实现高可用,利用keepalived实现lvs的高可用性

太阳集团太阳娱乐登录 1

lvs+keepalived是什么?

品类实战3—Keepalived 得以完结高可用,实战keepalived

太阳集团太阳娱乐登录 2

得以达成基于Keepalived高可用集群网址布局

  情形:随着事情的上扬,网址的访谈量更大,网址访谈量已经从原来的1000QPS,变为3000QPS,前段时间业务生机勃勃度因而集群LVS布局可做到随即开展,后端节点已经经过集群本事保障了可用性,但对以前端负载均衡器来讲,是个十分大的安全祸患,因为这几天端负载均衡器现身故障时,整个集群就高居瘫痪状态,因而,负载均衡器的可用性也显得至关心爱戴要,那么怎么来消除负载均衡器的可用性难题吧?

 总项目流程图,详见

试验前希图

① 两台服务器都使用yum 情势安装keepalived 服务

yum -y install keepalived

② iptables -F && setenforing 清空防火墙攻略,关闭selinux

 

单主模型IPVS示例

keepalived专门的职业规律

实验风流浪漫:达成keepalived主从事艺术工作术高可用基于LVS-DEnclave情势的利用实战:

试验原理:

主从:豆蔻梢头主少年老成从,主的在做事,从的在休养;主的宕机了,VIP漂移到从上,由从提供服务

配置keepalive

高可用的ipvs集群示例:修正keepalived配置文件

keepalived是集群众管理理中确定保障集群高可用的三个劳动软件,其成效形似于heartbeat,用来防护单点故障。
keepalived是以V奥德赛RP合同为贯彻功底的,V昂科拉RP全称Virtual Router Redundancy
Protocol,即虚构路由冗余和谐。
虚构路由冗余和煦,能够以为是达成路由器高可用的协商,将在N台提供平等效果的路由器组成二个路由器组,那个组里面有二个master和多个backup,master上边有三个对外提供劳务的vip(该路由器所在局域网内别的机器的暗许路由为该vip),master会发组播,当backup收不到vrrp包时就感觉master宕掉了,那个时候就需求依据V哈弗RP的先行级来推举一个backup当master。那样的话就能够保险途由器的高可用了。

1、境况思虑:

两台centos系统做D大切诺基、生龙活虎主少年老成从,两台达成过基于LNMP的电商网址

机器名称

lvs-server-master

lvs-server-backup

rs01

rs02

  

改革主机:192.168.234.27的keepalived配置文件

  1 [root@234c27 ~]# vim /etc/keepalived/keepalived.conf
  2 ! Configuration File for keepalived
  3 
  4 global_defs {
  5 notification_email {
  6 root@localhost  //接受邮件地址
  7 }
  8 notification_email_from keepalived@localhost  //发送邮件地址
  9 smtp_server 127.0.0.1  //发送邮件服务器IP
 10 smtp_connect_timeout 30  //邮件连接超时时长
 11 router_id kptwo  //路由id
 12 vrrp _mcast_group4 234.10.10.10  //指定vrrp协议的多播地址
 13 }
 14 
 15 vrrp_instance VI_1 {  //vrrp协议的
 16 state MASTER  //lvs的MASTER服务器
 17 interface ens37  //
 18 virtual_router_id 50  //虚拟路由
 19 priority 100  //权重为100.越大越先
 20 advert_int 1  //发送组博包的间隔
 21 authentication {  //验证
 22 auth_type PASS  //方式为pass( 明文)
 23 auth_pass 1111  //密码
 24 }
 25 virtual_ipaddress { //keepalived虚拟ip
 26 10.0.0.100/24
 27 }
 28 }
 29 virtual_server 10.0.0.100 80 {
 30     delay_loop 6  //检查后端服务器的时间间隔
 31     lb_algo wrr  //定义调度方法
 32     lb_kind DR  //集群的类型
 33     #persistence_timeout 50  //持久连接时长
 34     protocol TCP  //服务协议,仅支持TCP
 35     real_server 192.168.234.47 80 {  //后端real_server服务器地址
 36         weight 1 //权重
 37         HTTP_GET {  //应用层检测
 38             url {
 39               path /  //定义要监控的URL
 40               status_code 200  //判断上述检测机制为健康状态的响应码
 41             }
 42             connect_timeout 3  //连接请求的超时时长
 43             nb_get_retry 3  //重试次数
 44             delay_before_retry 3  //重试之前的延迟时长
 45         }
 46     }
 47     real_server 192.168.234.57 80 {
 48         weight 2
 49         HTTP_GET {
 50             url {
 51                 path /
 52                 status_code 200
 53             }
 54             connect_timeout 3
 55             nb_get_retry 3
 56             delay_before_retry 3
 57         }
 58     }
 59 }

 LVS简介

2、在lvs-server-master 主上

修改keepalived主(lvs-server-master卡塔尔配置文件贯彻 virtual_instance 实例

(1)vim /etc/keepalived/keepalived.conf 修正三段

① 全局段,故障通知邮件配置
global_defs {
   notification_email {
        [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived_lvs
}

② 配置虚拟路由器的实例段,VI_1是自定义的实例名称,可以有多个实例段
vrrp_instance VI_1 {     #VI_1是自定义的实例名称
    state MASTER        #初始状态,MASTER|BACKUP
    interface eth1      #通告选举所用端口
    virtual_router_id 51  #虚拟路由的ID号(一般不可大于255)
    priority 100       #优先级信息 #备节点必须更低
    advert_int 1       #VRRP通告间隔,秒
    authentication {
        auth_type PASS    #认证机制
        auth_pass along   #密码(尽量使用随机)
    } 
    virtual_ipaddress {
        172.17.100.100    #vip
    }
}

③ 设置一个virtual server段
virtual_server 172.17.100.100 80 {   #设置一个virtual server:
    delay_loop 6   # service polling的delay时间,即服务轮询的时间间隔
    lb_algo wrr    #LVS调度算法:rr|wrr|lc|wlc|lblc|sh|dh
    lb_kind DR    #LVS集群模式:NAT|DR|TUN
    nat_mask 255.255.255.255  
    persistence_timeout 600  #会话保持时间(持久连接,秒),即以用户在600秒内被分配到同一个后端realserver
    protocol TCP    #健康检查用的是TCP还是UDP

④ real server设置段
    real_server 172.17.1.7 80 { #后端真实节点主机的权重等设置
        weight 1  #给每台的权重,rr无效
        HTTP_GET {  #http服务
            url {
              path /
            }
            connect_timeout 3    #连接超时时间
            nb_get_retry 3      #重连次数
            delay_before_retry 3 #重连间隔
        }
    }
    real_server 172.17.22.22 80 {
        weight 2
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

 

(2)开启keepalived 服务

service keepalived start

能来看网卡小名 和 负载均衡攻略已经安装好了

ipvsadm -Ln

太阳集团太阳娱乐登录 3

 

(3)因为是主导方式,所以从上的安排和主独有一点出入;所以可以把这些布局文件拷过去

scp /etc/keepalived/keepalived.conf @172.17.11.11:

  

改善主机:192.168.234.37的keepalived配置文件

[root@234c37 ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id kptwo
   vrrp _mcast_group4 234.10.10.10
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens37
    virtual_router_id 50
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       10.0.0.100/24
    }
}
virtual_server 10.0.0.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1:80
    real_server 192.168.234.47 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 192.168.234.57 80 {
        weight 2
        HTTP_GET {
            url {
              path /
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

LVS是Linux Virtual
Server的简写,意即Linux设想服务器,是多少个假造的服务器集群系统。本项目在一九九七年四月由章文嵩博士创制,是神州我国最先现身的自由软件项目之大器晚成。近来有二种IP负载均衡技能(VS/NAT、VS/TUN和VS/DEnclave),十种调节算法。

3、在lvs-server-backup 从上

(1)只需改②实例段,别的都不要变,保障一模二样

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }

 

(2)开启keepalived 服务

service keepalived start

负载均衡计策已经安装好了,注意:主director没有宕机,从上就不会有VIP

ipvsadm -Ln 可能过一会才会显得

太阳集团太阳娱乐登录 4

 

查看keepalived

[root@234c37 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
…………
[root@234c37 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
//暂无ipvsadm

正文珍视给大家介绍Linux利用keepalived达成lvs的高可用性的操作方法,感兴趣的爱侣参谋下呢。

4、在real server 上

(1) 开启事情未发生前筹划好的web服务

systemctl start nginx

systemctl start mariadb

systemctl start php-fpm

 

(2)因为是DR模式,需在rs上设置

① 配置VIP到本地回环网卡lo上,并只播放本身

ifconfig lo:0 172.17.100.100 broadcast 172.17.100.100 netmask
255.255.255.255 up

配置本地回环网卡路由

route add -host 172.17.100.100 lo:0

 

② 使RS “闭嘴”

echo “1” > /proc/sys/net/ipv4/conf/lo/arp_ignore

echo “2” > /proc/sys/net/ipv4/conf/lo/arp_announce

忽略ARP广播

echo “1” > /proc/sys/net/ipv4/conf/all/arp_ignore

echo “2” > /proc/sys/net/ipv4/conf/all/arp_announce

注意:关闭arp应答

1:仅在乞请的对象IP配置在本地主机的抽出到央浼报文的接口上时,才给与响应

2:必需幸免将接口消息向非本互联网举行通报

 

③ 想永久生效,能够写到配置文件中

vim /etc/sysctl.conf

net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

  

运转服务

[root@234c27 keepalived]# systemctl start keepalived.service
[root@234c27 keepalived]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-08-31 20:30:02 CST; 12s ago
  Process: 9657 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 9658 (keepalived)
………………
[root@234c27 keepalived]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.0.100:80 wrr
  -> 192.168.234.47:80            Route   1      0          0
  -> 192.168.234.57:80            Route   2      0          0
//启动服务lvs vs已配置好

太阳集团太阳娱乐登录 5

5、测试

(1)lvs负载均衡功能是不是张开

客户端访谈

太阳集团太阳娱乐登录 6

也足以详细测验

① 在rs1 上安装三个测量检验一面

vim /data/web/test.html

real server 1

 

② 在rs2 上设置一个测验一面

vim /data/web/test.html

real server 2

 

③ 网页访谈 发现有real server 1也有real
server 2

太阳集团太阳娱乐登录 7

 

(2)测验keepalived的主导方式

① 使keepalive 的主宕机

service keepalived stop

 

会意识服务能照常访谈,不过VIP 漂移到了从上

从多了网卡外号,且地址是VIP

太阳集团太阳娱乐登录 8

 

③ 使keepalive
的主重新开启服务,因为主的开始时期级高,所以VIP又再度漂移到了主上

太阳集团太阳娱乐登录 9

 

后端real_server准备

单主模型IPVS示例

施行二:完结keepalived双主格局高可用基于LVS-DTucson情势的施用实战:

尝试原理:

互为主导:主从都在劳作;此中一个宕机了,VIP漂移到另叁个上,提供劳动

日增ip在网卡上 修正节制arp通知及应答等第 rs1 rs2都做,网关并指向路由

ip a a 10.0.0.100/32 dev ens37

echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

route add default gw 192.168.234.17

太阳集团太阳娱乐登录,安装httpd服务 写好网页文件

配置keepalive

1、实验情形,基本同上

机器名称

lvs-server-1

lvs-server2

rs01

rs02

 

运维服务

太阳集团太阳娱乐登录 10

高可用的ipvs集群示例:改过keepalived配置文件

2、在lvs-server1 上,基本同上,正是加了贰个实例段

校勘keepalived主(lvs-server-master卡塔尔国配置文件得以达成 virtual_instance 实例

(1)vim /etc/keepalived/keepalived.conf

① 主的设置 VI_1

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }
    virtual_ipaddress {
        172.17.100.100
    }
}

virtual_server 172.17.100.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    nat_mask 255.255.255.255
    persistence_timeout 600
    protocol TCP

    real_server 172.17.1.7 80 {
        weight 1
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 172.17.22.22 80 {
        weight 1
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

 

② 从的安装 VI_2

vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 52
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }
    virtual_ipaddress {
        172.17.100.101
    }
}

virtual_server 172.17.100.101 443 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    nat_mask 255.255.255.255
    persistence_timeout 600
    protocol TCP

    real_server 172.17.1.7 443 {
        weight 1
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 172.17.22.22 443 {
        weight 1
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

 

(2)开启keepalived 服务

service keepalived start

能看到网卡外号 和 负载均衡计谋已经设置好了

太阳集团太阳娱乐登录 11

ipvsadm -Ln

太阳集团太阳娱乐登录 12

 

(3)因为是主导情势,所以从上的结会谈主独有有些不一致;所以能够把那么些构造文件拷过去

scp /etc/keepalived/keepalived.conf @172.17.11.11:

 

多主模型IPVS示例

太阳集团太阳娱乐登录 13

修正主机:192.168.234.27的keepalived配置文件

3、在lvs-server2 上,基本同1,正是把实例的着力交换一下

(1)vim /etc/keepalived/keepalived.conf

① vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }
    virtual_ipaddress {
        172.17.100.100
    }
}
② vrrp_instance VI_2 {
    state MASTER
    interface eth1
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }
    virtual_ipaddress {
        172.17.100.101
    }
}

