48、DR+keepalive

DR+keepalive

注意vrrp_iptables:##不创建iptables策略

keepalive的脑裂问题怎么解决？

DR+keepalive解决主服务器挂了，备服务器立即进入工作。

DR+keepalive思路

主调度器：test1：192.168.168.100副调度器：test2：192.168.168.100RS服务器1：192.168.168.10:80RS服务器2：192.168.168.20:80客户端：192.168.168.70

主、备调度器配置：

安装ipvsadm、keekpalived

yum -y install ipvsadm keekpalived

配置vim /etc/sysctl.conf

net.ipv4.ip_forward=0
#关闭数据包转发功能
net.ipv4.conf.all.send_redirects = 0
##禁止系统发送icmp重定向的消息。###lo回环接口不接收icmp消息。只针对真实的ip地址。
net.ipv4.conf.default.send_redirects = 0
##禁止网络接口发送icmp重定向的消息。
net.ipv4.conf.ens33.send_redirects = 0
##针对ens33设备，禁止发送icmp重定向消息。

再配置调度器四层转发规则

ipvsadm -A -t 192.168.168.100:80 -s rr
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.10:80 -g
ipvsadm -a -t 192.168.168.100:80 -r 192.168.168.20:80 -g

core模块：keepalive的核心模块，负责主进程的启动、以及全局文件的加载。

vrrp模块：实现vrrp协议的模块，也就是主功能模块。

check模块：负责健康检查。也可以负责检查后台真实服务器的情况。

vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id lvs_01vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_iptables
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.168.100}
}virtual_server 192.168.168.100 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 0protocol TCPreal_server 192.168.168.10 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}real_server 192.168.168.20 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}
}

systemctl restart keepalived.service
iptables -vnL

调度器/etc/keepalived/keepalived.conf复制完进行修改

进调度器2进行配置/etc/keepalived/keepalived.conf

scp root@192.168.168.50:/etc/keepalived/keepalived.conf /etc/keepalived/

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id lvs_02vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_iptables
}vrrp_instance VI_2 {state BACKUPinterface ens33virtual_router_id 51priority 95advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.168.100}
}virtual_server 192.168.168.100 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 0protocol TCPreal_server 192.168.168.10 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}real_server 192.168.168.20 80 {weight 1TCP_CHECK {connect_port 80connect_timeout 3nb_get_retry 3delay_before_retry 4}}
}

systemctl stop keepalived.service
systemctl restart network

两台RS服务器配置

设置虚拟回环接口

服务器1：vim /usr/local/nginx/html/index.html this is nginx1systemctl restart nginx服务器2：vim /usr/local/nginx/html/index.html this is nginx2systemctl restart nginx

两台服务器RS同时开启：

DEVICE=lo:0
IPADDR=192.168.168.100
NETMASK=255.255.255.255ONBOOT=yescd /etc/sysconfig/network-scripts/vim /etc/sysctl.confroute add -host 192.168.168.100 dev lo:0设置ip地址为192.168.168.100的只添加到回环接口，做为lvs的vip。通过路由的模式转发到RS，能让vip识别到真实的服务器。vim /etc/sysctl.confnet.ipv4.conf.lo.arp_ignore = 1#设置回环接口忽略来自任何接口的ARP请求
net.ipv4.conf.lo.arp_announce = 2
#设置回环地址仅仅公告本地的ip地址，但是不响应ARP请求
net.ipv4.conf.all.arp_ignore = 1
##设置所有接口忽略来自任何接口的ARP请求
net.ipv4.conf.all.arp_announce = 2
##设置所有接口仅仅公告本地的ip地址，但是不响应ARP请求。sysctl -p

curl 192.168.168.100

调度器1停止keepalive，模拟挂机
systemctl stop keepalived.service
ip addr

ip addr

vrrp_iptables:##不创建iptables策略
= 2
##设置所有接口仅仅公告本地的ip地址，但是不响应ARP请求。

sysctl -p

curl 192.168.168.100[外链图片转存中...(img-THpIG3tS-1720691877807)]ip addr[外链图片转存中...(img-R6gYbpkO-1720691877807)]ip addr[外链图片转存中...(img-QKEWZ76d-1720691877808)]vrrp_iptables:##不创建iptables策略