And LVS-DR cluster Keepalived

keepalived Overview

Keepalived action is the state detection server, if there is a web server is down, or work fails, Keepalived detected, and the failed server is removed from the system, while the other server instead of the server's operation, when the server Keepalived will automatically join the server to the server farm, the work all done automatically after work, without human intervention, the need to manually do is repair the failed server.

keepalived works

1, keepalived is to achieve VRRP protocol-based, VRRP stands for Virtual Router Redundancy Protocol, or virtual routing redundancy protocol.

2, virtual routing redundancy protocol, protocol router can be considered highly available, about to stage N routers provide the same functionality of a router group, the group which has a master and multiple backup, there is a master above the external service provider vip (default route to other machines within the LAN router is for vip), master will send multicast, when the backup does not receive packets vrrp considers that the master dawdle out, then you need a VRRP according to priority of election when the backup master. So we can ensure high availability of the router.

3, keepalived there are three main modules, namely core, check and vrrp. keepalived core module as the core, the main process responsible for initiating, maintaining, and loads the global configuration file and parsing. check responsible for health checks, including a variety of common inspection method. vrrp VRRP module is to achieve agreement.

lab environment

DRl scheduling server (master): 192.168.100.66 centos7-1
scheduling DR2 of the server (standby): 192.168.100.77 centos7-2

Node server web1: 192.168.100.88 centos7-3
node server web2: 192.168.100.99 centos7-4

Drift address vip: 192.168.100.100

Client client: 192.168.100.200 windows7

Configuration centos7-1

yum install ipvsadm keepalived -y

Modify the network card and the host mode is the only fixed IP: 192.168.100.66

[root@dr1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

BOOTPROTO=static

IPADDR=192.168.100.66
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

[root@dr1 ~]# service network restart
Restarting network (via systemctl): [ 确定 ]

[DR1 the root @ ~] Vim /etc/sysctl.conf #
# add routing forwarding
is named net.ipv4.ip_forward and =. 1
#proc off redirection response
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf. = 0 default.send_redirects
net.ipv4.conf.ens33.send_redirects = 0

# Take effect routing forwarding
[root @ dr1 ~] # sysctl -p

Build a virtual network card

[root@dr1 ~]# cd /etc/sysconfig/network-scripts/

[root@dr1 network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0

[root @ DR1 Network-scripts] # vim the ifcfg-ens33: 0
# delete the original contents of
the DEVICE = ens33: 0
ONBOOT = yes
IPADDR = 192.168.100.100
NETWASK = 255.255.255.0

# Enable virtual LAN
[root @ dr1 network-scripts] # ifup ens33: 0

Add the service startup script

[root@dr1 ~]# cd /etc/init.d/

[root@dr1 init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.100
RIP1=192.168.100.88
RIP2=192.168.100.99
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsamd stoped--------------------[ok]"
;;
status)
if [ ! -e ar/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped--------------------"
exit 1
else
echo "ipvsamd Runing-------------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0

# Script execution granted permission
[root @ dr1 init.d] # chmod + x dr.sh

# Startup scripts
[root @ dr1 init.d] # service dr.sh start

# View ipvsadm state
[root @ dr1 init.d] # systemctl status ipvsadm # view the status of open service

# Turn off the firewall and security features
[root @ DR1 init.d] # systemctl STOP firewalld.service
[root @ DR1 init.d] # setenforce 0

Configuration centos7-2

Installation ipvsdam, keepalived package

[root@dr2 ~]# yum install ipvsdam keepalived -y

Modify the network card and the host mode is the only fixed IP: 192.168.100.77

[root@dr2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

BOOTPROTO=static

IPADDR=192.168.100.77
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

[root@dr2 ~]# service network restart
Restarting network (via systemctl): [ 确定 ]

[DR2 the root @ ~] Vim /etc/sysctl.conf #
# add routing forwarding
is named net.ipv4.ip_forward and =. 1
#proc off redirection response
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf. = 0 default.send_redirects
net.ipv4.conf.ens33.send_redirects = 0

# Take effect routing forwarding
[root @ dr1 ~] # sysctl -p

Build a virtual network card

[root@dr1 ~]# cd /etc/sysconfig/network-scripts/

[root@dr1 network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0

[root @ DR1 Network-scripts] # vim the ifcfg-ens33: 0
# delete the original contents of
the DEVICE = ens33: 0
ONBOOT = yes
IPADDR = 192.168.100.100
NETWASK = 255.255.255.0

# Enable virtual LAN
[root @ dr2 ~] # ifup ens33: 0

Add the service startup script

[root@dr2 ~]# cd /etc/init.d/

[root@dr2 ~]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.100
RIP1=192.168.100.88
RIP2=192.168.100.99
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsamd stoped--------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsamd stoped--------------------[ok]"
;;
status)
if [ ! -e ar/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped--------------------"
exit 1
else
echo "ipvsamd Runing-------------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0

[root@dr2 ~]# chmod +x dr.sh

[root@dr2 ~]# service dr.sh start

[Root @ dr2 ~] # systemctl status ipvsadm # view the status of open service

[root@dr2 ~]# systemctl stop firewalld.service
[root@dr2 ~]# setenforce 0

Configuration centos7-3

Install the httpd package

[root@web-1 ~]# yum install httpd -y

Modify the network card mode: Only the host and fixed IP: 192.168.100.88

[root@web-1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

BOOTPROTO=static

IPADDR=192.168.100.88
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

[root @ web-1 ~] # service network restart # restart card
[root @ web-1 ~] # systemctl stop firewalld.service # Close firewall
[root @ web-1 ~] # setenforce 0

[Root @ web-1 ~] # systemctl start httpd.service # launch the website service

Create a Home

[root@web-1 ~]# cd /var/www/html/
[root@web-1 ~]# echo "this is accp web" > index.html**

Creating a virtual network card

[root@web-1 ~]# cd /etc/sysconfig/network-scripts/
[root@web-1 ~]# cp ifcfg-lo ifcfg-lo:0
[root@web-1 ~]# vim ifcfg-lo:0

# Delete all the original information, add the following:
the DEVICE = Lo: 0
IPADDR = 192.168.100.100
NETMASK = 255.255.255.0
ONBOOT = yes

Startup script writing service

[root @ Web-1 ~] # cd /etc/init.d/
[root @ Web-1 ~] # # vim web.sh control services startup script

#!/bin/bash
VIP=192.168.100.100
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
sysctl -p > /dev/null 2>&1
echo "RealServer Start OK "
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0

[root@web-1 ~]# chmod +x web.sh

[root@web-1 ~]# service web.sh start

[root@web-1 ~]# ifup lo:0

View on web2 IP node server, you can see the virtual IP it shows no problem: ifconfig

Firefox " http://127.0.0.1/ " & # direct access to the website

[root@web-1 ~]# service web.sh stop

[Root @ web-1 ~] # service web.sh start # recommended to restart the service

Configuration centos7-4

Install the httpd package

[root@web-2 ~]# yum install httpd -y

To adjust the card and the host mode is only fixed IP: 192.168.100.99

[root@web-2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33

BOOTPROTO=static

IPADDR=192.168.100.99
NETMASK=255.255.255.0
GATEWAY=192.168.100.1

[root @ web-2 ~] # service network restart # restart card
[root @ web-2 ~] # systemctl stop firewalld.service # Close firewall
[root @ web-2 ~] # setenforce 0

[root@web-2 ~]# systemctl start httpd.service
[root@web-2 ~]# systemctl status httpd.service

[root@web-2 ~]# cd /var/www/html/
[root@web-2 ~]# echo "this is benet web" > index.html

[root@web-2 ~]# cd /etc/sysconfig/network-scripts/
[root@web-2 ~]# cp ifcfg-lo ifcfg-lo:0

[root@web-2 ~]# vim ifcfg-lo:0

DEVICE=Lo:0
IPADDR=192.168.100.100
NETMASK=255.255.255.0
ONBOOT=yes

[root @ Web-2 ~] # cd /etc/init.d/
[root @ Web-2 ~] # # vim web.sh control services startup script

#!/bin/bash
VIP=192.168.100.100
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
sysctl -p > /dev/null 2>&1
echo "RealServer Start OK "
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0

[root@web-2 ~]# chmod +x web.sh

[root@web-2 ~]# service web.sh start

# Enable virtual LAN
[root @ web-2 ~] # ifup lo: 0

Firefox " http://127.0.0.1/ " & # direct access to the website

Close and restart the service #
[the root Web-2 @ ~]-Service web.sh STOP #
[the root Web-2 @ ~] # Start-Service web.sh

Use Win7 client test

C:\Users\czt>ping 192.168.100.100

192.168.100.100 is the Ping having 32 bytes of data:
from the reply 192.168.100.100: bytes = 32 time <1ms TTL = 64
from the reply 192.168.100.100: bytes = 32 time <1ms TTL = 64
from 192.168.100.100 bytes = 32 time <1ms TTL = 64: reply
reply from the 192.168.100.100: bytes = 32 time <1ms TTL = 64

The Ping 192.168.100.100 statistics:
Packet: Sent = 4, received 4 = loss = 0 (0% loss),
the estimated round trip time (in milliseconds):
Minimum = 0ms, the longest = 0ms , average = 0ms

keepalived deployment

[root@dr1 ~]# cd /etc/keepalived/

[root@dr1 ~]# vim keepalived.conf

{global_defs
notification_email { br /> [email protected]
[email protected] br /> [email protected]
}
notification_email_from [email protected]
smtp_server local point 127.0.0.1 #
smtp_connect_timeout 30
the router_id of the LVS_01 # specified name, the backup server a different name, the other is 02
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

{VI_1 vrrp_instance
State MASTER # MASTER changed to the backup server the BACKUP
interface eth0
virtual_router_id same group number # 10
priority 100 # priority, smaller than the main apparatus
advert_int. 1
authentication {
AUTH_TYPE the PASS
AUTH_PASS authentication password abc123 #
}
virtual_ipaddress {
192.168.100.100 virtual IP #
}
}

virtual_server 192.168.100.100 80 {# virtual IP address and port number
delay_loop. 6
lb_algo RR
lb_kind the DR # to the DR
persistence_timeout 50
Protocol the TCP

real_server 192.168.100.88 80 {              #节点服务器1
    weight 1
    TCP_CHECK {
        connect_port 80
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
    }
}

real_server 192.168.100.99 80 {              #节点服务器2
    weight 1
    TCP_CHECK {                     #修改为TCP_CHECK
        connect_port 80              #添加端口
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
    }
}

}

# Start keepalived service
[root @ dr1 ~] # systemctl start keepalived.service

Use client test
simulated a scheduling server is down, try the Internet server on win7, if you can ping the on win7, it shows another scheduling server has to take over and start working

C:\Users\czt>ping 192.168.100.100

Ping 192.168.100.66 is data having 32 bytes:
from the reply 192.168.100.100: bytes = 32 time <1ms TTL = 64
from the reply 192.168.100.100: bytes = 32 time <1ms TTL = 64
from 192.168.100.100 bytes = 32 time <1ms TTL = 64: reply
reply from the 192.168.100.100: bytes = 32 time <1ms TTL = 64

The Ping 192.168.100.100 statistics:
Packet: Sent = 4, received 4 = loss = 0 (0% loss),
the estimated round trip time (in milliseconds):
Minimum = 0ms, the longest = 0ms , average = 0ms