Deploy lvs-dr+keepalived to build a highly available Web cluster

Implement the DR Mode of LVs one. Experimental environment

Three machines:

• Director node: (ENS33 192.168.10.53 VIP ens33:0 192.168.10.80)

• Real Server1: (Ens33 192.168.10.51 VIP lo:0 192.168.10.80)

• Real server2: (Ens33 192.168.10.52 VIP lo:0 192.168.10.80)

Two. Installation and configuration 1. Configure two real server servers

(1) Configure virtual IP address (VIP)

The VIP address is used only as the source address for sending Web response packets and does not require listening for client access requests (which are monitored and distributed by the Scheduler director). Therefore, the virtual interface lo:0 is used to host the VIP address.

cd /etc/sysconfig/network-scripts/cp ifcfg-lo ifcfg-lo:0vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.10.80 NETMASK=255.255.255.255   #子网掩码必须全为1 ONBOOT=yes 1ifup lo:0     

(2) Install HTTPD, create test page

#安装httpdyum install httpd -y

#real server1创建测试网页echo "Server 192.168.10.51" > /var/www/html/index.html#real server2创建测试网页echo "Server 192.168.10.52" > /var/www/html/index.html

(3) Start httpd Service, turn off firewall and security policy

#关闭防火墙和安全性策略systemctl stop  firewalld.service systemctl disable firewalld.servicesetenforce 0

(4) Configure the startup script on both real servers

vim/etc/init.d/rs.sh #!/bin/bash vip=192.168.10.80 Case "$" in start) ifconfig lo:0 $VIP                Netmask 255.255.255.255 broadcast $VIP/sbin/route add-host $VIP Dev lo:0 #为本机添加一条路由记录                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/a Rp_announce sysctl-p >/dev/null 2>&1 echo "Realserver Start OK";        ; Stop) Ifconfig lo:0 down Route del $VIP/dev/null 2>&1 echo "0" >/p Roc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce Ech                O "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce Echo "Realserver stopd";; *) echo "Usage: $ {Start|stop}" Exit 1 Esac Exit 0

Note here is to avoid ARP communication disorder, the solution is: Modify the RS on the kernel parameters (Arp_ignore and Arp_announce) The VIP on the RS configured on the Lo interface alias, and limit it can not respond to the VIP Address resolution request.

• Arp_ignore=1 indicates that the system responds only to ARP requests for the local IP of the destination IP.

• arp_announce=2 indicates that the system does not use the source address of the IP packet to set the source address of the ARP request, and chooses the IP address of the sending interface.
  (5) Run startup script

  chmod +x rs.shservice rs.sh start

  Finally, self-test access to Web services on this machine
  
  

  2. Configure the Director Server server

  (1) Configure the virtual IP address to respond to cluster access

  
  (2) Installing IPVSADM management tools

  yum install ipvsadm -y  

  (3) Turn on the routing function

  vim /etc/sysctl.confnet.ipv4.ip_forward=1sysctl -p     #保存

  (4) Adjust the/proc response parameters, turn off the Linux kernel redirection parameter response

  vim /etc/sysctl.confnet.ipv4.conf.all.send_redirects = 0  net.ipv4.conf.default.send_redirects = 0net.ipv4.conf.ens33.send_redirects = 0sysctl -p #保存

  (5) Configuring the Director startup script

  vim /etc/init.d/dr.sh#!/bin/bashGW=192.168.10.1VIP=192.168.10.80RIP1=192.168.10.51RIP2=192.168.10.52case "$1" in    start)    /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm    systemctl start ipvsadm    /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up    /sbin/route add -host $VIP dev ens33:0    /sbin/ipvsadm -A -t $VIP:80 -s rr    /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g    /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g    echo "ipvsadm starting --------------------[ok]"    ;;    stop)    /sbin/ipvsadm -C    systemctl stop ipvsadm    ifconfig ens33:0 down    route del $VIP    echo "ipvsamd stoped----------------------[ok]"     ;;    status)    if [ ! -e /var/lock/subsys/ipvsadm ];then    echo "ipvsadm stoped---------------"    exit 1            else            echo "ipvsamd Runing ---------[ok]"    fi    ;;    *)    echo "Usage: $0 {start|stop|status}"    exit 1esacexit 0

  (6) Start script, add two real server node servers

  chmod +x /etc/init.d/dr.shservice dr.sh start

  (7) #关闭防火墙和安全策略

  systemctl stop firewalld.servicesystemctl disable firewalld.servicesetenforce 0

  Three. Test the LVS Cluster

  With Windows clients accessing http://192.168.10.80/directly, you will be able to see the content of the Web page provided by the real server.

