共计 4411 个字符,预计需要花费 12 分钟才能阅读完成。
一、lvs+keepalived 高可用集群部署
案例需求
部署基于 LVS DR 模式的 web 高可用集群,实现:
- 实现数据服务器容错
- 实现分发器故障切换
- 任何机器宕机不中断 web 业务
实验环境
六台安装 CentOS8 的虚拟机一台测试机,两台 LVS 分发器,一台路由器,两台 web 服务器,关闭 selinux 关闭防火墙,停止 libvirtd.service 服务
| 角色名称 | 接口名称 | IP 地址 |
|---|---|---|
| client | ens33 | 192.168.1.200 |
| route | ens33,ens160 | 192.168.1.1,192.168.2.1 |
| lvs1 | ens33 | 192.168.2.200,192.168.2.100(VIP) |
| lvs2 | ens33 | 192.168.2.150,192.168.2.100(VIP) |
| rs1 | ens33,lo:0 | 192.168.2.220,192.168.2.100(VIP) |
| rs2 | ens33,lo:0 | 192.168.2.210,192.168.2.100(VIP) |
实验拓扑图
实验步骤
a、配置客户端
| ens33=192.168.1.200 | |
| [root@client ~]# route add default gw 192.168.1.1 |
b、设置路由
| ens33=192.168.1.1 | |
| ens160=192.168.2.1 | |
| [root@route ~]# echo 1 > /proc/sys/net/ipv4/ip_forward |
c、设置 RS 的 VIP、网关、内核参数
| RS1 | |
| [root@rs1 ~]# route add default gw 192.168.2.1 | |
| [root@rs1 ~]# ifconfig lo:0 192.168.2.100 netmask 255.255.255.255 up | |
| [root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore | |
| [root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce | |
| RS2 | |
| [root@rs2 ~]# route add default gw 192.168.2.1 | |
| [root@rs2 ~]# ifconfig lo:0 192.168.2.100 netmask 255.255.255.255 up | |
| [root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore | |
| [root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce | |
| 安装 web 服务,生成测试页面 | |
| RS1 | |
| [root@rs1 ~]# dnf install httpd -y | |
| [root@rs1 ~]# echo "rs1" > /var/www/html/index.html | |
| [root@rs1 ~]# systemctl start httpd.service | |
| RS2 | |
| [root@rs2 ~]# dnf install httpd -y | |
| [root@rs2 ~]# echo "rs2" > /var/www/html/index.html | |
| [root@rs2 ~]# systemctl start httpd.service |
d、设置 LVS
| ### LVS1 安装软件包,修改配置文件 | |
| [root@lvs1 ~]# dnf install ipvsadm keepalived -y | |
| [root@lvs1 ~]# vim /etc/keepalived/keepalived.conf | |
| ! Configuration File for keepalived | |
| global_defs {router_id lvs_1} | |
| vrrp_instance apache { | |
| state MASTER | |
| interface ens33 | |
| virtual_router_id 51 | |
| priority 100 | |
| advert_int 1 | |
| authentication { | |
| auth_type PASS | |
| auth_pass 1111 | |
| } | |
| virtual_ipaddress {192.168.2.100/24 | |
| } | |
| } | |
| virtual_server 192.168.2.100 80 {delay_loop 6 | |
| lb_algo rr | |
| lb_kind DR | |
| nat_mask 255.255.255.0 | |
| # persistence_timeout 50 | |
| protocol TCP | |
| real_server 192.168.2.210 80 {weight 1 | |
| TCP_CHECK {connect_timeout 3 | |
| connect_port 80 | |
| } | |
| } | |
| real_server 192.168.2.220 80 {weight 1 | |
| TCP_CHECK {connect_timeout 3 | |
| connect_port 80 | |
| } | |
| } | |
| } | |
| ### 重启 keepalived 服务 | |
| [root@lvs1 ~]# systemctl start keepalived.service | |
| ### 使用 ip add 命令查看所设置的 VIP 是否被设置 | |
| [root@lvs1 ~]# ip add | |
| 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 | |
| link/ether 00:0c:29:6d:1c:b3 brd ff:ff:ff:ff:ff:ff | |
