keepalived实现高可用
keepalived实现高可用
集群Cluster
集群类型:
LB lvs/nginx(http/upstream, stream/upstream)
HA 高可用性
SPoF: Single Point of Failure
HPC
系统可用性的公式:A=MTBF/(MTBF+MTTR)
(0,1), 95%
几个9(指标): 99%, ..., 99.999%,99.9999%
系统故障:
硬件故障:设计缺陷、wear out(损耗)、自然灾害……
软件故障:设计缺陷
提升系统高用性的解决方案之降低MTTR
手段:冗余redundant
active/passive 主备
active/active 双主
active --> HEARTBEAT --> passive
active <--> HEARTBEAT <--> active
高可用的是“服务”
HA nginx service:
vip/nginx process[/shared storage]
资源:组成一个高可用服务的“组件”
(1) passive node的数量
(2) 资源切换
shared storage:
NAS:文件共享服务器;
SAN:存储区域网络,块级别的共享
Network partition:网络分区
quorum:法定人数
with quorum: > total/2
without quorum: <= total/2
隔离设备: fence
node:STONITH = Shooting The Other Node In The Head
断电重启
资源:断开存储的连接
TWO nodes Cluster
辅助设备:ping node, quorum disk
Failover:故障切换,即某资源的主节点故障时,将资源转移至其它节点的操作
Failback:故障移回,即某资源的主节点故障后重新修改上线后,将之前已转移至其它节点的资源重新切回的过程
HA Cluster实现方案:
AIS:应用接口规范 完备复杂的HA集群
RHCS:Red Hat Cluster Suite红帽集群套件
heartbeat:基于心跳监测实现服务高可用
pacemaker+corosync:资源管理与故障转移
vrrp协议实现:虚拟路由冗余协议,解决静态网关单点风险
软件层—keepalived
物理层—路由器、三层交换机
KeepAlived简介
KeepAlived简介
keepalived:
vrrp协议:Virtual Router Redundancy Protocol
术语:
虚拟路由器:Virtual Router
虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
物理路由器:
master:主设备
backup:备用设备
priority:优先级
VIP:Virtual IP
VMAC:Virutal MAC (00-00-5e-00-01-VRID)
通告:心跳,优先级等;周期性
工作方式:抢占式,非抢占式
安全工作:
认证:
无认证
简单字符认证:预共享密钥
MD5
工作模式:
主/备:单虚拟路由器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
keepalived:
vrrp协议的软件实现,原生设计目的为了高可用ipvs服务
功能:
vrrp协议完成地址流动
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
为ipvs集群的各RS做健康状态检测
基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
组件:
核心组件:
用户空间核心组件:
vrrpstack-VIP消息通告
checkers-监测real server
system call-标记real server权重
SMTP-邮件组件
ipvswrapper-生成IPVS规则
NetlinkReflector-网络接口
WatchDog-监控进程
控制组件:配置文件分析器
IO复用器
内存管理组件
KeepAlived组成
KeepAlived实现
HA Cluster 配置准备:
(1) 各节点时间必须同步
ntp, chrony
(2) 确保iptables及selinux不会成为阻碍
(3) 各节点之间可通过主机名互相通信(对KA并非必须)
建议使用/etc/hosts文件实现
(4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)
Keepalived安装:
keepalived包,CentOS 6.4+ Base源(直接可以在本地yum源仓库直接安装)
程序环境:
主配置文件:/etc/keepalived/keepalived.conf
主程序文件:/usr/sbin/keepalived
Unit File:/usr/lib/systemd/system/keepalived.service
Unit File的环境配置文件:/etc/sysconfig/keepalived
配置语法:
配置虚拟路由器:
vrrp_instance <STRING> {
....
}
配置参数:
state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态,状态为MASTER或者BACKUP
interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口ens32,eth0,bond0,br0
virtual_router_id VRID:当前虚拟路由器惟一标识,范围是0-255
priority 100:当前物理节点在此虚拟路由器中的优先级;范围1-254
advert_int 1:vrrp通告的时间间隔,默认1s
参数配置:
global_defs{
notification_email{
root@localhost #keepalived 发生故障切换时邮件发送的对象,可以按行区分写多个
}
notification_email_fromkeepalived@localhost
smtp_server127.0.0.1
smtp_connect_timeout 30
router_idha1.example.com
vrrp_skip_check_adv_addr #所有报文都检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器则跳过检查报文中的源地址
vrrp_strict #严格遵守VRRP协议,不允许状况:1,没有VIP地址,2.单播邻居,3.在VRRP版本2中有IPv6地址.
vrrp_garp_interval0 #ARP报文发送延迟
vrrp_gna_interval0 #消息发送延迟
vrrp_mcast_group4 224.0.0.18 #默认组播IP地址,224.0.0.0到239.255.255.255
#vrrp_iptables
}
authentication { #认证机制
auth_type AH|PASS
auth_pass <PASSWORD> 仅前8位有效
}
virtual_ipaddress { #虚拟IP
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2:1
}
track_interface { #配置监控网络接口,一旦出现故障,则转为FAULT状态实现地址转移
eth0
eth1
…
}
实验一:实现keepalived主从方式高可用实战:
架构图:
搭建环境:
类型 | 机器名称 | IP配置 | 服务角色 |
---|---|---|---|
A | client | 192.168.43.11 | 客户端访问(桥接模式) |
B | router | 左:192.168.43.13右:192.168.37.106 | 左路由器(桥接模式)****右路由器(NAT模式) |
C | lvs-server1 | VIP:192.168.37.100DIP:192.168.37.27 | 负载均衡调度器(NAT模式) |
D | lvs-server2 | VIP:192.168.37.100DIP:192.168.37.37 | 负载均衡调度器(NAT模式) |
E | rs1 | RIP:192.168.37.19VIP:192.168.37.100GW:192.168.37.106 | 后端服务器(NAT模式) |
F | rs2 | RIP:192.168.37.20VIP:192.168.37.100GW:192.168.37.106 | 后端服务器(NAT模式) |
原理:主从:一主一从,主服务器的在工作,从服务器的在待命状态;主的宕机了,VIP漂移到从服务器上,由从提供服务
1、在LVS1和LVS2服务器上,直接用本地yum源安装keepalived包
[root@ka1~]#yum install keepalived -y
[root@ka2~]#yum install keepalived -y
2、在LVS1修改keepalived配置文件之前先备份一份,以防万一配置问题,无法还原默认值。
[root@ka1~]#cd /etc/keepalived
[root@ka1keepalived]#cp keepalived.conf{,.bak}
3、在配置之前先实现基于key验证,并将双方的hosts文件写入对方配置文件中,方便LVS1和LVS2主机解析。
[root@ka1~]#ssh-keygen
[root@ka1~]#ssh-copy-id 192.168.37.37
[root@ka2~]#ssh-keygen
[root@ka2~]#ssh-copy-id 192.168.37.27
在ka1主机修改hosts配置文件,并将此配置文件传到ka2.
