LVS+Keepalived+DNS高可用群集 理论基础:Keepalived的设计目标是构建高可用的LVS负载均衡群集,可以调用ipvsadm工具来创建虚拟服务器,管理服务器池,而不仅仅用作双机热备。使用Keepalived构建LVS群集更加简单易用,主要优势体现在:对LVS负载调度器实现热备切换,提高可用性:对服务器池中的节点进行健康检查,自动移除失效节点,恢复后再重新加入。 实现环境: 五台虚拟机: 主调度服务器: eth0 172.16.16.173 255.255.255.0 vm1 Eth1 192.168.10.1 作为心跳线网络 vm3 从调度服务器 : eth0 172.16.16.174 255.255.255.0 vm1 Eth1 192.168.10.2 作为心跳线网络 vm3 web节点 01 eth0: 172.16.16.177 255.255.255.0 vm1 web节点02 eth0 : 172.16.16.178 255.25.255.0 vm1 windows 7 客户端 eth 0 : 172.16.16.100 255.255.255.0 vm1 主调度服务器: 安装keepalived必须安装一下内核开发包 配置安装ipvsadm工具 [iyunv@localhost]#yum –y install ipvsadm [iyunv@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel 拷贝keepalived软件安装 [iyunv@localhost]#cp keepalived-1.2.13.tar.gz /usr/src [iyunv@localhost]#cd /usr/src [iyunv@localhost src ]#tar zxvf keepalived-1.2.13.tar .gz [iyunv@localhost src]# cd keepalived-1.2.13 [iyunv@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [iyunv@localhost keepalived-1.2.13]# make && make install [iyunv@localhost keepalived-1.2.13]# ls -l /etc/init.d/keepalived -rwxr-xr-x. 1 root root 1308 7月 13 19:02 /etc/init.d/keepalived [iyunv@localhost keepalived-1.2.13]# chkconfig --add keepalived [iyunv@localhost keepalived-1.2.13]# chkconfig keepalived on 调整/proc响应参数 [iyunv@localhost]#vim /etc/sysctl.conf net.ipv4.conf.all.send_redirects = 0 (添加四行到最下面) net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth1.send_redirects = 0 [iyunv@localhost]#sysctl -p [iyunv@localhost]#service ipvsadm stop 清楚原有策略 [iyunv@localhost]#ipvsadm -A -t 172.16.16.172:80 –s rr [iyunv@localhost]#ipvsadm –a –t 172.16.16.172:80 –r 172.16.16.177 -g -w 1 [iyunv@localhost]# ipvsadm -a -t 172.16.16.172:80 -r 172.16.16.178 -g -w 1 [iyunv@localhost]#service ipvsadm save 保存策略 [iyunv@localhost]#chkconfig ipvsadm on 从调度服务器: 安装keepalived必须安装一下内核开发包 配置安装ipvsadm工具 [iyunv@localhost]#yum –y install ipvsadm [iyunv@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel 拷贝keepalived软件安装 [iyunv@localhost]#cp keepalived-1.2.13.tar.gz /usr/src [iyunv@localhost]#cd /usr/src [iyunv@localhost src ]#tar zxvf keepalived-1.2.13.tar .gz [iyunv@localhost src]# cd keepalived-1.2.13 [iyunv@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [iyunv@localhost keepalived-1.2.13]# make && make install [iyunv@localhost keepalived-1.2.13]# ls -l /etc/init.d/keepalived -rwxr-xr-x. 1 root root 1308 7月 13 19:02 /etc/init.d/keepalived [iyunv@localhost keepalived-1.2.13]# chkconfig --add keepalived [iyunv@localhost keepalived-1.2.13]# chkconfig keepalived on 调整/proc响应参数 [iyunv@localhost]#vim /etc/sysctl.conf net.ipv4.conf.all.send_redirects = 0 (添加四行到最下面) net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 net.ipv4.conf.eth1.send_redirects = 0 [iyunv@localhost]#sysctl -p [iyunv@localhost]#service ipvsadm stop 清楚原有策略 [iyunv@localhost]#ipvsadm -A -t 172.16.16.172:80 –s rr [iyunv@localhost]#ipvsadm –a –t 172.16.16.172:80 –r 172.16.16.177 -g -w 1 [iyunv@localhost]# ipvsadm -a -t 172.16.16.172:80 -r 172.16.16.178 -g -w 1 [iyunv@localhost]#service ipvsadm save 保存策略 [iyunv@localhost]#chkconfig ipvsadm on 配置节点服务器 Web节点 01 配置 在web节点01 上面写一个测试网页
[iyunv@localhost ~]# cd /etc/sysconfig/network-scripts/ [iyunv@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [iyunv@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=172.16.16.172 NETMASK=255.255.255.255 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) ONBOOT=yes ~ [iyunv@localhost network-scripts]# ifup lo:0 [iyunv@localhost network-scripts]# ifconfig lo:0 lo:0 Link encap:Local Loopback inet addr:172.16.16.172 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1 [iyunv@localhost network-scripts]# vim /etc/rc.local 添加VIP本地访问路由 /sbin/route add -host 172.16.16.172 dev lo:0 添加一行 file:///C:\Users\ADMINI~1.PC-\AppData\Local\Temp\ksohtml\wps4D76.tmp.jpg [iyunv@localhost network-scripts]# route add -host 172.16.16.172 dev lo:0 2)调整/proc参数,禁用ARP响应。 [iyunv@localhost ~]# vi /etc/sysctl.conf …… 添加六行 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 [iyunv@localhost ~]# sysctl -p Web节点02配置 Web节点02 也写一个测试网页
[iyunv@localhost ~]# cd /etc/sysconfig/network-scripts/ [iyunv@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 [iyunv@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=172.16.16.172 NETMASK=255.255.255.255 # If you're having problems with gated making 127.0.0.0/8 a martian, # you can change this to something else (255.255.255.255, for example) ONBOOT=yes ~ [iyunv@localhost network-scripts]# ifup lo:0 [iyunv@localhost network-scripts]# ifconfig lo:0 lo:0 Link encap:Local Loopback inet addr:172.16.16.172 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1 [iyunv@localhost network-scripts]# vim /etc/rc.local 添加VIP本地访问路由 /sbin/route add -host 172.16.16.172 dev lo:0 添加一行
[iyunv@localhost network-scripts]# route add -host 172.16.16.172 dev lo:0 2)调整/proc参数,禁用ARP响应。 [iyunv@localhost ~]# vi /etc/sysctl.conf …… 添加六行 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 [iyunv@localhost ~]# sysctl -p 配置主调度服务器 LVS+Keepalived [iyunv@localhost ~]# cd /etc/keepalived/ [iyunv@localhost keepalived]# cp keepalived.conf keepalived.conf.bak 复制一份配置文件 [iyunv@localhost keepalived]# vim keepalived.conf 主调度服务器的keepalived配置文件 global_defs { router_id LVS_HA_R1 } vrrp_instance VI_1 { state MASTER 主 interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 172.16.16.172 } } virtual_server 172.16.16.172 80 { delay_loop 6 lb_algo rr lb_kind DR ! persistence 60 protocol TCP real_server 172.16.16.177 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 172.16.16.178 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } } 重新启动服务 [iyunv@localhost keepalived]# service keepalived restart 配置从调度服务器 LVS+Keepalived [iyunv@localhost ~]# cd /etc/keepalived/ [iyunv@localhost keepalived]# cp keepalived.conf keepalived.conf.bak 复制一份配置文件 [iyunv@localhost keepalived]# vim keepalived.conf 主调度服务器的keepalived配置文件 global_defs { router_id LVS_HA_R2 } vrrp_instance VI_1 { state BACKUP 从 interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 172.16.16.172 } } virtual_server 172.16.16.172 80 { delay_loop 6 lb_algo rr lb_kind DR ! persistence 60 protocol TCP real_server 172.16.16.177 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 172.16.16.178 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } } 重新启动服务 [iyunv@localhost keepalived]# service keepalived restart 客户端windows 7 测试 访问。172.16.16.172 不停的刷新。会看到不同的页面
