1. LVS+Keepalived high-availability cluster
LVS provides load balancing, keepalived provides health check, failover, and improves system availability! After adopting such an architecture, it is easy to extend the existing system, as long as the realserver is added or reduced in the backend, as long as the configuration file of lvs is changed, and seamless configuration changes can be realized!
1、LVS
- Linux Virtual Server
- LVS is actually equivalent to a virtualized application based on IP address, and proposes an efficient solution for load balancing based on IP address and content request distribution
2、Keepalived
- Support automatic failover (Failover)
- Support node health check (Health Checking)
- Determine the availability of the LVS load scheduler and node server. When the master host fails, switch to the backup node in time to ensure normal business. When the master fails, it will rejoin the cluster and the business will be switched back to the master node.
3. Analysis of Keepalived Implementation Principle
- Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server
- VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers.
- Multiple routers form a hot backup group, and provide services to the outside through a shared virtual IP address
- There is only one master router in each hot standby group to provide services at the same time, and other routers are in redundant state
- If the currently online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services
Two, Ipvsadm tool
Use options:
Three, LVS+Keepalived architecture construction
Scheduler one IP: 192.168.90.10; scheduler two IP: 192.168.90.60
The configuration steps of the two schedulers are the same here
systemctl stop firewalld.service
setenforce 0
yum -y install ipvsadm keepalived
modprobe ip_vs #加载ip_vs模块
cat /proc/net/ip_vs #查看ip_vs版本
vim /etc/sysctl.conf #修改内核配置
net.ipv4.conf.all.send_redirects = 0 #以下三条为关闭重定向
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
sysctl -p #加载配置参数
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
ipvsadm -C
ipvsadm -A -t 192.168.184.10:80 -s rr #这里指定的虚拟IP为ens33网卡ip,重启keepliaved后会自动绑定虚拟网卡
ipvsadm -a -t 192.168.90.10:80 -r 192.168.90.20:80 -g
ipvsadm -a -t 192.168.90.10:80 -r 192.168.90.50:80 -g
ipvsadm
ipvsadm -ln
NFS shared server (192.168.90.70)
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
yum -y install nfs-utils rpcbind
systemctl start rpcbind.service
systemctl start nfs.service
systemctl enable nfs.service
systemctl enable rpcbind.service
mkdir /opt/lfp
mkdir /opt/accp
chmod 777 /opt/lfp
chmod 777 /opt/accp
vim /etc/exports
/opt/lfp 192.168.90.0/24(rw,sync)
/opt/accp 192.168.90.0/24(rw,sync)
exportfs -rv
Configure node server
两台相同配置方法(192.168.90.20、192.168.90.50)
systemctl stop firewalld
setenforce 0
yum -y install httpd
systemctl start httpd
vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.184.188
NETMASK=255.255.255.255
service network restart 或 systemctl restart network
ifup lo:0
ifconfig lo:0
route add -host 192.168.90.188 dev lo:0 #添加VIP本地访问路由,将访问VIP的数据限制在本地,以避免通信紊乱
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
Web-1(192.168.90.20)
mount.nfs 192.168.90.70:/opt/lfp /var/www/html
echo 'this is lfp web!' > /var/www/html/index.html
Web-2(192.168.90.50)
mount.nfs 192.168.90.70:/opt/accp /var/www/html
echo 'this is accp web!' > /var/www/html/index.html
Configure keeplived (set on the primary and standby DR servers)
Configure on the scheduler server
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs { #定义全局参数
10行修改,邮件服务指向本地
smtp_server 127.0.0.1
12行修改,指定服务器(路由器)的名称,主备服务器名称须不同,主为LVS_01,备为LVS_02
router_id LVS_01
14行修改,vrrp_strict:严格遵守VRRP协议。下列情况将会阻止启动Keepalived
1. 没有VIP地址。2. 单播邻居。3. 在VRRP版本2中有IPv6地址。
#vrrp_strict #加注释
vrrp_instance VI_1 { #定义VRRP热备实例参数
20行修改,指定热备状态,主为MASTER,备为BACKUP
state MASTER
21行修改,指定承载vip地址的物理接口
interface ens33
22行修改,指定虚拟路由器的ID号,每个热备组保持一致
virtual_router_id 10
23行修改,指定优先级,数值越大优先级越高,主为100,备为99
priority 100 #优先级
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息,每个热备组保持一致
auth_type PASS #认证类型
27行修改,指定验证密码,主备服务器保持一致
auth_pass 123123
30行修改,群集vip地址
virtual_ipaddress { #指定群集vip地址
192.168.90.188
34行修改,指定虚拟服务器地址(VIP)、端口,定义虚拟服务器和Web服务器池参数
virtual_server 192.168.90.188 80 {
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
37行修改,指定群集工作模式,直接路由(DR)
lb_kind DR
persistence_timeout 50 #连接保持时间(秒)
protocol TCP #应用服务采用的是 TCP协议
41行修改,指定第一个Web节点的地址、端口
real_server 192.168.90.20 80 {
weight 1 #节点的权重
42行往下删除,添加以下健康检查方式
TCP_CHECK {
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 4 #添加重试间隔
}
}
real_server 192.168.90.50 80 { #添加第二个 Web节点的地址、端口
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
After saving and exiting
systemctl start keepalived
ip addr show dev ens33 #查看虚拟网卡vip
Client access to 192.169.90.188
and refresh after a period of time:
turn off the main scheduling server ens33:0 network card, and verify again
ifdown ens33
ifconfig
Visit again to view: