LVS-DR mode + Keepalived deployment experiment, simple! ! !

Preface

For those who don't know much about the theory, you can check the blog
link I wrote before : https://blog.csdn.net/m0_47219942/article/details/108368922 .

lab environment

• In order to further improve the load capacity of the company's website, the company decided to expand the existing website platform and build a load balancing cluster based on LVS. Considering the access efficiency of the cluster, the administrator is going to adopt the DR mode of the LVS cluster, and the shared storage device is stored in the internal private network

• Five centos7 virtual machines

  • LVS1: 192.168.100.130
  • LVS2:192.168.100.129
  • Web1:192.168.100.201
  • Web2:192.168.100.202
  • VIP:192.168.100.10
  • Win 7:192.168.100.100

Experimental topology diagram

Purpose

The win7 client can successfully access the content of the web node server by accessing the drifting IP address of the lvs scheduler

Scheduler configuration

• Install the toolkit on both LVS servers

 yum install keepalived ipvsadm -y	'keepalived：双机热备要用到的，ipvsadm：调度管理要用'

• Both LVS servers turn on routing and forwarding, and turn off redirection

vim /etc/sysctl.conf
'尾行插入下段配置'
net.ipv4.ip_forward=1
'proc响应关闭重定向功能'
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p	'重载配置，立即生效'
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

• Both LVS servers modify the network card to host-only mode

• Both LVS servers are configured with IP addresses for ens33 and ⅥP addresses for ens33:0

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0	
[root@localhost network-scripts]# vim ifcfg-ens33:0	'配置虚拟ip地址'
'删除原本内容，添加以下配置'
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容，修改为static'
BOOTPROTO=static
'...省略内容，尾行添加内容'
IPADDR=192.168.100.130
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0	'配置虚拟ip地址'
'删除原本内容，添加以下配置'
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容，修改为static'
BOOTPROTO=static
'...省略内容，尾行添加内容'
IPADDR=192.168.100.129
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

• Both LVS servers create scripts to facilitate service management

cd /etc/init.d
vim dr.sh
#'编辑以下脚本内容'
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.10		#'虚拟IP'
RIP1=192.168.100.201	#'真实web服务器ip'
RIP2=192.168.100.202
case "$1" in
start)
  /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm	#'保存配置'
  systemctl start ipvsadm		#'启动服务'
  /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
  /sbin/route add -host $VIP dev ens33:0	#'添加路由网段信息'
  /sbin/ipvsadm -A -t $VIP:80 -s rr		#'指定虚拟服务访问入口，指定轮询算法'
  /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g	#'指定真实服务器，-g表示dr模式'
  /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
  echo "ipvsadm starting [ok]"
  ;;
  stop)
  /sbin/ipvsadm -C		#'清空缓存'
  systemctl stop ipvsadm		#'关闭服务'
  ifconfig ens33:0 down		#'关闭接口'
  route del $VIP		#'删除路由信息'
  echo "ipvsadm stoped [ok]"
  ;;
  status)
  if [ ! -e /var/lock/subsys/ipvsadm ];then	#'判断文件存在与否决定状态'
  echo "ipvsadm stoped"
  exit 1
	else
	echo "ipvsadm Runing [ok]"
  fi
  ;;
  *)
  echo "Usage:$0 {start|stop|status}"
  exit 1
  esac
  exit 0
[root@localhost init.d]# chmod +x dr.sh
[root@localhost init.d]# service dr.sh start
ipvsadm starting [ok]
[root@localhost init.d]# systemctl stop firewalld.service 
[root@localhost init.d]# setenforce 0

Configure two node servers

• Install and configure httpd service on two node servers

 yum install httpd -y

• Configure two node IP addresses to bind VIP
  • In LVS-DR, two node servers must be configured to bind VIP addresses
  • The VIP address is only used as the source address of the web response packet and does not monitor the client's access request
  • Are modified to host-only mode

• The two node servers configure IP addresses for ens33 and VIP addresses for lo:0

cd /etc/sysconfig/network-scripts
cp -p ifcfg-lo ifcfg-lo:0
vim ifcfg-lo 0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=yes
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容，修改为static'
BOOTPROTO=static
'...省略内容，尾行添加内容'
IPADDR=192.168.100.201
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
'其中web2服务器修改为192.168.100.202'
IPADDR=192.168.100.202

