day65:DR模式搭建及keepalived+LVS
一、LVS DR模式搭建:準備工做:也是目前使用最多的模式:html
在生產環境中用的比較多的是DR模式,NAT模式有瓶頸,好在節省公網IP,對小公司來講公網IP也是要花錢的:linux
若是採用DR模式是配置多臺機器,天天機器都要配置公網IP也是要花錢的:而在當下的IP也愈來愈少:nginx
而另外一種方案:搭建內部的lvs,所有都用到內網,包括vip也用內網,用一個公網IP+80端口對內網的VIP地址+80端口作一個映射:git
準備三臺機器:通常是調度器和RS均用內網的IP,而後只須要一個公網IP(VIP),而後作內網端口映射則能夠了,公網的80端口映射到內網80端口:web
調度器(director):192.168.149.129算法
real server 1(RS1):192.168.149.131vim
real server 2(RS2):192.168.149.132瀏覽器
VIP : 192.168.149.254bash
1:首先編寫調度器dir的配置腳本: /usr/local/sbin/lvs_dr.sh服務器
[root@localhost_02 ~]# vim /usr/local/sbin/lvs_dr.sh #! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward #開啓路由轉發: ipv=/usr/sbin/ipvsadm vip=192.168.149.254 rs1=192.168.149.131 rs2=192.168.149.132 ifdown eth0 ifup eth0 #在此重啓網卡的目的是避免重複設置命令行提供的IP: ifconfig eth0:2 $vip broadcast $vip netmask 255.255.255.255 up #綁定VIP到dir的虛擬網卡ens33:2 route add -host $vip dev eth0:2 #添加網關 $ipv -C $ipv -A -t $vip:80 -s wrr $ipv -a -t $vip:80 -r $rs1:80 -g -w 1 $ipv -a -t $vip:80 -r $rs2:80 -g -w 1 #設置ipvsadm規則,-g=gateway:使用默認網關(DR模式)
註釋:查看dr的網卡,發現vip地址綁定到eth0上面:
[root@localhost_02 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:3b:d9 brd ff:ff:ff:ff:ff:ff
inet 192.168.149.129/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 brd 192.168.149.254 scope global eth0:2
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:3bd9/64 scope link
valid_lft forever preferred_lft forever
二、配置real server(RS):須要分別在RS1和RS2上執行: /usr/local/sbin/lvs_rs.sh
[root@localhost_03 ~]# vim /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip綁定在lo上,是爲了實現rs直接把結果返回給客戶端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做爲更改arp內核參數,目的是爲了讓rs順利發送mac地址給客戶端 #參考文檔www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce 第二RS: [root@localhost_04 network-scripts]# cat /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip綁定在lo上,是爲了實現rs直接把結果返回給客戶端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做爲更改arp內核參數,目的是爲了讓rs順利發送mac地址給客戶端 #參考文檔www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce [root@localhost_04 network-scripts]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.149.2 0.0.0.0 UG 100 0 0 eth0 192.168.149.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.149.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo
註釋:查看其路由網關地址:
註釋:更改arp內核參數:參考文檔www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
第二RS: [root@localhost_04 network-scripts]# cat /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip綁定在lo上,是爲了實現rs直接把結果返回給客戶端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做爲更改arp內核參數,目的是爲了讓rs順利發送mac地址給客戶端 #參考文檔www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
三、查看IP信息和VIP信息,發現其綁定在lo網卡上:
[root@localhost_03 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 brd 192.168.149.254 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
四、測試,在瀏覽器上測試:192.168.149.254 訪問頁面會在RS1和RS2跳轉:
註釋:curl命令訪問這個vip(curl測試vip在rs上不太好用的,由於在本機綁定了這個vip,如果訪問vip,等於訪問本身),可是直接在A機器上去訪問vip會發現失敗,只能再開一個虛擬機來測試,不過用 ipvsadm -ln 命令,會看到ActiveConn都會有變化,表示實驗成功:
[root@localhost_02 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.149.254:80 wrr -> 192.168.149.131:80 Route 1 0 4 -> 192.168.149.132:80 Route 1 0 5
而後咱們再開一個虛擬機來測試:
[root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254
註釋:
arp_ignore:定義對目標地址爲本地IP的ARP詢問不一樣的應答模式0
0 - (默認值): 迴應任何網絡接口上對任何本地IP地址的arp查詢請求
1 - 只回答目標IP地址是來訪網絡接口本地地址的ARP查詢請求
2 -只回答目標IP地址是來訪網絡接口本地地址的ARP查詢請求,且來訪IP必須在該網絡接口的子網段內
3 - 不迴應該網絡界面的arp請求,而只對設置的惟一和鏈接地址作出迴應
4-7 - 保留未使用
8 -不迴應全部(本地地址)的arp查詢:
arp_announce:對網絡接口上,本地IP地址的發出的,ARP迴應,做出相應級別的限制: 肯定不一樣程度的限制,宣佈對來自本地源IP地址發出Arp請求的接口
0 - (默認) 在任意網絡接口(eth0,eth1,lo)上的任何本地地址
1 -儘可能避免不在該網絡接口子網段的本地地址作出arp迴應. 當發起ARP請求的源IP地址是被設置應該經由路由達到此網絡接口的時候頗有用.此時會檢查來訪IP是否爲全部接口上的子網段內ip之一.若是改來訪IP不屬於各個網絡接口上的子網段內,那麼將採用級別2的方式來進行處理.
2 - 對查詢目標使用最適當的本地地址.在此模式下將忽略這個IP數據包的源地址並嘗試選擇與能與該地址通訊的本地地址.首要是選擇全部的網絡接口的子網中外出訪問子網中包含該目標IP地址的本地地址. 若是沒有合適的地址被發現,將選擇當前的發送網絡接口或其餘的有可能接受到該ARP迴應的網絡接口來進行發送.
設置參數的時候將arp_ignore 設置爲1,意味着當別人的arp請求過來的時候,若是接收的設備上面沒有這個ip,就不作出響應,默認是0,只要這臺機器上面任何一個設備上面有這個ip,就響應arp請求,併發送mac地址:
彙總:lvs不論是nat仍是dr模式,配置過程都不是很複雜,須要注意是修改內核參數,端口轉發,另外NAT模式比較重要的是RS的網關要設置dir的IP地址:
二、keepalived+lvs dr模式的集合:
完整的架構須要兩臺角色爲DR(分發器)的服務器,分別安裝keepalived服務,目的實現高可用:
keepalived內置的ipvsadm功能,因此再也不須要安裝ipvsadm這個包,也不用編寫和執行lvs_dr.sh那個腳本了:
四臺機器分別以下
dir_01:192.168.149.129
dir_02:192.168.149.130
rs_01:192.168.149.131
rs_02:192.168.149.132
一、編輯配置文件/etc/keepalived/keepalived.conf #keepalived配置文件:
兩臺rs上都須要執行/usr/local/sbin/lvs_rs.sh
keepalived有一個好的功能,能夠在一臺rs宕機時,再也不把請求轉發過去:
註釋:爲何要在lvs中加入了keepalived功能:
1:由於lvs他又個關鍵角色,就是dir分發器,若是其中一臺分發器掛了,那全部的訪問請求都會終止,由於全部的流量入口都在分發器這裏,因此須要給分發器作一個高可用,用keepalived實現高可用,而且keepalived還有負載均衡的功能:
2:在使用lvs時,若是其中一臺RS掛了,lvs仍是會轉發數據到這臺掛了RS上,會出現沒法訪問的狀況,而若是使用了keepalived的話,web還能正常訪問的,通常會是兩臺keepalived的設備:
由於keepalived內置了ipvsadm功能,因此不須要在安裝ipvsadm了,也不須要執行lvs_dir.sh這個腳本:
準備四臺機器分別以下:
dir_01-A:192.168.149.129 (須要安裝keepalived軟件):
dir_02-B:192.168.149.130
rs_01:192.168.149.131
rs_02:192.168.149.132
在兩臺dir上A和B修改配置文件內容:/etc/keepalived/keepalived.conf #keepalived配置文件:
A機器修改配置並啓動: systemctl start keepalived
dir_A機器修改配置:
[root@localhost_01 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#備用服務器上爲 BACKUP
state MASTER
#綁定vip的網卡爲eth0,你的網卡可能不同,這裏須要你改一下
interface eth0
virtual_router_id 50
#備用服務器上爲90
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux
}
virtual_ipaddress {
192.168.149.254
}
}
virtual_server 192.168.149.254 80 {
#(每隔10秒查詢realserver狀態)
delay_loop 10
