keepalive實(shí)戰(zhàn)之LVS-DR

實(shí)驗(yàn)?zāi)康?/strong>

構(gòu)建LVS-DR架構(gòu),為了達(dá)到LVS的高可用目的,故在LVS-DR的Director端做Keepalive集群,在Director-A上做keepalive-A,在Director做keepalive-B,LVS-RS1和LVS-RS2為后端的兩臺(tái)web服務(wù)器,通過在Director上做keepalive集群實(shí)現(xiàn)高可用的目的

實(shí)驗(yàn)拓?fù)鋱D

實(shí)驗(yàn)環(huán)境(keepalive節(jié)點(diǎn)同時(shí)作為LVS的director節(jié)點(diǎn))

keepalive-A(Director-A) 172.16.253.108
keepalive-B(Director-A) 172.16.253.105
LVS-RS1                 172.16.250.127
LVS-RS2                 172.16.253.193
VIP                     172.16.253.150
client                  172.16.253.177

LVS-RS web集群

為了更好的觀察實(shí)驗(yàn)效果,故在此將RS1和RS2的web頁面內(nèi)容設(shè)置內(nèi)容不一致,以致可以更清晰的區(qū)分RS1服務(wù)端和RS2服務(wù)端

LVS-RS1

[root@LVS-RS1 ~]# systemctl restart chronyd  \\多臺(tái)服務(wù)器時(shí)間同步
[root@LVS-RS1 ~]# iptables -F
[root@LVS-RS1 ~]# setenforce 0
[root@LVS-RS1 ~]# yum -y install nginx
[root@LVS-RS1 ~]# vim /usr/share/nginx/html/index.html 
<h1> Web RS1 </h1>
[root@LVS-RS1 ~]# systemctl start nginx

修改內(nèi)核參數(shù)并添加VIP地址
[root@LVS-RS1 ~]# vim lvs_dr.sh
#!/bin/bash
#
vip=172.16.253.150
mask=255.255.255.255
iface="lo:0"

case $1 in
start)
    ifconfig $iface $vip netmask $mask broadcast $vip up
    route add -host $vip dev $iface
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ;;
stop)
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $iface down
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@LVS-RS1 ~]# bash lvs_dr.sh start
[root@LVS-RS1 ~]# ifconfig 
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 172.16.253.150  netmask 255.255.255.255
    loop  txqueuelen 1  (Local Loopback)

LVS-RS2

[root@LVS-RS2 ~]# systemctl restart chronyd  \\多臺(tái)服務(wù)器時(shí)間同步
[root@LVS-RS2 ~]# iptables -F
[root@LVS-RS2 ~]# setenforce 0
[root@LVS-RS2 ~]# yum -y install nginx
[root@LVS-RS2 ~]# vim /usr/share/nginx/html/index.html
<h1> Web RS2 </h1>
[root@LVS-RS2 ~]# systemctl start nginx

修改內(nèi)核參數(shù)并添加VIP地址
[root@LVS-RS2 ~]# vim lvs_dr.sh
#!/bin/bash
#
vip=172.16.253.150
mask=255.255.255.255
iface="lo:0"

case $1 in
start)
    ifconfig $iface $vip netmask $mask broadcast $vip up
    route add -host $vip dev $iface
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ;;
stop)
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $iface down
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@LVS-RS1 ~]# bash lvs_dr.sh start
[root@LVS-RS1 ~]# ifconfig 
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 172.16.253.150  netmask 255.255.255.255
    loop  txqueuelen 1  (Local Loopback)

keepalive集群

Director節(jié)點(diǎn)搭建

keepalive-A

[root@keepaliveA ~]# systemctl restart chronyd  \\多臺(tái)服務(wù)器時(shí)間同步
[root@keepaliveA ~]# yum -y install ipvsadm

keepalive-B

[root@keepaliveB ~]# systemctl restart chronyd  \\多臺(tái)服務(wù)器時(shí)間同步
[root@keepaliveB ~]# yum -y install ipvsadm

keepalive上配置web的sorry server

keepalive-A

[root@keepaliveA ~]# yum -y install nginx
[root@keepaliveA ~]# vim /usr/share/nginx/html/index.html 
</h1> sorry from Director-A(keepalive-A) </h1>
[root@keepaliveA ~]# systemctl start nginx

keepalive-B

[root@keepalive-B ~]# yum -y install nginx
[root@keepalive-B ~]# vim /usr/share/nginx/html/index.html 
</h1> sorry from Director-B(keepalive-B) </h1>
[root@keepaliveB ~]# systemctl start nginx

