LVS+keepalived
LVS(linux virtual server),虚拟服务器集群系统,主要组成部分:
1.负载均衡器(Director),负责将客户请求调度到后端服务器上。
2.服务器池,是一组真实执行客户请求的服务器。
3.共享存储,为服务器池提供一个共享的存储区,使所有服务器拥有相同资源
LVS的三种负载均衡技术:
1.IP隧道(TUN)
2.DR:改写请求报文中的MAC地址
3.NAT:realserver将自己的网关指向负载均衡器
LVS的八大调度算法:
轮叫调度(Round-Robin)
加权轮叫调度(Weighted Round-Robin)
最小连接调度(Least-Connection)
加权最小连接调度(Weighted Least-Connection)
基于局部性的最少链接(Locality-Based Least Connections)
带复制基于局部性最少链接(Locality-Based Least Connections with Replication)
目标地址散列调度(Destination Hashing)
源地址散列调度(Source Hashing)
LVS的DR模式:
负载调度器中只负责调度请求,而服务器直接将响应返回给客户,可以极大地提高整个集群系统的吞吐量。VIP地址为调度器和服务器组共享,调度器配置的VIP地址是对外可见的,用于接收虚拟服务的请求报文;所有的服务器把VIP地址配置在各自的Non-ARP网络设备上,它对外面是不可见的,只是用于处理目标地址为VIP的网络请求。Director接收用户的请求,然后根据负载均衡算法选取一台realserver,将包转发过去,最后由realserver直接回复给用户。
######################################DR模式的配置:
1.Director端:
yum install ipvsadm
添加规则:
ipvsadm -C ###清空ipvs转发
ipvsadm -Ln ###查看ipvs转发
ipvsadm -A -t 172.25.104.100:80 -s rr ###-A 添加一个虚拟服务IP,-t 指定类型为tcp
ipvsadm -a -t 172.25.104.100:80 -r 172.25.18.2:80 -g ###设置转发规则
ipvsadm -a -t 172.25.104.100:80 -r 172.25.18.3:80 -g
保存规则:
/etc/init.d/ipvsadm save
(也可将规则直接写入文件/etc/sysconfig/ipvsadm)
绑定VIP:
ipaddr add 172.25.104.100/24 dev eth0
(ifconfig eth0:0 172.25.104.100 netmask 255.255.255.0 up)
启动服务:
/etc/init.d/ipvsadm start
2.realserver端
yum install arptables_jf -y
建立ARP列表:
arptables -A IN -d 172.25.104.100 -j DROP ###Non-ARP 虚拟IP对外不可见
ipaddr add 172.25.104.100/24 dev eth0
arptables -A OUT -s 172.25.104.100 -j mangle --mangle-ip-s 172.25.104.5
保存列表:
/etc/init.d/arptables_jf save
启动服务:
/etc/init.d/arptables_jf start
/etc/init.d/httpd start
3.测试
客户端访问虚拟IP 172.25.104.100 会被Director转发到realserver5,6上轮询调度。
4.排错
在客户端用arp -a查看VIP绑定在哪个MAC上,正确的应该是Director上。不正确则用arp -d 172.25.104.100删除绑定,在realserver上重新建立ARP列表。
###########################################################################
###########################################################################
1.利用ldirectord实现Director的健康检查功能
Director端:
/etc/init.d/ipvsadm stop
ipvsadm -L ###无节点
yum localinstall -y ldirectord-3.9.5-3.1.x86_64.rpm
rpm -ql ldirectord
cp /usr/share/doc/lidirectord-3.9.5/lidirectord.cf /etc/ha.d/
cd /etc/ha.d
vi lidirectord.cf
virtual=172.25.104.100:80
real=172.25.104.5:80 gate
real=172.25.104.6:80 gate
fallback=127.0.0.1:80 gate ###设置自己为备用的realserver
service=http
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
request="index.html"
#receive="Test Page"
#virtualhost=www.x.y.z
/etc/init.d/ldirectord start
ipvsadm -L ###可查看到正常的realserver,如果任意realserver服务出现问题,则查看不到,即具有健康检查
2.heartbeat+ldirectord+lvs具有健康检查的高可用负载均衡
/etc/init.d/ldirectord stop
/etc/init.d/httpd stop
yum install heartbeat heartbeat-devel heartbeat-libs -y
cd /usr/share/doc/heartbeat-3.0.4/
cp ha.cf haresources authkeys /etc/ha.d
cd /etc/ha.d
vi ha.cf
logfile /var/log/ha-log
keepalive 2
deadtime 30
warntime 10
initdead 60
udpport 712
bcast eth0
node server5.example.com
node server6.example.com
ping 172.25.104.250
respawn hacluster /usr/lib64/heartbeat/ipfail
vi haresources
server4.example.com IPaddr::172.25.104.100/24/eth0 ldirectord httpd (指定优先级和虚拟vip)
vi authkeys
auth 1
1 crc
chmod 600 authkeys
/etc/init.d/heartbeat start
在Director备机上同样安装ldirectord和heartbeat,做相同配置。
访问172.25.104.100,则heartbeat自动开启ldirectord服务,实现带健康检查的负载均衡,若主端heartbeat异常,则将服务切到备端。等主端heartbeat恢复,则将服务交还给主端。
3.keepalived+lvs的负载均衡系统
keepalived 自动检测web服务器的状态
tar zxf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
yum install gcc openssl-devel -y
./configure --prefix=/use/local/keepalived
make&&make install
vi /usr/local/keepalived/etc/rc.d/init.d/keepalived ###查看信息,制作软链接
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.104.100
}
}
virtual_server 172.25.104.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#nat_mask 255.255.255.0
#persistence_timeout 50
protocol TCP
real_server 172.25.104.5 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.104.6 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在另一台Directord备机上做相同配置,主备端Virtual_route_id要相同,要更改MASTER为BACK_UP
/etc/init.d/network restart
/etc/init.d/keepalived start
访问172.25.104.18,可负载均衡,可健康检查,可实现高可用,主端keepalived恢复服务会回切。
1.负载均衡器(Director),负责将客户请求调度到后端服务器上。
2.服务器池,是一组真实执行客户请求的服务器。
3.共享存储,为服务器池提供一个共享的存储区,使所有服务器拥有相同资源
LVS的三种负载均衡技术:
1.IP隧道(TUN)
2.DR:改写请求报文中的MAC地址
3.NAT:realserver将自己的网关指向负载均衡器
LVS的八大调度算法:
轮叫调度(Round-Robin)
加权轮叫调度(Weighted Round-Robin)
最小连接调度(Least-Connection)
加权最小连接调度(Weighted Least-Connection)
基于局部性的最少链接(Locality-Based Least Connections)
带复制基于局部性最少链接(Locality-Based Least Connections with Replication)
目标地址散列调度(Destination Hashing)
源地址散列调度(Source Hashing)
LVS的DR模式:
负载调度器中只负责调度请求,而服务器直接将响应返回给客户,可以极大地提高整个集群系统的吞吐量。VIP地址为调度器和服务器组共享,调度器配置的VIP地址是对外可见的,用于接收虚拟服务的请求报文;所有的服务器把VIP地址配置在各自的Non-ARP网络设备上,它对外面是不可见的,只是用于处理目标地址为VIP的网络请求。Director接收用户的请求,然后根据负载均衡算法选取一台realserver,将包转发过去,最后由realserver直接回复给用户。
######################################DR模式的配置:
1.Director端:
yum install ipvsadm
添加规则:
ipvsadm -C ###清空ipvs转发
ipvsadm -Ln ###查看ipvs转发
ipvsadm -A -t 172.25.104.100:80 -s rr ###-A 添加一个虚拟服务IP,-t 指定类型为tcp
ipvsadm -a -t 172.25.104.100:80 -r 172.25.18.2:80 -g ###设置转发规则
ipvsadm -a -t 172.25.104.100:80 -r 172.25.18.3:80 -g
保存规则:
/etc/init.d/ipvsadm save
(也可将规则直接写入文件/etc/sysconfig/ipvsadm)
绑定VIP:
ipaddr add 172.25.104.100/24 dev eth0
(ifconfig eth0:0 172.25.104.100 netmask 255.255.255.0 up)
启动服务:
/etc/init.d/ipvsadm start
2.realserver端
yum install arptables_jf -y
建立ARP列表:
arptables -A IN -d 172.25.104.100 -j DROP ###Non-ARP 虚拟IP对外不可见