 

(2)开启keepalived 服务

service keepalived start

能看出网卡外号 和 负载均衡战术已经设置好了,显示结果会等段时间再展现

太阳集团太阳娱乐登录 14

ipvsadm -Ln,展现结果会等段时光再呈现

太阳集团太阳娱乐登录 15

 

配置keepalive

高可用的ipvs集群示例:改进keepalived配置文件

[root@234c27 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost //接受邮件地址
}
notification_email_from keepalived@localhost //发送邮件地址
smtp_server 127.0.0.1 //发送邮件服务器IP
smtp_connect_timeout 30 //邮件连接超时时长
router_id kptwo //路由id
vrrp _mcast_group4 234.10.10.10 //指定vrrp协议的多播地址
}
vrrp_instance VI_1 { //vrrp协议的
state MASTER //lvs的MASTER服务器
interface ens37 //
virtual_router_id 50 //虚拟路由
priority 100 //权重为100.越大越先
advert_int 1 //发送组博包的间隔
authentication { //验证
auth_type PASS //方式为pass( 明文)
auth_pass 1111 //密码
}
virtual_ipaddress { //keepalived虚拟ip
10.0.0.100/24
}
}
virtual_server 10.0.0.100 80 {
 delay_loop 6 //检查后端服务器的时间间隔
 lb_algo wrr //定义调度方法
 lb_kind DR //集群的类型
 #persistence_timeout 50 //持久连接时长
 protocol TCP //服务协议,仅支持TCP
 real_server 192.168.234.47 80 { //后端real_server服务器地址
  weight 1 //权重
  HTTP_GET { //应用层检测
   url {
    path / //定义要监控的URL
    status_code 200 //判断上述检测机制为健康状态的响应码
   }
   connect_timeout 3 //连接请求的超时时长
   nb_get_retry 3 //重试次数
   delay_before_retry 3 //重试之前的延迟时长
  }
 }
 real_server 192.168.234.57 80 {
  weight 2
  HTTP_GET {
   url {
    path /
    status_code 200
   }
   connect_timeout 3
   nb_get_retry 3
   delay_before_retry 3
  }
 }
}

4、在real server 上

(1) 开启事情发生前计划好的web服务

systemctl start nginx

systemctl start mariadb

systemctl start php-fpm

 

(2)因为是DR模式,需在rs上设置

① 配置VIP到本地回环网卡lo上,并只播放自个儿

ifconfig lo:0 172.17.100.100 broadcast 172.17.100.100 netmask
255.255.255.255 up

ifconfig lo:1 172.17.100.101 broadcast 172.17.100.101 netmask
255.255.255.255 up

计划本地回环网卡路由

route add -host 172.17.100.100 lo:0

route add -host 172.17.100.101 lo:1

 

② 使RS “闭嘴”

echo “1” > /proc/sys/net/ipv4/conf/lo/arp_ignore

echo “2” > /proc/sys/net/ipv4/conf/lo/arp_announce

忽略ARP广播

echo “1” > /proc/sys/net/ipv4/conf/all/arp_ignore

echo “2” > /proc/sys/net/ipv4/conf/all/arp_announce

注意:关闭arp应答

1:仅在哀告的对象IP配置在本土主机的接收到央浼报文的接口上时,才给与响应

2:必得防止将接口音信向非本互连网进行通报

 

③ 想永久生效,可以写到配置文件中

vim /etc/sysctl.conf

net.ipv4.conf.lo.arp_ignore = 1

net.ipv4.conf.lo.arp_announce = 2

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

 

改革主机:192.168.234.27的keepalived配置文件

[root@234c27 keepalived]# vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id kpone
   vrrp _mcast_group4 234.10.10.10
}

vrrp_instance VI_1 {
    state MASTER
    interface ens37
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       10.0.0.100/24
    }
}
vrrp_instance VI_2 {
    state BACKUP
    interface ens37
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2222
    }
    virtual_ipaddress {
        10.0.0.200/24
    }
}
virtual_server 10.0.0.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    #sorry_server 127.0.0.1:80
    real_server 192.168.234.47 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
virtual_server 10.0.0.200 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    #sorry_server 127.0.0.1:80
    real_server 192.168.234.57 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

修正主机:192.168.234.37的keepalived配置文件

5、测试

(1)lvs负载均衡功效是或不是开启

客商端访问 公网172.17.100.100不能不访谈80

太阳集团太阳娱乐登录 16

公网172.17.100.101只好访谈443

太阳集团太阳娱乐登录 17

也能够详细测量检验

① 在rs1 上安装二个测量试验一面

vim /data/web/test.html

real server 1

 

② 在rs2 上设置三个测验一面

vim /data/web/test.html

real server 2

 


网页访谈
发现有real server 1也有real server 2

太阳集团太阳娱乐登录 18

 

(2)测量试验keepalived的双主方式

① 使keepalive 的随便三个宕机

service keepalived stop

 

会发掘服务能照常采访,另七个机器80、443都能访谈,且宕机的VIP漂移到了另叁个服务器上

太阳集团太阳娱乐登录 19

  

修改主机:192.168.234.37的keepalived配置文件

[root@234c37 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id kptwo
   vrrp _mcast_group4 234.10.10.10
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens37
    virtual_router_id 50
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       10.0.0.100/24
    }
}
vrrp_instance VI_2 {
    state MASTER
    interface ens37
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 2222
    }
    virtual_ipaddress {
        10.0.0.200/24
    }
}
virtual_server 10.0.0.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    #sorry_server 127.0.0.1:80
    real_server 192.168.234.47 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
virtual_server 10.0.0.200 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP
    #sorry_server 127.0.0.1:80
    real_server 192.168.234.57 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

让10.0.0.100的ip优分至192.168.234.47 192.168.234.57备用

让10.0.0.200的ip优分至192.168.234.57 192.168.234.47备用

[root@234c37 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
 notification_email {
  root@localhost
 }
 notification_email_from keepalived@localhost
 smtp_server 127.0.0.1
 smtp_connect_timeout 30
 router_id kptwo
 vrrp _mcast_group4 234.10.10.10
}
vrrp_instance VI_1 {
 state BACKUP
 interface ens37
 virtual_router_id 50
 priority 80
 advert_int 1
 authentication {
  auth_type PASS
  auth_pass 1111
 }
 virtual_ipaddress {
  10.0.0.100/24
 }
}
virtual_server 10.0.0.100 80 {
 delay_loop 6
 lb_algo wrr
 lb_kind DR
 #persistence_timeout 50
 protocol TCP
 sorry_server 127.0.0.1:80
 real_server 192.168.234.47 80 {
  weight 1
  HTTP_GET {
   url {
    path /
    status_code 200
   }
   connect_timeout 3
   nb_get_retry 3
   delay_before_retry 3
  }
 }
 real_server 192.168.234.57 80 {
  weight 2
  HTTP_GET {
   url {
    path /
    status_code 200
   }
   connect_timeout 3
   nb_get_retry 3
   delay_before_retry 3
  }
 }
}

推行三:完成keepalived主从点子高可用基于LVS-NAT方式的使用实战:

尝试原理:

主从:意气风发主黄金时代从,主的在办事,从的在安土重迁;主的宕机了,VIP和DIP都漂移到从上,由从提供劳动,因为DIP需被rs作为网关,所以也需上浮

后端real_server准备

修改192.168.234.57的vip为10.0.0.200/32

  1 [root@234c27 keepalived]# ipvsadm -Ln
  2 IP Virtual Server version 1.2.1 (size=4096)
  3 Prot LocalAddress:Port Scheduler Flags
  4   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  5 TCP  10.0.0.100:80 wrr
  6   -> 192.168.234.47:80            Route   1      0          0
  7 TCP  10.0.0.200:80 wrr
  8   -> 192.168.234.57:80            Route   1      0          0

太阳集团太阳娱乐登录 20

于今宕掉三个lvs

  1 [root@234c27 keepalived]# systemctl stop keepalived.service
  2 [root@234c27 keepalived]# ipvsadm -Ln
  3 IP Virtual Server version 1.2.1 (size=4096)
  4 Prot LocalAddress:Port Scheduler Flags
  5   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  6 

太阳集团太阳娱乐登录 21

照例提供劳务

  1 [root@234c37 ~]# ipvsadm -Ln
  2 IP Virtual Server version 1.2.1 (size=4096)
  3 Prot LocalAddress:Port Scheduler Flags
  4   -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  5 TCP  10.0.0.100:80 wrr
  6   -> 192.168.234.47:80            Route   1      0          21
  7 TCP  10.0.0.200:80 wrr
  8   -> 192.168.234.57:80            Route   1      0          39

