1、网络拓扑
2、环境描述
系统描述 | IP地址 | 作用 |
LB-master | 192.168.1.105 | 主备负载均衡器(同时做web和DNS调度) |
LB-backup | 192.168.1.106 | |
DNS-master | 192.168.1.107 | VIP:192.168.1.30(LVS DNS节点互为主辅同步) |
DNS-backup | 192.168.1.108 | |
Web节点组 | 192.168.1.201-203 | VIP:192.168.1.40(LVS web节点) |
3、配置LVS调度器keepalived的配置文件
keepalived配置双vrrp instance,分别为:WEB实例和DNS实例。
3.1 主LVS上keepalived的配置文件内容:
[root@lvs-M ~]#cat /etc/keepalived/keepalived.conf ! ConfigurationFile for keepalived
global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_fromAlexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id lvs_105 }
vrrp_instance VI_WEB { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.40/24 } }
#############LVSWEB################ virtual_server 192.168.1.40 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 # persistence_timeout 50 protocol TCP
real_server 192.168.1.201 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.202 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.203 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
#############DNSInstance start############### vrrp_instance VI_DNS { state BACKUP interface eth0 virtual_router_id 52 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.30/24 } } ###########LVSDNS####################### virtual_server 192.168.1.30 53 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 # persistence_timeout 50 protocol UDP
real_server 192.168.1.107 53 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 192.168.1.108 53 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } } |
3.2 备LVS上keepalived的配置文件内容:
[root@lvs-S ~]#cat /etc/keepalived/keepalived.conf
! ConfigurationFile for keepalived
global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_fromAlexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id lvs_106 }
vrrp_instance VI_WEB { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.40/24 } }
#############LVSWEB################ virtual_server 192.168.1.40 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 # persistence_timeout 50 protocol TCP
real_server 192.168.1.201 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.202 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.203 80 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
#############DNS Instancestart############### vrrp_instance VI_DNS { state MASTER interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.30/24 } } ###########LVSDNS####################### virtual_server 192.168.1.30 53 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.255.0 # persistence_timeout 50 protocol UDP
real_server 192.168.1.107 53 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } real_server 192.168.1.108 53 { weight 100 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 53 } } } |
4、配置LVS节点服务器脚本(WEB节点与DNS节点都要配置)
4.1 DNS节点的配置内容(主备DNS都有配置):
[root@dns-M ~]# cat /etc/init.d/dns_rs.ctl
#!/bin/bash . /etc/init.d/functions VIP=192.168.1.30
case "$1" in start) echo "start LVS of Realserver DR mode" /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up route add -host ${VIP} dev lo echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce ;; stop) /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down route del -host ${VIP} dev lo echo "stop LVS of Realserver DR mode" echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage: $0 {start|stop}" exit 1 esac |
4.1.1 对上面的脚本赋予权限
[root@dns-S init.d]# chmod +x dns_rs.ctl
4.2 WEB节点的配置内容(web的所有节点都有配置)
[root@web1 ~]# cat /etc/init.d/web_rs.ctl
#!/bin/bash . /etc/init.d/functions VIP=192.168.1.40
case "$1" in start) echo "start LVS of Realserver DR mode" /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 up route add -host ${VIP} dev lo echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce ;; stop) /sbin/ifconfig lo:0 ${VIP} netmask 255.255.255.255 down route del -host ${VIP} dev lo echo "stop LVS of Realserver DR mode" echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage: $0 {start|stop}" exit 1 esac |
4.2.1 对上面的脚本赋予权限
[root@web1 init.d]# chmod +x web_rs.ctl
5、主DNS服务器的区域配置文件修改如下:
[root@dns-M ~]# cat /var/named/chroot/var/named/pp.org.zone
$TTL 86400 @ IN SOA dns.pp.org. root.pp.org. ( 203 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D) ; minimum
IN NS dns.pp.org. IN MX 10 mail.pp.org. dns.pp.org. IN A 192.168.1.107 www IN A 192.168.1.40 |
5.1 修改之后重启DNS服务
[root@dns-M ~]# rndc reload
server reload successful
6、综合测试
测试之前要启动相关服务(keepalived、lvs节点脚本、节点Apache、节点DNS服务器等)
A:首先启动一台负载均衡调度器的keepalived服务
[root@lvs-M ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ] [root@lvs-M ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:81:a8:b3 brd ff:ff:ff:ff:ff:ff inet 192.168.1.105/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.40/24 scopeglobal secondary eth0 inet 192.168.1.30/24 scopeglobal secondary eth0 inet6 fe80::20c:29ff:fe81:a8b3/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 |
查看调度规则:
[root@lvs-M ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn UDP 192.168.1.30:53 rr -> 192.168.1.108:53 Route 100 0 0 -> 192.168.1.107:53 Route 100 0 0 TCP 192.168.1.40:80 rr -> 192.168.1.203:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0 -> 192.168.1.201:80 Route 100 0 0 |
B.停掉和启用一台DNS服务,观察调度器
[root@dns-S slaves]# /etc/init.d/named stop Stoppingnamed: [ OK ] 查看的日志内容: Oct 26 23:38:10 localhostKeepalived_healthcheckers: TCP connection to [192.168.1.108:53] failed !!! Oct 26 23:38:10 localhost Keepalived_healthcheckers:Removing service [192.168.1.108:53] from VS [192.168.1.30:53] |
观察lvs调度规则中少了192.168.1.108机器
[root@lvs-M ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn UDP 192.168.1.30:53 rr -> 192.168.1.107:53 Route 100 0 0 TCP 192.168.1.40:80 rr -> 192.168.1.203:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0 -> 192.168.1.201:80 Route 100 0 0 再次启动回来,查看日志会发现又把对应的IP地址加入了进来! |
C.启动第二台负载均衡调度器的keepalived服务
[root@lvs-S ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ] 此时DNS的VIP会分配到第二台负载均衡调度器上 [root@lvs-S ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:b5:be:19 brd ff:ff:ff:ff:ff:ff inet 192.168.1.106/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.30/24 scope global secondary eth0 inet6 fe80::20c:29ff:feb5:be19/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0brd 0.0.0.0 WEB的VIP仍然在第一台负载均衡调度器上!! [root@lvs-M ~]#ip addr 1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:81:a8:b3 brdff:ff:ff:ff:ff:ff inet 192.168.1.105/24 brd 192.168.1.255scope global eth0 inet 192.168.1.40/24 scope global secondaryeth0 inet6 fe80::20c:29ff:fe81:a8b3/64 scopelink valid_lft forever preferred_lft forever 3: sit0:<NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 |
观察调度规则:
[root@lvs-S ~]#ipvsadm -L -n IP VirtualServer version 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn UDP 192.168.1.30:53 rr -> 192.168.1.108:53 Route 100 0 35 -> 192.168.1.107:53 Route 100 0 36 TCP 192.168.1.40:80 rr -> 192.168.1.203:80 Route 100 0 0 -> 192.168.1.202:80 Route 100 0 0 -> 192.168.1.201:80 Route 100 0 0 [root@lvs-M ~]#ipvsadm -L -n IP VirtualServer version 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn UDP 192.168.1.30:53 rr -> 192.168.1.108:53 Route 100 0 0 -> 192.168.1.107:53 Route 100 0 0 TCP 192.168.1.40:80 rr -> 192.168.1.203:80 Route 100 0 35 -> 192.168.1.202:80 Route 100 0 36 -> 192.168.1.201:80 Route 100 0 35 综上:主备调度器的keepalived服务都在工作! 注:bind9功能强大,这里只是讨论了最简单的配置! |