2018-06-07 动手搭建lvs
LVS集群采用IP负载均衡技术 和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程序。为此,在设计时需要考虑系统的透明性、可伸缩性、高可用性和易管理性。
现在我们动手开始搭建lvs集群:
环境准备:
后端backend1 192.168.124.137
后端backend2 192.168.124.143
前端lvs机器 master 192.168.124.144
前端lvs机器slave 192.168.124.145
lvs 虚ip 192.168.124.88
1、安装后端 apache(可以是其他服务,这里只做演示)
yum install -y httpd (这个是apache)
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
关闭selinux 配置文件 /etc/selinux/config
SELINUX=disabled
systemctl start httpd
systemctl enable httpd
现在访问两个后端ip即可看到 apache 的测试页面,更改默认页面,带上后端机器ip以供后面验证访问地址。
2、编辑 /var/www/html/index.html (不通版本apache有不同目录,请根据配置文件指定目录编辑文件)添加文字说明,可以明显区分两台后端机器
3、前端机器安装keepalived 和ipvsadm
yum -y install ipvsadm keepalived
4、编辑 /etc/keepalived/keepalived.conf 文件如下:
lvs master 机器:
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.88
}
}
virtual_server 192.168.124.88 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.124.137 80 {
weight 1
TCP_CHECK { # realserver的状态监测设置部分单位秒
connect_timeout 3 # 超时时间
nb_get_retry 3 # 重试次数
delay_before_retry 3 # 重试间隔
connect_port 80 #监测端口
}
}
real_server 192.168.124.143 80 {
weight 1
TCP_CHECK { # realserver的状态监测设置部分单位秒
connect_timeout 3 # 超时时间
nb_get_retry 3 # 重试次数
delay_before_retry 3 # 重试间隔
connect_port 80 #监测端口
}
}
}
lvs slave 机器
vi /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.124.88
}
}
virtual_server 192.168.124.88 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.124.137 80 {
weight 1
TCP_CHECK { # realserver的状态监测设置部分单位秒
connect_timeout 3 # 超时时间
nb_get_retry 3 # 重试次数
delay_before_retry 3 # 重试间隔
connect_port 80 #监测端口
}
}
real_server 192.168.124.143 80 {
weight 1
TCP_CHECK { # realserver的状态监测设置部分单位秒
connect_timeout 3 # 超时时间
nb_get_retry 3 # 重试次数
delay_before_retry 3 # 重试间隔
connect_port 80 #监测端口
}
}
}
5、启动keepalived, systemctl start keepalived; systemctl enable keepalived
通过 ip addr可以看到虚ip已经绑定到相应网卡上面上, 两台lvs 机器都有(请注意这里两台机器都有 虚ip是错误的,应该只有一台机器有虚ip,两台机器同时存在虚ip就是传说中的脑裂现象,这里是因为lvs机器防火墙没有关闭,导致keepalived 集群不能通信,发生了脑裂)
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:81:da brd ff:ff:ff:ff:ff:ff
inet 192.168.124.145/24 brd 192.168.124.255 scope global dynamic ens33
valid_lft 1134sec preferred_lft 1134sec
inet 192.168.124.88/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::1f6c:d691:e1cd:7b5d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9733:2392:3e91:14cb/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::6632:ec02:f46e:7f41/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
然后我们ping 虚ip ping 192.168.124.88, 发现虚ip已经可以回应 icmp 数据包了
Qinfeis-MacBook-Pro:~ qinfei$ ping 192.168.124.88
PING 192.168.124.88 (192.168.124.88): 56 data bytes
64 bytes from 192.168.124.88: icmp_seq=0 ttl=64 time=0.540 ms
64 bytes from 192.168.124.88: icmp_seq=1 ttl=64 time=0.450 ms
实验过程中我又犯了一个错误:lvs服务器忘记关防火墙了,导致测试了几次都不通,所以切记所有机器防火墙要关掉(生产环境请自行配置firewalld 富规则)
关掉防火墙之后再看 ip addr:
master 服务器:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:81:da brd ff:ff:ff:ff:ff:ff
inet 192.168.124.145/24 brd 192.168.124.255 scope global dynamic ens33
valid_lft 1532sec preferred_lft 1532sec
inet 192.168.124.88/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::1f6c:d691:e1cd:7b5d/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::9733:2392:3e91:14cb/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::6632:ec02:f46e:7f41/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
slave 服务器:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:43:8c:3b brd ff:ff:ff:ff:ff:ff
inet 192.168.124.144/24 brd 192.168.124.255 scope global dynamic ens33
valid_lft 1271sec preferred_lft 1271sec
inet6 fe80::1f6c:d691:e1cd:7b5d/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::9733:2392:3e91:14cb/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::6632:ec02:f46e:7f41/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
发现slave 机器并没有挂上虚ip,这是正确的,说明两台lvs之间通信正常。
此时宕掉 192.168.124.145 会发现 192.168.124.88 漂移到了 192.168.124.144 上面,说明虚ip配置正确可以正常漂移,启动 192.168.124.145 虚ip又会回到 192.168.124.145 上面
6、 开始配置后端机器
把虚ip配置到后端机器上:
ip addr add 192.168.124.88/32 broadcast 192.168.124.88 dev lo:0
即可访问前端虚ip。
打开浏览器 192.168.124.88:
image.png
发现到后端已经通了,却发现前端访问一直是 192.168.124.143,我们宕掉 143 机器,在短暂不通之后 lvs引导访问到了 192.168.124.137 上面,这里是lvs的流量分配各种算法这里不做深入讲解:
image.png
系统内核日志如下:
Jun 7 10:34:11 localhost Keepalived_healthcheckers[1317]: TCP connection to [192.168.124.143]:80 timeout.
Jun 7 10:34:17 localhost Keepalived_healthcheckers[1317]: TCP connection to [192.168.124.143]:80 timeout.
Jun 7 10:34:17 localhost Keepalived_healthcheckers[1317]: Check on service [192.168.124.143]:80 failed after 1 retry.
Jun 7 10:34:17 localhost Keepalived_healthcheckers[1317]: Removing service [192.168.124.143]:80 from VS [192.168.124.88]:80
说明前端lvs 可以动态踢掉后端机器.
自此我们的lvs集群搭建完成,从此再也不怕服务器单点挂掉影响业务啦!
