LVS-DR+keepalived+DNS实现DNS高可用性:
一、介绍:
结合上一章的DNS主从复制,按现在大多数公司的需求是满足不了的。DNS配置虽然简单易用,但是它在网络中起到了主导作用。
如果客户端设置的这台首选DNS服务器刚好宕机,即使客户端还设置了备用DNS。还是会影响用户的上网速度,因为客户端使用首选DNS去解析,当首选DNS解析不了时,它会等待3秒才会去使用备用DNS。所以这里我要通过LVS-DR+keepalived实现DNS高可用性,也顺便把web的轮询也一起实现了:
LVS-DR+keepalived特点:
LVS负载均衡采用直连路由工作模式(LVS-DR),采用半开放的网络结构,结构与IP隧道模式类似,但各节点并不是分散在各地,而是与调度器位于同一个物理网络,负载调节器与各节点服务器通过本地网络连接,不需要建立专用的IP隧道。
Keepalived采用VRRP热备份协议,以软件的方式实现服务机的多机热备功能。其主要用来提供故障切换和健康检查功能——判断LVS负载调度器、节点服务器的可能性,及时隔离并替换为新的服务器,当故障主机恢复后将其重新加入群集。
- 部署:
1、网络拓扑:
2、环境描述:
| 系统描述 |
|
作用 |
||
| LVS-master |
192.168.10.101 |
主备负载均衡器(同时做web和DNS调度) |
||
| LVS-backup |
192.168.10.102 |
|||
| DNS-master |
192.168.10.103 |
vip:192.168.10.66(主处理DNS轮询请求) |
||
| DNS-backup |
192.168.10.104 |
|||
| Web节点组 |
192.168.10.105-106 |
vip:192.168.10.88(主处理web轮询请求) |
环境准备(6台CentOS7.2系统):
3、关闭防火墙\关闭SeLinux\设置时间同步(所有机器上操作):
systemctl stop firewalld.service && systemctl disable firewalld.service
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0
yum -y install wget net-tools ntp ntpdate lrzsz
systemctl restart ntpdate.service ntpd.service && systemctl enable ntpd.service ntpdate.service
4、配置主机映射/etc/hosts(下面是在LVS-master和LVS-backup操作):
echo 192.168.10.101 linux-node1.server.com >> /etc/hosts
echo 192.168.10.102 linux-node2.server.com >> /etc/hosts
echo 192.168.10.103 linux-node3.server.com >> /etc/hosts
echo 192.168.10.104 linux-node4.server.com >> /etc/hosts
echo 192.168.10.105 linux-node5.server.com >> /etc/hosts
echo 192.168.10.106 linux-node6.server.com >> /etc/hosts
echo nameserver 192.168.10.66 >> /etc/resolv.conf //这里的DNS设置只是临时的,如果是生产环境,一定要在配置文件设置DNS
echo nameserver 192.168.10.103 >> /etc/resolv.conf
echo nameserver 192.168.10.104 >> /etc/resolv.conf
hostnamectl --static set-hostname linux-node1.server.com
bash
- 设置虚拟网卡(下面是在LVS-master和LVS-backup操作):
[root@linux-node1 ~]# cd /etc/sysconfig/network-scripts/
[root@linux-node1 network-scripts]# cp ifcfg-eno16777736 ifcfg-eno16777736:0
[root@linux-node1 network-scripts]# cp ifcfg-eno16777736 ifcfg-eno16777736:1
[root@linux-node1 network-scripts]# cat ifcfg-eno16777736:0
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777736:0
UUID=682b8dd6-92e8-4d7b-aec2-f6bbc85533f8
DEVICE=eno16777736:0
ONBOOT=yes
IPADDR=192.168.10.66
NETMASK=255.255.255.0
[root@linux-node1 network-scripts]# cat ifcfg-eno16777736:1
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777736:0
UUID=682b8dd6-92e8-4d7b-aec2-f6bbc85533f8
DEVICE=eno16777736:0
ONBOOT=yes
IPADDR=192.168.10.88
NETMASK=255.255.255.0
[root@linux-node1 network-scripts]# systemctl restart network
[root@linux-node1 network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:f9:b7:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.101/24 brd 192.168.10.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 192.168.10.66/24 brd 192.168.10.255 scope global secondary eno16777736:0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:b725/64 scope link
valid_lft forever preferred_lft forever
[root@linux-node1 network-scripts]# tail -3 /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eno16777736.send_redirects = 0
[root@linux-node2 ~]# cd /etc/sysconfig/network-scripts/
[root@linux-node2 network-scripts]# cp ifcfg-eno16777736 ifcfg-eno16777736:0
[root@linux-node2 network-scripts]# cp ifcfg-eno16777736 ifcfg-eno16777736:1
[root@linux-node1 network-scripts]# cat ifcfg-eno16777736:0
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777736:0
UUID=682b8dd6-92e8-4d7b-aec2-f6bbc85533f8
DEVICE=eno16777736:0
ONBOOT=yes
IPADDR=192.168.10.66
NETMASK=255.255.255.0
[root@linux-node1 network-scripts]# cat ifcfg-eno16777736:1
TYPE=Ethernet
BOOTPROTO=static
NAME=eno16777736:1
UUID=682b8dd6-92e8-4d7b-aec2-f6bbc85533f8
DEVICE=eno16777736:1
ONBOOT=yes
IPADDR=192.168.10.88
NETMASK=255.255.255.0
[root@linux-node1 network-scripts]# systemctl restart network
[root@linux-node1 network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:f9:b7:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.101/24 brd 192.168.10.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet 192.168.10.66/24 brd 192.168.10.255 scope global secondary eno16777736:0
valid_lft forever preferred_lft forever
inet 192.168.10.88/24 brd 192.168.10.255 scope global secondary eno16777736:1
valid_lft forever preferred_lft forever
inet6 fd05:fa56:9fbc::101/128 scope global tentative dynamic
valid_lft 86405sec preferred_lft 86405sec
inet6 fd05:fa56:9fbc:0:20c:29ff:fef9:b725/64 scope global tentative noprefixroute dynamic
valid_lft 7202sec preferred_lft 1802sec
inet6 fe80::20c:29ff:fef9:b725/64 scope link
valid_lft forever preferred_lft forever
[root@linux-node2 network-scripts]# tail -3 /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eno16777736.send_redirects = 0
最后都要sysctl -p
6、安装ipvsadm和keepalived(下面是在LVS-master和LVS-backup操作):
[root@linux-node1 ~]# yum install ipvsadm -y
[root@linux-node2 ~]# yum install ipvsadm -y
[root@linux-node1 ~]# yum install keepalived -y
[root@linux-node2 ~]# yum install keepalived -y
[root@linux-node1 ~]# lsmod |grep ^ip_vs
ip_vs 140944 0
[root@linux-node2 ~]# lsmod |grep ^ip_vs
ip_vs 140944 0
[root@linux-node1 ~]# ipvsadm --save > /etc/sysconfig/ipvsadm #需要手动去添加这条才能启动
[root@linux-node2 ~]# ipvsadm --save > /etc/sysconfig/ipvsadm
[root@linux-node1 ~]# systemctl start ipvsadm && systemctl enable ipvsadm
[root@linux-node2 ~]# systemctl start ipvsadm && systemctl enable ipvsadm
7、开启路由转发并配置ipvsadm规则(下面是在LVS-master和LVS-backup操作):
[root@linux-node1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@linux-node1 ~]# echo "options ip_vs conn_tab_bits=22" > /etc/modprobe.d/ip_vs.conf //lvs增加并发
[root@linux-node1 ~]# systemctl stop ipvsadm //先关闭ipvsadm,再添加53和80端口的规则
[root@linux-node1 ~]# ipvsadm -A -u 192.168.10.66:53 -s rr
[root@linux-node1 ~]# ipvsadm -a -u 192.168.10.66:53 -r 192.168.10.103 -g -w 1
[root@linux-node1 ~]# ipvsadm -a -u 192.168.10.66:53 -r 192.168.10.104 -g -w 1
[root@linux-node1 ~]# ipvsadm -A -t 192.168.10.88:80 -s rr
[root@linux-node1 ~]# ipvsadm -a -t 192.168.10.88:80 -r 192.168.10.105 -g -w 1
[root@linux-node1 ~]# ipvsadm -a -t 192.168.10.88:80 -r 192.168.10.106 -g -w 1
[root@linux-node1 ~]# ipvsadm --save > /etc/sysconfig/ipvsadm //保存规则,否则重启失效
[root@linux-node1 ~]# cat /etc/sysconfig/ipvsadm
-A -t 192.168.10.88:http -s rr
-a -t 192.168.10.88:http -r linux-node5.server.com:http -g -w 1
-a -t 192.168.10.88:http -r linux-node6.server.com:http -g -w 1
-A -u 192.168.10.66:domain -s rr
-a -u 192.168.10.66:domain -r linux-node3.server.com:domain -g -w 1
-a -u 192.168.10.66:domain -r linux-node4.server.com:domain -g -w 1
[root@linux-node1 ~]# systemctl start ipvsadm
[root@linux-node1 ~]# ipvsadm -L //查看调度规则
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.88:http rr
-> linux-node5.server.com:http Route 1 0 0
-> linux-node6.server.com:http Route 1 0 0
UDP 192.168.10.66:domain rr
-> linux-node3.server.com:domai Route 1 0 0
-> linux-node4.server.com:domai Route 1 0 0
[root@linux-node2 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@linux-node2 ~]# systemctl stop ipvsadm //先关闭ipvsadm,再添加53和80端口的规则
[root@linux-node2 ~]# ipvsadm -A -u 192.168.10.66:53 -s rr
[root@linux-node2 ~]# ipvsadm -a -u 192.168.10.66:53 -r 192.168.10.103 -g -w 1
[root@linux-node2 ~]# ipvsadm -a -u 192.168.10.66:53 -r 192.168.10.104 -g -w 1
[root@linux-node2 ~]# ipvsadm -A -t 192.168.10.88:80 -s rr
[root@linux-node2 ~]# ipvsadm -a -t 192.168.10.88:80 -r 192.168.10.105 -g -w 1
[root@linux-node2 ~]# ipvsadm -a -t 192.168.10.88:80 -r 192.168.10.106 -g -w 1
[root@linux-node2 ~]# ipvsadm --save > /etc/sysconfig/ipvsadm //保存规则,否则重启失效
[root@linux-node2 ~]# cat /etc/sysconfig/ipvsadm
-A -t 192.168.10.88:http -s rr
-a -t 192.168.10.88:http -r linux-node5.server.com:http -g -w 1
-a -t 192.168.10.88:http -r linux-node6.server.com:http -g -w 1
-A -u 192.168.10.66:domain -s rr
-a -u 192.168.10.66:domain -r linux-node3.server.com:domain -g -w 1
-a -u 192.168.10.66:domain -r linux-node4.server.com:domain -g -w 1
[root@linux-node2 ~]# systemctl start ipvsadm
[root@linux-node2 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.88:http rr
-> linux-node5.server.com:http Route 1 0 0
-> linux-node6.server.com:http Route 1 0 0
UDP 192.168.10.66:domain rr
-> linux-node3.server.com:domai Route 1 0 0
-> linux-node4.server.com:domai Route 1 0 0
注意:例如ipvsadm -A -t 192.168.10.88:80 -s rr(-A是添加-t是tcp协议rr是轮询。如果是udp协议,则-t换成-u:u代表udp的意思。)
8、配置LVS调度器keepalived的配置文件(下面是在LVS-master和LVS-backup操作):
keepalived配置双vrrp instance,分别为:WEB实例和DNS实例。
8.1主LVS上keepalived的配置文件内容:
[root@linux-node1 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@linux-node1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { # 全局设置
notification_email { # 设置报警邮件地址
}
notification_email_from abc@xx.com # 设置邮件的发送地址
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_TEST_R1 # 表示该台服务的ID
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
#================WEB-Instance start=====================
vrrp_instance VI_WEB { # vrrp 实例
state MASTER #master状态
interface eno16777736 #绑定vip在那个网卡
virtual_router_id 51 # master和backup的id一致
priority 100
advert_int 1 # master和backup之间的检测时间
authentication {
auth_type PASS
auth_pass yanyb
}
virtual_ipaddress {
192.168.10.88/24 # 设置虚拟IP
}
}
#=================config LVS-WEB======================
virtual_server 192.168.10.88 80 { # 设置虚拟服务器,ip端口以及花边号用逗号隔开
delay_loop 6 # 设置运行情况检查时间,单位是秒
lb_algo rr # 负载算法,这里是rr表示轮询
lb_kind DR # LVS工作机制,这里是DR模式
nat_mask 255.255.255.0
persistence_timeout 50 # 会话保持时间,单位是秒,这个选项对动态网页非常有帮助,为集群系统中的session共享提供了一个很好的解决方案,有了这个会话保持功能,用户的请求会被一直分发到某个服务节点,知道超过这个会话的保持时间,需要注意的是,这个会话保持时间是最大无响应的超时时间,in other words,用户在动态页面50秒以内没有执行任何操作,那么接下来的操作会重新调度到另一个节点上。如果一直在操作则不会影响
protocol TCP # 有TCP,UDP
real_server 192.168.10.105 80 { #设定真实服务器地址以及端口
weight 1 # 设置权重,数字越低,调度的比例越小。
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.106 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
#================DNS-66 Instance start=====================
vrrp_instance VI_DNS {
state BACKUP
interface eno16777736
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass yanyb
}
virtual_ipaddress {
192.168.10.66/24
}
}
#==================config 66 LVS-DNS======================
virtual_server 192.168.10.66 53 {
delay_loop 3
lb_algo rr
lb_kind DR #(注这里有三种方式:NAT/DR/TUN)
nat_mask 255.255.255.0
persistence_timeout 50
protocol UDP
real_server 192.168.103 53 {
weight 100
MISC_CHECK {
connect_port 53
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
misc_path "/usr/bin/sh /etc/keepalived/check_dns_resolve.sh 192.168.10.103"
misc_timeout 5
}
}
real_server 192.168.104 53 {
weight 100
MISC_CHECK {
connect_port 53
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
misc_path "/usr/bin/sh /etc/keepalived/check_dns_resolve.sh 192.168.10.104"
misc_timeout 5
}
}
}
8.2、检测DNS的脚本:
[root@linux-node1 ~]# cat /etc/keepalived/check_dns_resolve.sh
#!/bin/bash
# check dns resolve
a_check="check.healthcheck.check"
ns_ip=$1
port=53
timeout=2
function EchoHelp(){
echo "use: ./check_dns_resolve.sh [ip] {port}"
exit 1
}
if [ $2 ]; then
port=$2
fi
if [ $ns_ip -a $a_check ]; then
/usr/bin/nslookup -timeout=${timeout} -port=$port $a_check $ns_ip > /dev/null
else
EchoHelp
fi
exit $?
