DR+keepalive
注意vrrp_iptables:##不创建iptables策略
keepalive的脑裂问题怎么解决?
DR+keepalive解决主服务器挂了,备服务器立即进入工作。
DR+keepalive思路
主调度器:test1:192.168.168.100
副调度器:test2:192.168.168.100
RS服务器1:192.168.168.10:80
RS服务器2:192.168.168.20:80
客户端:192.168.168.70
主、备调度器配置:
安装ipvsadm、keekpalived
yum -y install ipvsadm keekpalived
配置vim /etc/sysctl.conf
net.ipv4.ip_forward=0
#关闭数据包转发功能
net.ipv4.conf.all.send_redirects = 0
##禁止系统发送icmp重定向的消息。###lo回环接口不接收icmp消息。只针对真实的ip地址。
net.ipv4.conf.default.send_redirects = 0
##禁止网络接口发送icmp重定向的消息。
net.ipv4.conf.ens33.send_redirects = 0
##针对ens33设备,禁止发送icmp重定向消息。
再配置调度器四层转发规则
ipvsadm -A -t 192.168.168.100:80 -s rr
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.10:80 -g
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.20:80 -g
core模块:keepalive的核心模块,负责主进程的启动、以及全局文件的加载。
vrrp模块:实现vrrp协议的模块,也就是主功能模块。
check模块:负责健康检查。也可以负责检查后台真实服务器的情况。
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lvs_01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_iptables
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.168.100
}
}
virtual_server 192.168.168.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 192.168.168.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.168.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
systemctl restart keepalived.service
iptables -vnL
调度器/etc/keepalived/keepalived.conf复制完进行修改
进调度器2进行配置/etc/keepalived/keepalived.conf
scp root@192.168.168.50:/etc/keepalived/keepalived.conf /etc/keepalived/
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lvs_02
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_iptables
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 51
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.168.100
}
}
virtual_server 192.168.168.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 192.168.168.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.168.20 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
systemctl stop keepalived.service
systemctl restart network
两台RS服务器配置
设置虚拟回环接口
服务器1:
vim /usr/local/nginx/html/index.html
this is nginx1
systemctl restart nginx
服务器2:
vim /usr/local/nginx/html/index.html
this is nginx2
systemctl restart nginx
两台服务器RS同时开启:
DEVICE=lo:0
IPADDR=192.168.168.100
NETMASK=255.255.255.255
ONBOOT=yes
cd /etc/sysconfig/network-scripts/
vim /etc/sysctl.conf
route add -host 192.168.168.100 dev lo:0
设置ip地址为192.168.168.100的只添加到回环接口,做为lvs的vip。通过路由的模式转发到RS,能让vip识别到真实的服务器。
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
#设置回环接口忽略来自任何接口的ARP请求
net.ipv4.conf.lo.arp_announce = 2
#设置回环地址仅仅公告本地的ip地址,但是不响应ARP请求
net.ipv4.conf.all.arp_ignore = 1
##设置所有接口忽略来自任何接口的ARP请求
net.ipv4.conf.all.arp_announce = 2
##设置所有接口仅仅公告本地的ip地址,但是不响应ARP请求。
sysctl -p
curl 192.168.168.100
调度器1停止keepalive,模拟挂机
systemctl stop keepalived.service
ip addr
ip addr
vrrp_iptables:##不创建iptables策略
= 2
##设置所有接口仅仅公告本地的ip地址,但是不响应ARP请求。
sysctl -p
curl 192.168.168.100
[外链图片转存中...(img-THpIG3tS-1720691877807)]
ip addr
[外链图片转存中...(img-R6gYbpkO-1720691877807)]
ip addr
[外链图片转存中...(img-QKEWZ76d-1720691877808)]
vrrp_iptables:##不创建iptables策略
