LVS+Keepalived配置LVS的高可用

我们这里LVS-DR模型的高可用集群:

实验环境:
    vm1 LVS-DR1:
             eth0 172.16.3.2/16
             VIP :eth0:0 172.16.3.88         
    vm2 LVS-DR2:
            eth0 172.16.3.3/16
    vm3 Server-web1
            RS1: eth0 172.16.3.1/16
            VIP: lo:0 172.16.3.88/16
    vm4 Server-web2
            RS2: eth0 172.16.3.10/16
            VIP: lo:0 172.16.3.88/16

  测试机:实体本机:IP: 172.16.3.100           
1、vm3 Server-web1配置:
      # ifconfig eth0 172.16.3.1/16 up                             RIP1
      # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
      # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore (由于是一个网卡,也可以指定的接口为lo:0)
      # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
      # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
      # ifconfig lo:0 172.16.3.88 netmask 255.255.255.255 broadcast 172.16.3.88    VIP
      # route add -host 172.16.3.88 dev lo:0
    web1主页面为
      # yum install nginx
      # echo "172.16.3.1" > /usr/share/nginx/html/index.html
2、vm4 Server-web2配置:
      # ifconfig eth0 172.16.3.10/16 up                        RIP2
      # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
      # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore (由于是一个网卡,也可以指定的接口为lo:0)
      # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
      # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
      # ifconfig lo:0 172.16.3.88 netmask 255.255.255.255 broadcast 172.16.3.88    VIP
      # route add -host 172.16.3.88 dev lo:0
    web2主页面为
      #yum install nginx
      # echo "172.16.3.10" > /usr/share/nginx/html/index.html
3、vm1 LVS-DR1 (我们这里的vm1为)配置
      # yum install keepalived
# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
    root@localhost
   }
   notification_email_from ning@qq.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
#   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 88
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ning
    }
    virtual_ipaddress {
    172.16.3.88
    }
}

virtual_server 172.16.3.88 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.0.0
#    persistence_timeout 50
    protocol TCP
   sorry_server 127.0.0.1 80
    real_server 172.16.3.1 80 {
        weight 1
        HTTP_GET {
            url {
              path /
         status_code 200
            }
            connect_timeout 2
            nb_get_retry 3
            delay_before_retry 1
        }
    }

    real_server 172.16.3.10 80 {
        weight 1
        HTTP_GET {
            url {
              path /
         status_code 200
            }
            connect_timeout 2
            nb_get_retry 3
            delay_before_retry 1
        }
    }
}
由于我们添加了sorry_service 所以我们在DR节点上也安装了nginx(方便测试)
  # yum install nginx
  # echo "172.16.3.2" > /usr/share/nginx/html/index.html
4、vm2 LVS-DR2 (我们这里的vm2配置文件)配置
    # yum install keepalived     
# vim  /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state BACKUP               主要是这里不同
    interface eth0
    virtual_router_id 88           
    priority 99                  优先级不同
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ning
    }
    virtual_ipaddress {
    172.16.3.88
    }
}

virtual_server 172.16.3.88 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.0.0
#    persistence_timeout 50
    protocol TCP
   sorry_server 127.0.0.1 80  这里我们添加了sorry_server,就是说,两个web服务器都不在线时,就给客户提供一个页面,(这里我们指向了自己的主机,,可以指定另外一台webserver)
    real_server 172.16.3.1 80 {
        weight 1
        HTTP_GET {
            url {
              path /
         status_code 200
            }
            connect_timeout 2
            nb_get_retry 3
            delay_before_retry 1
        }
    }

    real_server 172.16.3.10 80 {
        weight 1
        HTTP_GET {
            url {
              path /
         status_code 200
            }
            connect_timeout 2
            nb_get_retry 3
            delay_before_retry 1
        }
    }
}

由于我们添加了sorry_service 所以我们在DR节点上也安装了nginx(方便测试)
  # yum install nginx
  # echo "172.16.3.3" > /usr/share/nginx/html/index.html

5、测试
http://172.16.3.88
  (1)我们测试keepalived集群负责能不能用?(这里不做太多说明)
        用到的命令:
        # service keepalived stop|start
        # ip addr show
  (2)测试是否可以轮训
     直接在实体机:
http://172.16.3.88测试即可
(3)测试sorry_server
    关掉所有的 web-server(vm3、vm4)
      # service nginx stop
http://172.16.3.88测试即可
=====================================================================================
双主模型案例:
在上面的基础上lvs-dr双主模型的配置文件
这里我们没有配置,VIP1得地址和禁用同步MAC
1、vm3 添加 VIP2
    # ifconfig lo:1 172.16.3.188 netmask 255.255.255.255 broadcast 172.16.3.188 up
    # route add -host 172.16.3.188 dev lo:1
2、vm4 添加 VIP2
    # ifconfig lo:1 172.16.3.188 netmask 255.255.255.255 broadcast 172.16.3.188 up
    # route add -host 172.16.3.188 dev lo:1
3、vm1 LVS-DR1 (我们这里的vm1为)配置
    # cat keepalived.conf
    ! Configuration File for keepalived

