HA Cluster的實(shí)現(xiàn)方案
vrrp協(xié)議的實(shí)現(xiàn):keepalived
VRRP協(xié)議的目的就是為了解決靜態(tài)路由單點(diǎn)故障問題荒适;VRRP通過競選(election)協(xié)議來動(dòng)態(tài)的將路由任務(wù)交給LAN中虛擬路由器中的某臺(tái)VRRP路由器。
vrrp協(xié)議
(Virtual Redundant Routing Protocol):虛擬冗余路由協(xié)議
vrrp中的術(shù)語 | |
---|---|
VR | 虛擬路由器 |
VRID | 虛擬路由器的標(biāo)識(shí)號(0-255) |
Master(Active) | 主路由器(活動(dòng)節(jié)點(diǎn)) |
Backup(Passive) | 備份路由器(被動(dòng)節(jié)點(diǎn)) |
VIP | 虛擬IP地址址遇;流動(dòng)(浮動(dòng))IP |
VMAC | VIP對應(yīng)的虛擬MAC地址(48位)戴涝;00-00-5E-00-01-{VRID} |
優(yōu)先級 | 初始化過程中就決定了優(yōu)先級 |
gracious arp | 免費(fèi)arp廣播 |
vrrp工作方式
- 搶占式:如果 Backup 路由器工作在搶占方式下滋戳,當(dāng)它收到 VRRP 報(bào)文后會(huì)將自己的優(yōu)先級與通告報(bào)文中的優(yōu)先級進(jìn)行比較。如果自己的優(yōu)先級比當(dāng)前的 Master 路由器的優(yōu)先級高就會(huì)主動(dòng)搶占成為 Master 路由器否則將保持 Backup 狀態(tài)啥刻。
- 非搶占式:如果 Backup 路由器工作在非搶占方式下則只要 Master 路由器沒有出現(xiàn)故障Backup 路由器即使隨后被配置了更高的優(yōu)先級也不會(huì)成為Master 路由器奸鸯。
vrrp認(rèn)證方式與工作模式
認(rèn)證方式
- 無認(rèn)證
- 簡單字符串認(rèn)證:預(yù)共享密鑰
- md5認(rèn)證
工作模式
- master-backup模式
- master-master模式
vrrp工作原理
一個(gè)VRRP路由器有唯一的標(biāo)識(shí):VRID,范圍為0-255可帽,該路由器對外表現(xiàn)為唯一的虛擬MAC地址娄涩,地址的格式為00-00-5E- 00-01-[VRID],主控路由器負(fù)責(zé)對ARP請求用該MAC地址應(yīng)答蘑拯,保證給終端設(shè)備的是唯一一致的IP和MAC地址钝满,減少了切換對終端設(shè)備的影響兜粘。
VRRP控制報(bào)文只有一種:
VRRP通告(advertisement)使用IP多播數(shù)據(jù)包進(jìn)行封裝申窘,組地址為224.0.0.18,發(fā)布范圍只限于同一局域網(wǎng)內(nèi)孔轴。這保證了VRID在不同網(wǎng)絡(luò)中可以重復(fù)使用剃法。在VRRP路由器組中按優(yōu)先級選舉主控路由器
為了保證VRRP協(xié)議的安全性,提供了兩種安全認(rèn)證措施:明文認(rèn)證和IP頭認(rèn)證
vrrp優(yōu)勢
- 負(fù)載共享:允許來自LAN客戶端的流量由多個(gè)路由器設(shè)備所共享路鹰;
- 多VRRP組:在一個(gè)路由器物理接口上可配置多達(dá)255個(gè)VRRP組贷洲;
- 搶占:在master故障時(shí)允許優(yōu)先級更高的backup成為master;
- 通告協(xié)議:使用IANA所指定的組播地址224.0.0.18進(jìn)行VRRP通告晋柱;
- VRRP追蹤:基于接口狀態(tài)來改變其VRRP優(yōu)先級來確定最佳的VRRP路由器成為master优构;
- 冗余:可以使用多個(gè)路由器設(shè)備作為LAN客戶端的默認(rèn)網(wǎng)關(guān),大大降低了默認(rèn)網(wǎng)關(guān)成為單點(diǎn)故障的可能性雁竞;
- 多IP地址:基于接口別名在同一個(gè)物理接口上配置多個(gè)IP地址钦椭,從而支持在同一個(gè)物理接口上接入多個(gè)子網(wǎng)拧额;
keepalived
Keepalived是基于VRRP協(xié)議實(shí)現(xiàn)的保證集群高可用的一個(gè)服務(wù)軟件,運(yùn)行在LVS之上彪腔,它的主要功能是實(shí)現(xiàn)真機(jī)的故障隔離及負(fù)載均衡器間的失敗切換FailOver侥锦,可以防止單點(diǎn)故障。LVS結(jié)合keepalived德挣,就實(shí)現(xiàn)了3層恭垦、4層、5/7層交換的功能
ka能夠根據(jù)配置文件中定義自動(dòng)生成ipvs規(guī)則(增格嗅、刪)番挺,并能夠?qū)Ω鱎S的健康狀態(tài)進(jìn)行檢測;
支持vrrp_script接口屯掖,vrrp_track建芙;
通過編寫vrrp腳本,通過vrrp_track跟蹤各種服務(wù)懂扼;
keepalived組件
控制面板(組件):配置文件分析器禁荸,內(nèi)存管理,IO復(fù)用
