标签:keepalived nat dr
Keepalived是集群管理中保证集群高可用的一个服务软件,用来防止单点故障。它是以VRRP协议(虚拟路由冗余协议)为基础的。 Keepalived主要有三个模块,分别是core、check和vrrp。Core模块是keepalived的核心模块,主要负责主进程的启动,维 护以及全局配置文件的加载和解析。Check模块主要负责健康检查。Vrrp模块主要用来实现VRRP协议的。
LVS集群采用三层结构,其主要组成部分为:
A、负载调度器(load balancer),它是整个集群对外面的前端机,负责将客户的请求发送到一组服务器上执行,而客户认为服务是来自一个IP地址(我们可称之为虚拟IP地址)上的。
B、服务器池(server pool),是一组真正执行客户请求的服务器,执行的服务有WEB、MAIL、FTP和DNS等。
C、共享存储(shared storage),它为服务器池提供一个共享的存储区,这样很容易使得服务器池拥有相同的内容,提供相同的服务。
VS/TUN技术对服务器有要求,即所有的服务器必须支持“ IP Tunneling”或者““ IP Encapsulation”协议。目前,VS/TUN的后端服务器主要运行 Linux 操作系统。在VS/TUN 的集群系统中,负载调度器只将请求调度到不同的后端服务器,后端服务器将应答的数据直接返回给用户。这样,负载调度器就可以处理大量的请求,它甚至可以调 度百台以上的服务器(同等规模的服务器),而它不会成为系统的瓶颈。即使负载调度器只有100Mbps的全双工网卡,整个系统的最大吞吐量可超过 1Gbps。所以,VS/TUN可以极大地增加负载调度器调度的服务器数量。VS/TUN调度器可以调度上百台服务器,而它本身不会成为系统的瓶颈,可以 用来构建高性能的超级服务器。
VS/NAT 的优点是服务器可以运行任何支持TCP/IP的操作系统,它只需要一个IP地址配置在调度器上,服务器组可以用私有的IP地址。缺点是它的伸缩能力有限, 当服务器结点数目升到20时,调度器本身有可能成为系统的新瓶颈,因为在VS/NAT中请求和响应报文都需要通过负载调度器。
VS/DR方式是通过改写请求报文中的MAC地址部分来实现的。Director和RealServer必需在物理上有一个网卡通过不间断的局域网相连。 RealServer上绑定的VIP配置在各自Non-ARP的网络设备上(如lo或tunl),Director的VIP地址对外可见,而RealServer的VIP对外是不可见的。RealServer的地址即可以是内部地址,也可以是真实地址。
DR模式,VS和RS在同一网段。客户端给vip发送请求,然后vip根据请求选择合适的real server,然后vip将这个请求的地址改为real server的地址。
TUN模式,支持广域网连接,在数据传输过程也支持隧道协议。封装过大的数据。
NAT模式,VS和RS不在同一网段。
准备工作:
4台虚拟机:
server2和server3的内存1024
server7和server8的内存512
server3.example.com 172.25.85.3 1024M
server2.example.com 172.25.85.2 1024M (server2做调度)
server7.example.com 172.25.85.7 512M
server8.example.com 172.25.85.8 512M
1.在server7,server8上:
yum install httpd -y
/etc/init.d/httpd start
在server7上:
echo server7.linux.org > /var/www/html/index.html
ip addr add 172.25.85.100/32 dev eth0
在server8上:
echo server8.westos.org > /var/www/html/index.html
ip addr add 172.25.85.100/32 dev eth0
在server2上: ##server2作为调度主机
ip addr add 172.25.85.100/24 dev eth0
ip addr show
ipsvadm --help
ipvsadm -A -t 172.25.85.100:80 -s rr ##加载 rule
##-A添加虚拟ip -s指定调度算法 -a添加real server -g直联DR模式 -t tcp协议
ipvsadm -a -t 172.25.85.100:80 -r 172.25.85.7:80 -g
ipvsadm -a -t 172.25.85.100:80 -r 172.25.85.8:80 -g
ipvsadm -l
/etc/init.d/ipvsadm save ##将ipvsadm信息保存在/etc/sysconfig/ipvsadm/
2.在server7上:
yum install arptables_jf -y
arptables -A IN -d 172.25.85.100 -j DROP
arptables -A OUT -s 172.25.85.100 -j mangle --mangle-ip-s 172.25.85.7
/etc/init.d/arptables_jf save
/etc/init.d/httpd start
在server8上:
yum install arptables_jf -y
arptables -A IN -d 172.25.85.100 -j DROP
arptables -A OUT -s 172.25.85.100 -j mangle --mangle-ip-s 172.25.85.8
/etc/init.d/arptables_jf save
/etc/init.d/httpd stop
在浏览器中打开172.25.85.100
3.在server2上结合了heartbeat:
cd /usr/share/doc/ldirectord-3.9.5
cp ldirectord.cf /etc/ha.d
vim /etc/ha.d/ldirectord.cf
