5
Keepalived LVS-DR模式
source link: https://blog.51cto.com/u_13236892/5592941
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
配置Keepalived LVS-DR模式
在这种模式下,虚拟 IP 在某时刻只能属于某一个节点,另一个节点作为备用节点存在。当主节点不可用时,备用节点接管虚拟 IP,提供正常服务。
配置参数: 节点 k8s01(主节点); 节点 k8s02(备用节点) ; 虚拟 IP 192.168.10.110对外提供服务的 IP。 要求默认情况下由节点 k8s01
提供服务,当节点 k8s01 不可用时,由节点 k8s02 提供服务(即虚拟 IP 漂移至节点 k8s02)。
配置参数: 节点 k8s01(主节点); 节点 k8s02(备用节点) ; 虚拟 IP 192.168.10.110对外提供服务的 IP。 要求默认情况下由节点 k8s01
提供服务,当节点 k8s01 不可用时,由节点 k8s02 提供服务(即虚拟 IP 漂移至节点 k8s02)。
global_defs {
notification_email {
root@localhost #默认三个地址,修改可用地址
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id xuegod62 #标识当前节点名字,两个节点的此项需要不相同。
}
#默认的配置文件中,使用第三方 smtp 服务器,但这在现实中几乎没有意义,发不出邮件,我们将其挃定为 localhost, 我们也可以将通知信息的
发送交给本地 sendmail 服务处理。
vrrp_instance apache { #定义一个实例,一个集群就是一个实例。 默认VI_1 可以随意改
state MASTER #指定 A 节点为主节点 备用节点上设置为 BACKUP 即可
interface eth0 #绑定虚拟 IP 的网络接口
virtual_router_id 51 #VRRP 组名,两个节点的设置必须一样,以指明各个节点属于同一 VRRP 组
priority 100 #主节点的优先级(1-254 之间),备用节点必须比主节点优先级低
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.111 #指定虚拟 IP, 两个节点设置必须一样
}
}
#类似添加虚拟一个服务 ipvsadm -A -t 192.168.1.70:80 -s rr
virtual_server 192.168.2.111 80 { #对虚拟IP63添加LVS相关内容
delay_loop 6 #Keepalived 多长时间监测一次 RS
lb_algo rr #分发算法
lb_kind DR #DR 模式
nat_mask 255.255.255.0
persistence_timeout 50 #同一 IP 50秒内的请求都发到同个real server ,这个会影响LVS的 rr 调度算法, 同一 IP 超过 50 秒
后,再次访问,才会被转发到另一台 real server 上。 persistence 持久性的意思
protocol TCP
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.64 -g 添加的内容,类似这条命令
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.65 –g 添加的内容,类似这条命令
real_server 192.168.1.64 80 { #配置服务节点 1,需要指定 realserver 的真实 IP 地址和端口,IP不端口之间用空格隔开
weight 1 #配置服务节点的权值,权值大小用数字表示,数字越大,权值越高,设置权值大小可以为不同性能的服务器
TCP_CHECK { #这段内容手动添加,爸以前的内容删除
connect_timeout 3 #表示 3 秒无响应超时
nb_get_retry 3 #表示重试次数
delay_before_retry 3 #表示重试间隔
connect_port 80 #检测端口
}
}
real_server 192.168.1.65 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#默认配置文件中还有两个 virtual_server 模版,把剩下的都删除了,就可以。 如:
#virtual_server 10.10.10.2 1358 { 。。。 }
#virtual_server 10.10.10.3 1358 { 。。。 }
notification_email {
root@localhost #默认三个地址,修改可用地址
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id xuegod62 #标识当前节点名字,两个节点的此项需要不相同。
}
#默认的配置文件中,使用第三方 smtp 服务器,但这在现实中几乎没有意义,发不出邮件,我们将其挃定为 localhost, 我们也可以将通知信息的
发送交给本地 sendmail 服务处理。
vrrp_instance apache { #定义一个实例,一个集群就是一个实例。 默认VI_1 可以随意改
state MASTER #指定 A 节点为主节点 备用节点上设置为 BACKUP 即可
interface eth0 #绑定虚拟 IP 的网络接口
virtual_router_id 51 #VRRP 组名,两个节点的设置必须一样,以指明各个节点属于同一 VRRP 组
priority 100 #主节点的优先级(1-254 之间),备用节点必须比主节点优先级低
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.111 #指定虚拟 IP, 两个节点设置必须一样
}
}
#类似添加虚拟一个服务 ipvsadm -A -t 192.168.1.70:80 -s rr
virtual_server 192.168.2.111 80 { #对虚拟IP63添加LVS相关内容
delay_loop 6 #Keepalived 多长时间监测一次 RS
lb_algo rr #分发算法
lb_kind DR #DR 模式
nat_mask 255.255.255.0
persistence_timeout 50 #同一 IP 50秒内的请求都发到同个real server ,这个会影响LVS的 rr 调度算法, 同一 IP 超过 50 秒
后,再次访问,才会被转发到另一台 real server 上。 persistence 持久性的意思
protocol TCP
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.64 -g 添加的内容,类似这条命令
# ipvsadm -a -t 192.168.2.111:80 -r 192.168.2.65 –g 添加的内容,类似这条命令
real_server 192.168.1.64 80 { #配置服务节点 1,需要指定 realserver 的真实 IP 地址和端口,IP不端口之间用空格隔开
