应用服务

LVS/DR+Keepalived 构建高可用Web集群

安装约定

LVS-VIP:192.168.1.4

LVS-MASTER:192.168.1.10

LVS-BACKUP:192.168.1.11

WEB-1-REAL_SERVER:192.168.1.20

WEB-2-REAL-SERVER:192.168.1.21

在LVS-MASTER服务器上配置keepalived.conf

# vim /etc/keepalived/keepalived.conf

添加如下内容

! Configuration File for keepalived

global_defs {
   notification_email {
     example@163.com
     #failover@firewall.loc
     #sysadmin@firewall.loc
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_MASTER
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4
    }
}

virtual_server 192.168.1.4 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 192.168.1.20 80 {
        weight 3
 TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80   
        }
    }
    real_server 192.168.1.21 80 {
        weight 3
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

在LVS-BACKUP服务器上配置keepalived.conf

# vim /etc/keepalived/keepalived.conf

添加如下内容

! Configuration File for keepalived

global_defs {
   notification_email {
     example@163.com
     #failover@firewall.loc
     #sysadmin@firewall.loc
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_BACKUP
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    #nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.4
    }
}

virtual_server 192.168.1.4 80 {
    delay_loop 6
    lb_algo wrr
    lb_kind DR
    #persistence_timeout 50
    protocol TCP

    real_server 192.168.1.20 80 {
        weight 3
 TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80   
        }
    }
    real_server 192.168.1.21 80 {
        weight 3
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 80
        }
    }
}

在每台web服务器上配置realserver启动脚本

# vim /usr/local/sbin/realserver

作用是防arp抵制功能,内容如下:

#!/bin/bash 
#description: Config realserver
  
VIP=192.168.1.4
 
. /etc/rc.d/init.d/functions

case "$1" in
start)
    /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
    /sbin/route add -host $VIP dev lo:0
    echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
    sysctl -p >/dev/null 2>&1
    echo "RealServer Start OK"
    ;;
stop)
    /sbin/ifconfig lo:0 down
    /sbin/route del $VIP >/dev/null 2>&1
    echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
    echo "RealServer Stoped"
    ;;
*)
    echo "Usage: $0 {start|stop}"
    exit 1
esac
   
exit 0

启动集群

分别启动主备服务器的keepalived服务

# service keepalived start

分别启动web服务器的realserver脚本

# /usr/local/sbin/realserver start

将realserver脚本加到开机启动文件里

# vim /etc/rc.local

在最后面添加如下:

/usr/local/sbin/realserver start