核心組件:vrrp stack阀湿,checker赶熟,ipvs wrapper,watch dog陷嘴,smtp接口
只支持簡單字符串認(rèn)證
組件 | |
---|---|
vrrp stack | 實(shí)現(xiàn)vrrp協(xié)議 |
smtp | 發(fā)送通知郵件映砖;可在地址流動(dòng)時(shí)發(fā)郵件,還可根據(jù)checkers檢查后把宕機(jī)從從ipvs規(guī)則中移除灾挨,發(fā)出此郵件 |
checkers | 檢測后端RS健康狀態(tài)邑退,可基于tcp、htp劳澄、ssl地技、misc檢測;發(fā)現(xiàn)宕機(jī)就從ipvs規(guī)則中移除 |
watchdog | 實(shí)現(xiàn)監(jiān)控vrrp stack和checkers的健康 |
ipvs wrapper | checkers通過調(diào)用該包裝器秒拔,來實(shí)現(xiàn)在ipvs中添加莫矗、刪除或修改規(guī)則 |
HA Cluster配置的前提:(各調(diào)度器)
(1)各節(jié)點(diǎn)時(shí)間同步
基于ntp協(xié)議同步,chrony(centos 7)
(2)確保iptables及selinux不會(huì)阻礙
心跳信息傳遞:3種方式
- 單播
- 廣播
- 組播:最佳使用方式砂缩;組播地址:224.0.0.0-239.0.0.0
(3)各節(jié)點(diǎn)之間可通過主機(jī)名相互通信(對ka并非必須作谚,ka是無所謂的)
名稱解析服務(wù)的解析結(jié)果必須與“uname -n”命令的結(jié)果一致;
如果是主機(jī)名通信庵芭,dns解析名必須與真實(shí)主機(jī)名一致妹懒;
(4)各節(jié)點(diǎn)之間的root用戶可以基于密鑰認(rèn)證的sh通信,(對ka并非必須双吆,ka無所謂)
配置示例
準(zhǔn)備兩臺(tái)centos7主機(jī)眨唬,先做時(shí)間同步:
[root@node1 ~]# ntpdate 172.18.0.1
創(chuàng)建自動(dòng)計(jì)劃任務(wù)滔悉,向時(shí)間服務(wù)器每5分鐘同步一次時(shí)間
[root@node1 ~]# crontab -e
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null
安裝keepalived并配置
[root@node1 ~]# yum -y install keepalived
...
Complete!
[root@node1 ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
...
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# cp keepalived.conf{,.bak}
[root@node1 keepalived]# vim /etc/keepalived/keepalived.conf
:set nohlsearch
:.,$s/^/#/g
#先只配置全局段和虛擬路由實(shí)例段,其它都注釋单绑;
global_defs { #全局配置段
notification_email { #接收通告郵件的地址回官,收件人
root@localhost
}
notification_email_from kaadmin@magedu.com #發(fā)件人
vrrp_iptables #不自動(dòng)生產(chǎn)iptables規(guī)則
smtp_server 127.0.0.1 #配置郵件服務(wù)器,要求能在互聯(lián)網(wǎng)上正反解析搂橙;
smtp_connect_timeout 30 #郵件服務(wù)器的超時(shí)時(shí)長
router_id node1 #定義當(dāng)前路由器設(shè)備的ID號歉提,一般為主機(jī)名;
vrrp_mcast_group4 224.0.11.18 #組播地址区转,默認(rèn)為224.0.0.18苔巨,但是集群里的所有節(jié)點(diǎn)都有使用此地址;表示同一個(gè)組播域废离;
}
vrrp_instance VI_1 { #虛擬路由器配置段侄泽,實(shí)例名稱為VI_1,也可自定義蜻韭;
state MASTER #當(dāng)前節(jié)點(diǎn)在此虛擬路由器中的初始狀態(tài)悼尾;表示為主節(jié)點(diǎn);取值為:MASTER|BACKUP肖方;
interface eno16777736 #表示vrrp發(fā)送通告的接口闺魏;
virtual_router_id 11 #虛擬路由器ID,范圍0-255俯画;
priority 100 #當(dāng)前物理節(jié)點(diǎn)在此虛擬路由器中的優(yōu)先級析桥;
advert_int 1 #表示vrrp的通告的時(shí)間間隔;為1秒艰垂;
authentication { #認(rèn)證方式
auth_type PASS #使用簡單密碼認(rèn)證
auth_pass vHFHLlTA #隨機(jī)隨機(jī)字符串泡仗,可使用openssl rand -base64 10生成,前8位字符有效猜憎;娩怎;
}
virtual_ipaddress { #定義虛擬IP,不指明則為前面的interface指明的接口地址拉宗;
172.18.11.66 #網(wǎng)卡別名地址峦树,可寫為172.18.11.66 dev eno16777736 label eno16777736:0
}
}
配置文件復(fù)制到另一調(diào)度器172.18.11.121上
[root@node1 ~]# scp keepalived.conf root@172.18.11.121:/etc/keepalived
在172.18.11.121編輯該配置文件
[root@node2 ~]# vim /etc/keepalived/keepalived.conf
修改:
state BACKUP #修改為備用
priority 50 #修改小優(yōu)先級;
#密碼旦事、router_id、vrrp_mcast_group4要保存一致急灭;
在兩個(gè)調(diào)度器上開啟keepalived服務(wù)
[root@node1 ~]# systemctl start keepalived.service
[root@node2 ~]# systemctl start keepalived.service
分別查看兩個(gè)調(diào)度器姐浮,VIP地址是否自動(dòng)在主服務(wù)器的接口別名上:
[root@node1 ~]# ip addr l
[root@node2 ~]# ip addr l
[root@node1 ~]# tail /var/log/messages
[root@node2 ~]# tail /var/log/messages
手動(dòng)使172.18.11.111主用服務(wù)器停止keepalived服務(wù),再查看
[root@node1 ~]# ip addr l]# systemctl stop keepalived.service
用另一終端查看日志信息不退出
[root@centos7 ~]# tail -f /var/log/messages
顯示部分內(nèi)容:
May 10 05:25:01 localhost systemd: Stopping LVS and VRRP High Availability Monitor...
May 10 05:25:01 localhost Keepalived_vrrp[4258]: VRRP_Instance(VI_1) sending 0 priority 發(fā)送優(yōu)先級為0的報(bào)文葬馋;
May 10 05:25:01 localhost Keepalived_vrrp[4258]: VRRP_Instance(VI_1) removing protocol VIPs. 移除VIP的協(xié)議
May 10 05:25:01 localhost Keepalived_healthcheckers[4257]: Netlink reflector reports IP 172.18.11.66 removed 移除VIP
May 10 05:25:01 localhost systemd: Stopped LVS and VRRP High Availability Monitor
在另一調(diào)度器172.18.11.121上卖鲤,查看日志
[root@node2 ~]# tail /var/log/messages
May 9 08:09:21 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Transition to MASTER STATE 稱為主用服務(wù)器
May 9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Entering MASTER STATE 確認(rèn)主用狀態(tài)
May 9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) setting protocol VIPs. 設(shè)置
May 9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eno16777736 for 172.18.11.66 發(fā)送免費(fèi)ARP報(bào)文
May 9 08:09:22 localhost Keepalived_healthcheckers[3880]: Netlink reflector reports IP 172.18.11.66 added 獲得VIP地址
May 9 08:09:27 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eno16777736 for 172.18.11.66
May 9 08:10:01 localhost systemd: Started Session 58 of user root.
May 9 08:10:01 localhost systemd: Starting Session 58 of user root.
May 9 08:10:01 localhost systemd: Started Session 59 of user root.
May 9 08:10:01 localhost systemd: Starting Session 59 of user root.
