客户端通过VIP(Virtual IP)(10.10.3.160)来访问负载均衡服务器。负载均衡服务器通过MASTER:10.10.3.156或BACKUP:10.10.3.157将请求分别转发给真实Web服务器(real server1:10.10.3.158 real server2:10.10.3.159)。
测试环境:
Director Server1(Master):10.10.3.156
Director Server2(Backup):10.10.3.157
VIP:10.10.3.160
Real server1:10.10.3.158
Real server2:10.10.3.159
LVS版本:ipvsadm-1.26
keepalived版本:keepalived-1.2.7
1、在两台Director Server上分别安装并配置LVS+Keepalived
2、安装LVS前系统需要安装
yum -y install kernel-devel openssl-devel lftplibnl* popt* libnl* libpopt* gcc*
3、两台Director Server分别安装并配置LVS:
cd /usr/src
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
(如果已经创建了软连接,那么删除之: rm /usr/src/linux 注意不能带最后的/,否则无法删除。)
查看内核方法:cat /proc/version(下一步中的2.6.32-358.el6.x86_64则是此处的Linux version)
ln -s /usr/src/kernels/2.6.32-358.el6.x86_64/ /usr/src/linux
tar -zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26
make && make install
编写并运行脚本(LVS服务器的脚本)
vi lvs.sh
#!/bin/bash VIP=10.10.3.160 RIP1=10.10.3.158 RIP2=10.10.3.159 /etc/rc.d/init.d/functions logger $0 called with $1 case "$1" in start) echo " start LVS of DirectorServer" /sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev eth0:0 echo "1" >/proc/sys/net/ipv4/ip_forward #Clear IPVS table /sbin/ipvsadm -C #set LVS /sbin/ipvsadm -A -t $VIP:80 -s rr /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g #Run LVS /sbin/ipvsadm ;; stop) echo "close LVS Directorserver" echo "0" >/proc/sys/net/ipv4/ip_forward /sbin/ipvsadm -C /sbin/ifconfig eth0:0 down ;; *) echo "Usage: $0 {start|stop}" exit 1 esac ~
注:/sbin/ipvsadm -A -t $VIP:80 -s rr (rr代表轮询,还有其他分配方式)
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g (-g代表DR模式,还有其他模式)
给脚本加权限,并执行
chmod +x lvs.sh
./lvs.sh start
4、两台Director Server分别安装并配置keepalived:
cd ..(cd /usr/src)
wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
tar zxvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure
make && make install
---------将keepalived做成启动服务,方便管理---------
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived/
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
service keepalived start
-----------开启路由转发-----------
vi /etc/sysctl.conf
修改下面的值,从0修改到1:
net.ipv4.ip_forward = 1
刷新系统变量,使系统文件变更马上生效
sysctl -p
------------配置Keepalived-------------
vi /etc/keepalived/keepalived.conf
输入 :.,$d ,清空文件内容
重新输入的内容为:
! Configuration File for keepalived global_defs { notification_email { king_819@163.com } notification_email_from king_819@163.com smtp_server smtp.163.com # smtp_connect_timeout 30 router_id LVS_DEVEL } # VIP1 vrrp_instance VI_1 { state MASTER #备份服务器上将MASTER改为BACKUP interface eth0 lvs_sync_daemon_interface eth0 virtual_router_id 51 priority 100 # 备份服务上将100改为90 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.3.160 #(如果有多个VIP,继续换行填写.) } } virtual_server 10.10.3.160 80 { delay_loop 6 #(每隔10秒查询realserver状态) lb_algo rr #(lvs 算法) lb_kind DR #(Direct Route) persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver) protocol TCP #(用TCP协议检查realserver状态) real_server 10.10.3.158 80 { weight 100 #(权重) TCP_CHECK { connect_timeout 10 #(10秒无响应超时) nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.10.3.159 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
chkconfig --level 0123456 keepalived on
查看自启动状态
chkconfig --list keepalived
service keepalived restart
5、两台Real Server(WEB1和WEB2机器)分别编辑如下文件
vi /root/lvs_real.sh
#!/bin/bash # description: Config realserver #Written by : http://kerry.blog.51cto.com SNS_VIP=10.10.3.160 /etc/rc.d/init.d/functions case "$1" in start) /sbin/ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP /sbin/route add -host $SNS_VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) /sbin/ifconfig lo:0 down /sbin/route del $SNS_VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0
赋给执行权限
chmod 755 /etc/rc.d/init.d/functions 别人的配置文档中没这个步骤,我不知道为什么总是说执行到这句时没有权限,所以我添加了执行权限
chmod 755 /root/lvs_real.sh
/root/lvs_real.sh start
将四台机器的IPTABLES全部关闭,防止出现其它问题:service iptables stop
两台Director server 分别启动keepalived服务,并执行./lvs.sh start
两台Real server 分别执行/root/lvs_real.sh start
这样高可用服务就配置好了。
配置两台Director server开机启动项:
vi /etc/rc.d/rc.local
配置两台Real server开机启动项:
vi /etc/rc.d/rc.local
我是这样模拟真实需求测试的:在两台web主机上安装tomcat,端口均为80,将CRM项目分别部署到web主机上,启动tomcat,在两个主机上分别将CRM登录页增加显示real server1 和real server 2。这样通过访问http://10.10.3.160/crm 可以看见两个登录页轮询显示,即测试实验成功。