First time visit:

Real Server connections Viewed:

Refresh one time:

Real Server connections Viewed:

• LVS combined with KeepAlive

  LVS can be load balanced, but not failover and health checks, that is, when an RS server fails, LVS will still forward the request to the faulty RS server, which will result in invalid requests. KeepAlive software can solve the problem of LVS single point failure, and can realize the high availability of LVS at the same time. Here is an example of the LVS-DR pattern.

I. Experimental environment

Five machines:

• Keepalived1 + LVS1 (Director1): 192.168.10.53 (Master)
• Keepalived2 + LVS2 (Director2): 192.168.10.54 (from)
• Real server1:192.168.10.51
• Real server2:192.168.10.52
• NFS server:192.168.10.55
• vip:192.168.10.80

Two. Installation configuration

The keepalived service is deployed on two director server node servers, assuming the DR mode of the LVS is implemented.

(1) Installing keepalive software

yum install keepalived -y

(2) Primary keepalived node configuration (LVS1)

#主节点 (MASTER) configuration file vim/etc/keepalived/keepalived.conf global_defs {... #省略部分 smtp_server 127.0.0.1 #指向本地 router_id lvs_01 #指定名称, backup server different name ... #省略部分} vrrp_instance vi_1 {#定义VRRP热备实例 State M    ASTER #MASTER表示主调度器 interface Ens33 #承载VIP地址的物理接口 virtual_router_id #虚拟路由器的ID号, each hot standby group remains consistent Priority #主调度器优先级 Advert_int 1 #通告间隔秒数 authentication {#认证信息 Auth_type PAS S #认证类型 auth_pass 1111 #字码密串} virtual_ipaddress {#指定群集VIP地址, which is the drift address 192.168.10.80}                     }virtual_server 192.168.10.80 {#虚拟服务器VIP地址 delay_loop 6 #健康检查的间隔时间 Lb_algo RR                   #轮询rr的调度算法 lb_kind DR #直接路由工作模式 persistence_timeout 0 #连接保持时间 Protocol TCP         #应用服务采用的是TCP协议 real_server 192.168.10.51 {#第一个web节点的服务器地址, Port weight 1     Tcp_check {       Connect_timeout nb_get_retry 3 delay_before_retry 3 Connect_port 80        }} real_server 192.168.10.52 {#第二个web节点的服务器地址, port router_id lvs_01 weight 1 Tcp_check {connect_timeout nb_get_retry 3 delay_before_retry 3 Conne Ct_port 80}}}

(3) Configuration from keepalived node (LVS2)
Copy the configuration file for the master node keepalived.conf, and then modify the following:

router_id LV ->  router_id LVS_02 #从调度器名称state MASTER -> state BACKUP  #从调度器priority 100 -> priority 90   #从调度器优先级

(4) Start keepalive

#先主后从分别启动keepalivesystemctl start keepalived

Three. Test the HA characteristics of the keepalived

(1) Virtual IP address drift

First execute the command IP addr on master (LVS1), you can see the VIP on the master node;

At this point if the Systemctl Stop keepalived command is executed on master, the VIP is no longer on master and the IP addr command on the slave node can see that the VIP has correctly floated to the slave node.

At this time the client to access http://192.168.10.80 access is still normal.

(2) Connectivity

The client performs a "ping 192.168.10.80-t" and is able to ping normally.
Disable the Master (LVS1) Ens33 Nic and find that it is still able to ping normally.

(3) Web Access Testing

Disable Master (LVS1) ens33 network card, again access the above Web services, Web page documents display normal.

Deploy lvs-dr+keepalived to build a highly available Web cluster