keepalived lvs dr hearthcheck
关于LVS基础不多介绍直接操练起来。
1.环境准备
首先准备4台机器(VM,Vbox...)
node1 --> Director1 192.168.137.31 vip=192.168.137.10
node2 --> Director2 192.168.137.32 vip=192.168.137.10
node3 --> RServer1 192.168.137.33
node4 --> RServer2 192.168.137.34
基于DR负载均衡模式,设置了一个VIP(Virtual IP)为192.168.137.10,用户只需要访问这个IP地址即可获得网页服务。其中,负载均衡MASTER-Server1 192.168.137.31,BACKUP-Server2 192.168.137.32 ;RServer1为192.168.137.33,RServer2为192.168..137.34
拓扑:
2.RealServer 配置
RS1配置
- # yum install -y httpd
- # echo "<h1>The page from node3</h1>" > /var/www/html/index.html
- # service httpd start
编写脚本setka.sh配置内核参数
- [root@localhost ~]# cat setka.sh
- #!/bin/bash
- vip=192.168.137.10
- case $1 in
- start)
- echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
- echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
- ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
- ;;
- stop)
- ifconfig lo:0 down
- echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
- echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
- ;;
- esac
- # bash setka.sh start ##运行该脚本设置相关内核参数及VIP地址。
- # cat /proc/sys/net/ipv4/conf/lo/arp_ignore ##内核参数设置成功
- 1
- # cat /proc/sys/net/ipv4/conf/all/arp_announce
- 2
- # ifconfig lo:0 ##VIP设置成功
- lo:0 Link encap:Local Loopback
- inet addr:192.168.137.10 Mask:255.255.255.255
- UP LOOPBACK RUNNING MTU:65536 Metric:1
- # scp setka.sh root@192.168.137.33:/root ##拷贝一份给RS2
- setka.sh 100% 547 0.5KB/s 00:00
RS2配置
- # yum install -y httpd
- # echo "<h1>The page from node4</h1>" > /var/www/html/index.html
- # service start httpd
- # bash setka.sh ##执行脚本,检查设置是否生效
- 两台都准备妥当后。
3.Director 配置
在配置之前,先要把4机器的时间同步一下
以node1为ntp-server
- [root@node1 ~]# for i in 31 32 33 34;do ssh 192.168.137.$i ‘date‘;done ##提前给4台机器做了密钥认证
- Wed Nov 8 23:50:28 CST 2017
- Wed Nov 8 23:50:28 CST 2017
- Wed Nov 8 23:50:28 CST 2017
- Wed Nov 8 23:50:28 CST 2017
- # yum install -y ipvsadm
- # route add -host 192.168.137.10/32 dev eth0
- 添加IPVS规则
- # ipvsadm -A -t 192.168.137.10:80 -s rr
- # ipvsadm -a -t 1192.168.137.10:80 -r 192.168.137.37 -g -w 1
- # ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.37 -g -w 1
- # ipvsadm -a -t 192.168.137.10:80 -r 192.168.137.33 -g -w 2
- # ipvsadm -L -n
- 使用另一台Director访问VIP
- curl http://192.168.137.10
- [root@node2 ~]# curl http://192.168.137.10
- <h1>The page from node3</h1>
- [root@node2 ~]# curl http://192.168.137.10
- <h1>The page from node4</h1>
- [root@node2 ~]# curl http://192.168.137.10
两台Director进行IPVS测试之后,清除ipvs规则删除route条目
# ipvsadm -C
# route del -host 192.168.137.10/32 dev eth0
开始给Director 配置keepalived
MASTER 配置(node1)
# yum install -y keepalived httpd
# echo "<h1>Sorry,Under maintances(31).</h1>" > /var/www/html/index.html ##添加sorry_server页面
# service httpd start
# 编辑配置文件keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- root@localhost #本地email地址
- }
- notification_email_from Alexandre.Cassen@firewall.loc
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id LVS_DEVEL
- vrrp_mcast_group4 224.0.1.118 #配置VRRP组播域
- }
- #健康状态检测脚本检查
- vrrp_script chk_mt {
- script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
- interval 1
- weight -20
- }
- #实例
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 151 #虚拟路由ID
- priority 100 #权重100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.137.10/16 dev eth0 label eth0:1 #虚拟IP地址这里建议使用16为掩码
- }
- track_script { #追踪健康状态脚本
- chk_mt
- }
- notify_master "/etc/keepalived/notify.sh master" #配置通知脚本
- notify_backup "/etc/keepalived/notify.sh backup"
- notify_fault "/etc/keepalived/notify.sh fault"
- }
- #虚拟服务器及RealServer配置
- virtual_server 192.168.137.10 80 {
- delay_loop 6
- lb_algo wrr #weighted rr (表示通过权重来轮询调度)
- lb_kind DR #LVS DR 模型
- nat_mask 255.255.255.0
- protocol TCP
- sorry_server 127.0.0.1 80 #本地sorry_server服务器配置
- real_server 192.168.137.33 80 {
- weight 1
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- }
- }
- real_server 192.168.137.34 80 {
- weight 2
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- }
- }
- }
通知脚本(/etc/keepalived/notify.sh):
- #!/bin/bash
- # Author: ljohnmail@foxmail.com
- # description: An example of notify script
- #
- vip=192.168.137.10
- contact=‘root@localhost‘
- notify() {
- mailsubject="`hostname` to be $1: $vip floating"
- mailbody="`date ‘+%F %H:%M:%S‘`: vrrp transition, `hostname` changed to be $1"
- echo $mailbody | mail -s "$mailsubject" $contact
- }
- case "$1" in
- master)
- notify master
- exit 0
- ;;
- backup)
- notify backup
- exit 0
- ;;
- fault)
- notify fault
- exit 0
- ;;
- *)
- echo ‘Usage: `basename $0` {master|backup|fault}‘
- exit 1
- ;;
- esac
- 注:通知脚本需要拷一份至node2
- scp notify.sh root@192.168.137.32:/etc/keepalived/
BACKUP配置(node2)
- # yum install -y keepalived
- # yum install -y httpd
- # echo "<h1>Sorry,Under maintances(32).</h1>" > /var/www/html/index.html ##添加sorry_server页面
- # service httpd start
- # 配置keepalived.conf
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- root@localhost
- }
- notification_email_from Alexandre.Cassen@firewall.loc
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id LVS_DEVEL
- vrrp_mcast_group4 224.0.1.118
- }
- vrrp_script chk_mt {
- script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
- interval 1
- weight -20
- }
- vrrp_instance VI_1 {
- state BACKUP
- interface eth0
- virtual_router_id 151
- priority 99
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.137.10/16 dev eth0 label eth0:1
- }
- track_script {
- chk_mt
- }
- notify_master "/etc/keepalived/notify.sh master"
- notify_backup "/etc/keepalived/notify.sh backup"
- notify_fault "/etc/keepalived/notify.sh fault"
- }
- virtual_server 192.168.137.10 80 {
- delay_loop 6
- lb_algo wrr
- lb_kind DR
- nat_mask 255.255.255.0
- protocol TCP
- sorry_server 127.0.0.1 80
- real_server 192.168.137.33 80 {
- weight 1
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- }
- }
- real_server 192.168.137.34 80 {
- weight 2
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- }
- }
- }
4.启动keepalived并测试功能
在node1上
1、启动keepalived
- # service keepalived restart ; ssh 192.168.137.32 ‘service keepalived restart‘
- # ifconfig
- [root@node1~]# ifconfig ##可以看到eth0:1地址已经获取到
- eth0 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
- inet addr:192.168.137.31 Bcast:192.168.137.255 Mask:255.255.255.0
- inet6 addr: fe80::20c:29ff:feaa:930/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:46005 errors:0 dropped:0 overruns:0 frame:0
- TX packets:59292 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:5151611 (4.9 MiB) TX bytes:5965319 (5.6 MiB)
- eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
- inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
2、测试访问web
- [root@node1~]# curl http://192.168.137.10
- <h1>The page from node3</h1>
- [root@node1~]# curl http://192.168.137.10
- <h1>The page from node4</h1>
3、健康状态检测
手动在(MASTER)/etc/keepalived中新建一个down文件
# touch down
# 脚本检测到down文件存在权重减20,则vip会自动的floating 到BACKUP的主机上,删除down文件MASTER会将vip抢回来(处于主备的抢占模式下)。
测试如下:
- [root@node1 keepalived]# touch down
- [root@node1 keepalived]#
- [root@node1 keepalived]# ls
- down keepalived.conf notify.sh
- 在node2上发现VIP设置成功
- [root@node2 ~]# ifconfig eth0:1
- eth0:1 Link encap:Ethernet HWaddr 00:0C:29:CB:63:DF
- inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- 在看看mail,此处说明VIP漂至node2
- U 10 root Wed Nov 8 21:50 19/723 "node2.localdomain to be master: 192.168.137.10 floating"
- 访问VIP:
- [root@node1 keepalived]# curl 192.168.137.10
- <h1>The page from node4</h1>
- [root@node1 keepalived]# curl 192.168.137.10
- <h1>The page from node3</h1>
- 删除node1keepalived上的down文件。
- #rm -rf /etc/keepalived/down
- [root@node1 keepalived]# ifconfig eth0:1
- eth0:1 Link encap:Ethernet HWaddr 00:0C:29:AA:09:30
- inet addr:192.168.137.10 Bcast:0.0.0.0 Mask:255.255.0.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- mail邮件
- >N 9 root Wed Nov 8 22:01 18/713 "node1.localdomain to be master: 192.168.137.10 floating"
- 查看网站是否正常访问
- [root@node2 ~]# curl 192.168.137.10
- <h1>The page from node4</h1>
- [root@node2 ~]# curl 192.168.137.10
- <h1>The page from node3</h1>
- 这里可看到地址又被node1抢回来了(因为我们配置的是抢占模式),网站正常被调度,测试完毕!!!
4、Sorry_Server测试
在RealServer(node3)
停掉两台RealServer服务器
# service httpd stop ; ssh 192.168.137.34 ‘service httpd stop‘
[root@liu ~]# curl http://192.168.137.10
<h1>Sorry,Under maintances(31).</h1>
注释:这里会用涉及到ntp时钟同步,Openssl的密钥的认证,
# ntpdate IP(ntp时钟服务器地址)
*/5 * * * * root /usr/sbin/ntpdate 192.168.137.31 &>/dev/null;hwclock -w
# ssh-keygen -t rsa -P ‘‘ -f "/root/.ssh/id_rsa"
# ssh-copy-id -i .ssh/id_rsa.pub [user@]machine
至此keepalived+lvs_dr+healthcheck 高可用集群就这样部署完毕。
Ljohnhttp://ljohn.blog.51cto.com/11932290/1980547
实战:Keepalived 高可用LVS-主备模式
keepalived lvs dr hearthcheck
原文:http://ljohn.blog.51cto.com/11932290/1980547
来源: http://www.bubuko.com/infodetail-2388663.html