后三个贯彻基于前四个的功底上修纠正改来的

查看keepalived

1、遭受计划

机器名称

vs-server-master

lvs-server-backup

rs01

rs02

注意:要保管rs和DIP在三个网段,且不和VIP在二个网段

 

要是要落到实处sorry_server

1.把rs服务都停掉。然后在lvs上设置apache或然nginx服务

2.将keepalived配置文件中的

  1 virtual_server 10.0.0.200 80 {
  2     delay_loop 6
  3     lb_algo wrr
  4     lb_kind DR
  5     #persistence_timeout 50
  6     protocol TCP
  7     #sorry_server 127.0.0.1:80  //这一行来修改 写出服务出错之后的页面
  8     real_server 192.168.234.57 80 {
  9         weight 1
 10         HTTP_GET {
 11             url {
 12               path /
 13               status_code 200
 14             }
 15             connect_timeout 3
 16             nb_get_retry 3
 17             delay_before_retry 3
 18         }
 19     }
 20 }
[root@234c37 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
 Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
 Active: inactive (dead)
…………
[root@234c37 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
 -> RemoteAddress:Port   Forward Weight ActiveConn InActConn
//暂无ipvsadm

2、在lvs-server-master 主上

(1)vim keepalived.conf

global_defs {
   notification_email {
        [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived_lvs
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }
    virtual_ipaddress {
       172.17.100.100
192.168.30.100
    }
}

virtual_server 172.17.100.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind NAT
    nat_mask 255.255.255.255
    persistence_timeout 100
    protocol TCP

    real_server 192.168.30.107 80 {
        weight 1
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.30.7 80 {
        weight 2
        HTTP_GET {
            url {
              path /
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

 

(2)因为是NAT形式,所以需开启路由转载成效

vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

 

sysctl -p 读一些,使参数生效

 

(3)开启keepalived 服务

service keepalived start

能来看网卡小名 和 负载均衡战术已经安装好了

太阳集团太阳娱乐登录 22

ipvsadm -Ln

太阳集团太阳娱乐登录 23

 

(4)因为是主导情势,所以从上的布署和主唯有好几差距;所以可以把那几个构造文件拷过去

scp /etc/keepalived/keepalived.conf @172.17.11.11:

 

3、在lvs-server-backup 从上

(1)只需改②实例段,别的都不要变,保障一模二样

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass along
    }

 

 

(2)因为是NAT方式,所以需开启路由转载功效

① vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

② sysctl -p 读一些,使参数生效

 

(3)开启keepalived 服务

service keepalived start

负载均衡战略已经安装好了,注意:主director未有宕机,从上就不会有VIP

ipvsadm -Ln 也许过一会才会来得

太阳集团太阳娱乐登录 24

 

运营服务

4、在real server 上

(1) 开启事情发生前盘算好的web服务

systemctl start nginx

systemctl start mariadb

systemctl start php-fpm

 

(2)因为是NAT模式,需在rs上设置

只需把网关指向DIP

route add default gw 192.168.30.100

 

太阳集团太阳娱乐登录 25

5、测试

(1)lvs负载均衡效率是或不是张开

顾客端访谈

太阳集团太阳娱乐登录 26

也足以详细测量试验

① 在rs1 上安装二个测量检验一面

vim /data/web/test.html

real server 1

 

② 在rs2 上设置叁个测验一面

vim /data/web/test.html

real server 2

 

③ 网页访谈 发现有real server 1也有real
server 2

太阳集团太阳娱乐登录 27

 

 

(2)测量试验keepalived的基本格局

① 使keepalive 的主宕机

service keepalived stop

 

会发现服务能照常访谈,然而VIP 和DIP 都浮动到了从上

从多了网卡外号,且地址是VIP

太阳集团太阳娱乐登录 28

 

③ 使keepalive
的主重新开启服务,因为主的开始时期级高,所以VIP和DIP又再一次漂移到了主上

太阳集团太阳娱乐登录 29

 

[root@234c27 keepalived]# systemctl start keepalived.service
[root@234c27 keepalived]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
 Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
 Active: active (running) since Fri 2018-08-31 20:30:02 CST; 12s ago
 Process: 9657 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 9658 (keepalived)
………………
[root@234c27 keepalived]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
 -> RemoteAddress:Port   Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 wrr
 -> 192.168.234.47:80   Route 1  0   0
 -> 192.168.234.57:80   Route 2  0   0
//启动服务lvs vs已配置好

实验四:达成keeaplived 故障通报机制

后端real_server准备

1、编写好剧本

剧本首要内容:检查实验到基本发生变化,或错误,给何人发邮件;邮件内容是:在什么日子,什么人发生了什么变动

vim /etc/keepalived/notify.sh

#!/bin/bash
# Author: www.magedu.com
contact='[email protected]'
notify() {
        mailsubject="$(hostname) to be $1: vip floating"
        mailbody="$(date +'%F %H:%M:%S'): vrrp transition, $(hostname) changed to be $1"
        echo $mailbody | mail -s "$mailsubject" $contact
}
case $1 in
master) 
        notify master
        exit 0
;;
backup)
        notify backup
        exit 0
;;
fault)
        notify fault
        exit 0
;;
*)
        echo "Usage: $(basename $0) {master|backup|fault}"
        exit 1
;;
esac

剧本加权限 chmod +x /etc/keepalived/notify.sh

 

追加ip在网卡上 订正节制arp文告及应答品级rs1 rs2都做,网关并指向路由

2、在keepalived 的布局文件调用脚本

在instance 实例段增添,注意脚本的门路

notify_backup "/etc/keepalived/notify.sh backup"
notify_master "/etc/keepalived/notify.sh master"
notify_fault "/etc/keepalived/notify.sh fault"

例:

太阳集团太阳娱乐登录 30

  

ip a a 10.0.0.100/32 dev ens37
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
route add default gw 192.168.234.17

试验五:完结keepaplived自定义脚本检查测量检验效用

原理:在keepalived的配备文件中能直接定义脚本,且能在instance
实例段直接调用生效

 

设置httpd服务 写好网页文件

方案蓬蓬勃勃:检查评定是或不是留存down文件,来促成基本的调动

1、在实例段下面定义三个本子

vim keepalived.conf

vrrp_script chk_down {    #定义一个脚本,脚本名称为chk_down
   script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"   #检查这个down文件,若存在返回值为1,keepalived会停止;不存在返回值为0,服务正常运行;这里的exit和bash脚本里的return很相似
 interval 2   #每2秒检查一次
}

2、在instance 实例段能够一贯调用那么些剧本

track_script {
    chk_down
}

 

3、检测

在主上,创制一个/etc/keepalived/down
文件,主的keepalived服务及时终止,VIP漂到从上,从接上服务;

down文件风度翩翩旦删除,主的keepalived服务会立刻运行,若优先级高或事情发生前级低但设置的侵夺,VIP会重漂回来,接上服务。

 

启航服务

方案二:检测nginx服务是或不是张开,来落到实处调解为主

1、在实例段上面定义八个本子

vrrp_script chk_nginx {
     script "killall -0 nginx" #killall -0 检测这个进程是否还活着,不存在就减权重
     interval 2 #每2秒检查一次
     fall 2 #失败2次就打上ko的标记
     rise 2 #成功2次就打上ok的标记
     weight -4 #权重,优先级-4,若为ko
}

 

2、在instance 实例段能够直接调用那一个剧本

track_script {
    chk_nginx
}

 

3、检测

若主的nginx服务未有开启,则每2秒-4的权重,当优先级小于从,VIP漂到从上,从接上服务;

若主的nginx服务开启,重读配置文件,优先级回复,VIP回到主上,主苏醒服务;

  

完结高可用,实战keepalived
实现基于Keepalived高可用集群网址构造情况:随着业务的发展,网址的访问量越来越大,网址…

image

多主模型IPVS示例

太阳集团太阳娱乐登录 31

配置keepalive

高可用的ipvs集群示例:修正keepalived配置文件

匡正主机:192.168.234.27的keepalived配置文件

[root@234c27 keepalived]# vim /etc/keepalived/keepalived.conf
global_defs {
  notification_email {
   root@localhost
  }
  notification_email_from keepalived@localhost
  smtp_server 127.0.0.1
  smtp_connect_timeout 30
  router_id kpone
  vrrp _mcast_group4 234.10.10.10
}
vrrp_instance VI_1 {
  state MASTER
  interface ens37
  virtual_router_id 50
  priority 100
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  virtual_ipaddress {
    10.0.0.100/24
  }
}
vrrp_instance VI_2 {
  state BACKUP
  interface ens37
  virtual_router_id 51
  priority 80
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 2222
  }
  virtual_ipaddress {
    10.0.0.200/24
  }
}
virtual_server 10.0.0.100 80 {
  delay_loop 6
  lb_algo wrr
  lb_kind DR
  #persistence_timeout 50
  protocol TCP
  #sorry_server 127.0.0.1:80
  real_server 192.168.234.47 80 {
    weight 1
    HTTP_GET {
      url {
       path /
       status_code 200
      }
      connect_timeout 3
      nb_get_retry 3
      delay_before_retry 3
    }
  }
}
virtual_server 10.0.0.200 80 {
  delay_loop 6
  lb_algo wrr
  lb_kind DR
  #persistence_timeout 50
  protocol TCP
  #sorry_server 127.0.0.1:80
  real_server 192.168.234.57 80 {
    weight 1
    HTTP_GET {
      url {
       path /
       status_code 200
      }
      connect_timeout 3
      nb_get_retry 3
      delay_before_retry 3
    }
  }
}

