48、DR+keepalive
DR+keepalive
注意vrrp_iptables:##不创建iptables策略
keepalive的脑裂问题怎么解决?
DR+keepalive解决主服务器挂了,备服务器立即进入工作。
DR+keepalive思路
主调度器:test1:192.168.168.100副调度器:test2:192.168.168.100RS服务器1:192.168.168.10:80RS服务器2:192.168.168.20:80客户端:192.168.168.70
主、备调度器配置:
安装ipvsadm、keekpalived
yum -y install ipvsadm keekpalived
配置vim /etc/sysctl.conf
net.ipv4.ip_forward=0
#关闭数据包转发功能
net.ipv4.conf.all.send_redirects = 0
##禁止系统发送icmp重定向的消息。###lo回环接口不接收icmp消息。只针对真实的ip地址。
net.ipv4.conf.default.send_redirects = 0
##禁止网络接口发送icmp重定向的消息。
net.ipv4.conf.ens33.send_redirects = 0
##针对ens33设备,禁止发送icmp重定向消息。
再配置调度器四层转发规则
ipvsadm -A -t 192.168.168.100:80 -s rr
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.10:80 -g
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.20:80 -g
core模块:keepalive的核心模块,负责主进程的启动、以及全局文件的加载。
vrrp模块:实现vrrp协议的模块,也就是主功能模块。
check模块:负责健康检查。也可以负责检查后台真实服务器的情况。
vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id lvs_01vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_iptables
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.168.100}
}virtual_server 192.168.168.100 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 0protocol TCPreal_server 192.168.168.10 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}real_server 192.168.168.20 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}
}
systemctl restart keepalived.service
iptables -vnL
调度器/etc/keepalived/keepalived.conf复制完进行修改
进调度器2进行配置/etc/keepalived/keepalived.conf
scp root@192.168.168.50:/etc/keepalived/keepalived.conf /etc/keepalived/
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id lvs_02vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_iptables
}vrrp_instance VI_2 {state BACKUPinterface ens33virtual_router_id 51priority 95advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.168.100}
}virtual_server 192.168.168.100 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 0protocol TCPreal_server 192.168.168.10 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}real_server 192.168.168.20 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}
}
systemctl stop keepalived.service
systemctl restart network
两台RS服务器配置
设置虚拟回环接口
服务器1:vim /usr/local/nginx/html/index.html this is nginx1systemctl restart nginx服务器2:vim /usr/local/nginx/html/index.html this is nginx2systemctl restart nginx
两台服务器RS同时开启:
DEVICE=lo:0
IPADDR=192.168.168.100
NETMASK=255.255.255.255ONBOOT=yescd /etc/sysconfig/network-scripts/vim /etc/sysctl.confroute add -host 192.168.168.100 dev lo:0设置ip地址为192.168.168.100的只添加到回环接口,做为lvs的vip。通过路由的模式转发到RS,能让vip识别到真实的服务器。vim /etc/sysctl.confnet.ipv4.conf.lo.arp_ignore = 1#设置回环接口忽略来自任何接口的ARP请求
net.ipv4.conf.lo.arp_announce = 2
#设置回环地址仅仅公告本地的ip地址,但是不响应ARP请求
net.ipv4.conf.all.arp_ignore = 1
##设置所有接口忽略来自任何接口的ARP请求
net.ipv4.conf.all.arp_announce = 2
##设置所有接口仅仅公告本地的ip地址,但是不响应ARP请求。sysctl -p
curl 192.168.168.100
调度器1停止keepalive,模拟挂机
systemctl stop keepalived.service
ip addr
ip addr
vrrp_iptables:##不创建iptables策略
= 2
##设置所有接口仅仅公告本地的ip地址,但是不响应ARP请求。
sysctl -p
curl 192.168.168.100[外链图片转存中...(img-THpIG3tS-1720691877807)]ip addr[外链图片转存中...(img-R6gYbpkO-1720691877807)]ip addr[外链图片转存中...(img-QKEWZ76d-1720691877808)]vrrp_iptables:##不创建iptables策略