LVS+keepalived結合
阿新 • • 發佈:2020-10-14
LVS+Keepalived實現高可用負載均衡(web叢集)
LVS+Keepalived架構圖:
測試環境:
名稱 作業系統 IP地址 LVS-MASTER Centos7.x 192.168.1.23 LVS_BACKUP Centos7.x 192.168.1.25 WebserverA Centos7.x 192.168.1.20 WebserverB Centos7.x192.168.1.21 VIP 192.168.1.188
1)安裝keepalived (MASTER/BACKUP安裝一樣):
#解決依賴: yum install -y openssl openssl-devel popt-devel #關閉防火牆selinux: systemctl stop firewalld setenforce 0
2)在LVS叢集環境中應用時,需要用到ipvsadm管理工具:
yum install -y ipvsadm
3)正式編譯安裝keepalived:
wget https://www.keepalived.org/software/keepalived-1.4.5.tar.gz tar xf keepalived-1.4.5.tar.gz cd keepalived-1.4.5 ./configure --prefix=/usr/local/keepalived/ make make install mkdir /etc/keepalived/ cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ cp keepalived-1.4.5/keepalived/keepalived.service /etc/systemd/system/ ln-s /usr/local/keepalived/sbin/keepalived /usr/sbin/ cp keepalived-1.4.5/keepalived/etc/init.d/keepalived /etc/init.d/ chmod 755 /etc/init.d/keepalived systemctl enable keepalived systemctl start keepalived ps -ef|gre keepalived
5)配置MASTER 檔案:vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { wgkgood@163.com } notification_email_from wgkgood@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } # VIP1 vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 100 advert_int 5 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.188 } } virtual_server 192.168.1.188 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 192.168.1.20 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } real_server 192.168.1.21 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } }
6)配置BACKUP 檔案:vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { wgkgood@163.com } notification_email_from wgkgood@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } # VIP1 vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 5 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.188 } } virtual_server 192.168.1.188 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 192.168.1.20 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } real_server 192.168.1.21 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } }
7)LVS配置均衡:
MASTER:
#開啟ip_vs管理模組: modprobe ip_vs lsmod |grep -i ip_vs ipvsadm -A -t 192.168.1.188:80 -s rr ipvsadm -a -t 192.168.1.188:80 -r 192.168.1.20 -g -w 100 ipvsadm -a -t 192.168.1.188:80 -r 192.168.1.21 -g -w 100 #引數解釋: -A 大A 新增虛擬叢集 -t tcp協議 -s 指定演算法rr模式 -a 在虛擬叢集中新增後端真實IP -g 指定DR模式 -w 權重 #檢視虛擬叢集狀態: ipvsadm -L -n #刪除叢集IP: ipvsadm -d -t 192.168.1.188:80 -r 192.168.1.20 ipvsadm -D -t 192.168.1.188:80
BACKUP:
#開啟ip_vs管理模組: modprobe ip_vs lsmod |grep -i ip_vs #新增虛擬叢集例項/後端真實IP: ipvsadm -A -t 192.168.1.188:80 -s rr ipvsadm -a -t 192.168.1.188:80 -r 192.168.1.20 -g -w 100 ipvsadm -a -t 192.168.1.188:80 -r 192.168.1.21 -g -w 1007)WebserverA/B配置DR模式: 1)LVS DR原理:使用者請求LVS VIP到達director(LB均衡器),director將請求的報文的目標MAC地址改成後端的realserverMAC地址,目標IP為VIP(不變),源IP為使用者IP地址(保持不變),如果Director將報文傳送到realserver,realserver檢測到目標為自己本地VIP,如果在同一個網段,然後將請求直接返給使用者。如果使用者跟realserver不在一個網段,則通過閘道器返回使用者,如下圖所示:
2)LVS DR模式注意事項:
- LVS伺服器和後端伺服器realserver必須在同網段(內網、公網);
- LVS修改請求報文的目標MAC,目標(VIP)不修改的;
- 目標IP(VIP)保持不變。在RS後端配置VIP,lo網絡卡上面配置(不衝突);
- RS後端伺服器的閘道器指向路由器的下一跳,保證資料能夠出去(訪問外網);
- 在所有RS後端伺服器,抑制ARP廣播,禁止VIP響應解析,而且要保證真實網絡卡不能抑制ARP廣播。
#拷貝網絡卡: cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-srcipts/ifcfg-lo:1 #編輯 新增如下內容 vim /etc/sysconfig/network-srcipts/ifcfg-lo:1 DEVICE=lo IPADDR=192.168.1.188 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback #需要重啟網絡卡: ifup lo:1 systemctl restart network
2)為了實現均衡,需要在後端伺服器上配置抑制arp廣播,禁止arp響應解析,而且要保證真實網絡卡能接受arp廣播:
cat /proc/sys/net/ipv4/conf/lo/arp_ignore 預設是0需要執行如下命令: echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce #解釋: arp ignore引數(1)含義:只響應目標IP配置在真實網絡卡; arp announce引數(2)含義:忽略報文得源IP地址,使用主機上能夠跟使用者通訊的真實網絡卡傳送資料。
realserver配置DR指令碼:
#!/bin/sh #LVS Client Server VIP=192.168.1.188 case $1 in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" exit 0 ;; stop) ifconfig lo:0 down route del $VIP >/dev/null 2>&1 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped OK" exit 1 ;; *) echo "Usage: $0 {start|stop}" ;; esac
測試均衡情況:
while true;do curl http://192.168.1.188 ;sleep 3;done