day65:DR模式搭建及keepalived+LVS
一、LVS DR模式搭建:准备工做:也是目前使用最多的模式:html
在生产环境中用的比较多的是DR模式,NAT模式有瓶颈,好在节省公网IP,对小公司来讲公网IP也是要花钱的:linux
若是采用DR模式是配置多台机器,天天机器都要配置公网IP也是要花钱的:而在当下的IP也愈来愈少:nginx
而另外一种方案:搭建内部的lvs,所有都用到内网,包括vip也用内网,用一个公网IP+80端口对内网的VIP地址+80端口作一个映射:git
准备三台机器:通常是调度器和RS均用内网的IP,而后只须要一个公网IP(VIP),而后作内网端口映射则能够了,公网的80端口映射到内网80端口:web
调度器(director):192.168.149.129算法
real server 1(RS1):192.168.149.131vim
real server 2(RS2):192.168.149.132浏览器
VIP : 192.168.149.254bash
1:首先编写调度器dir的配置脚本: /usr/local/sbin/lvs_dr.sh服务器
[root@localhost_02 ~]# vim /usr/local/sbin/lvs_dr.sh #! /bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward #开启路由转发: ipv=/usr/sbin/ipvsadm vip=192.168.149.254 rs1=192.168.149.131 rs2=192.168.149.132 ifdown eth0 ifup eth0 #在此重启网卡的目的是避免重复设置命令行提供的IP: ifconfig eth0:2 $vip broadcast $vip netmask 255.255.255.255 up #绑定VIP到dir的虚拟网卡ens33:2 route add -host $vip dev eth0:2 #添加网关 $ipv -C $ipv -A -t $vip:80 -s wrr $ipv -a -t $vip:80 -r $rs1:80 -g -w 1 $ipv -a -t $vip:80 -r $rs2:80 -g -w 1 #设置ipvsadm规则,-g=gateway:使用默认网关(DR模式)
注释:查看dr的网卡,发现vip地址绑定到eth0上面:
[root@localhost_02 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:3b:d9 brd ff:ff:ff:ff:ff:ff
inet 192.168.149.129/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 brd 192.168.149.254 scope global eth0:2
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:3bd9/64 scope link
valid_lft forever preferred_lft forever
二、配置real server(RS):须要分别在RS1和RS2上执行: /usr/local/sbin/lvs_rs.sh
[root@localhost_03 ~]# vim /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip绑定在lo上,是为了实现rs直接把结果返回给客户端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端 #参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce 第二RS: [root@localhost_04 network-scripts]# cat /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip绑定在lo上,是为了实现rs直接把结果返回给客户端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端 #参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce [root@localhost_04 network-scripts]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.149.2 0.0.0.0 UG 100 0 0 eth0 192.168.149.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.149.254 0.0.0.0 255.255.255.255 UH 0 0 0 lo
注释:查看其路由网关地址:
注释:更改arp内核参数:参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
第二RS: [root@localhost_04 network-scripts]# cat /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip绑定在lo上,是为了实现rs直接把结果返回给客户端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端 #参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
三、查看IP信息和VIP信息,发现其绑定在lo网卡上:
[root@localhost_03 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 brd 192.168.149.254 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
四、测试,在浏览器上测试:192.168.149.254 访问页面会在RS1和RS2跳转:
注释:curl命令访问这个vip(curl测试vip在rs上不太好用的,由于在本机绑定了这个vip,如果访问vip,等于访问本身),可是直接在A机器上去访问vip会发现失败,只能再开一个虚拟机来测试,不过用 ipvsadm -ln 命令,会看到ActiveConn都会有变化,表示实验成功:
[root@localhost_02 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.149.254:80 wrr -> 192.168.149.131:80 Route 1 0 4 -> 192.168.149.132:80 Route 1 0 5
而后咱们再开一个虚拟机来测试:
[root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@localhost_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@localhost_01 ~]# curl 192.168.149.254
注释:
arp_ignore:定义对目标地址为本地IP的ARP询问不一样的应答模式0
0 - (默认值): 回应任何网络接口上对任何本地IP地址的arp查询请求
1 - 只回答目标IP地址是来访网络接口本地地址的ARP查询请求
2 -只回答目标IP地址是来访网络接口本地地址的ARP查询请求,且来访IP必须在该网络接口的子网段内
3 - 不回应该网络界面的arp请求,而只对设置的惟一和链接地址作出回应
4-7 - 保留未使用
8 -不回应全部(本地地址)的arp查询:
arp_announce:对网络接口上,本地IP地址的发出的,ARP回应,做出相应级别的限制: 肯定不一样程度的限制,宣布对来自本地源IP地址发出Arp请求的接口
0 - (默认) 在任意网络接口(eth0,eth1,lo)上的任何本地地址
1 -尽可能避免不在该网络接口子网段的本地地址作出arp回应. 当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候颇有用.此时会检查来访IP是否为全部接口上的子网段内ip之一.若是改来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式来进行处理.
