Keepalived可以配合LVS使用,解决LVS单点失败和后端服务器健康性检测的问题。
环境准备
客户端
eth0: 仅主机 192.168.10.6/24 GW:192.168.10.200路由器
eth0: NAT 10.0.0.200/24
eth1: 仅主机 192.168.10.200/24
启用 IP_FORWARD两台LVS+Keepalived
Master eth0: 10.0.0.8 vip: 10.0.0.10/32
Backup eth0: 10.0.0.18两台后端服务器
RS1 eth0: 10.0.0.7
RS2 eth0: 10.0.0.17服务配置
LVS-Master
安装keepalived
yum -y install keepalived备份配置文件
cp /etc/keepalived/keepalived.conf{,.bak} 编辑配置文件
vim /etc/keepalived/keepalived.confkeepalived.conf
默认组播IP:224.0.0.18
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10 dev eth0 label eth0:0
}
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.7 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.17 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}重启keepalived服务
systemctl restart keepalived查看LVS规则是否已经自动生成
ipvsadm -LnLVS-Backup
安装keeplived方法同上
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10 dev eth0 label eth0:0
}
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 10.0.0.7 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.17 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}重启keepalived服务
systemctl restart keepalived查看LVS规则是否已经自动生成
ipvsadm -Ln后端RS1
使用脚本绑定VIP至web服务器lo网卡
lvs_dr_rs.sh
#!/bin/bash
#Author: qinwa
vip=10.0.0.10
mask=255.255.255.255
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac启动脚本
bash lvs_dr_rs.sh start配置httpd
yum -y install httpd
echo rs1 10.0.0.7 >/var/www/html/index.html
systemctl start httpd后端RS2
使用脚本绑定VIP至web服务器lo网卡
lvs_dr_rs.sh
#!/bin/bash
#Author: qinwa
vip=10.0.0.10
mask=255.255.255.255
dev=lo:1
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac启动脚本
bash lvs_dr_rs.sh start配置httpd
yum -y install httpd
echo rs1 10.0.0.17 >/var/www/html/index.html
systemctl start httpd访问测试
在LVS的Master节点用 ip -a 可以看到VIP是飘在主节点上的(因为它的优先级高)
在客户端访问VIP看到也是正常轮询的
在路由器抓包观察,可以看到主节点在发通告,宣告自己的优先级
tcpdump -i eth0 -nn host 224.0.0.18
这个时候把主节点(10.0.0.8)的keepalived服务停止,可以看到从节点把VIP抢过来了
再访问VIP,可以看到即使挂掉一台LVS网页还是能正常访问的,这样就实现了高可用了。