ipaddr add 172.25.104.100/24 dev eth0
arptables -A OUT -s 172.25.104.100 -j mangle --mangle-ip-s 172.25.104.5
保存列表:
/etc/init.d/arptables_jf save
启动服务:
/etc/init.d/arptables_jf start
/etc/init.d/httpd start
3.测试
客户端访问虚拟IP 172.25.104.100 会被Director转发到realserver5,6上轮询调度。
4.排错
在客户端用arp -a查看VIP绑定在哪个MAC上,正确的应该是Director上。不正确则用arp -d 172.25.104.100删除绑定,在realserver上重新建立ARP列表。
###########################################################################
###########################################################################
1.利用ldirectord实现Director的健康检查功能
Director端:
/etc/init.d/ipvsadm stop
ipvsadm -L ###无节点
yum localinstall -y ldirectord-3.9.5-3.1.x86_64.rpm
rpm -ql ldirectord
cp /usr/share/doc/lidirectord-3.9.5/lidirectord.cf /etc/ha.d/
cd /etc/ha.d
vi lidirectord.cf
virtual=172.25.104.100:80
real=172.25.104.5:80 gate
real=172.25.104.6:80 gate
fallback=127.0.0.1:80 gate ###设置自己为备用的realserver
service=http
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
request="index.html"
#receive="Test Page"
#virtualhost=www.x.y.z
/etc/init.d/ldirectord start
ipvsadm -L ###可查看到正常的realserver,如果任意realserver服务出现问题,则查看不到,即具有健康检查
2.heartbeat+ldirectord+lvs具有健康检查的高可用负载均衡
/etc/init.d/ldirectord stop
/etc/init.d/httpd stop
yum install heartbeat heartbeat-devel heartbeat-libs -y
cd /usr/share/doc/heartbeat-3.0.4/
cp ha.cf haresources authkeys /etc/ha.d
cd /etc/ha.d
vi ha.cf
logfile /var/log/ha-log
keepalive 2
deadtime 30
warntime 10
initdead 60
udpport 712
bcast eth0
node server5.example.com
node server6.example.com
ping 172.25.104.250
respawn hacluster /usr/lib64/heartbeat/ipfail
vi haresources
server4.example.com IPaddr::172.25.104.100/24/eth0 ldirectord httpd (指定优先级和虚拟vip)
vi authkeys
auth 1
1 crc
chmod 600 authkeys
/etc/init.d/heartbeat start
在Director备机上同样安装ldirectord和heartbeat,做相同配置。
访问172.25.104.100,则heartbeat自动开启ldirectord服务,实现带健康检查的负载均衡,若主端heartbeat异常,则将服务切到备端。等主端heartbeat恢复,则将服务交还给主端。
3.keepalived+lvs的负载均衡系统
keepalived 自动检测web服务器的状态
tar zxf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
yum install gcc openssl-devel -y
./configure --prefix=/use/local/keepalived
make&&make install
vi /usr/local/keepalived/etc/rc.d/init.d/keepalived ###查看信息,制作软链接
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.104.100
}
}
virtual_server 172.25.104.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#nat_mask 255.255.255.0
#persistence_timeout 50
protocol TCP
real_server 172.25.104.5 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.104.6 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在另一台Directord备机上做相同配置,主备端Virtual_route_id要相同,要更改MASTER为BACK_UP
/etc/init.d/network restart
/etc/init.d/keepalived start
访问172.25.104.18,可负载均衡,可健康检查,可实现高可用,主端keepalived恢复服务会回切。