lvs + keepalived 系统架构

转:http://www.vpsa.net/?post=4

lvs + keepalived负载均衡上线差不多一年,非常稳定,没出过问题,就一次被机房ARP欺骗了'感情'!,做个笔记,顺便方便下大家.

lvs + keepalived 系统架构_第1张图片

首先要确定的是就一个keepalived.conf就可以搞定lvs + keeplived架构.不需要配置转发器.

环境:
lvs主: 192.168.1.201
lvs备: 192.168.1.202

vip1:  192.168.1.210
vip2:  192.168.1.211
 

这用到2个虚拟IP,比如网站用一个(www.abc.com),图片用一个(img.abc.com)。
real1: 192.168.1.203
real2: 192.168.1.204

安装:
运行 ln -s /usr/src/kernels/2.6.18-8.el5-i686 /usr/src/linux    (对应好自己的系统内核)

ubuntu默认可能没内核文件夹,要apt-get,还有个就是keepalived重启脚本,我是用的apt-get install keepalived的,非常好用.

apt-cache search linux-headers-$(uname -r)
sudo apt-get install linux-headers-$(uname -r)
sudo find /usr -name '*linux-kernel*'
ls /usr/src/linux-kernel-headers-2.6.18/
sudo ln -s /usr/src/linux-kernel-headers-2.6.18/ /usr/src/linux

这个很关键,没有这个ipvsadm手动编译会报错,keepalived没运行这命令和运行命令后的结果不同,运行了才有lvs转发器功能.如下图没与有的编译结果:

lvs + keepalived 系统架构_第2张图片

如果Use IPVS Framework IPVS sync daemon support 不支持的话,转发器就没用,所以这必须注意的.

ipvsadm安装

#yum -y install ipvsadm 就可以了

keepalived安装

#./configure --prefix=/usr/local/keepalived
#make && make install
#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
#mkdir /etc/keepalived

然后lvs服务器 vi /etc/keepalived/keepalived.conf
keepalived.conf

! Configuration File for keepalived
global_defs {
   notification_email {
   [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   router_id LVS_DEVEL
}
vrrp_instance VI_1 {
    state MASTER      //从就改成BACKUP
    interface eth0
    virtual_router_id 51
    priority 102          //从的权重要比102小就行
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1234
    }
    virtual_ipaddress {
        192.168.1.210
        192.168.1.211
    }
}


virtual_server 192.168.1.210 80 {
    delay_loop 6                                           #(每隔6秒查询realserver状态)
    lb_algo wrr                                              #wrr 轮询方式
    lb_kind DR                                              #采用DR模式
    persistence_timeout 50                          #(同一IP的连接50秒内被分配到同一台realserver)  这个参数可解决session问题,但时间长不知道会不会影响性能,我设置过1200秒,好像没什么问题,可能是session应用得比较少。
    protocol TCP                                          #(用TCP协议检查realserver状态)
real_server 192.168.1.203 80 {
        weight 3                                              #权重 3
        TCP_CHECK {
        connect_timeout 10                            #(10秒无响应超时)
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}


virtual_server 192.168.1.211 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    persistence_timeout 50
    protocol TCP
real_server 192.168.1.204 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 10
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}
参数说明:
state                       MASTER就是主服务器,BACKUP就是备服务器.
interface                 HA监测网络接口
virtual_router_id     虚拟路由ID,主备的ID必须相同.
mcast_src_ip          (VRRP Multicast)广播源地址,分别取主,备机地址,不能取与virtual_ipaddress相同.
priority                    主备机取不同的优先级,MASTER权值必须要大于BACKUP的权值(范围0-255).
advert_int               广播周期秒数,也就是切换间隔时间,值越小,切换间隔越短.
auth_type               VRRP认证方式.
auth_pass              VRRP认证密码.
virtual_ipaddress    VIP地址.

没必要可以去掉这段邮件通知配置

global_defs {
   notification_email {
   [email protected] #收件地址
        }
   notification_email_from [email protected] #发件地址
   smtp_server 127.0.0.1 #smtp服务器
   smtp_connect_timeout 30 #连接smtp超时时间
   router_id LVS_DEVEL
}


后端服务器(realserver)shell脚本:
lvs-real.sh

#!/bin/bash
VIP=192.168.1.210
/etc/rc.d/init.d/functions
case "$1" in
start)
       ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
       /sbin/route add -host $VIP dev lo:0
       echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
       echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
       echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
       echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
       sysctl -p >/dev/null 2>&1
       echo "RealServer Start OK"
       ;;
stop)
       ifconfig lo:0 down
       route del $VIP >/dev/null 2>&1
       echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
       echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
       echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
       echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
       echo "RealServer Stoped"
       ;;
*)
       echo "Usage: $0 {start|stop}"
       exit 1
esac
exit 0

基本就完了,如果后端是nginx注意配置虚拟主机的时候要 listen 80; 不要 listen ip:80,原因一看就都知道,配置完然后 ipvsadm -ln 看下运行状态

root@ubuntu-lvs01:~# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  129.63.117.102:80 wrr persistent 600
  -> 129.63.117.134:80             Route   1      1127       453       
TCP 129.63.117.103:80 wrr persistent 30
  -> 129.63.117.137:80             Route   1      2621       861       
  -> 129.63.117.98:80              Route   1      2416       729       
TCP  129.63.117.104:80 wrr persistent 30
  -> 129.63.117.136:80             Route   3      7874       3168      
  -> 129.63.117.98:80              Route   1      2619       1095  
 

 如果就单纯的LVS可参考下 http://www.vpsa.net/?post=16  这样会更容易理解LVS里面参数的作用


你可能感兴趣的:(server,tcp,服务器,Authentication,email,delay)