操作系统平台:RedHat6.4 x86_64
软件:LVS+keepalived LVS+Keepalived
介绍 LVS LVS是Linux Virtual Server的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。本项目在1998年5月由章文嵩博士成立,是中国国内最早出现的自由软件项目之一。目前有三种IP负载均衡技术(VS/NAT、VS/TUN和VS/DR); 十种调度算法(rrr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq)。 Keepalvied Keepalived在这里主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现
IP配置信息:
LVS-DR-Master 192.168.20.135
LVS-DR-BACKUP 192.168.20.136
LVS-DR-VIP 192.168.20.160
WEB1-Realserver 192.168.20.121
WEB2-Realserver 192.168.20.123
GateWay 192.168.20.253
安装LVS和Keepalvied软件包
1. 下载相关软件包 #mkdir /usr/local/src/lvs #cd /usr/local/src/lvs #wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz #wget http://www.keepalived.org/software/keepalived-1.1.15.tar.gz
2. 安装LVS和Keepalived
#lsmod |grep ip_vs
#uname -r
#ln -s /usr/src/kernels/2.6.32-358.el6.x86_64/ /usr/src/linux
#tar zxvf ipvsadm-1.24.tar.gz
#cd ipvsadm-1.24
#make && make install
#find / -name ipvsadm # 查看ipvsadm的位置
#tar zxvf keepalived-1.1.15.tar.gz
#cd keepalived-1.1.15
#./configure && make && make install
#find / -name keepalived # 查看keepalived位置
#cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#mkdir /etc/keepalived
#cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
#cp /usr/local/sbin/keepalived /usr/sbin/
#service keepalived start|stop #做成系统启动服务方便管理.
四. 配置LVS实现负载均衡
1. LVS-DR,配置LVS脚本实现负载均衡
vi /usr/local/sbin/lvs-dr.sh #!/bin/bash
# description: start LVS of DirectorServer
#Written by :NetSeek
#http://www.linuxtone.org
GW=192.168.20.253
# website director vip.
WEB_VIP=192.168.20.160
WEB_RIP1=192.168.20.155
WEB_RIP2=192.168.20.156
. /etc/rc.d/init.d/functions
logger $0 called with $1
case "$1" in
start)
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
#set lvs vip for dr
/sbin/ipvsadm --set 30 5 60
/sbin/ifconfig eth0:0 $WEB_VIP broadcast $WEB_VIP netmask 255.255.255.255 up
/sbin/route add -host $WEB_VIP dev eth0:0
/sbin/ipvsadm -A -t $WEB_VIP:22 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:22 -r $WEB_RIP1:22 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:22 -r $WEB_RIP2:22 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:3389 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:3389 -r $WEB_RIP1:3389 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:3389 -r $WEB_RIP2:3389 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:33389 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:33389 -r $WEB_RIP1:33389 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:33389 -r $WEB_RIP2:33389 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:62000 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:62000 -r $WEB_RIP1:62000 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:62000 -r $WEB_RIP2:62000 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:21 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:21 -r $WEB_RIP1:21 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:21 -r $WEB_RIP2:21 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:55555 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:55555 -r $WEB_RIP1:55555 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:55555 -r $WEB_RIP2:55555 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:8080 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:8080 -r $WEB_RIP1:8080 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:8080 -r $WEB_RIP2:8080 -g -w 1
/sbin/ipvsadm -A -t $WEB_VIP:8081 -s wrr -p 3
/sbin/ipvsadm -a -t $WEB_VIP:8081 -r $WEB_RIP1:8081 -g -w 1
/sbin/ipvsadm -a -t $WEB_VIP:8081 -r $WEB_RIP2:8081 -g -w 1
touch /var/lock/subsys/ipvsadm >/dev/null 2>&1
# set Arp
/sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW >/dev/null 2>&1
;;
stop)
/sbin/ipvsadm -C
/sbin/ipvsadm -Z
ifconfig eth0:0 down
route del $WEB_VIP >/dev/null 2>&1
rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW
echo "ipvsadm stoped"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm is stoped"
exit 1
else
ipvsadm -ln
echo "..........ipvsadm is OK."
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
2. 配置Realserver脚本.
在web1和web2上配置realserver脚本:
cat /etc/rc.d/init.d/realserver.sh
#!/bin/bash
# Written by NetSeek
# description: Config realserver lo and apply noarp
WEB_VIP=192.168.20.160
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $WEB_VIP netmask 255.255.255.255 broadcast $WEB_VIP
/sbin/route add -host $WEB_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $WEB_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $WEB_VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $web_VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
附上realserver机上的/etc/sysctl.conf :
# Kernel sysctl configuration file for Red Hat Linux
# # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
或者采用secondary ip address方式配置
# vi /etc/sysctl.conf
添加以下内容如上所示:
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
#sysctl –p
#ip addr list 查看是否绑定
3. 启动lvs-dr脚本和realserver脚本,在DR上可以查看LVS当前状态:
#watch ipvsadm –ln
五.利用Keepalvied实现负载均衡和和高可用性
1.配置在主负载均衡服务器上配置keepalived.conf
#vi /etc/keepalived/keepalived.conf (主调度器) ! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER # 状态实际MASTER
interface eth0 # 监听网卡切换
virtual_router_id 51
priority 100 # 优先级(越大优先级越高)
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # 虚拟IP地址列表,即VIP
192.168.20.160
}
}
virtual_server 192.168.20.160 9080 {
delay_loop 6
lb_algo wrr #分发算法
lb_kind DR # DR模式
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 9080 {
weight 3 # 权重(权重越高处理的请求越多)
TCP_CHECK {
connect_port 9080
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 9080 {
weight 3
TCP_CHECK {
connect_port 9080
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 9081 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 9081 {
weight 3
TCP_CHECK {
connect_port 9081
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 9081 {
weight 3
TCP_CHECK {
connect_port 9081
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 22 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 22 {
weight 3
TCP_CHECK {
connect_port 22
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 22 {
weight 3
TCP_CHECK {
connect_port 22
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 3389 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 3389 {
weight 3
TCP_CHECK {
connect_port 3389
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 3389 {
weight 3
TCP_CHECK {
connect_port 3389
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 33389 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 33389 {
weight 3
TCP_CHECK {
connect_port 33389
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 33389 {
weight 3
TCP_CHECK {
connect_port 33389
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 55555 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 55555 {
weight 3
TCP_CHECK {
connect_port 55555
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 55555 {
weight 3
TCP_CHECK {
connect_port 55555
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 62000 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 62000 {
weight 3
TCP_CHECK {
connect_port 62000
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 62000 {
weight 3
TCP_CHECK {
connect_port 62000
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 192.168.20.160 21 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.20.121 21 {
weight 3
TCP_CHECK {
connect_port 21
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.123 21 {
weight 3
TCP_CHECK {
connect_port 21
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
2. BACKUP服务器同上配置,先安装lvs再按装keepalived,仍后配置/etc/keepalived/keepalived.conf,只需将红色标示的部分改一下即可(state MASTER 改成 state BACKUP priority 100改成 priority 99 ).
3. #/etc/init.d/keepalived start 启动keepalived 服务,keepalived就能利用keepalived.conf 配置文件,实现负载均衡和高可用.
4. 查看lvs服务是否正常
Ipvsadm -l -> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.20.160:33389 wrr persistent 50
-> 192.168.20.121:33389 Route 3 0 0
-> 192.168.20.123:33389 Route 3 0 0
TCP 192.168.20.160:62000 wrr persistent 50
-> 192.168.20.121:62000 Route 3 0 0
-> 192.168.20.123:62000 Route 3 0 0
TCP 192.168.20.160:55555 wrr persistent 50
-> 192.168.20.121:55555 Route 3 0 0
-> 192.168.20.123:55555 Route 3 0 0
TCP 192.168.20.160:3389 wrr persistent 50
-> 192.168.20.121:3389 Route 3 0 0
-> 192.168.20.123:3389 Route 3 0 0
TCP 192.168.20.160:22 wrr persistent 50
-> 192.168.20.121:22 Route 3 0 0
-> 192.168.20.123:22 Route 3 0 0
TCP 192.168.20.160:21 wrr persistent 50
TCP 192.168.20.160:9081 wrr persistent 50
-> 192.168.20.121:9081 Route 3 0 0
-> 192.168.20.123:9081 Route 3 0 0
TCP 192.168.20.160:9080 wrr persistent 50
-> 192.168.20.121:9080 Route 3 0 0
-> 192.168.20.123:9080 Route 3 0 0
#watch ipvsadm –ln
IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddressort Scheduler Flags -> RemoteAddressort
Forward Weight ActiveConn InActConn
#tail –f /var/log/message 监听日志,查看状态,测试LVS负载均衡及高可用性是否有效。
5.停Master服务器的keepalived服务,查看BAKCUP服务器是否能正常接管服务。