Enterprise high availability deployment-----------LVS+Keepalived (personal finishing)

一，Keepalived

Solve the danger of a single server bearing a single point of failure in the application

Introduction

A health check tool specially designed for LVS and HA

• Support automatic failover
• Support node health check
• Official website: http://www.keepalived.org/

Second, build LVS+Keepalived

• VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers
• Keepalived can realize multi-machine hot backup, each hot backup group can have multiple servers
• We are dual-system hot backup. The failover of dual-system hot backup is realized by the drift of virtual ip address, which is suitable for various application servers.

Prepare the environment:

Based on the operation of LVS-DR, a standby scheduler was added, and the configuration was changed.

Master scheduler:	192.168.100.25 vip address: ens33:0 192.168.100.100
Standby scheduler:	192.168.100.29
web1：	192.168.100.26 vip address: lo:0 192.168.100.100
web2：	192.168.100.27 vip address: lo:0 192.168.100.100
nfs storage:	192.168.100.28

Main scheduler configuration:

1. Install Keepalived ipvsadm

root@localhost ~]# yum -y install keepalived ipvsadm

2. Configure the keepalived.conf configuration file

[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bakup
[root@localhost keepalived]# vi keepalived.conf
global_defs {
    
    
   router_id HA_TEST_R1
}
vrrp_instance VI_1 {
    
    
   state MASTER
   interface ens33
   virtual_router_id 1
   priority 100
   advert_int 1
   authentication {
    
    
      auth_type PASS
      auth_pass 123456
   }
   virtual_ipaddress {
    
    
      192.168.100.100
   }
}

virtual_server 192.168.100.100 80 {
    
    
    delay_loop 15
    lb_algo rr
    lb_kind DR
    persistence 60
    protocol TCP

    real_server 192.168.100.26 80 {
    
    
        weight 1
        TCP_CHECK {
    
    
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }
    real_server 192.168.100.27 80 {
    
    
        weight 1
        TCP_CHECK {
    
    
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }

Regional configuration module explanation:
global_defs {: define the router_id of this router
vrrp_instance VI_1 {: define the VRRP hot standby real column
virtual_ipaddress {: define the drift address (VIP), which can be multiple
virtual_server 192.168.100.10 80 {: define the virtual server address ( VIP), port
real_server 192.168.100.26 80 {: Define the address and port of the WEB site

3. Start keepalived and self-start after boot, ipvsadm

systemctl start keepalived    
systemctl enable keepalived
systemctl enable ipvsadm

4. Configure the vip address 192.168.100.100

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes

ifup lo:0     #开启lo:0
ifconfig   

5. View the load strategy under configuration

[root@localhost ]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.100:80 rr
  -> 192.168.100.26:80            Route   1      0          0         
  -> 192.168.100.27:80            Route   1      0          0     

6. View VIP information

ip addr show

 ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:da:8c:3c brd ff:ff:ff:ff:ff:ff
    inet 《192.168.100.25/24》 brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 《192.168.100.100/32》scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::a33e:6402:8d1:c2aa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

7. Adjust the /proc response parameters (optimized kernel parameters)

vi /etc/sysctl.conf 

net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

sysctl  -p

Backup scheduler configuration:

We only need to configure the keepalive configuration file to set priority to upgrade, router_id, bakup (backup)
LVS scheduling rules are also in the keepalived.conf configuration file, which can be directly generated

1. Install Keepalived ipvsadm

root@localhost ~]# yum -y install keepalived ipvsadm

2. Configure the keepalived.conf configuration file

[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bakup
[root@localhost keepalived]# vi keepalived.conf

global_defs {
    
    
   router_id HA_TEST_R2
}
vrrp_instance VI_1 {
    
    
   state BACKUP
   interface ens33
   virtual_router_id 1
   priority 99
   advert_int 1
   authentication {
    
    
      auth_type PASS
      auth_pass 123456
   }
   virtual_ipaddress {
    
    
      192.168.100.100
   }
}

virtual_server 192.168.100.100 80 {
    
    
    delay_loop 15
    lb_algo rr
    lb_kind DR
    persistence 60
    protocol TCP

    real_server 192.168.100.26 80 {
    
    
        weight 1
        TCP_CHECK {
    
    
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }
    real_server 192.168.100.27 80 {
    
    
        weight 1
        TCP_CHECK {
    
    
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }
}       

3. Start keepalived and self-start after boot, ipvsadm

systemctl start keepalived    
systemctl enable keepalived
systemctl enable ipvsadm

4. View the load strategy under configuration

[root@localhost ]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.100:80 rr
  -> 192.168.100.26:80            Route   1      0          0         
  -> 192.168.100.27:80            Route   1      0          0     

Three, hyperlinks (build web, nfs)

There are still three servers that are not configured (web1, web2, nfs storage)
web server and nfs storage service, see the LVS-DR mode deployment of the blogger classification load cluster.
Refer to the web and nfs part of the steps. Here is the hyperlink:
link: see web, Steps to build nfs storage...

Fourth, verify LVS+Keepalived

After verifying by cmd, whether to do failover, VIP address transfer! !

1. First verify that it is normal:

2. Keep pinging the vip address; let the main scheduler disconnect and see if the mac address changes and the vip address drifts

3. Check whether the VIP address drifts to the standby scheduler

ip addr show

 ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:9e:cf:4e brd ff:ff:ff:ff:ff:ff
    inet   <192.168.100.29/24>    brd 192.168.100.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet    <192.168.100.100/32>   scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::f50a:6f87:cda8:5a2d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever