LVS_DR模式结合keepalived
背景:lvs_dr模式dr无法主动识别rs上的web服务器是否停止工作,为解决这一问题,用到keepalived,集成高可用集群和负载均衡为一体(keepalived-->HA+LB)
keepalived原理:
实现集群高可用,防止单点故障;以VRRP虚拟路由冗余协议为实现基础(路由器的一种高可用协议,将N台提供相同功能的路由器组成一个路由器组,即一个master和多个backup;master上有一个对外提供服务的vip,组内其他路由器默认路由也是该vip;master会发组播,当backup收不到组播时,则认为master宕掉;此时根据VRRP优先级选举一个backup充当master,保证路由器高可用)
keepalived主要模块:
core模块: 进程启动、维护和配置文件加载解析
check模块: 健康检查
VRRP模块: 用于实现VRRP协议
环境:
DIR:eth0 172.16.115.100 eth0:0172.16.115.200(VIP)(keepalived主)
RS1:eth0 172.16.115.157 lo:0172.16.115.200(VIP)(nginx)
RS2:eth0 172.16.115.202 lo:0172.16.115.200(VIP)(nginx、keepalived备)
https://s2.运维网.com/wyfs02/M02/8E/02/wKioL1izoVOjaCPpAABYQoMm_CY189.png
DIR/RS2主机(keepalived主、备)
1. DIR/RS2上分别安装keepalived和ipvsadm
命令 yum install -y keepalived ipvsadm
2. DIR/RS2上分别置空并重新编辑keepalived配置文件vim /etc/keepalived/keepalived.conf
内容:
vrrp_instance VI_1 {
state MASTER # 状态:DIR上用MASTER,RS2备用服务器上用BACKUP
interface eth0
virtual_router_id 51
priority 100 # 优先级别:DIR上用100,RS2用90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.115.200
}
}
virtual_server 172.16.115.200 80 {
delay_loop 6 # 每隔6秒查询real server的状态
lb_algo rr # lvs算法
lb_kind DR # Driect Route
persistence_timeout 0 # 同一ip的连接60秒内被分配到同一台real server
protocol TCP # 用tcp协议查询real server状态
real_server 172.16.115.157 80 {
weight 100 # 权重为100
TCP_CHECK {
connect_timeout 10 # 10秒无反应超时
nb_get_retry 3
delay_before_retry 3
connet_port 80
}
}
real_server 172.16.115.202 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connet_port 80
}
}
}
RS1/RS2(Web服务器)
1. RS1和RS2编写脚本vim /usr/local/sbin/lvs_rs.sh
内容:
#! /bin/bash
#指定vip是在回环地址地址上;子网掩码全设255,表明只发不回
vip=172.16.115.200
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
#添加路由
route add -host $vip lo:0
#调整内核参数
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
解释:arp_ignore,接受来自其他主机arp请求的响应级别
当主机有两块网卡1.1.1.1和2.2.2.2,客户机通过1.1.1.1访问2.2.2.2时:
1)arp_ignore=0,客户机可以收到响应,源IP为2.2.2.2,但是MAC是1.1.1.1的
2)arp_ignore=1,主机拒绝,客户机无法收到响应
本实验中:dir的两块网卡,共用在eth0上;rs的两块网卡分别为eth0和lo,参数被拒绝;所以只有dir能收到vip的请求
arp_announce,arp通告级别
每台主机加入网络之后,就会向网络中通告自己的IP和mac对应信息,方便其他主机和自己通信:
1)arp_announce=0,告知网络中本机所有接口的任何地址信息
2)arp_announce=2,只向目标网络通告与其网络相匹配的地址信息
本实验中:rs的vip只处理来自DR转发响应,所以设置为2
2. RS1和RS2分别启动脚本/usr/local/sbin/lvs_rs.sh,并启动niginx
说明:执行成功之后,会在回环地址网卡上生产一个虚拟ip 172.16.115.200
命令 sh/usr/local/sbin/lvs_rs.sh
命令 /etc/init.d/nginx start
https://s5.运维网.com/wyfs02/M02/8E/01/wKioL1izjwzhMVhwAABr8BAxmuw424.png
3. dir和rs2上启动keepalived服务;dir上查看ipvsadm规则;ip addr查看ip(ifconfig看不到)
说明:dir和rs2(主备)都产生转发规则,主启动了虚拟ip:172.16.115.200,备没有启动(当主停掉时,备才启动)
dir上:/etc/init.d/keepalived start
rs2上:/etc/init.d/keepalived start
注:echo 1 > /proc/sys/net/ipv4/ip_forward(如无法转发,则在keepalived主、备上开启)
keepalived 主
https://s2.运维网.com/wyfs02/M00/8E/03/wKiom1izjyXiXpioAAAix5q4F_A597.png
https://s2.运维网.com/wyfs02/M00/8E/03/wKiom1izjyaQMlKqAABDP3M9fWU786.png
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif
keepalived 备
https://s4.运维网.com/wyfs02/M01/8E/03/wKiom1izj1Gg7JslAAAjSEAUOE4856.png
https://s4.运维网.com/wyfs02/M01/8E/01/wKioL1izj1GQnBIDAABDkSMBbgY024.png
测试:
1. 停止rs1的nginx服务,客户机访问虚拟IP
命令 /etc/init.d/nginx stop
命令 curl 172.16.115.200
结果:成功跳过不能访问的rs1,rs1的转发规则也被清掉(重启nginx,又会加回来)
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif https://s5.运维网.com/wyfs02/M02/8E/03/wKiom1izj4DS0dUCAAAr3Ew2VL0171.png
https://s5.运维网.com/wyfs02/M00/8E/01/wKioL1izj5azRUBEAAAd2XEaJaA962.png
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif
2. 停掉dir上的主keepalived,查看主备状态
说明:备用keepalived接管,重新启动主keepalived时,主重启接管
命令 /etc/init.d/keepalived stop
keepalived 主http://blog.运维网.com/e/u261/themes/default/images/spacer.gif
https://s5.运维网.com/wyfs02/M02/8E/03/wKiom1izj7LyT2CXAAAfW1nxfVc407.png
https://s5.运维网.com/wyfs02/M02/8E/01/wKioL1izj7Kg52gLAAA9Pjh49Ws494.png
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif
keepalived 备
https://s5.运维网.com/wyfs02/M02/8E/03/wKiom1izj9uiCj6KAAAjQ5tPwr4988.png
https://s2.运维网.com/wyfs02/M02/8E/01/wKioL1izj9vy3PiWAABJisiAsVM111.png
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif
dir上的主keepalived停止状态下,再次停用rs1的Nginx时,客户端也成功跳过不能访问的rs1;重启rs1的Nginx,恢复正常
http://blog.运维网.com/e/u261/themes/default/images/spacer.gif https://s4.运维网.com/wyfs02/M02/8E/04/wKiom1izkzCQ_aw0AAAcgFLDi7U844.png
页:
[1]