• Two node server configuration suppresses ARP response

'配置抑制ARP脚本'
[root@localhost network-scripts]# vim /etc/init.d/web.sh
#!/bin/bash
VIP=192.168.100.10
                case "$1" in
                start)
                                ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
                                /sbin/route add -host $VIP dev lo:0
                                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore   'arp忽略'
                                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
                                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
                                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
                                sysctl -p >/dev/null 2>&1
                                echo "RealServer Start OK "
                                ;;
                stop)
                                ifconfig lo:0 down
                                route del $VIP /dev/null 2>&1
                                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore 'arp开启'
                                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
                                echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
                                echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
                                echo "RealServer Stopd"
                                ;;
                *)
                                echo "Usage: $0 {start|stop}"
                                exit 1
                esac
                exit 0
[root@localhost network-scripts]# chmod +x /etc/init.d/web.sh 

• Two node server configuration test URL

Create test webpages separately, the content of the test webpages should be different to distinguish different node servers

cd /var/www/html
echo "this is kevin web" > index.html
[root@wlocalhost ~]# vim /var/www/html/index.html
<h1>this is benet web</h1>

• Restart the network card, open the virtual port, open the LVS service, close the firewall

systemctl restart network
ifup ens33:0
service dr.sh start
systemctl start httpd
systemctl stop firewalld
setenforce  0

Dual-system hot backup keepalived configuration

[root@localhost ~]# vim /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
    
    
   notification_email {
    
    
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1	'邮件协议指向自己'
   smtp_connect_timeout 30
   router_id LVS_01	    'router_id不能相同'
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    
    
    state MASTER	'主服务器为MASTER，备服务器为BACKUP'
    interface ens33
    virtual_router_id 51	'主备组号要相同'
    priority 100	'优先级，备服务器的优先级要小于主'
    advert_int 1
    authentication {
    
    
        auth_type PASS
        auth_pass 1111	   '主备密码要相同'
    }
    virtual_ipaddress {
    
    
        192.168.100.10
    }
}
virtual_server 192.168.100.10 80 {
    
    
    delay_loop 6
    lb_algo rr	'轮询算法'
    lb_kind DR	'修改为DR模式'
    persistence_timeout 50
    protocol TCP

real_server 192.168.100.201 80 {
    
    	'节点1配置'
    weight 1
    TCP_CHECK {
    
    
        connect_port 80
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
    }
}

real_server 192.168.100.202 80 {
    
    		'节点2配置'
    weight 1
    TCP_CHECK {
    
    
        connect_port 80
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
    }
}

}

• The difference between the second lvs scheduler and the first scheduler

[root@localhost keepalived]# scp keepalived.conf root@192.168.100.130:/etc/keepalived/   '将keepalived.conf文件远程复制到130调度服务器上'
The authenticity of host '192.168.100.130 (192.168.100.130)' can't be established.
ECDSA key fingerprint is SHA256:W+MleaejDosjJJV1F2noJPAGWA/d2qESydwosqTqWWw.
ECDSA key fingerprint is MD5:68:5f:ee:e5:76:ca:96:01:5d:d8:b9:1f:4b:5a:58:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.130' (ECDSA) to the list of known hosts.
root@192.168.100.130's password: 
keepalived.conf                                      100% 1195     1.0MB/s   00:00 
[root@localhost ~]# vim /etc/keepalived/keepalived.conf 
'只需要修改三个地方'
...省略内容
router_id LVS_02    'router_id不能相同'
...省略内容
vrrp_instance VI_1 {
    
    
    state BACKUP	'此处选择为BACKUP备服务器'
    priority 90	   '优先级需要低于主服务器'
...省略内容
'其他配置都相同'

• Turn on keepalived service and network card service

systemctl start keepalived
service network restart

• Two DR scheduling servers are viewed through ifconfig

test

• Client configuration

Pay attention to the point of the last page: If the content of the same web page is refreshed all the time, clear the cache, wait for the cache time to expire, and then visit again