LVS-DR模式集群构建
Posted 笃信守真
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LVS-DR模式集群构建相关的知识,希望对你有一定的参考价值。
实验示意图:
一、配置负载均衡器LVS-Master&Slave:
关闭网卡守护进程
[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon: [ OK ]
[root@localhost ~]# chkconfig NetworkManager off
拷贝eth0网卡子接口充当集群入口接口
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-eth0 ifdown-eth ifdown-ppp ifup-aliases ifup-isdn ifup-routes net.hotplug
ifcfg-eth1 ifdown-ippp ifdown-routes ifup-bnep ifup-plip ifup-sit network-functions
ifcfg-lo ifdown-ipv6 ifdown-sit ifup-eth ifup-plusb ifup-tunnel network-functions-ipv6
ifdown ifdown-isdn ifdown-tunnel ifup-ippp ifup-post ifup-wireless
ifdown-bnep ifdown-post ifup ifup-ipv6 ifup-ppp init.ipv6-global
[root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-eth0:0
[root@localhost network-scripts]# vim ifcfg-eth0:0
DEVICE=eth0:0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=100.100.100.100
NETMASK=255.255.255.0
[root@localhost network-scripts]# ifup ifcfg-eth0:0
关闭网卡重定向功能
[root@localhost ~]# vim /etc/sysctl.conf
# 在文件末尾添加下列三行
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
# 重新加载系统参数
[root@localhost ~]# sysctl -p
安装ipvsadm命令行管理工具
[root@localhost ~]# mount -t iso9660 /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum -y install ipvsadm
.......
# 添加ipvs TCP集群
[root@localhost ~]# ipvsadm -A -t 100.100.100.100:80 -s rr
# 添加ipvsadm集群子节点
[root@localhost ~]# ipvsadm -a -t 100.100.100.100:80 -r 100.100.100.13:80 -g
[root@localhost ~]# ipvsadm -a -t 100.100.100.100:80 -r 100.100.100.14:80 -g
# 查看集群列表
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 100.100.100.100:80 rr
-> 100.100.100.13:80 Route 1 0 0
-> 100.100.100.14:80 Route 1 0 0
# 查看集群访问次数
[root@localhost ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 100.100.100.100:80 14 72 0 9844 0
-> 100.100.100.13:80 7 37 0 4900 0
-> 100.100.100.14:80 7 35 0 4944 0
# 保存ipvs集群内容至文件,进行持久化存储
[root@localhost ~]# service ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
[root@localhost ~]# chkconfig ipvsadm on
二、配置真实服务器RS1
关闭网卡守护进程
[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon: [ OK ]
[root@localhost ~]# chkconfig NetworkManager off
拷贝回环网卡子接口
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=100.100.100.100
NETMASK=255.255.255.255
NETWORK=127.0.0.0
# If you\'re having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
关闭对应ARP响应及公告功能
[root@localhost ~]# vim /etc/sysctl.conf
# 在配置文件末尾添加下列内容
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
# 重新加载系统内核参数
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
# 开启回环子接口
[root@localhost ~]# ifup lo:0
添加路由记录
[root@localhost ~]# route add -host 100.100.100.100 dev lo:0
[root@localhost ~]# service httpd start
Starting httpd:
# 保存路由记录到开机启动项中
[root@localhost ~]# echo "route add -host 100.100.100.100 dev lo:0" >> /etc/rc.local
# 查看路由条目
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo
100.100.100.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
# 开启回环子接口
[root@localhost ~]# ifup lo:0
添加web服务并部署一个简易网站
[root@localhost ~]# service httpd start
Starting httpd: httpd: Could not reliably determine the server\'s fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# echo "131111111111111111" >> /var/www/html/index.html
[root@localhost ~]# curl localhost
131111111111111111
[root@localhost ~]#
三、配置真实服务器RS2
关闭网卡守护进程
[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon: [ OK ]
[root@localhost ~]# chkconfig NetworkManager off
拷贝回环网卡子接口
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=100.100.100.100
NETMASK=255.255.255.255
NETWORK=127.0.0.0
# If you\'re having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
关闭对应ARP响应及公告功能
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
# 重新加载系统参数
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
# 开启回环子接口
[root@localhost ~]# ifup lo:0
添加路由记录,当访问VIP时交给lo:0网卡接收
[root@localhost ~]# route add -host 100.100.100.100 dev lo:0
[root@localhost ~]# service httpd start
Starting httpd:
# 保存路由记录到开机启动项中
[root@localhost ~]# echo "route add -host 100.100.100.100 dev lo:0" >> /etc/rc.local
# 查看路由条目
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo
100.100.100.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
# 开启回环子接口
[root@localhost ~]# ifup lo:0
四、LVS-Master安装keepalived
检查keepalived所需要的依赖包是否已经安装
# (安装keepalived需要popt支持)
[root@localhost ~]# rpm -qa | grep popt
#(安装keepalived需要openssl支持)
[root@localhost ~]# rpm -qa | grep openssl
注意:如不知道keepalived需要哪些依赖包,可到下载后的源码解压目录下查看INSTALL 文件内容,安装需要的依赖包,源码安装任何一个软件都要养成查看源码包文档的习惯,比如INSTALL,README,doc等文档,可以获得很多有用的信息
源码编译安装keepalived
# 安装keepalived相关依赖
[root@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel gcc*
[root@localhost ~]# tar zxvf keepalived-2.1.5.tar.gz
[root@localhost ~]# cd keepalived-2.1.5
[root@localhost keepalived-2.1.5]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-504.el6.x86_64/
[root@localhost keepalived-2.1.5]# make
.......