weight 1 #配置服务节点的权值,权值大小用数字表示,数字越大,权值越高,设置权值大小可以为不同性能的服务器
TCP_CHECK { #这段内容手动添加,爸以前的内容删除
connect_timeout 3 #表示 3 秒无响应超时
nb_get_retry 3 #表示重试次数
delay_before_retry 3 #表示重试间隔
connect_port 80 #检测端口
}
}
real_server 192.168.1.65 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#默认配置文件中还有两个 virtual_server 模版,把剩下的都删除了,就可以。 如:
#virtual_server 10.10.10.2 1358 { 。。。 }
#virtual_server 10.10.10.3 1358 { 。。。 }
k8s01 master
yum install -y keepalived
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bk
[root@k8s01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id k8s01
}
vrrp_instance apache {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.110
}
}
virtual_server 192.168.10.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.133 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.134 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
systemctl restart keepalived
systemctl enable keepalived
ipvsadm -L –n
#注:没有看到 realserver,是因为两台 realserver 还没有开启 httpd 服务。
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bk
[root@k8s01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id k8s01
}
vrrp_instance apache {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.110
}
}
virtual_server 192.168.10.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.133 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.134 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
systemctl restart keepalived
systemctl enable keepalived
ipvsadm -L –n
#注:没有看到 realserver,是因为两台 realserver 还没有开启 httpd 服务。
k8s02 backup
yum install -y keepalived
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
[root@k8s01 ~]# scp /etc/keepalived/keepalived.conf k8s02:/etc/keepalived/
[root@k8s02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id k8s02 #运行 keepalived 的机器标示符
}
vrrp_instance apache {
state BACKUP #当前 LVS 状态为备用分发器
interface ens33
virtual_router_id 51
priority 90 #LVS 优先级,备的要比主的小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.110
}
}
virtual_server 192.168.10.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.133 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.134 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
systemctl restart keepalived
systemctl enable keepalived
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
[root@k8s01 ~]# scp /etc/keepalived/keepalived.conf k8s02:/etc/keepalived/
[root@k8s02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id k8s02 #运行 keepalived 的机器标示符
}
vrrp_instance apache {
state BACKUP #当前 LVS 状态为备用分发器
interface ens33
virtual_router_id 51
priority 90 #LVS 优先级,备的要比主的小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.110
}
}
virtual_server 192.168.10.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.10.133 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.10.134 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
systemctl restart keepalived
systemctl enable keepalived
k8s03 配置RS1
vim /etc/init.d/lvsrsdr #写一个配置RS的脚本
#!/bin/bash
#description:start relserver
VIP=192.168.10.110
source /etc/init.d/functions #加载环境变量(可以加载所有的环境变量)
case $1 in
start)
echo 'start LVS of Realserver DR'
/sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:1
echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:1 down
echo 'Close LVS of Realserver DR'
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 (start|stop)"
exit 1
esac
chmod +x /etc/init.d/lvsrsdr
/etc/init.d/lvsrsdr start
echo "/etc/init.d/lvsrsdr start" >> /etc/rc.local
ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.110 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
yum install -y httpd
echo 192.168.10.133 > /var/www/html/index.html
systemctl restart httpd
#!/bin/bash
#description:start relserver
VIP=192.168.10.110
source /etc/init.d/functions #加载环境变量(可以加载所有的环境变量)
case $1 in
start)
echo 'start LVS of Realserver DR'
/sbin/ifconfig lo:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:1
echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:1 down
echo 'Close LVS of Realserver DR'
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage:$0 (start|stop)"
exit 1
esac
chmod +x /etc/init.d/lvsrsdr
/etc/init.d/lvsrsdr start
echo "/etc/init.d/lvsrsdr start" >> /etc/rc.local
ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.110 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
yum install -y httpd
echo 192.168.10.133 > /var/www/html/index.html
systemctl restart httpd
k8s04 配置RS2
从k8s03上拷贝脚本
[root@k8s03 ~]# scp /etc/init.d/lvsrsdr k8s04:/etc/init.d/
然后执行
chmod +x /etc/init.d/lvsrsdr
/etc/init.d/lvsrsdr start
echo "/etc/init.d/lvsrsdr start " >> /etc/rc.local
ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.110 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
yum install -y httpd
echo 192.168.10.134 > /var/www/html/index.html
systemctl restart httpd
[root@k8s03 ~]# scp /etc/init.d/lvsrsdr k8s04:/etc/init.d/
然后执行
chmod +x /etc/init.d/lvsrsdr
/etc/init.d/lvsrsdr start
echo "/etc/init.d/lvsrsdr start " >> /etc/rc.local
ifconfig -a
……………………………………………………………………………………….
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.110 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
yum install -y httpd
echo 192.168.10.134 > /var/www/html/index.html
systemctl restart httpd
[root@k8s01 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.110:80 rr persistent 50
-> 192.168.10.133:80 Route 1 0 0
-> 192.168.10.134:80 Route 1 0 0
##每个IP地址都会只连一个后端,除非这个后端服务挂了
ipvsadm --list --timeout #可以查看ipvsadm会话保持时间
[root@k8s02 ~]# ipvsadm --set 0 0 5
[root@k8s02 ~]# ipvsadm --list --timeout
Timeout (tcp tcpfin udp): 900 120 5
You have new mail in /var/spool/mail/root
[root@k8s02 ~]# ipvsadm --set 5 5 5
如果停掉k8s03的httpd
[root@k8s02 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.110:80 rr persistent 50
-> 192.168.10.134:80 Route 1 0 1
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.110:80 rr persistent 50
-> 192.168.10.133:80 Route 1 0 0
-> 192.168.10.134:80 Route 1 0 0
##每个IP地址都会只连一个后端,除非这个后端服务挂了
ipvsadm --list --timeout #可以查看ipvsadm会话保持时间
[root@k8s02 ~]# ipvsadm --set 0 0 5
[root@k8s02 ~]# ipvsadm --list --timeout
Timeout (tcp tcpfin udp): 900 120 5
You have new mail in /var/spool/mail/root
[root@k8s02 ~]# ipvsadm --set 5 5 5
如果停掉k8s03的httpd
[root@k8s02 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.110:80 rr persistent 50
-> 192.168.10.134:80 Route 1 0 1
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK