LVS+Keepalived+DNS高可用群集

周宇航

LVS+Keepalived+DNS高可用群集

理论基础：Keepalived的设计目标是构建高可用的LVS负载均衡群集，可以调用ipvsadm工具来创建虚拟服务器，管理服务器池，而不仅仅用作双机热备。使用Keepalived构建LVS群集更加简单易用，主要优势体现在：对LVS负载调度器实现热备切换，提高可用性：对服务器池中的节点进行健康检查，自动移除失效节点，恢复后再重新加入。

实现环境：

五台虚拟机：

主调度服务器：  eth0  172.16.16.173 255.255.255.0    vm1

                         Eth1  192.168.10.1    作为心跳线网络  vm3

从调度服务器 ： eth0 172.16.16.174 255.255.255.0     vm1

                        Eth1  192.168.10.2      作为心跳线网络  vm3

web节点 01     eth0： 172.16.16.177  255.255.255.0   vm1

web节点02     eth0 ： 172.16.16.178  255.25.255.0   vm1

windows  7 客户端 eth 0 ： 172.16.16.100  255.255.255.0   vm1

主调度服务器：

安装keepalived必须安装一下内核开发包

配置安装ipvsadm工具

[iyunv@localhost]#yum –y  install  ipvsadm

[iyunv@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel

拷贝keepalived软件安装

[iyunv@localhost]#cp keepalived-1.2.13.tar.gz   /usr/src

[iyunv@localhost]#cd /usr/src

[iyunv@localhost src ]#tar zxvf keepalived-1.2.13.tar .gz

[iyunv@localhost src]# cd keepalived-1.2.13

[iyunv@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/

[iyunv@localhost keepalived-1.2.13]# make && make install

[iyunv@localhost keepalived-1.2.13]# ls -l /etc/init.d/keepalived

-rwxr-xr-x. 1 root root 1308 7月  13 19:02 /etc/init.d/keepalived

[iyunv@localhost keepalived-1.2.13]# chkconfig --add keepalived

[iyunv@localhost keepalived-1.2.13]# chkconfig keepalived on

调整/proc响应参数

[iyunv@localhost]#vim /etc/sysctl.conf

net.ipv4.conf.all.send_redirects = 0     (添加四行到最下面)

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.eth0.send_redirects = 0

net.ipv4.conf.eth1.send_redirects = 0

[iyunv@localhost]#sysctl   -p

[iyunv@localhost]#service ipvsadm stop      清楚原有策略

[iyunv@localhost]#ipvsadm  -A  -t 172.16.16.172:80 –s  rr   

[iyunv@localhost]#ipvsadm  –a   –t  172.16.16.172:80  –r  172.16.16.177  -g  -w   1

[iyunv@localhost]# ipvsadm   -a  -t  172.16.16.172:80   -r  172.16.16.178  -g  -w   1

[iyunv@localhost]#service  ipvsadm save   保存策略

[iyunv@localhost]#chkconfig   ipvsadm   on

从调度服务器：

安装keepalived必须安装一下内核开发包

配置安装ipvsadm工具

[iyunv@localhost]#yum –y  install  ipvsadm

[iyunv@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel

拷贝keepalived软件安装

[iyunv@localhost]#cp keepalived-1.2.13.tar.gz   /usr/src

[iyunv@localhost]#cd /usr/src

[iyunv@localhost src ]#tar zxvf keepalived-1.2.13.tar .gz

[iyunv@localhost src]# cd keepalived-1.2.13

[iyunv@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/

[iyunv@localhost keepalived-1.2.13]# make && make install

[iyunv@localhost keepalived-1.2.13]# ls -l /etc/init.d/keepalived

-rwxr-xr-x. 1 root root 1308 7月  13 19:02 /etc/init.d/keepalived

[iyunv@localhost keepalived-1.2.13]# chkconfig --add keepalived

[iyunv@localhost keepalived-1.2.13]# chkconfig keepalived on

调整/proc响应参数

[iyunv@localhost]#vim /etc/sysctl.conf

net.ipv4.conf.all.send_redirects = 0     (添加四行到最下面)

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.eth0.send_redirects = 0

net.ipv4.conf.eth1.send_redirects = 0

[iyunv@localhost]#sysctl   -p

[iyunv@localhost]#service ipvsadm stop      清楚原有策略

[iyunv@localhost]#ipvsadm  -A  -t 172.16.16.172:80 –s  rr   

[iyunv@localhost]#ipvsadm  –a   –t  172.16.16.172:80  –r  172.16.16.177  -g  -w   1

