一、环境规划
1.1、服务器环境规划 负载服务器master及WEB服务器1真实IP 192.168.221.131负载服务器backup及WEB服务器2真实IP 192.168.221.132
负载服务器虚拟IP 192.168.221.100
1.2、软件安装规划 操作系统:CentOS Linux 5.11 X86-64,内核版本:2.6.18-398.el5 需要安装GCC编译器及openssl等包 --192.168.221.131及192.168.221.132安装JDK及Tomcat环境
JDK版本:jdk-6u45-linux-x64-rpm.bin Tomcat版本:apache-tomcat-7.0.56.tar.gzJDK安装:
chmod +x jdk-6u45-linux-x64-rpm.bin ./jdk-6u45-linux-x64-rpm.bin vim /etc/profile 添加如下内容: ########sun jdk####### JAVA_HOME=/usr/java/jdk1.6.0_45 JRE_HOME=/usr/java/jdk1.6.0_45/jre PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export JAVA_HOME JRE_HOME PATH CLASSPATH Tomcat安装: tar -zxvf apache-tomcat-7.0.56.tar.gz -C /usr/local/ cd /usr/local/apache-tomcat-7.0.56/webapps/ROOT/ echo "192.168.221.131" > ip.html /usr/local/apache-tomcat-7.0.56/bin/startup.sh root@DR1 ROOT]# netstat -anptul|grep 8080 tcp 0 0 :::8080 :::* LISTEN 16312/java iptables开启8080端口 iptables -I RH-Firwall-1-INPUT 12 -m state --state NEW -p tcp --dport 8080 -j ACCEPT iptables-save > /etc/sysconfig/iptables 测试: [root@DR2 ROOT]# elinks --dump http://192.168.221.131:8080/ip.html 192.168.221.131二、LVS和Keepalived的部署
2.1、LVS的安装 yum install ipvsadm 这里安装的版本是:ipvsadm-1.24-13.el5.x86_64 2.2、Keepalived的安装 tar -zxvf keepalived-1.2.12.tar.gz -C /usr/local/src/ cd /usr/local/src/keepalived-1.2.12/ ./configure --with-kernel-dir=/usr/src/kernels/2.6.18-398.el5-x86_64/ make && make install ln -s /usr/local/sbin/keepalived /sbin/ ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/ ll /etc/init.d/keepalived chkconfig --add keepalived chkconfig --level 35 keepalived on service keepalived status ln -s /usr/local/etc/keepalived/ /etc/ ll /etc/keepalived/ vim /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {
notification_email { lijianmin@pancou.com #设置报警接收邮件地址,可以有多个邮件,每行一个。 #如果要开启邮件报警,需要开启本机的sendmail服务。 } notification_email_from Alexandre.Cassen@firewall.loc #设置邮件的发送地址 smtp_server 192.168.1.1 #设置smtp_server服务器的地址 smtp_connect_timeout 30 #设置连接smtp服务器超时时间 router_id LVS_DEVEL #标识keepalived服务的ID号,两边lvs_server服务都一致 }vrrp_instance VI_1 {
state MASTER #指定keepalived的角色,MASTER表示主服务器,BACKUP表示备用服务器。 interface eth0 #指定HA的检测网络接口 virtual_router_id 51 #虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识, #即同一个vrrp_instance下,MASTER和BACKUP必须是一致的。 priority 100 #定义优先级,数字越大优先级越高。在一个vrrp_instance下, #BACKUP的优先级必须小于MASTER的优先级。 advert_int 1 #设置MASTER与BACKUP的负载均衡器之间的同步检查的时间间隔,单位是秒。 authentication { auth_type PASS #设置验证类型,主要有PASS和AH auth_pass 1111 #设置验证密码,在一个vrrp_instace下,MASTER与BACKUP必须使用相同的密码才能通信。 } virtual_ipaddress { 192.168.221.100 #虚拟IP地址,可以设置多个虚拟IP } } virtual_server 192.168.221.100 8080 { delay_loop 6 #(每隔6秒查询real_server状态) lb_algo wrr #(负载均衡调度算法,常用wlc,rr,此处为加权轮询) lb_kind DR #(负载均衡转发规则,一般包括DR,NAT,TUN) nat_mask 255.255.255.0 persistence_timeout 50 #会话保持时间,单位是秒,这个选项对动态网网页是非常重要的,为集群系统中断 #session共享提供了一个很好的解决方案,有了这个会话保持功能,用户的会话请求会被 #一直分发到同一个服务节点,直到超过这个会话保持的时间。需要注意的是,这个会话保 #持时间是最大无响应超时时间,也就是说,用户在操作动态页面时,如果在50秒内用户没 #有执行任何操作,那么接下来的操作会被分发到另外的节点,如果用户一执照在操作动态 #页面则不受50秒的时间限制。 protocol TCP #指定协议有TCP和UDP两种real_server 192.168.221.131 8080 {
weight 1 #权重值 TCP_CHECK { connect_timeout 3 #连接超时时间 nb_get_retry 3 #重试次数 delay_before_retry 3 #重试间隔 connect_port 8080 } }real_server 192.168.221.132 8080 {
weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8080 } } }三、配置Real Server节点 vim real_lvs.sh #!/bin/bashVIP=192.168.221.100/etc/rc.d/init.d/functions
case "$1" in
start)
echo "Start LVS of Real Server......"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
# /sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
echo "Stop LVS of Real Server...."