virtual=172.25.85.100:80 real=172.25.85.7:80 gate real=172.25.85.8:80 gate fallback=127.0.0.1:80 gate service=http scheduler=rr #persistent=600 #netmask=255.255.255.255 protocol=tcp checktype=negotiate checkport=80 request="index.html" # receive="Test Page" # virtualhost=www.x.y.z
ipvsadm -C
ipvsadm -l
/etc/init.d/ldirectord start
ipvsadm -l
scp /etc/ha.d/ldirectord.cf root@172.25.85.3:/etc/ha.d/
ip addr del 172.25.85.100/24 dev eth0
cd /etc/ha.d
vim haresources
server2.example.com IPaddr::172.25.85.100/24/eth1 httpd ldirectord
scp /etc/ha.d/haresources 172.25.85.3:/etc/ha.d/
/etc/init.d/heartbeat stop
ipvsadm -l
在server3上:
/etc/init.d/heartbeat start
tail -f /var/log/messages
ipvsadm -l
ip addr show
出现虚拟ip172.25.85.100
如果开启server2上的heartbeat。关闭server3上的heartbeat。虚拟ip出现在server2上。
4.在server3/2上:
/etc/init.d/heartbeat stop
/etc/init.d/ldirectord start
server3:
tar zxf keepalived-1.2.20.tar.gz
cd /root/keepalived-1.2.20
yum install openssl-devel libnl-devel net-snmp-devel -y
cd /root
rpm -ivh libnfnetlink-devel-1.0.0-1.el6.x86_64.rpm
cd /root/keepalived-1.2.20
./configure --prefix=/usr/local/keepalived ##编译成功
make
make install
cd /usr/local/
scp -r keepalived/ 172.25.85.3:/usr/local
cd /usr/local/keepalived/etc/rc.d/init.d/
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
ln -s /usr/local/keepalived/bin/genhash /bin/
vim keepalived.conf
notification_email_from keepalived@server2.example.com smtp_server 127.0.0.1
vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.85.100 } } virtual_server 172.25.85.100 80 { delay_loop 6 lb_algo rr lb_kind NAT # persistence_timeout 50 protocol TCP real_server 172.25.85.7 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.25.85.8 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
scp keepalived.conf 172.25.85.3:/etc/keepalived/
/etc/init.d/keepalived start
tail -f /var/log/messages
在server3上:
ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/etc/keepalived/ /etc/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
ln -s /usr/local/keepalived/bin/genhash /bin/
vim keepalived.conf
notification_email_from keepalived@server3.example.com smtp_server 127.0.0.1 vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.85.100 } }
/etc/init.d/keepalived start
检测:
打开server7和server8中的httpd:
在浏览器中打开172.25.85.100,交替出现
server7.linux.org 和 server8.westos.org
在server2中:ipvsadm -l
关闭server2中的keepalived,在server3上,ipvsadm -l
图
4.在serve7/8上安装:
yum install vsftpd -y
/etc/init.d/vsftpd start
server7:
cd /var/ftp
touch server7
ip addr add 172.25.85.101/32 dev eth1
vim /etc/sysconfig/arptables
[0:0] -A IN -d 172.25.85.100 -j DROP [0:0] -A OUT -s 172.25.85.100 -j mangle --mangle-ip-s 172.25.85.7 [0:0] -A IN -d 172.25.85.101 -j DROP [0:0] -A OUT -s 172.25.85.101 -j mangle --mangle-ip-s 172.25.85.7 COMMIT
