LVS+keepalived 实现高可用与负载均衡实施方案
<Alvin-zeng:孤独0-1>
目录
一、
1.1、环境IP描述:
LVS-DR-Master 192.168.1.3
LVS-DR-herbat 192.168.2.1
LVS-DR-BACKUP 192.168.1.4
LVS-DR-herbat 192.168.2.2
LVS-DR-VIP 192.168.1.254
WEB1-Realserver 192.168.1.5
WEB2-Realserver 192.168.1.6
GateWay 192.168.1.1
注意:所有集群服务器时间要一致
主备操作
注意此步,否则编译回出错,
#: ln -s /usr/src/kernels/2.6.18-194.el5-i686/ /usr/src/linux
#:tar –zxvf ipvsadm-1.24.tar.gz
#:make && make install
#find / -name ipvsadm
#脚本文件,
#:然后将此脚本拷贝到主备的/etc/init.d/下面加上权限 chmod 755 /etc/inint.d/lvs-dr.sh
#:ipvsadm –L 查看规则
#:watch ipvsadm –ln 查实时规则变化
#:vi lvs-dr.sh #:只需修改红色区域
#!/bin/bash
#description: start LVS of DirectorServer
#Written by :NetSeek
#http://www.linuxtone.org
GW="192.168.1.1"
# website director vip.
WEB_VIP="192.168.1.254"
WEB_RIP1="192.168.1.5"
WEB_RIP2="192.168.1.6"
. /etc/rc.d/init.d/functions
logger $0 called with $1
case "$1" in
start)
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
#set lvs vip for dr
/sbin/ipvsadm --set 30 5 60
/sbin/ifconfig eth0:0 $WEB_VIP broadcast $WEB_VIP netmask 255.255.255.255 up
/sbin/route add -host $WEB_VIP dev eth0:0
/sbin/ipvsadm -A -t $WEB_VIP:80 -s rr
/sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP1:80 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP2:80 -g -w 1
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW >/dev/null 2>&1
;;
stop)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $WEB_VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW
echo "ipvsadm stoped"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm is stoped"
exit 1
else
ipvsadm -ln
echo "..........ipvsadm is OK."
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
;;
esac
exit 0
二、
#:tar –zxvf keepalived-1.1.20.tar.gz
#:cd keepalvied-1.1.20
#./concfigure -- -- prefix=/usr/local/keepalived
#: make && make install
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#:mkdir /etc/keepalived
#cpusr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
1:主服务器配置文件内容
#:vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
KeepAlive = false 记加上此段,否则每次在第一次访问的时候,会提示找不到也面,只有刷新一下,才好
}
vrrp_instance VI_1 {
state MASTER #主服务器为MASTER
interface eth1 #检测心跳网口
virtual_router_id 51 #ID值主备要保持一致
priority 100 #:优先级值越大,成为主服务器的优先级就越高
advert_int 1 #:广播周期秒数
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254 #:虚拟VIP地址
}
}
virtual_server 192.168.1.254 80 { #:虚拟VIP地址 与 端口
delay_loop 6
lb_algo rr #:调度算法为RR轮询
lb_kind DR #:体系架构为 DR架构
persistence_timeout 0 #:同一IP 50秒内的请求都发到同个real server
protocol TCP
real_server 192.168.1.5 80 { #:真实WEB服务器地址与端口
weight 3 #:转发伐值,越高调用的越多
TCP_CHECK {
connect_timeout 10 #:连接超时为10秒
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.6 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
1:从务器配置文件内容
#:vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP #:从服务器为BACKUP
interface eth1 #检测心跳网口
virtual_router_id 51 #ID值主备要保持一致
priority 99 #:优先级值越大,成为主服务器的优先级就越高,从为99值
advert_int 1 #:广播周期秒数
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.254 #:虚拟VIP地址
}
}
virtual_server 192.168.1.254 80 { #:虚拟VIP地址 与 端口
delay_loop 6
lb_algo rr #:调度算法为RR轮询
lb_kind DR #:体系架构为 DR架构
persistence_timeout 0 #:同一IP 50秒内的请求都发到同个real server
protocol TCP
real_server 192.168.1.5 80 { #:真实WEB服务器地址与端口
weight 3 #:转发伐值,越高调用的越多
TCP_CHECK {
connect_timeout 10 #:连接超时为10秒
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.6 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
三、
3.1、配置sysctl文件
#:vi /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2
#:sysctl –p 生效
#!/bin/bash
# Written by NetSeek
# description: Config realserver lo and apply noarp
WEB_VIP="192.168.1.254" #:修改VIP,其它的地方不动,
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $WEB_VIP netmask 255.255.255.255 broadcast $WEB_VIP
/sbin/route add -host $WEB_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $WEB_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $WEB_VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $web_VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
Fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
四、
WEB服务器能通过内网正常访问,
然后在两台WB服务器启动relser.sh 脚本
#:/etc/init.d/relser start
在主服务器上启动lvs-dr.sh 脚本
#:/etc/init.d/lvs-dr start
#:ipvsadm –L 查看策略是否生效,正常之后,将 /etc/init.d/lvs-dr stop 关闭掉
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.254:http rr
-> 192.168.1.6:http Route 3 0 0
-> 192.168.1.5:http Route 3 0 0
在主服务与备服务器启动keepalived 脚本
#:etc/init.d/lvs-dr stop 将LVS脚本关闭掉
#: /etc/init.d/keepalived start
#/etc/init.d/keepalived start 启动keepalived 服务,keepalived就能利用keepalived.conf 配置文件,实现负载均衡和高可用.
#:ipvsadm –L 查看keepalvied 是否在停止lvs-dr.sh 脚本后,重新加载策略,
最后:停Master服务器的keepalived服务,查看BAKCUP服务器是否能正常接管服务。
#:watch ipvsadm 查看连接时时状态