LVS + Keepalived 高可用集群

Keepalived的設計目標是構建高可用的LVS負載均衡的集群，可以調用ipvsadm工具創建虛擬機，不僅僅用作雙機熱備，還可以使用keepalived構建更加方便快捷的節點，進行相關的健康檢查，自動移除失效節點，恢復后再重新加入。

在基于LVS+Keepalived實現的LVS群集結構中，至少包括兩臺熱備的負載調度器，三臺以上的節點服務器。此博客將以DR模式的LVS群集為基礎，增加一臺從負載調度器，使用Keepalived來實現主、從調度器的熱備，從而構建兼有負載均衡、高可用兩種能力的LVS網站群集平臺。

案例如下

使用Keepalived構建LVS群集時，也需要用到ipvsadm管理工具，但大部分工作會由Keepalived自動完成，不需要手動執行ipvsadm(除了查看和監控群集以外)。

環境分析

1)、2個調度器和2個web節點使用同一個網段地址，可以直接和外網通信。為了共享存儲的安全性，一般將web節點和存儲服務器規劃到內網環境，所以web節點必須有兩個及以上網卡的接口。

2)、我這里資源有限，也為了配置方便，所以調度器和web節點分別只有兩個，在web訪問請求量不大的情況下，足夠了，但是若訪問請求比較大，那么最少要分別配置三個調度器和web節點，如果只有兩個web節點的話，訪問量又比較大，那么一旦有一個宕機了，那剩下一個獨苗必定會因為扛不住激增的訪問請求，而被打死。

3)、準備系統映像，以便安裝相關服務。

4)、自行配置防火墻策略和除了VIP之外的IP地址(我這里直接關閉了防火墻)。

5)、keepalived會自動調用IP_vs模塊，所以無需手動加載。

最終效果

1)、客戶端多次訪問群集的VIP，得到的是同一個網頁。

2)、主調度器宕機后，群集的VIP地址將會自動漂移到從(備份)調度器，此時，所有的調度任務由從調度器進行分配。當主調度器恢復運行后，群集的VIP地址會自動轉移回主調度器，主調度器繼續工作，從調度器轉回備份狀態。

3)、web節點宕機后，會被keepalived健康檢查功能檢測到，從而自動在web節點池中去除宕機的節點，待web節點恢復運行后，會被自動添加到web節點池中。

開始配置LVS+Keepalived高可用群集

部署第一臺Web服務器

[root@centos01 ~]# yum -y install httpd [root@centos01 ~]# echo "www.benet.com" >/var/www/html/index.html [root@centos01 ~]# systemctl start httpd [root@centos01 ~]# systemctl enable httpd[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo/etc/sysconfig/network-scripts/ifcfg-lo:0 [root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.100.253 NETMASK=255.255.255.255 ONBOOT=yes[root@centos01 ~]# systemctl restart network [root@centos01 ~]# ifconfig lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 488 bytes 39520 (38.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 488 bytes 39520 (38.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo:0: flags=73 mtu 65536 inet 192.168.100.253 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)[root@centos01 ~]# vim /etc/sysctl.conf net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2[root@centos01 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2

部署第二臺Web服務器

[root@centos02 ~]# yum -y install httpd [root@centos02 ~]# echo "www.accp.com" >/var/www/html/index.html [root@centos02 ~]# systemctl start httpd [root@centos02 ~]# systemctl enable httpd [root@centos02 ~]# scp root@192.168.100.10:/etc/sysconfig/network-scripts/ifcfg-lo:0/etc/sysconfig/network-scripts/The authenticity of host '192.168.100.10 (192.168.100.10)' can't be established.ECDSA key fingerprint is SHA256:PUueT9fU9QbsyNB5NC5hbSXzaWxxQavBxXmfoknXl4I.ECDSA key fingerprint is MD5:6d:f7:95:0e:51:1a:d8:9e:7b:b6:3f:58:51:51:4b:3b.Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.100.10' (ECDSA) to the list of known hosts.root@192.168.100.10's password: ifcfg-lo:0 100% 70 53.3KB/s 00:00[root@centos02 ~]# scp root@192.168.100.10:/etc/sysctl.conf /etc/sysctl.conf root@192.168.100.10's password: sysctl.conf 100% 660 304.3KB/s 00:00[root@centos02 ~]# systemctl restart network [root@centos02 ~]# ifconfig lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 496 bytes 40064 (39.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 496 bytes 40064 (39.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo:0: flags=73 mtu 65536 inet 192.168.100.253 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback)[root@centos02 ~]# sysctl -p net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2net.ipv4.conf.default.arp_ignore = 1net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2

