Keepalived+LVS的双机双vip安装和配置

Posted 2020-10-23

环境的说明：

MASTER:   物理ip:192.168.1.102     vip:192.168.1.106

 

BACKUP:   物理ip:192.168.1.103     vip:192.168.1.107

 

Realsever1：    物理ip:192.168.1.104

 

  Realsever2：    物理ip:192.168.1.105

1、Keepalived的安装(主和备的安装方式一样)

tar  zxvf  keepalived-1.2.15.tar.gz

./configure  --prefix=/usr/local/keepalived

make

make   install

2、keepalived的配置

 

cp  /usr/local/keepalived/etc/rc.d/init.d/keepalived  /etc/init.d/

cp  /usr/local/keepalived/etc/sysconfig/keepalived  /etc/sysconfig/

mkdir  /etc/keepalived/

cp  /usr/local/keepalived/etc/keepalived/keepalived.conf  /etc/keepalived/

cp  /usr/local/keepalived/sbin/keepalived /sbin/

 

 

keepalived的master配置文件(基于url检查RS的存活

 

more  /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

   notification_email {

          [email protected]

   }

   notification_email_from [email protected]

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id  LVS_MASTER

}

vrrp_instance VI_1 {

    state  MASTER

    interface eth0

    lvs_sync_daemon_interface  eth0

    virtual_router_id  51

    priority  150

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.106

    }

}

virtual_server 192.168.1.106 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

    real_server 192.168.1.104 80 {

        weight 1

         HTTP_GET {

            url {

              path /check.html

              digest  eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 192.168.1.105 80 {

       weight 1

        HTTP_GET {

            url {

              path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

vrrp_instance VI_2 {

    state BACKUP

    interface eth0

    lvs_sync_daemon_interface  eth0

    virtual_router_id 52

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 2222

    }

    virtual_ipaddress {

        192.168.1.107

    }

}

virtual_server 192.168.1.107 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

    real_server 192.168.1.104 80 {

        weight 1

         HTTP_GET {

            url {

              path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 192.168.1.105 80 {

       weight 1

        HTTP_GET {

            url {

              path  /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

 

keepalived的backup配置文件(基于url检查RS的存活)

 

more /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

   notification_email {

          [email protected]

   }

   notification_email_from [email protected]

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id  LVS_BACKUP

}

vrrp_instance VI_1 {

    state BACKUP

    interface eth1

    lvs_sync_daemon_interface  eth1

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.1.106

    }

}

virtual_server 192.168.1.106 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

    real_server 192.168.1.104 80 {

        weight 1

         HTTP_GET {

            url {

              path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 192.168.1.105 80 {

       weight 1

        HTTP_GET {

            url {

             path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

vrrp_instance VI_2 {

    state MASTER

    interface eth1

    lvs_sync_daemon_interface  eth1

    virtual_router_id 52

    priority 150

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 2222

    }

    virtual_ipaddress {

        192.168.1.107

    }

}

virtual_server 192.168.1.107 80 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.255.0

    persistence_timeout 50

    protocol TCP

    real_server 192.168.1.104 80 {

        weight 1

         HTTP_GET {

            url {

              path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 192.168.1.105 80 {

       weight 1

        HTTP_GET {

            url {

              path /check.html

              digest   eff5bc1ef8ec9d03e640fc4370f5eacd

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

 

注意：黄色标记的是master和backup的不同之处

 

在主备启动keepalived

 

 /etc/init.d/keepalived  start

3、lvs的安装(主备相同)

tar  zxvf   ipvsadm-1.26.tar.gz

cd  ipvsadm-1.26

ln  -s  /usr/src/kernels/2.6.32-504.8.1.el6.i686/    /usr/src/linux

 

注意：如果在/usr/src/kernels/下面没有相关的内核版本，是因为没有安装kernels-dev的安装包导致的，安装之后就好了.

 

make

make install

4、RS机器的相关配置(手动配置)

 

a）抑制arp广播

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

 

b) 在lo配置虚拟2个vip地址

 

/sbin/ifconfig  lo:1 192.168.1.106 netmask 255.255.255.255 up

/sbin/ifconfig  lo:1 192.168.1.107 netmask 255.255.255.255 up

C)自动配置相关的脚本

 

#!/bin/bash

#

# lvsdrrs init script to hide loopback interfaces on LVS-DR

# Real servers. Modify this script to suit

# your needs. You at least need to set the correct VIP address(es).

#

# Script to start LVS DR real server.

#

# chkconfig: 2345 20 80

# description: LVS DR real server

#

# You must set the VIP address to use here:

#指定虚拟IP

VIP=222.76.222.70

host=`/bin/hostname`

case "$1" in

start)

       # Start LVS-DR real server on this machine.

        /sbin/ifconfig lo down

        /sbin/ifconfig lo up

#修改相关内核参数：

        echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

        echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

        echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

        echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

 

        /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up

        /sbin/route add -host $VIP dev lo:0

;;

stop)

        # Stop LVS-DR real server loopback device(s).

        /sbin/ifconfig lo:0 down

;;

status)

        # Status of LVS-DR real server.

        islothere=`/sbin/ifconfig lo:0 | grep $VIP`

        isrothere=`netstat -rn | grep "lo" | grep $VIP`

        if [ ! "$islothere" -o ! "$isrothere" ];then

            # Either the route or the lo:0 device

            # not found.

            echo "LVS-DR real server Stopped."

        else

            echo "LVS-DR Running."

        fi

;;

*)

        # Invalid entry.

        echo "$0: Usage: $0 {start|status|stop}"

        exit 1

;;

esac

 

d)  安装httpd服务并且创建测试页面

       由于httpd的安装非常简单这里不做叙述了，在RS2台机器上创建2个不同的测试页面用于查看到负载的效果。

 

RS1：        192.168.1.104  RS1

 

RS2：        192.168.1.105  RS2

5、高可用和负载均衡的相关测试

在主备服务器通过ip  add命令查看vip是否存在

然后通过浏览器访问vip看是否可以正常打开网页内容

通过以上的测试可以看出来，lvs的负载均衡的功能已经实现。

 

其他的测试如下：

 

1、停止主备的keepalived，看vip是否可以正常切换到对方，并且在浏览器可以正常的访问到页面。

 

2、关掉RS1或者RS2的httpd服务，看下ipvadmin是否正常的剔除了有故障服务器。

                                          

                                              ~~~~~~~~~~~~~~~~~~~end~~~~~~~~~~~~~