1、网络拓扑

DNS部署(四)之lvs+keepalived+bind架构高可用负载均衡DNS系统_第1张图片

2、环境描述

系统描述 IP地址 作用
LB-master 192.168.1.105 主备负载均衡器(同时做web和DNS调度)
LB-backup 192.168.1.106
DNS-master 192.168.1.107 VIP:192.168.1.30(LVS DNS节点互为主辅同步)
DNS-backup 192.168.1.108
Web节点组 192.168.1.201-203 VIP:192.168.1.40(LVS web节点)

3、配置LVS调度器keepalived的配置文件

keepalived配置双vrrp instance,分别为:WEB实例和DNS实例。

3.1 主LVSkeepalived的配置文件内容:

[root@lvs-M ~]#cat /etc/keepalived/keepalived.conf

! ConfigurationFile for keepalived

 

global_defs {

   notification_email {

     acassen@firewall.loc

     failover@firewall.loc

    sysadmin@firewall.loc

   }

   notification_email_fromAlexandre.Cassen@firewall.loc

   smtp_server 192.168.200.1

   smtp_connect_timeout 30

   router_id lvs_105

}

 

vrrp_instance VI_WEB {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.40/24

    }

}

 

#############LVSWEB################

virtual_server 192.168.1.40 80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

 #  persistence_timeout 50

    protocol TCP

 

    real_server 192.168.1.201 80 {

        weight 100

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

   real_server 192.168.1.202 80 {

        weight 100             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

   real_server 192.168.1.203 80 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

 

#############DNSInstance start###############

vrrp_instance VI_DNS {

    state BACKUP

    interface eth0

    virtual_router_id 52

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.30/24

    }

}

###########LVSDNS#######################

virtual_server 192.168.1.30 53 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

  # persistence_timeout 50

    protocol UDP

 

    real_server 192.168.1.107 53 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 53

        }

    }

   real_server 192.168.1.108 53 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 53

        }

    }

}

3.2 备LVSkeepalived的配置文件内容:

[root@lvs-S ~]#cat /etc/keepalived/keepalived.conf

! ConfigurationFile for keepalived

 

global_defs {

   notification_email {

     acassen@firewall.loc

     failover@firewall.loc

     sysadmin@firewall.loc

   }

   notification_email_fromAlexandre.Cassen@firewall.loc

   smtp_server 192.168.200.1

   smtp_connect_timeout 30

   router_id lvs_106

}

 

vrrp_instance VI_WEB {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.40/24

    }

}

 

#############LVSWEB################

virtual_server 192.168.1.40 80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

 #  persistence_timeout 50

    protocol TCP

 

    real_server 192.168.1.201 80 {

        weight 100

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

   real_server 192.168.1.202 80 {

        weight 100             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

   real_server 192.168.1.203 80 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

 

#############DNS Instancestart###############

vrrp_instance VI_DNS {

    state MASTER

    interface eth0

    virtual_router_id 52

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.30/24

    }

}

###########LVSDNS#######################

virtual_server 192.168.1.30 53 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

  # persistence_timeout 50

    protocol UDP

 

    real_server 192.168.1.107 53 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 53

        }

    }

   real_server 192.168.1.108 53 {

        weight 100

        TCP_CHECK {

        connect_timeout 8

        nb_get_retry 3

        delay_before_retry 3

        connect_port 53

        }

    }

}

4、配置LVS节点服务器脚本(WEB节点与DNS节点都要配置)

4.1 DNS节点的配置内容(主备DNS都有配置):

[root@dns-M ~]# cat /etc/init.d/dns_rs.ctl

#!/bin/bash

. /etc/init.d/functions

 VIP=192.168.1.30

 

case "$1" in

start)

    echo "start LVS of Realserver DR mode"

    /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up

    route add -host ${VIP} dev lo

 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

 echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

 echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

   ;;

stop)

    /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down

    route del -host ${VIP} dev lo

    echo "stop LVS of Realserver DR mode"

  echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

  echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore

  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce

   ;;

*)

   echo "Usage: $0 {start|stop}"

   exit 1

  esac

4.1.1 对上面的脚本赋予权限

[root@dns-S init.d]# chmod +x dns_rs.ctl


4.2 WEB节点的配置内容(web的所有节点都有配置)

[root@web1 ~]# cat /etc/init.d/web_rs.ctl

#!/bin/bash

. /etc/init.d/functions

 VIP=192.168.1.40

 

case "$1" in

start)

    echo "start LVS of Realserver DR mode"

    /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up

    route add -host ${VIP} dev lo

 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

 echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

 echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

   ;;

stop)

    /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down

    route del -host ${VIP} dev lo

    echo "stop LVS of Realserver DR mode"

  echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

  echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore

  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce

   ;;

*)

   echo "Usage: $0 {start|stop}"

   exit 1

  esac

4.2.1 对上面的脚本赋予权限

[root@web1 init.d]# chmod +x web_rs.ctl


5、主DNS服务器的区域配置文件修改如下:

[root@dns-M ~]# cat /var/named/chroot/var/named/pp.org.zone

$TTL   86400

@               IN SOA  dns.pp.org.       root.pp.org. (

                                        203             ; serial (d. adams)

                                        3H              ; refresh

                                       15M             ; retry

                                        1W              ; expiry

                                        1D)            ; minimum

 

                IN NS           dns.pp.org.

                IN MX  10       mail.pp.org.

dns.pp.org.     IN A            192.168.1.107

www             IN  A           192.168.1.40

5.1 修改之后重启DNS服务

[root@dns-M ~]# rndc reload

server reload successful


6、综合测试

测试之前要启动相关服务(keepalivedlvs节点脚本、节点Apache、节点DNS服务器等)

A:首先启动一台负载均衡调度器的keepalived服务

[root@lvs-M ~]# /etc/init.d/keepalived start

Starting keepalived:                                       [  OK  ]

[root@lvs-M ~]# ip addr

1: lo: mtu16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:81:a8:b3 brd ff:ff:ff:ff:ff:ff

   inet 192.168.1.105/24 brd 192.168.1.255 scope global eth0

    inet 192.168.1.40/24 scopeglobal secondary eth0

    inet 192.168.1.30/24 scopeglobal secondary eth0

   inet6 fe80::20c:29ff:fe81:a8b3/64 scope link

      valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

   link/sit 0.0.0.0 brd 0.0.0.0

查看调度规则:

[root@lvs-M ~]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

 -> RemoteAddress:Port          Forward Weight ActiveConn InActConn

UDP 192.168.1.30:53 rr

 -> 192.168.1.108:53            Route   100    0         0        

 -> 192.168.1.107:53            Route   100    0         0         

TCP 192.168.1.40:80 rr

 -> 192.168.1.203:80            Route   100    0         0        

 -> 192.168.1.202:80            Route   100    0         0        

 -> 192.168.1.201:80            Route   100    0         0

B.停掉和启用一台DNS服务,观察调度器

[root@dns-S slaves]# /etc/init.d/named stop

Stoppingnamed:                                           [  OK  ]


查看的日志内容:

Oct 26 23:38:10 localhostKeepalived_healthcheckers: TCP connection to [192.168.1.108:53] failed !!!

Oct 26 23:38:10 localhost Keepalived_healthcheckers:Removing service [192.168.1.108:53] from VS [192.168.1.30:53]

观察lvs调度规则中少了192.168.1.108机器

[root@lvs-M ~]# ipvsadm -L -n

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

 -> RemoteAddress:Port          Forward Weight ActiveConn InActConn

UDP 192.168.1.30:53 rr

 -> 192.168.1.107:53            Route   100    0         0        

TCP 192.168.1.40:80 rr

 -> 192.168.1.203:80            Route   100    0         0        

 -> 192.168.1.202:80            Route   100    0         0        

 -> 192.168.1.201:80            Route   100    0         0   


再次启动回来,查看日志会发现又把对应的IP地址加入了进来!

C.启动第二台负载均衡调度器的keepalived服务

[root@lvs-S ~]# /etc/init.d/keepalived start

Starting keepalived:                                       [  OK  ]


   此时DNSVIP会分配到第二台负载均衡调度器上

[root@lvs-S ~]# ip addr

1: lo: mtu16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:b5:be:19 brd ff:ff:ff:ff:ff:ff

   inet 192.168.1.106/24 brd 192.168.1.255 scope global eth0

   inet 192.168.1.30/24 scope global secondary eth0

   inet6 fe80::20c:29ff:feb5:be19/64 scope link

      valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

link/sit 0.0.0.0brd 0.0.0.0 


WEBVIP仍然在第一台负载均衡调度器上!!

[root@lvs-M ~]#ip addr

1: lo: mtu 16436 qdisc noqueue

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

    link/ether 00:0c:29:81:a8:b3 brdff:ff:ff:ff:ff:ff

    inet 192.168.1.105/24 brd 192.168.1.255scope global eth0

    inet 192.168.1.40/24 scope global secondaryeth0

    inet6 fe80::20c:29ff:fe81:a8b3/64 scopelink

       valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

    link/sit 0.0.0.0 brd 0.0.0.0

观察调度规则:

   [root@lvs-S ~]#ipvsadm -L -n

   IP VirtualServer version 1.2.1 (size=4096)

   ProtLocalAddress:Port Scheduler Flags

-> RemoteAddress:Port           Forward Weight ActiveConn InActConn

UDP  192.168.1.30:53 rr

  -> 192.168.1.108:53             Route  100    0         35        

  -> 192.168.1.107:53             Route   100   0         36       

TCP  192.168.1.40:80 rr

  -> 192.168.1.203:80             Route   100   0          0        

  -> 192.168.1.202:80             Route   100   0          0        

  -> 192.168.1.201:80             Route   100   0          0


[root@lvs-M ~]#ipvsadm -L -n

IP VirtualServer version 1.2.1 (size=4096)

ProtLocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

UDP  192.168.1.30:53 rr

  -> 192.168.1.108:53             Route   100   0          0        

  -> 192.168.1.107:53             Route   100   0          0      

TCP  192.168.1.40:80 rr

  -> 192.168.1.203:80             Route   100   0          35        

  -> 192.168.1.202:80             Route   100   0          36      

  -> 192.168.1.201:80             Route   100   0          35

综上:主备调度器的keepalived服务都在工作!


注:bind9功能强大,这里只是讨论了最简单的配置!