LVS+keepalived 高可用负载均衡

目录

[工具: keepalived (专为LVS和HA设计的一款健康检查工具)](#工具: keepalived (专为LVS和HA设计的一款健康检查工具))

协议:VRRP协议

一个合格的集群,应该具备哪些特性:

健康检查(探针)的方式:

主备切换:怎么确定主备

故障案例

实操:keeplived主备切换

[安装软件 keepalived](#安装软件 keepalived)

更改配置

测试:

将主的keepalived的服务关闭

[将主在重新开启 (再次回到主)](#将主在重新开启 (再次回到主))

实操:LVS+keepalived的高可用

分别建立网页

更改keepalived配置

验证:

打开浏览器访问:http://192.168.17.101/index.html

发现页面刷新不会进行跳转

再次打开浏览器测试


工具: keepalived (专为LVS和HA设计的一款健康检查工具)

协议:VRRP协议

一个合格的集群,应该具备哪些特性:

1.负载均衡 Nginx LVS HAProxy F5

2.健康检查(探针)

3.故障转移主备之间的切换(通过VIP漂移实现)

通过接收VRRP消息来确定主还活着

健康检查(探针)的方式:

1.发送心跳消息 ping/pong

2.TCP端口检查 向目标主机的 IP:PORT 发起TCP连接请求,如果TCP连接三次握手成功则认为健康检查探测成功,否则认为健康检查探测失败

3.HTTP URL检查 向目标主机的 http://IP:PORT/URL路径 发送 HTTP GET 请求方法,

如果响应消息是2XX 3XX状态码则认为健康检查探测成功

如果响应消息是4XX 5XX状态码则认为健康检查探测失败

主备切换:怎么确定主备

根据state状态 master为主 backup为备

根据优先级 优先级高的为主

优先级一样根据ip地址,数字越大的为主

故障案例

脑裂故障

现象:主服务器和备服务器同时拥有VIP

原因:因为主服务器和备服务器之间的通信链路中断,导致备服务器无法收到主服务器发送的VRRP通告消息,备服务器误认为主服务器故障了并通过IP命令生成VIP

解决:关闭主服务器或备服务器其中一个的keepalived服务

预防:(1)主服务器和备服务器之间添加双链路通信

(2)在主服务器上添加脚本进行判断与备服务器通信链路是否中断,如果确实是链路中断则自行关闭keepalived服务

(3)利用第三方应用或监控系统检测是否发送脑裂故障,如果发送脑裂故障则通过第三方应用或监控系统来关闭主服务器或备服务器上的keepalived服务

实操:keeplived主备切换

主:192.168.17.27

备:192.168.17.31

安装软件 keepalived

bash 复制代码
yum install keepalive -y

更改配置

主:

bash 复制代码
cd /etc/keepalived/

cp keepalived.conf{,.bak} #改配置文件前先备份

vim keepalived.conf  #修改配置文件

#配置如下
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_01
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.17.101
    }
}

备:

bash 复制代码
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_02
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.17.101
    }
}

测试:

bash 复制代码
systemctl restart keepalived.service #启动

ip a #查看

备:

将主的keepalived的服务关闭

bash 复制代码
systemctl stop keepalived  #关闭服务

ip a

备:

将主在重新开启 (再次回到主)

备:

实操:LVS+keepalived的高可用

节点服务器: keepalived:

1:192.168.17.13 主:192.168.17.27

2:192.168.17.25 备:192.168.17.31

分别建立网页

1:

bash 复制代码
systemctl stop firewalld
setenforce 0

echo 'this is web1'>index.html    #设置网页

vim /etc/sysctl.conf  #添加配置
  #配置如下
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

sysctl -p   #加载
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2


vim /etc/sysconfig/network-scripts/ifcfg-lo:0  #更改配置文件
      #配置如下
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.17.101
NETMASK=255.255.255.255

route add -host 192.168.17.101 dev lo:0  #设置回环地址

route -n                                #查看是否设置成功
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.17.2    0.0.0.0         UG    100    0        0 ens33
192.168.17.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.17.101  0.0.0.0         255.255.255.255 UH    0      0        0 lo
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

