目录
1.环境介绍
2.配置keepalived
3.测试
1.测试负载均衡
2.测试RS高可用
3.测试LVS高可用
3.1测试lvs主服务宕机
3.2.测试lvs主服务器恢复
4.我在实验中遇到的错误
1.环境介绍
环境:centos7
RS1---RIP1:192.168.163.145
VIP 192.168.163.200
RS2---RIP2:192.168.163.146
VIP 192.168.163.200
LVS_MASTER : DIP 192.168.163.144
VIP:192.168.163.200
LVS_BACKUP: DIP 192.168.163.150
VIP:192.168.163.200
CLIENT :192.168.163.151
我使用的是LVS-DR模式来负载均衡,详情请见http://t.csdn.cn/iiU4s
ipvsadm 已经在这篇文章搭建好
2.配置keepalived
现在我们需要在两台LVS服务器都下载keepalivd
yum install keepalived -y
下载号后,我们会在/etc/keepalived的目录下找一个配置文件文件
[root@lvs-backup ~]# cd /etc/keepalived/
[root@lvs-backup keepalived]# ll
total 4
-rw-r--r--. 1 root root 1376 Aug 31 12:12 keepalived.conf
里面内容如下
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}
#上面的配置无需关注,重点关注和修改下面的配置
vrrp_instance VI_1 {state MASTER#标识当前lvs是主,根据实际lvs服务器规划确定,可选值MASTER和BACKUPinterface eth0#lvs服务器提供服务器的网卡,根据实际服务器网卡进行修改virtual_router_id 51#lvs提供的服务所属ID,目前无需修改priority 100#lvs服务器的优先级,主服务器最高,备份服务器要低于主服务器advert_int 1authentication {auth_type PASSauth_pass 1111}#virtual_ipaddress用于配置VIP和LVS服务器的网卡绑定关系,一般需要修改#示例: 192.168.116.134/24 dev ens33 label ens33:9virtual_ipaddress {192.168.200.16192.168.200.17192.168.200.18}
}
#配置lvs服务策略,相当于ipvsadm -A -t 192.168.116.134:80 -s rr,一般需要修改
virtual_server 192.168.200.100 443 {delay_loop 6lb_algo rr#配置lvs调度算法,默认轮询lb_kind NAT#配置lvs工作模式,可以改为DRpersistence_timeout 50#用于指定同一个client在多久内,只去请求第一次提供服务的RS,为查看轮询效 果,这里需要改为0protocol TCP#TCP协议#配置RS信息,相当于ipvsadm -a -t 192.168.116.134:80 -r 192.168.116.131 -greal_server 192.168.201.100 443 {weight 1#当前RS的权重SSL_GET {#SSL_GET健康检查,一般改为HTTP_GET#两个url可以删除一个,url内的内容改为path /和status_code 200,digest删除url {path /digest ff20ad2481f97b1754ef3e12ecd3a9cc}url {path /mrtg/digest 9b3a0c85a887a256d6939da88aabd8cd}connect_timeout 3nb_get_retry 3delay_before_retry 3}}
}
#下面的配置实际是两组lvs服务的配置,含义和上面的lvs服务配置一致。如果用不到,下面的配置可以全部删除
virtual_server 10.10.10.2 1358 {delay_loop 6lb_algo rrlb_kind NATpersistence_timeout 50protocol TCPsorry_server 192.168.200.200 1358real_server 192.168.200.2 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.200.3 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c}url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c}connect_timeout 3nb_get_retry 3delay_before_retry 3}}
}virtual_server 10.10.10.3 1358 {delay_loop 3lb_algo rrlb_kind NATpersistence_timeout 50protocol TCPreal_server 192.168.200.4 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.200.5 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d}connect_timeout 3nb_get_retry 3delay_before_retry 3}}
}
在两台机器上修改我们需要修改的配置
LVS_MASTER
[root@lvs ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addr#vrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 200advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.163.200/24 brd 192.168.163.255 dev ens33 label ens33:200}
}virtual_server 192.168.163.200 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.255.0persistence_timeout 0protocol TCPreal_server 192.168.163.145 80 {weight 1HTTP_GET {url {path /index.htmlstatus_code 200}connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.163.146 80 {weight 1HTTP_GET {url {path /index.htmlstatus_code 200}connect_timeout 3nb_get_retry 3delay_before_retry 3}}}
LVS_BACKUP
[root@lvs-backup keepalived]# cat keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addr#vrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 180advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.163.200/24 brd 192.168.163.255 dev ens33 label ens33:200}
}virtual_server 192.168.163.200 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.255.0persistence_timeout 0protocol TCPreal_server 192.168.163.145 80 {weight 1HTTP_GET {url {path /index.htmlstatus_code 200}connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.163.146 80 {weight 1HTTP_GET {url {path /index.htmlstatus_code 200}connect_timeout 3nb_get_retry 3delay_before_retry 3}}}
注意:主服务的优先级要高于备份服务器
在两台服务器上开启keepalived服务
[root@lvs ~]# systemctl restart keepalived
上述步骤执行完毕后,可以在lvs主服务器和备份服务器分别执行ifconfig命令,可以查看到VIP被绑定到了主服务器,如下:
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.144 netmask 255.255.255.0 broadcast 192.168.163.255inet6 fe80::491f:4a6e:f34:a1b9 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:a3:4f:a2 txqueuelen 1000 (Ethernet)RX packets 156094 bytes 70487425 (67.2 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 195001 bytes 16040484 (15.2 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.200 netmask 255.255.255.0 broadcast 192.168.163.255ether 00:0c:29:a3:4f:a2 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 331 bytes 28808 (28.1 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 331 bytes 28808 (28.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@lvs ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.163.200:80 rr-> 192.168.163.145:80 Route 1 0 0 -> 192.168.163.146:80 Route 1 0 0
3.测试
1.测试负载均衡
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
2.测试RS高可用
关闭一台RS后(这里可以使用ifconfig 网卡名 down命令暂时关闭网卡),客户端继续发起请求,查看是否可以正常访问,如下:
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
会发现,此时客户端可以正常访问,但只有RS2在提供服务。这说明,keepAlived检测到了RS1服务器异常,将其剔除了。
此时再启动RS1服务器,客户端继续访问,会发现响应结果如下,keepAlived检测到RS1服务器恢复正常,又将其加入服务列表了。
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
3.测试LVS高可用
这里主要进行两个测试
3.1测试lvs主服务宕机
使用ifconfig 网卡名 down命令,关闭主服务器网卡,此时主服务器不能提供服务。观察备份服务器是否将VIP绑定到自己,以及客户端是否可以继续正常访问。如下:
关闭主服务器网卡
[root@lvs ~]# ifconfig ens33 down
观察备份服务器,会发现VIP已经绑定过来了。这里实际是keepAlived检测到了主服务器的异常,而做出的故障转移和自动切换。
[root@lvs-backup keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.150 netmask 255.255.255.0 broadcast 192.168.163.255inet6 fe80::94e3:7456:5dc9:ce5d prefixlen 64 scopeid 0x20<link>inet6 fe80::9aec:8c8f:ee55:a8eb prefixlen 64 scopeid 0x20<link>ether 00:0c:29:c0:57:db txqueuelen 1000 (Ethernet)RX packets 43484 bytes 5026535 (4.7 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 12787 bytes 1188939 (1.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.200 netmask 255.255.255.0 broadcast 192.168.163.255ether 00:0c:29:c0:57:db txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
用客户进行测试
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.145 .
[root@client ~]# curl 192.168.163.200
web1 test, ip is 192.168.163.146 .
3.2.测试lvs主服务器恢复
上述测试通过后,可以开启主服务器网卡,让其能够提供服务,然后观察VIP是否会回到主服务器。
开启主服务器网卡
[root@lvs ~]# ifconfig ens33 up
我们会发现,在主服务器开启端口后,VIP又换绑到主服务器上了
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.144 netmask 255.255.255.0 broadcast 192.168.163.255inet6 fe80::491f:4a6e:f34:a1b9 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:a3:4f:a2 txqueuelen 1000 (Ethernet)RX packets 157697 bytes 70649781 (67.3 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 200310 bytes 16401598 (15.6 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens33:200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.200 netmask 255.255.255.0 broadcast 192.168.163.255ether 00:0c:29:a3:4f:a2 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 331 bytes 28808 (28.1 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 331 bytes 28808 (28.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@lvs-backup keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.163.150 netmask 255.255.255.0 broadcast 192.168.163.255inet6 fe80::94e3:7456:5dc9:ce5d prefixlen 64 scopeid 0x20<link>inet6 fe80::9aec:8c8f:ee55:a8eb prefixlen 64 scopeid 0x20<link>ether 00:0c:29:c0:57:db txqueuelen 1000 (Ethernet)RX packets 43995 bytes 5081851 (4.8 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 13240 bytes 1226592 (1.1 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4.我在实验中遇到的错误
在测试阶段,我发现即使我的VIP已经成功和服务器绑定,也有当前ipvs模块中记录的链接,但就是无法通过VIP连接,这是因为在keepalived配置文件中,关于vrrp协议的vrrp_strict是默认打开的我们需要把他注释掉,这样就能顺利连接了