[root@ka1~]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.27 ka1
192.168.37.37 ka2
[root@ka1~]#scp /etc/hosts 192.168.37.37:/etc/
4、在客户端上配置网关和本机的IP地址
[root@centos6 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.11
GATEWAY=192.168.1.13
PREFIX=24
DNS1=114.114.114.114
5、在路由器上开启路由转发
[root@router~]#vim /etc/sysctl.conf 开启路由转发功能
net.ipv4.ip_forward=1
[root@router~]#sysctl -p 生效路由配置文件
在路由器左接口外网(桥接模式)添加一个IP地址
[root@routernetwork-scripts]#cat ifcfg-ens37
DEVICE=ens37
BOOTPROTO=none
IPADDR=192.168.1.13
PREFIX=24
ONBOOT=yes
DNS1=114.114.114.114
在路由器右接口内网(NAT模式)添加一个IP地址
[root@routernetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
BOOTPROTO=none
IPADDR=192.168.37.106
PREFIX=24
ONBOOT=yes
DNS1=114.114.114.114
6、配置RS1服务器的IP地址,网关指向路由器右边的IP地址
[root@rs1network-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.19
PREFIX=24
GATEWAY=192.168.37.106
DNS1=114.114.114.114
ONBOOT=yes
BOOTPROTO=static
7、配置RS2服务器的IP地址,网关指向路由器有边的IP地址
[root@rs2network-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.20
BOOTPROTO=static
GATEWAY=192.168.37.106
PREFIX=24
DNS1=114.114.114.114
ONBOOT=yes
8、在LVS1服务器上添加一个VIP地址和DIP地址,并将网关指向路由器右端的IP地址
[root@lvsnetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.27 DIP地址
PREFIX=24
BOOTPROTO=static
GATEWAY=192.168.37.106 指向路由器右端IP地址(192.168.37.106)的网关
ONBOOT=yes
DNS1=114.114.114.114
9、在LVS2服务器上添加一个VIP地址和DIP地址,并将网关指向路由器右端的IP地址
[root@lvsnetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.37 DIP地址
PREFIX=24
BOOTPROTO=static
GATEWAY=192.168.37.106 指向路由器右端IP地址(192.168.37.106)的网关
ONBOOT=yes
DNS1=114.114.114.114
配置ka主节点的keeplived文件
3、配置ka1机器的keepalived文件。
[root@ka1]cd /etc/keepalived
[root@ka1keepalived]#vim keepalived.conf
global_defs { 修改全局的配置
notification_email {
root@localhost 故障通知邮件信息
}
notification_email_from keepalived@localhost
smtp_server 172.0.0.1 添加本机的smpt地址,发邮件
smtp_connect_timeout 30
router_id ka1 本机主机名
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { 自定义示例名称
state MASTER 当前虚拟化路由器的初始化状态 MASTER|BACKUP
interface ens33 通知选举所用端口(如果本机是eth0,就修改为eth0)
virtual_router_id 66 虚拟路由的ID号,主备节点的ID号要一致(范围0-255)
priority 100 主节点的优先级,备节点的优先级必须低 (1-254)
advert_int 1 VRRP通告间隔时间,1秒
unicast_src_ip 192.168.37.27 # 配置源地址的IP地址,绑定单播地址的目的是为了防止与其他主机的IP地址存在冲突问题。
unicast_peer {
192.168.37.37 # 配置从节点的目标IP地址
}
authentication {
auth_type PASS 认证机制
auth_pass 123456 密码,最好使用随机密码(openssl rand -base64 9 生成一个9位数的随机数密码)
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1 添加VIP地址,可以起一个别名,方便观察
}
}
配置从节点ka2的keepalived文件
4、将ka1的配置文件复制到ka2机器上,并对其进行相关的修改。
[root@lvs1keepalived]#scp keepalived.conf 192.168.37.37:/etc/keepalived/
[root@ka2keepalived]#cd /etc/keepalived
[root@ka2keepalived]#vim keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2 改成本机主机名ka2
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP 改为BACKUP
interface ens33
virtual_router_id 66
priority 80 优先级要比主ka1服务器的低
advert_int 1
unicast_src_ip 192.168.37.37 # 配置源地址的IP地址,绑定单播地址的目的是为了防止与其他主机的IP地址存在冲突问题。
unicast_peer {
192.168.37.27 # 配置从节点的目标IP地址
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
}
5、此时已经配置完ka1和ka2机器,然后启动keepadlive服务
[root@ka1~]#systemctl start keepalived
[root@ka2~]#systemctl start keepalived
6、此时ka1和ka2都拥有VIP地址。
[root@ka1keepalived]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:99:83:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.37.27/24 brd 192.168.37.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.37.100/24 scope global secondary ens33:1 添加的VIP地址
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe99:8393/64 scope link
valid_lft forever preferred_lft forever
7、验证效果,在路由器端进行Ping通VIP地址,由于主节点优先级高,此时由主节点ka1承担VIP地址,如果ka1宕机之后,VIP地址就会漂移到备节点上,备用的从节点就会接替位置,还会在工作的过程中。
[root@routernetwork-scripts]#ping 192.168.37.100 路由器端ping VIP地址
PING 192.168.37.100 (192.168.37.100) 56(84) bytes of data.