/etc/init.d/arptables_jf restart
server8:
cd /var/ftp
ip addr add 172.25.85.101/32 dev eth1 touch server8
vim /etc/sysconfig/arptables
[0:0] -A IN -d 172.25.85.100 -j DROP [0:0] -A OUT -s 172.25.85.100 -j mangle --mangle-ip-s 172.25.85.8 [0:0] -A IN -d 172.25.85.101 -j DROP [0:0] -A OUT -s 172.25.85.101 -j mangle --mangle-ip-s 172.25.85.8 COMMIT
/etc/init.d/arptables_jf restart
server2:
vim /etc/keepalived/keepalived.conf
##添加一个虚拟ip 172.25.85.101
再添加以下内容
vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.25.85.100 172.25.85.101 } } virtual_server 172.25.85.101 21 { delay_loop 6 lb_algo wlc lb_kind DR persistence_timeout 60 protocol TCP real_server 172.25.85.7 21 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.25.85.8 21 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
/etc/init.d/keepalived restart
scp keepalived.conf root@172.25.85.3:/etc/keepalived/
server3:
vim /etc/keepalived/keepalived.conf
修改优先级为50,并修改state 为BACKUP
/etc/init.d/keepalived restart
找一个不同于172.25.85.*网段的ip进行检测:
真机ip是172.25.254.85
在server3上:
fullnat模式就是完全NAT,fullnat模式需要编译内核。
server3.example.com 172.25.85.3
编译内核:
1.在server3上:
rpm -ivh kernel-2.6.32-220.23.1.el6.src.rpm
cd rpmbuild/SPECS
yum install rpm-build -y
rpmbuild -bp kernel.spec
yum install gcc redhat-rpm-config patchutils xmlto asciidoc elfutils-libelf-devel zlib-devel binutils-devel newt-devel python-devel perl-ExtUtils-Embed -y
rpmbuild -bp kernel.spec
yum install asciidoc-8.4.5-4.1.el6.noarch.rpm
slang-devel-2.2.1-1.el6.x86_64.rpm
newt-devel-0.52.11-3.el6.x86_64.rpm -y
rpmbuild -bp kernel.spec ##时间较长
另外打开一个终端:server3:
yum provides */rngd
yum install rng-tools -y
rngd -r /dev/urandom ## rpmbuild -bp kernel.spec 立刻结束
cd /root/rpmbuild/BUILD/kernel-2.6.32-220.23.1.el6
cd /root/rpmbuild/BUILD/kernel-2.6.32-220.23.1.el6
tar Lvs-fullnat-synproxy.tar.gz
cd vs-fullnat-synproxy
cp lvs-2.6.32-220.23.1.el6.patch ../linux-2.6.32-220.23.1.el6.x86_64/
cd ../linux-2.6.32-220.23.1.el6.x86_64
##目录为/root/rpmbuild/BUILD/kernel-2.6.32-220.23.1.el6/linux-2.6.32-220.23.1.el6.x86_64
yum install patch -y
patch -p1 < lvs-2.6.32-220.23.1.el6.patch ##
vim Makefile
EXTRAVERSION=-220.23.1.el6
先给server3分配20G的虚拟硬盘,并进行拉伸
make -j2
make modules_install
make install
重启主机。检查内核是不是最新安装的内核。
2.在server3:
cd /root/rpmbuild/BUILD/kernel-2.6.32-220.23.1.el6/lvs-fullnat-synproxy
cp lvs-tools.tar.gz /root
tar zxf lvs-tools.tar.gz
cd /root/tools/keepalived
yum install openssl-devel popt-devel
./configure --with-kernel-dir="/lib/modules/`uname -r`/build" ##编译成功
make
make install
which keepalived ##/usr/local/sbin/keepalived
yum install ipvsadm -y
ipvsadm -l
cd /root/tools/ipvsadm
make
make install
本文出自 “11703145” 博客,谢绝转载!
标签:keepalived nat dr
原文地址:http://11713145.blog.51cto.com/11703145/1834573