关于LVS基础不多介绍直接操练起来。
1.环境准备
首先准备4台机器(VM,Vbox...)
node1 --> Director1 192.168.137.31 vip=192.168.137.10
node2 --> Director2 192.168.137.32 vip=192.168.137.10
node3 --> RServer1 192.168.137.33
node4 --> RServer2 192.168.137.34
基于DR负载均衡模式,设置了一个VIP(Virtual IP)为192.168.137.10,用户只需要访问这个IP地址即可获得网页服务。其中,负载均衡MASTER-Server1 192.168.137.31,BACKUP-Server2 192.168.137.32 ;RServer1为192.168.137.33,RServer2为192.168..137.34
拓扑:
2.RealServer 配置
RS1配置
<code># yum install -y httpd</code>
<code># echo "<h1>The page from node3</h1>" > /var/www/html/index.html</code>
<code># service httpd start</code>
编写脚本setka.sh配置内核参数
<code>[root@localhost ~]</code><code># cat setka.sh</code>
<code>#!/bin/bash</code>
<code>vip=192.168.137.10</code>
<code>case</code> <code>$1 </code><code>in</code>
<code>start)</code>
<code>echo</code> <code>1 > </code><code>/proc/sys/net/ipv4/conf/all/arp_ignore</code>
<code>echo</code> <code>1 > </code><code>/proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code>echo</code> <code>2 > </code><code>/proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>echo</code> <code>2 > </code><code>/proc/sys/net/ipv4/conf/lo/arp_announce</code>
<code>ifconfig</code> <code>lo:0 $vip broadcast $vip netmask 255.255.255.255 up</code>
<code>;;</code>
<code>stop)</code>
<code>ifconfig</code> <code>lo:0 down</code>
<code>echo</code> <code>0 > </code><code>/proc/sys/net/ipv4/conf/all/arp_ignore</code>
<code>echo</code> <code>0 > </code><code>/proc/sys/net/ipv4/conf/lo/arp_ignore</code>
<code>echo</code> <code>0 > </code><code>/proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>echo</code> <code>0 > </code><code>/proc/sys/net/ipv4/conf/lo/arp_announce</code>
<code>esac</code>
<code># bash setka.sh start ##运行该脚本设置相关内核参数及VIP地址。</code>
<code># cat /proc/sys/net/ipv4/conf/lo/arp_ignore ##内核参数设置成功</code>
<code>1</code>
<code># cat /proc/sys/net/ipv4/conf/all/arp_announce</code>
<code>2</code>
<code># ifconfig lo:0 ##VIP设置成功</code>
<code>lo:0 Link encap:Local Loopback</code>
<code>inet addr:192.168.137.10 Mask:255.255.255.255</code>
<code>UP LOOPBACK RUNNING MTU:65536 Metric:1</code>
<code># scp setka.sh [email protected]:/root ##拷贝一份给RS2</code>
<code>setka.sh 100% 547 0.5KB</code><code>/s</code> <code>00:00</code>
RS2配置
<code># echo "<h1>The page from node4</h1>" > /var/www/html/index.html</code>
<code># service start httpd</code>
<code># bash setka.sh ##执行脚本,检查设置是否生效</code>
<code>两台都准备妥当后。</code>
3.Director 配置
在配置之前,先要把4机器的时间同步一下
以node1为ntp-server
<code>[root@node1 ~]</code><code># for i in 31 32 33 34;do ssh 192.168.137.$i 'date';done ##提前给4台机器做了密钥认证</code>
<code>Wed Nov 8 23:50:28 CST 2017</code>
<code># yum install -y ipvsadm</code>
<code># route add -host 192.168.137.10/32 dev eth0</code>
<code>添加IPVS规则</code>
<code># ipvsadm -A -t 192.168.137.10:80 -s rr</code>
<code># ipvsadm -a -t 1192.168.137.10:80 -r 192.168.137.37 -g -w 1</code>
<code># ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.37 -g -w 1</code>
<code># ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.33 -g -w 2</code>
<code># ipvsadm -L -n</code>
<code>使用另一台Director访问VIP</code>
<code>curl http:</code><code>//192</code><code>.168.137.10</code>
<code>[root@node2 ~]</code><code># curl http://192.168.137.10</code>
<code><h1>The page from node3<</code><code>/h1</code><code>></code>
<code><h1>The page from node4<</code><code>/h1</code><code>></code>
两台Director进行IPVS测试之后,清除ipvs规则删除route条目
# ipvsadm -C
# route del -host 192.168.137.10/32 dev eth0
开始给Director 配置keepalived