再手動(dòng)使172.18.11.111主用服務(wù)器上線:
[root@node1 ~]# systemctl start keepalived.service
#默認(rèn)工作在搶占模式肾扰;優(yōu)先級高的會(huì)自動(dòng)成為主用服務(wù)器;
這就是keepalived自動(dòng)完成地址浮動(dòng)蛋逾;
修改兩個(gè)調(diào)度器的VIP別名:
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
virtual_ipaddress{
172.18.11.66 dev eno16777736 label eno16777736:0
}
把兩個(gè)調(diào)度器停止keepalived服務(wù):
先啟動(dòng)優(yōu)先級低的服務(wù)器:172.18.11.121:
[root@node2 ~]# systemctl start keepalived.service
此時(shí)使用ifconfig
命令集晚,engine查看網(wǎng)卡別名,已經(jīng)自動(dòng)加上了区匣;
再啟動(dòng)優(yōu)先級高的服務(wù)器:172.18.11.111:
[root@node1 ~]# systemctl start keepalived.service
vrrp有兩種工作模型:主/備偷拔,主/主
為了提高利用率,就使用主/主工作模型亏钩;
即A主B從莲绰,B主A從;這樣AB都能發(fā)揮作用姑丑;在外部都稱為主時(shí)蛤签,可在前端dns配置A記錄把兩個(gè)ip都配置在一個(gè)主機(jī)名上即可;
但在有些場景中栅哀,AB都稱為主時(shí)不是配置在同一網(wǎng)卡上的兩個(gè)不同的別名诵闭,而是分別配置在兩塊網(wǎng)卡上馏鹤;
AB每個(gè)主機(jī)都有兩塊網(wǎng)卡,一塊網(wǎng)卡面向外網(wǎng),一塊網(wǎng)卡面向內(nèi)網(wǎng)通信贸宏;期望通信時(shí),這兩個(gè)地址都是VIP驾凶,只不過铛碑,前面外網(wǎng)是虛擬路由器1,內(nèi)網(wǎng)是虛擬路由器2竞帽;
里面的別名配置在內(nèi)網(wǎng)網(wǎng)卡上扛施,外面的別名配置在外網(wǎng)網(wǎng)卡上;當(dāng)外網(wǎng)其中一個(gè)線路掉線時(shí)屹篓,可自動(dòng)切換到另一個(gè)外網(wǎng)網(wǎng)卡的服務(wù)器上疙渣,要求而也要內(nèi)網(wǎng)同樣要切換;要求內(nèi)外通信使用VIP堆巧,所以沒有必要切換的內(nèi)網(wǎng)也要切換妄荔;
這種把兩個(gè)虛擬路由器,配置為只能對一個(gè)設(shè)備是主服務(wù)器谍肤,同進(jìn)同退啦租,這種就叫做一個(gè)同步組;
安裝keepalived
Centos6.4+荒揣,程序包已經(jīng)在base源中提供篷角;
centos 7
主配置文件:/etc/keepalived/keepalived.conf
Unit file:/usr/lib/systemd/system/keepalived.service
配置文件:/etc/sysconfig/keepalived
配置文件內(nèi)容塊:
GLOBAL CONFIGURATION
#全局配置段,對所有vvrp實(shí)例虛擬服務(wù)器都是生效系任;
global_defs {
...
}
VRRPD CONFIGURATION #虛擬路由器同步組配置段
vrrp_sync_group VG_1 {
...
}
VRRP instance(s) #虛擬路由器實(shí)例配置段
vrrp_instance INST_NAME {
...
}
LVS CONFIGURATION #集群配置段
virtual_server_group <STRING> { #虛擬服務(wù)器組配置段
...
}
Virtual server(s) #虛擬服務(wù)器配置段
virtual_server IP port |
virtual_server fwmark int { #十進(jìn)制的整數(shù)恳蹲,(實(shí)際最終用的是十六進(jìn)制數(shù))
protocol TCP #注意:keepalived只支持tcp虐块;
...
real_server <IPADDR> <PORT>{ #真實(shí)后端服務(wù)器配置段
...
}
}
全局配置段示例
global_defs {
notification_email { #用于指定報(bào)警郵件發(fā)往的郵箱地址
root@localhost
}
notification_email_from keepalived@localhost #用于指定報(bào)警郵件的發(fā)件人
smtp_server 127.0.0.1 #用于指定郵件服務(wù)器的地址
smtp_connect_timeout 30 #用于指定郵件服務(wù)器的連接超時(shí)時(shí)長
router_id node1 #路由器的標(biāo)識(shí)
vrrp_mcast_group4 224.0.100.19 #用于設(shè)置vrrp的廣播地址,在同一個(gè)HA cluster中的機(jī)器嘉蕾,要確保其廣播地址一致才能接受到相應(yīng)的vrrp報(bào)文
vrrp_strict #執(zhí)行嚴(yán)格的vrrp協(xié)議檢查贺奠,某些情況下會(huì)禁止到vip的訪問。
}
Static routes/address/rules:用于配置keepalived中不會(huì)被VRRP移除的靜態(tài)地址错忱、路由或者規(guī)則儡率,一般不會(huì)使用。
VRRP相關(guān)配置段示例
vrrp_instance <STRING> {
state MASTER|BACKUP #用于指定此虛擬路由器在vrrp組的角色狀態(tài)
interface eno16777736 #用于綁定當(dāng)前虛擬路由器所使用的物理接口
virtual_router_id 14 #用于指定當(dāng)前虛擬路由器在vrrp組的唯一標(biāo)識(shí)id航背,范圍為0-255
priority 100 #用于設(shè)置當(dāng)前虛擬路由器在vrrp組里面的優(yōu)先級喉悴,范圍為1-254;
advert_int 1 #用于設(shè)置虛擬路由器發(fā)送vrrp通告的時(shí)間間隔
nopreempt|preempt #定義工作模式為非搶占或搶占模式玖媚;
preempt_delay 300 #定義在搶占式模式下箕肃,節(jié)點(diǎn)上線后觸發(fā)新選舉操作的延遲時(shí)長;
authentication { #用于設(shè)置vrrp組協(xié)商的方式及密碼
auth_type PASS #定義認(rèn)證類型為簡單密碼認(rèn)證
auth_pass 571f97b2 #定義密碼串今魔,最長不超過8個(gè)字符
}
virtual_ipaddress { #用于指定需要在綁定的物理接口上添加的虛擬ip地址
#<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
172.18.11.66/16 dev eno16777736
}
track_interface { #配置需要監(jiān)控的網(wǎng)絡(luò)接口勺像,一旦接口出現(xiàn)故障,此虛擬路由器轉(zhuǎn)為FAULT狀態(tài)
eth0
eth1
...
