1.LVS/DR原理和特点:
(a) 当用户请求到达Director Server,此时请求的数据报文会先到内核空间的PREROUTING链。
此时报文的源IP为CIP,目标IP为VIP
(b) PREROUTING检查发现数据包的目标IP是本机,将数据包送至INPUT链
(c) IPVS比对数据包请求的服务是否为集群服务,若是,将请求报文中的源MAC地址修改为DIP的MAC地址,将
目标MAC地址修改RIP的MAC地址,然后将数据包发至POSTROUTING链。 此时的源IP和目的IP均未修改,
仅修改了源MAC地址为DIP的MAC地址,目标MAC地址为RIP的MAC地址
(d) 由于DS和RS在同一个网络中,所以是通过二层来传输。POSTROUTING链检查目标MAC地址为RIP的MAC地址,
那么此时数据包将会发至Real Server。
(e) RS发现请求报文的MAC地址是自己的MAC地址,就接收此报文。处理完成之后,将响应报文通过lo接口传送给
eth0网卡然后向外发出。 此时的源IP地址为VIP,目标IP为CIP
(f) 响应报文最终送达至客户端
2. LVS-DR模型的特性:
特点1:保证前端路由将目标地址为VIP报文统统发给Director Server,而不是RS
RS可以使用私有地址;也可以是公网地址,如果使用公网地址,此时可以通过互联网对RIP进行直接访问
RS跟Director Server必须在同一个物理网络中
所有的请求报文经由Director Server,但响应报文必须不能进过Director Server
不支持地址转换,也不支持端口映射
RS可以是大多数常见的操作系统
RS的网关绝不允许指向DIP(因为我们不允许他经过director)
RS上的lo接口配置VIP的IP地址
缺陷:RS和DS必须在同一机房中3.LVS的组成:
LVS 由2部分程序组成,包括 ipvs 和 ipvsadm。
1. ipvs(ip virtual server):一段代码工作在内核空间,叫ipvs,是真正生效实现调度的代码。
2. ipvsadm:另外一段是工作在用户空间,叫ipvsadm,负责为ipvs内核框架编写规则,定义谁是
集群服务,而谁是后端真实的服务器(Real Server)4.LVS相关术语:
1. DS:Director Server。指的是前端负载均衡器节点。
2. RS:Real Server。后端真实的工作服务器。
3. VIP:向外部直接面向用户请求,作为用户请求的目标的IP地址。
4. DIP:Director Server IP,主要用于和内部主机通讯的IP地址。
5. RIP:Real Server IP,后端服务器的IP地址。
6. CIP:Client IP,访问客户端的IP地址。5.LVS 的负载调度算法 在内核中的连接调度算法上,IPVS 已实现了以下八种调度算法:
一
轮叫调度(RoundRobin Scheduling)
轮叫调度(Round Robin Scheduling)算法就是以轮叫的方式依次将请求调度不同的服务器,
即每次调度执行 i = (i + 1) mod n,并选出第 i 台服务器。算法的优点是其简洁性,它无需记录
当前所有连接的状态,所以它是一种无状态调度。
二
加权轮叫调度(Weighted RoundRobin Scheduling)
加权轮叫调度 (Weighted RoundRobin Scheduling)算法可以解决服务器间性能不一的情况,
它用相应的权值表示服务器的处理性能,服务器的缺省权值为 1。假设服务器 A 的权值为
1,B 的 权值为 2,则表示服务器 B 的处理性能是 A 的两倍。加权轮叫调度算法是按权值的高
低和轮叫方式分配请求到各服务器。权值高的服务器先收到的连接,权值高的服 务器比权值低的服务
器处理更多的连接,相同权值的服务器处理相同数目的连接数。
三
最小连接调度(LeastConnection Scheduling)
最小连接调度(Least Connection Scheduling)算法是把新的连接请求分配到当前连接数最小
的服务器。最小连接调度是一种动态调度算法,它通过服务器当前所活跃的连接数来估计服
务 器的负载情况。调度器需要记录各个服务器已建立连接的数目,当一个请求被调度到某台
服务器,其连接数加 1;当连接中止或超时,其连接数减一。
四
加权最小连接调度(Weighted LeastConnection Scheduling)
加权最小连接调 度(Weighted LeastConnection Scheduling)算法是最小连接调度的超集,各
个服务器用相应的权值表示其处理性能。服务器的缺省权值为 1,系统管理员可以动态地设
置服务器的权 值。加权最小连接调度在调度新连接时尽可能使服务器的已建立连接数和其权
值成比例。
五
基于局部性的最少链接(LocalityBased Least Connections Scheduling)
基 于局部性的最少链接调度(LocalityBased Least Connections Scheduling,以下简称为
LBLC)算法是针对请求报文的目标 IP 地址的负载均衡调度,目前主要用于 Cache 集群系统,
因为在 Cache 集群中 客户请求报文的目标 IP 地址是变化的。这里假设任何后端服务器都可以
