lvs + keepalived 实现负载均衡及高可用
Keepalived
Keepalived在这里主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。IPVS通常与keepalived配合使用,后者也是LVS项目的子项目之一,用于检测服务器的状态。
在lvs体系中,Keepalived主要有如下3个功能:
1 管理LVS负载均衡软件
2 实现对LVS集群节点的健康检查功能
3 作为系统网络服务的高可用功能
因为ldirectord也提供健康检查的机制,所以实验前关闭ldirectord。
实验环境
主机系统:RHEL7.3
防火墙,selinux关闭
实验主机:
LVS ‐ MASTER: 172.25.40.1
LVS ‐ BACKUP: 172.25.40.4
LVS ‐ VIP: 172.25.40.100
Realsever: server2:172.25.40.2 server3:172.25.40.3
server1:
关闭ldirectord
keepalived的编译安装及配置,安装包需自行下载
tar zxf keepalived-2.0.6.tar.gz
cd keepalived-2.0.6
yum install openssl-devel gcc-y #安装软件依赖
./configure --with-init=systemd --prefix=/usr/local/keepalived ##对软件进行配置,检查当前的环境是否满足要安装软件的依赖关系,会生成一个Makefile文件,此命令需要安装gcc,--prefix指定安装路径,rehl6.5为 --with-init=SYSV
make #是用来编译的,它从Makefile中读取指令,然后编译
make install #是用来安装的,它也从Makefile中读取指令,安装到指定的位置。
chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived #加可执行权限
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ #建立软链接
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #设置邮件的发送地址
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1 #设置 smtp server 地址
smtp_connect_timeout 30 #设置连接 smtp 服务器超时时间
router_id LVS_DEVEL #load balancer 的标识 ID,用于 email 警报
vrrp_skip_check_adv_addr
#vrrp_strict #严格执行VRRP协议规范,此模式不支持节点单播,必须注释,否则它会自动给server1上防火墙加一条策略,导致实验不能进行
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0 #HA 监测网络接口
virtual_router_id 24 #主、备机的 virtual_router_id 必须相同,取值 0-255
priority 100 #主机的优先级,主机优先级一定要大于备机
advert_int 1 #主备之间的通告间隔秒数
authentication { #主备切换时的验证
auth_type PASS #设置验证类型,主要有 PASS 和 AH 两种
auth_pass 1111 #设置验证密码,在一个 vrrp_instance 下,MASTER 与 BACKUP 必须使用相同的密码才能正常通信
}
virtual_ipaddress { #设置虚拟 IP 地址,可以设置多个虚拟 IP 地址,每行一个
172.25.40.100
}
}
virtual_server 172.25.40.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.40.2 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.40.3 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
systemctl restart keepalived
scp -r /usr/local/keepalived/ 172.25.40.4:/usr/local #在server1中编译完了可直接拷给server4,不用在server4中再次编译
server4
配置yum源及安装ipvsadm
keepalived配置同server1:
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
scp 172.25.40.1:/etc/keepalived/keepalived.conf /etc/keepalived/ # 将server1的配置文件拷过来
vim /etc/keepalived/keepalived.conf
修改:
state BACKUP
priority 50
systemctl restart keepalived
server2与server3
配置apache及arptables策略
server2:
yum install arptables #安装网络控制进程
arptables -A INPUT -d 172.25.40.100 -j DROP
#将此IP下的请求忽略,只遵从调度器的调配
arptables -A OUTPUT -s 172.25.40.100 -j mangle --mangle-ip-s 172.25.40.2
#将发出去的数据包时伪装成VIP发送
arptables -L #查看加入的策略
ip addr add 172.25.40.100/24 dev eth0 ##server2 加入VIP
ip addr show
server 3:
yum install arptables #安装网络控制进程
arptables -A INPUT -d 172.25.40.100 -j DROP
#将此IP下的请求忽略,只遵从调度器的调配
arptables -A OUTPUT -s 172.25.40.100 -j mangle --mangle-ip-s 172.25.40.3
#将发出去的数据包时伪装成VIP发送
arptables -L #查看加入的策略
ip addr add 172.25.40.100/24 dev eth0 #server3 加入VIP
物理机测试
同时打开server1和server4的keeplived
查看策略:
负载均衡测试:
高可用测试:
关闭server1的keepalived,server4便接管服务,当启动server1的keepalived时,server1又接管了服务。其间不影响负载均衡
健康检测:
