CentOS部署Keepalived + LVS 构建高可用WEB环境
时间:2014-12-05 21:10 来源:linux.it.net.cn 作者:IT
实验部署软件清单
CentOS 6.4 X64 mini
Keepalived-1.2.7.tar.gz
Ipvsadm 1.2.5-10
二、 实验目的
使用Keepalived实现基于LVS(DR)模式的集群方案,系统架构如下拓朴结构图,我们使用Keepalived 实现 VIP在两台LVS之间切换,LVS1作为缺省调度器,当LVS1调度器出现故障后,LVS2可以自动接管LVS1。当前的调度器负责把客户请求转发给后端真实的服务器(web1与web2),由于LVS工作在DR模式下,所有的真实服务器需要在自己的Non-ARP设备上设置VIP,最终由后端真实服务器将响应数据包通过路由传递给用户。
Keepalived + LVS 拓朴图
服务器网络信息
三、 实验过程
3.1 web1操作步骤如下:
临时关闭iptables 及selinux
[root@web1 ~]# iptables –F && iptables –X && service iptables save
[root@web1 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
配置主机名及ip 地址
[root@web1 ~]# hostname web1.example.com
[root@web1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.111
PREFIX=24
GATEWAY=172.16.21.254
DNS1=8.8.8.8
添加虚拟接口地址
[root@web1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.253
PREFIX=32
GATEWAY=172.16.21.254
由于网络中多个设备都设置了VIP地址,为了防止出现地址冲突的问题,需要做一些内核的更改:
[root@web1 ~]# vi /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
修改sysctl.conf后执行sysctl –p 立即生效
[root@web1 ~]# sysctl –p
[root@web1 ~]# service network restart
安装httpd 软件包,并配置启动它。
[root@web1 ~]# yum –y install httpd
[root@web1 ~]# echo `uname –n` > /var/www/html/index.html
[root@web1 ~]# service httpd start && chkconfig httpd on
3.2 web2操作步骤与web1是几乎是一致的:
临时关闭iptables 及selinux
[root@web2 ~]# iptables –F && iptables –X && service iptables save
[root@web2 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
配置主机名及ip 地址
[root@web2 ~]# hostname web2.example.com //并在network 中添加
[root@web2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.112
PREFIX=24
GATEWAY=172.16.21.254
DNS1=8.8.8.8
添加虚拟接口地址
[root@web2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.253
PREFIX=32
GATEWAY=172.16.21.254
[root@web2 ~]# vi /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
修改sysctl.conf后执行sysctl –p 立即生效
[root@web2 ~]# sysctl –p
[root@web2 ~]# service network restart
安装httpd 软件包,并配置启动它。
[root@web2 ~]# yum –y install httpd
[root@web2 ~]# echo `uname –n` > /var/www/html/index.html
[root@web2 ~]# service httpd start && chkconfig httpd on
3.3 lvs1调度器操作步骤如下:
配置主机名及IP地址
[root@lvs1 ~]# hostname lvs1.example.com
[root@lvs1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.211
PREFIX=24
GATEWAY=172.16.21.254
DNS1=8.8.8.8
安装keepalived
[root@lvs1 ~]# yum –y install gcc make wget openssl-devel popt-devel libnl libnl-devel kernel-devel ipvsadm
[root@lvs1 ~]# wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
[root@lvs1 ~]# tar zxvf keepalived-1.2.7.tar.gz
[root@lvs1 ~]# cd keepalived-1.2.7
[root@lvs1 ~]# ./configure
[root@lvs1 ~]# make && make install
[root@lvs1 ~]# ln –s /usr/local/etc/keepalived/ /etc
[[root@lvs1 ~]# ln –s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@lvs1 ~]# ln –s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@lvs1 ~]# ln –s /usr/local/sbin/keepalived /usr/sbin/
通过keepalived 实现服务的高可用性,我们此时需要修改keepalived 主配置文件――本实验lvs1为主设备,lvs2为从设备,并保证其中一台出现故障后,另一台设备可以及时、激活故障的设备,另需要在该配置文件添加虚拟服务IP,并为该虚拟服务添加后端真实的WEB组与对应的算法,本实验中的算法为rr(轮循).
[root@lvs1 ~]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@example.com
smtp_server localhost
smtp_connect_timeout 30
router_id LVS_01
}
vrrp_instance HA {
state MASTER #主节点,备用节点上为BACKUP
interface eth0 #绑定虚拟IP的网络接口
virtual_router_id 51 #VRRP组名,两个节点必须一致
priority 100 #优先级(1-254之间),数值大越高,备用低于100
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #虚拟IP
172.16.21.253
}
}
virtual_server 172.16.21.253 80 {
delay_loop 6 #健康检查时间间隔
lb_algo rr #负载均衡调度算法
lb_kind DR #负载均衡转发规则
#persistence_timeout 20 #设置会话保持时间
protocol TCP #协议
real_server 192.168.1.105 80 {
weight 3 #设置权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.21.111 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.21.112 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
将 keepalived启动并加入到开机列表
[root@lvs1 ~]# service keepalived start && chkconfig keepalived on
关闭iptables 及 selinux
[root@lvs1 ~]# iptables –F && iptables –X && service iptables save
[root@lvs1 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
3.4 因为都是调度器,lvs2调度器操作流程及步骤与lvs1调试器一致,不一致的地方keepalived 配置文件(红色标记):
配置主机名及IP地址
[root@lvs2 ~]# hostname lvs2.example.com
[root@lvs2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21.212
PREFIX=24
GATEWAY=172.16.21.254
DNS1=8.8.8.8
安装keepalived
[root@lvs2 ~]# yum –y install gcc make wget openssl-devel popt-devel libnl libnl-devel kernel-devel ipvsadm
[root@lvs2 ~]# wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
[root@lvs2 ~]# tar zxvf keepalived-1.2.7.tar.gz
[root@lvs2 ~]# cd keepalived-1.2.7
[root@lvs2 ~]# ./configure
[root@lvs2 ~]# make && make install
[root@lvs2 ~]# ln –s /usr/local/etc/keepalived/ /etc
[[root@lvs2 ~]# ln –s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@lvs2 ~]# ln –s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@lvs2 ~]# ln –s /usr/local/sbin/keepalived /usr/sbin/
配置keepalived,并将此服务器设置为从节点
[root@lvs1 ~]# vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@example.com
smtp_server localhost
smtp_connect_timeout 30
router_id HA_02
}
vrrp_instance HA {
state BAKCUP #主节点为MASTER
interface eth0 #绑定虚拟IP的网络接口
virtual_router_id 51 #VRRP组名,两个节点必须一致
priority 50 #优先级(1-254之间),数值大越高
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #虚拟IP
172.16.21.253
}
}
virtual_server 172.16.21.253 80 {
delay_loop 6 #健康检查时间间隔
lb_algo rr #负载均衡调度算法
lb_kind DR #负载均衡转发规则
#persistence_timeout 20 #设置会话保持时间
protocol TCP #协议
real_server 192.168.1.105 80 {
weight 3 #设置权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.21.111 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.21.112 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
将 keepalived启动并加入到开机列表
[root@lvs2 ~]# service keepalived start && chkconfig keepalived on
关闭iptables 及 selinux
[root@lvs2 ~]# iptables –F && iptables –X && service iptables save
[root@lvs2 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
3.5 配置client
在实际生产环境中,此设备应该是一个路由器,我们就用此设备来测试我们的实验架构:
[root@client ~]# hostname client.example.com
[root@ client ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ON BOOT=yes
BOOTPROTO=static
IPADDR=172.16.21. 254
PREFIX=24
GATEWAY=172.16.21.254
DNS1=8.8.8.8
四、 实验测试
1、用不同的client 访问 http://172.16.21.253,LVS会根据算法轮流返回后端的服务器资源;
2、模拟宕掉主LVS1(关机或挂起),服务器照常工作,再宕掉Web1,这时只会显示Web2,这样就实现ip负载均衡、高可用集群;
3、当主LVS恢复后,会切换成主动服务器,如果Keepalived监控模块检测web服务器故障恢复后,恢复的主机又将此节点加入集群系统中。
常用命令
[root@lvs1 ~]# ip addr show #查看虚拟IP
[root@lvs1 ~]# ipvsadm –Ln #查看当前LVS规则
(责任编辑:IT)
实验部署软件清单 CentOS 6.4 X64 mini Keepalived-1.2.7.tar.gz Ipvsadm 1.2.5-10
二、 实验目的 使用Keepalived实现基于LVS(DR)模式的集群方案,系统架构如下拓朴结构图,我们使用Keepalived 实现 VIP在两台LVS之间切换,LVS1作为缺省调度器,当LVS1调度器出现故障后,LVS2可以自动接管LVS1。当前的调度器负责把客户请求转发给后端真实的服务器(web1与web2),由于LVS工作在DR模式下,所有的真实服务器需要在自己的Non-ARP设备上设置VIP,最终由后端真实服务器将响应数据包通过路由传递给用户。
Keepalived + LVS 拓朴图
服务器网络信息
三、 实验过程
3.1 web1操作步骤如下:
临时关闭iptables 及selinux [root@web1 ~]# iptables –F && iptables –X && service iptables save [root@web1 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
配置主机名及ip 地址 [root@web1 ~]# hostname web1.example.com [root@web1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
ON BOOTPROTO=static IPADDR=172.16.21.111 PREFIX=24 GATEWAY=172.16.21.254 DNS1=8.8.8.8
添加虚拟接口地址 [root@web1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0
ON BOOTPROTO=static IPADDR=172.16.21.253 PREFIX=32 GATEWAY=172.16.21.254
由于网络中多个设备都设置了VIP地址,为了防止出现地址冲突的问题,需要做一些内核的更改: [root@web1 ~]# vi /etc/sysctl.conf net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
修改sysctl.conf后执行sysctl –p 立即生效 [root@web1 ~]# sysctl –p [root@web1 ~]# service network restart
安装httpd 软件包,并配置启动它。 [root@web1 ~]# yum –y install httpd [root@web1 ~]# echo `uname –n` > /var/www/html/index.html [root@web1 ~]# service httpd start && chkconfig httpd on
3.2 web2操作步骤与web1是几乎是一致的:
临时关闭iptables 及selinux [root@web2 ~]# iptables –F && iptables –X && service iptables save [root@web2 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
配置主机名及ip 地址 [root@web2 ~]# hostname web2.example.com //并在network 中添加 [root@web2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
ON BOOTPROTO=static IPADDR=172.16.21.112 PREFIX=24 GATEWAY=172.16.21.254 DNS1=8.8.8.8
添加虚拟接口地址 [root@web2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0
ON BOOTPROTO=static IPADDR=172.16.21.253 PREFIX=32 GATEWAY=172.16.21.254
[root@web2 ~]# vi /etc/sysctl.conf net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
修改sysctl.conf后执行sysctl –p 立即生效 [root@web2 ~]# sysctl –p [root@web2 ~]# service network restart
安装httpd 软件包,并配置启动它。 [root@web2 ~]# yum –y install httpd [root@web2 ~]# echo `uname –n` > /var/www/html/index.html [root@web2 ~]# service httpd start && chkconfig httpd on
3.3 lvs1调度器操作步骤如下:
配置主机名及IP地址 [root@lvs1 ~]# hostname lvs1.example.com [root@lvs1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
ON BOOTPROTO=static IPADDR=172.16.21.211 PREFIX=24 GATEWAY=172.16.21.254 DNS1=8.8.8.8
安装keepalived [root@lvs1 ~]# yum –y install gcc make wget openssl-devel popt-devel libnl libnl-devel kernel-devel ipvsadm [root@lvs1 ~]# wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz [root@lvs1 ~]# tar zxvf keepalived-1.2.7.tar.gz [root@lvs1 ~]# cd keepalived-1.2.7 [root@lvs1 ~]# ./configure [root@lvs1 ~]# make && make install [root@lvs1 ~]# ln –s /usr/local/etc/keepalived/ /etc [[root@lvs1 ~]# ln –s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ [root@lvs1 ~]# ln –s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@lvs1 ~]# ln –s /usr/local/sbin/keepalived /usr/sbin/
通过keepalived 实现服务的高可用性,我们此时需要修改keepalived 主配置文件――本实验lvs1为主设备,lvs2为从设备,并保证其中一台出现故障后,另一台设备可以及时、激活故障的设备,另需要在该配置文件添加虚拟服务IP,并为该虚拟服务添加后端真实的WEB组与对应的算法,本实验中的算法为rr(轮循). [root@lvs1 ~]# vi /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost } notification_email_from root@example.com smtp_server localhost smtp_connect_timeout 30 router_id LVS_01 }
vrrp_instance HA { state MASTER #主节点,备用节点上为BACKUP interface eth0 #绑定虚拟IP的网络接口 virtual_router_id 51 #VRRP组名,两个节点必须一致 priority 100 #优先级(1-254之间),数值大越高,备用低于100 advert_int 1 #组播信息发送间隔,两个节点设置必须一样 authentication { #验证信息,两个节点必须一致 auth_type PASS auth_pass 1111
}
virtual_ipaddress { #虚拟IP 172.16.21.253 } } virtual_server 172.16.21.253 80 { delay_loop 6 #健康检查时间间隔 lb_algo rr #负载均衡调度算法 lb_kind DR #负载均衡转发规则 #persistence_timeout 20 #设置会话保持时间 protocol TCP #协议 real_server 192.168.1.105 80 { weight 3 #设置权重 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.16.21.111 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.16.21.112 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
将 keepalived启动并加入到开机列表 [root@lvs1 ~]# service keepalived start && chkconfig keepalived on
关闭iptables 及 selinux [root@lvs1 ~]# iptables –F && iptables –X && service iptables save [root@lvs1 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
3.4 因为都是调度器,lvs2调度器操作流程及步骤与lvs1调试器一致,不一致的地方keepalived 配置文件(红色标记):
配置主机名及IP地址 [root@lvs2 ~]# hostname lvs2.example.com [root@lvs2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
ON BOOTPROTO=static IPADDR=172.16.21.212 PREFIX=24 GATEWAY=172.16.21.254 DNS1=8.8.8.8
安装keepalived [root@lvs2 ~]# yum –y install gcc make wget openssl-devel popt-devel libnl libnl-devel kernel-devel ipvsadm [root@lvs2 ~]# wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz [root@lvs2 ~]# tar zxvf keepalived-1.2.7.tar.gz [root@lvs2 ~]# cd keepalived-1.2.7 [root@lvs2 ~]# ./configure [root@lvs2 ~]# make && make install [root@lvs2 ~]# ln –s /usr/local/etc/keepalived/ /etc [[root@lvs2 ~]# ln –s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ [root@lvs2 ~]# ln –s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@lvs2 ~]# ln –s /usr/local/sbin/keepalived /usr/sbin/
配置keepalived,并将此服务器设置为从节点 [root@lvs1 ~]# vi /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost } notification_email_from root@example.com smtp_server localhost smtp_connect_timeout 30 router_id HA_02 }
vrrp_instance HA { state BAKCUP #主节点为MASTER interface eth0 #绑定虚拟IP的网络接口 virtual_router_id 51 #VRRP组名,两个节点必须一致 priority 50 #优先级(1-254之间),数值大越高 advert_int 1 #组播信息发送间隔,两个节点设置必须一样 authentication { #验证信息,两个节点必须一致 auth_type PASS auth_pass 1111
}
virtual_ipaddress { #虚拟IP 172.16.21.253 } } virtual_server 172.16.21.253 80 { delay_loop 6 #健康检查时间间隔 lb_algo rr #负载均衡调度算法 lb_kind DR #负载均衡转发规则 #persistence_timeout 20 #设置会话保持时间 protocol TCP #协议 real_server 192.168.1.105 80 { weight 3 #设置权重 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.16.21.111 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 172.16.21.112 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
将 keepalived启动并加入到开机列表 [root@lvs2 ~]# service keepalived start && chkconfig keepalived on
关闭iptables 及 selinux [root@lvs2 ~]# iptables –F && iptables –X && service iptables save [root@lvs2 ~]# setenforce 1 && echo “/usr/sbin/setenforce 1”>>/etc/rc.local
3.5 配置client
在实际生产环境中,此设备应该是一个路由器,我们就用此设备来测试我们的实验架构: [root@client ~]# hostname client.example.com [root@ client ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
ON BOOTPROTO=static IPADDR=172.16.21. 254 PREFIX=24 GATEWAY=172.16.21.254 DNS1=8.8.8.8
四、 实验测试
1、用不同的client 访问 http://172.16.21.253,LVS会根据算法轮流返回后端的服务器资源; 2、模拟宕掉主LVS1(关机或挂起),服务器照常工作,再宕掉Web1,这时只会显示Web2,这样就实现ip负载均衡、高可用集群; 3、当主LVS恢复后,会切换成主动服务器,如果Keepalived监控模块检测web服务器故障恢复后,恢复的主机又将此节点加入集群系统中。 常用命令 [root@lvs1 ~]# ip addr show #查看虚拟IP
[root@lvs1 ~]# ipvsadm –Ln #查看当前LVS规则 |