处理任一请求,算法的设计目标是在服务器的负载基本平衡情况下,将相同目标 IP 地址的 请
求调度到同一台服务器,来提高各台服务器的访问局部性和主存 Cache 命中率,从而整个集
群系统的处理能力。LBLC 调度算法先根据请求的目标 IP 地址 找出该目标 IP 地址最近使用的
服务器,若该服务器是可用的且没有超载,将请求发送到该服务器;若服务器不存在,或者
该服务器超载且有服务器处于其一半的工 作负载,则用“最少链接”的原则选出一个可用的服
务器,将请求发送到该服务器。
六
带复制的基于局部性最少链接(LocalityBased Least Connections with Replication
Scheduling)
带 复制的基于局部性最少链接调度(LocalityBased Least Connections with Replication
Scheduling,以下简称为 LBLCR)算法也是针对目标 IP 地址的负载均衡,目前主要用于 Cache
集群系统。它与 LBLC 算法的不同之处是它要 维护从一个目标 IP 地址到一组服务器的映射,
而 LBLC 算法维护从一个目标 IP 地址到一台服务器的映射。对于一个“热门”站点的服务请
求,一台 Cache 服务器可能会忙不过来处理这些请求。这时,LBLC 调度算法会从所有的
Cache 服务器中按“最小连接”原则选出一台 Cache 服务器,映射该“热门”站 点到这台 Cache 服
务器,很快这台 Cache 服务器也会超载,就会重复上述过程选出新的 Cache 服务器。这样,可
能会导致该“热门”站点的映像会出现 在所有的 Cache 服务器上,降低了 Cache 服务器的使用
效率。LBLCR 调度算法将“热门”站点映射到一组 Cache 服务器(服务器集合),当该“热
门”站点的请求负载增加时,会增加集合里的 Cache 服务器,来处理不断增长的负载;当
该“热门”站点的请求负载降低时,会减少集合里的 Cache 服务器 数目。这样,该“热门”站点
的映像不太可能出现在所有的 Cache 服务器上,从而提供 Cache 集群系统的使用效率。
LBLCR 算法先根据请求的目标 IP 地址找出该目标 IP 地址对应的服务器组;按“最小连接”原
则从该服务器组中选出一台服务器,若服务器没有超载,将请求发送到该服务器;若服务器
超载;则按 “最小连接”原则从整个集群中选出一台服务器,将该服务器加入到服务器组中,
将请求发送到该服务器。同时,当该服务器组有一段时间没有被修改,将最忙的服 务器从服
务器组中删除,以降低复制的程度。
七
目标地址散列调度(Destination Hashing Scheduling)
目标地址散列调度 (Destination Hashing Scheduling)算法也是针对目标 IP 地址的负载均衡,
但它是一种静态映射算法,通过一个散列(Hash)函数将一个目标 IP 地址映射到一台服务
器。目标地址散列调度算法先根据请求的目标 IP 地址,作为散列键(Hash Key)从静态分配
的散列表找出对应的服务器,若该服务器是可用的且未超载,将请求发送到该服务器,否则
返回空。
八
源地址散列调度(Source Hashing Scheduling)
源地址散列调度(Source Hashing Scheduling)算法正好与目标地址散列调度算法相反,它根
据请求的源 IP 地址,作为散列键(Hash Key)从静态分配的散列表找出对应的服务器,若该
服务器是可用的且未超载,将请求发送到该服务器,否则返回空。它采用的散列函数与目标
地址散列调度算法 的相同。它的算法流程与目标地址散列调度算法的基本相似,除了将请求
的目标 IP 地址换成请求的源 IP 地址,所以这里不一一叙述。在实际应用中,源地址散列 调
度和目标地址散列调度可以结合使用在防火墙集群中,它们可以保证整个系统的唯一出入
口。6.负载均衡的工作模式:
关于集群的负载调度技术,可以基于IP、端口、内容等进行分发,其中基于IP的负载调度是效率最高的。
基于IP的负载均衡模式中,常见的有以下三种工作模式:
(1)地址转换,简称NAT模式,负载均衡调度器作为网关,服务器和负载调度器在同一个私有网络,安全性较好。
(2)IP隧道,简称TUN模式,负载调度器仅作为客户机的访问入口,各节点通过各自的Internet连接直接回应
客户机,不在经过负载调度器,服务器的节点分散在互联网的不同位置,具有独立的共有IP地址,通过专用的IP
隧道与负载调度器相互通信。
(3)直接路由,简称DR模式,与TUN模式类似,但各节点不是分散在各地,而是与调度器位于同一个物理网络,
负载调度器与各节点服务器通过本地网络连接,不需要建立专用的ip隧道。
以上三种模式中,NAT方式只需要一个公网地址,从而成为最容易的一种负载均衡模式,安全性也比较好,许多硬件负载均衡
设备就是采用这种方式;相比较而言,DR模式和TUN模式的负载能力更强大,使用范围更广,但节点的安全性要稍差一些。6.1lVS/DR模式:
VS/DR 利用大多数 Internet 服务的非对称特点,负载调度器中只负责调度请求,
而服务器直接将响应返回给客户,可以极大地提高整个集群系统的吞吐量
调度器和服务器组都必须在物理上有一个网卡通过不分断的局域网相连,如通过交换机或者高速的
HUB 相连。VIP 地址为调度器和服务器组共享,调度器配置的 VIP 地址是对外可见的,用于接收虚拟
服务的请求报文;所有的服务器把 VIP 地址配置在各自的 NonARP 网络设备上,它对外面是不可见
的,只是用于处理目标地址为VIP的网络请求。DR实验:首先搭建环境:
[root@server1 varnish]# /etc/init.d/varnish stop 关闭varnish
Stopping Varnish Cache: [ OK ]
[root@server1 varnish]# /etc/init.d/httpd stop 关闭httpd
Stopping httpd: [ OK ]
[root@server1 varnish]# cd
[root@server1 ~]# ls
anaconda-ks.cfg install.log varnish-3.0.5-1.el6.x86_64.rpm :wq
bansys.zip install.log.syslog varnish-libs-3.0.5-1.el6.x86_64.rpm
[root@server1 ~]# rm -fr * 删除所有
[root@server1 ~]# ls
[root@server1 ~]# cd /etc/yum.repos.d/
[root@server1 yum.repos.d]# ls
rhel-source.repo
[root@server1 yum.repos.d]# vim rhel-source.repo 配置yum源添加其他的包
[root@server1 yum.repos.d]# yum repolist
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
HighAvailability | 3.9 kB 00:00
HighAvailability/primary_db | 43 kB 00:00
LoadBalancer | 3.9 kB 00:00
LoadBalancer/primary_db | 7.0 kB 00:00
ResilientStorage | 3.9 kB 00:00
ResilientStorage/primary_db | 47 kB 00:00
ScalableFileSystem | 3.9 kB 00:00
ScalableFileSystem/primary_db | 6.8 kB 00:00
rhel-source | 3.9 kB 00:00
repo id repo name status
HighAvailability HighAvailability 56
LoadBalancer LoadBalancer 4
ResilientStorage ResilientStorage 62
ScalableFileSystem ScalableFileSystem 7
rhel-source Red Hat Enterprise Linux 6Server - x86_64 - Source 3,690
repolist: 3,819
进行安装ipvsadm配置:
[root@server1 yum.repos.d]# yum install -y ipvsadm 安装ipvsadm
[root@server1 yum.repos.d]# ipvsadm -L 查看策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@server1 yum.repos.d]# ipvsadm -A -t 172.25.38.100:80 -s rr 添加虚拟主机,-A添加虚拟服务,rr调度算法,rr伦叫
[root@server1 yum.repos.d]# ipvsadm -a -t 172.25.38.100:80 -r 172.25.38.3:80 -g 添加到同一个局域网,-g直连模式,在同一个局域网,-t表示tcp协议,-a端口不可改变
[root@server1 yum.repos.d]# ipvsadm -a -t 172.25.38.100:80 -r 172.25.38.4:80 -g
[root@server1 yum.repos.d]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
[root@server1 yum.repos.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:80 rr
-> 172.25.38.3:80 Route 1 0 0
-> 172.25.38.4:80 Route 1 0 0 
[root@server1 yum.repos.d]# ip addr 查看server1的IP
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:cf:1f:ba brd ff:ff:ff:ff:ff:ff
inet 172.25.38.2/24 brd 172.25.38.255 scope global eth0
inet6 fe80::5054:ff:fecf:1fba/64 scope link
valid_lft forever preferred_lft forever