}
track_script { #用于調(diào)用在vrrp_script中定義的腳本错森,然后根據(jù)腳本的來進(jìn)行監(jiān)控調(diào)整
<SCRIPT_NAME>
<SCRIPT_NAME> weight <-254..254>
}
notify_master <STRING>|<QUOTED-STRING> #當(dāng)前節(jié)點(diǎn)成為主節(jié)點(diǎn)時(shí)觸發(fā)的通知腳本吟宦;
notify_backup <STRING>|<QUOTED-STRING> #當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為備節(jié)點(diǎn)時(shí)觸發(fā)的通知腳本;
notify_fault <STRING>|<QUOTED-STRING> #當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為“失敗”狀態(tài)時(shí)觸發(fā)的通知腳本涩维;
notify_stop <STRING>|<QUOTED-STRING> #當(dāng)前節(jié)點(diǎn)停止時(shí)所觸發(fā)的通知腳本
}
VRRP script(s):用于定義周期性執(zhí)行的腳本殃姓,可定義調(diào)用用于檢查相應(yīng)的服務(wù)或Ip的狀態(tài)的腳本。
vrrp_script <SCRIPT_NAME> { #定義周期執(zhí)行的腳本瓦阐,此腳本的退出碼決定了當(dāng)前監(jiān)控的vrrp組的運(yùn)行狀態(tài)
script <STRING>|<QUOTED-STRING> #定義執(zhí)行腳本的存放路徑
interval INT #定義調(diào)用執(zhí)行腳本的周期蜗侈,默認(rèn)為1s。
timeout <INTEGER> # 腳本執(zhí)行超時(shí)時(shí)間睡蟋,腳本執(zhí)行超時(shí)后踏幻,則被認(rèn)為失敗
rise <INTEGER> # 定義腳本檢查成功多少次,才認(rèn)可當(dāng)前的狀態(tài)為正常
fall <INTEGER> #定義檢查失敗多少次戳杀,才認(rèn)為當(dāng)前狀態(tài)為失敗
}
LVS配置段示例
Virtual server(s):用于定義虛擬服務(wù)器的設(shè)置该面,虛擬服務(wù)器可以用Ip端口、fwmark或virtual server group來定義信卡。
virtual_server IP port | virtual_server fwmark <int> |virtual_server group string
{
delay_loop <INT> #=服務(wù)輪詢的時(shí)間間隔隔缀;
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定義調(diào)度方法;
lb_kind NAT|DR|TUN #集群的類型坐求;
persistence_timeout <INT> #持久連接時(shí)長蚕泽;
protocol TCP|UDP|SCTP #服務(wù)協(xié)議;
sorry_server <IPADDR> <PORT> #備用服務(wù)器地址桥嗤;
real_server <IPADDR> <PORT>{
weight <INT> #設(shè)置real server的權(quán)重
notify_up <STRING>|<QUOTED-STRING> #當(dāng)出現(xiàn)匹配字符串時(shí)须妻,就認(rèn)為服務(wù)是up的
notify_down <STRING>|<QUOTED-STRING> #當(dāng)出現(xiàn)匹配字符串時(shí),就認(rèn)為服務(wù)是down的
HTTP_GET|SSL_GET { #對real server作應(yīng)用層檢測
url {
path <URL_PATH> #定義要監(jiān)控的URL泛领;
status_code <INT> #判斷上述檢測機(jī)制為健康狀態(tài)的響應(yīng)碼荒吏;
digest <STRING> #判斷上述檢測機(jī)制為健康狀態(tài)的響應(yīng)的內(nèi)容的校驗(yàn)碼;
}
nb_get_retry <INT> #重試次數(shù)渊鞋;
delay_before_retry <INT> #重試之前的延遲時(shí)長绰更;
connect_ip <IP ADDRESS> #向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測請求
connect_port <PORT> #向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測請求
bindto <IP ADDRESS> #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源地址;
bind_port <PORT> #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源端口锡宋;
connect_timeout <INTEGER> #連接請求的超時(shí)時(shí)長儡湾;
}
TCP_CHECK {
connect_ip <IP ADDRESS> #向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測請求
connect_port <PORT> #向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測請求
bindto <IP ADDRESS> #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源地址;
bind_port <PORT> #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源端口执俩;
connect_timeout <INTEGER> #連接請求的超時(shí)時(shí)長徐钠;
}
}
}
高可用的ipvs集群
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.93/16 dev eno16777736
