LVS+keepalived群集实验——解决调度器单点故障问题
一、实验背景
传统LVS-DR模型,是单调度器,那么当调度器出现故障的时候,就会出现单点故障问题,这时需要keepalived,实现双机热备。
二、keepalived介绍
-
支持故障自动切换(Failover)
-
支持节点健康状态检查(Health Checking)
-
官方网站:http://www.keepalived.org/
-
Keepalived实现原理
Keepalived采用VRRP热备份协议实现Linux服务器的多机热备功能
VRRP ,虚拟路由冗余协议,是针对路由器的一种备份解决方案
- 由多台路由器组成一个热备组,通过共用的虚拟IP地址对外提供服务
- 每个热备组内同一时刻只有一台主路由器提供服务,其他路由器处于冗余状态
- 若当前在线的路由器失效,则其他路由器会根据设置的优先级自动接替虚拟IP地址,继续提供服务
三、实验
| 主调度器 192.168.100:40 |
|---|
| 副调度器192.168.100.41 |
| web1 192.168.100:42 |
| web2 192.168.100.43 |
| NFS共享服务器 192.168.100.44 |
3.1配置主调度器 192.168.100.40
调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
清除负载分配策略
[root@localhost /]# ipvsadm -C
调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.42 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.43 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
###################################################################################3
脚本解释
global_defs {
router_id HA_TEST_R1 ####本路由器的服务器名称 HA_TEST_R1
}
vrrp_instance VI_1 { ####定义VRRP热备实列
state MASTER ####热备状态,master表示主服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 100 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication { ####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress { ####漂移地址(VIP),可以是多个
192.168.100.10
}
}
virtual_server 192.168.100.10 80 { ####虚拟服务器地址(VIP)、端口
delay_loop 15 ####健康检查的时间间隔(秒)
lb_algo rr ####轮询调度算法
lb_kind DR ####直接路由(DR)群集工作模式
persistence 60 ####连接保持时间(秒),若启用请去掉!号
protocol TCP ####应用服务采用的是TCP协议
real_server 192.168.100.42 80 { ####第一个WEB站点的地址,端口
weight 1 ####节点的权重
TCP_CHECK { ####健康检查方式
connect_port 80 ####检查端口目标
connect_timeout 3 ####连接超时(秒)
nb_get_retry 3 ####重试次数
delay_before_retry 4 ####重试间隔(秒)
}
}
real_server 192.168.100.43 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####################################################################
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fifo_fast state UP group default qlen 1000
link/ether 00:0c:29:bb:29:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.10/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:febb:29cc/64 scope link
valid_lft forever preferred_lft forever
3.2配置辅调度器 192.168.100.41
调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
清除负载分配策略
[root@localhost /]# ipvsadm -C
调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.42 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.43 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
#####################################################################
global_defs {
router_id HA_TEST_R2 ####本路由器的服务器名称 HA_TEST_R2
}
vrrp_instance VI_1 { ####定义VRRP热备实列
state BACKUP ####热备状态,backup表示辅服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 99 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication { ####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress { ####漂移地址(VIP),可以是多个
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.42 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.43 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
####################################################################
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:44:0b:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.41/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
####抓包查看调度器情况####
查看调度器发出的VRRP包信息。。。。
3.3配置存储服务器:192.168.100.44
rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24 (rw,sync)
/opt/52xit 192.168.100.0/24 (rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "this is 51xit" >/opt/51xit/index.html
[root@localhost ~]# echo "this is 52xit" >/opt/52xit/index.html
3.4配置节点服务器:192.168.100.42
配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.42 netmask 255.255.255.0 broadcast 192.168.32.255
inet6 fe80::8edf:281f:bd34:b245 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:22:ca:a7 txqueuelen 1000 (Ethernet)
RX packets 787 bytes 91078 (88.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 366 bytes 54581 (53.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 884 bytes 76416 (74.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 884 bytes 76416 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ca:42:28 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.44 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.44:
/opt/51xit (everyone)
/opt/52xit (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.44:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.44:/opt/51xit/ /var/www/html/ nfs rw,tcp,intr 0 1 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
192.168.100.42测试网站是否正常
3.5配置节点服务器:192.168.100.43
配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.43 netmask 255.255.255.0 broadcast 192.168.32.255
inet6 fe80::8edf:281f:bd34:b245 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:22:ca:a7 txqueuelen 1000 (Ethernet)
RX packets 787 bytes 91078 (88.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 366 bytes 54581 (53.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 884 bytes 76416 (74.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 884 bytes 76416 (74.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ca:42:28 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
安装httpd 挂载测试页
[root@localhost ~]# showmount -e 192.168.100.44 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.44:
/opt/accp (everyone)
/opt/bdqn (everyone)
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.44:/opt/52xit /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.44:/opt/52xit/ /var/www/html/ nfs rw,tcp,intr 0 1 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
测试网站
3.6测试
1、测试主调度器是否正常工作
打开抓包工具,会发现192.168.100.40主调度器,一直在发VRRP报文
打开浏览器 192.168.100.10 出现 this is 51xit
再刷新一下 出现this is 52xit
主调度器正常
2、测试辅调度器是否正常工作
停止主服务器的keepadlive systemctl stop keepalived.service
打开抓包工具,会发现192.168.100.41辅调度器,一直在发VRRP报文
打开浏览器 192.168.100.10 出现 this is 51xit
刷新, 打开浏览器 192.168.100.10 出现 this is 52xit
辅调度器正常