[iyunv@localhost]# ipvsadm   -a  -t  172.16.16.172:80   -r  172.16.16.178  -g  -w   1

[iyunv@localhost]#service  ipvsadm save   保存策略

[iyunv@localhost]#chkconfig   ipvsadm   on

配置节点服务器

Web节点 01 配置

在web节点01 上面写一个测试网页

[iyunv@localhost ~]# cd /etc/sysconfig/network-scripts/

[iyunv@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0

[iyunv@localhost network-scripts]# vim ifcfg-lo:0

DEVICE=lo:0

IPADDR=172.16.16.172

NETMASK=255.255.255.255

# If you're having problems with gated making 127.0.0.0/8 a martian,

# you can change this to something else (255.255.255.255, for example)

ONBOOT=yes

~           

[iyunv@localhost network-scripts]# ifup lo:0

[iyunv@localhost network-scripts]# ifconfig lo:0

lo:0      Link encap:Local Loopback  

          inet addr:172.16.16.172  Mask:255.255.255.255

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

[iyunv@localhost network-scripts]# vim /etc/rc.local   添加VIP本地访问路由

/sbin/route add -host 172.16.16.172 dev lo:0   添加一行

file:///C:\Users\ADMINI~1.PC-\AppData\Local\Temp\ksohtml\wps4D76.tmp.jpg

[iyunv@localhost network-scripts]# route add -host 172.16.16.172 dev lo:0

2）调整/proc参数，禁用ARP响应。

[iyunv@localhost ~]# vi /etc/sysctl.conf

……    添加六行

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

net.ipv4.conf.default.arp_ignore = 1

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.lo.arp_ignore = 1

net.ipv4.conf.lo.arp_announce = 2

[iyunv@localhost ~]# sysctl -p

Web节点02配置

Web节点02 也写一个测试网页

[iyunv@localhost ~]# cd /etc/sysconfig/network-scripts/

[iyunv@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0

[iyunv@localhost network-scripts]# vim ifcfg-lo:0

DEVICE=lo:0

IPADDR=172.16.16.172

NETMASK=255.255.255.255

# If you're having problems with gated making 127.0.0.0/8 a martian,

# you can change this to something else (255.255.255.255, for example)

ONBOOT=yes

~           

[iyunv@localhost network-scripts]# ifup lo:0

[iyunv@localhost network-scripts]# ifconfig lo:0

lo:0      Link encap:Local Loopback  

          inet addr:172.16.16.172  Mask:255.255.255.255

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

[iyunv@localhost network-scripts]# vim /etc/rc.local   添加VIP本地访问路由

/sbin/route add -host 172.16.16.172 dev lo:0   添加一行

[iyunv@localhost network-scripts]# route add -host 172.16.16.172 dev lo:0

2）调整/proc参数，禁用ARP响应。

[iyunv@localhost ~]# vi /etc/sysctl.conf

……    添加六行

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

net.ipv4.conf.default.arp_ignore = 1

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.lo.arp_ignore = 1

net.ipv4.conf.lo.arp_announce = 2

[iyunv@localhost ~]# sysctl -p

配置主调度服务器

LVS+Keepalived

[iyunv@localhost ~]# cd /etc/keepalived/

[iyunv@localhost keepalived]# cp keepalived.conf keepalived.conf.bak  复制一份配置文件

[iyunv@localhost keepalived]# vim keepalived.conf

主调度服务器的keepalived配置文件

global_defs {

   router_id LVS_HA_R1

}

vrrp_instance VI_1 {

    state MASTER 主

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

        172.16.16.172

    }

}

virtual_server 172.16.16.172  80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

  ! persistence 60

    protocol TCP

    real_server 172.16.16.177  80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 4

        }

    }

    real_server 172.16.16.178  80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 4

        }

    }

}

重新启动服务

[iyunv@localhost keepalived]# service keepalived restart

配置从调度服务器

LVS+Keepalived

[iyunv@localhost ~]# cd /etc/keepalived/

[iyunv@localhost keepalived]# cp keepalived.conf keepalived.conf.bak  复制一份配置文件

[iyunv@localhost keepalived]# vim keepalived.conf

主调度服务器的keepalived配置文件

global_defs {

   router_id LVS_HA_R2

}

vrrp_instance VI_1 {

    state BACKUP  从

    interface eth0

    virtual_router_id 51

    priority 99

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

        172.16.16.172

    }

}

virtual_server 172.16.16.172  80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

  ! persistence 60

    protocol TCP

    real_server 172.16.16.177  80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 4