[root@server1 yum.repos.d]# ip addr add 172.25.38.100/24 dev eth0 添加虚拟的IP到eth0网卡
[root@server1 yum.repos.d]# ip addr 查看已经添加
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:cf:1f:ba brd ff:ff:ff:ff:ff:ff
inet 172.25.38.2/24 brd 172.25.38.255 scope global eth0
inet 172.25.38.100/24 scope global secondary eth0
inet6 fe80::5054:ff:fecf:1fba/64 scope link
valid_lft forever preferred_lft forever
在真机测试:(无法连接是因为到达了server2之后没办法继续进行,server2没有100的ip)
[root@foundation38 Desktop]# curl 172.25.38.100
^C
[root@foundation38 Desktop]# curl 172.25.38.100
^C
[root@foundation38 Desktop]# curl 172.25.38.100
c^C但是在真机查看协议会有效果:(只是由于tcp的三次握手无法到达server2和server3)
[root@server1 yum.repos.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:80 rr
-> 172.25.38.3:80 Route 1 0 1
-> 172.25.38.4:80 Route 1 0 2 
在server2和server3添加100的ip保证三次握手可以连接:
在server2添加虚拟IP:
[root@server2 ~]# ip addr add 172.25.38.100/24 dev eth0 添加虚拟IP
[root@server2 ~]# ip addr 查看已经添加
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:d0:24:74 brd ff:ff:ff:ff:ff:ff
inet 172.25.38.3/24 brd 172.25.38.255 scope global eth0
inet 172.25.38.100/24 scope global secondary eth0
inet6 fe80::5054:ff:fed0:2474/64 scope link
valid_lft forever preferred_lft forever
在server3添加虚拟IP:
[root@server3 ~]# ip addr add 172.25.38.100/24 dev eth0 添加虚拟IP
[root@server3 ~]# ip addr 已经添加
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:59:12:f7 brd ff:ff:ff:ff:ff:ff
inet 172.25.38.4/24 brd 172.25.38.255 scope global eth0
inet 172.25.38.100/24 scope global secondary eth0
inet6 fe80::5054:ff:fe59:12f7/64 scope link
valid_lft forever preferred_lft forever
由于三个IP均是100在同一个局域网(vlan)会有偶然性:并不知道server1会不会被一直当作调度器来使用:
[root@foundation38 Desktop]# curl 172.25.38.100 可以进行负载均衡
www.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
bbs.westos.html
[root@foundation38 Desktop]# curl 172.25.38.100
www.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
bbs.westos.html
[root@foundation38 Desktop]# arp -an |grep 100 由于调度器是server1,最开始有了缓存
? (172.25.38.100) at 52:54:00:cf:1f:ba [ether] on br0
[root@foundation38 Desktop]# arp -d 172.25.38.100 清除缓存
[root@foundation38 Desktop]# arp -an |grep 100 查看为空
? (172.25.38.100) at <incomplete> on br0
[root@foundation38 Desktop]# ping 172.25.38.100 重新连接一下虚拟IP
PING 172.25.38.100 (172.25.38.100) 56(84) bytes of data.
