一、環境規劃
1.1、服務器環境規劃
負載服務器master及WEB服務器1真實IP 192.168.221.131
負載服務器backup及WEB服務器2真實IP 192.168.221.132
負載服務器虛擬IP 192.168.221.100
1.2、軟件安裝規劃
操作系統:CentOS Linux 5.11 X86-64,內核版本:2.6.18-398.el5
需要安裝GCC編譯器及openssl等包
--192.168.221.131及192.168.221.132
安裝JDK及Tomcat環境
JDK版本:jdk-6u45-linux-x64-rpm.bin
Tomcat版本:apache-tomcat-7.0.56.tar.gz
JDK安裝:
chmod +x jdk-6u45-linux-x64-rpm.bin
./jdk-6u45-linux-x64-rpm.bin
vim /etc/profile
添加如下內容:
########sun jdk#######
JAVA_HOME=/usr/java/jdk1.6.0_45
JRE_HOME=/usr/java/jdk1.6.0_45/jre
PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export JAVA_HOME JRE_HOME PATH CLASSPATH
Tomcat安裝:
tar -zxvf apache-tomcat-7.0.56.tar.gz -C /usr/local/
cd /usr/local/apache-tomcat-7.0.56/webapps/ROOT/
echo "192.168.221.131" > ip.html
/usr/local/apache-tomcat-7.0.56/bin/startup.sh
root@DR1 ROOT]# netstat -anptul|grep 8080
tcp 0 0 :::8080 :::* LISTEN 16312/java
iptables開啓8080端口
iptables -I RH-Firwall-1-INPUT 12 -m state --state NEW -p tcp --dport 8080 -j ACCEPT
iptables-save > /etc/sysconfig/iptables
測試:
[root@DR2 ROOT]# elinks --dump http://192.168.221.131:8080/ip.html
192.168.221.131
二、LVS和Keepalived的部署
2.1、LVS的安裝
yum install ipvsadm
這裏安裝的版本是:ipvsadm-1.24-13.el5.x86_64
2.2、Keepalived的安裝
tar -zxvf keepalived-1.2.12.tar.gz -C /usr/local/src/
cd /usr/local/src/keepalived-1.2.12/
./configure --with-kernel-dir=/usr/src/kernels/2.6.18-398.el5-x86_64/
make && make install
ln -s /usr/local/sbin/keepalived /sbin/
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
ll /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig --level 35 keepalived on
service keepalived status
ln -s /usr/local/etc/keepalived/ /etc/
ll /etc/keepalived/
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected] #設置報警接收郵件地址,可以有多個郵件,每行一個。
#如果要開啓郵件報警,需要開啓本機的sendmail服務。
}
notification_email_from [email protected] #設置郵件的發送地址
smtp_server 192.168.1.1 #設置smtp_server服務器的地址
smtp_connect_timeout 30 #設置連接smtp服務器超時時間
router_id LVS_DEVEL #標識keepalived服務的ID號,兩邊lvs_server服務都一致
}
vrrp_instance VI_1 {
state MASTER #指定keepalived的角色,MASTER表示主服務器,BACKUP表示備用服務器。
interface eth0 #指定HA的檢測網絡接口
virtual_router_id 51 #虛擬路由標識,這個標識是一個數字,同一個vrrp實例使用唯一的標識,
#即同一個vrrp_instance下,MASTER和BACKUP必須是一致的。
priority 100 #定義優先級,數字越大優先級越高。在一個vrrp_instance下,
#BACKUP的優先級必須小於MASTER的優先級。
advert_int 1 #設置MASTER與BACKUP的負載均衡器之間的同步檢查的時間間隔,單位是秒。
authentication {
auth_type PASS #設置驗證類型,主要有PASS和AH
auth_pass 1111 #設置驗證密碼,在一個vrrp_instace下,MASTER與BACKUP必須使用相同的密碼才能通信。
}
virtual_ipaddress {
192.168.221.100 #虛擬IP地址,可以設置多個虛擬IP
}
}
virtual_server 192.168.221.100 8080 {
delay_loop 6 #(每隔6秒查詢real_server狀態)
lb_algo wrr #(負載均衡調度算法,常用wlc,rr,此處爲加權輪詢)
lb_kind DR #(負載均衡轉發規則,一般包括DR,NAT,TUN)
nat_mask 255.255.255.0
persistence_timeout 50 #會話保持時間,單位是秒,這個選項對動態網網頁是非常重要的,爲集羣系統中斷
#session共享提供了一個很好的解決方案,有了這個會話保持功能,用戶的會話請求會被
#一直分發到同一個服務節點,直到超過這個會話保持的時間。需要注意的是,這個會話保
#持時間是最大無響應超時時間,也就是說,用戶在操作動態頁面時,如果在50秒內用戶沒
#有執行任何操作,那麼接下來的操作會被分發到另外的節點,如果用戶一執照在操作動態
#頁面則不受50秒的時間限制。
protocol TCP #指定協議有TCP和UDP兩種
real_server 192.168.221.131 8080 {
weight 1 #權重值
TCP_CHECK {
connect_timeout 3 #連接超時時間
nb_get_retry 3 #重試次數
delay_before_retry 3 #重試間隔
connect_port 8080
}
}
real_server 192.168.221.132 8080 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8080
}
}
}
三、配置Real Server節點
vim real_lvs.sh
#!/bin/bash
VIP=192.168.221.100
/etc/rc.d/init.d/functions
case "$1" in
start)
echo "Start LVS of Real Server......"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
# /sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
echo "Stop LVS of Real Server...."
/sbin/ifconfig lo:0 down
# /sbin/route del -host $VIP dev lo:0
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
chmod +x real_lvs.sh
cp real_lvs.sh /etc/init.d/real_lvs.sh
/etc/init.d/real_lvs.sh start
ifconfig
[root@DR2 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:5D:71:26
inet addr:192.168.221.131 Bcast:192.168.221.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe5d:7126/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18922202 errors:0 dropped:0 overruns:0 frame:0
TX packets:18904332 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1222870584 (1.1 GiB) TX bytes:1222061563 (1.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:15931 errors:0 dropped:0 overruns:0 frame:0
TX packets:15931 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:905854 (884.6 KiB) TX bytes:905854 (884.6 KiB)
lo:0 Link encap:Local Loopback
inet addr:192.168.221.100 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
service keepalived start
ip addr show
[root@DR1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 192.168.221.100/32 brd 192.168.221.100 scope global lo:0
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:15:20:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.221.132/24 brd 192.168.221.255 scope global eth0
inet 192.168.221.100/32 scope global eth0
inet6 fe80::20c:29ff:fe15:207e/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[root@DR1 ~]#
四、測試
4.1 負載均衡
如果多次打開瀏覽器,通過虛擬IP訪問網站,應當會將負載均衡到兩臺服務器上
第一次打開一個瀏覽器中輸入http://192.168.221.100:8080/ip.html,顯示192.168.221.131(或132)
第二次打開瀏覽器(新開瀏覽器窗口),輸入http://192.168.221.100:8080/ip.html,顯示192.168.221.132(或131)
4.2 故障轉移
停止192.168.1.16上TOMCAT服務,這時通過虛擬IP就能訪問到網站,且是訪問的192.168.17服務器
/usr/local/apache-tomcat-7.0.56/bin/startup.sh
第一次打開一個瀏覽器中輸入http://192.168.221.100:8080/ip.html,顯示192.168.221.131
第二次打開瀏覽器(新開瀏覽器窗口),輸入http://192.168.221.100:8080/ip.html,顯示192.168.221.132
可以看到網站依然可以訪問,且都是訪問的192.168.221.131服務器,此時我們再將192.168.221.132服務器的tomcat服務啓動,應又能進行負載均衡
/usr/local/apache-tomcat-7.0.56/bin/startup.sh
可以查看tail /var/log/messages
[root@DR1 ~]# tail -50 /var/log/messages
Nov 27 23:40:23 DR1 Keepalived_healthcheckers[16369]: Netlink reflector reports IP fe80::20c:29ff:fe15:207e added
Nov 27 23:40:23 DR1 avahi-daemon[3376]: New relevant interface eth0.IPv6 for mDNS.
Nov 27 23:40:23 DR1 avahi-daemon[3376]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::20c:29ff:fe15:207e.
Nov 27 23:40:23 DR1 avahi-daemon[3376]: Registering new address record for fe80::20c:29ff:fe15:207e on eth0.
Nov 27 23:40:24 DR1 Keepalived_vrrp[16371]: Kernel is reporting: interface eth0 UP
Nov 27 23:40:24 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 27 23:40:24 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.221.100
Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: Netlink reflector reports IP 192.168.221.100 added
Nov 27 23:40:25 DR1 Keepalived_healthcheckers[16369]: Netlink reflector reports IP 192.168.221.100 added
Nov 27 23:40:25 DR1 avahi-daemon[3376]: Registering new address record for 192.168.221.100 on eth0.
Nov 27 23:40:30 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.16
5 其它操作 5.1 查看WEB服務器虛擬IP
查看方法:ip add show,因爲我們這裏是WEB服務器和LVS服務器是同一臺機器,所以本處lo及eth0上都有虛擬IP地址,WEB服務器上是看lo這裏。