| inet 192.168.2.200/24 brd 192.168.2.255 scope global noprefixroute ens33 | |
| valid_lft forever preferred_lft forever | |
| inet 192.168.2.100/24 scope global secondary ens33 | |
| valid_lft forever preferred_lft forever | |
| inet6 fe80::474:99dd:c899:455f/64 scope link noprefixroute | |
| valid_lft forever preferred_lft forever | |
| ### LVS2 安装软件包,修改配置文件 | |
| [root@lvs2 ~]# dnf install ipvsadm keepalived -y | |
| [root@lvs2 ~]# vim /etc/keepalived/keepalived.conf | |
| ! Configuration File for keepalived | |
| global_defs {router_id lvs_1} | |
| vrrp_instance apache { | |
| state BACKUP | |
| interface ens33 | |
| virtual_router_id 51 | |
| priority 10 | |
| advert_int 1 | |
| authentication { | |
| auth_type PASS | |
| auth_pass 1111 | |
| } | |
| virtual_ipaddress {192.168.2.100/24 | |
| } | |
| } | |
| virtual_server 192.168.2.100 80 {delay_loop 6 | |
| lb_algo rr | |
| lb_kind DR | |
| nat_mask 255.255.255.0 | |
| # persistence_timeout 50 | |
| protocol TCP | |
| real_server 192.168.2.210 80 {weight 1 | |
| TCP_CHECK {connect_timeout 3 | |
| connect_port 80 | |
| } | |
| } | |
| real_server 192.168.2.220 80 {weight 1 | |
| TCP_CHECK {connect_timeout 3 | |
| connect_port 80 | |
| } | |
| } | |
| } | |
| ### 重启 keepalived 服务 | |
| [root@lvs2 ~]# systemctl start keepalived.service |
e、客户端测试
| ### 客户端验证分发 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs1 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs2 | |
| ### 停止 lvs1 的 keepalived 服务 验证分发器故障切换 | |
| [root@lvs1 ~]# systemctl stop keepalived.service | |
| 使用 ip add 命令查看 VIP 是否被释放 | |
| [root@lvs1 ~]# ip add | |
| 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 | |
| link/ether 00:0c:29:6d:1c:b3 brd ff:ff:ff:ff:ff:ff | |
| inet 192.168.2.200/24 brd 192.168.2.255 scope global noprefixroute ens33 | |
| valid_lft forever preferred_lft forever | |
| inet6 fe80::474:99dd:c899:455f/64 scope link noprefixroute | |
| valid_lft forever preferred_lft forever | |
| 切换到 lvs2 查看 VIP 是否被设置 | |
| [root@lvs2 ~]# ip add | |
| 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 | |
| link/ether 00:0c:29:5c:a0:66 brd ff:ff:ff:ff:ff:ff | |
| inet 192.168.2.150/24 brd 192.168.2.255 scope global noprefixroute ens33 | |
| valid_lft forever preferred_lft forever | |
| inet 192.168.2.100/24 scope global secondary ens33 | |
| valid_lft forever preferred_lft forever | |
| inet6 fe80::5726:cbb9:c37b:d898/64 scope link noprefixroute | |
| valid_lft forever preferred_lft forever | |
| 切换到客户端测试 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs1 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs2 | |
| ### 停止 RS1 数据服务器查看数据服务器容错 | |
| [root@rs1 ~]# systemctl stop httpd | |
| 切换到客户端测试: 用户只能访问到 RS1 的页面 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs1 | |
| [root@client ~]# elinks http://192.168.2.100 --dump | |
| rs1 |
提示:使用 tcpdump 命令可以看到 vrrp 的相关信息发送信息,深度理解 VRRP 协议
[root@lvs1 ~]# tcpdump -nn -vvv vrrp
正文完
星哥玩云-微信公众号