[root@foundation38 Desktop]# arp -an |grep 100 已经变成server2的MAC地址所以不会进行轮询
? (172.25.38.100) at 52:54:00:d0:24:74 [ether] on br0
[root@foundation38 Desktop]# curl 172.25.38.100
www.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
www.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
www.westos.org
通过添加访问server2和server3时服务被拒绝的策略来解决偶然性:
在server2安装服务添加策略:
[root@server2 ~]# yum install -y arptables_jf 安装服务
[root@server2 ~]# arptables -L 查看策略
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 ~]# arptables -A IN -d 172.25.38.100 -j DROP
添加策略当访问时候直接丢弃
[root@server2 ~]# arptables -A OUT -s 172.25.38.100 -j mangle --mangle-ip-s 172.25.38.3 出去时候以真实的地址
[root@server2 ~]# arptables -L 查看策略已经添加
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.38.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.38.100 anywhere anywhere anywhere any any any any --mangle-ip-s server2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 ~]# /etc/init.d/arptables_jf save 保存策略
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@server2 ~]# /etc/init.d/arptables_jf start 开启服务
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying arptables firewall rules: [ OK ]
在server3安装服务添加策略::
[root@server3 ~]# yum install -y arptables_jf 安装服务
[root@server3 ~]# arptables -A IN -d 172.25.38.100 -j DROP 添加策略当访问时候直接丢弃
[root@server3 ~]# arptables -A OUT -s 172.25.38.100 -j mangle --mangle-ip-s 172.25.38.4 出去时候以真实的地址
[root@server3 ~]# arptables -L 查看策略已经添加
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.38.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.38.100 anywhere anywhere anywhere any any any any --mangle-ip-s server3
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server3 ~]# /etc/init.d/arptables_jf save 保存策略
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[root@server3 ~]# /etc/init.d/arptables_jf start 开始服务
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying arptables firewall rules: [ OK ]
在真机进行测试:
[root@foundation84 Desktop]# arp -an|grep 100 先查看MAC地址刚才做了验证偶然性
? (192.168.1.100) at 38:a4:ed:17:5a:c9 [ether] on wlp0s20f0u2
? (172.25.254.100) at 52:54:00:42:fc:3a [ether] on br0
[root@foundation84 Desktop]# arp -d 172.25.254.100 删除
[root@foundation84 Desktop]# arp -an|grep 100 查看为空,MAC再不会发生改变解决了偶然性
? (192.168.1.100) at 38:a4:ed:17:5a:c9 [ether] on wlp0s20f0u2
? (172.25.254.100) at <incomplete> on br0
[root@foundation84 Desktop]# ping 172.25.254.100 连接一下虚拟IP
[root@foundation84 Desktop]# curl 172.25.254.100 会进行轮询
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
www.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 Desktop]# curl 172.25.254.100
www.westos.org
想在网页查看效果在真机添加解析:
[root@foundation38 Desktop]# vim /etc/hosts 添加解析
在网页进行测试每刷新一次就会发生轮询:
iptables和lvs的优先级问题(两者都在INPUT链路)
[root@server3 ~]# iptables -P INPUT DROP 直接将INPUT链设置为丢弃状态直接ssh连接也断了无法连接,可见IPTABLES的优先级高于LVS
[root@server3 ~]# iptables -P INPUT ACCEPT 重新设置为接受状态即可恢复在server1查看策略:
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:80 rr
-> 172.25.38.3:80 Route 1 0 0
-> 172.25.38.4:80 Route 1 0 0 
在server2关闭httpd:
[root@server2 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
在真机测试的时候不会进行轮询,server2的阿帕其已经关闭:但是缺少健康检查
[root@foundation38 Desktop]# curl 172.25.38.100
curl: (7) Failed connect to 172.25.38.100:80; Connection refused
[root@foundation38 Desktop]# curl 172.25.38.100
bbs.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
curl: (7) Failed connect to 172.25.38.100:80; Connection refused
[root@foundation38 Desktop]# curl 172.25.38.100
bbs.westos.org
[root@foundation38 Desktop]# curl 172.25.38.100
curl: (7) Failed connect to 172.25.38.100:80; Connection refused
在server3关闭httpd:
[root@server3 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
在真机测试的时候出错,server1作为调度器不会出来工作
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 Desktop]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
安装ldirectord可以配合LVS进行健康检查:
在server1安装软件:
[root@server1 ~]# ls
ldirectord-3.9.5-3.1.x86_64.rpm
[root@server1 ~]# yum install ldirectord-3.9.5-3.1.x86_64.rpm -y 安装软件
[root@server1 ~]# rpm -ql ldirectord 查看配置文件
/etc/ha.d
/etc/ha.d/resource.d
/etc/ha.d/resource.d/ldirectord
/etc/init.d/ldirectord
/etc/logrotate.d/ldirectord
/usr/lib/ocf/resource.d/heartbeat/ldirectord
/usr/sbin/ldirectord
/usr/share/doc/ldirectord-3.9.5
/usr/share/doc/ldirectord-3.9.5/COPYING