.......
[root@localhost keepalived-2.1.5]# make install
.......
对keepalived进行相关优化
[root@localhost ~]# whereis keepalived
keepalived: /sbin/keepalived /usr/sbin/keepalived /etc/keepalived /usr/local/keepalived
[root@localhost ~]# cp -a keepalived-2.1.5/keepalived/etc/init.d/keepalived /etc/init.d/
安装keepalived服务并开机自启
[root@localhost ~]# chkconfig --add keepalived
[root@localhost ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# service keepalived start
Starting keepalived: [ OK ]
[root@localhost ~]# chkconfig keepalived on
修改keepalived.conf
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id R1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
100.100.100.100
}
}
virtual_server 100.100.100.100 80 {
delay_loop 2
lb_algo rr
lb_kind DR
protocol TCP
real_server 100.100.100.13 80 {
weight 1
TCP_CHECK {
connect_port 80
connetc_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 100.100.100.14 80 {
weight 1
TCP_CHECK {
connect_port 80
connetc_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
五、LVS-SLAVE安装keepalived
源码编译安装keepalived
安装keepalived相关依赖
[root@localhost ~]# yum -y install kernel-devel openssl-devel popt-devel gcc*
[root@localhost ~]# tar zxvf keepalived-2.1.5.tar.gz
[root@localhost ~]# cd keepalived-2.1.5
[root@localhost keepalived-2.1.5]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernels/2.6.32-504.el6.x86_64/
[root@localhost keepalived-2.1.5]# make
.......
.......
[root@localhost keepalived-2.1.5]# make install
.......
对keepalived进行相关优化
[root@localhost ~]# whereis keepalived
keepalived: /sbin/keepalived /usr/sbin/keepalived /etc/keepalived /usr/local/keepalived
[root@localhost ~]# cp -a keepalived-2.1.5/keepalived/etc/init.d/keepalived /etc/init.d/
安装keepalived服务并开机自启
[root@localhost ~]# chkconfig --add keepalived
[root@localhost ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# service keepalived start
Starting keepalived: [ OK ]
[root@localhost ~]# chkconfig keepalived on
修改keepalived.conf
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id R2
}
vrrp_instance VI_1 {
state SLAVE
interface eth0
virtual_router_id 66
priority 20
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
100.100.100.100
}
}
virtual_server 100.100.100.100 80 {
delay_loop 2
lb_algo rr
lb_kind DR
protocol TCP
real_server 100.100.100.13 80 {
weight 1
TCP_CHECK {
connect_port 80
connetc_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 100.100.100.14 80 {
weight 1
TCP_CHECK {
connect_port 80
connetc_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
六、访问web网站地址
访问web页面
观察主负载均衡调度器LVS-Master状态
刷新前:
[root@localhost ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 100.100.100.100:80 19 99 0 13395 0
-> 100.100.100.13:80 1 5 0 710 0
-> 100.100.100.14:80 2 13 0 1552 0
刷新web网站页面后:
[root@localhost ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 100.100.100.100:80 28 144 0 19785 0
-> 100.100.100.13:80 6 30 0 4260 0
-> 100.100.100.14:80 6 33 0 4392 0
假设LVS-Master有故障宕机,通过关闭网卡模拟宕机
关闭主负载均衡调度器的网卡ifcfg-eth0:
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ifdown ifcfg-eth0
关闭后,仍可访问网页,说明从负载均衡调度器在起作用。
观察从负载均衡调度器LVS-Slave状态
刷新页面前:
[root@localhost network-scripts]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 100.100.100.100:80 21 107 0 14814 0
-> 100.100.100.13:80 10 52 0 7030 0
-> 100.100.100.14:80 11 55 0 7784 0
刷新页面后:
[root@localhost network-scripts]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 100.100.100.100:80 31 158 0 21875 0
-> 100.100.100.13:80 15 78 0 10632 0
-> 100.100.100.14:80 16 80 0 11243 0
通过观察Conns数值,可以知道宕机情况下,从负载均衡调度器起作用了,使仍可访问网站。
以上是关于LVS-DR模式集群构建的主要内容,如果未能解决你的问题,请参考以下文章
[Linux]-构建LVS-DR模式+Keepalived高可用群集