DNS部署(四)之lvs+keepalived+bind架构高可用负载均衡DNS系统
1、网络拓扑http://s3.运维网.com/wyfs02/M01/74/EB/wKioL1Yu2YCAcj8xAAO5DxTDLEQ607.jpg
2、环境描述
系统描述IP地址作用LB-master192.168.1.105主备负载均衡器(同时做web和DNS调度)LB-backup192.168.1.106DNS-master192.168.1.107VIP:192.168.1.30(LVS DNS节点互为主辅同步)DNS-backup192.168.1.108Web节点组192.168.1.201-203VIP:192.168.1.40(LVS web节点) 3、配置LVS调度器keepalived的配置文件
keepalived配置双vrrp instance,分别为:WEB实例和DNS实例。
3.1 主LVS上keepalived的配置文件内容:
#cat /etc/keepalived/keepalived.conf
! ConfigurationFile for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lvs_105
}
vrrp_instance VI_WEB {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.40/24
}
}
#############LVSWEB################
virtual_server 192.168.1.40 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
#persistence_timeout 50
protocol TCP
real_server 192.168.1.201 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.202 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.203 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#############DNSInstance start###############
vrrp_instance VI_DNS {
state BACKUP
interface eth0
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.30/24
}
}
###########LVSDNS#######################
virtual_server 192.168.1.30 53 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol UDP
real_server 192.168.1.107 53 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 53
}
}
real_server 192.168.1.108 53 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 53
}
}
} 3.2 备LVS上keepalived的配置文件内容:
#cat /etc/keepalived/keepalived.conf ! ConfigurationFile for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lvs_106
}
vrrp_instance VI_WEB {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.40/24
}
}
#############LVSWEB################
virtual_server 192.168.1.40 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
#persistence_timeout 50
protocol TCP
real_server 192.168.1.201 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.202 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.203 80 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#############DNS Instancestart###############
vrrp_instance VI_DNS {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.30/24
}
}
###########LVSDNS#######################
virtual_server 192.168.1.30 53 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol UDP
real_server 192.168.1.107 53 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 53
}
}
real_server 192.168.1.108 53 {
weight 100
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 53
}
}
} 4、配置LVS节点服务器脚本(WEB节点与DNS节点都要配置)
4.1 DNS节点的配置内容(主备DNS都有配置):
# cat /etc/init.d/dns_rs.ctl #!/bin/bash
. /etc/init.d/functions
VIP=192.168.1.30
case "$1" in
start)
echo "start LVS of Realserver DR mode"
/sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up
route add -host ${VIP} dev lo
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down
route del -host ${VIP} dev lo
echo "stop LVS of Realserver DR mode"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac 4.1.1 对上面的脚本赋予权限
# chmod +x dns_rs.ctl
4.2 WEB节点的配置内容(web的所有节点都有配置)
# cat /etc/init.d/web_rs.ctl #!/bin/bash
. /etc/init.d/functions
VIP=192.168.1.40
case "$1" in
start)
echo "start LVS of Realserver DR mode"
/sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up
route add -host ${VIP} dev lo
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down
route del -host ${VIP} dev lo
echo "stop LVS of Realserver DR mode"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac 4.2.1 对上面的脚本赋予权限
# chmod +x web_rs.ctl
5、主DNS服务器的区域配置文件修改如下:
# cat /var/named/chroot/var/named/pp.org.zone $TTL 86400
@ IN SOAdns.pp.org. root.pp.org. (
203 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS dns.pp.org.
IN MX10 mail.pp.org.
dns.pp.org. IN A 192.168.1.107
www INA 192.168.1.40
5.1 修改之后重启DNS服务
# rndc reload
server reload successful
6、综合测试
测试之前要启动相关服务(keepalived、lvs节点脚本、节点Apache、节点DNS服务器等)
A:首先启动一台负载均衡调度器的keepalived服务
# /etc/init.d/keepalived start Starting keepalived:
# ip addr
1: lo:mtu16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:81:a8:b3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.105/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.40/24 scopeglobal secondary eth0
inet 192.168.1.30/24 scopeglobal secondary eth0
inet6 fe80::20c:29ff:fe81:a8b3/64 scope link
valid_lft forever preferred_lft forever
3: sit0:mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
查看调度规则:
# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP 192.168.1.30:53 rr
-> 192.168.1.108:53 Route 100 0 0
-> 192.168.1.107:53 Route 100 0 0
TCP 192.168.1.40:80 rr
-> 192.168.1.203:80 Route 100 0 0
-> 192.168.1.202:80 Route 100 0 0
-> 192.168.1.201:80 Route 100 0 0
B.停掉和启用一台DNS服务,观察调度器
# /etc/init.d/named stop
Stoppingnamed:
查看的日志内容:
Oct 26 23:38:10 localhostKeepalived_healthcheckers: TCP connection to failed !!!
Oct 26 23:38:10 localhost Keepalived_healthcheckers:Removing service from VS
观察lvs调度规则中少了192.168.1.108机器
# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP 192.168.1.30:53 rr
-> 192.168.1.107:53 Route 100 0 0
TCP 192.168.1.40:80 rr
-> 192.168.1.203:80 Route 100 0 0
-> 192.168.1.202:80 Route 100 0 0
-> 192.168.1.201:80 Route 100 0 0
再次启动回来,查看日志会发现又把对应的IP地址加入了进来!
C.启动第二台负载均衡调度器的keepalived服务
# /etc/init.d/keepalived start Starting keepalived:
此时DNS的VIP会分配到第二台负载均衡调度器上
# ip addr
1: lo:mtu16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:b5:be:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.106/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.30/24 scope global secondary eth0
inet6 fe80::20c:29ff:feb5:be19/64 scope link
valid_lft forever preferred_lft forever
3: sit0:mtu 1480 qdisc noop
link/sit 0.0.0.0brd 0.0.0.0
WEB的VIP仍然在第一台负载均衡调度器上!!
#ip addr
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:81:a8:b3 brdff:ff:ff:ff:ff:ff
inet 192.168.1.105/24 brd 192.168.1.255scope global eth0
inet 192.168.1.40/24 scope global secondaryeth0
inet6 fe80::20c:29ff:fe81:a8b3/64 scopelink
valid_lft forever preferred_lft forever
3: sit0: mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
观察调度规则:
#ipvsadm -L -n
IP VirtualServer version 1.2.1 (size=4096)
ProtLocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP192.168.1.30:53 rr
-> 192.168.1.108:53 Route100 0 35
-> 192.168.1.107:53 Route 100 0 36
TCP192.168.1.40:80 rr
-> 192.168.1.203:80 Route 100 0 0
-> 192.168.1.202:80 Route 100 0 0
-> 192.168.1.201:80 Route 100 0 0
#ipvsadm -L -n
IP VirtualServer version 1.2.1 (size=4096)
ProtLocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
UDP192.168.1.30:53 rr
-> 192.168.1.108:53 Route 100 0 0
-> 192.168.1.107:53 Route 100 0 0
TCP192.168.1.40:80 rr
-> 192.168.1.203:80 Route 100 0 35
-> 192.168.1.202:80 Route 100 0 36
-> 192.168.1.201:80 Route 100 0 35
综上:主备调度器的keepalived服务都在工作!
注:bind9功能强大,这里只是讨论了最简单的配置!
页:
[1]