以下根据学神笔记摘抄
机器名称 | 机器名称 | 网关 | 机器作用 |
doonker62 | DIP:192.168.1. 62/24 VIP:192.168.1.111/24 | 192.168.1.1 | 主 LVS |
doonker63 | DIP:192.168.1.63/24 VIP:192.168.1.111/24 | 192.168.1.1 | 备 LVS |
doonker64 | 192.168.1.64/24 | 192.168.1.1 | RS1 WEB1 |
doonker65 | 192.168.1.65/24 | 192.168.1.1 | RS2 WEB2 |
1、 安装ipvsadm
[root@dongker62 ~]# rpm -ivh /mnt/Packages/ipvsadm-1.27-7.el7.x86_64.rpm安装完成不需要做任何配置,启动方式由keepalived控制
2、安装keepalived
第一种安装方法:
[root@doonker62 ~]# yum install -y keepalived查看安装路径:
[root@doonker62 ~]# rpm -ql keepalived第二种安装方法(源码安装):
上传keepalived-1.2.16.tar.gz包到Linux主机或:
wget http://www.keepalived.org/software/keepalived-1.2.16.tar.gz #直接在Linux主机上下载。
[root@doonker62 <sub>]# tar xf keepalived-1.2.16.tar.gz
[root@doonker62 </sub>]# cd keepalived-1.2.16/解决依赖
[root@doonker62 keepalived-1.2.16]# yum -y install gcc openssl-devel libnfnetlink-devel
[root@doonker62 keepalived-1.2.16]# ./configure --prefix=/usr/local/keepalived
Keepalived configuration
------------------------
Keepalived version : 1.2.16
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lssl -lcrypto -lcrypt
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
[root@doonker62 keepalived-2.0.10]# make && make install3、 建立启动脚本
[root@doonker62 keepalived]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@doonker62 keepalived]# grep "chkconfig" /usr/local/keepalived/etc/* -R
#不知道脚本位置,搜索chkconfig字段的文件可以找到!
/usr/local/keepalived/etc/rc.d/init.d/keepalived:# chkconfig: - 21 79
[root@doonker62 keepalived]# chmod +x /etc/init.d/keepalived
[root@doonker62 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@doonker62 keepalived]# mkdir /etc/keepalived
[root@doonker62 keepalived]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@doonker62 keepalived]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@doonker62 keepalived]# vim /etc/sysconfig/keepalived
改:14 KEEPALIVED_OPTIONS="-D"
为:14 KEEPALIVED_OPTIONS="-D -f /etc/keepalived/keepalived.conf
#修改指定 keepalived 要加载的配置文件,设置正确的服务启动参数
[root@doonker62 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:45:f4:4c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.62/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::aac4:2bc0:d52:a18a/64 scope link
valid_lft forever preferred_lft forever
4、 配置Keepalived+LVS-DR模式
在这种模式下,虚拟 IP 在某时刻只能属于某一个节点,另一个节点作为备用节点存在。当主节点不可用时,备用节点接管虚拟 IP,提供正常服务。
配置参数: 节点 doonker62(主节点); 节点 doonker63(备用节点) ; 虚拟 IP 192.168.1.111对外提供服务的 IP。 要求默认情况下由节点 doonker62提供服务,当节点 doonker62 不可用时,由节点 doonker63 提供服务(即虚拟 IP 漂移至节点 doonker63)。
主节点doonker62配置:
[root@doonker62 keepalived]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@doonker62 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost #默认三个地址,修改可用地址
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id doonker62 #标识当前节点名字,两个节点的此项需要不相同。
}
#默认的配置文件中,使用第三方 smtp 服务器,但这在现实中几乎没有意义,发不出邮件,我们将其挃定为 localhost, 我们也可以将通知信息的发送交给本地 sendmail 服务处理。
vrrp_instance apache { #定义一个实例,一个集群就是一个实例。 默认VI_1 可以随意改。