2 - 对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通讯的本地地址.首要是选择全部的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 若是没有合适的地址被发现,将选择当前的发送网络接口或其余的有可能接受到该ARP回应的网络接口来进行发送.
设置参数的时候将arp_ignore 设置为1,意味着当别人的arp请求过来的时候,若是接收的设备上面没有这个ip,就不作出响应,默认是0,只要这台机器上面任何一个设备上面有这个ip,就响应arp请求,并发送mac地址:
汇总:lvs不论是nat仍是dr模式,配置过程都不是很复杂,须要注意是修改内核参数,端口转发,另外NAT模式比较重要的是RS的网关要设置dir的IP地址:
二、keepalived+lvs dr模式的集合:
完整的架构须要两台角色为DR(分发器)的服务器,分别安装keepalived服务,目的实现高可用:
keepalived内置的ipvsadm功能,因此再也不须要安装ipvsadm这个包,也不用编写和执行lvs_dr.sh那个脚本了:
四台机器分别以下
dir_01:192.168.149.129
dir_02:192.168.149.130
rs_01:192.168.149.131
rs_02:192.168.149.132
一、编辑配置文件/etc/keepalived/keepalived.conf #keepalived配置文件:
两台rs上都须要执行/usr/local/sbin/lvs_rs.sh
keepalived有一个好的功能,能够在一台rs宕机时,再也不把请求转发过去:
注释:为何要在lvs中加入了keepalived功能:
1:由于lvs他又个关键角色,就是dir分发器,若是其中一台分发器挂了,那全部的访问请求都会终止,由于全部的流量入口都在分发器这里,因此须要给分发器作一个高可用,用keepalived实现高可用,而且keepalived还有负载均衡的功能:
2:在使用lvs时,若是其中一台RS挂了,lvs仍是会转发数据到这台挂了RS上,会出现没法访问的状况,而若是使用了keepalived的话,web还能正常访问的,通常会是两台keepalived的设备:
由于keepalived内置了ipvsadm功能,因此不须要在安装ipvsadm了,也不须要执行lvs_dir.sh这个脚本:
准备四台机器分别以下:
dir_01-A:192.168.149.129 (须要安装keepalived软件):
dir_02-B:192.168.149.130
rs_01:192.168.149.131
rs_02:192.168.149.132
在两台dir上A和B修改配置文件内容:/etc/keepalived/keepalived.conf #keepalived配置文件:
A机器修改配置并启动: systemctl start keepalived
dir_A机器修改配置:
[root@localhost_01 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#备用服务器上为 BACKUP
state MASTER
#绑定vip的网卡为eth0,你的网卡可能不同,这里须要你改一下
interface eth0
virtual_router_id 50
#备用服务器上为90
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux
}
virtual_ipaddress {
192.168.149.254
}
}
virtual_server 192.168.149.254 80 {
#(每隔10秒查询realserver状态)
delay_loop 10
#(lvs 算法)
lb_algo wlc
#(DR模式)
lb_kind DR
#(同一IP的链接60秒内被分配到同一台realserver)
persistence_timeout 0
#(用TCP协议检查realserver状态)
protocol TCP
real_server 192.168.149.131 80 {
#(权重)
weight 100
TCP_CHECK {
#(10秒无响应超时)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.149.132 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动keepalived: systemctl start keepalived
[root@localhost_01 ~]# systemctl start keepalived [root@localhost_01 ~]# ps aux |grep keepalived root 1363 0.0 0.1 118652 1392 ? Ss 22:02 0:00 /usr/sbin/keepalived -D root 1364 0.0 0.3 127520 3336 ? S 22:02 0:00 /usr/sbin/keepalived -D root 1365 0.0 0.2 127388 2612 ? S 22:02 0:00 /usr/sbin/keepalived -D root 1383 0.0 0.0 112720 972 pts/0 R+ 22:05 0:00 grep --color=auto keepalived
B机器(bakup)修改配置:并启动keepalibved:
B机器修改配置:
[root@localhost_02 ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#主用服务器上为 MASTER
