Keepalived搭建LVS高可用集群
一 基础环境
1.1 IP规划
OS:CentOS 6.8 64位
节点类型 | IP规划 | 主机名 | 类型 |
|---|---|---|---|
主 Director Server | eth0:172.24.8.10 | DR1 | 公共IP |
eth1:192.168.56.100 | 心跳 | 私有IP | |
eth0:0:172.24.8.100 | 无 | 虚拟IP | |
主 Director Server | eth0:172.24.8.11 | DR2 | 公共IP |
eth1:192.168.56.101 | 心跳 | 私有IP | |
Real Server 1 | eth0:172.24.8.12 | rs1 | 公共IP |
lo:0:172.24.8.100 | 无 | 虚拟IP | |
Real Server 1 | eth0:172.24.8.13 | rs2 | 公共IP |
lo:0:172.24.8.100 | 无 | 虚拟IP |
1.2 架构规划
二 高可用LVS负载均衡集群部署
2.1 NTP部署
操作略,具体可参考N01.1.1-常见服务《NTP》。
注意:为了保证集群的稳定性,强烈建议在所有节点均部署NTP同步服务,保证所有时钟一致。
2.2 部署httpd集群
[root@RServer01 ~]# yum -y install httpd [root@RServer01 ~]# service iptables stop [root@RServer01 ~]# chkconfig iptables off [root@RServer01 ~]# vi /etc/selinux/config SELINUX=disabled [root@master ~]# setenforce 0 #关闭SELinux及防火墙
注意:后端所有Real服务器节点都需要安装,用于模拟测试。
建议:为了测试方便,建议所��节点关闭防火墙和SELinux,若未关闭防火墙也可通过下列方式放通:
firewall-cmd --permanent–-add-service=keepalived firewall-cmd --reload
2.3 安装Keepalived
[root@lvsmaster ~]# yum -y install gcc gcc-c++ make kernel-devel kernel-tools kernel-tools-libs kernel libnl libnl-devel libnfnetlink-devel openssl-devel wget openssh-clients #安装基础环境及依赖 [root@lvsmaster ~]# ln -s /usr/src/kernels/`uname -r` /usr/src/linux [root@lvsmaster ~]# wget http://www.keepalived.org/software/keepalived-1.3.6.tar.gz [root@lvsmaster ~]# tar -zxvf keepalived-1.3.6.tar.gz #编译安装Keepalived [root@lvsmaster ~]# cd keepalived-1.3.6/ [root@lvsmaster keepalived-1.3.6]# ./configure --prefix=/usr/local/keepalived [root@Master keepalived-1.3.9]# make && make install
注意:CentOS6.8安装高于1.3.6版本会出现未知错误。
2.4 添加启动相关服务
[root@lvsmaster ~]# mkdir /etc/keepalived [root@lvsmaster ~]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ [root@lvsmaster ~]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@lvsmaster ~]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@lvsmaster ~]# vi /etc/init.d/keepalived #创建Keepalived启动脚本,如附件 #!/bin/sh # # keepalived High Availability monitor built upon LVS and VRRP # # chkconfig: - 86 14 # description: Robust keepalive facility to the Linux Virtual Server project \ # with multilayer TCP/IP stack checks.
