Efficient and multi-purpose cluster deployment LVS+Keepalived high-availability cluster (DR mode)

1. LVS+Keepalived high-availability cluster

1.LVS

Linux Virtual Server

LVS is actually equivalent to a virtualized application based on IP address, and proposes an efficient solution for load balancing based on IP address and content request distribution

2. Keepalived function and role

Support automatic failover (Failover)

Support node health check (Health Checking)

Determine the availability of the LVS load scheduler and node server. When the master host fails, switch to the backup node to ensure normal business. When the master fails, it will rejoin the cluster and the business will be switched back to the master node.

3. Analysis of Keepalived Implementation Principle

Keepalived adopts VRRP hot backup protocol to realize the multi-machine hot backup function of Linux server.
VRRP (Virtual Routing Redundancy Protocol) is a backup solution for routers.
A hot backup group is formed by multiple routers, which provide services to the outside through a shared virtual IP address.
Each hot backup group has only one main router at the same time to provide services. The other routers are in a redundant state.
If the currently online router fails, the other routers Will automatically take over the virtual IP address according to the set priority and continue to provide services

Second, the ARP problem in LVS-DR

According to the ARP table entry, the router forwards the new request message to RealServer, causing the Director's VIP to become invalid

Solution: Process
the node server and set the kernel parameter arp_announce=2: The system does not use the source address of the IP packet to set the source address of the ARP request, but selects the IP address of the sending interface.
Set up methods to solve the two problems of ARP

Modify the /etc/sysctl.conf file

net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2

Three, LVS load balancing DR mode cluster deployment steps

Host	operating system	IP address	Required tools/services
Main load scheduler	CentOS7	ens33: 192.168.109.7	ipvsadm、keepalived
Backup load scheduler	CentOS7	ens33: 192.168.109.33	ipvsadm、keepalived
NFS server	CentOS7	ens33 ： 192.168.109.3	rpcbind、nfs-utils
Web node server 1	CentOS7	192.168.109.12 lo: 0 (VIP) ： 192.168.109.100	rpcbind、nfs-utils、httpd
Web node server 2	CentOS7	192.168.109.22 lo: 0 (VIP) ： 192.168.109.100	rpcbind、nfs-utils、httpd
Client	Windows10	192.168.109.132

Note:
1) The server, scheduler and client must not have the same mac address, otherwise an error will be reported. In the same LAN, no gateway and DNS are required.
2) The scheduler here no longer needs the virtual network card ens33:0

Can refer to DR

1. Deploy NFS shared server

NFS server: 192.168.109.3

systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0

yum -y install nfs-utils rpcbind

systemctl start rpcbind.service
systemctl start nfs.service
systemctl enable nfs.service
systemctl enable rpcbind.service

mkdir /opt/test1
mkdir /opt/test2

chmod 777 /opt/test1
chmod 777 /opt/test2

vim /etc/exports
/opt/test1 192.168.109.0/24(rw,sync)
/opt/test2 192.168.109.0/24(rw,sync)

exportfs -rv

2. Configure the node server

Web node server 1: 192.168.109.12 lo:0 (VIP): 192.168.109.100
Web node server 2: 192.168.109.22 lo:0 (VIP): 192.168.109.100

systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0

Configure the virtual IP address (VIP: 192.168.109.100)

vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.109.100
NETMASK=255.255.255.255
ONBOOT=yes

ifup lo:0
ifconfig lo:0
#设置临时的路由，重启失效
route add -host 192.168.109.100 dev lo:0

#开机自动添加路由
vim /etc/rc.local
/sbin/route add -host 192.168.109.100 dev lo:0
chmod +x /etc/rc.d/rc.local

Adjust the kernel's ARP response parameters

Prevent the update of VIP's MAC address to avoid conflicts

vim /etc/sysctl.conf
......
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

sysctl -p

yum install -y nfs-utils rpcbind httpd
systemctl start rpcbind
systemctl enable rpcbind
systemctl start httpd.service
systemctl enable httpd.service

Edit page homepage

Web node server 1: 192.168.109.12

showmount -e 192.168.109.3

mount.nfs 192.168.109.3:/opt/test1 /var/www/html
echo 'this is test1 web!' > /var/www/html/index.html

