keepalived+LVS-DR集群

 keepalived+LVS-DR集群

 

1  Keepalived概述

 

2  Keepalived工作原理

 

3  Keepalived的作用与构建

 

4  配置keepalived实现互为主从

 

1、Keepalived概述

keepalived 是一个类似于 layer3, 4 & 5 交换机制的软件,也就是我们平时说的第 3 层、第 4 层和第 5层交换。 Keepalived 的作用是检测 web 服务器的状态,如果有一台 web 服务器死机,或工作出现故障,Keepalived 将检测到,并将有故障的 web 服务器从系统中剔除,当 web 服务器工作正常后 Keepalived 自动将web 服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web 服务器。

 

 

2、  Keepalived工作原理

Layer3,4&5 工作在 IP/TCP 协议栈的 IP 层, TCP 层,及应用层,。

Layer3: Keepalived 使用 Layer3 的方式工作式时, Keepalived 会定期向服务器群中的服务器发送一个 ICMP 的数据包(既我们平时用的 Ping 程序) , 如果发现某台服务的 IP 地址没有激活,Keepalived 便报告这台服务器失效,并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。 Layer3 的方式是以服务器的 IP 地址是否有效作为服务器工作正常与否的标准。

Layer4: 主要以 TCP 端口的状态来决定服务器工作正常与否。如 web server 的服务端口一般是80,如果 Keepalived 检测到 80 端口没有启动,则 Keepalived 将把这台服务器从服务器群中删除。

Layer5: Layer5 就是工作在具体的应用层了,比 Layer3,Layer4 要复杂一点,在网络上占用的带宽也要大一些。 Keepalived 将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则 Keepalived 将把服务器从服务器群中剔除。

3  Keepalived的作用与构建

1.管理 VIP,VIP 会在 LVS 之间漂移

2.监控 LVS分发器

运行在主分发的 Keepalived 会以组播的形式向网络中宣告自己,即主分发器还活着,备用节点能收到。当备用节点,在一个时间单位中收不到组播,备用节点会认为主 LVS 挂了,开始接手主分发器工作,把 VIP 配给自己。

VRRP/HSRP

虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议。使用组播方式通信。

VRRP是一种路由容错协议,也可以叫做备份路由协议。一个局域网络内的所有主机都设置缺省路由(默认网关),当网内主机发出的目的地址不在本网段时,报文将被通过缺省路由发往外部路由器,从而实现了主机与外部网络的通信。当缺省路由器down掉(即端口关闭)之后,内部主机将无法与外部通信,如果路由器设置了VRRP时,那么这时,虚拟路由将启用备份路由器,从而实现全网通信。

 

4   配置keepalived实现互为主从

 

4.1这个原理图

 

 

 

 

4.2 使用Keepalived构建LVS-DR模式的高可用集群,实验环境如下:

机器名称

机器名称

网关

机器作用

dirctor1

DIP:10.27.17.90/24

VIP:10.27.17.91/24

10.27.17.1

主 LVS

dirctor1

DIP:10.27.17.34/24

VIP:10.27.17.91/24

10.27.17.1

备 LVS

realserver1

10.27.17.92/24

10.27.17.1

RS1  WEB1

realserver2

10.27.17.93/24

10.27.17.1

RS2  WEB2

 

 

 

 

 

 

 

 

 

 

 

固化以上按照以上规化进行服务器IP固化。

4.3上传 keeplive,进行安装

[root@director1 ~]# tar -zxvf keepalived-1.2.16.tar.gz

[root@director1 ~]# cd keepalived-1.2.16
[root@director1 keepalived-1.2.16]# yum -y install gcc openssl-devel libnfnetlink-devel

[root@director1 keepalived-1.2.16]# ./configure --prefix=/usr/local/keepalived

Keepalived configuration
------------------------
Keepalived version : 1.2.16
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lssl -lcrypto -lcrypt
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
[root@director1 keepalived-1.2.16]# make && make install

[root@director1 keepalived]# ll
total 0
drwxr-xr-x 2 root root 21 Sep 30 03:22 bin
drwxr-xr-x 5 root root 53 Sep 30 03:22 etc
drwxr-xr-x 2 root root 24 Sep 30 03:22 sbin
drwxr-xr-x 3 root root 17 Sep 30 03:22 share

 

4.4建立启动脚本

[root@director1 keepalived]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/

[root@director1 keepalived]# grep "chkconfig" /usr/local/keepalived/etc/* -R
/usr/local/keepalived/etc/rc.d/init.d/keepalived:# chkconfig: - 21 79
[root@director1 keepalived]# chmod +x /etc/init.d/keepalived

[root@director1 keepalived]# vim /etc/init.d/keepalived
bin/ etc/ sbin/ share/


[root@director1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@director1 keepalived]# mkdir /etc/keepalived
[root@director1 keepalived]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@director1 keepalived]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@director1 keepalived]# vim /etc/sysconfig/keepalived

修改为:

KEEPALIVED_OPTIONS="-D -f /etc/keepalived/keepalived.conf"

4.5安装lvs

[root@director1 yum.repos.d]# yum install ipvsadm -y

 

dirctor2 同上,安装keeplived    和DR

4.6  配置Keepalived+LVS-DR模式

4.6.1  DIRctor1 主节点配置

[root@director1 keepalived]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id director1
}
vrrp_instance apache {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.27.17.91
}
}

virtual_server 10.27.17.91 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP

real_server 10.27.17.92 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.27.17.93 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}


[root@director1 keepalived]# systemctl restart keepalived

[root@director1 keepalived]# systemctl enable keepalived

[root@director1 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.27.17.91:80 rr persistent 50
-> 10.27.17.92:80 Route 1 0 0
-> 10.27.17.93:80 Route 1 0 0

 

4.6.2备用节点director2配置

[root@director2 keepalived]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id director2
}
vrrp_instance apache {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.27.17.91
}
}

virtual_server 10.27.17.91 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP

real_server 10.27.17.92 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.27.17.93 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}

 

[root@director2 keepalived]# systemctl restart keepalived
[root@director2 keepalived]# systemctl enable keepalived

测试一下

[root@director1 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8d:94:56 brd ff:ff:ff:ff:ff:ff
inet 10.27.17.90/24 brd 10.27.17.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.27.17.91/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8d:9456/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8d:94:60 brd ff:ff:ff:ff:ff:ff
inet 10.27.17.220/24 brd 10.27.17.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8d:9460/64 scope link noprefixroute
valid_lft forever preferred_lft forever

[root@director2 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cf:00:0a brd ff:ff:ff:ff:ff:ff
inet 10.27.17.34/24 brd 10.27.17.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecf:a/64 scope link noprefixroute
valid_lft forever preferred_lft forever

 4.7配置RS1

4.2.1建立一个启动脚本启用lvs

[root@realserver1 ~]#  vim /etc/init.d/lvsrsdr

#!/bin/bash

VIP=10.27.17.91

source /etc/init.d/functions           

case $1 in

start)

        echo 'start LVS of Realserver DR'

        /sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up

        /sbin/route add -host $VIP dev lo:1

        echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore

        echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce

        echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore

        echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce

        ;;

stop)

        /sbin/ifconfig lo:1 down

        echo 'Close LVS of Realserver DR'

        echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore

        echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce

        echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore

        echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce

        ;;

*)

        echo "Usage:$0 (start|stop)"

exit 1

esac

 

[root@realserver1 ~]# chmod +x /etc/init.d/lvsrsdr 

[root@realserver1 ~]#  /etc/init.d/lvsrsdr start

Reloading systemd:                                         [  OK  ]

Starting lvsrsdr (via systemctl):                          [  OK  ]

[root@realserver1 ~]#  echo "/etc/init.d/lvsrsdr start" >> /etc/rc.local

安装并启动httpd

[root@realserver1 ~]#  yum -y install httpd

[root@realserver1 ~]# echo  10.27.17.92 > /var/www/html/index.html

[root@realserver1 ~]# systemctl restart httpd

 

realsever2安装同上。

4.8 测试

关闭DIRECTOR1

 

 

 

 

 

恢复DIRCTOR1

 

4.2.1建立一个启动脚本启用lvs

[root@cga27 ~]#  vim /etc/init.d/lvsrsdr

#!/bin/bash

VIP=10.27.17.6

source /etc/init.d/functions           

case $1 in

start)

        echo 'start LVS of Realserver DR'

        /sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up

        /sbin/route add -host $VIP dev lo:1

        echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore

        echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce

        echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore

        echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce

        ;;

stop)

        /sbin/ifconfig lo:1 down

        echo 'Close LVS of Realserver DR'

        echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore

        echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce

        echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore

        echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce

        ;;

*)

        echo "Usage:$0 (start|stop)"

exit 1

esac

 

posted @ 2019-09-27 17:33  科子  阅读(160)  评论(0编辑  收藏  举报