64 bytes from 192.168.37.100: icmp_seq=1 ttl=64 time=3.53 ms
64 bytes from 192.168.37.100: icmp_seq=2 ttl=64 time=0.411 ms
64 bytes from 192.168.37.100: icmp_seq=3 ttl=64 time=0.413 ms
64 bytes from 192.168.37.100: icmp_seq=4 ttl=64 time=0.413 ms
64 bytes from 192.168.37.100: icmp_seq=5 ttl=64 time=0.640 ms
64 bytes from 192.168.37.100: icmp_seq=15 ttl=64 time=1.23 ms
64 bytes from 192.168.37.100: icmp_seq=16 ttl=64 time=0.362 ms
64 bytes from 192.168.37.100: icmp_seq=17 ttl=64 time=0.813 ms
[root@ka1keepalived]#systemctl stop keepalived 宕机主节点的keepalived服务
[root@routernetwork-scripts]#ping 192.168.37.100 此时的网络不会断掉,只是由从节点进行接管主节点的工作。
PING 192.168.37.100 (192.168.37.100) 56(84) bytes of data.
64 bytes from 192.168.37.100: icmp_seq=1 ttl=64 time=3.53 ms
64 bytes from 192.168.37.100: icmp_seq=2 ttl=64 time=0.411 ms
64 bytes from 192.168.37.100: icmp_seq=3 ttl=64 time=0.413 ms
64 bytes from 192.168.37.100: icmp_seq=4 ttl=64 time=0.413 ms
64 bytes from 192.168.37.100: icmp_seq=5 ttl=64 time=0.640 ms
64 bytes from 192.168.37.100: icmp_seq=15 ttl=64 time=1.23 ms
64 bytes from 192.168.37.100: icmp_seq=16 ttl=64 time=0.362 ms
64 bytes from 192.168.37.100: icmp_seq=17 ttl=64 time=0.813 ms
64 bytes from 192.168.37.100: icmp_seq=18 ttl=64 time=1.07 ms
64 bytes from 192.168.37.100: icmp_seq=19 ttl=64 time=0.406 ms
^C
--- 192.168.37.100 ping statistics ---
19 packets transmitted, 10 received, 1% packet loss, time 18019ms 丢包率是1%
rtt min/avg/max/mdev = 0.362/0.930/3.537/0.916 ms
实验二:实现keepaplived自定义脚本检测,进行邮件报警
nopreempt:定义工作模式为非抢占模式
preempt_delay 300:抢占式模式,节点上线后触发新选举操作的延迟时长,默认模式
定义通知脚本:
notify_master <STRING>|<QUOTED-STRING>:
当前节点成为主节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>:
当前节点转为备节点时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>:
当前节点转为“失败”状态时触发的脚本
notify <STRING>|<QUOTED-STRING>:
通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
1、脚本主要内容:检测到主从发生变化,或错误,给谁发邮件;邮件内容是:在什么时间,谁发生了什么变化
vim /etc/keepalived/notify.sh
#!/bin/bash
#
#********************************************************************
#Author: liu
#QQ: 29308620
#Date: 2019-12-10
#FileName: notify.sh
#URL: http://www.baidu.com
#Description: The test script
#Copyright (C): 2019 All rights reserved
#********************************************************************
contact='root@localhost' 要发送给的邮件地址,此时是写的本地地址,可以联网去发给其他运维工程师
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
2、脚本加权限 chmod +x /etc/keepalived/notify.sh
在keepalived配置文件中调用脚本
脚本的调用方法:
在vrrp_instance VI_1 语句块最后面加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
1、修改ka1的keepalived.conf配置文件
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka1
# vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
2、在ka2机器中添加三条调用脚本的信息。
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
#vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault" 出故障返回此信息
}
3、先将主从节点的keepalived服务启动:systemctl start keepalived
4、然后宕机主节点的keepalived服务,此时查看从节点的邮件信息,邮件就会发送到从节点当做主节点的信息。
[root@ka1~]#killall -9 keepalived 关闭掉主节点的keepalived服务
