最近幫朋友公司配了一下LVS,實現全自動化處理故障問題,基本環境如下
VIP : 192.168.101.100
LVS1: 192.168.101.103
LVS2: 192.168.101.104
RS1: 192.168.101.105
RS2: 192.168.101.108
後端還有一些服務器IP就不一一寫出來了
首先各個服務器上配置好各種需要的環境,所需要依賴包,然後在master 和 backup上裝好keepalived 和 LVS,直接yum安裝 .不啓動LVS,啓動keepalived就好,下面直接說配置 全部在keepalived上
[root@localhost shell]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_sync_group VGM { ###定義一個vrrp組
group {
VI_1
}
notify_master "/data/shell/arp.sh"
notify_backup "/data/shell/arp.sh"
}
vrrp_script chk_nginx { #### 定義腳本
script "/data/shell/check_nginx.sh"
interval 1
weight -2
}
vrrp_script chk_nginx2 { #### 定義腳本
script "/data/shell/check_nginx2.sh"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER ###backup上配置相同,只需要改下相關權重等
interface eth1
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script { #### 執行腳本檢測
chk_nginx
chk_nginx2
}
virtual_ipaddress {
192.168.101.100
}
}
virtual_server 192.168.101.100 80 {
delay_loop 2
lb_algo wrr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.101.105 80 {
weight 3
HTTP_GET {
url {
path /test.html
digest 9a8acfd3c07a45099bcde1a97a9fb7c5
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.101.108 80 {
weight 3
HTTP_GET {
url {
path /test2.html
digest 9649358e69985102d0da5ff240e1f2a4
}
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
如果你前端開啓了防火牆或者selinux,請關閉防火牆測試或者selinux測試,否則你會出現兩個master,哈哈,兩個vip地址同時出現,或者起不來服務,如果不關閉iptables,請加入以下策略
###允許80端口對外提供服務
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
###DR模式,當用戶請求LVS-DR VIP時,只有DR響應客戶端的ARP廣播包,允許vrrp虛擬路由器冗餘協議-A INPUT -d 224.0.0.0/8 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT
下面是幾個在master 和backup上執行的高效腳本,檢測後端nginx的
[root@localhost shell]# cat arp.sh
#!/bin/bash
VIP=192.168.101.100
GATEWAY=192.168.101.1
/sbin/arping -I eth1 -c 5 -s $VIP $GATEWAY &>/dev/null
########################################################
[root@localhost shell]# cat check_nginx.sh
!/bin/bash
url="http://192.168.101.105" ####realserver web地址檢測
status=$(/usr/bin/curl -s --head "$url" | awk '/HTTP/ {print $2}')
if [ "$status" != "200" ]; then
/data/shell/arp.sh start
fi
[root@localhost shell]# cat check_nginx2.sh
!/bin/bash
url="http://192.168.101.108" ####realserver web地址檢測
status=$(/usr/bin/curl -s --head "$url" | awk '/HTTP/ {print $2}')
if [ "$status" != "200" ]; then
/data/shell/arp.sh start
fi
arp緩存清理shell {arp.sh}
#!/bin/bash
VIP=192.168.101.100
GATEWAY=192.168.101.1
/sbin/arping -I eth1 -c 5 -s 192.168.101.100 192.168.101.1 &>/dev/null
這個配置會實現無論前端調度或者後端nginx服務任意一臺中斷都會在最短的時間響應到正常的請求,經測試,lvs前端兩臺故障幾乎是0秒切換,後端nginx的web服務故障也就是幾秒鐘的自動切換,如果是DNS解析,請做好解析定時緩存清理