LVS + Keepalived 高可用集群
Keepalived的设计目标是构建高可用的LVS负载均衡的集群,可以调用ipvsadm工具创建虚拟机,不仅仅用作双机热备,还可以使用keepalived构建更加方便快捷的节点,进行相关的健康检查,自动移除失效节点,恢复后再重新加入。
在基于LVS+Keepalived实现的LVS群集结构中,至少包括两台热备的负载调度器,三台以上的节点服务器。此博客将以DR模式的LVS群集为基础,增加一台从负载调度器,使用Keepalived来实现主、从调度器的热备,从而构建兼有负载均衡、高可用两种能力的LVS网站群集平台。
案例如下
使用Keepalived构建LVS群集时,也需要用到ipvsadm管理工具,但大部分工作会由Keepalived自动完成,不需要手动执行ipvsadm(除了查看和监控群集以外)。
环境分析
1)、2个调度器和2个web节点使用同一个网段地址,可以直接和外网通信。为了共享存储的安全性,一般将web节点和存储服务器规划到内网环境,所以web节点必须有两个及以上网卡的接口。
2)、我这里资源有限,也为了配置方便,所以调度器和web节点分别只有两个,在web访问请求量不大的情况下,足够了,但是若访问请求比较大,那么最少要分别配置三个调度器和web节点,如果只有两个web节点的话,访问量又比较大,那么一旦有一个宕机了,那剩下一个独苗必定会因为扛不住激增的访问请求,而被打死。
3)、准备系统映像,以便安装相关服务。
4)、自行配置防火墙策略和除了VIP之外的IP地址(我这里直接关闭了防火墙)。
5)、keepalived会自动调用IP_vs模块,所以无需手动加载。
最终效果
1)、客户端多次访问群集的VIP,得到的是同一个网页。
2)、主调度器宕机后,群集的VIP地址将会自动漂移到从(备份)调度器,此时,所有的调度任务由从调度器进行分配。当主调度器恢复运行后,群集的VIP地址会自动转移回主调度器,主调度器继续工作,从调度器转回备份状态。
3)、web节点宕机后,会被keepalived健康检查功能检测到,从而自动在web节点池中去除宕机的节点,待web节点恢复运行后,会被自动添加到web节点池中。
开始配置LVS+Keepalived高可用群集
部署第一台Web服务器
[root@centos01 ~]# yum -y install httpd [root@centos01 ~]# echo "www.benet.com" >/var/www/html/index.html [root@centos01 ~]# systemctl start httpd [root@centos01 ~]# systemctl enable httpd[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo/etc/sysconfig/network-scripts/ifcfg-lo:0 [root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.100.253 NETMASK=255.255.255.255 ONBOOT=yes[root@centos01 ~]# systemctl restart network [root@centos01 ~]# ifconfig lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 488 bytes 39520 (38.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 488 bytes 39520 (38.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo:0: flags=73 mtu 65536 inet 192.168.100.253 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)[root@centos01 ~]# vim /etc/sysctl.conf net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2[root@centos01 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2部署第二台Web服务器
[root@centos02 ~]# yum -y install httpd [root@centos02 ~]# echo "www.accp.com" >/var/www/html/index.html [root@centos02 ~]# systemctl start httpd [root@centos02 ~]# systemctl enable httpd [root@centos02 ~]# scp root@192.168.100.10:/etc/sysconfig/network-scripts/ifcfg-lo:0/etc/sysconfig/network-scripts/The authenticity of host '192.168.100.10 (192.168.100.10)' can't be established.ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.100.10' (ECDSA) to the list of known hosts.root@192.168.100.10's password: ifcfg-lo:0 100% 70 53.3KB/s 00:00[root@centos02 ~]# scp root@192.168.100.10:/etc/sysctl.conf /etc/sysctl.conf root@192.168.100.10's password: sysctl.conf 100% 660 304.3KB/s 00:00[root@centos02 ~]# systemctl restart network [root@centos02 ~]# ifconfig lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 496 bytes 40064 (39.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 496 bytes 40064 (39.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo:0: flags=73 mtu 65536 inet 192.168.100.253 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)[root@centos02 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2部署主调度器
[root@centos04 ~]# yum -y install keepalived ipvsadm [root@centos04 ~]# vim /etc/sysctl.conf .....................net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos04 ~]# sysctl -p net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos04 ~]# cd /etc/keepalived/[root@centos04 keepalived]# cp keepalived.conf keepalived.conf.bak [root@centos04 keepalived]# vim keepalived.conf ! Configuration File for keepalivedglobal_defs { router_id LVS_DEVEL1}vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.100.253 }}virtual_server 192.168.100.253 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.100.10 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.100.20 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } }} [root@centos04 ~]# systemctl restart keepalived [root@centos04 ~]# systemctl enable keepalived 配置从调度器
[root@centos05 ~]# yum -y install ipvsadm keepalived [root@centos05 ~]# scp root@192.168.100.40:/etc/sysctl.conf /etc/root@192.168.100.40 s password: sysctl.conf 100% 566 205.8KB/s 00:00[root@centos05 ~]# sysctl -p net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos05 ~]# scp root@192.168.100.40:/etc/keepalived/keepalived.conf/etc/keepalived/ root@192.168.100.40's password: keepalived.conf 100% 803 2.1MB/s 00:00[root@centos05 ~]# vim /etc/keepalived/keepalived.conf router_id LVS_HA_Backup state BACKUP interface ens32 priority 99 [root@centos05 ~]# systemctl start keepalived [root@centos05 ~]# chkconfig --level 35 keepalived on 至此,主、从调度器也配置完成了,若需要部署多个从调度器,按照以上这个从(备份)调度器配置即可。
配置客户端访问
客户端测试访问VIP地址:192.168.100.253
为了测试,所以才在每个web节点准备不同的网页文件,以便测试是否有负载均衡的效果,现在效果已经有了,所以要搭建共享存储服务器,所有的web节点都从共享存储服务器读取网页文件向client提供,以便向client提供相同的网页文件。
接下来开始配置共享存储服务器
配置NFS服务器
[root@centos03 ~]# yum -y install rpcbind nfs-utils [root@centos03 ~]# mkdir /web [root@centos03 ~]# echo "www.nfs.com" > /web/index.html [root@centos03 ~]# vim /etc/exports /web 192.168.100.10(ro) 192.168.100.20(rw)[root@centos03 ~]# systemctl start rpcbind [root@centos03 ~]# systemctl enable rpcbind [root@centos03 ~]# systemctl enable nfs [root@centos03 ~]# showmount -e 192.168.100.30 Export list for 192.168.100.30:/web 192.168.100.20,192.168.100.10Web站点挂载共享存储目录
Web节点1服务器挂载共享目录
[root@centos01 ~]# mount 192.168.100.30:/web /var/www/html/ [root@centos01 ~]# cat /var/www/html/index.html www.nfs.com[root@centos01 ~]# vim /etc/fstab 192.168.100.30:/web /var/www/html/ nfs defaults 0 0[root@centos01 ~]# systemctl restart httpd Web节点2服务器挂载共享目录
[root@centos02 ~]# mount 192.168.100.30:/web /var/www/html/ [root@centos02 ~]# cat /var/www/html/index.html www.nfs.com[root@centos02 ~]# vim /etc/fstab 192.168.100.30:/web /var/www/html/ nfs defaults 0 0[root@centos02 ~]# systemctl restart httpd 客户端再次访问测试
这次,客户端无论怎么刷新,看到的页面永远都是www.nfs.com
案例相关的查询命令
VIP在哪个调度器上,查询该调度器承载VIP地址的物理接口,即可看到VIP地址(VIP地址在备份调度器上查不到的):
[root@centos04 ~]# ip a show dev ens32 ens32: ate UP groupn 1000 link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet 192.168.100.253/32 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute valid_lft forever preferred_lft forever查询有哪些web节点
[root@centos04 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.100.253:80 rr persistent 50 -> 192.168.100.10:80 Route 1 0 0 -> 192.168.100.20:80 Route 1 0 0模拟第二台Web节点和主调度器故障,并在备份调度器上再次查询VIP以及web节点
[root@centos05 ~]# ip a show dev ens32 ens32: ate UP groupn 1000 link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet 192.168.100.253/32 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@centos05 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.100.253:80 rr -> 192.168.100.10:80 Route 1 0 0查看调度器故障切换时的日志消息
[root@centos05 ~]# tail -30 /var/log/messages
![[html] 写html代码时,如果缺少了结束标签,你如何检测及如何预防?](http://pic.xiahunao.cn/[html] 写html代码时,如果缺少了结束标签,你如何检测及如何预防?)
![[html] 写html代码时,如果缺少了结束标签,你如何检测及如何预防?](http://pic.xiahunao.cn/[html] 写html代码时,如果缺少了结束标签,你如何检测及如何预防?)
![[html] 如何禁止html页面缓存?](http://pic.xiahunao.cn/[html] 如何禁止html页面缓存?)
)
![[html] 网站如何自适应手机屏幕](http://pic.xiahunao.cn/[html] 网站如何自适应手机屏幕)