2:

bash 复制代码
systemctl stop firewalld
setenforce 0

echo 'this is web2'>index.html    #设置网页

vim /etc/sysctl.conf  #添加配置
  #配置如下
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

sysctl -p   #加载
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2


vim /etc/sysconfig/network-scripts/ifcfg-lo:0  #更改配置文件
      #配置如下
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.17.101
NETMASK=255.255.255.255

route add -host 192.168.17.101 dev lo:0  #设置回环地址

systemctl restart network   #重启服务

route -n                                #查看是否设置成功
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.17.2    0.0.0.0         UG    100    0        0 ens33
192.168.17.0    0.0.0.0         255.255.255.0   U     100    0        0 ens33
192.168.17.101  0.0.0.0         255.255.255.255 UH    0      0        0 lo
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

更改keepalived配置

主:192.168.17.27

备:192.168.17.31

主:

bash 复制代码
systemctl stop keepalived.service 

\cp -f keepalived.conf.bak keepalived.conf  #还原配置文件


vim keepalived.conf  #更改配置文件

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_01
}           
            
vrrp_instance VI_1 {
    state MASTER
    interface ens33 
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress { 
        192.168.17.101
    } 
}   
    
virtual_server 192.168.17.101 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 0
    protocol TCP

    real_server 192.168.17.13 80 {
        weight 1
        TCP_GET {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 192.168.17.101 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 0
    protocol TCP

    real_server 192.168.17.25 80 {
        weight 1
        TCP_GET {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
bash 复制代码
yum install -y ipvsadm  

ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
systemctl enable ipvsadm

systemctl start keepalived.service 
-bash-4.2# systemctl enable keepalived.service 
-bash-4.2# systemctl status keepalived.service 

ipvsadm -ln    #自动加载
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.17.101:80 rr
  -> 192.168.17.13:80             Route   1      0          0         
  -> 192.168.17.25:80             Route   1      0          0       

  
scp keepalived.conf 192.168.17.31:`pwd` #将配置文件传给另一台keepalived

备:

bash 复制代码
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_01
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.17.101
    }
}

virtual_server 192.168.17.101 80 {
    delay_loop 6
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_01
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.17.101
    }
}

virtual_server 192.168.17.101 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 0
    protocol TCP

    real_server 192.168.17.13 80 {
        weight 1
        TCP_GET {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

virtual_server 192.168.17.101 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 0
    protocol TCP

    real_server 192.168.17.25 80 {
        weight 1
        TCP_GET {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}
bash 复制代码
yum install -y ipvsadm  

ipvsadm-save > /etc/sysconfig/ipvsadm  #清空文件
systemctl start ipvsadm  #启动ipvsadm
systemctl enable ipvsadm   #开机自启

systemctl start keepalived.service       
systemctl enable keepalived.service 
systemctl status keepalived.service 

ipvsadm -ln    #自动加载
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.17.101:80 rr
  -> 192.168.17.13:80             Route   1      0          0         
  -> 192.168.17.25:80             Route   1      0          0       

  

验证:

主:

备:

打开浏览器访问:http://192.168.17.101/index.html

发现页面刷新不会进行跳转

打开nginx的节点服务器修改配置

bash 复制代码
vim /usr/local/nginx/conf/nginx.conf
        #修改内容如下

keepalive_timeout  0;   #关闭会话保持

再次打开浏览器测试

相关推荐
PcVue China2 小时前
PcVue + SQL Grid : 释放数据的无限潜力
大数据·服务器·数据库·sql·科技·安全·oracle
舞动CPU4 小时前
linux c/c++最高效的计时方法
linux·运维·服务器
钰@5 小时前
小程序开发者工具的network选项卡中有某域名的接口请求,但是在charles中抓不到该接口
运维·服务器·小程序
wanhengwangluo5 小时前
云服务器和物理服务器的区别有哪些?
运维·服务器
扣得君7 小时前
C++20 Coroutine Echo Server
运维·服务器·c++20
keep__go7 小时前
Linux 批量配置互信
linux·运维·服务器·数据库·shell
矛取矛求8 小时前
Linux中给普通账户一次性提权
linux·运维·服务器
jieshenai8 小时前
使用VSCode远程连接服务器并解决Neo4j无法登陆问题
服务器·vscode·neo4j
渗透测试老鸟-九青8 小时前
通过投毒Bingbot索引挖掘必应中的存储型XSS
服务器·前端·javascript·安全·web安全·缓存·xss
Gentle5868 小时前
labview连接sql server数据库
服务器·数据库·labview