#为什么采用双主架构:
单主架构只有一个keepalived对外提供服务,该主机长期处于繁忙状态,而另一台主机却很空闲,利用率低下
#双主架构的优点:
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高服务器资源利用率
一、环境说明
#系统:Centos 7
#服务版本:nginx1.20.1、keepalived1.3.5
-
架构图:
二.LVS+keepalived服务部署
#LVS是linux内核自带的服务,不用安装,只需安装LVS管理工具,第一种叫ipvsadm,第二种叫keepalived。ipvsadm是通过命令行管理,而keepalive读取配置文件管理
1.安装ipvsadm
[root@lvs01 ~]# yum -y install ipvsadm
[root@lvs02 ~]# yum -y install ipvsadm2.加载ipvsadm模板进系统
[root@lvs01 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lvs01 ~]# lsmod | grep ip_vs
ip_vs 145497 0
nf_conntrack 133095 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
[root@lvs02 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lvs02 ~]# lsmod | grep ip_vs
ip_vs 145497 0
nf_conntrack 133095 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack3.安装Keepalived
[root@lvs01 ~]# yum install -y keepalived
[root@lvs02 ~]# yum install -y keepalived4.修改keepalived配置文件
[root@lvs01 ~]# vi /etc/keepalived/keepalived.conf! Configuration File for keepalived
global_defs {
router_id lvs01
}
include /etc/keepalived/conf.d/*.conf #启用子配置文件
vrrp_instance VI_1 { #实例1
state MASTER
interface ens32
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10/24 dev ens32 label ens32:1
}
}
virtual_server 10.0.0.10 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 10.0.0.107 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.100 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
vrrp_instance VI_2 { #实例2
state BACKUP
interface ens32
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.20/24 dev ens32 label ens32:1
}
virtual_server 10.0.0.20 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 10.0.0.107 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.100 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@lvs02 ~]# vi /etc/keepalived/keepalived.conf! Configuration File for keepalived
global_defs {
router_id lvs02
}
include /etc/keepalived/conf.d/*.conf #启用子配置文件
vrrp_instance VI_1 { #实例1
state BACKUP
interface ens32
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10/24 dev ens32 label ens32:1
}
}
virtual_server 10.0.0.10 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 10.0.0.107 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.100 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
}
vrrp_instance VI_2 { #实例2
state MASTER
interface ens32
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.20/24 dev ens32 label ens32:1
}
}
virtual_server 10.0.0.20 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 10.0.0.107 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.100 80 {
weight 1
TCP_CHECK {
connect_timeout 10
retry 3
delay_before_retry 3
connect_port 80
}
}
}
5.创建子配置目录
[root@lvs01 ~]#mkdir /etc/keepalived/conf.d/
[root@lvs02 ~]#mkdir /etc/keepalived/conf.d/6.添加配置
[root@lvs01 ~]# vi /etc/keepalived/conf.d/cluster1.confvrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10/24 dev ens32 label ens32:1
}
unicast_src_ip 10.0.0.112
unicast_peer{
10.0.0.113
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}[root@lvs01 ~]# vi /etc/keepalived/conf.d/cluster2.confvrrp_instance VI_2 {
state BACKUP
interface ens32
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.20/24 dev ens32 label ens32:1
}
unicast_src_ip 10.0.0.112
unicast_peer{
10.0.0.113
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}[root@lvs02 ~]# vi /etc/keepalived/conf.d/cluster1.confvrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10/24 dev ens32 label ens32:1
}
unicast_src_ip 10.0.0.113
unicast_peer {
10.0.0.112
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
[root@lvs02 ~]# vi /etc/keepalived/conf.d/cluster2.confvrrp_instance VI_2 {
state MASTER
interface ens32
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.20/24 dev ens32 label ens32:1
}
unicast_src_ip 10.0.0.113
unicast_peer{
10.0.0.112
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}7.查看ip地址
[root@lvs01 ~]# hostname -I
10.0.0.112 10.0.0.10
[root@lvs02 ~]# hostname -I
10.0.0.113 10.0.0.20 三.nginx服务部署
1.安装
[root@nginx01 ~]# yum install -y nginx net-tools
[root@nginx02 ~]# yum install -y nginx net-tools2.启动
[root@nginx01 ~]# systemctl start nginx
[root@nginx02 ~]# systemctl start nginx3.关闭VIP的ARP响应
vi /etc/rc.d/init.d/realserver.sh#!/bin/bash
SNS_VIP1=10.0.0.10
SNS_VIP2=10.0.0.20
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP1 netmask 255.255.255.255 broadcast $SNS_VIP1
/sbin/route add -host $SNS_VIP1 dev lo:0
ifconfig lo:1 $SNS_VIP2 netmask 255.255.255.255 broadcast $SNS_VIP2
/sbin/route add -host $SNS_VIP2 dev lo:1
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 04.realserver.sh脚本授予执行权限
[root@nginx01 ~]# chmod u+x /etc/rc.d/init.d/realserver.sh
[root@nginx02 ~]# chmod u+x /etc/rc.d/init.d/realserver.sh5.启动服务
[root@nginx01 ~]# /etc/rc.d/init.d/realserver.sh start
/etc/rc.d/init.d/realserver.sh: line 3: /etc/rc.d/init.d/functions: Permission denied
RealServer Start OK
[root@nginx02 ~]# /etc/rc.d/init.d/realserver.sh start
/etc/rc.d/init.d/realserver.sh: line 3: /etc/rc.d/init.d/functions: Permission denied
RealServer Start OK6.查看ip是否绑定
7.修改页面显示,方便观察效果
echo "nginx01" > /usr/share/doc/HTML/index.htmlecho "nginx02" > /usr/share/doc/HTML/index.html6.客户端测试访问
四.模拟故障
1.停止lvs01服务
[root@lvs01 ~]# killall keepalived2.查看ip地址
#可以发现,虚拟ip地址已经漂到lvs02上了
[root@lvs01 ~]# hostname -I
10.0.0.112
[root@lvs02 ~]# hostname -I
10.0.0.113 10.0.0.20 10.0.0.10 3.客户端访问vip,负载正常
4.恢复lvs01服务
[root@lvs01 ~]# systemctl start keepalived5.查看ip地址
#虚拟ip地址漂移回来了
[root@lvs01 ~]# hostname -I
10.0.0.112 10.0.0.10
[root@lvs02 ~]# hostname -I
10.0.0.113 10.0.0.20
