Linux学习-keepalived实现LVS高可用

Keepalived实现LVS高可用

环境准备

环境说明：LVS-DR模式

client1：eth0->192.168.88.10

lvs1：eth0->192.168.88.5

lvs2：eth0->192.168.88.6

web1：eth0->192.168.88.100

web2：eth0->192.168.88.200

配置高可用、负载均衡

1.在2台web服务器的lo上配置vip

2.在2台web服务器上配置内核参数

#临时先做修改
sysctl -w net.ipv4.conf.all.arp_announce=2
sysctl -w net.ipv4.conf.eth0.arp_announce=2
sysctl -w net.ipv4.conf.all.arp_ignore=1
sysctl -w net.ipv4.conf.eth0.arp_ignore=1
#修改/etc/sysctl.conf内核配置文件
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1

通过Ansible两台LVS主机上配置keepalived

#ansible配置文件
[root@pubserver cluster]# vim ansible.cfg 
[defaults]
host_key_checking = false
inventory=inventory
#配置主机清单文件
[root@pubserver cluster]# vim inventory
...略...
[lb]
lvs1 ansible_host=192.168.88.5
lvs2 ansible_host=192.168.88.6
#书写yml安装软件包
[root@pubserver cluster]# vim 11-install-lvs2.yml
---
- name: install lvs keepalived
  hosts: lb
  tasks:
    - name: install pkgs    # 安装软件包
      yum:
        name: ipvsadm,keepalived
        state: present
#配置/etc/keepalived/keepalived.conf，两台LVS都需要配置，另一台修改state MASTER,priority 100
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lvs1          #为本机取一个唯一的ID
   vrrp_iptables		   #自动开启iptables放行规则
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP      #状态，主为MASTER，备为BACKUP
    interface eth0    #网卡名称
    virtual_router_id 51      #虚拟路由地址，同一个keepalived集群须相同
    priority 80       #优先级
    advert_int 1      #发送心跳消息间隔
    authentication {
        auth_type PASS      #认证类型为共享密码
        auth_pass 1111      #集群中的机器密码相同，方可成为集群
    }
    virtual_ipaddress {
        192.168.88.15/24        #VIP地址
    }

}

virtual_server 192.168.88.15 80 {
    delay_loop 6       #健康检查延迟6秒
    lb_algo wrr        #调度算法为WRR
    lb_kind DR          #工作模式为DR
    #persistence_timeout 50       #50秒内相同客户端调度到相同服务器
        protocol TCP              #协议为TCP

    real_server 192.168.88.100 80 {      #声明真实服务器
        weight 1              #权重
        TCP_CHECK {       #通过TCP协议对真实服务器做健康检查
          connect_timeout 3       #连接超时时间为3秒
          nb_get_retry 3          #3次访问失败认为真实服务器故障
          delay_before_retry 3       #两次检查时间的间隔为3秒
        }
    }
    real_server 192.168.88.200 80 {
        weight 2
        TCP_CHECK {
          connect_timeout 3
          nb_get_retry 3
          delay_before_retry 3
        }
    }
}
#修改完成后在两台LVS启动keepalived服务
[root@lvs1 ~]# systemctl start keepalived
# 验证
[root@lvs1 ~]# ip a s eth0 | grep 88
    inet 192.168.88.5/24 brd 192.168.88.255 scope global noprefixroute eth0
    inet 192.168.88.15/32 scope global eth0
[root@lvs1 ~]# ipvsadm -Ln    # 出现规则
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.88.15:80 wrr persistent 50
  -> 192.168.88.100:80            Route   1      0          0         
  -> 192.168.88.200:80            Route   2      0          0    
# 在客户端验证
[root@client1 ~]# for i in {1..6}; do curl http://192.168.88.15/; done
Welcome from web2
Welcome from web1
Welcome from web2
Welcome from web2
Welcome from web1
Welcome from web2

# 1. 验证真实服务器健康检查
[root@web1 ~]# systemctl stop nginx
[root@lvs1 ~]# ipvsadm -Ln   # web1在规则中消失
[root@lvs2 ~]# ipvsadm -Ln

[root@web1 ~]# systemctl start nginx
[root@lvs1 ~]# ipvsadm -Ln   # web1重新出现在规则中
[root@lvs2 ~]# ipvsadm -Ln