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 10.1.0.93 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.1.0.69 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.1.0.71 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
TCP_CHECK {
nb_get_retry 3
delay_before_retry 2
connect_timeout 3
}
}
}
雙主模型
主機(jī)配置:
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.18.11.66/16 dev eno16777736
}
}
vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 15
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
172.18.11.66/16 dev eno16777736
}
}
備機(jī)配置:
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777736
virtual_router_id 16
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
172.18.11.66/16 dev eno16777736
}
}
vrrp_instance VI_2 {
state MASTER
interface eno16777736
virtual_router_id 17
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 578f07b2
}
virtual_ipaddress {
172.18.11.66/16 dev eno16777736
}
}
通告腳本
可定義短信網(wǎng)關(guān)、微信網(wǎng)關(guān)役首、郵件服務(wù)器等方式發(fā)送尝丐;
此處,僅以本地郵件服務(wù)編寫腳本衡奥;
[root@node1 ~]# vim notify.sh
#!/bin/bash
#
contact='root@localhost'
notify(){
mailsuject="$(hostname) to be $1:vip floating"
mailbody="$(date +'%F %T'):vrrp transition,$(hostname) change to be $1"
echo $mailbody |mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify bakcup
;;
fault)
notify fault
;;
*)
echo "Usage :$(basename $0) {master|backup|fault}"
;;
esac
[root@node1 ~]# chmod +x notify.sh
[root@node1 ~]# ./notify.sh master
[root@node1 ~]# mail
顯示:
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Tue May 10 05:55 18/682 ""
& 1 輸入1查看郵件1
部分內(nèi)容:
2016-05-10 05:55:33:vrrp transition,localhost.localdomain change to be master
exit 退出郵件
把通告腳本復(fù)制給另一調(diào)度器上
[root@node1 ~]# scp notify.sh root@172.18.11.121:/etc/keepalived
在兩個(gè)調(diào)度器上配置通告腳本
[root@node2 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
把兩個(gè)調(diào)度器停止keepalived服務(wù)器
[root@node1 ~]# systemctl stop keepalived.service
[root@node2 ~]# systemctl stop keepalived.service
[root@node1 ~]# mail
[root@node2 ~]# mail
刪除已有郵件爹袁,為后續(xù)清空環(huán)境;
d 1
d 2
再先后啟動(dòng)兩個(gè)調(diào)度器keepalived服務(wù)器
先啟動(dòng)優(yōu)先級低的備用調(diào)度器:
[root@node2 ~]# systemctl start keepalived.service
[root@node2 ~]# mail
顯示:剛啟動(dòng)發(fā)一個(gè)郵件為backup的矮固,因?yàn)橹挥幸粋€(gè)調(diào)度器失息,過一會(huì)又收到一個(gè)郵件成為master;
再啟動(dòng)優(yōu)先級高的調(diào)度器:
[root@node1 ~]# mail
則查看档址,顯示也收到2條郵件盹兢,均為master信息;
通告腳本示例:
#!/bin/bash
#
contact='root@localhost'
notify(){
mailsuject="$(hostname) to be $1:vip floating"
mailbody="$(date +'%F %T'):vrrp transition,$(hostname) change to be $1"
echo $mailbody |mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify bakcup
;;
fault)
notify fault
;;
*)
echo "Usage :$(basename $0) {master|backup|fault}"
;;
esac
調(diào)用方法:
vrrp_instanace <STRING>{
...
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
注意:腳本路徑要使用雙引號辰晕;
示例:keepalived的主從架構(gòu)
搭建RS1和RS2
首先安裝nginx程序:
[root@RS1 ~]# yum install -y epel-release
[root@RS1 ~]# yum install -y nginx
然后編輯/etc/hosts文件:
[root@RS1 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2
隨后修改/usr/share/nginx/html/index.html 內(nèi)容為如下:
[root@RS1 ~]# vim /usr/share/nginx/html/index.html
<h1>This is RS1 192.168.0.83</h1>
啟動(dòng)nginx:
[root@RS1 ~]# systemctl start nginx
關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:
[root@RS1 ~]# systemctl stop firewalld
[root@RS1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0
接著在RS1上配置lvs-dr的配置蛤迎,首先創(chuàng)建rs腳本:
[root@RS1 ~]# vim RS.sh
#/bin/bash
vip=192.168.0.99
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 $vip netmask $mask broadcast $vip up
route add -host $vip dev lo:0
;;
stop)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage $(basename $0) start|stop "
exit 1
;;
esac
隨后執(zhí)行RS腳本:
[root@RS1 ~]# bash -x RS.sh start
+ vip=192.168.0.99
+ mask=255.255.255.255
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
+ ifconfig lo:0 192.168.0.99 netmask 255.255.255.255 broadcast 192.168.0.99 up
+ route add -host 192.168.0.99 dev lo:0
重復(fù)以上步驟并結(jié)合相應(yīng)的信息搭建RS2。
搭建DR1
首先yum安裝keepalived和ipvsadm程序包:
[root@DR1 ~]# yum install -y ipvsadm keepalived
然后編輯/etc/hosts文件:
[root@DR1 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2
隨后編輯/etc/keepalived/keepalived.conf文件:
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id DR1
vrrp_mcast_group4 224.0.0.0.20
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ^&IUYH*&
}
virtual_ipaddress {
192.168.0.99/24 dev eno16777736 label eno16777736:0
}
}
virtual_server 192.168.0.99 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.0.83 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.0.84 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
啟動(dòng)keepalived含友,查看ipvsadm和接口的狀態(tài):
[root@DR1 ~]# systemctl start keepalived
[root@DR1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.99:http rr
-> 192.168.0.83:http Route 1 1 4
-> 192.168.0.84:http Route 1 1 80
[root@DR1 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.81 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fe21:59b9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:21:59:b9 txqueuelen 1000 (Ethernet)
RX packets 62277 bytes 72099132 (68.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21742 bytes 2744670 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.99 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:21:59:b9 txqueuelen 1000 (Ethernet)
關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:
[root@DR1 ~]# systemctl stop firewalld
[root@DR1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR1 ~]# setenforce 0
搭建DR2
首先yum安裝keepalived和ipvsadm程序包:
[root@DR2 ~]# yum install -y ipvsadm keepalived
然后編輯/etc/hosts文件:
[root@DR2 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2
隨后編輯/etc/keepalived/keepalived.conf文件:
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id DR2
vrrp_mcast_group4 224.0.0.0.20
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 1
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass ^&IUYH*&
}
virtual_ipaddress {
192.168.0.99/24 dev ens33 label ens33:0
}
}
virtual_server 192.168.0.99 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.0.83 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.0.84 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
最后啟動(dòng)keepalived并查看ipvsadm的狀態(tài):
[root@DR2 ~]# systemctl start keepalived
[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.99:80 rr
-> 192.168.0.83:80 Route 1 0 0
-> 192.168.0.84:80 Route 1 0 0
[root@DR2 ~]# ifconfig #因?yàn)镈R2的角色為BACKUP替裆,因此不會(huì)創(chuàng)建Ip為192.168.0.99的子接口
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.87 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::5e4b:719d:3781:43a0 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4c6e:8b7e:2dcd:665d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:26:a3:20 txqueuelen 1000 (Ethernet)
RX packets 34041 bytes 27376635 (26.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14131 bytes 2169836 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 101 bytes 8902 (8.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 101 bytes 8902 (8.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:
[root@DR2 ~]# systemctl stop firewalld
[root@DR2 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR2 ~]# setenforce 0
測試訪問
在客戶端上測試訪問vip所提供的服務(wù):
[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
此時(shí)DR1為主機(jī),DR2為備機(jī)窘问,兩者都工作正常辆童,因此請求連接是由DR1來處理。
那么我們模擬DR1宕機(jī)惠赫,把DR1的服務(wù)停用后把鉴,再來觀察DR2的狀態(tài)和客戶端的訪問情況。
DR2的keepalived狀態(tài):
[root@DR2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-05-29 14:34:08 CST; 1h 29min ago
Process: 11808 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 11809 (keepalived)
CGroup: /system.slice/keepalived.service
├─11809 /usr/sbin/keepalived -D
├─11810 /usr/sbin/keepalived -D
└─11811 /usr/sbin/keepalived -D
May 29 16:03:06 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) removing protocol VIPs.
May 29 16:03:47 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Entering MASTER STATE
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) setting protocol VIPs.
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
DR2檢測到DR1的宕機(jī),主動(dòng)變成了MASTER狀態(tài)庭砍。
在客戶端的訪問情況:
[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
此時(shí)DR1模擬為宕機(jī)狀態(tài)场晶,DR2為MASTER,客戶端的訪問不受影響怠缸。
示例:Keepalived的主主架構(gòu)
此處以上面主從架構(gòu)的拓?fù)錇槔幔瑢⒅鲝募軜?gòu)更改為主主架構(gòu),首先我們需更改DR1和DR2的keepalived的配置揭北,然后要在RS1和RS2上添加lvs-dr中與192.168.0.98虛擬IP相關(guān)的配置扳炬。
DR模式開啟ip轉(zhuǎn)發(fā)
[root@DR1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
修改DR1
編輯/etc/keepalived/keepalived.conf文件
[root@DR1 ~]# vim /etc/keepalived/keepalived.conf
#添加如下配置
vrrp_instance VI_2 {
state BACKUP
interface eno16777736
virtual_router_id 2
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass POM123(*
}
virtual_ipaddress {
192.168.0.98/24 dev eno16777736 label eno16777736:1
}
}
#添加虛擬服務(wù)器組backend
virtual_server_group backend {
192.168.0.99 80
192.168.0.98 80
}
#修改虛擬服務(wù)器調(diào)用虛擬服務(wù)器組
virtual_server group backend {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.0.83 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.0.84 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
停用再啟動(dòng)keepalived:
[root@DR1 ~]# systemctl stop keepalived
[root@DR1 ~]# systemctl start keepalived
此時(shí)ipvsadm和接口的狀態(tài)為:
[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.98:80 rr
-> 192.168.0.83:80 Route 1 0 0
-> 192.168.0.84:80 Route 1 0 0
TCP 192.168.0.99:80 rr
-> 192.168.0.83:80 Route 1 0 0
-> 192.168.0.84:80 Route 1 0 0
[root@DR1 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.81 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fe21:59b9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:21:59:b9 txqueuelen 1000 (Ethernet)
RX packets 63844 bytes 72282542 (68.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23654 bytes 2934901 (2.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.99 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:21:59:b9 txqueuelen 1000 (Ethernet)
修改DR2
編輯/etc/keepalived/keepalived.conf文件:
[root@DR2 ~]# vim /etc/keepalived/keepalived.conf
#添加如下配置
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 2
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass POM123(*
}
virtual_ipaddress {
192.168.0.98/24 dev ens33 label ens33:1
}
}
#添加虛擬服務(wù)器組backend
virtual_server_group backend {
192.168.0.99 80
192.168.0.98 80
}
#修改虛擬服務(wù)器調(diào)用虛擬服務(wù)器組
virtual_server group backend {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.0.83 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.0.84 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
停用再啟動(dòng)keepalived:
[root@DR2 ~]# systemctl stop keepalived
[root@DR2 ~]# systemctl start keepalived
此時(shí)ipvsadm和接口的狀態(tài)為:
[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.98:80 rr
-> 192.168.0.83:80 Route 1 0 0
-> 192.168.0.84:80 Route 1 0 0
TCP 192.168.0.99:80 rr
-> 192.168.0.83:80 Route 1 0 0
-> 192.168.0.84:80 Route 1 0 0
[root@DR2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.87 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::5e4b:719d:3781:43a0 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4c6e:8b7e:2dcd:665d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:26:a3:20 txqueuelen 1000 (Ethernet)
RX packets 39989 bytes 28047325 (26.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20816 bytes 2894556 (2.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.98 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:26:a3:20 txqueuelen 1000 (Ethernet)
配置RS1和RS2
復(fù)制編輯RS腳本:
[root@RS1 ~]# cp RS.sh RS_new.sh
#/bin/bash
#修改vip為192.168.0.98
vip=192.168.0.98
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:1 $vip netmask $mask broadcast $vip up #修改接口為lo:1
route add -host $vip dev lo:1 #修改接口為lo:1
;;
stop)
ifconfig lo:1 down #修改接口為lo:1
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage $(basename $0) start|stop "
exit 1
;;
esac
運(yùn)行腳本:
[root@RS1 ~]# bash -x RS_new.sh start
+ vip=192.168.0.98
+ mask=255.255.255.255
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
+ ifconfig lo:1 192.168.0.98 netmask 255.255.255.255 broadcast 192.168.0.98 up
+ route add -host 192.168.0.98 dev lo:1
在RS2 上也按照如上步驟執(zhí)行操作即可
測試訪問
此時(shí)在客戶端通過192.168.0.99和192.168.0.98均能訪問到后端RS所提供的web服務(wù):
[root@client ~]# for i in {1..10} ; do curl http://192.168.0.98; done
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
在客戶端上編輯/etc/hosts,添加域名解析到99和98:
[root@client ~]# vim /etc/hosts
192.168.0.99 www.ilinux.io
192.168.0.98 www.ilinux.io
此時(shí)通過域名解析能使得只要有99和98有一個(gè)正常工作搔体,客戶端均能正常訪問服務(wù)恨樟。
[root@client ~]# for i in {1..10} ; do curl http://www.ilinux.io; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>