前面实现了单个LVS集群
但存在调度器单点故障的问题
本实验在之前的实验基础上进行改进,增加一台LVS高度器,再通过Keepalived实现高可用性以及LVS规则自动添加,无需使用ipvsadm服务进行管理
一、实验拓扑
二、地址规划
需对原来的IP地址进行规划调整
|-----------------|------|------------------|--------------|----------------|
| | 接口 | IP地址 | 网关 | 虚拟IP |
| Client | - | 192.168.10.20/24 | 192.168.10.1 | |
| Virtual Server1 | 外网 | 123.1.1.101/24 | 123.1.1.1 | 123.1.1.100/32 |
| Virtual Server1 | DIP | 172.16.1.101/24 | - | 123.1.1.100/32 |
| Virtual Server2 | 外网 | 123.1.1.102/24 | 123.1.1.1 | 123.1.1.100/32 |
| Virtual Server2 | DIP | 172.16.1.102/24 | - | 123.1.1.100/32 |
| Real Server1 | RIP1 | 172.16.1.21/24 | 172.16.1.1 | |
| Real Server1 | lo | 123.1.1.100/32 | | |
| Real Server2 | RIP2 | 172.16.1.22/24 | 172.16.1.1 | |
| Real Server2 | lo | 123.1.1.100/32 | | |
| Real Server3 | RIP3 | 172.16.1.23/24 | 172.16.1.1 | |
| Real Server3 | lo | 123.1.1.100/32 | | |
三、基础环境调整
由于前面实验已经实现LVS DR模式,调度器(Virtual Server)上已开启路由转发,Real Server上已开启arp_ignnore和arp_announce
只需按照上面规划调整服务器IP地址即可,参考前面文档中设置方法
调度器(Virtual Server)上把ipvsadm服务自启动关闭,停止服务,并清空lvs规则
systemctl disable --now ipvsadm
ipvsadm -C
四、配置keepalived
装包
两台Virtual Server安装keepalived
dnf -y install keepalived
配置文件1
root@virt-serv1 \~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_Virtual_Server01 //两台Virtual Server的ID设置成不一样的
vrrp_skip_check_adv_addr
! vrrp_strict //必须注释掉,否则VIP不通
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER //一端为MASTER,另一端为BACKUP
interface ens160 //VIP关联的网卡
virtual_router_id 100 //两台Virtual Server的ID必须一致
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 147369 //两台Virtual Server的认证密码必须一致
}
virtual_ipaddress {
123.1.1.100
}
}
virtual_server 123.1.1.100 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
persistence_timeout 0 //改为0,否则一直单台real server回复
protocol TCP
real_server 172.16.1.212 80 {
weight 1
HTTP_GET {
url {
path /index.html //健康检查,配错导致无法添加LVS规则
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 172.16.1.213 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 172.16.1.214 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
}
配置文件2
root@virt-serv2 \~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_Virtual_Server02
vrrp_skip_check_adv_addr
! vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 147369
}
virtual_ipaddress {
123.1.1.100
}
}
virtual_server 123.1.1.100 80 {
delay_loop 3
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 172.16.1.212 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 172.16.1.213 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 172.16.1.214 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
}
启服务
systemctl enable --now keepalived
五、实验效果
master获得虚拟IP
两台virtual server均自动添加了lvs规则,此处显示IP根据实际配置而定
调度效果
停用master的网卡后,自动切换到backup上,服务未中断
如果有多个网卡,除VIP所在网卡外,其余的都设置成"始终不使用此网络于默认路由",否则会导致切换后网络不通
启用master网卡后,服务又切换回来了