keepalive-A配置keepalive

keepalive-A

[root@keepalive-A ~]# iptables -F
[root@keepalive-A ~]# yum -y install keepalived
[root@keepaliveA ~]# vim /etc/keepalived/keepalived.conf
global_defs {  
    notification_email {  \\定義郵件通知設(shè)置
        zzu@cxjing.com  \\定義郵件接收地址
    }
    notification_email_from ka_admin@danran.com \\郵件發(fā)送者
    smtp_server 127.0.0.1 \\郵件server服務(wù)器
    smtp_connect_timeout 30  \\連接超時(shí)
    router_id keepaliveA \\route的ID信息,自定義
    vrrp_mcast_group4 224.103.5.5 \\多播地址段,默認(rèn)為224.0.0.18 
}
vrrp_instance VI_A {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass qr8hQHuL
    }
virtual_ipaddress {
    172.16.253.150/32 dev ens33
}

virtual_server 172.16.253.150 80 {
    delay_loop 6  \\服務(wù)輪詢的時(shí)間間隔
    lb_algo rr  \\定義調(diào)度方法;
    lb_kind DR  \\集群的類型;
    protocol TCP \\服務(wù)協(xié)議,僅支持TCP;
    sorry_server 127.0.0.1 80 \\指定sorry server,且為本機(jī)的wen服務(wù)提供的web頁面
    
    real_server 172.16.250.127 80 {
        weight 1  \\權(quán)重
        SSL_GET {  \\應(yīng)用層檢測(cè)
            url {
                path /  \\定義要監(jiān)控的URL
                #digest ff20ad2481f97b1754ef3e12ecd3a9cc \\判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)的內(nèi)容的校驗(yàn)碼;
                status_code 200  \\判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)碼
            }
            connect_timeout 3 \\連接請(qǐng)求的超時(shí)時(shí)長;
            nb_get_retry 3  \\重試次數(shù)
            delay_before_retry 1  \\重試之前的延遲時(shí)長
        }
    }
    real_server  172.16.253.193 80 {
        weight 1
        SSL_GET {
            url {
                path /
                #digest ff20ad2481f97b1754ef3e12ecd3a9cc 
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 1
        }
    }
}
[root@keepaliveA ~]# systemctl start keepalived 
[root@keepaliveA ~]# ip a l
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:75:dc:3c brd ff:ff:ff:ff:ff:ff
     inet 172.16.253.150/32 scope global ens33
   valid_lft forever preferred_lft forever
[root@keepaliveA ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.150:80 rr
    -> 172.16.250.127:80            Route   1      0          0         
-> 172.16.253.193:80            Route   1      0          0

keepalive-B配置keepalive

keepalive-B

[root@keepalive-B ~]# iptables -F
[root@keepalive-B ~]# yum -y install keepalived
[root@keepaliveA ~]# vim /etc/keepalived/keepalived.conf
global_defs {  
    notification_email {  \\定義郵件通知設(shè)置
        jevon@danran.com  \\定義郵件接收地址
    }
    notification_email_from ka_admin@danran.com \\郵件發(fā)送者
    smtp_server 127.0.0.1 \\郵件server服務(wù)器
    smtp_connect_timeout 30  \\連接超時(shí)
    router_id keepaliveA \\route的ID信息,自定義
    vrrp_mcast_group4 224.103.5.5 \\多播地址段,默認(rèn)為224.0.0.18 
}
vrrp_instance VI_A {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 95
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass qr8hQHuL
    }
virtual_ipaddress {
    172.16.253.150/32 dev ens33
}

virtual_server 172.16.253.150 80 {
    delay_loop 6  \\服務(wù)輪詢的時(shí)間間隔
    lb_algo rr  \\定義調(diào)度方法;
    lb_kind DR  \\集群的類型;
    protocol TCP \\服務(wù)協(xié)議,僅支持TCP;
    sorry_server 127.0.0.1 80 \\指定sorry server,且為本機(jī)的wen服務(wù)提供的web頁面

    real_server 172.16.250.127 80 {
        weight 1  \\權(quán)重
        SSL_GET {  \\應(yīng)用層檢測(cè)
            url {
                path /  \\定義要監(jiān)控的URL
                #digest ff20ad2481f97b1754ef3e12ecd3a9cc \\判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)的內(nèi)容的校驗(yàn)碼;
                status_code 200  \\判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)碼
            }
            connect_timeout 3 \\連接請(qǐng)求的超時(shí)時(shí)長;
            nb_get_retry 3  \\重試次數(shù)
            delay_before_retry 1  \\重試之前的延遲時(shí)長
        }
    }
    real_server  172.16.253.193 80 {
        weight 1
        SSL_GET {
            url {
                path /
                #digest ff20ad2481f97b1754ef3e12ecd3a9cc 
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 1
        }
    }
}
[root@keepaliveB ~]# systemctl start keepalived 
[root@keepalive-B ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.150:http rr
    -> 172.16.250.127:http          Route   1      0          0         
    -> 172.16.253.193:http          Route   1      0          0

訪問測(cè)試

client訪問測(cè)試

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>

當(dāng)keepalive-A故障時(shí)

[root@keepaliveA ~]# systemctl stop keepalived

keepalive-B自動(dòng)成為MASTER主節(jié)點(diǎn),則LVS的director調(diào)度器切換至keepalive-B上,LVS-RS1和LVS-RS2的web服務(wù)正常使用

client訪問測(cè)試

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>

當(dāng)LVS-RS1和LVS-RS2的web服務(wù)全部故障時(shí)

[root@LVS-RS1 ~]# iptables -A INPUT -p tcp --dport 80 -j REJECT
[root@LVS-RS2 ~]# iptables -A INPUT -p tcp --dport 80 -j REJECT

client訪問到sorry server服務(wù)器,且sorry server服務(wù)器為keepalive-A

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
</h1> sorry from Director-A(keepalive-A) </h1> 
</h1> sorry from Director-A(keepalive-A) </h1> 
</h1> sorry from Director-A(keepalive-A) </h1> 
</h1> sorry from Director-A(keepalive-A) </h1> 
</h1> sorry from Director-A(keepalive-A) </h1>

當(dāng)keepaliveA故障時(shí)

[root@keepaliveA ~]# systemctl stop keepalived.service

client訪問sorry server服務(wù)頁面,且sorry server服務(wù)器為為keepalive-B

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
</h1> sorry from Director-B(keepalive-B) </h1>
</h1> sorry from Director-B(keepalive-B) </h1>
</h1> sorry from Director-B(keepalive-B) </h1>
</h1> sorry from Director-B(keepalive-B) </h1>
</h1> sorry from Director-B(keepalive-B) </h1>

LVS-RS1的web服務(wù)恢復(fù)正常后

[root@LVS-RS1 ~]# iptables -F

client訪問測(cè)試

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
<h1> Web RS1 </h1>
<h1> Web RS1 </h1>
<h1> Web RS1 </h1>
<h1> Web RS1 </h1>
<h1> Web RS1 </h1>

LVS-RS1和LVS-RS2的web服務(wù)全部恢復(fù)正常后

[root@LVS-RS1 ~]# iptables -F  
[root@LVS-RS2 ~]# iptables -F

client訪問測(cè)試

[root@client ~]# for i in {1..10};do curl http://172.16.253.150;done
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>
<h1> Web RS1 </h1>
<h1> Web RS2 </h1>

保存及重載規(guī)則

保存:建議保存至/etc/sysconfig/ipvsadm

ipvsadm-save > /PATH/TO/IPVSADM_FILE
ipvsadm -S > /PATH/TO/IPVSADM_FILE
systemctl stop ipvsadm.service

重載

ipvsadm-restore < /PATH/FROM/IPVSADM_FILE
ipvsadm -R < /PATH/FROM/IPVSADM_FILE
systemctl restart ipvsadm.service

keepalive節(jié)點(diǎn)通過DNS域名解析指向現(xiàn)實(shí)

獲取web頁面內(nèi)容的校驗(yàn)碼

[root@keepaliveA ~]# genhash -s 172.16.250.127 -p 80 -u /
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 【摘要】 面對(duì)大量用戶訪問、高并發(fā)請(qǐng)求,海量數(shù)據(jù),可以使用高性能的服務(wù)器、大型數(shù)據(jù)庫,存儲(chǔ)設(shè)備,高性能Web服務(wù)器...
    靜修佛緣閱讀 4,826評(píng)論 0 24
  • 負(fù)載均衡集群是 load balance 集群的簡寫,翻譯成中文就是負(fù)載均衡集群。常用的負(fù)載均衡開源軟件有ngin...
    jiangmo閱讀 1,465評(píng)論 0 1
  • 集群的概念LVS介紹ipvsadm的使用實(shí)現(xiàn)LVS-NAT實(shí)現(xiàn)LVS-DRLVS高可用 一、集群的概念 (一)系統(tǒng)...
    哈嘍別樣閱讀 848評(píng)論 0 2
  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,569評(píng)論 19 139
  • Linux系統(tǒng)之lvs集群 集群的基本思想 由于現(xiàn)代化業(yè)務(wù)上線的需求, 單服務(wù)器已經(jīng)不能滿足業(yè)務(wù)的需要, 業(yè)務(wù)服務(wù)...
    魏鎮(zhèn)坪閱讀 3,909評(píng)論 0 14

友情鏈接更多精彩內(nèi)容