        }

    }

    real_server 172.16.16.178  80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 4

        }

    }

}

重新启动服务

[iyunv@localhost keepalived]# service keepalived restart

客户端windows 7 测试

访问。172.16.16.172  

不停的刷新。会看到不同的页面

如果不会出现访问页面

则分别在主调度服务器、调度服务器 重新配置策略即可

[iyunv@localhost]#service ipvsadm stop      清楚原有策略

[iyunv@localhost]#ipvsadm  -A  -t 172.16.16.172:80 –s  rr   

[iyunv@localhost]#ipvsadm  –a   –t  172.16.16.172:80  –r  172.16.16.177  -g  -w   1

[iyunv@localhost]# ipvsadm   -a  -t  172.16.16.172:80   -r  172.16.16.178  -g  -w   1

[iyunv@localhost]#service  ipvsadm save   保存策略

[iyunv@localhost]#chkconfig   ipvsadm   on

断开主调度服务器的网卡，   客户端再次刷新还是可以看到web页面、及负载均衡生效。

再次访问

及实验完成。

DNS域名解析

主域名服务器 172.16.16.173

关掉iptables

关掉selinux

挂载光盘

[iyunv@localhost ~]# rpm -qa | grep "^bind"

bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64

bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64

[iyunv@localhost ~]# cd /media/cdrom/Packages/

[iyunv@localhost Packages]# rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

[iyunv@localhost Packages]# rpm -ivh bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

[iyunv@localhost Packages]# rpm -qa | grep "^bind"

bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64

bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64

bind-9.8.2-0.17.rc1.el6_4.6.x86_64

bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64

一：主域名服务器

[iyunv@localhost ~]# hostname ns1.benet.com

[iyunv@localhost ~]# vi /etc/resolv.conf

nameserver 172.16.16.173

[iyunv@localhost ~]# vi /etc/named.conf

修改：（将option中的其他内容删掉，只保留directory项）

options {

        directory       "/var/named";

};

zone "benet.com" IN {

        type master;

        file "benet.com.zone";

};

zone "16.16.172.in-addr.arpa" IN {

      type master;

      file "172.16.16.arpa";

};

[iyunv@localhost ~]# cd /var/named/

[iyunv@localhost named]# vi benet.com.zone

$TTL 86400

@  SOA benet.com.  admin.benet.com.  (

         2011030301

         4H

         30M

         12H

         1D

)

@    IN  NS    ns1.benet.com.

ns1   IN  A     172.16.16.173

www  IN  A    172.16.16.172    群集VIP

[iyunv@localhost named]# vi 172.16.16.arpa

$TTL  86400

@  SOA  benet.com.  admin.benet.com.  (

    2011101011

    4H

    30M

    12H

    1D

)

@    IN  NS   ns1.benet.com.

123   IN  PTR  ns1.benet.com.

123   IN  PTR  www.benet.com.

[iyunv@localhost named]# service named start

客户端验证

二：从域名服务器

1：设置主域名服务器  在主域名服务器上操作

[iyunv@localhost ~]# vi /etc/named.conf

options {

        directory       "/var/named";

};

zone "benet.com" IN {

        type master;

        file "benet.com.zone";

        allow-transfer  {172.16.16.174;};        \\添加，允许从域名服务器下载区域数据

};

zone "16.16.172.in-addr.arpa" IN {

      type master;

      file "172.16.16.arpa";

      allow-transfer  {172.16.16.174;};            \\添加

};

[iyunv@localhost ~]# service named restart

2：设置从域名服务器

打开第二台linux

从域名服务器IP地址：172.16.16.174

关闭iptables

关闭selinux

[iyunv@localhost ~]# cd /media/cdrom/Packages/

[iyunv@localhost Packages]# rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

[iyunv@localhost Packages]# rpm -ivh bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm

[iyunv@localhost Packages]# cd

[iyunv@localhost ~]# vi /etc/named.conf

options {

        directory       "/var/named";

};

zone "benet.com" IN {

        type slave;

        file "slaves/benet.com.zone";

        masters  {172.16.16.173;};

};

zone "16.16.172.in-addr.arpa" IN {

      type slave;

      file "slaves/172.16.16.arpa";

      masters {172.16.16.173;};

};

[iyunv@localhost ~]# service named start

[iyunv@localhost ~]# ls -lh /var/named/slaves/

3：客户端验证

修改客户端dns首选为172.16.16.174      备用DNS 172.16.16.173

访问www.benet.com

测试成功！