环境准备
系统环境为 CentOS release 6.8
已关闭SELINUX和防火墙
LVS_Keepalived_Master
beetest1 192.168.1.57
LVS_Keepalived_Backup
beetest2 192.168.1.188
Real_Server1
192.168.1.200
Real_Server2
192.168.1.201
VIP
192.168.1.100
安装LVS(在keepalived 主从两台机器上)
yum安装ipvsadm及相关依赖包 还有后面编译源码包需要用到的 gcc和make工具
yum install ipvsadm kernel-devel openssl-devel popt* libnl* gcc make -y
查看是否加载lvs模块
[root@beetest1 ~]# modprobe -l |grep ipvs
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko
LVS安装完成,查看当前LVS集群
ipvsadm -L -n
配置VIP(在后端两台 real server)
在后端的两台realserver机器上配置绑定VIP的脚本
[root@ty200 ~]# vim /etc/init.d/realserver
#!/bin/sh
VIP=192.168.1.100
./etc/rc.d/init.d/functions
case "$1" in
# 禁用本地的ARP请求、绑定本地回环地址
start)
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/sbin/sysctl -p >/dev/null 2>&1
/sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up #在回环地址上绑定VIP,设定掩码,与Direct Server(自身)上的IP保持通信
/sbin/route add -host $VIP dev lo:0
echo "LVS-DR real server starts successfully.\n"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $VIP >/dev/null 2>&1
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "LVS-DR real server stopped.\n"
;;
status)
isLoOn=`/sbin/ifconfig lo:0 | grep "$VIP"`
isRoOn=`/bin/netstat -rn | grep "$VIP"`
if [ "$isLoON" == "" -a "$isRoOn" == "" ]; then
echo "LVS-DR real server has run yet."
else
echo "LVS-DR real server is running."
fi
exit 3
;;*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
将lvs脚本加入开机自启动 并 手动启动
[root@ty200 ~]# chmod +x /etc/init.d/realserver
[root@ty200 ~]# echo "/etc/init.d/realserver" >> /etc/rc.d/rc.local
[root@ty200 ~]# /etc/init.d/realserver start
Starting realserver (via systemctl): [ OK ]
查看realserver服务器,发现VIP已经成功绑定到本地回环口lo上了
[root@ty200 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.200 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5054:ff:fe4a:4bc9 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:4a:4b:c9 txqueuelen 1000 (Ethernet)
RX packets 17402349 bytes 1207246415 (1.1 GiB)
RX errors 0 dropped 1561889 overruns 0 frame 0
TX packets 101713 bytes 6842519 (6.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.1.100 netmask 255.255.255.255
loop txqueuelen 0 (Local Loopback)
安装配置keepalived(在keepalived 主从两台机器上)
[root@beetest1 ~]# wget http://www.keepalived.org/software/keepalived-1.2.5.tar.gz
[root@beetest1 ~]# tar zxf keepalived-1.2.5.tar.gz cd keepalived-1.2.5
[root@beetest1 keepalived-1.2.5]# ./configure --prefix=/usr/local/keepalived
...
Keepalived configuration
------------------------
Keepalived version : 1.2.5
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
[root@beetest1 keepalived-1.2.5]# make
[root@beetest1 keepalived-1.2.5]# make install
[root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/keepalived /etc/
[root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin
编辑keepalived配置文件
[root@beetest1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
#备机改为 BACKUP,此状态是由 priority 的值来决定的,当前 priority 的值小于备机的值,那么将会失去 MASTER 状态
interface eth0
virtual_router_id 51
#主、备机的 virtual_router_id 必须相同,取值 0-255
priority 100
#备份机改为 50,主机优先级一定要大于备机
advert_int 1
#主备之间的通告间隔秒数
authentication {
auth_type PASS
auth_pass 1111
}
#设置虚拟 IP 地址,可以设置多个虚拟 IP 地址,每行一个
virtual_ipaddress {
192.168.1.100
}
}
#定义虚拟服务器
virtual_server 192.168.1.100 80 {
delay_loop 6 #每隔 6 秒查询 realserver 状态
lb_algo rr #lvs 调度算法,这里使用轮叫
lb_kind DR #LVS 是用 DR 模式
nat_mask 255.255.255.0
#persistence_timeout 50
#会话保持时间,单位是秒,这个选项对于动态网页是非常有用的,为集群系统中 session 共享提供了一个很好的解决方案。有了这个会话保持功能,用户的请求会被一直分发到某个服务节点,直到超过这个会话保持时间。需要注意的是,这个会话保持时间,是最大无响应超时时间,也就是说用户在操作动态页面时,如果在 50 秒内没有执行任何操作,那么接下来的操作会被分发到另外节点,但是如果一直在操作动态页面,则不受 50 秒的时间限制。
protocol TCP #指定转发协议类型,有 tcp 和 udp 两种
#配置服务节点
real_server 192.168.1.201 80 {
weight 1 #权重
#realserve 的状态检测设置部分,单位是秒
TCP_CHECK {
connect_timeout 3 #3 秒无响应超时
nb_get_retry 3 #重试次数
delay_before_retry 3 #重试间隔
}
}
real_server 192.168.1.200 80 {
weight 1
TCP_CHECK { #realserve 的状态检测设置部分,单位是秒
connect_timeout 3 #3 秒无响应超时
nb_get_retry 3 #重试次数
delay_before_retry 3 #重试间隔
}
}
}
启动keepalived
[root@beetest1 ~]# /etc/init.d/keepalived start
后端server安装nginx的过程不再叙述,此时后端两台realserver 已经在80端口提供http服务
测试
- 高可用测试:停止 master 上的 keepalived 服务,看 backup 是否接管。
- 负载均衡测试:访问 http://192.168.1.100,看到页面在两个 realserver 上切换表示成功!
你也可以通过 ipvsadm -Lnc 查看详细连接情况! -
- 故障切换测试:任意关闭 realserver 上的 nginx 服务,Keepalived 监控模块是否能及时发现,然后屏蔽故障节点,同时将服务转移到正常节点来执行。