部署主調度器

[root@centos04 ~]# yum -y install keepalived ipvsadm [root@centos04 ~]# vim /etc/sysctl.conf .....................net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos04 ~]# sysctl -p net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos04 ~]# cd /etc/keepalived/[root@centos04 keepalived]# cp keepalived.conf keepalived.conf.bak [root@centos04 keepalived]# vim keepalived.conf ! Configuration File for keepalivedglobal_defs { router_id LVS_DEVEL1}vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.100.253 }}virtual_server 192.168.100.253 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.100.10 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.100.20 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } }} [root@centos04 ~]# systemctl restart keepalived [root@centos04 ~]# systemctl enable keepalived

配置從調度器

[root@centos05 ~]# yum -y install ipvsadm keepalived [root@centos05 ~]# scp root@192.168.100.40:/etc/sysctl.conf /etc/root@192.168.100.40 s password: sysctl.conf 100% 566 205.8KB/s 00:00[root@centos05 ~]# sysctl -p net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0[root@centos05 ~]# scp root@192.168.100.40:/etc/keepalived/keepalived.conf/etc/keepalived/ root@192.168.100.40's password: keepalived.conf 100% 803 2.1MB/s 00:00[root@centos05 ~]# vim /etc/keepalived/keepalived.conf router_id LVS_HA_Backup state BACKUP interface ens32 priority 99 [root@centos05 ~]# systemctl start keepalived [root@centos05 ~]# chkconfig --level 35 keepalived on

至此，主、從調度器也配置完成了，若需要部署多個從調度器，按照以上這個從(備份)調度器配置即可。

配置客戶端訪問

客戶端測試訪問VIP地址：192.168.100.253

為了測試，所以才在每個web節點準備不同的網頁文件，以便測試是否有負載均衡的效果，現在效果已經有了，所以要搭建共享存儲服務器，所有的web節點都從共享存儲服務器讀取網頁文件向client提供，以便向client提供相同的網頁文件。

接下來開始配置共享存儲服務器

配置NFS服務器

[root@centos03 ~]# yum -y install rpcbind nfs-utils [root@centos03 ~]# mkdir /web [root@centos03 ~]# echo "www.nfs.com" > /web/index.html [root@centos03 ~]# vim /etc/exports /web 192.168.100.10(ro) 192.168.100.20(rw)[root@centos03 ~]# systemctl start rpcbind [root@centos03 ~]# systemctl enable rpcbind [root@centos03 ~]# systemctl enable nfs [root@centos03 ~]# showmount -e 192.168.100.30 Export list for 192.168.100.30:/web 192.168.100.20,192.168.100.10

Web站點掛載共享存儲目錄

Web節點1服務器掛載共享目錄

[root@centos01 ~]# mount 192.168.100.30:/web /var/www/html/ [root@centos01 ~]# cat /var/www/html/index.html www.nfs.com[root@centos01 ~]# vim /etc/fstab 192.168.100.30:/web /var/www/html/ nfs defaults 0 0[root@centos01 ~]# systemctl restart httpd

Web節點2服務器掛載共享目錄

[root@centos02 ~]# mount 192.168.100.30:/web /var/www/html/ [root@centos02 ~]# cat /var/www/html/index.html www.nfs.com[root@centos02 ~]# vim /etc/fstab 192.168.100.30:/web /var/www/html/ nfs defaults 0 0[root@centos02 ~]# systemctl restart httpd

客戶端再次訪問測試

這次，客戶端無論怎么刷新，看到的頁面永遠都是www.nfs.com

案例相關的查詢命令

VIP在哪個調度器上，查詢該調度器承載VIP地址的物理接口，即可看到VIP地址(VIP地址在備份調度器上查不到的)：

[root@centos04 ~]# ip a show dev ens32 ens32: ate UP groupn 1000 link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet 192.168.100.253/32 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute valid_lft forever preferred_lft forever

查詢有哪些web節點

[root@centos04 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.100.253:80 rr persistent 50 -> 192.168.100.10:80 Route 1 0 0 -> 192.168.100.20:80 Route 1 0 0

模擬第二臺Web節點和主調度器故障，并在備份調度器上再次查詢VIP以及web節點

[root@centos05 ~]# ip a show dev ens32 ens32: ate UP groupn 1000 link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet 192.168.100.253/32 scope global ens32 valid_lft forever preferred_lft forever inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@centos05 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.100.253:80 rr -> 192.168.100.10:80 Route 1 0 0

查看調度器故障切換時的日志消息

[root@centos05 ~]# tail -30 /var/log/messages

總結

以上是生活随笔為你收集整理的lvs服务器需要开启web服务么_Centos7搭建LVS+Keepalived高可用Web的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。