/sbin/ifconfig lo:0 down
# /sbin/route del -host $VIP dev lo:0
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
chmod +x real_lvs.shcp real_lvs.sh /etc/init.d/real_lvs.sh
/etc/init.d/real_lvs.sh startifconfig [root@DR2 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:5D:71:26 inet addr:192.168.221.131 Bcast:192.168.221.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5d:7126/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18922202 errors:0 dropped:0 overruns:0 frame:0 TX packets:18904332 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1222870584 (1.1 GiB) TX bytes:1222061563 (1.1 GiB)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:15931 errors:0 dropped:0 overruns:0 frame:0 TX packets:15931 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:905854 (884.6 KiB) TX bytes:905854 (884.6 KiB)lo:0 Link encap:Local Loopback
inet addr:192.168.221.100 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:16436 Metric:1service keepalived startip addr show[root@DR1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 192.168.221.100/32 brd 192.168.221.100 scope global lo:0 inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:15:20:7e brd ff:ff:ff:ff:ff:ff inet 192.168.221.132/24 brd 192.168.221.255 scope global eth0 inet 192.168.221.100/32 scope global eth0 inet6 fe80::20c:29ff:fe15:207e/64 scope link valid_lft forever preferred_lft forever3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0[root@DR1 ~]# 四、测试4.1 负载均衡如果多次打开浏览器,通过虚拟IP访问网站,应当会将负载均衡到两台服务器上
第一次打开一个浏览器中输入http://192.168.221.100:8080/ip.html,显示192.168.221.131(或132)
第二次打开浏览器(新开浏览器窗口),输入http://192.168.221.100:8080/ip.html,显示192.168.221.132(或131)
4.2 故障转移
停止192.168.1.16上TOMCAT服务,这时通过虚拟IP就能访问到网站,且是访问的192.168.17服务器
/usr/local/apache-tomcat-7.0.56/bin/startup.sh
第一次打开一个浏览器中输入http://192.168.221.100:8080/ip.html,显示192.168.221.131第二次打开浏览器(新开浏览器窗口),输入http://192.168.221.100:8080/ip.html,显示192.168.221.132
可以看到网站依然可以访问,且都是访问的192.168.221.131服务器,此时我们再将192.168.221.132服务器的tomcat服务启动,应又能进行负载均衡
/usr/local/apache-tomcat-7.0.56/bin/startup.sh 可以查看tail /var/log/messages[root@DR1 ~]# tail -50 /var/log/messages Nov 27 23:40:23 DR1 Keepalived_healthcheckers[16369]: Netlink reflector reports IP fe80::20c:29ff:fe15:207e addedNov 27 23:40:23 DR1 avahi-daemon[3376]: New relevant interface eth0.IPv6 for mDNS.Nov 27 23:40:23 DR1 avahi-daemon[3376]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::20c:29ff:fe15:207e.Nov 27 23:40:23 DR1 avahi-daemon[3376]: Registering new address record for fe80::20c:29ff:fe15:207e on eth0.Nov 27 23:40:24 DR1 Keepalived_vrrp[16371]: Kernel is reporting: interface eth0 UPNov 27 23:40:24 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Transition to MASTER STATENov 27 23:40:24 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Received lower prio advert, forcing new electionNov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Entering MASTER STATENov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) setting protocol VIPs.Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.221.100Nov 27 23:40:25 DR1 Keepalived_vrrp[16371]: Netlink reflector reports IP 192.168.221.100 addedNov 27 23:40:25 DR1 Keepalived_healthcheckers[16369]: Netlink reflector reports IP 192.168.221.100 addedNov 27 23:40:25 DR1 avahi-daemon[3376]: Registering new address record for 192.168.221.100 on eth0.Nov 27 23:40:30 DR1 Keepalived_vrrp[16371]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.165 其它操作 5.1 查看WEB服务器虚拟IP查看方法:ip add show,因为我们这里是WEB服务器和LVS服务器是同一台机器,所以本处lo及eth0上都有虚拟IP地址,WEB服务器上是看lo这里。