lvs+keepalived實現web負載及高可用

實驗環境：
lvs-master 192.168.1.236
lvs-backup 192.168.1.237
lvs-dr-vip 192.168.1.238
web1       192.168.1.239
web2       192.168.1.240

注：yum安裝的軟件包版本要一致

1.分別在兩臺服務器上安裝lvs和keepalived
[root@lvs-master ~]# yum -y install ipvsadm
[root@lvs-master ~]# yum -y install keepalived

[root@lvs-backup ~]# yum -y install ipvsadm
[root@lvs-backup ~]# yum -y install keepalived

2.修改lvs-master的配置文件
[root@lvs-master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]                 #email 通知
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL       
}

vrrp_instance VI_1 {
    state MASTER                 #設置lvs的狀態，報錯MASTER和BACKUP兩種，必須大寫
    interface eth1               #設置對外服務的接口
    virtual_router_id 51         #設置虛擬路由表示
    priority 100                 #設置優先級，數值越大，優先級越高
    advert_int 1                 #設置同步時間間隔
    authentication {             #設置驗證類型和密碼
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {           #設置lvs vip
        192.168.1.238
    }
}

virtual_server 192.168.1.238 80 {
    delay_loop 6                  #健康檢查時間間隔
    lb_algo wrr                   #負載均衡調度算法
    lb_kind DR                    #負載均衡轉發規則
    #persistence_timeout 20       #設置會話保持時間，對bbs等很有用
    protocol TCP                  #協議
  real_server 192.168.1.239 80 {
        weight 3                   #設置權重
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
}
real_server 192.168.1.240 80 {
        weight 3
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
}
}
修改lvs-backup的配置
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.238
    }
}

virtual_server 192.168.1.238 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 20
 protocol TCP

    real_server 192.168.1.239 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
real_server 192.168.1.240 80 {
        weight 3
        TCP_CHECK {
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
        connect_port 80
        }
    }
}

3.在兩臺Realserver端增加配置（即web1和web2，配置一樣）
配置web服務
[root@web1~]# yum -y install httpd
[root@web1 ~]# echo "web11 " > /var/www/html/index.html
[root@web2~]# yum -y install httpd
[root@web2 ~]# echo "web22 " > /var/www/html/index.html

[root@web1 ~]# /etc/rc.d/init.d/realserver （web1與web2配置一樣）
#!/bin/bash
# description: Config realserver lo and apply noarp

SNS_VIP=192.168.1.238

. /etc/rc.d/init.d/functions

case "$1" in
start)
       ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
       /sbin/route add -host $SNS_VIP dev lo:0
       echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
       echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
       echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
       echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
       sysctl -p >/dev/null 2>&1
       echo "RealServer Start OK"

       ;;
stop)
       ifconfig lo:0 down
       route del $SNS_VIP >/dev/null 2>&1
       echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
       echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
       echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
       echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
       echo "RealServer Stoped"
       ;;
*)
       echo "Usage: $0 {start|stop}"
       exit 1
esac

exit 0
[root@web1 ~]# chmod o+x /etc/rc.d/init.d/realserver
簡單說明以上述腳本的作用：

1)vip(virtual ip)。直接路由模式的vip必須跟服務器對外提供服務的ip地址在同一個網段，並且lvs 負載均衡器和其他所有提供相同功能的服務器都使用這個vip;

2)vip被綁定在環回接口lo0:0上，其廣播地址是其本身，子網掩碼是255.255.255.255。這與標準的網絡地址設置有很大的不同。採用這種可變長掩碼方式把網段劃分成只含一個主機地址的目的是避免ip地址衝突;

3)echo這段的作用是抑制arp廣播。如果不做arp抑制，將會有衆多的機器向其他宣稱：“嗨！我是奧巴馬，我在這裏呢！”，這樣就亂套了。

4.測試
在lvs-master上啓動keepalived與ipvsadm
[root@lvs-master ~]# /etc/init.d/ipvsadm start
[root@lvs-master ~]# /etc/init.d/keepalived start

在lvs-backup上啓動keepalived與ipvsadm
[root@lvs-backup ~]# /etc/init.d/ipvsadm start
[root@lvs-backup ~]# /etc/init.d/keepalived start

在web1上啓動realserver
[root@web1 ~]# /etc/init.d/realserver start

在web2上啓動realserver
[root@web2 ~]# /etc/init.d/realserver start

測試web訪問
[root@web1 ~]# /etc/init.d/httpd start         #啓動apache
[root@web2 ~]# /etc/init.d/httpd start

關閉web1
[root@web1 ~]# /etc/init.d/httpd stop

高可用測試
關閉lvs-master的keepalived與ipvsadm
[root@lvs-master ~]# /etc/init.d/keepalived stop
[root@lvs-master ~]# /etc/init.d/ipvsadm stop

在lvs-backup上查看lvs的vip

測試web訪問是否依然正常

有上圖可看出網站訪問正常