state MASTER #指定 A 节点为主节点 备用节点上设置为 BACKUP 即可
interface ens33 #绑定虚拟 IP 的网络接口
virtual_router_id 51 #VRRP 组名,两个节点的设置必须一样,以指明各个节点属于同一 VRRP 组
priority 100 #主节点的优先级(1-254 之间),备用节点必须比主节点优先级低
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.111 #指定虚拟 IP, 两个节点设置必须一样
}
}
#类似添加虚拟一个服务 ipvsadm -A -t 192.168.1.70:80 -s rr
virtual_server 192.168.2.111 80 { #对虚拟IP63添加LVS相关内容
delay_loop 6 #Keepalived 多长时间监测一次 RS
lb_algo rr #分发算法
lb_kind DR #DR 模式
nat_mask 255.255.255.0
persistence_timeout 50 #同一 IP 50秒内的请求都发到同个real server ,这个会影响LVS的 rr 调度算法, 同一 IP 超过 50 秒后,再次访问,才会被转发到另一台 real server 上。 persistence 持久性的意思
protocol TCP
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.64 -g 添加的内容,类似这条命令
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.65 –g 添加的内容,类似这条命令
real_server 192.168.1.64 80 { #配置服务节点 1,需要指定 realserver 的真实 IP 地址和端口,IP不同端口之间用空格隔开
weight 1 #配置服务节点的权值,权值大小用数字表示,数字越大,权值越高,设置权值大小可以为不同性能的服务器
TCP_CHECK { #这段内容手动添加,把以前的内容删除
connect_timeout 3 #表示 3 秒无响应超时
nb_get_retry 3 #表示重试次数
delay_before_retry 3 #表示重试间隔
connect_port 80 #检测端口
}
}
real_server 192.168.1.65 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#默认配置文件中还有两个 virtual_server 模版,把剩下的都删除了,就可以。 如:
#virtual_server 10.10.10.2 1358 { 。。。 }
#virtual_server 10.10.10.3 1358 { 。。。 }
[root@doonker62 keepalived]# systemctl restart keepalived
[root@doonker62 keepalived]# systemctl enable keepalived
[root@doonker62 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.111:80 rr#注:没有看到 realserver,是因为两台 realserver 还没有开启 httpd 服务。
5、 备用节点doonker63配置
安装ipvsadm:
[root@doonker63 ~]# rpm -ivh /mnt/Packages/ipvsadm-1.27-7.el7.x86_64.rpm安装完成不需要做任何配置,启动方式由keepalived控制
安装keepalived:
第一种安装方法:
[root@doonker63 ~]# yum install –y keepalived第二种安装方法:
编译安装,如同doonker62安装一样的步骤。(两台主机上的keepalived建议使用同一种安装方法进行安装,以方便后期维护)
wget http://www.keepalived.org/software/keepalived-1.2.16.tar.gz #下载keepalived程序包。
或:
[root@doonker62 ~]# scp /root/keepalived-1.2.16.tar.gz root@192.168.1.63:/root #在doonker62主机上复制过去和主节点doonker62配置差不多相同,直接从doonker62上scp拷贝配置文件
[root@doonker62 ~]# scp /etc/keepalived/keepalived.conf root@192.168.1.63:/etc/keepalived/复制过来之后,还要做一定的修改:
[root@doonker63~]# vim /etc/keepalived/keepalived.conf
注:红色为改动项值
router_id doonker63 #运行 keepalived 的机器标示符
}
vrrp_instance apache {
state BACKUP #当前 LVS 状态为备用分发器
interface ens33
virtual_router_id 51
priority 90 #LVS 优先级,备的要比主的小
……启动:
[root@doonker63 keepalived]# systemctl restart keepalived
[root@doonker63 keepalived]# systemctl enable keepalived4.3.8 测试LVS IP飘移
[root@doonker62 keepalived]# systemctl stop keepalived
[root@doonker63 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:01:d7:0e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.63/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::b2f7:9e80:a868:d6e1/64 scope link
valid_lft forever preferred_lft forever
[root@doonker63 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.111:80 rr#看到192.168.1.63飘移过来了,就证明一切正常了
4.3.9 配置RS1
[root@doonker64 <sub>]# vim /etc/init.d/lvsrsdr #写一个配置RS的脚本