### BEGIN INIT INFO # Provides: keepalived # Required-Start: $local_fs $network $named $syslog # Required-Stop: $local_fs $network $named $syslog # Should-Start: smtpdaemon httpd # Should-Stop: smtpdaemon httpd # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: High Availability monitor built upon LVS and VRRP # Description: Robust keepalive facility to the Linux Virtual Server # project with multilayer TCP/IP stack checks. ### END INIT INFO
# Source function library. . /etc/rc.d/init.d/functions
exec="/usr/sbin/keepalived" prog="keepalived" config="/etc/keepalived/keepalived.conf"
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/keepalived
start() { [ -x $exec ] || exit 5 [ -e $config ] || exit 6 echo -n $"Starting $prog: " daemon $exec $KEEPALIVED_OPTIONS retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval }
stop() { echo -n $"Stopping $prog: " killproc $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval }
restart() { stop start }
reload() { echo -n $"Reloading $prog: " killproc $prog -1 retval=$? echo return $retval }
force_reload() { restart }
rh_status() { status $prog }
rh_status_q() { rh_status &>/dev/null }
case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 2 esac exit $ [root@lvsmaster ~]# chmod u+x /etc/rc.d/init.d/keepalived [root@lvsmaster ~]# vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived …… smtp_connect_timeout 30 router_id LVS_Master #表示运行Keepalived服务器的一个标识 }
vrrp_instance VI_1 { state MASTER #指定Keepalived的角色 interface eth0 #指定HA监测网络的接口 virtual_router_id 51 #同一个vrrp实例使用唯一的标识,即同一个vrrp_instance下,Master和Backup必须是一致的 priority 100 #定义优先级,数值越大,优先级越高 advert_int 1 #设定Mater和Backup负载均衡器之间同步检查时间间隔 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.24.8.100 #设置虚拟IP地址 } }
virtual_server 172.24.8.100 80 { delay_loop 6 #运行情况检查时间 lb_algo rr #设置负载均衡算法 lb_kind DR #设置LVS实现负载均衡的机制,有NAT/DR/TUN persistence_timeout 50 #会话保持时间 protocol TCP #指定转发类型
real_server 172.24.8.12 80 { weight 1 #服务节点的权值,数值越大,权值越高 TCP_CHECK { connect_timeout 5 #表示无响应超时时间,单位是秒 nb_get_retry 3 #表示重试次数 delay_before_retry 3 #表示重试间隔 } } real_server 172.24.8.13 80 { weight 1 TCP_CHECK { connect_timeout 5 nb_get_retry 3 delay_before_retry 3 } } } [root@lvsmaster ~]# scp /etc/keepalived/keepalived.conf 172.24.8.11:/etc/keepalived/keepalived.conf [root@lvsbackup ~]# vi /etc/keepalived/keepalived.conf state BACKUP priority 80
注意;备用Director Server上需要修改状态为BACKUP和priority优先级。
2.5 安装IPVS管理工具
1 [root@lvsmaster ~]# yum -y install ipvsadm2.6 配置Real Server节点
在LVS的DR和TUN模式下,用户访问请求到大Real Server后,Real Server的响应报文直接返回给用户,而不需经过Director Server。因此,需要在每个Real Server上配置虚拟VIP地址。
注意:回环接口绑定vip,且禁止arp请求等操作,可通过以下脚本实现:脚本可留言索要。
1 [root@RServer01 ~]# vi /etc/init.d/lvsrs
2 [root@RServer01 ~]# chmod u+x /etc/init.d/lvsrs2.7 启动集群
[root@RServer01 ~]# service httpd start [root@RServer01 ~]# chkconfig httpd on [root@RServer02 ~]# service httpd start [root@RServer02 ~]# chkconfig httpd on
[root@lvsmaster ~]# service keepalived start [root@lvsmaster ~]# chkconfig keepalived on [root@lvsbackup ~]# service keepalived start [root@lvsbackup ~]# chkconfig keepalived on
[root@RServer01 ~]# service lvsrs start [root@RServer02 ~]# service lvsrs start
三 测试集群
3.1 高可用功能测试
停止主Director Server服务器的Keepalived,观察/var/log/messages日志,可知备机会立刻变为MASTER,并且接管主机的虚拟ip资源。重启主Director Server服务器的Keepalived,备机会重新恢复为BACKUP角色。
具体测试略。
3.2 负载均衡测试
1 [root@RServer01 ~]# echo 'This is Real Server01!' >>/var/www/html/index.html
2 [root@RServer01 ~]# echo 'This is Real Server02!' >>/var/www/html/index.html然后浏览器访问:http://172.24.8.100,并不断的刷新,能分别看到Server01和Server02即可。
3.3 故障切换测试
1 [root@RServer01 ~]# service httpd stop
当关掉其中一个Real Server时,访问VIP,只会显示还处于集群中的web节点。
