本文共 5802 字,大约阅读时间需要 19 分钟。
在部署LVS+Keepalived主主热备架构之前,需要先完成以下准备工作:
关闭SELinux和防火墙
临时关闭SELinux,文件配置后,重启生效:vi /etc/sysconfig/selinuxSELINUX=disabledsetenforce 0
配置防火墙规则:
vi /etc/sysconfig/iptables-A INPUT -s 182.148.15.0/24 -d 224.0.0.18 -j ACCEPT-A INPUT -s 192.168.1.0/24 -d 224.0.0.18 -j ACCEPT-A INPUT -s 182.148.15.0/24 -p vrrp -j ACCEPT-A INPUT -s 192.168.1.0/24 -p vrrp -j ACCEPT-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT/etc/init.d/iptables restart
安装LVS
在主备两台服务器上安装LVS:yum install -y libnl* popt* modprobecd /usr/local/src/wgethttp://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gzln -s /usr/src/kernels/2.6.32-431.5.1.el6.x86_64/ /usr/src/linuxtar -zxvf ipvsadm-1.26.tar.gzcd ipvsadm-1.26make && make install
验证LVS安装:
ipvsadm -L -n
在两台Real Server上分别编写启动脚本,并将其加入开机自启动:
Real Server 1脚本:
vim /etc/init.d/realserver1@!/bin/shVIP=182.148.15.239/etc/rc.d/init.d/functionscase "$1" instart) /sbin/ifconfig lo down /sbin/ifconfig lo up echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce /sbin/sysctl -p > /dev/null 2>&1 /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 echo "LVS-DR real server starts successfully." ;;stop) /sbin/ifconfig lo:0 down /sbin/route del $VIP > /dev/null 2>&1 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce echo "LVS-DR real server stopped." ;;status) isLoOn=`/sbin/ifconfig lo:0 | grep "$VIP"` isRoOn=`/bin/netstat -rn | grep "$VIP"` if [ "$isLoOn" == "" -a "$isRoOn" == "" ]; then echo "LVS-DR real server has run yet." else echo "LVS-DR real server is running." fi exit 3;;*) echo "Usage: $0 {start|stop|status}" exit 1esacexit 0Real Server 2脚本:
vim /etc/init.d/realserver2@!/bin/shVIP=182.148.15.235/etc/rc.d/init.d/functionscase "$1" instart) /sbin/ifconfig lo down /sbin/ifconfig lo up echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce /sbin/sysctl -p > /dev/null 2>&1 /sbin/ifconfig lo:1 $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:1 echo "LVS-DR real server starts successfully." ;;stop) /sbin/ifconfig lo:1 down /sbin/route del $VIP > /dev/null 2>&1 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce echo "LVS-DR real server stopped." ;;status) isLoOn=`/sbin/ifconfig lo:1 | grep "$VIP"` isRoOn=`/bin/netstat -rn | grep "$VIP"` if [ "$isLoOn" == "" -a "$isRoOn" == "" ]; then echo "LVS-DR real server has run yet." else echo "LVS-DR real server is running." fi exit 3;;*) echo "Usage: $0 {start|stop|status}" exit 1esacexit 0启动脚本自启动:
chmod +x /etc/init.d/realserver1chmod +x /etc/init.d/realserver2echo "/etc/init.d/realserver1" >> /etc/rc.d/rc.localecho "/etc/init.d/realserver2" >> /etc/rc.d/rc.local
在主备两台服务器上安装Keepalived:
yum install -y openssl-devel
cd /usr/local/src/wgethttp://www.keepalived.org/software/keepalived-1.3.5.tar.gztar -zvxf keepalived-1.3.5.tar.gzcd keepalived-1.3.5make && make install
cp /usr/local/src/keepalived-1.3.5/etc/init.d/keepalived /etc/rc.d/init.d/cp /usr/local/src/keepalived-1.3.5/etc/sysconfig/keepalived /etc/sysconfig/echo "/etc/init.d/keepalived start" >> /etc/rc.localchmod +x /etc/rc.d/init.d/keepalivedchkconfig keepalived onservice keepalived start
vim /etc/keepalived/keepalived.confglobal_defs { router_id LVS_Master}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 182.148.15.239 }}vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 182.148.15.235 }} vim /etc/keepalived/keepalived.confglobal_defs { router_id LVS_Backup}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 182.148.15.239 }}vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 182.148.15.235 }} 关闭一台Real Server:
usr/local/nginx/sbin/nginx -s stop
验证LVS集群:
ipvsadm -L -n
预期输出:
TCP 182.148.15.239:80 wrr persistent 50 -> 182.148.15.233:80 Route 3 0 0TCP 182.148.15.239:80 wrr persistent 50 -> 182.148.15.238:80 Route 3 0 0
关闭主_keepalived:
/etc/init.d/keepalived stop
验证VIP转移:
ip addr
预期输出显示VIP已转移到备用_keepalived服务器。
域名解析:将www.test1.com和www.test2.com解析到VIP地址182.148.15.239和182.148.15.235。
负载均衡:在两台Real Server上配置iptables:
vim /etc/sysconfig/iptables-A INPUT -s 182.148.15.239 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT-A INPUT -s 182.148.15.235 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT/etc/init.d/iptables restart
LVS功能测试:
curl http://www.test1.comcurl http://www.test2.com
结果显示请求已成功转发至Real Server。
故障恢复测试:
Keepalived心跳测试:
通过以上步骤,可以完成LVS+Keepalived主主热备架构的部署与测试,确保高可用性和负载均衡功能正常运行。
转载地址:http://ttufk.baihongyu.com/