#description:start relserver
VIP=192.168.1.111
source /etc/init.d/functions #加载环境变量(可以加载所有的环境变量)
case $1 in
start)
echo 'start LVS of Realserver DR'
/sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:1
echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:1 down
echo 'Close LVS of Realserver DR'
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 (start|stop)"
exit 1
esac
[root@doonker64 </sub>]# chmod +x /etc/init.d/lvsrsdr
[root@doonker64 <sub>]# /etc/init.d/lvsrsdr start
[root@doonker64 </sub>]# echo "/etc/init.d/lvsrsdr start" >> /etc/rc.local
[root@doonker64 <sub>]# ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.1.111 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@doonker64 </sub>]# yum install -y httpd
[root@doonker64<sub>]# echo 192.168.1.64 > /var/www/html/index.html
[root@doonker64 </sub>]# systemctl restart httpd4.3.10 配置RS2
从doonker64上拷贝脚本
[root@doonker64 ~]# scp /etc/init.d/lvsrsdr root@192.168.1.65:/etc/init.d/
然后执行
[root@doonker65 <sub>]# chmod +x /etc/init.d/lvsrsdr
[root@doonker65 </sub>]# /etc/init.d/lvsrsdr start
[root@doonker65 <sub>]# echo "/etc/init.d/lvsrsdr start " >> /etc/rc.local
[root@doonker65 </sub>]# ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.1.111 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@doonker65 <sub>]# yum install -y httpd
[root@doonker65 </sub>]# echo 192.168.1.65 > /var/www/html/index.html
[root@doonker65 ~]# systemctl restart httpd4.3.11 测试
http://192.168.1.111 #一直显示192.168.2.64的内容,等待50s之后,查看测试主备切换,首选在主上xueogd62上查看状态
[root@doonker62 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.111:80 rr
-> 192.168.1.64:80 Route 1 1 1
-> 192.168.1.65:80 Route 1 1 0在备上查看doonker63的状态
[root@doonker63 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn在doonker62上停掉keepalived, 模拟故障,在查看doonker63
[root@doonker62 ~]# systemctl stop keepalived
[root@doonker63 keepalived]# ipvsadm -L -n
P Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.2.111:80 rr
-> 192.168.2.64:80 Route 1 0 0
-> 192.168.2.65:80 Route 1 0 0
[root@doonker63 keepalived]# ip addr
……
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:89:ac:42 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.63/24 brd 192.168.2.255 scope global ens32
valid_lft forever preferred_lft forever
inet 192.168.1.111/32 scope global ens32
valid_lft forever preferred_lft forever
inet6 fe80::977:7b97:b1d1:2176/64 scope link
valid_lft forever preferred_lft forever从日志看:
[root@doonker63 keepalived]# tailf /var/log/messages当我们重启了主上的keepalived,自动从备分发器转到主分发器上。因为备的优先级低。
[root@doonker62 ~]# systemctl restart keepalived测试RS容错,停掉xueogd65的httpd之后doonker62查看
[root@doonker62 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.111:80 rr
-> 192.168.1.64:80 Route 1 1 0打开主 LVS 的日志(/var/log/message),看到滚动从 LVS 中移除192.168.1.65。
[root@doonker62 ~]# tail /var/log/messages使用 ipvsadm -Ln 可以看到刚才关闭的那台机器的 IP不在列表中了。
当 keepalived 主从优先级一样时,当主恢复后,还是要回切资源的。第一次建立主从关系时,需要10s 左右的认证时间。