state BACKUP
#绑定vip的网卡为eth0,你的网卡可能不同,这里须要你改一下
interface eth0
virtual_router_id 50
#备用服务器上为90
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux
}
virtual_ipaddress {
192.168.149.254
}
}
virtual_server 192.168.149.254 80 {
#(每隔10秒查询realserver状态)
delay_loop 10
#(lvs 算法)
lb_algo wlc
#(DR模式)
lb_kind DR
#(同一IP的链接60秒内被分配到同一台realserver)
persistence_timeout 0
#(用TCP协议检查realserver状态)
protocol TCP
real_server 192.168.149.131 80 {
#(权重)
weight 100
TCP_CHECK {
#(10秒无响应超时)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.149.132 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动keepalived: systemctl start keepalived
[root@localhost_02 ~]# systemctl start keepalived [root@localhost_02 ~]# ps aux |grep keep root 2810 0.0 0.0 118608 1380 ? Ss 22:01 0:00 /usr/sbin/keepalived -D root 2811 0.0 0.1 127472 3336 ? S 22:01 0:00 /usr/sbin/keepalived -D root 2812 0.0 0.1 127340 2612 ? S 22:01 0:00 /usr/sbin/keepalived -D root 2833 0.0 0.0 112676 984 pts/0 S+ 22:06 0:00 grep --color=auto keep
二、分别启动RS_01和RS_02的nginx服务: systemctl start nginx
RS_01 [root@localhost_03 ~]# systemctl start nginx [root@localhost_03 ~]# ps aux |grep nginx root 1032 0.0 0.2 120752 2260 ? Ss 17:50 0:00 nginx: master process /usr/sbin/nginx nginx 1033 0.0 0.3 121136 3588 ? S 17:50 0:00 nginx: worker process root 1233 0.0 0.0 112676 984 pts/0 R+ 22:08 0:00 grep --color=auto nginx RS_02 [root@localhost_04 sbin]# systemctl start nginx [root@localhost_04 sbin]# ps aux |grep nginx root 1021 0.0 0.2 120752 2256 ? Ss 17:51 0:00 nginx: master process /usr/sbin/nginx nginx 1022 0.0 0.3 121136 3588 ? S 17:51 0:00 nginx: worker process root 1249 0.0 0.0 112676 984 pts/0 S+ 22:09 0:00 grep --color=auto nginx
注释:两台RS上须要执行: /usr/local/lvs_rs.sh
[root@localhost_03 ~]# vim /usr/local/sbin/lvs_rs.sh #/bin/bash vip=192.168.149.254 #把vip绑定在lo上,是为了实现rs直接把结果返回给客户端 ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up route add -host $vip lo:0 #如下操做为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端 #参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
三、首先咱们查看dir_02(主keepalived)这台的机器的虚拟IP信息:发现192.168.149.254存在
[root@localhost_01 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:81:f4:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.149.130/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe81:f44b/64 scope link
valid_lft forever preferred_lft forever
注释:查看规则:
[root@localhost_01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.149.254:80 wlc -> 192.168.149.131:80 Route 100 0 0 -> 192.168.149.132:80 Route 100 0 0