MASTER 配置(node1)
# yum install -y keepalived httpd
# echo "<h1>Sorry,Under maintances(31).</h1>" > /var/www/html/index.html ##添加sorry_server页面
# service httpd start
# 编辑配置文件keepalived.conf
<code>! Configuration File </code><code>for</code> <code>keepalived</code>
<code>global_defs {</code>
<code>notification_email {</code>
<code>root@localhost </code><code>#本地email地址</code>
<code>}</code>
<code>notification_email_from [email protected]</code>
<code>smtp_server 127.0.0.1</code>
<code>smtp_connect_timeout 30</code>
<code>router_id LVS_DEVEL</code>
<code>vrrp_mcast_group4 224.0.1.118 </code><code>#配置VRRP组播域</code>
<code>#健康状态检测脚本检查</code>
<code>vrrp_script chk_mt {</code>
<code>script </code><code>"[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"</code>
<code>interval 1</code>
<code>weight -20</code>
<code>#实例</code>
<code>vrrp_instance VI_1 {</code>
<code>state MASTER</code>
<code>interface eth0</code>
<code>virtual_router_id 151 </code><code>#虚拟路由ID</code>
<code>priority 100 </code><code>#权重100</code>
<code>advert_int 1</code>
<code>authentication {</code>
<code>auth_type PASS</code>
<code>auth_pass 1111</code>
<code>virtual_ipaddress {</code>
<code>192.168.137.10</code><code>/16</code> <code>dev eth0 label eth0:1 </code><code>#虚拟IP地址这里建议使用16为掩码</code>
<code>track_script { </code><code>#追踪健康状态脚本</code>
<code>chk_mt</code>
<code>notify_master </code><code>"/etc/keepalived/notify.sh master"</code> <code>#配置通知脚本</code>
<code>notify_backup </code><code>"/etc/keepalived/notify.sh backup"</code>
<code>notify_fault </code><code>"/etc/keepalived/notify.sh fault"</code>
<code>#虚拟服务器及RealServer配置</code>
<code>virtual_server 192.168.137.10 80 {</code>
<code>delay_loop 6</code>
<code>lb_algo wrr </code><code>#weighted rr (表示通过权重来轮询调度)</code>
<code>lb_kind DR </code><code>#LVS DR 模型</code>
<code>nat_mask 255.255.255.0</code>
<code>protocol TCP</code>
<code>sorry_server 127.0.0.1 80 </code><code>#本地sorry_server服务器配置</code>
<code>real_server 192.168.137.33 80 {</code>
<code>weight 1</code>
<code>HTTP_GET {</code>
<code>url {</code>
<code>path /</code>
<code>status_code 200</code>
<code>connect_timeout 3</code>
<code>nb_get_retry 3</code>
<code>delay_before_retry 3</code>
<code>real_server 192.168.137.34 80 {</code>
<code>weight 2</code>
通知脚本(/etc/keepalived/notify.sh):
<code># Author: [email protected]</code>
<code># description: An example of notify script</code>
<code>#</code>
<code>contact=</code><code>'root@localhost'</code>
<code>notify() {</code>
<code>mailsubject=</code><code>"`hostname` to be $1: $vip floating"</code>
<code>mailbody=</code><code>"`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"</code>
<code>echo</code> <code>$mailbody | mail -s </code><code>"$mailsubject"</code> <code>$contact</code>
<code>case</code> <code>"$1"</code> <code>in</code>
<code>master)</code>
<code>notify master</code>
<code>exit</code> <code>0</code>
<code>backup)</code>
<code>notify backup</code>
<code>fault)</code>
<code>notify fault</code>
<code>*)</code>
<code>echo</code> <code>'Usage: `basename $0` {master|backup|fault}'</code>
<code>exit</code> <code>1</code>
<code>注:通知脚本需要拷一份至node2</code>
<code>scp</code> <code>notify.sh [email protected]:</code><code>/etc/keepalived/</code>
BACKUP配置(node2)
<code># yum install -y keepalived</code>
<code># echo "<h1>Sorry,Under maintances(32).</h1>" > /var/www/html/index.html ##添加sorry_server页面</code>
<code># 配置keepalived.conf</code>
<code>root@localhost</code>
<code>vrrp_mcast_group4 224.0.1.118</code>
<code>state BACKUP</code>
<code>virtual_router_id 151</code>
<code>priority 99</code>
<code>192.168.137.10</code><code>/16</code> <code>dev eth0 label eth0:1</code>
<code>track_script {</code>
<code>notify_master </code><code>"/etc/keepalived/notify.sh master"</code>
<code>lb_algo wrr</code>
<code>lb_kind DR</code>
<code>sorry_server 127.0.0.1 80</code>
4.启动keepalived并测试功能
在node1上
1、启动keepalived
<code># service keepalived restart ; ssh 192.168.137.32 'service keepalived restart'</code>
<code># ifconfig</code>
<code>[root@node1~]</code><code># ifconfig ##可以看到eth0:1地址已经获取到</code>
<code>eth0 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30</code>
<code>inet addr:192.168.137.31 Bcast:192.168.137.255 Mask:255.255.255.0</code>
<code>inet6 addr: fe80::20c:29ff:feaa:930</code><code>/64</code> <code>Scope:Link</code>
<code>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</code>
<code>RX packets:46005 errors:0 dropped:0 overruns:0 frame:0</code>
<code>TX packets:59292 errors:0 dropped:0 overruns:0 carrier:0</code>
<code>collisions:0 txqueuelen:1000</code>
<code>RX bytes:5151611 (4.9 MiB) TX bytes:5965319 (5.6 MiB)</code>
<code>eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30</code>
<code>inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0</code>
2、测试访问web
<code>[root@node1~]</code><code># curl http://192.168.137.10</code>
3、健康状态检测
手动在(MASTER)/etc/keepalived中新建一个down文件
# touch down
# 脚本检测到down文件存在权重减20,则vip会自动的floating 到BACKUP的主机上,删除down文件MASTER会将vip抢回来(处于主备的抢占模式下)。
测试如下:
<code>[root@node1 keepalived]</code><code># touch down </code>
<code>[root@node1 keepalived]</code><code># </code>
<code>[root@node1 keepalived]</code><code># ls </code>
<code>down keepalived.conf notify.sh</code>
<code>在node2上发现VIP设置成功</code>
<code>[root@node2 ~]</code><code># ifconfig eth0:1</code>
<code>eth0:1 Link encap:Ethernet HWaddr 00:0C:29:CB:63:DF </code>
<code> </code><code>inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0</code>
<code> </code><code>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</code>
<code>在看看mail,此处说明VIP漂至node2</code>
<code> </code><code>U 10 root Wed Nov 8 21:50 19</code><code>/723</code> <code>"node2.localdomain to be master: 192.168.137.10 floating"</code>
<code>访问VIP:</code>
<code>[root@node1 keepalived]</code><code># curl 192.168.137.10</code>
<code>删除node1keepalived上的down文件。</code>
<code>#rm -rf /etc/keepalived/down</code>
<code>[root@node1 keepalived]</code><code># ifconfig eth0:1</code>
<code>eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30 </code>
<code>mail邮件</code>
<code>>N 9 root Wed Nov 8 22:01 18</code><code>/713</code> <code>"node1.localdomain to be master: 192.168.137.10 floating"</code>
<code>查看网站是否正常访问</code>
<code>[root@node2 ~]</code><code># curl 192.168.137.10</code>
<code>这里可看到地址又被node1抢回来了(因为我们配置的是抢占模式),网站正常被调度,测试完毕!!!</code>
4、Sorry_Server测试
在RealServer(node3)
停掉两台RealServer服务器
# service httpd stop ; ssh 192.168.137.34 'service httpd stop'
[root@liu ~]# curl http://192.168.137.10
<h1>Sorry,Under maintances(31).</h1>
注释:这里会用涉及到ntp时钟同步,Openssl的密钥的认证,
# ntpdate IP(ntp时钟服务器地址)
*/5 * * * * root /usr/sbin/ntpdate 192.168.137.31 &>/dev/null;hwclock -w
# ssh-keygen -t rsa -P '' -f "/root/.ssh/id_rsa"
# ssh-copy-id -i .ssh/id_rsa.pub [user@]machine
至此keepalived+lvs_dr+healthcheck 高可用集群就这样部署完毕。
本文转自 ljohnmail 51CTO博客,原文链接:http://blog.51cto.com/ljohn/1980547,如需转载请自行联系原作者