Deploy Keepalived + LVS in CentOS to build a highly available WEB environment

Deploy Keepalived + LVS in CentOS to build a highly available WEB environment

I. Experiment deployment Software List

CentOS 6.4X64 mini

Keepalived-1.2.7.tar.gz

Ipvsadm 1.2.5-10

Ii. Tutorial Purpose

Keepalived is used to implement a cluster solution based on the LVS (DR) mode. The system architecture is as follows: the topological structure diagram. We use Keepalived to implement VIP switching between two LVS instances, and LVS1 is used as the default scheduler, when the LVS1 scheduler fails, LVS2 can automatically take over LVS1. The current scheduler is responsible for forwarding customer requests to real backend servers (web1 and web2). Because LVS works in DR mode, all real servers need to set their VIP addresses on their Non-ARP devices. Finally, the real backend servers will route the response packets to users.

Keepalived + LVS Topology

Server network information

Iii. Experiment Process

3.1 web1 procedure:

Temporarily disable iptables and selinux

[Root @ web1 ~] # Iptables-F & iptables-X & service iptables save

[Root @ web1 ~] # Setenforce 1 & echo "/usr/sbin/setenforce 1">/etc/rc. local

Configure the Host Name and IP address

[Root @ web1 ~] # Hostname web1.example.com

[Root @ web1 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE = eth0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.111

PREFIX = 24

GATEWAY = 172.16.21.254

DNS1 = 8.8.8.8

Add Virtual Interface address

[Root @ web1 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-lo: 0

DEVICE = lo: 0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.253

PREFIX = 32

GATEWAY = 172.16.21.254

Because VIP addresses are set for multiple devices in the Network, some kernel changes are required to prevent address conflicts:

[Root @ web1 ~] # Vi/etc/sysctl. conf

Net. ipv4.conf. lo. arp_ignore = 1

Net. ipv4.conf. lo. arp_announce = 2

Net. ipv4.conf. all. arp_ignore = 1

Net. ipv4.conf. all. arp_announce = 2

After sysctl. conf is modified, the sysctl-p takes effect immediately.

[Root @ web1 ~] # Sysctl-p

[Root @ web1 ~] # Service network restart

Install the httpd package and configure to start it.

[Root @ web1 ~] # Yum-y install httpd

[Root @ web1 ~] # Echo 'uname-n'>/var/www/html/index.html

[Root @ web1 ~] # Service httpd start & chkconfig httpd on

3.2 The Procedure of web2 is almost the same as that of web1:

Temporarily disable iptables and selinux

[Root @ web2 ~] # Iptables-F & iptables-X & service iptables save

[Root @ web2 ~] # Setenforce 1 & echo "/usr/sbin/setenforce 1">/etc/rc. local

Configure the Host Name and IP address

[Root @ web2 ~] # Hostname web2.example.com // and add

[Root @ web2 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE = eth0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.112

PREFIX = 24

GATEWAY = 172.16.21.254

DNS1 = 8.8.8.8

Add Virtual Interface address

[Root @ web2 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-lo: 0

DEVICE = lo: 0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.253

PREFIX = 32

GATEWAY = 172.16.21.254

[Root @ web2 ~] # Vi/etc/sysctl. conf

Net. ipv4.conf. lo. arp_ignore = 1

Net. ipv4.conf. lo. arp_announce = 2

Net. ipv4.conf. all. arp_ignore = 1

Net. ipv4.conf. all. arp_announce = 2

After sysctl. conf is modified, the sysctl-p takes effect immediately.

[Root @ web2 ~] # Sysctl-p

[Root @ web2 ~] # Service network restart

Install the httpd package and configure to start it.

[Root @ web2 ~] # Yum-y install httpd

[Root @ web2 ~] # Echo 'uname-n'>/var/www/html/index.html

[Root @ web2 ~] # Service httpd start & chkconfig httpd on

3.3 The procedure of the lvs1 scheduler is as follows:

Configure the Host Name and IP address

[Root @ lvs1 ~] # Hostname lvs1.example.com

[Root @ lvs1 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE = eth0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.211

PREFIX = 24

GATEWAY = 172.16.21.254

DNS1 = 8.8.8.8

Install keepalived

[Root @ lvs1 ~] # Yum-y install gcc make wget openssl-devel popt-devel libnl-devel kernel SADM

[Root @ lvs1 ~] # Wgethttp: // www.keepalived.org/software/keepalived-1.2.7.tar.gz

[Root @ lvs1 ~] # Tar zxvf keepalived-1.2.7.tar.gz

[Root @ lvs1 ~] # Cd keepalived-1.2.7

[Root @ lvs1 ~] #./Configure

[Root @ lvs1 ~] # Make & make install

[Root @ lvs1 ~] # Ln-s/usr/local/etc/keepalived/etc

[[Root @ lvs1 ~] # Ln-s/usr/local/etc/rc. d/init. d/keepalived/etc/init. d/

[Root @ lvs1 ~] # Ln-s/usr/local/etc/sysconfig/keepalived/etc/sysconfig/

[Root @ lvs1 ~] # Ln-s/usr/local/sbin/keepalived/usr/sbin/

To achieve high service availability through keepalived, we need to modify the keepalived main configuration file-lvs1 is the master device in this experiment, lvs2 is the slave device, and after one of them fails, another device can promptly activate a faulty device. In addition, you need to add a virtual service IP address to the configuration file and add the real backend WEB group and corresponding algorithms for the virtual service, the algorithm in this experiment is rr (Round Robin ).

[Root @ lvs1 ~] # Vi/etc/keepalived. conf

Global_defs {

Notification_email {

Root @ localhost

}

Notification_email_from root@example.com

Smtp_server localhost

Smtp_connect_timeout 30

Router_id LVS_01

}

Vrrp_instance HA {

State MASTER # MASTER node, which is BACKUP

Interface eth0 # network interface for binding virtual IP addresses

Virtual_router_id 51 # name of the vrrp group. The two nodes must be consistent.