#(lvs 算法)
lb_algo wlc
#(DR模式)
lb_kind DR
#(同一IP的鏈接60秒內被分配到同一臺realserver)
persistence_timeout 0
#(用TCP協議檢查realserver狀態)
protocol TCP
real_server 192.168.149.131 80 {
#(權重)
weight 100
TCP_CHECK {
#(10秒無響應超時)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.149.132 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
啓動keepalived: systemctl start keepalived
[root@localhost_01 ~]# systemctl start keepalived [root@localhost_01 ~]# ps aux |grep keepalived root 1363 0.0 0.1 118652 1392 ? Ss 22:02 0:00 /usr/sbin/keepalived -D root 1364 0.0 0.3 127520 3336 ? S 22:02 0:00 /usr/sbin/keepalived -D root 1365 0.0 0.2 127388 2612 ? S 22:02 0:00 /usr/sbin/keepalived -D root 1383 0.0 0.0 112720 972 pts/0 R+ 22:05 0:00 grep --color=auto keepalived
B機器(bakup)修改配置:並啓動keepalibved:
B機器修改配置:
[root@localhost_02 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#主用服務器上爲 MASTER
state BACKUP
#綁定vip的網卡爲eth0,你的網卡可能不同,這裏須要你改一下
interface eth0
virtual_router_id 50
#備用服務器上爲90
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux
}
virtual_ipaddress {
192.168.149.254
}
}
virtual_server 192.168.149.254 80 {
#(每隔10秒查詢realserver狀態)
delay_loop 10
#(lvs 算法)
lb_algo wlc
#(DR模式)
lb_kind DR
#(同一IP的鏈接60秒內被分配到同一臺realserver)
persistence_timeout 0
#(用TCP協議檢查realserver狀態)
protocol TCP
real_server 192.168.149.131 80 {
#(權重)
weight 100
TCP_CHECK {
#(10秒無響應超時)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.149.132 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
啓動keepalived: systemctl start keepalived
[root@localhost_02 ~]# systemctl start keepalived [root@localhost_02 ~]# ps aux |grep keep root 2810 0.0 0.0 118608 1380 ? Ss 22:01 0:00 /usr/sbin/keepalived -D root 2811 0.0 0.1 127472 3336 ? S 22:01 0:00 /usr/sbin/keepalived -D root 2812 0.0 0.1 127340 2612 ? S 22:01 0:00 /usr/sbin/keepalived -D root 2833 0.0 0.0 112676 984 pts/0 S+ 22:06 0:00 grep --color=auto keep
二、分別啓動RS_01和RS_02的nginx服務: systemctl start nginx
RS_01 [root@localhost_03 ~]# systemctl start nginx [root@localhost_03 ~]# ps aux |grep nginx root 1032 0.0 0.2 120752 2260 ? Ss 17:50 0:00 nginx: master process /usr/sbin/nginx nginx 1033 0.0 0.3 121136 3588 ? S 17:50 0:00 nginx: worker process root 1233 0.0 0.0 112676 984 pts/0 R+ 22:08 0:00 grep --color=auto nginx RS_02 [root@localhost_04 sbin]# systemctl start nginx [root@localhost_04 sbin]# ps aux |grep nginx root 1021 0.0 0.2 120752 2256 ? Ss 17:51 0:00 nginx: master process /usr/sbin/nginx nginx 1022 0.0 0.3 121136 3588 ? S 17:51 0:00 nginx: worker process root 1249 0.0 0.0 112676 984 pts/0 S+ 22:09 0:00 grep --color=auto nginx
註釋:兩臺RS上須要執行: /usr/local/lvs_rs.sh
