keepalived與LVS

keepalived與LVS

keepalived與LVS結合時無需另外寫lvs規則，能夠直接在keepalived配置文件中進行定義

LVS配置參數

virtual_server IP port #定義虛擬主機IP地址及其端口 
virtual_server fwmark int #ipvs的防火牆打標，實現基於防火牆的負載均衡集羣 
virtual_server group string #將多個虛擬服務器定義成組，將組定義成虛擬服務

語法格式

virtual_server IP port
{
    delay_loop NUM   #檢查後端服務器的時間間隔
    lb_algo rr|wrr|lc|wlc|lblc|sh|dh   #定義調度算法
    lb_kind NAT|DR|TUN      #定義lvs的模型
    persistence_timeout NUM         #持久鏈接時長
    protocol TCP|UDP|SCTP           #指定服務的協議
    sorry_server  IP Port           #當全部RS都發生故障時的備用服務器地址
    real_server {
        weight  NUM         #權重
        notify_up /path/to/script       #RS上線通知腳本
        notify_down /path/to/script     #RS下線通知腳本
        HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }    #定義當前主機的健康狀態檢測方法
    }
    ...
}

keepalived+lvs 實現

---

s1節點配置

1.修改keepalived配置文件

[root@s1 ~]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
   notification_email {
        root@mylinuxops.com
   }
   notification_email_from root@mylinuxops.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id s1.mylinuxops.com
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state Master
    interface ens33
    virtual_router_id 27
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 172.20.27.10
    unicast_peer {
    172.20.27.11
    }
    virtual_ipaddress {
        172.20.27.100 dev ens33 label ens33:0
    }
}

virtual_server 172.20.27.100 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    protocol TCP

    real_server 172.20.27.20 80 {
        weight 1
        TCP_CHECK {                 #對後端服務器作tcp的監測
        connect_timeout 5           #定義鏈接超時時長
        retry 3                     #重試次數
        delay_before_retry 3        #每次重試的間隔時間
        connect_port 80             #監測的端口
        }
    }
    real_server 172.20.27.21 80 {
        weight 1
        TCP_CHECK {
        connect_timeout 5
        retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}

重啓服務

[root@s1 ~]# systemctl restart keepalived

查看lvs規則

[root@s1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.20.27.100:80 wrr
  -> 172.20.27.20:80              Route   1      0          0         
  -> 172.20.27.21:80              Route   1      0          0

s2節點配置

1.修改配置文件

[root@s2 ~]# vim /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
        root@mylinuxops.com
   }
   notification_email_from root@mylinuxops.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id s2.mylinuxops.com
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 27
    priority 80
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    unicast_src_ip 172.20.27.11
    unicast_peer { 
    172.20.27.10 
    }
    virtual_ipaddress {
        172.20.27.100 dev ens33 label ens33:0
    }   
}   

virtual_server 172.20.27.100 80 {
    delay_loop 5
    lb_algo wrr
    lb_kind DR
    protocol TCP

    real_server 172.20.27.20 80 {
        weight 1
        TCP_CHECK {         
        connect_port 80
        connect_timeout 5
        retry 3
        delay_before_retry 3
        }
    }

    real_server 172.20.27.21 80 {
        weight 1
        TCP_CHECK {
        connect_port 80
        connect_timeout 5
        retry 3
        delay_before_retry 3
        }
    }
}

重啓服務

[root@s2 ~]# vim /etc/keepalived/keepalived.conf

查看lvs規則是否認義

[root@s2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.20.27.100:80 wrr
  -> 172.20.27.20:80              Route   1      0          0         
  -> 172.20.27.21:80              Route   1      0          0

web1，web2配置

在web1和web2上分別執行lvs-rs腳本

[root@localhost ~]# bash lvs_dr_rs.sh start

腳本內容

vip=172.20.27.100
mask='255.255.255.255'
dev=lo:1

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig $dev $vip netmask $mask #broadcast $vip up
    #route add -host $vip dev $dev
    echo "The RS Server is Ready!"
    ;;
stop)
    ifconfig $dev down
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
    echo "The RS Server is Canceled!"
    ;;
*)
    echo "Usage: $(basename $0) start|stop"
    exit 1
    ;;
esac

分別在web1和web2上建立測試主頁文件
web1主頁

[root@localhost ~]# cat /data/www/index.html 
mylinuxops.com server1

web2主頁

[root@localhost ~]# cat /data/www/index.html 
mylinuxops.com server2

測試

在客戶端上進行測試

[root@client ~]# curl www.mylinuxops.com
mylinuxops.com server1
[root@client ~]# curl www.mylinuxops.com
mylinuxops.com server2

當將s1節點中止服務，後再次測試

[root@s3 ~]# curl www.mylinuxops.com
mylinuxops.com server1
[root@s3 ~]# curl www.mylinuxops.com
mylinuxops.com server2

訪問不受影響，此時vip已經轉換到s2節點上

[root@s2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.27.11  netmask 255.255.0.0  broadcast 172.20.255.255
        inet6 fe80::20c:29ff:fe4d:1ce3  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)
        RX packets 367120  bytes 29261794 (27.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22395  bytes 2212792 (2.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.27.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 00:0c:29:4d:1c:e3  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6  bytes 482 (482.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 482 (482.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0