注释:此时在dir_02(备keepalived)上是查询不到虚拟IP以及规则信息:而且默认状态下keeplived备机时不工做的,只有主keepalived宕机后才能工做:
测试:首先在另外一台测试机测试,而后下面测试再分两步:
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
一、测试keepalive的高可用性: 经过宕掉A(手动关闭主的keepalive服务),而后看是否会由B(Bkeepalive)服务:
断定标准:看虚拟IP是否切换到B(原备keepalive)上:
A(主keepalive)操做: 关闭keepalive服务: #systemctl stop keepalived
[root@localhost_01 ~]# systemctl stop keepalived [root@localhost_01 ~]# ps aux |grep keepalived root 1445 0.0 0.0 112720 976 pts/0 S+ 22:34 0:00 grep --color=auto keepalived
B(备keepalive)查看虚拟IP是否切换过来, 而后看到网站是否能够正常访问:
[root@localhost_02 ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:3b:d9 brd ff:ff:ff:ff:ff:ff
inet 192.168.149.129/24 brd 192.168.149.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.149.254/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:3bd9/64 scope link
valid_lft forever preferred_lft forever
[root@localhost_02 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.149.254:80 wlc
-> 192.168.149.131:80 Route 100 0 2
-> 192.168.149.132:80 Route 100 0 3
而后在测试机上测试:
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_01 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
注释:说明A(主keepalive)宕机后,虚拟IP会自动切换到B(备keepalive)上,正好验证可dr分发器的高可用,而且当访问网站时,也是分别向两台服务器发起请求,体现了负载均衡性,不影响正常的网站访问:
测试:测试业务的负载均衡性:当宕了一台RS服务(rs_03),也不会影响网站的正常访问:
RS_03:关闭nginx服务:
[root@localhost_03 ~]# systemctl stop nginx [root@localhost_03 ~]# ps aux |grep nginx root 1250 0.0 0.0 112676 984 pts/0 S+ 22:50 0:00 grep --color=auto nginx
而后再次访问:测试机上: curl 192.168.1449.254
[root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!! [root@ceshiji_01 ~]# curl 192.168.149.254 The is real server_02 !!!
注释:keepalive有一个比较好的功能,能够在一台rs宕机的时候,及时把他踢出 ipvsadm 集群,将再也不发送数据包给,也就很好的避免的访问无链接的状况发送:
注释:dir上:须要打开echo 1 > /proc/sys/net/ipv4/ip_forward //打开端口转发:
- 1. DR模式搭建及keepalived+LVS搭建
- 2. LVS DR模式搭建-keepalived 加 LVS DR
- 3. 18.11 LVS DR模式搭建
- 4. LVS DR模式搭建
- 5. LVS DR模式搭以及Keepalived+LVS
- 6. LVS DR模式搭建, keepalived + LVS
- 7. LVS DR模式搭建 和 keepalived + LVS
- 8. 64.LVS DR模式搭建、keepalived + LVS
- 9. DR模式LVS搭建、keepalived+LVS
- 10. LVS DR模式搭建 keepalived lvs
- 更多相关文章...
- • Swift 环境搭建 - Swift 教程
- • Rust 环境搭建 - RUST 教程
- • 委托模式
- • Flink 数据传输及反压详解
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 字节跳动21届秋招运营两轮面试经验分享
- 2. Java 3 年,25K 多吗?
- 3. mysql安装部署
- 4. web前端开发中父链和子链方式实现通信
- 5. 3.1.6 spark体系之分布式计算-scala编程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在线
- 8. 在线画图
- 9. devtools热部署
- 10. 编译和链接