LVS+Keepalived cluster
- One, understand the implementation principle of Keelalived
- 3. Experimental LVS+Keelalived high-availability cluster deployment
-
- 3.1, case deployment configuration
- 3.2, configure the main scheduler 192.168.100.21
- 3.3. Configure the slave scheduler 192.168.100.22
- 3.4. Configure storage server: 192.168.100.25
- 3.5. Configure WEB 1 server: 192.168.100.23
- 3.5. Configure WEB 2 server: 192.168.100.24
- 3.6. Test whether the master and slave schedulers work normally
- 3.7, now verify load balancing polling
One, understand the implementation principle of Keelalived
Keepalived is a powerful auxiliary tool designed specifically for LVS. It is mainly used to provide failover and health check functions-to determine the availability of LVS load scheduler and node server, isolate and replace it with a new server in time, when the failed host recovers Then rejoin it to the cluster.
■A health check tool specially designed for LVS and HA
- Support automatic failover (Failover)
- Support node health check status (Health Checking)
- Official website: http://www.keepalived.org/ (If you are interested, you can check it out)
1.1, Keepalived case analysis
In enterprise applications, a single server bears the risk of a single point of failure of the application. In an enterprise application cluster, there are at least two single point of failure risks.
Once a single point of failure occurs, the enterprise services will be interrupted, causing great harm
1.2 Overview of LVS+Keepalived high availability cluster
The design goal of Keepalived is to build a usable LVS load balancing cluster. You can call the ipvsadm tool to create virtual servers and manage server pools, not just for dual-system hot backup. Using keepalived to build an LVS cluster is easier and easier to use. The main advantages are: realizing hot standby switching of the LVS load scheduler, improving availability, performing health checks on nodes in the server pool, automatically removing failed nodes, and rejoining after recovery.
In the LVS cluster structure implemented based on LVS-Keepalived, it includes at least two hot standby load schedulers and two or more node servers. In this example, based on the LVS cluster in DR mode, one slave load scheduler will be added. Use Keepalived to realize the hot backup of the master and slave schedulers, so as to build an LVS website cluster platform with load balancing and high availability.
When using Keepalived to build an LVS cluster, you also need to use the ipvsadm management tool, but most of the work will be done automatically by Keepalived, without the need to manually execute ipvsadm.
1.3 Analysis of Keepalived Implementation Principle
■Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server.
■VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers.
- Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
- Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
- If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services
1.4, Keepalived case explanation
■The failover of dual-system hot backup is realized by the drift of virtual IP address, which is suitable for various application servers.
■Realize dual-system hot backup based on WEB service
【交 换 机】
●
● 漂移地址:192.168.100.100
●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
● ● ● ● ●
● ● ● ● ●
● ● ● ● ●
【调度器1】 【调度器2】 【WEB1】 【WEB2】 【存储】
192.168.100.21 192.168.100.22 192.168.100.23 192.168.100.24 192.168.100.25
1.4.1, configure keepalived master server
■ The keepalived configuration directory is located at /etc/keepalived/
■ keepalived.conf is the main configuration file
- global_defs {…} section specifies global parameters
- vrrp_instance instance name {...} section specifies VRRP hot standby parameters
- The comment text begins with the "!" symbol
- Directory samples/, provides many configuration samples as reference
■Common configuration options explained
- router_id HA_TEST_R1: The name of the router (server)
- vrrp_instance VI_1: Define VRRP hot standby instance
- state MASTER: Hot standby state, MASTER represents the master server
- interface ens33: the physical interface that carries the VIP address
- virtual_router_id 1: The ID number of the virtual router, which is consistent for each hot standby group
- The ID number of the hot backup group, indicating whether it is in a hot backup group
- priority 100: priority, the larger the value, the higher the priority
- advert_int 1: The number of seconds between notifications (heartbeat frequency)
- auth_type PASS: authentication type
- auth_pass 123456: password string
- virtual_ipaddress {vip}: Specify a drift address (VIP), there can be multiple
1.4.2, configure keepalived slave server
■keppalived backup server configuration and master configuration have three options
- router_id: set as free name
- state: set to BACKUP
- priority: The priority value is lower than the primary server
■Other options are the same as master
3. Experimental LVS+Keelalived high-availability cluster deployment
3.1, case deployment configuration
| name | operating system | IP address |
|---|---|---|
| LVS-Master | Centos7.6-x86_64 | 192.168.100.21 |
| LVS-Backup | Centos7.6-x86_64 | 192.168.100.22 |
| WebserverA | Centos7.6-x86_64 | 192.168.100.23 |
| Web server B. | Centos7.6-x86_64 | 192.168.100.24 |
| NFS share | Centos7.6-x86_64 | 192.168.100.25 |
Here our drift address (VIP): 192.168.100.10
First of all, when we do the experiment, we must first turn off the firewall and core protection of the 5 virtual machines, and configure the local Yum source.
