LVS高可用负载均衡集群搭建(keepalived主备)

时间:2022-09-15 08:26:03

1.安装ipvsadm

# yum -y install ipvsadm


2. 安装keepalived

# wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz

# tar -zxf keepalived-1.2.24.tar.gz

# yum -y install popt popt-devel

# yum -y install libnfnetlink libnfnetlink-devel

# cd keepalived-1.2.24

# ./configure --prefix=/usr/local/keepalived --sysconf=/etc

# make && make install

# ln -s /usr/local/keepalived/sbin/keepalived /sbin/


3. 配置Keepalived

# vim /etc/keepalived/keepalived.conf

主机配置

! Configuration File for keepalived
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_BACKUP_DEVEL              主备机可变
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}


vrrp_instance VI_1 {
    state MASTER                                               主机为MASTER,备机为BACKUP
    interface eno50332208                               注意使用的网卡
    virtual_router_id 51                                      主备机必须一致
    priority 100                                                     主机必须比备机大
    advert_int 1                                                    主备机同步检查时间间隔
    authentication {
        auth_type PASS 验证类型,有PASS和HA两种
        auth_pass 1111  验证密码,主备机必须使用相同的类型和密码才能正常通讯

    }
    virtual_ipaddress {
        192.168.79.200 虚拟IP(VIP)
    }
}


virtual_server 192.168.79.200 80 {
    delay_loop 6  运行情况检查时间
    lb_algo wrr                                                    负载均衡调度算法
    lb_kind DR                                                    负载均衡机制,有NAT、TUN、DR三种
    persistence_timeout 60                              会话保持时间
    protocol TCP


    real_server 192.168.79.11 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3                                3秒无响应则超时
            nb_get_retry 3                                      重试次数
            delay_before_retry 3                           重试间隔时间
        }
    }
}

备机配置

在主机配置基础上修改,观察主机配置的蓝色部分


4. 配置防火墙

# systemctl stop firewalld.service

# systemctl disable firewalld.service

# yum -y install iptables-services

# vim /etc/sysconfig/iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
-A INPUT -d 192.168.79.0/24 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT

# systemctl start iptables.service


5. 配置real server(注意开启服务端口)

# vim /etc/init.d/lvsrs

# chmod 755 /etc/init.d/lvsrs

# chmod 755 /etc/rc.d/init.d/functions

# service lvsrs start


lvsrs脚本内容

#!/bin/bash
#description:   start real server
VIP=192.168.79.200
./etc/rc.d/init.d/functions
case "$1" in
        start)
                echo "Start LVS of Real Server"
                /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
                ;;
        stop)
                /sbin/ifconfig lo:0 down
                echo "Close LVS Director Server"
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
                ;;
        *)
                echo "Usage : $0 {start|stop}"
                exit 1
esac


6. 开启Keepalived,配置ipvsadm

# systemctl start keepalived.service

# ipvsadm -A -t 192.168.79.200:80 -s wrr -p 10

# ipvsadm -a -t 192.168.79.200:80 -t 192.168.79.11:80 -g -w 1

# ipvsadm -a -t 192.168.79.200:80 -t 192.168.79.129:80 -g -w 1


7. 测试

测试点一:负载均衡功能:两个不同客户机请求,查看是否由不同的real server响应(可用openresty配置好站点,不同server响应内容不同即可观测)

测试点二:real server故障转移功能:关闭其中一台real server的nginx,查看请求是否转移到另一台real server

测试点三:主备切换功能:关闭主机Keepalived(备机正常),查看备机Keepalived是否接管VIP并继续提供负载均衡服务和故障转移;

重启备机Keepalived(主机正常),查看主机是否继续拥有VIP并继续提供负载均衡服务和故障转移