LVS load balancing + keepalived

keepalive overview

Keepalived software is to achieve high availability through the VRRP protocol

The main modules and functions of the keepalied system

effect

Automatic failover failover

Realize node health check in LVS cluster

High availability of node servers: HA

Module, keepalived mainly has three modules

core	The keepalived core is responsible for starting the main process, maintaining and calling the global configuration file to load and unload
vrrp	It is to implement the VRRP protocol
check	Responsible for health checks, common ports and URLs in check mode

How keepalive works

The high availability of keepalived communicates through VRRP;

VRRP determines the master and backup through election. The priority of the master is higher than that of the backup. Therefore, the master has priority to obtain all resources during work, and the backup node is in a waiting state. When the master hangs up, the backup node will take over the resources of the master node. , and then replace the master node to provide external services

During the keepalived service, only the master server will always send VRRP broadcast packets to tell the backup that I am still alive. At this time, the backup will not preempt the master. When the master is unavailable, that is, the backup server cannot listen to the broadcast packets sent by the master. It will start related services to take over resources to ensure business continuity, and the fastest takeover speed is less than 1 second

Deploy LVS+keepalived

Prepare

主DR 服务器：ens33(20.0.0.30) ipvsadm 、keepalived(热备) 虚拟IP：20.0.0.200  虚拟网卡 ens33:0

备DR 服务器：ens33(20.0.0.33) ipvsadm 、keepalived  虚拟IP：20.0.0.200  虚拟网卡 ens33:0

Web 服务器1：ens33 20.0.0.31
lo:0(VIP)20.0.0.200

Web 服务器2：ens33 20.0.0.32
lo:0(VIP)20.0.0.200

Configure the load scheduler (20.0.0.30 (primary) and 20.0.0.33 (standby) must be configured for the primary and secondary)

systemctl stop firewalld.service
setenforce 0

yum -y install ipvsadm keepalived
modprobe ip_vs
cat /proc/net/ip_vs



#配置keeplived（主、备DR 服务器上都要设置）

cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
......
global_defs {						#定义全局参数
--10行--修改，邮件服务指向本地
	smtp_server 127.0.0.1
--12行--修改，指定服务器（路由器）的名称，主备服务器名称须不同，主为LVS_01，备为LVS_02
	router_id LVS_01
--14行--注释掉，取消严格遵守VRRP协议功能，否则VIP无法被连接
	#vrrp_strict
}

vrrp_instance VI_1 {				#定义VRRP热备实例参数
--20行--修改，指定热备状态，主为MASTER，备为BACKUP
    state MASTER
--21行--修改，指定承载vip地址的物理接口
    interface ens33
--22行--修改，指定虚拟路由器的ID号，每个热备组保持一致	
    virtual_router_id 10
	#nopreempt		#如果设置非抢占模式，两个节点state必须为bakcup，并加上配置 nopreempt
--23行--修改，指定优先级，数值越大优先级越高，这里设置主为100，备为90
    priority 100
    advert_int 1					#通告间隔秒数(心跳频率)
    authentication {				#定义认证信息,每个热备组保持一致
		auth_type PASS				#认证类型
--27行--修改，指定验证密码，主备服务器保持一致
        auth_pass abc123
    }
    virtual_ipaddress {				#指定群集vip地址
        20.0.0.200


    }
}
--36行--修改，指定虚拟服务器地址(VIP)、端口，定义虚拟服务器和Web服务器池参数
virtual_server 20.0.0.200 80 {
    delay_loop 6					#健康检查的间隔时间(秒)
    lb_algo rr						#指定调度算法，轮询(rr)
--39行--修改，指定群集工作模式，直接路由(DR)
    lb_kind DR
    persistence_timeout 50			#连接保持时间(秒)
    protocol TCP					#应用服务采用的是 TCP协议
--43行--修改，指定第一个Web节点的地址、端口
    real_server 20.0.0.31 80 {
        weight 1					#节点的权重
--45行--删除，添加以下健康检查方式		
        TCP_CHECK {
			connect_port 80			#添加检查的目标端口
			connect_timeout 3		#添加连接超时(秒)
			nb_get_retry 3			#添加重试次数
			delay_before_retry 3	#添加重试间隔
		}
	}
#添加第二个 Web节点的地址、端口
	real_server 20.0.0.32 80 {		
        weight 1
        TCP_CHECK {
			connect_port 80
			connect_timeout 3
			nb_get_retry 3
			delay_before_retry 3
		}
	}
##删除后面多余的配置##
}


20.0.0.31和32都需要配置vip(虚拟IP)
vim /etc/sysconfig/network-scripts/ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=20.0.0.200
NETMASK=255.255.255.255

重启网卡 systemctl restart network
ifup  ens33:0 


systemctl start keepalived
ip addr						#查看虚拟网卡vip

Start the main and standby ipvsadm services

#提前保存规则
ipvsadm-save > /etc/sysconfig/ipvsadm
#开启ipvsadm
systemctl start ipvsadm

ipvsadm -C   ##清空规则
ipvsadm -A -t 20.0.0.200:80 -s rr
ipvsadm -a -t 20.0.0.200:80 -r 20.0.0.31:80 -g
ipvsadm -a -t 20.0.0.200:80 -r 20.0.0.32:80 -g


ipvsadm -ln
#如没有VIP 的分发策略，则重启 keepalived 服务，systemctl restart keepalived

--192.168.10.15---
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm

ipvsadm -ln


调整 proc 响应参数，关闭Linux 内核的重定向参数响应
vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

sysctl -p  #将配置文件中的设置加载到内核中

Configure node server (20.0.0.31, 20.0.0.32)

systemctl stop firewalld
setenforce 0

#分别给两台节点服务器安装nginx服务

#配置页面做以区分轮询结果
#20.0.0.31
echo 'this is test!!' > /usr/local/nginx/html/index.html


#分别对两台节点服务器配置虚拟接口
vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
ONBOOT=yes
IPADDR=20.0.0.200
NETMASK=255.255.255.255

#重启网络
service network restart 或 systemctl restart network
#开启虚拟接口
ifup lo:0
#查看接口状态
ifconfig lo:0
#向路由表中添加路由规则
route add -host 20.0.0.200 dev lo:0

#修改系统配置文件
vim /etc/sysctl.conf

#表示当收到ARP请求时，lo（本地环回）接口会忽略该请求。
net.ipv4.conf.lo.arp_ignore = 1
#表示lo（本地环回）接口在发送ARP请求时，会使用自己的IP地址作为源地址。
net.ipv4.conf.lo.arp_announce = 2
#表示所有接口（包括lo本地环回接口）都会忽略收到的ARP请求。
net.ipv4.conf.all.arp_ignore = 1
#表示所有接口在发送ARP请求时，会使用自己的IP地址作为源地址。
net.ipv4.conf.all.arp_announce = 2

sysctl -p

test verification

Visit the VIP address, refresh the page, whether to poll

 When the keepalived service of the primary server is turned off, can the backup take over?

#20.0.0.30
systemctl stop keepalived