d]#scp ka2_lvs.conf 10.0.0.17:/etc/keepalived/conf.d/
#ka2节点的配置
[root@ka2 conf.d]#pwd
/etc/keepalived/conf.d
[root@ka2 conf.d]#cat ka2_vrrp.conf
vrrp_instance ka2 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 6iWOIsiu
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:2
}
unicast_src_ip 10.0.0.17
unicast_peer{
10.0.0.7
}
}
[root@ka1 conf.d]#systemctl restart keepalived.service
[root@ka1 conf.d]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.10:80 rr
-> 10.0.0.27:80 Route 1 0 0
-> 10.0.0.37:80 Route 1 0 0
TCP 10.0.0.20:3306 rr
-> 10.0.0.27:3306 Route 1 0 0
-> 10.0.0.37:3306 Route 1 0 0
[root@ka2 conf.d]#systemctl restart keepalived.service
[root@ka2 conf.d]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.10:80 rr
-> 10.0.0.27:80 Route 1 0 0
-> 10.0.0.37:80 Route 1 0 0
TCP 10.0.0.20:3306 rr
-> 10.0.0.27:3306 Route 1 0 0
-> 10.0.0.37:3306 Route 1 0 0
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.20
[root@ka1 conf.d]#hostname -I
10.0.0.7 10.0.0.10
[root@rs1 ~]#mysql -e 'grant all on *.* to test@"10.0.0.%" identified by "123456"'
[root@rs2 ~]#mysql -e 'grant all on *.* to test@"10.0.0.%" identified by "123456"'
[root@client ~]#apt install mysql-client -y
#使用脚本绑定VIP至web服务器lo网卡
[root@rs1 ~]#cat lvs_dr_rs.sh
#!/bin/bash
vip=10.0.0.10
vip2=10.0.0.20
mask='255.255.255.255'
dev=lo:1
dev2=lo:2
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
ifconfig $dev2 $vip2 netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
ifconfig $dev2 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
[root@rs1 ~]#bash lvs_dr_rs.sh start
[root@rs1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.10/32 scope global lo:1
valid_lft forever preferred_lft forever
inet 10.0.0.20/32 scope global lo:2
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:3b:17:bf brd ff:ff:ff:ff:ff:ff
inet 10.0.0.27/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::edd2:875b:8e59:251d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rs1 ~]#scp lvs_dr_rs.sh 10.0.0.37:
[root@rs2 ~]#bash lvs_dr_rs.sh start
[root@rs2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.10/32 scope global lo:1
valid_lft forever preferred_lft forever
inet 10.0.0.20/32 scope global lo:2
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:32:62:97 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.37/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::13b1:3c57:d7f2:f09b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rs1 ~]#cat /var/www/html/index.html
10.0.0.27
[root@rs2 ~]#cat /var/www/html/index.html
10.0.0.37
#测试访问
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#curl 10.0.0.10
10.0.0.37
[root@client ~]#curl 10.0.0.10
10.0.0.27
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs2 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs2 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@rs2 ~]#systemctl stop mariadb.service
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.20
[root@ka2 conf.d]#systemctl stop keepalived.service
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs2 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs2 |
+------------+
[root@client ~]#mysql -utest -p123456 -h10.0.0.20 -e 'select@@hostname'
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@hostname |
+------------+
| rs1 |
+------------+