Load balancing LVS+Keepalived cluster

One, Keepalived case analysis

1. In the enterprise, a single server bears the risk of a single point of failure in the application.
2. Once a single point of failure occurs, the enterprise services will be interrupted, causing great danger

2. Introduction to Keepalived tool

1. Support automatic failover (Failover)
2. Support node health check (Health Checking)

• Determine the availability of the LVS load scheduler and node server. When the master host fails, switch to the backup node to ensure normal business. When the master fails, it will rejoin the cluster and the business will be switched back to the master node.

3. Official website: http://www.keepalived.org/

Three, Keepalived realization principle analysis

1. Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server.
2. VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers.

• Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
• There is only one master router in each hot backup group at the same time to provide services, and other routers are in a redundant state.
  3. If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services

Fourth, keepalived high-availability cluster deployment steps

The failover of double-click hot standby is realized by the drift of virtual IP address, which is suitable for various application servers.
Realize dual-system hot standby based on Web services

Setting up environment:
main DR server (load scheduler) (centos7-5): 192.168.200.50
standby DR server (load scheduler) (centos7-4): 192.168.200.40
Web server 1 (centos7-6): 192.168.200.60
Web Server 2 (centos7-7): 192.168.200.70
NFS server (centos7-8): 192.168.200.80
VIP: 192.168.200.188
Windows10 client: 192.168.200.200

------------------LVS deployment----------------------------

1. Configure the load scheduler (main and standby are the same)

systemctl stop firewalld.service 
systemctl disable firewalld.service 
setenforce 0

yum install -y ipvsadm
modprobe ip_vs         #加载ip_vs模块
cat /proc/net/ip_vs    #查看ip_vs版本信息

vim /etc/sysctl.conf
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

sysctl -p

cd /etc/sysconfig/network-scripts/
cp ifcfg-ens33 ifcfg-ens33:0

vim ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.200.188
NETMASK=255.255.255.255

systemctl restart network
ifup ens33:0
ifconfig ens33:0

ipvsadm-save > /etc/sysconfig/ipvsadm
或者
ipvsadm  --save > /etc/sysconfig/ipvsadm

systemctl start ipvsadm.service

ipvsadm -C     #清除原有策略
ipvsadm -A -t 192.168.200.188:80 -s rr
ipvsadm -a -t 192.168.200.188:80 -r 192.168.200.60:80 -g    #若为隧道模式，-g替换为-i
ipvsadm -a -t 192.168.200.188:80 -r 192.168.200.70:80 -g

ipvsadm -ln   #查看节点状态，Route代表 DR模式

2. Deploy shared storage

systemctl stop firewalld.service 
systemctl disable firewalld.service 
setenforce 0

yum install -y nfs-utils rpcbind

systemctl start nfs.service 
systemctl start rpcbind.service
systemctl enable nfs.service 
systemctl enable rpcbind.service

mkdir /opt/gcc /opt/benet
chmod 777 /opt/gcc/ /opt/benet/

vim /etc/exports
/usr/share *(ro,sync)
/opt/gcc 192.168.200.0/24(rw,sync)     #/24与()之间不能有空格
/opt/benet 192.168.200.0/24(rw,sync)

exportfs -rv
showmount -e

3. Configure the node server

systemctl stop firewalld.service 
systemctl disable firewalld.service 
setenforce 0

#将两个节点服务器的网关和DNS注释掉后重启网卡，如果有网关服务器则指向网关服务器

（1）、配置虚拟 IP 地址（VIP：192.168.200.188）
#此地址仅用做发送 Web 响应数据包的源地址，并不需要监听客户机的访问请求（改由调度器监听并分发）。
因此使用虚接口 lo:0 来承载 VIP 地址，并为本机添加一条路有记录，将访问 VIP 的数据限制在本地，以避免通信紊乱。

cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.200.188
NETMASK=255.255.255.255     #注意子网掩码必须全为1
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
#NAME=loopback

ifup lo:0
ifconfig lo:0

route add -host 192.168.200.188 dev lo:0    #禁锢路由
route -n    #查看路由

vim /etc/rc.local
/sbin/route add -host 192.168.200.188 dev lo:0
chmod +x /etc/rc.d/rc.local

（2）、调整内核的ARP 响应参数以阻止更新 VIP 的MAC 地址，避免发生冲突
vim /etc/sysctl.conf
......
net.ipv4.conf.lo.arp_ignore = 1   #系统只响应目的IP为本地IP的ARP请求
net.ipv4.conf.lo.arp_announce = 2  #系统不使用IP包的源地址来设置ARP请求的源地址，而选择发送接口的IP地址
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

sysctl -p

或者
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

yum install -y nfs-utils rpcbind httpd
systemctl start rpcbind
systemctl start httpd


----------192.168.200.60-----------------
mount.nfs 192.168.200.80:/opt/gcc /var/www/html/
echo 'this is gcc web!' > /var/www/html/index.html

#设为自动挂载
vim /etc/fstab 
192.168.200.80:/opt/gcc /var/www/html nfs defaults,_netdev 0 0

mount -a


----------192.168.200.70-----------------
mount.nfs 192.168.200.80:/opt/benet /var/www/html/
echo 'this is benet web!' > /var/www/html/index.html

#设为自动挂载
vim /etc/fstab 
192.168.200.80:/opt/benet /var/www/html nfs defaults,_netdev 0 0

mount -a

4. Configure keepalived (set on the primary and standby DR servers)

yum install -y keepalived
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs {
    
        #定义全局参数
----10行，修改邮件服务指向本地-----
smtp_server 127.0.0.1
----12行，修改，指定服务器（路由器）的名称，主备服务器名称须不同，主为LVS_01,备为LVS_02
router_id LVS_01
}

vrrp_instance VI_1 {
    
        #定义VRRP热备实例参数
----20行，修改，指定热备状态，主为MASTER，备为BACKUP----
     state MASTER
     ----21行，修改，指定承载vip地址的物理接口----
     interface ens33
     ----22行，修改，指定虚拟路由器的ID号，每个热备组保持一致----
     virtual_router_id 10
     ----23行，修改，指定优先级，数值越大优先级越高，这里设置主为100，备为99
     priority 100
     advert_int 1     #通告间隔秒数（心跳频率）
     authentication {
    
       #定义认证信息，每个热备组保持一致
        auth_type PASS    #认证类型
        ----27行，修改，指定验证密码，主备服务器保持一致----
        auth_pass abc123
     }   
     virtual_ipaddress {
    
         #指定集群vip地址
       192.168.200.188
#      192.168.200.17
#      192.168.200.18

     }   
 }   

----36行，修改，指定虚拟服务器地址（VIP），端口，定义虚拟服务器和Web 服务器池参数
virtual_server 192.168.200.188 80 {
    
    
     delay_loop 6    #健康检查的间隔时间（秒）
     lb_algo rr    #指定调度算法，轮询（rr）
     ----39行，修改，指定集群工作模式，直接路由（DR）
     lb_kind DR
     persistence_timeout 50    #连接保持时间（秒）
     protocol TCP    #应用服务采用的是TCP协议
 ----43行，修改，指定第一个Web节点的地址、端口----
 real_server 192.168.200.60 {
    
    
        weight 1    #节点权重
        TCP_CHECK {
    
    
            connect_port 80    #添加检查的目标端口
            connect_timeout 3    #添加连接超时（秒）
            nb_get_retry 3    #添加重试次数
            delay_before_retry 4    #添加重试间隔
        }
    }

----添加第二个Web节点的地址，端口
    real_server 192.168.200.70 {
    
    
        weight 1
        TCP_CHECK {
    
    
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 4
        }
    }
    ###删除后面多余的配置###
}


systemctl start keepalived.service
ip addr show dev ens33:0     #查看虚拟网卡vip
 

5. Test verification

Visit http://192.168.200.188/ on the client, the default gateway points to 192.168.200.188
and then test after disabling the network card on the main dispatch server, ifdown ens33:0