修改主机:192.168.234.37的keepalived配置文件

[root@234c37 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
  notification_email {
   root@localhost
  }
  notification_email_from keepalived@localhost
  smtp_server 127.0.0.1
  smtp_connect_timeout 30
  router_id kptwo
  vrrp _mcast_group4 234.10.10.10
}
vrrp_instance VI_1 {
  state BACKUP
  interface ens37
  virtual_router_id 50
  priority 80
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  virtual_ipaddress {
    10.0.0.100/24
  }
}
vrrp_instance VI_2 {
  state MASTER
  interface ens37
  virtual_router_id 51
  priority 100
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 2222
  }
  virtual_ipaddress {
    10.0.0.200/24
  }
}
virtual_server 10.0.0.100 80 {
  delay_loop 6
  lb_algo wrr
  lb_kind DR
  #persistence_timeout 50
  protocol TCP
  #sorry_server 127.0.0.1:80
  real_server 192.168.234.47 80 {
    weight 1
    HTTP_GET {
      url {
       path /
       status_code 200
      }
      connect_timeout 3
      nb_get_retry 3
      delay_before_retry 3
    }
  }
}
virtual_server 10.0.0.200 80 {
  delay_loop 6
  lb_algo wrr
  lb_kind DR
  #persistence_timeout 50
  protocol TCP
  #sorry_server 127.0.0.1:80
  real_server 192.168.234.57 80 {
    weight 1
    HTTP_GET {
      url {
       path /
       status_code 200
      }
      connect_timeout 3
      nb_get_retry 3
      delay_before_retry 3
    }
  }
}

让10.0.0.100的ip优分至192.168.234.47 192.168.234.57备用

让10.0.0.200的ip优分至192.168.234.57 192.168.234.47备用

后端real_server准备

修改192.168.234.57的vip为10.0.0.200/32

  [root@234c27 keepalived]# ipvsadm -Ln
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
   -> RemoteAddress:Port      Forward Weight ActiveConn InActConn
  TCP 10.0.0.100:80 wrr
   -> 192.168.234.47:80      Route  1   0     0
  TCP 10.0.0.200:80 wrr
  -> 192.168.234.57:80      Route  1   0     0

这两天宕掉多个lvs

太阳集团太阳娱乐登录 32

  [root@234c27 keepalived]# systemctl stop keepalived.service
  [root@234c27 keepalived]# ipvsadm -Ln
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port      Forward Weight ActiveConn InActConn

长期以来提供劳动

太阳集团太阳娱乐登录 33

 [root@234c37 ~]# ipvsadm -Ln
 IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port      Forward Weight ActiveConn InActConn
  TCP 10.0.0.100:80 wrr
   -> 192.168.234.47:80      Route  1   0     21
  TCP 10.0.0.200:80 wrr
   -> 192.168.234.57:80      Route  1   0     39

后四个完毕基于前二个的基本功上更改来的

若果要得以完毕sorry_server

1.把rs服务都停掉。然后在lvs上设置apache或然nginx服务

2.将keepalived配置文件中的

virtual_server 10.0.0.200 80 {
  delay_loop 6
  lb_algo wrr
  lb_kind DR
  #persistence_timeout 50
  protocol TCP
  #sorry_server 127.0.0.1:80 //这一行来修改 写出服务出错之后的页面
  real_server 192.168.234.57 80 {
    weight 1
    HTTP_GET {
      url {
       path /
       status_code 200
      }
      connect_timeout 3
      nb_get_retry 3
      delay_before_retry 3
    }
  }
}

你也许感兴趣的稿子:

  • LVS+Keepalived营造高可用负载均衡(测量试验篇卡塔尔(英语:State of Qatar)
  • LVS+Keepalived营造高可用负载均衡配置情势(配置篇卡塔尔(قطر‎
  • Linux下的高可用性方案研商