LVS+Keepalived實現高可用和負載均衡

一、實驗環境：

[root@a ~]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

[root@a ~]# uname -a
Linux a 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

IP分配：
lvs：10.10.10.11
keepalived：10.10.10.14
web1：10.10.10.12
web2：10.10.10.13
vip：10.10.10.100

二、實驗目的：

lvs調度器宕機或者web服務器宕機不影響業務的進行

三、實驗原理：

1.客戶端向LVS的VIP發送請求，源IP和目的IP分別爲CIP和VIP，源MAC地址和目的MAC分別爲CMAC和DMAC
2.當LVS收到請求後通過調度選出一個realserver來響應請求將源請求中的MAC地址該爲自己的MAC地址目的地址改爲realserver的MAC地址，此時源MAC和目的MAC分別爲DMAC和RMAC,然後將報文送往交換機，交換機收報文後根據目的MAC地址將請求轉發至後端Realserver
3.Realserver發現請求報文中的MAC地址是自己就會將報文接收並處理，處理完請求報文後將響應報文通過lo接口送給eth0網卡直接發送給客戶端。 注意:需要設置lo接口的VIP不能響應本地網絡內的arp請求。

四、實驗部分：

（1）構建LVS-DR模式

1、關閉網卡守護進程(all)
systemctl stop NetworkManager && systemctl disable NetworkManager.service

2、開啓網卡子接口
配置VIP
[root@a ~]# cd /etc/sysconfig/network-scripts/
[root@a network-scripts]# cp -a ifcfg-ens32 ifcfg-ens32:0
[root@a network-scripts]# cat ifcfg-ens32:0
BOOTPROTO=static
DEVICE=ens32:0
ONBOOT=yes
IPADDR=10.10.10.100
PREFIX=24
[root@a network-scripts]# systemctl restart network

3、修改內核配置文件
關閉廣播功能
[root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
[root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects 
[root@a network-scripts]# echo 0 > /proc/sys/net/ipv4/conf/ens32/send_redirects

4、安裝ipvsadm
lvs的管理工具
[root@a network-scripts]# yum install -y ipvsadm

5、關閉防火牆和selinux
[root@a network-scripts]# systemctl stop firewalld
[root@a network-scripts]# systemctl disable firewalld
[root@a network-scripts]# setenforce 0

RS配置(all):

1、安裝apache並寫入內容
[root@a ~]# yum install -y httpd
[root@a ~]# echo "this is server 1" >> /var/www/html/index.html
[root@a ~]# systemctl restart httpd
[root@a ~]# systemctl enable httpd
[root@a ~]# curl localhost
this is server 1

2、開啓網卡子接口
配置VIP
[root@a ~]# cd /etc/sysconfig/network-scripts/
[root@a network-scripts]# cp -a ifcfg-lo ifcfg-lo:0
[root@a network-scripts]# cat ifcfg-lo:0
DEVICE=lo:0
IPADDR=10.10.10.100
NETMASK=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@a network-scripts]# systemctl restart network
3、ARP行爲控制
[root@a network-scripts]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@a network-scripts]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@a network-scripts]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@a network-scripts]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
刷新
[root@a network-scripts]# sysctl -p
4、添加路由
[root@a network-scripts]# route add -host 10.10.10.100 dev lo:0
[root@a network-scripts]# echo "route add -host 10.10.10.100 dev lo:0" >> /etc/rc.local

5、關閉防火牆和selinux
[root@a network-scripts]# systemctl stop firewalld
[root@a network-scripts]# systemctl disable firewalld
[root@a network-scripts]# setenforce 0

6、設置LBC
參數說明：
-A:添加集羣
-a：集羣子節點
-t：tcp協議
-s：算法
-r：真實服務器
-g：DR模式
[root@a ~]# ipvsadm -A -t 10.10.10.100:80 -s rr
[root@a ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.12:80 -g 
[root@a ~]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.13:80 -g
[root@a ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.10.10.100:80 rr
  -> 10.10.10.12:80               Route   1      0          0         
  -> 10.10.10.13:80               Route   1      0          0         

[root@a ~]# ipvsadm --save > /etc/sysconfig/ipvsadm
[root@a ~]# systemctl start ipvsadm.service
[root@a ~]# systemctl enable ipvsadm.service

7、測試
lvs會把請求按rr算法分給rs
[root@a network-scripts]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  10.10.10.100:80                    24      164        0    24880        0
  -> 10.10.10.12:80                     12       94        0    16209        0
  -> 10.10.10.13:80                     12       70        0     8671        0

(2)部署keepalived

				在lvs上配置和一臺新的虛擬機上配置
[root@a ~]# cd /etc/sysconfig/network-scripts/
[root@a ~]# scp ./ifcfg-ens32:0 10.10.10.14:/etc/sysconfig/network-scripts/ifcfg-ens32:0						
[root@a ~]# yum install -y keepalived

#配置keepalived配置文件
[root@a ~]# cat /etc/keepalived/keepalived.conf|head -50
! Configuration File for keepalived

global_defs {
   router_id R1
}

vrrp_instance VI_1 {
    state MASTER
    interface ens32
    virtual_router_id 66
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
	10.10.10.100    
}
}

virtual_server 10.10.10.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 10.10.10.12 80 {
        weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80        
}
}
real_server 10.10.10.13 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}

}
}
從節點配置基本一致，
修改以下配置
router_id R2
state SLAVE
priority 20



在從節點安裝ipvsadm
[root@a network-scripts]# yum install -y ipvsadm
[root@a network-scripts]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

第一次查看沒有集羣信息，重啓keepalived服務後會發現集羣信息已經同步在兩個節點


[root@a network-scripts]# systemctl restart keepalived
[root@a network-scripts]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.10.10.100:80 rr persistent 50
  -> 10.10.10.12:80             Route   1      0          0         
  -> 10.10.10.13:80             Route   1      0          0     

（3）進行測試

斷開lvs調度器的網卡再次測試


斷開web1服務器