Priority 100 # priority (between 1 and 100). The higher the value, the lower the reserved value.

Advert_int 1 # interval for sending multicast information. The two nodes must have the same settings.

Authentication {# verification information, which must be consistent between the two nodes

Auth_type PASS

Auth_pass 1111

}

Virtual_ipaddress {# virtual IP Address

172.16.21.253

}

}

Virtual_server 172.16.21.253 80 {

Delay_loop 6 # Health Check Interval

Lb_algo rr # Load Balancing Scheduling Algorithm

Lb_kind DR # Load Balancing forwarding rules

# Persistence_timeout 20 # Set the session persistence time

Protocol TCP # protocol

Real_server 192.168.1.105 80 {

Weight 3 # Set Weights

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

Real_server 172.16.21.111 80 {

Weight 3

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

Real_server 172.16.21.112 80 {

Weight 3

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

}

Start keepalived and add it to the boot list

[Root @ lvs1 ~] # Service keepalived start & chkconfig keepalived on

Disable iptables and selinux

[Root @ lvs1 ~] # Iptables-F & iptables-X & service iptables save

[Root @ lvs1 ~] # Setenforce 1 & echo "/usr/sbin/setenforce 1">/etc/rc. local

3.4 because they are all schedulers, the operation procedures and steps of the lvs2 scheduler are consistent with those of the lvs1 debugger. The keepalived configuration file (marked in red) is inconsistent ):

Configure the Host Name and IP address

[Root @ lvs2 ~] # Hostname lvs2.example.com

[Root @ lvs2 ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE = eth0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21.212

PREFIX = 24

GATEWAY = 172.16.21.254

DNS1 = 8.8.8.8

Install keepalived

[Root @ lvs2 ~] # Yum-y install gcc make wget openssl-devel popt-devel libnl-devel kernel SADM

[Root @ lvs2 ~] # Wgethttp: // www.keepalived.org/software/keepalived-1.2.7.tar.gz

[Root @ lvs2 ~] # Tar zxvf keepalived-1.2.7.tar.gz

[Root @ lvs2 ~] # Cd keepalived-1.2.7

[Root @ lvs2 ~] #./Configure

[Root @ lvs2 ~] # Make & make install

[Root @ lvs2 ~] # Ln-s/usr/local/etc/keepalived/etc

[[Root @ lvs2 ~] # Ln-s/usr/local/etc/rc. d/init. d/keepalived/etc/init. d/

[Root @ lvs2 ~] # Ln-s/usr/local/etc/sysconfig/keepalived/etc/sysconfig/

[Root @ lvs2 ~] # Ln-s/usr/local/sbin/keepalived/usr/sbin/

Configure keepalived and set this server as a slave Node

[Root @ lvs1 ~] # Vi/etc/keepalived. conf

Global_defs {

Notification_email {

Root @ localhost

}

Notification_email_from root@example.com

Smtp_server localhost

Smtp_connect_timeout 30

Router_id HA_02

}

Vrrp_instance HA {

State BAKCUP # MASTER node

Interface eth0 # network interface for binding virtual IP addresses

Virtual_router_id 51 # name of the vrrp group. The two nodes must be consistent.

Priority 50 # priority (between 1 and), the higher the value

Advert_int 1 # interval for sending multicast information. The two nodes must have the same settings.

Authentication {# verification information, which must be consistent between the two nodes

Auth_type PASS

Auth_pass 1111

}

Virtual_ipaddress {# virtual IP Address

172.16.21.253

}

}

Virtual_server 172.16.21.253 80 {

Delay_loop 6 # Health Check Interval

Lb_algo rr # Load Balancing Scheduling Algorithm

Lb_kind DR # Load Balancing forwarding rules

# Persistence_timeout 20 # Set the session persistence time

Protocol TCP # protocol

Real_server 192.168.1.105 80 {

Weight 3 # Set Weights

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

Real_server 172.16.21.111 80 {

Weight 3

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

Real_server 172.16.21.112 80 {

Weight 3

TCP_CHECK {

Connect_timeout 3

Nb_get_retry 3

Delay_before_retry 3

Connect_port 80

}

}

}

Start keepalived and add it to the boot list

[Root @ lvs2 ~] # Service keepalived start & chkconfig keepalived on

Disable iptables and selinux

[Root @ lvs2 ~] # Iptables-F & iptables-X & service iptables save

[Root @ lvs2 ~] # Setenforce 1 & echo "/usr/sbin/setenforce 1">/etc/rc. local

3.5 configure the client

In the actual production environment, this device should be a router, and we will use this device to test our Experimental Architecture:

[Root @ client ~] # Hostname client.example.com

[Root @ client ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE = eth0

ONBOOT = yes

BOOTPROTO = static

IPADDR = 172.16.21. 254

PREFIX = 24

GATEWAY = 172.16.21.254

DNS1 = 8.8.8.8

Iv. Experimental Testing

1. Use different clients to access http: // 172.16.21.253. LVS will return backend server resources in turn based on algorithms;

2. Simulate shutdown of the master LVS1 (shutdown or suspension), the server will work as usual, and then the Web1 will be shut down, only Web2 will be displayed, so as to achieve ip load balancing and high-availability clusters;

3. After the master LVS is restored, it switches to the active server. If the Keepalived monitoring module detects that the web server has been recovered, the recovered host adds the node to the cluster system.

Common commands

[Root @ lvs1 ~] # Ip addr show # view virtual IP addresses

[Root @ lvs1 ~] # Ipvsadm-Ln # view the current LVS rule