[root@linux-node1 ~]# chmod +x /etc/keepalived/check_dns_resolve.sh
8.3、备LVS上keepalived的配置文件内容:
[root@linux-node2 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@linux-node2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_TEST_R2
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
#================WEB-Instance start=====================
vrrp_instance VI_WEB {
state BACKUP
interface eno16777736
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass yanyb
}
virtual_ipaddress {
192.168.10.88/24
}
}
#=================config LVS-WEB======================
virtual_server 192.168.10.88 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.10.105 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.10.106 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
#================DNSInstance start=====================
vrrp_instance VI_DNS {
state MASTER
interface eno16777736
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass yanyb
}
virtual_ipaddress {
192.168.10.66/24
}
}
#==================config LVS-DNS======================
virtual_server 192.168.10.66 53 {
delay_loop 3
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
# persistence_timeout 50
protocol UDP
real_server 192.168.103 53 {
weight 100
MISC_CHECK {
connect_port 53
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
misc_path "/usr/bin/sh /etc/keepalived/check_dns_resolve.sh 192.168.10.103"
misc_timeout 5
}
}
real_server 192.168.104 53 {
weight 100
MISC_CHECK {
connect_port 53
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
misc_path "/usr/bin/sh /etc/keepalived/check_dns_resolve.sh 192.168.10.103"
misc_timeout 5
}
}
}
8.4、检测DNS的脚本:
[root@linux-node2 ~]# cat /etc/keepalived/check_dns_resolve.sh
#!/bin/bash
# check dns resolve
a_check="check.healthcheck.check"
ns_ip=$1
port=53
timeout=2
function EchoHelp(){
echo "use: ./check_dns_resolve.sh [ip] {port}"
exit 1
}
if [ $2 ]; then
port=$2
fi
if [ $ns_ip -a $a_check ]; then
/usr/bin/nslookup -timeout=${timeout} -port=$port $a_check $ns_ip > /dev/null
else
EchoHelp
fi
exit $?
[root@linux-node2 ~]# chmod +x /etc/keepalived/check_dns_resolve.sh
9、配置LVS节点服务器脚本(WEB节点与DNS节点都要配置)
9.1 DNS节点的配置内容(主备DNS配置vip,并启动vip):
[root@linux-node3 ~]# cat /etc/init.d/dns_vip.sh
#!/bin/bash
#description:config lvs-vip
vip=192.168.10.66
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
sysctl -p >/dev/null 2>&1
/usr/sbin/ifconfig lo:0 $vip netmask $mask broadcast $vip up
/usr/sbin/route add -host $vip dev lo:0
echo "start VIP OK!!"
;;
stop)
/usr/sbin/ifconfig lo:0 down
/usr/sbin/route del $vip >/dev/null 2>&1
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "stop VIP !!"
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
[root@linux-node3 ~]# chmod +x /etc/init.d/dns_vip.sh
[root@linux-node3 ~]# /etc/init.d/dns_vip.sh start
start VIP OK!!
[root@linux-node3 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.103 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fd05:fa56:9fbc::884 prefixlen 128 scopeid 0x0<global>
inet6 fe80::20c:29ff:fe67:a281 prefixlen 64 scopeid 0x20<link>
inet6 fd05:fa56:9fbc:0:20c:29ff:fe67:a281 prefixlen 64 scopeid 0x0<global>
ether 00:0c:29:67:a2:81 txqueuelen 1000 (Ethernet)
RX packets 25913 bytes 25518120 (24.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20641 bytes 1782415 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 56 bytes 5854 (5.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 56 bytes 5854 (5.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.66 netmask 255.255.255.255
loop txqueuelen 0 (Local Loopback
[root@linux-node4 ~]# /etc/init.d/dns_vip.sh start
start VIP OK!!
[root@linux-node4 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.87.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:40:1f:12:0c txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.104 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fd05:fa56:9fbc::eb8 prefixlen 128 scopeid 0x0<global>
inet6 fd05:fa56:9fbc:0:20c:29ff:feb4:91ca prefixlen 64 scopeid 0x0<global>
inet6 fe80::20c:29ff:feb4:91ca prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b4:91:ca txqueuelen 1000 (Ethernet)
RX packets 17149 bytes 15115091 (14.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14432 bytes 1217454 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 65 bytes 6923 (6.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65 bytes 6923 (6.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.66 netmask 255.255.255.255
loop txqueuelen 0 (Local Loopback)
9.2、在区域配置文件添加A记录(主备DNS配置操作,如果DNS安装部署请看上一章):
[root@linux-node3 ~]# cat /var/named/server.com.zone
$TTL 3600
@ SOA server.com. admin.server.com. (
2000 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS linux-node3.server.com.