    global_defs {
       notification_email {
        root@localhost
       }
       notification_email_from ning@qq.com
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
    }
    vrrp_instance VI_1 {          vm1主
        state MASTER
        interface eth0
        virtual_router_id 88
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass ning
        }
        virtual_ipaddress {
        172.16.3.88                                VIP1
        }
    }
    vrrp_instance VI_2 {        vm2 从
        state BACKUP                         注意的地方
        interface eth0
        virtual_router_id 90                    注意地方
        priority 99                            注意地方
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass ning1
        }
        virtual_ipaddress {
        172.16.3.188                            VIP2
        }
    }

    virtual_server 172.16.3.88 80 {             vm1 web-server  VIP1
        delay_loop 6
        lb_algo rr
        lb_kind DR
        nat_mask 255.255.0.0
    #    persistence_timeout 50
        protocol TCP
       sorry_server 127.0.0.1 80
        real_server 172.16.3.1 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }

        real_server 172.16.3.10 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }
    virtual_server 172.16.3.188 80 {                    vm2 web-servr VIP2
        delay_loop 6
        lb_algo rr
        lb_kind DR
        nat_mask 255.255.0.0
    #    persistence_timeout 50
        protocol TCP
       sorry_server 127.0.0.1 80
        real_server 172.16.3.1 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }

        real_server 172.16.3.10 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }
    }
    }

4、vm2 LVS-DR2 (我们vm2的配置文件配置)配置
    # cat keepalived.conf
    ! Configuration File for keepalived

    global_defs {
       notification_email {
        root@localhost
       }
       notification_email_from ning@qq.com
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
    }
    vrrp_instance VI_1 {
        state BACKUP                      注意
        interface eth0
        virtual_router_id 88               注意
        priority 99                        注意
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass ning                 注意
        }
        virtual_ipaddress {
        172.16.3.88                     注意
        }
    }
    vrrp_instance VI_2 {
        state MASTER                  注意
        interface eth0
        virtual_router_id 90         注意
        priority 100                注意
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass ning1          注意
        }
        virtual_ipaddress {
        172.16.3.188                  注意
        }
    }

    virtual_server 172.16.3.88 80 {
        delay_loop 6
        lb_algo rr
        lb_kind DR
        nat_mask 255.255.0.0
    #    persistence_timeout 50
        protocol TCP
       sorry_server 127.0.0.1 80
        real_server 172.16.3.1 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }

        real_server 172.16.3.10 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }
    virtual_server 172.16.3.188 80 {
        delay_loop 6
        lb_algo rr
        lb_kind DR
        nat_mask 255.255.0.0
    #    persistence_timeout 50
        protocol TCP
       sorry_server 127.0.0.1 80
        real_server 172.16.3.1 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }

        real_server 172.16.3.10 80 {
            weight 1
            HTTP_GET {
                url {
                  path /
             status_code 200
                }
                connect_timeout 2
                nb_get_retry 3
                delay_before_retry 1
            }
        }
    }
    }
5 、测试:
   (1)双主模型是否开启(我们这里只开启vm1)
      # service keepalived start
      # ip addr show
      3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:d7:f7:9c brd ff:ff:ff:ff:ff:ff
        inet 172.16.3.2/16 brd 172.16.255.255 scope global eth0
        inet 172.16.3.88/32 scope global eth0                -----------VIP1
        inet 172.16.3.188/32 scope global eth0                ------------VIP2
        inet6 fe80::20c:29ff:fed7:f79c/64 scope link
       valid_lft forever preferred_lft forever
    (2)再次启动vm2
        # service keepalived start
        在vm1上查看
        # ip addr show
        3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:d7:f7:9c brd ff:ff:ff:ff:ff:ff
        inet 172.16.3.2/16 brd 172.16.255.255 scope global eth0
        inet 172.16.3.88/32 scope global eth0            ---------------VIP1
        inet6 fe80::20c:29ff:fed7:f79c/64 scope link
       valid_lft forever preferred_lft forever
       在vm2上查看‘
       # ip addr show
       2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:0b:35:6a brd ff:ff:ff:ff:ff:ff
        inet 172.16.3.3/16 brd 172.16.255.255 scope global eth0
        inet 172.16.3.188/32 scope global eth0          -----------------VIP2
        inet6 fe80::20c:29ff:fe0b:356a/64 scope link
       valid_lft forever preferred_lft forever
    (3)测试主页
        本机上测试:都会轮训
http://172.16.3.88
http://172.16.3.188