如果不会出现访问页面 则分别在主调度服务器、调度服务器 重新配置策略即可 [iyunv@localhost]#service ipvsadm stop 清楚原有策略 [iyunv@localhost]#ipvsadm -A -t 172.16.16.172:80 –s rr [iyunv@localhost]#ipvsadm –a –t 172.16.16.172:80 –r 172.16.16.177 -g -w 1 [iyunv@localhost]# ipvsadm -a -t 172.16.16.172:80 -r 172.16.16.178 -g -w 1 [iyunv@localhost]#service ipvsadm save 保存策略 [iyunv@localhost]#chkconfig ipvsadm on 断开主调度服务器的网卡, 客户端再次刷新还是可以看到web页面、及负载均衡生效。
再次访问
及实验完成。 DNS域名解析 主域名服务器 172.16.16.173 关掉iptables 关掉selinux 挂载光盘 [iyunv@localhost ~]# rpm -qa | grep "^bind" bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64 bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64 [iyunv@localhost ~]# cd /media/cdrom/Packages/ [iyunv@localhost Packages]# rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm [iyunv@localhost Packages]# rpm -ivh bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm [iyunv@localhost Packages]# rpm -qa | grep "^bind" bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64 bind-libs-9.8.2-0.17.rc1.el6_4.6.x86_64 bind-9.8.2-0.17.rc1.el6_4.6.x86_64 bind-utils-9.8.2-0.17.rc1.el6_4.6.x86_64 一:主域名服务器 [iyunv@localhost ~]# hostname ns1.benet.com [iyunv@localhost ~]# vi /etc/resolv.conf nameserver 172.16.16.173 [iyunv@localhost ~]# vi /etc/named.conf 修改:(将option中的其他内容删掉,只保留directory项)
options { directory "/var/named"; }; zone "benet.com" IN { type master; file "benet.com.zone"; }; zone "16.16.172.in-addr.arpa" IN { type master; file "172.16.16.arpa"; }; [iyunv@localhost ~]# cd /var/named/ [iyunv@localhost named]# vi benet.com.zone
$TTL 86400 @ SOA benet.com. admin.benet.com. ( 2011030301 4H 30M 12H 1D ) @ IN NS ns1.benet.com. ns1 IN A 172.16.16.173 www IN A 172.16.16.172 群集VIP [iyunv@localhost named]# vi 172.16.16.arpa
$TTL 86400 @ SOA benet.com. admin.benet.com. ( 2011101011 4H 30M 12H 1D ) @ IN NS ns1.benet.com. 123 IN PTR ns1.benet.com. [iyunv@localhost named]# service named start 客户端验证 二:从域名服务器 1:设置主域名服务器 在主域名服务器上操作 [iyunv@localhost ~]# vi /etc/named.conf
options { directory "/var/named"; }; zone "benet.com" IN { type master; file "benet.com.zone"; allow-transfer {172.16.16.174;}; \\添加,允许从域名服务器下载区域数据 }; zone "16.16.172.in-addr.arpa" IN { type master; file "172.16.16.arpa"; allow-transfer {172.16.16.174;}; \\添加 }; [iyunv@localhost ~]# service named restart 2:设置从域名服务器 打开第二台linux 从域名服务器IP地址:172.16.16.174 关闭iptables 关闭selinux [iyunv@localhost ~]# cd /media/cdrom/Packages/ [iyunv@localhost Packages]# rpm -ivh bind-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm [iyunv@localhost Packages]# rpm -ivh bind-chroot-9.8.2-0.17.rc1.el6_4.6.x86_64.rpm [iyunv@localhost Packages]# cd [iyunv@localhost ~]# vi /etc/named.conf
options { directory "/var/named"; }; zone "benet.com" IN { type slave; file "slaves/benet.com.zone"; masters {172.16.16.173;}; }; zone "16.16.172.in-addr.arpa" IN { type slave; file "slaves/172.16.16.arpa"; masters {172.16.16.173;}; }; [iyunv@localhost ~]# service named start [iyunv@localhost ~]# ls -lh /var/named/slaves/ 3:客户端验证 修改客户端dns首选为172.16.16.174 备用DNS 172.16.16.173
测试成功!
|