LVS+Keepalived主从热备的高可用环境部署

环境准备

系统环境为 CentOS release 6.8
已关闭SELINUX和防火墙

LVS_Keepalived_Master

beetest1 192.168.1.57

LVS_Keepalived_Backup

beetest2 192.168.1.188

Real_Server1

192.168.1.200

Real_Server2

192.168.1.201

VIP

192.168.1.100

安装LVS(在keepalived 主从两台机器上)

yum安装ipvsadm及相关依赖包 还有后面编译源码包需要用到的 gcc和make工具

yum install ipvsadm kernel-devel openssl-devel popt* libnl* gcc make -y

查看是否加载lvs模块

[root@beetest1 ~]# modprobe -l |grep ipvs
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko

LVS安装完成,查看当前LVS集群

ipvsadm -L -n

配置VIP(在后端两台 real server)

在后端的两台realserver机器上配置绑定VIP的脚本

[root@ty200 ~]# vim /etc/init.d/realserver

#!/bin/sh
VIP=192.168.1.100
./etc/rc.d/init.d/functions

case "$1" in
# 禁用本地的ARP请求、绑定本地回环地址
start)
    /sbin/ifconfig lo down
    /sbin/ifconfig lo up
    echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
    /sbin/sysctl -p >/dev/null 2>&1
    /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up     #在回环地址上绑定VIP,设定掩码,与Direct Server(自身)上的IP保持通信
    /sbin/route add -host $VIP dev lo:0
    echo "LVS-DR real server starts successfully.\n"
    ;;
stop)
    /sbin/ifconfig lo:0 down
    /sbin/route del $VIP >/dev/null 2>&1
    echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "LVS-DR real server stopped.\n"
    ;;
status)
    isLoOn=`/sbin/ifconfig lo:0 | grep "$VIP"`
    isRoOn=`/bin/netstat -rn | grep "$VIP"`
    if [ "$isLoON" == "" -a "$isRoOn" == "" ]; then
        echo "LVS-DR real server has run yet."
    else
        echo "LVS-DR real server is running."
    fi
    exit 3
    ;;*)
    echo "Usage: $0 {start|stop|status}"
    exit 1
esac
exit 0

将lvs脚本加入开机自启动 并 手动启动

[root@ty200 ~]# chmod +x /etc/init.d/realserver
[root@ty200 ~]# echo "/etc/init.d/realserver" >> /etc/rc.d/rc.local
[root@ty200 ~]# /etc/init.d/realserver start
Starting realserver (via systemctl):                       [  OK  ]

查看realserver服务器,发现VIP已经成功绑定到本地回环口lo上了

[root@ty200 ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.200  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::5054:ff:fe4a:4bc9  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:4a:4b:c9  txqueuelen 1000  (Ethernet)
        RX packets 17402349  bytes 1207246415 (1.1 GiB)
        RX errors 0  dropped 1561889  overruns 0  frame 0
        TX packets 101713  bytes 6842519 (6.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.1.100  netmask 255.255.255.255
        loop  txqueuelen 0  (Local Loopback)

安装配置keepalived(在keepalived 主从两台机器上)



[root@beetest1 ~]# wget http://www.keepalived.org/software/keepalived-1.2.5.tar.gz [root@beetest1 ~]# tar zxf keepalived-1.2.5.tar.gz cd keepalived-1.2.5 [root@beetest1 keepalived-1.2.5]# ./configure --prefix=/usr/local/keepalived ... Keepalived configuration ------------------------ Keepalived version : 1.2.5 Compiler : gcc Compiler flags : -g -O2 Extra Lib : -lpopt -lssl -lcrypto -lnl Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No Use Debug flags : No [root@beetest1 keepalived-1.2.5]# make [root@beetest1 keepalived-1.2.5]# make install [root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ [root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/etc/keepalived /etc/ [root@beetest1 keepalived-1.2.5]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin

编辑keepalived配置文件

[root@beetest1 ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER        
    #备机改为 BACKUP,此状态是由 priority 的值来决定的,当前 priority 的值小于备机的值,那么将会失去 MASTER 状态
    interface eth0
    virtual_router_id 51
    #主、备机的 virtual_router_id 必须相同,取值 0-255
    priority 100
    #备份机改为 50,主机优先级一定要大于备机
    advert_int 1
    #主备之间的通告间隔秒数

    authentication {
        auth_type PASS
        auth_pass 1111
    }

    #设置虚拟 IP 地址,可以设置多个虚拟 IP 地址,每行一个
    virtual_ipaddress {
        192.168.1.100
    }
}


#定义虚拟服务器
virtual_server 192.168.1.100 80 {
    delay_loop 6            #每隔 6 秒查询 realserver 状态
    lb_algo rr                #lvs 调度算法,这里使用轮叫  
    lb_kind DR              #LVS 是用 DR 模式 

    nat_mask 255.255.255.0
    #persistence_timeout 50
    #会话保持时间,单位是秒,这个选项对于动态网页是非常有用的,为集群系统中 session 共享提供了一个很好的解决方案。有了这个会话保持功能,用户的请求会被一直分发到某个服务节点,直到超过这个会话保持时间。需要注意的是,这个会话保持时间,是最大无响应超时时间,也就是说用户在操作动态页面时,如果在 50 秒内没有执行任何操作,那么接下来的操作会被分发到另外节点,但是如果一直在操作动态页面,则不受 50 秒的时间限制。
    protocol TCP            #指定转发协议类型,有 tcp 和 udp 两种

    #配置服务节点
    real_server 192.168.1.201 80 {
        weight 1       #权重
        #realserve 的状态检测设置部分,单位是秒
        TCP_CHECK { 
            connect_timeout 3 #3 秒无响应超时
            nb_get_retry 3 #重试次数
            delay_before_retry 3 #重试间隔
        }
     }
    real_server 192.168.1.200 80 {
        weight 1
    TCP_CHECK { #realserve 的状态检测设置部分,单位是秒
        connect_timeout 3 #3 秒无响应超时
        nb_get_retry 3 #重试次数
        delay_before_retry 3 #重试间隔
    }
        }

}

启动keepalived

[root@beetest1 ~]# /etc/init.d/keepalived start

后端server安装nginx的过程不再叙述,此时后端两台realserver 已经在80端口提供http服务

测试

  1. 高可用测试:停止 master 上的 keepalived 服务,看 backup 是否接管。
  2. 负载均衡测试:访问 http://192.168.1.100,看到页面在两个 realserver 上切换表示成功!
    你也可以通过 ipvsadm -Lnc 查看详细连接情况!
    1. 故障切换测试:任意关闭 realserver 上的 nginx 服务,Keepalived 监控模块是否能及时发现,然后屏蔽故障节点,同时将服务转移到正常节点来执行。