Web node server 2: 192.168.109.22

showmount -e 192.168.109.3

mount.nfs 192.168.109.3:/opt/test2 /var/www/html
echo 'this is test2 web!' > /var/www/html/index.html

3. Configure the load scheduler

Main load scheduler: 192.168.109.7
Standby load scheduler: 192.168.109.33

Turn off the firewall

systemctl stop firewalld.service 
systemctl disable firewalld.service 
setenforce 0

Load the ip_vs module

modprobe ip_vs
cat /proc/net/ip_vs
yum -y install ipvsadm

Adjust proc response parameters

vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

sysctl -p

Configure load distribution strategy

There will be a little difference between the two servers at this step.
Main load scheduler: 192.168.109.7

ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm.service

ipvsadm -C
#这里-t指定的虚拟地址为本机ens33网卡ip
ipvsadm -A -t 192.168.109.7:80 -s rr
ipvsadm -a -t 192.168.109.7:80 -r 192.168.109.12:80 -g
ipvsadm -a -t 192.168.109.7:80 -r 192.168.109.22:80 -g
ipvsadm

ipvsadm -ln

Backup load scheduler: 192.168.109.33
here needs to modify the address specified by -t in the policy.

ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm.service

ipvsadm -C

ipvsadm -A -t 192.168.109.33:80 -s rr
ipvsadm -a -t 192.168.109.33:80 -r 192.168.109.12:80 -g
ipvsadm -a -t 192.168.109.33:80 -r 192.168.109.22:80 -g

ipvsadm -ln

Configure keeplived

Load scheduler 1: 192.168.109.7
Load scheduler 2: 192.168.109.33

yum -y install keepalived
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak

vim keepalived.conf
......
#定义全局参数
global_defs {

#10行修改，邮件服务指向本地
smtp_server 127.0.0.1

#12行修改，指定服务器（路由器）的名称，主备服务器名称须不同，主为LVS_01，备为LVS_02
router_id LVS_01

#14行修改;加注释;vrrp_strict：严格遵守VRRP协议。下列情况将会阻止启动Keepalived：1. 没有VIP地址。2. 单播邻居。3. 在VRRP版本2中有IPv6地址。
#vrrp_strict

}
#定义VRRP热备实例参数
vrrp_instance VI_1 {

#20行修改;指定热备状态，主为MASTER，备为BACKUP
state MASTER

#21行修改;指定承载vip地址的物理接口
interface ens33

#22行修改;指定虚拟路由器的ID号，每个热备组保持一致
virtual_router_id 10

#23行修改;指定优先级，数值越大优先级越高，主为100，备为90
priority 100
#通告间隔秒数(心跳频率)
advert_int 1
#定义认证信息,每个热备组保持一致
authentication {
#认证类型
auth_type PASS

#27行修改，指定验证密码，主备服务器保持一致
auth_pass 123456
}

#指定群集vip地址
virtual_ipaddress {
192.168.109.100
}
}

#34行修改，指定虚拟服务器地址(VIP)、端口，定义虚拟服务器和Web服务器池参数
virtual_server 192.168.109.100 80 {
#健康检查的间隔时间(秒)
delay_loop 6
#指定调度算法，轮询(rr)
lb_algo rr
#37行修改，指定群集工作模式，直接路由(DR)
lb_kind DR
#连接保持时间(秒)
persistence_timeout 50
#应用服务采用的是TCP协议
protocol TCP

#41行修改，指定第一个Web节点的地址、端口
real_server 192.168.109.12 80 {
#节点的权重
weight 1

#43行删除，添加以下健康检查方式
	    TCP_CHECK {
	    #添加检查的目标端口
		connect_port 80
		#添加连接超时(秒)
		connect_timeout 3
		#添加重试次数
		nb_get_retry 3
		#添加重试间隔
		delay_before_retry 4
	}
}

#添加第二个 Web节点的地址、端口
real_server 192.168.109.22 80 {
    weight 1
    TCP_CHECK {
		connect_port 80
		connect_timeout 3
		nb_get_retry 3
		delay_before_retry 4
	}
}
}
#删除后面多余的配置

systemctl start keepalived
#查看虚拟网卡vip
ip addr show dev ens33