菜鸟学Linux 第083篇笔记 lvs配置和健康状况
内容总览
lvs-net配置
lvs-dr配置
lvs real-server健康检查脚本
配置lvs工作模型为net
准备工作
三台电脑
二台做rs 并都开启httpd服务(此前有配置过,这里不详细配置)
1.确保httpd已经启用并在目录站点已经有可以访问的文件index.html
2.配置两台rs ip为 192.168.10.10 192.168.10.11 网关都为 192.168.10.1
rs的网关IP必须为lvs的内网的IP
(此时real server配置完成)
一台做lvs调度服务器
1.配置内网ip 为192.168.10.1
2.配置外网ip 为192.168.11.133 模拟外网
3.安装ipvsadm
# yum install -y ipvsadm
连接方式
lvs-server有两个网卡
一个连接外网,即VIP
一个连接内网,和RIP在同一网段
lvs-server配置
启动lvs VIP
# ipvsadm -A -t 192.168.11.133:80 -s rr
添加两台real server
# ipvsadm -a -t 192.168.11.133:80 -r 192.168.10.10 -m
# ipvsadm -a -t 192.168.11.133:80 -r 192.168.10.11 -m
启动LVS服务器的ip_forward功能
# echo 1 > /proc/sys/net/ipv4/ip_forward (临时开启,立即生效)
# vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
(将此项改为1 重启即为永久生效 但更改完不会立即生效)
(目前虽然可以调度,但当某rs关机或服务停止时,director无法发现其故障)
(至此lvs-net调度模式已经配置完成)
LVS-DR
MAC 响应和通告控制方式
1. VIP:MAC
2. arptables
3. kernel parameter:
arp_ignore 定义接收到arp请求时的响应级别
0 - (default): reply for any local target IP address, configured on any interface
只要本地配置的有相应地址,就给予响应
1 - reply only if the target IP address is local address configured
on the incoming interface
仅在请求的目标地址是请求所到达的接口上地址的时候,才予以响应
2 - reply only if the target IP address is local address configured
on the incoming interface and both with the sender's IP address
are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
arp_announce 定义将自己MAC地址向外通告时的通告级别
0 - (default) Use any local address, configured on any interface.
将本地任何接口上的任何地址向外通告
1 - Try to avoid local addresses that are not in the target's
subnet for this interface.
试图仅向目标网络通告与其网络匹配的地址
2 - Always use the best local address for this target.
仅向与本地接口上地址匹配的网络进行通告
配置lvs工作模式为DR
准备工作
1台lvs server
VIP eth0:0 192.168.10.1
DIP eth0 192.168.10.2
2台 web server (rs)
配置通告和响应arp范围(二选一即可)
1. 临时修改但即时生效
# sysctl -w net.ipv4.conf.all.arp_ignore=1
# sysctl -w net.ipv4.conf.eth0.arp_ignore=1
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
2. 永久修改但需重启生效/etc/sysctl.conf 添加几行
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
配置ip (一定要先配置完上边再配置这个)
# ipconfig eth0 192.168.10.10
# ipconfig lo:0 192.168.10.1 broadcast 192.168.10.1 netmask
255.255.255.0 up (一行命令)
(另一台也一样 只是eth0 IP是192.168.10.11)
配置lvs server
启动lvs VIP
# ipvsadm -A -t 192.168.10.1:80 -s wrr
添加两台real server
# ipvsadm -a -t 192.168.10.1:80 -r 192.168.10.10 -g -w 2
# ipvsadm -a -t 192.168.10.1:80 -r 192.168.10.11 -g -w 1
(此时lvs DR模式配置完成 )
配置lvs server脚本
#!/bin/bash
VIP=192.168.10.1
RIP1=192.168.10.10
RIP2=192.168.10.11
. /etc/rc.d/init.d/functions
logger $0 called with $1
case "$1" in
start)
echo " start LVS of DirectorServer"
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:0
echo "1" >/proc/sys/net/ipv4/ip_forward
#Clear IPVS table
/sbin/ipvsadm -C
#set LVS
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
#Run LVS
/sbin/ipvsadm
;;
stop)
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ipvsadm -C
/sbin/ifconfig eth0:0 down
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
配置real server脚本
脚本思路
1.通过linux curl访问其rs的http服务是否在线
2.判断出而作出相应的lvs rs服务器的添加删除
#!/bin/bash
VIP=192.168.10.1
# . /etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del -host $VIP dev lo:0
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
配置lvs 健康服务检查脚本
#!/bin/bash
#
VIP=192.168.10.1
CPORT=80
FULL_BACK=127.0.0.1
RS=("192.168.10.10" "192.168.10.11")
RSSTATUS=("1" "1")
RSW=("1" "2")
RSPORT=80
TYPE=g
add() {
ipvsadm -a -t $VIP:$CPORT -r $1:$RSPORT -$TYPE -w $2
[ $? -eq 0 ] && return 0 || return 1
}
del() {
ipvsadm -d -t $VIP:$CPORT -r $1:$RSPORT
[ $? -eq 0 ] && return 0 || return 1
}
while :; do
let COUNT=0
for I in ${RS[*]}; do
if curl --connect-timeout 1 http://$I &> /dev/null; then
if [ ${RSSTATUS[$COUNT]} -eq 0 ]; then
add $I ${RSW[$COUNT]}
[ $? -eq 0 ] && RSSTATUS[$COUNT]=1
fi
else
if [ ${RSSTATUS[$COUNT]} -eq 1 ]; then
del $I
[ $? -eq 0 ] && RSSTATUS[$COUNT]=0
fi
fi
let COUNT++
done
sleep 5
done
至此你的lvs便可以实现后台real server是否在线检查
RS健康状态检查脚本示例第二版:
#!/bin/bash
#
VIP=192.168.10.1
CPORT=80
FAIL_BACK=127.0.0.1
RS=("192.168.10.7" "192.168.10.8")
declare -a RSSTATUS
RW=("2" "1")
RPORT=80
TYPE=g
CHKLOOP=3
LOG=/var/log/ipvsmonitor.log
addrs() {
ipvsadm -a -t $VIP:$CPORT -r $1:$RPORT -$TYPE -w $2
[ $? -eq 0 ] && return 0 || return 1
}
delrs() {
ipvsadm -d -t $VIP:$CPORT -r $1:$RPORT
[ $? -eq 0 ] && return 0 || return 1
}
checkrs() {
local I=1
while [ $I -le $CHKLOOP ]; do
if curl --connect-timeout 1 http://$1 &> /dev/null; then
return 0
fi
let I++
done
return 1
}
initstatus() {
local I
local COUNT=0;
for I in ${RS[*]}; do
if ipvsadm -L -n | grep "$I:$RPORT" && > /dev/null ; then
RSSTATUS[$COUNT]=1
else
RSSTATUS[$COUNT]=0
fi
let COUNT++
done
}
initstatus
while :; do
let COUNT=0
for I in ${RS[*]}; do
if checkrs $I; then
if [ ${RSSTATUS[$COUNT]} -eq 0 ]; then
addrs $I ${RW[$COUNT]}
[ $? -eq 0 ] && RSSTATUS[$COUNT]=1 && echo "`date +'%F %H:%M:%S'`, $I is back." >> $LOG
fi
else
if [ ${RSSTATUS[$COUNT]} -eq 1 ]; then
delrs $I
[ $? -eq 0 ] && RSSTATUS[$COUNT]=0 && echo "`date +'%F %H:%M:%S'`, $I is gone." >> $LOG
fi
fi
let COUNT++
done
sleep 5
done