3.2, configure the main scheduler 192.168.100.21
- Adjust /proc response parameters
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###使其生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
- Clear load distribution strategy
[root@localhost /]# ipvsadm -C
- Adjust keepalived parameters
global_defs {
router_id HA_TEST_R1 ####本路由器的服务器名称 HA_TEST_R1
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state MASTER ####热备状态,master表示主服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 100 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
####虚拟服务器地址(VIP)、端口
delay_loop 15 ####健康检查的时间间隔(秒)
lb_algo rr ####轮询调度算法
lb_kind DR ####直接路由(DR)群集工作模式
persistence 60 ####连接保持时间(秒),若启用请去掉!号
protocol TCP ####应用服务采用的是TCP协议
real_server 192.168.100.23 80 {
####第一个WEB站点的地址,端口
weight 1 ####节点的权重
TCP_CHECK {
####健康检查方式
connect_port 80 ####检查端口目标
connect_timeout 3 ####连接超时(秒)
nb_get_retry 3 ####重试次数
delay_before_retry 4 ####重试间隔(秒)
}
}
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b5:da:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global noprefixroute ens33 ## IP地址
valid_lft forever preferred_lft forever
inet 192.168.100.100/32 scope global ens33 ## 漂移地址
valid_lft forever preferred_lft forever
inet6 fe80::c574:d230:3778:e9dd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.3. Configure the slave scheduler 192.168.100.22
- Adjust /proc response parameters
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p ###生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
- Clear load distribution strategy
[root@localhost /]# ipvsadm -C
- Adjust keepalived parameters
global_defs {
router_id HA_TEST_R2 ####本路由器的服务器名称 HA_TEST_R2
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state BACKUP ####热备状态,backup表示辅服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 99 ####优先级,优先级越大优先级越高,这里的优先级要比主机小!
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
3.4. Configure storage server: 192.168.100.25
[root@localhost ~]# rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
[root@localhost ~]# rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# vi /etc/exports
/opt/Tom 192.168.100.0/24(rw,sync)
/opt/Jack 192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# mkdir /opt/Tom /opt/Jack
[root@localhost ~]# echo "this is Tom" >/opt/Tom/index.html
[root@localhost ~]# echo "this is Jack" >/opt/Jack/index.html
[root@localhost ~]# showmount -e
Export list for localhost.localdomain:
/opt/Jack 192.168.100.0/24
/opt/Tom 192.168.100.0/24
3.5. Configure WEB 1 server: 192.168.100.23
- Configure virtual IP address
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# sudo yum install net-tools ## 最小化安装需要装这个,才可以用 ifconfig
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
- Adjust /proc response parameters
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
- Install httpd mount test page
[root@localhost network-scripts]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.25 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.25:
/opt/Jack 192.168.100.0/24
/opt/Tom 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.25:/opt/Tom /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.25:/opt/Tom /var/www/html nfs defaults,_netdev 0 0 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# init 6 ## 重启测试一下
[root@localhost ~]# curl 192.168.100.23
this is Tom
You can also enter 192.168.100.23 in the browser to test
3.5. Configure WEB 2 server: 192.168.100.24
- Configure virtual IP address
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0
[root@localhost network-scripts]# sudo yum install net-tools ## 最小化安装需要装这个,才可以用 ifconfig
[root@localhost network-scripts]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.10 dev lo:0
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0
- Adjust /proc response parameters
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
- Install httpd mount test page
[root@localhost network-scripts]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.25 ####如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.25:
/opt/Jack 192.168.100.0/24
/opt/Tom 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.25:/opt/Jack /var/www/html/
[root@localhost ~]# vi /etc/fstab
192.168.100.25:/opt/Jack /var/www/html nfs defaults,_netdev 0 0 ###开机自动挂载,注意格式对齐
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# init 6 ## 重启测试一下
[root@localhost ~]# curl 192.168.100.24
this is Jack
You can also enter 192.168.100.24 in the browser to test
3.6. Test whether the master and slave schedulers work normally
1. The MAC address of the main scheduler ens33 network card: 00:0c:29:b5:da:33
2. Open cmd on the real machine to test ping 192.168.100.100
3. Arp -a found that the MAC in the cache table is 00:0c:29: b5:da:33
proves that the MAC address of the data packet to the main scheduler is lost
Check it out
4. Now close keepalived in the main scheduler
[root@localhost ~]# systemctl status keepalived
5. Then input ip addr show from the scheduler, and the drift address has reached the slave scheduler. At this time, the slave scheduler preempts the master scheduler to work.
6. From the scheduler ens33 network card MAC address: 00:0c:29:53:1f:1a
7. Open cmd on the real machine to test ping 192.168.100.100
8. Arp -a finds that the MAC in the cache table is 0:0c:29:53:1f:1a, which shows that when the master scheduler is down, the slave scheduler has replaced the master scheduler for work, which proves that the data packet goes to the slave The MAC address of the scheduler is lost.
Check it out
9. Re-open keepalived.service again
### 开启keepaliced
[root@localhost keepalived]# systemctl start keepalived.service
3.7, now verify load balancing polling
- Enter 192.168.100.100 in the browser
Now it’s "this is Jack"
- The next time the page is refreshed, it will cycle to another page, during which there will be a waiting time
Now it is "This is Tom" and the verification is successful!
Here we are todayLVS+Keepalived clusterThe learning is over.
The key points to master in this chapter are:
- Main functions of Keepalived
- The difference between Keepalived master server and slave server
- Build load balancing + high availability cluster