[root@localhost_03 ~]# vim /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip綁定在lo上,是爲了實現rs直接把結果返回給客戶端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做爲更改arp內核參數,目的是爲了讓rs順利發送mac地址給客戶端 #參考文檔www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
三、首先咱們查看dir_02(主keepalived)這臺的機器的虛擬IP信息:發現192.168.149.254存在
[root@localhost_01 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:81:f4:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.149.130/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe81:f44b/64 scope link
valid_lft forever preferred_lft forever
註釋:查看規則:
[root@localhost_01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.149.254:80 wlc -> 192.168.149.131:80 Route 100 0 0 -> 192.168.149.132:80 Route 100 0 0
註釋:此時在dir_02(備keepalived)上是查詢不到虛擬IP以及規則信息:而且默認狀態下keeplived備機時不工做的,只有主keepalived宕機後才能工做:
測試:首先在另外一臺測試機測試,而後下面測試再分兩步:
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
一、測試keepalive的高可用性: 經過宕掉A(手動關閉主的keepalive服務),而後看是否會由B(Bkeepalive)服務:
斷定標準:看虛擬IP是否切換到B(原備keepalive)上:
A(主keepalive)操做: 關閉keepalive服務: #systemctl stop keepalived
[root@localhost_01 ~]# systemctl stop keepalived [root@localhost_01 ~]# ps aux |grep keepalived root 1445 0.0 0.0 112720 976 pts/0 S+ 22:34 0:00 grep --color=auto keepalived
B(備keepalive)查看虛擬IP是否切換過來, 而後看到網站是否能夠正常訪問:
[root@localhost_02 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:3b:d9 brd ff:ff:ff:ff:ff:ff
inet 192.168.149.129/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:3bd9/64 scope link
valid_lft forever preferred_lft forever
[root@localhost_02 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.149.254:80 wlc
-> 192.168.149.131:80 Route 100 0 2
-> 192.168.149.132:80 Route 100 0 3
而後在測試機上測試:
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
註釋:說明A(主keepalive)宕機後,虛擬IP會自動切換到B(備keepalive)上,正好驗證可dr分發器的高可用,而且當訪問網站時,也是分別向兩臺服務器發起請求,體現了負載均衡性,不影響正常的網站訪問:
測試:測試業務的負載均衡性:當宕了一臺RS服務(rs_03),也不會影響網站的正常訪問:
RS_03:關閉nginx服務:
[root@localhost_03 ~]# systemctl stop nginx [root@localhost_03 ~]# ps aux |grep nginx root 1250 0.0 0.0 112676 984 pts/0 S+ 22:50 0:00 grep --color=auto nginx
而後再次訪問:測試機上: curl 192.168.1449.254
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
註釋:keepalive有一個比較好的功能,能夠在一臺rs宕機的時候,及時把他踢出 ipvsadm 集羣,將再也不發送數據包給,也就很好的避免的訪問無鏈接的狀況發送:
註釋:dir上:須要打開echo 1 > /proc/sys/net/ipv4/ip_forward //打開端口轉發:
- 1. DR模式搭建及keepalived+LVS搭建
- 2. LVS DR模式搭建-keepalived 加 LVS DR
- 3. 18.11 LVS DR模式搭建
- 4. LVS DR模式搭建
- 5. LVS DR模式搭以及Keepalived+LVS
- 6. LVS DR模式搭建, keepalived + LVS
- 7. LVS DR模式搭建 和 keepalived + LVS
- 8. 64.LVS DR模式搭建、keepalived + LVS
- 9. DR模式LVS搭建、keepalived+LVS
- 10. LVS DR模式搭建 keepalived lvs
- 更多相關文章...
- • Swift 環境搭建 - Swift 教程
- • Rust 環境搭建 - RUST 教程
- • 委託模式
- • Flink 數據傳輸及反壓詳解
-
每一个你不满意的现在,都有一个你没有努力的曾经。