keepalived实现lvs的高可用

HA Cluster 配置准备:
(1) 各节点时间必须同步
ntp, chrony
(2) 确保iptables及selinux不会成为阻碍
(3) 各节点之间可通过主机名互相通信(对KA并非必须)
建议使用/etc/hosts文件实现
(4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信(对KA并非必须)

1)用两台主机,安装keepalived ,httpd ,(安装httpd的作用是 当web服务器都挂了,本机的httpd充当web页面提示:网站维护中 )做好KEY验证,写好/etc/hosts文件

[root@KA1 ~]#yum install keepalived -y

[root@KA2 ~]#yum install keepalived -y

节点1做KEY验证
[root@KA1 ~]#ssh-keygen 
[root@KA1 ~]#ssh-copy-id 192.168.8.105

节点2做KEY验证
[root@KA2 ~]#ssh-keygen 
[root@KA2 ~]#ssh-copy-id 192.168.8.104

节点1 /ect/hosts文件
[root@KA1 ~]#vim /etc/hosts
[root@KA1 ~]#cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.104 KA1
192.168.8.105 KA2


节点2 /ect/hosts文件
[root@KA2 ~]#vim /etc/hosts
[root@KA2 ~]#cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.105 KA2
192.168.8.104 KA1

安装httpd , 启动

节点1 
[root@KA1 ~]#yum install httpd -y

[root@KA1 ~]#echo "网站维护中!" > /var/www/html/index.html

[root@KA1 ~]#systemctl start httpd



节点2 
[root@KA2 ~]#yum install httpd -y

[root@KA2 ~]#echo "网站维护中!" > /var/www/html/index.html

[root@KA2 ~]#systemctl start httpd

2)修改keepalived配置文件

节点1配置


[root@KA1 ~]#vim  /etc/keepalived/keepalived.conf

全局配置
global_defs {
   notification_email {
     root@localhost             邮件地址
   }
   notification_email_from keepalived@localhost         发邮件的名字
   smtp_server 127.0.0.1                        发邮件的主机
   smtp_connect_timeout 30          
   router_id KA1                        路由名,随便起一个
   vrrp_mcast_group4 224.100.100.100        多播地址


虚拟路由器配置
vrrp_instance VI_1 {
    state MASTER            
    interface eth0          接口
    virtual_router_id 51    虚拟路由id  
    priority 100        优先级
    advert_int 1        广播时间间隔
    authentication {
        auth_type PASS
        auth_pass 123456  密码随便设
    }
    virtual_ipaddress {
        192.168.8.100/24 dev eth0 label eth0:1  虚拟VIP的地址
    }
}


虚拟服务器配置
virtual_server 192.168.8.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    sorry_server 127.0.0.1 80               如果两台web服务都挂了,启用本机的web服务,提示网站维护

    real_server 192.168.8.102 80 {          web服务器地址
        weight 1 
        HTTP_GET { 
            url {  
              path /                        web服务器页面路径
              status_code 200           状态检查
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.8.103 80 {
        weight 1
        HTTP_GET { 
            url {  
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

节点2配置

[root@KA2 ~]#vim /etc/keepalived/keepalived.conf

全局配置
global_defs {
   notification_email {
   root@localhost
}
   
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id KA2
   vrrp_mcast_group4 224.100.100.100

}
虚拟路由器配置
vrrp_instance VI_1 {
    state BACKUP            主机设为BACKUP
    interface eth0
    virtual_router_id 51    路由id和节点1 一样
    priority 80             优先级要比节点1 小
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456        密码和节点1 一样
    }
    virtual_ipaddress {
        192.168.8.100/24 dev eth0 label eth0:1 虚拟VIP也和节点1 一样
    }
}


虚拟服务器配置
virtual_server 192.168.8.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    sorry_server 127.0.0.1 80           如果两台web服务都挂了,启用本机的web服务,提示网站维护

    real_server 192.168.8.102 80 {    web服务器的地址
        weight 1 
        HTTP_GET { 
            url {  
              path /                    web服务器的页面路径
              status_code 200           状态检查
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.8.103 80 {
        weight 1
        HTTP_GET { 
            url {  
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

3)在web服务器上安装httpd , 绑定vip,修改内核参数,直接跑下面写好的脚本就OK了 ,把vip地址改一下

#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.8.100
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*) 
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

web1执行脚本


[root@web1 ~]#bash lvs_dr_rs.sh start 
The RS Server is Ready!

查看绑定的VIP
[root@web1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.8.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:67:d8:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.102/24 brd 192.168.8.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe67:d820/64 scope link 
       valid_lft forever preferred_lft forever

web2执行脚本

[root@web2 ~]#bash lvs_dr_rs.sh start 
The RS Server is Ready!

查看绑定的VIP
[root@web2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.8.100/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:73:26:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.103/24 brd 192.168.8.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe73:26e3/64 scope link 
       valid_lft forever preferred_lft forever

4)在keepalived 节点上安装ipvsadm 可以查看lvs策略

节点一

[root@KA1 ~]#yum install ipvsadm -y

查看lvs
[root@KA1 ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.8.100:80 rr
  -> 192.168.8.102:80             Route   1      0          0         
  -> 192.168.8.103:80             Route   1      0          0

节点二

[root@KA2 ~]#yum install ipvsadm -y

查看lvs
[root@KA2 ~]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.8.100:80 rr
  -> 192.168.8.102:80             Route   1      0          0         
  -> 192.168.8.103:80             Route   1      0          0

5)启动keepalived服务,查看IP

节点1

[root@KA1 ~]#systemctl start keepalived.service

查看IP
[root@KA1 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:83:52:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.104/24 brd 192.168.8.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 192.168.8.100/24 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe83:52fe/64 scope link 
       valid_lft forever preferred_lft forever
You have new mail in /var/spool/mail/root

节点2

[root@KA2 ~]#systemctl start keepalived.service

查看IP
[root@KA2 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:d1:c0:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.105/24 brd 192.168.8.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fed1:c0fc/64 scope link 
       valid_lft forever preferred_lft forever
You have new mail in /var/spool/mail/root

6)测试

[root@centos ~]#while true ; do curl 192.168.8.100 ;sleep 0.5 ;done
192.168.8.103 web2
192.168.8.102 web1
192.168.8.103 web2
192.168.8.102 web1
192.168.8.103 web2
192.168.8.102 web1
192.168.8.103 web2
192.168.8.102 web1

成功!

6)测试两个web服务都挂了

[root@route ~]#curl 192.168.8.100
网站维护中!
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。