LVS+Keepalived cluster
One, understand the implementation principle of Keelalived
Keepalived is a powerful auxiliary tool designed specifically for LVS. It is mainly used to provide failover and health check functions-to determine the availability of LVS load scheduler and node server, isolate and replace it with a new server in time, when the failed host recovers Then rejoin it to the cluster.
■A health check tool specially designed for LVS and HA
- Support automatic failover (Failover)
- Support node health check status (Health Checking)
- Official website: http://www.keepalived.org/ (If you are interested, you can check it out)
1.1, Keepalived case analysis
In enterprise applications, a single server bears the risk of a single point of failure of the application. In an enterprise application cluster, there are at least two single point of failure risks.
Once a single point of failure occurs, the enterprise services will be interrupted, causing great harm
1.2 Overview of LVS+Keepalived high availability cluster
The design goal of Keepalived is to build a usable LVS load balancing cluster. You can call the ipvsadm tool to create virtual servers and manage server pools, not just for dual-system hot backup. Using keepalived to build an LVS cluster is easier and easier to use. The main advantages are: realizing hot standby switching of the LVS load scheduler, improving availability, performing health checks on nodes in the server pool, automatically removing failed nodes, and rejoining after recovery.
In the LVS cluster structure implemented based on LVS-Keepalived, it includes at least two hot standby load schedulers and two or more node servers. In this example, based on the LVS cluster in DR mode, one slave load scheduler will be added. Use Keepalived to realize the hot backup of the master and slave schedulers, so as to build an LVS website cluster platform with load balancing and high availability.
When using Keepalived to build an LVS cluster, you also need to use the ipvsadm management tool, but most of the work will be done automatically by Keepalived, without the need to manually execute ipvsadm.
1.3 Analysis of Keepalived Implementation Principle
■Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server.
■VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers.
- Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
- Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
- If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services
1.4, Keepalived case explanation
■The failover of dual-system hot backup is realized by the drift of virtual IP address, which is suitable for various application servers.
■Realize dual-system hot backup based on WEB service
【交 换 机】
●
● 漂移地址:192.168.100.100
●
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
● ● ● ● ●
● ● ● ● ●
● ● ● ● ●
【调度器1】 【调度器2】 【WEB1】 【WEB2】 【存储】
192.168.100.21 192.168.100.22 192.168.100.23 192.168.100.24 192.168.100.25
1.4.1, configure keepalived master server
■ The keepalived configuration directory is located at /etc/keepalived/
■ keepalived.conf is the main configuration file
- global_defs {…} section specifies global parameters
- vrrp_instance instance name {...} section specifies VRRP hot standby parameters
- The comment text begins with the "!" symbol
- Directory samples/, provides many configuration samples as reference
■Common configuration options explained
- router_id HA_TEST_R1: The name of the router (server)
- vrrp_instance VI_1: Define VRRP hot standby instance
- state MASTER: Hot standby state, MASTER represents the master server
- interface ens33: the physical interface that carries the VIP address
- virtual_router_id 1: The ID number of the virtual router, which is consistent for each hot standby group
- The ID number of the hot backup group, indicating whether it is in a hot backup group
- priority 100: priority, the larger the value, the higher the priority
- advert_int 1: The number of seconds between notifications (heartbeat frequency)
- auth_type PASS: authentication type
- auth_pass 123456: password string
- virtual_ipaddress {vip}: Specify a drift address (VIP), there can be multiple
1.4.2, configure keepalived slave server
■keppalived backup server configuration and master configuration have three options
- router_id: set as free name
- state: set to BACKUP
- priority: The priority value is lower than the primary server
■Other options are the same as master
2. Experimental LVS+Keelalived high-availability cluster deployment
2.1, case deployment configuration
| name | operating system | IP address |
|---|---|---|
| LVS-Master | Centos7.6-x86_64 | 192.168.100.21 |
| LVS-Backup | Centos7.6-x86_64 | 192.168.100.22 |
| WebserverA | Centos7.6-x86_64 | 192.168.100.23 |
| Web server B. | Centos7.6-x86_64 | 192.168.100.24 |
| NFS share | Centos7.6-x86_64 | 192.168.100.25 |
First of all, when we do the experiment, we must first turn off the firewall and core protection of the 5 virtual machines, and configure the local Yum source.
IP address planning:
Drift address (VIP): 192.168.100.100
Primary scheduler: 192.168.100.21
Secondary scheduler: 192.168.100.22
WEB server 1: 192.168.100.23
WEB server 2: 192.168.100.24
Storage server: 192.168.100.25
#####配置主调度器 192.168.32.21 ####### 关闭防火墙
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R1 ####本路由器的服务器名称 HA_TEST_R1
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state MASTER ####热备状态,master表示主服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 100 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
####虚拟服务器地址(VIP)、端口
delay_loop 15 ####健康检查的时间间隔(秒)
lb_algo rr ####轮询调度算法
lb_kind DR ####直接路由(DR)群集工作模式
persistence 60 ####连接保持时间(秒),若启用请去掉!号
protocol TCP ####应用服务采用的是TCP协议
real_server 192.168.100.23 80 {
####第一个WEB站点的地址,端口
weight 1 ####节点的权重
TCP_CHECK {
####健康检查方式
connect_port 80 ####检查端口目标
connect_timeout 3 ####连接超时(秒)
nb_get_retry 3 ####重试次数
delay_before_retry 4 ####重试间隔(秒)
}
}
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fifo_fast state UP group default qlen 1000
link/ether 00:0c:29:bb:29:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:febb:29cc/64 scope link
valid_lft forever preferred_lft forever
#####配置辅调度器 192.168.100.22 ####### 关闭防火墙
【1】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
【2】调整keepalived参数
[root@localhost ~]# yum -y install keepalived ipvsadm
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# vi keepalived.conf
global_defs {
router_id HA_TEST_R2 ####本路由器的服务器名称 HA_TEST_R2
}
vrrp_instance VI_1 {
####定义VRRP热备实列
state BACKUP ####热备状态,backup表示辅服务器
interface ens33 ####表示承载VIP地址的物理接口
virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
priority 99 ####优先级,优先级越大优先级越高
advert_int 1 ####通告间隔秒数(心跳频率)
authentication {
####认证信息,每个热备组保持一致
auth_type PASS ####认证类型
auth_pass 123456 ####认证密码
}
virtual_ipaddress {
####漂移地址(VIP),可以是多个
192.168.100.100
}
}
virtual_server 192.168.100.100 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence 60
protocol TCP
real_server 192.168.100.23 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.24 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
[root@localhost keepalived]# systemctl start keepalived ####启动keepalived
[root@localhost keepalived]# systemctl enable keepalived ####开机启动keepalived
[root@localhost keepalived]# ip addr show dev ens33 ####查看主控制IP地址和漂移地址
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:44:0b:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.22/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe44:b2a/64 scope link
valid_lft forever preferred_lft forever
#####配置存储服务器:192.168.100.25#####
rpm -q nfs-utils ###如果没装,yum -y install nfs-utils
rpm -q rpcbind ###如果没装,yum -y install rpcbind
[root@localhost ~]# vi /etc/exports
/opt/51xit 192.168.100.0/24 (rw,sync)
/opt/52xit 192.168.100.0/24 (rw,sync)
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# echo "this is 51xit" >/opt/51xit/index.html
[root@localhost ~]# echo "this is 52xit" >/opt/52xit/index.html
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# systemctl enable nfs
#####配置节点服务器:192.168.100.23####
[root@localhost ~]# yum -y install httpd ###安装Apache
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# yum -y install nfs-utils ###安装nfs
[root@localhost ~]# mount 192.168.100.25:/opt/51xit /var/www/html/ ###临时挂载
###测试:浏览器输入192.168.100.23就能看见51网页###
[root@localhost ~]# vi /etc/fstab
192.168.100.25:/opt/51xit /var/www/html nfs defaults,_netdev 0 0 ###永久挂载
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ ###进入网卡目录
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 ###复制一个网卡,命名为lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0 ###里面只留下面四行配置
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0 ###重启网卡
[root@localhost network-scripts]# ifconfig ###查看一下
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0 ###手工配置一条路由
[root@localhost network-scripts]# vi /etc/rc.local
/sbin/route add -host 192.168.100.100 dev lo:0
#####配置节点服务器:192.168.100.24####
[root@localhost ~]# yum -y install httpd ###安装Apache
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# yum -y install nfs-utils ###安装nfs
[root@localhost ~]# mount 192.168.100.25:/opt/52xit /var/www/html/ ###临时挂载
###测试:浏览器输入192.168.100.24就能看见52网页###
[root@localhost ~]# vi /etc/fstab
192.168.100.25:/opt/52xit /var/www/html nfs defaults,_netdev 0 0 ###永久挂载
【1】配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ ###进入网卡目录
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 ###复制一个网卡,命名为lo:0
[root@localhost network-scripts]# vi ifcfg-lo:0 ###里面只留下面四行配置
DEVICE=lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup lo:0 ###重启网卡
[root@localhost network-scripts]# ifconfig ###查看一下
【2】调整/proc响应参数
[root@localhost network-scripts]# vi /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
[root@localhost network-scripts]# route add -host 192.168.100.10 dev lo:0 ###手工配置一条路由
Test: Enter 192.168.100.100 in the browser, and one of the websites will appear, and the other website will appear after refreshing after a while, and the LVS+Keepalived load balancing is done.
