CentOS 6 安装 KeepAlived + LVS 集群
0x00 环境介绍
服务器系统环境
RD Server System: Windows Server 2012 64bit
DR Server System:CentOS 6.10 64bit
Real Server System:CentOS 6.10 64bit
MySQL Server System:CentOS 6.10 64bit
软件运行版本
LVS:ipvsadm-1.26
Keepalived:keepalived-2.0.5
Tengine: tengine-2.2.0
MySQL: mysql-5.7.16
PHP: php-7.1.19
IP地址分配
服务器名称 内网IP 外网IP
VIP 127.16.1.100 101.200.57.151
RD-SERVER 127.16.1.150 101.200.57.150
LVS-MASTER 127.16.1.99
LVS-BACKUP 127.16.1.98
WEB1-REALSERVER 127.16.1.101
WEB2-REALSERVER 127.16.1.102
DB-MASTER 127.16.1.131
DB-BACKUP 127.16.1.132
GATEWAY 127.16.1.2
描述:7台服务器,RD-SERVER 作为远程操作服务器,通过 RD-SERVE 作为跳板才能操作其它6台局域网服务器。两台LVS服务器分别部署 ipvsadm 和 Keepalived,访问其中的任意一台可通过算法分配访问两台REALSERVER的任意一台。两台 LVS、两台 REALSERVER 和两台 DB 只有内网网卡。
0x01 部署 LVS + Keepalived
在两台 LVS 服务器上安装 ipvsadm 和 Keepalived 软件。
安装 ipvsadm
yum -y install kernel-devel make gcc openssl-devel libnl* popt* libnfnetlink-devel ncurses-devel gcc gcc-c++ make rpm-build openssl-devel
ln -s /usr/src/kernels/2.6.32-754.el6.x86_64/ /usr/src/linux # 2.6.32-754.el6.x86_64 根据自己的系统文件更改
cd /usr/local/src
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
tar zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26
make && make install
安装 Keepalived
cd /usr/local/src
wget http://www.keepalived.org/software/keepalived-2.0.5.tar.gz
tar zxvf keepalived-2.0.5.tar.gz
cd keepalived-2.0.5
./configure --prefix=/usr/local/keepalived
make && make install
配置 Keepalived
cp /usr/local/src/keepalived-2.0.5/keepalived/etc/init.d/keepalived /etc/init.d/
chmod 755 /etc/init.d/keepalived
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
chmod 755 /usr/sbin/keepalived
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
vi /etc/keepalived/keepalived.conf # 参照下面配置修改配置文件
! Configuration File for keepalived
global_defs {
notification_email {
wangbiao@youxuanbao.cn # 设置报警邮件地址,可以设置多个,每行一个
}
# 需开启本机的sendmail服务
notification_email_from Alexandre.Cassen@firewall.loc # 设置邮件的发送地址
smtp_server 127.0.0.1 # 设置smtp server地址
smtp_connect_timeout 30 # 设置连接smtp server的超时时间
router_id LVS_DEVEL # 表示运行keepalived服务器的一个标识。发邮件时显示在邮件主题的信息
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { # 定义的VRRP热备实例
state MASTER # 标示状态为MASTER 备份机为BACKUP
interface eth0 # 承载VIP地址的物理接口
virtual_router_id 51 # 虚拟路由器的id号,每个热备组保持一致
priority 100 # MASTER权重要高于BACKUP 比如BACKUP为99
advert_int 1 # 通告间隔秒数,(心跳频率) 注意通告的组播地址224.0.0.18
# mcast_src_ip 172.16.1.99 # Master服务器IP,如果是备份机请填写备份机的IP
authentication {
auth_type PASS # 主从服务器认证类型
auth_pass 1111 # 认证字串
}
virtual_ipaddress {
172.16.1.100 # 可以多个虚拟IP,换行即可
}
# 虚拟服务器 80端口的配置
virtual_server 172.16.1.100 80 {
delay_loop 6 # 每隔6秒查询realserver状态
lb_algo rr # lvs 算法
lb_kind DR # Direct Route
nat_mask 255.255.255.0
persistence_timeout 50 # 同一IP的连接50秒内被分配到同一台realserver
protocol TCP # 用TCP协议检查realserver状态
# 实际服务器的IP和端口
real_server 172.16.1.101 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.16.1.102 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
}
Keepalived 操作指令
/etc/init.d/keepalived start # 开启Keepalived服务
/etc/init.d/keepalived restart # 重启Keepalived服务
/etc/init.d/keepalived stop # 停止Keepalived服务
配置 ipvsadm
vi /etc/init.d/lvs_server.sh # 添加 lvs_server.sh 内容如下
#!/bin/bash
#
# 把以下内容保存成:lvs_server.sh
# 并放置在/etc/init.d目录下
# 如果想启动LVS Server执行:/etc/init.d/lvs_server.sh start
# 如果想停止LVS Server执行:/etc/init.d/lvs_server.sh stop
# 如果想重启LVS Server执行:/etc/init.d/lvs_server.sh restart
GW=172.16.1.2 # NetGetway
VIP=172.16.1.100 # 虚拟IP,更具具体情况而变
# REALSERVER服务器IP,有几个输入几个,与下面的配置对应,同时必须与 KeepAlived.config 配置对应
RIP1=172.16.1.101 # 实际的服务器IP
RIP2=172.16.1.102 # 实际的服务器IP
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
echo "ipvsadm start..."
# 清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
# 设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
# 设置LVS
# 开启WEB 80端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
# 运行 LVS
/sbin/ipvsadm -ln
;;
stop)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
;;
restart)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $VIP $GW
echo "ipvsadm stoped"
echo "ipvsadm start..."
# 清空 IPVS的内存数据
/sbin/ipvsadm -C
/sbin/ipvsadm --set 30 5 60
# 设置虚拟IP和同步参数
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
# 设置LVS
# 开启WEB 80 端口服务,并指向RIP1和RIP2的服务器
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $VIP $GW >/dev/null 2>&1
# 运行 LVS
/sbin/ipvsadm -ln
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
# :wq 保存退出
chmod 755 /etc/init.d/lvs_server.sh # 授权
# 如果提示 functions 权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
lvs_server.sh 操作命令
/etc/init.d/lvs_server.sh start # 启动ipvsadm
/etc/init.d/lvs_server.sh restart # 重启ipvsadm
/etc/init.d/lvs_server.sh stop # 停止ipvsadm
0x02 部署 REALSERVER 服务器
分别在两台REALSERVER上执行lvs_real_server.sh脚本,为lo:0绑定LVS_DR地址172.16.1.100,抑制ARP广播。
lvs_real_server.sh脚本配置
vi /etc/init.d/lvs_real_server.sh # 创建lvs_real_server.sh脚本,内容如下
#!/bin/bash
# 把一下内容保存成:lvs_real_server.sh
# 并放置在/etc/init.d目录下
# 如果想启动LVS Real Server执行:/etc/init.d/lvs_real_server.sh start
# 如果想停止LVS Real Server执行:/etc/init.d/lvs_real_server.sh stop
# 如果想查看LVS Real Server状态:/etc/init.d/lvs_real_server.sh status
VIP=172.16.1.100
. /etc/rc.d/init.d/functions # 如果提示权限不够,那么先在命令行执行: chmod 777 /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
#Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
#Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
# :wq # 保存退出
chmod 755 /etc/init.d/lvs_real_server.sh # 授权
lvs_real_server.sh操作指令
/etc/init.d/lvs_real_server.sh start # 开启服务
/etc/init.d/lvs_real_server.sh restart # 重启服务
/etc/init.d/lvs_real_server.sh stop # 关闭服务
0x03 运行 LVS + Keepalived
启动两台REALSERVER服务器上的lvs_real_server.sh
/etc/init.d/lvs_real_server.sh start # 启动脚本
启动LVS服务器上的ipvsadm和Keepalived
/etc/init.d/lvs_server.sh start # 启动ipvsadm服务
/etc/init.d/keepalived start # 启动keepalived
ipvsadm -L # 查看ipvsadm服务,显示集群中服务器ip信息
ip addr # 显示VTP绑定在哪个服务器上