查看从节点的邮件,此时VIP地址漂移到从节点作为主节点,不会导致失败。
5、当又恢复了主节点的keepalived服务,此时就会查看主节点的邮件,又会恢复到master状态
6、查看从节点的邮件,此时从节点又会返回到BACKUP状态。
打开Wireshark软件,选择VMnet8模式,就会抓取到VIP的地址和密码。
实验三:实现双主keepaplived功能
原理:两个keepalived机器都当主节点,当一个机器宕机后,就会将主节点的VIP的IP地址漂移到另一台主节点上,此时另一台主节点就会有两个VIP的IP地址。
配置keepalived1主机
[root@ka1keepalived]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka1
#vrrp_mcast_group4 224.110.110.110
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
192.168.37.200/24 dev ens33 label ens33:2 对于另一台192.168.37.200的主机来说,本机就是从服务器
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
配置keepalived2主机
[root@ka2keepalived]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
#vrrp_mcast_group4 224.110.110.110
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 654321
}
virtual_ipaddress {
192.168.37.200/24 dev ens33 label ens33:2 对于另一台192.168.37.200的主机来说,本机是主服务器
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
效果测试:
宕机掉主节点的IP地址为192.168.37.100的主机,此时该IP地址就会漂移到另一台keepalived服务器上。
在另一台keepalived服务器上查看,此时192.168.37.100的地址就飘到此主机上,实现双主配置。
总结:当一台主机的机器宕机后,此时主节点的IP地址就会漂移到另一台主机上,此时就实现了双主模式的keepalived服务配置。
实战四:实现keepalived的HTTP模式高可用基于LVS-DR模式的应用实战
1、在客户端上配置网关和本机的IP地址
[root@centos6 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.11
GATEWAY=192.168.1.13
PREFIX=24
DNS1=114.114.114.114
2、在路由器上开启路由转发
[root@router~]#vim /etc/sysctl.conf 开启路由转发功能
net.ipv4.ip_forward=1
[root@router~]#sysctl -p 生效路由配置文件
在路由器左接口外网(桥接模式)添加一个IP地址
[root@routernetwork-scripts]#cat ifcfg-ens37
DEVICE=ens37
BOOTPROTO=none
IPADDR=192.168.1.13
PREFIX=24
ONBOOT=yes
DNS1=114.114.114.114
在路由器右接口内网(NAT模式)添加一个IP地址
[root@routernetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
BOOTPROTO=none
IPADDR=192.168.37.106
PREFIX=24
ONBOOT=yes
DNS1=114.114.114.114
4、配置RS1服务器的IP地址,网关指向路由器右边的IP地址
[root@rs1network-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.19
PREFIX=24
GATEWAY=192.168.37.106
DNS1=114.114.114.114
ONBOOT=yes
BOOTPROTO=static
5、配置RS2服务器的IP地址,网关指向路由器有边的IP地址
[root@rs2network-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.20
BOOTPROTO=static
GATEWAY=192.168.37.106
PREFIX=24
DNS1=114.114.114.114
ONBOOT=yes
6、在LVS1服务器上添加一个VIP地址和DIP地址,并将网关指向路由器右端的IP地址
[root@lvsnetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.27 DIP地址
PREFIX=24
BOOTPROTO=static
GATEWAY=192.168.37.106 指向路由器右端IP地址(192.168.37.106)的网关
ONBOOT=yes
DNS1=114.114.114.114
7、在LVS2服务器上添加一个VIP地址和DIP地址,并将网关指向路由器右端的IP地址
[root@lvsnetwork-scripts]#cat ifcfg-ens33
DEVICE=ens33
IPADDR=192.168.37.37 DIP地址
PREFIX=24
BOOTPROTO=static
GATEWAY=192.168.37.106 指向路由器右端IP地址(192.168.37.106)的网关
ONBOOT=yes
DNS1=114.114.114.114
在lvs-server-master 主节点配置文件
[root@ka1]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka1
#vrrp_mcast_group4 224.110.110.110
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.37.100 80 {
delay_loop 6 服务轮询时间间隔
lb_algo rr rr轮询算法
lb_kind DR LVS集群模式:RD模式
protocol TCP
persistence_timeout 600 持久连接600s,一直访问一台主机
sorry_server 192.168.37.47 当两个主机宕机时提示道歉信息
real_server 192.168.37.19 80 { RS1服务器的信息
weight 1
HTTP_GET { 使用http模式
url {
path / 返回到根目录
status_code 200
}
connect_timeout 3 连接超时时长
nb_get_retry 3 重建次数
delay_before_retry 3 重建间隔
}
}
real_server 192.168.37.20 80 { RS2服务器信息
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
启动keepalived服务,并查看ipvsadm集群规则。
[root@ka1keepalived]#systemctl restart keepalived
[root@ka1keepalived]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.37.100:80 rr
-> 192.168.37.19:80 Route 1 0 4 此时相关的RS1服务策略已配置
-> 192.168.37.20:80 Route 1 0 4 此时相关的RS2服务策略已配置
在lvs-server-master 从节点配置文件
[root@ka2]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
#vrrp_mcast_group4 224.110.110.110
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100/24 dev ens33 label ens33:1
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.37.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
persistence_timeout 600 持久连接,一直连接一台主机600s
sorry_server 127.0.0.7 80
real_server 192.168.37.19 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.37.20 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在real server1 修改配置文件
[root@rs1~]#vim lvs_dr_rs.sh
#!/bin/bash
#Author:liu
#Date:2017-08-13
vip=192.168.37.100 指向VIP地址
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
#service httpd start &> /dev/null && echo "The httpd Server is Ready!"
#echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
执行脚本:
[root@rs1~]#bash lvs_dr_rs.sh start
The RS Server is Ready!
永久生效,可以写到配置文件中
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p 使配置文件生效。
sysctl -p
在real server2修改配置文件
[root@rs2~]#vim lvs_dr_rs.sh
#!/bin/bash
#Author:liu
#Date:2017-08-13
vip=192.168.37.100
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
#service httpd start &> /dev/null && echo "The httpd Server is Ready!"
#echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
执行脚本:
[root@rs2~]#bash lvs_dr_rs.sh start
The RS Server is Ready!
添加RS1和RS2服务器的页面文件,并启动httpd服务
[root@rs1~]#echo 192.168.37.19 RS1 > /var/www/html/index.html
[root@rs1~]#systemctl start httpd
[root@rs2~]#echo 192.168.37.20 RS2 > /var/www/html/index.html
[root@rs2~]#systemctl start httpd
客户端测试效果:
此时在客户端已经访问到RS1和RS2的httpd服务下的网页
[root@router~]#while : ;do curl 192.168.37.100 ;sleep 0.5;done
192.168.37.20 RS2
192.168.37.19 RS1
192.168.37.20 RS2
192.168.37.19 RS1
此时停掉LVS1的keepalived服务
[root@ka1keepalived]#systemctl stop keepalived.service
客户端仍然还在访问过程,不会被断开。
此时LVS2上有ipvsadm规则,并将LVS1服务的VIP地址漂移到LVS2服务器上,解决了LVS1故障问题。
当有启动LVS1机器的keepalived服务,由于LVS1的优先级高,ipvsadm服务规则和VIP地址就又飘到了主服务器上,LVS2的服务器上也有ipvsadm规则和VIP地址。
验证两个RS服务器都宕机效果:
1、在LVS1和LVS2服务器上分别添加网页显示页面。
[root@ka1~]#echo sorry server > /var/www/html/index.html 在keepalived1写入道歉信息
[root@ka1~]#systemctl start httpd
[root@ka2~]#echo sorry server1 > /var/www/html/index.html 在keepalived2写入道歉信息
[root@ka2~]#systemctl start httpd
2、此时宕机RS1和RS2及LVS1服务器,在客户端上显示sorry server1.
[root@rs1~]#systemctl stop httpd 宕机RS1服务器
[root@rs2~]#systemctl stop httpd 宕机RS2服务器
[root@ka1~]#systemctl stop keepalived 宕机keepalived1服务器
在客户端访问VIP返回的结果就是keepalived2服务器道歉的信息。