/usr/share/doc/ldirectord-3.9.5/ldirectord.cf
/usr/share/man/man8/ldirectord.8.gz
[root@server1 ~]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/
[root@server1 ~]# cd /etc/ha.d/
[root@server1 ha.d]# ls
ldirectord.cf resource.d shellfuncs
[root@server1 ha.d]# vim ldirectord.cf 编辑配置文件
配置文件内容:
[root@server1 ha.d]# ipvsadm -C 清楚所有策略
[root@server1 ha.d]# /etc/init.d/ldirectord start 打开服务
Starting ldirectord... success
[root@server1 ha.d]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:http rr
-> server3:http Route 1 0 0
[root@server1 ha.d]# ipvsadm -ln 查看策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:80 rr
-> 172.25.38.4:80 Route 1 0 0 
将server3的阿帕其关闭:
[root@server3 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
在server1进行查看策略:
[root@server1 ha.d]# ipvsadm -ln 查看策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.38.100:80 rr
-> 127.0.0.1:80 Local 1 0 0
[root@server1 ha.d]# cd /var/www/html/
[root@server1 html]# ls
bansys class_socket.php config.php index.php purge_action.php static
[root@server1 html]# rm -fr *
[root@server1 html]# ls
[root@server1 html]# vim index.html 写入阿帕其访问文件
server1 ---->正在维护
[root@server1 html]# /etc/init.d/httpd start 打开阿帕其
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.2 for ServerName
[ OK ]
[root@server1 html]# netstat -antlp 查看端口没有80端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 909/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 985/master
tcp 0 0 172.25.38.2:22 172.25.38.250:42018 ESTABLISHED 1034/sshd
tcp 0 0 :::8080 :::* LISTEN 2189/httpd
tcp 0 0 :::22 :::* LISTEN 909/sshd
tcp 0 0 ::1:25 :::* LISTEN 985/master
[root@server1 html]# vim /etc/httpd/conf/httpd.conf 修改配置文件
[root@server1 html]# /etc/init.d/httpd restart 重启阿帕其
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.2 for ServerName
[ OK ]
在真机测试已经有了健康维护:
[root@foundation38 Desktop]# curl 172.25.38.100 检测时候不会出错
server1 ----->此站点正在维护
[root@foundation38 Desktop]# curl 172.25.38.100
server1 ----->此站点正在维护
高可用集群和负载均衡集群:
安装keepalived软件的原因就是防止调度器出现错误导致整个系统崩溃
1.重新建立一个子盘进行实验操作:
[root@server1 html]# /etc/init.d/ldirectord stop 关闭服务
Stopping ldirectord... success
[root@server1 html]# chkconfig ldirectord off 物理性关闭
[root@server1 html]# cd
[root@server1 ~]# ls
ldirectord-3.9.5-3.1.x86_64.rpm
[root@server1 ~]# ls
keepalived-2.0.6.tar.gz ldirectord-3.9.5-3.1.x86_64.rpm
[root@server1 ~]# tar zxf keepalived-2.0.6.tar.gz 解压tar包
[root@server1 ~]# ls
keepalived-2.0.6 keepalived-2.0.6.tar.gz ldirectord-3.9.5-3.1.x86_64.rpm
[root@server1 ~]# cd keepalived-2.0.6
[root@server1 keepalived-2.0.6]# yum install -y openssl-devel 安装一个依赖性
[root@server1 keepalived-2.0.6]# ./configure --prefix=/usr/local 三步骤/keepalived --with-init=SYSV
[root@server1 keepalived-2.0.6]# make
[root@server1 keepalived-2.0.6]# make install
制作四个软链接
[root@server1 init.d]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d
[root@server1 etc]# ln -s /usr/local/keepalived/etc/keepalived/ /etc
[root@server1 etc]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server1 etc]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server1 etc]# which keepalived/
/usr/bin/which: no in (./keepalived)
[root@server1 etc]# which keepalived
/sbin/keepalived
[root@server1 etc]# ll /etc/init.d/keepalived
lrwxrwxrwx 1 root root 48 Jul 30 09:47 /etc/init.d/keepalived -> /usr/local/keepalived/etc/rc.d/init.d/keepalived
[root@server1 etc]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived 赋予权限
[root@server1 etc]# /etc/init.d/keepalived start 服务可以正常开启关闭
Starting keepalived: [ OK ]
[root@server1 etc]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server1 etc]# 
在server4安装scp:
[root@server4 ~]# yum whatprovides */scp 寻找安装包
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel-source | 3.9 kB 00:00
rhel-source/filelists_db | 3.8 MB 00:00
openssh-clients-5.3p1-94.el6.x86_64 : An open source SSH client applications
Repo : rhel-source
Matched from:
Filename : /usr/bin/scp
[root@server4 ~]# yum install -y openssh-clients-5.3p1-94.el6.x86_64 安装
将server1的keepalived传给server4:
[root@server1 etc]# cd /usr/local/
[root@server1 local]# ls
bin etc games include keepalived lib lib64 libexec sbin share src
[root@server1 local]# scp -r keepalived/ server4:/usr/local/
The authenticity of host 'server4 (172.25.254.4)' can't be established.
RSA key fingerprint is 72:d4:25:cc:f0:a5:32:80:82:ce:d6:ae:09:28:45:2b.
Are you sure you want to continue connecting (yes/no)? yes
在server4制作软链接开启服务:
[root@server4 ~]# cd /usr/local/
[root@server4 local]# ls
bin etc games include keepalived lib lib64 libexec sbin share src
[root@server4 local]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d 制作软链接
[root@server4 local]# ln -s /usr/local/keepalived/etc/keepalived/ /etc
[root@server4 local]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 local]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 local]# ll /etc/init.d/keepalived
lrwxrwxrwx 1 root root 48 Jul 30 10:12 /etc/init.d/keepalived -> /usr/local/keepalived/etc/rc.d/init.d/keepalived
[root@server4 local]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived 赋予权限
[root@server4 local]# /etc/init.d/keepalived start 可以正常的开启关闭服务
Starting keepalived: [ OK ]
[root@server4 local]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
2.进行高可用负载集群的配置:(server2和server3的httpd要打开)
在server1进行配置并将配置好的文件传递到server4:
[root@server1 etc]# cd keepalived/
[root@server1 keepalived]# ls
keepalived.conf samples
[root@server1 keepalived]# vim keepalived.conf
[root@server1 keepalived]# pwd
/etc/keepalived
[root@server1 keepalived]# scp keepalived.conf server4:/etc/keepalived
root@server4's password:
keepalived.conf 100% 862 0.8KB/s 00:00
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
server1安装邮件方便查看实验效果:
[root@server1 keepalived]# yum install mailx
在server4进行配置:
[root@server4 local]# cd /etc/keepalived/
[root@server4 keepalived]# ls
keepalived.conf samples
[root@server4 keepalived]# vim keepalived.conf
[root@server4 keepalived]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
server4安装邮件方便查看实验效果:
[root@server4 keepalived]# yum install mailx
在server1关闭服务破坏内核使其不能工作:
[root@server1 keepalived]# /etc/init.d/keepalived stop
Stopping keepalived: [FAILED]
[root@server1 keepalived]# /etc/init.d/keepalived status
keepalived is stopped
[root@server1 keepalived]# echo c >/proc/sysrq-trigger 
真机测试依旧可以正常工作(由于高可用机制server1坏掉之后server4会出来顶替工作):RS的httpd服务开启才可以
[root@foundation84 images]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 images]# curl 172.25.254.100
www.westos.org
[root@foundation84 images]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 images]# curl 172.25.254.100
www.westos.org
在server4查看server4已经接管了server1的IP:
[root@server4 keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:ef:7f:b9 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.4/24 brd 172.25.254.255 scope global eth0
inet 172.25.254.100/32 scope global eth0
inet6 fe80::5054:ff:feef:7fb9/64 scope link
valid_lft forever preferred_lft forever
You have new mail in /var/spool/mail/root
在server2关闭httpd:
[root@server2 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]在真机测试的时候不会进行轮询
[root@foundation84 images]# curl 172.25.254.100
bbs.westos.org
[root@foundation84 images]# curl 172.25.254.100 三秒时间未到刷新会出现问题
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 images]# curl 172.25.254.100
bbs.westos.org
将server3的阿帕其关闭:
[root@server3 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]在真机测试本地不会接替让VS访问:
[root@foundation84 images]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 images]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 images]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused
[root@foundation84 images]# curl 172.25.254.100
curl: (7) Failed connect to 172.25.254.100:80; Connection refused