IN NS linux-node4.server.com.
linux-node3 IN A 192.168.10.103
linux-node4 IN A 192.168.10.104
abc IN A 192.168.10.104
vip IN A 192.168.10.66
[root@linux-node3 ~]# cat /var/named/10.168.192.arpa
$TTL 3600
@ SOA server.com. admin.server.com. (
2000 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS linux-node3.server.com.
IN NS linux-node4.server.com.
103 IN PTR linux-node3.server.com.
104 IN PTR linux-node4.server.com.
104 IN PTR abc.server.com.
66 IN PTR vip.server.com.
[root@linux-node3 ~]#
[root@linux-node3 ~]# rndc reload #这里主从都reload
server reload successful
9.3、 WEB节点的配置内容(web的所有节点都配置vip,并启动vip):
[root@linux-node5 ~]# cat /etc/init.d/web_vip.sh
#!/bin/bash
#description:config lvs-vip
vip=192.168.10.88
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
sysctl -p >/dev/null 2>&1
/usr/sbin/ifconfig lo:0 $vip netmask $mask broadcast $vip up
/usr/sbin/route add -host $vip dev lo:0
echo "start VIP OK!!"
;;
stop)
/usr/sbin/ifconfig lo:0 down
/usr/sbin/route del $vip >/dev/null 2>&1
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "stop VIP !!"
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
[root@linux-node5 ~]# chmod +x /etc/init.d/web_vip.sh
[root@linux-node5 ~]# /etc/init.d/web_vip.sh start
start VIP OK!!
[root@linux-node5 ~]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.20.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:49:62:01:b2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.105 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fd05:fa56:9fbc:0:20c:29ff:fe80:dd8d prefixlen 64 scopeid 0x0<global>
inet6 fe80::20c:29ff:fe80:dd8d prefixlen 64 scopeid 0x20<link>
inet6 fd05:fa56:9fbc::a78 prefixlen 128 scopeid 0x0<global>
ether 00:0c:29:80:dd:8d txqueuelen 1000 (Ethernet)
RX packets 533 bytes 49113 (47.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 472 bytes 54298 (53.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.88 netmask 255.255.255.255
loop txqueuelen 0 (Local Loopback)
[root@linux-node6 ~]# /etc/init.d/web_vip.sh start
start VIP OK!!
[root@linux-node6 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.106 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe7a:f77a prefixlen 64 scopeid 0x20<link>
inet6 fd05:fa56:9fbc::c36 prefixlen 128 scopeid 0x0<global>
inet6 fd05:fa56:9fbc:0:20c:29ff:fe7a:f77a prefixlen 64 scopeid 0x0<global>
ether 00:0c:29:7a:f7:7a txqueuelen 1000 (Ethernet)
RX packets 11472 bytes 15810540 (15.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6340 bytes 477464 (466.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.10.88 netmask 255.255.255.255
loop txqueuelen 0 (Local Loopback)
9.4、web节点都安装apche做测试(web的所有节点都操作):
[root@linux-node5 ~]# yum -y install httpd
[root@linux-node5 ~]# echo “<h1>web1</h1>” > /var/www/html/index.html
[root@linux-node5 ~]# systemctl start httpd
[root@linux-node6 ~]# yum -y install httpd
[root@linux-node6 ~]# echo “<h1>web2</h1>” > /var/www/html/index.html
[root@linux-node6 ~]# systemctl start httpd
10、综合测试
测试之前要启动相关服务(keepalived、lvs节点脚本、节点Apache、节点DNS服务器等)
10.1、启动负载均衡调度器的keepalived服务(要确保DNS、DNS的vip;WEB、WEB的vip;还有ipvsadm这些服务都是正常启动的。)
[root@linux-node1 ~]# systemctl start keepalived
[root@linux-node2 ~]# systemctl start keepalived
10.2、web网页轮询测试:
然后验证:
10.3、DNS轮询测试,使用其中一个web当作客户端:
10.4、keepalived主从上vip切换测试:
再次启动后vip192.168.10.66又自动切回来,但是丢了一个包:
将node1的将node2的keepalived停掉:
Vip也可以切换过来:
OK到这里LVS-DR+keepalived实现DNS和web轮询就完成。