主机环境 redhat6.5 64位
实验环境 服务端1 ip172.25.25.113 主机名:server3.example.com
服务端2 ip 172.25.25.114 主机名:server4.example.com
调度端2 ip 172.25.25.112 主机名:server2.example.com
调度端1 ip 172.25.25.111 主机名:server1.example.com
防火墙状态:关闭
虚拟ip(vip): 172.25.25.200/24
1.LVS之DR的配置及测试
1.添加vip、将调度策略写进内核(调度器端)
1.添加vip
[[email protected] ~]# ip addr add 172.25.25.200/24 dev eth0 #添加一个vip
[[email protected] ~]# ip addr show #查看
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueuestate UNKNOWN
link/loopback 00:00:00:00:00:00brd 00:00:00:00:00:00
inet 127.0.0.1/8scope host lo
inet6 ::1/128 scopehost
valid_lft foreverpreferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UP qlen 1000
link/ether 52:54:00:85:1a:3bbrd ff:ff:ff:ff:ff:ff
inet 172.25.25.112/24brd 172.25.25.255 scope global eth0
inet 172.25.25.200/24scope global secondary eth0 #添加成功
inet6fe80::5054:ff:fe85:1a3b/64 scope link
valid_lft foreverpreferred_lft forever
2.用ipvsadm工具将策略写进内核
[[email protected] ~]# yum install ipvsadm -y #安装ipvsadm
[[email protected] ~]# ipvsadm -A -t 172.25.25.200:80 -s rr #写策略,添加httpd服务,机制轮叫
[[email protected] ~]# ipvsadm -a -t 172.25.25.200:80 -r172.25.25.113:80 -g #添加服务器
[[email protected] ~]# ipvsadm -a -t 172.25.25.200:80 -r172.25.25.114:80 -g
[[email protected] ~]# ipvsadm -ln #查看,添加成功
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
->RemoteAddress:Port ForwardWeight ActiveConn InActConn
TCP 172.25.25.200:80 rr
->172.25.25.113:80 Route 1 0 0
->172.25.25.114:80 Route 1 0 0
2.安装httpd、添加虚拟ip、添加arp火墙策略(服务器端)
1.写测试页、开启httpd
[[email protected] ~]# yum install -y httpd #安装httpd
[[email protected] ~]# vim /var/www/html/index.html #写测试页
server3.example.com
[[email protected] ~]# /etc/init.d/httpd start #开启httpd
Starting httpd: [ OK ]
2.用arptables工具添加火墙策略
[[email protected] ~]# yum install arptables_jf -y #安装arptables_jf工具
[[email protected] ~]# ip addr add 172.25.25.200/24 dev eth0 #添加虚拟ip
#添加arp火墙策略(禁止从172.25.25.200进来的访问,允许从72.25.25.200出去的访问且经出去的ip变成自己的ip172.25.25.113)
[[email protected] ~]# arptables -A IN -d 172.25.25.200 -j DROP
[[email protected] ~]# arptables -A OUT -s 172.25.25.200 -j mangle--mangle-ip-s 172.25.25.113
[[email protected] ~]# /etc/init.d/arptables_jf save #保存
Saving current rules to /etc/sysconfig/arptables: [ OK ]
[[email protected] ~]# arptables -L #查看
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.25.200 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.25.200 anywhere anywhere anywhere any any any any --mangle-ip-s server3.example.com
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
3.测试
#刚开始是服务端1
#刷新之后,服务端2
[[email protected] ~]# /etc/init.d/httpd stop #将服务端1的httpd停掉
Stopping httpd: [ OK ]
#服务在服务端2,刷新也没变
为了避免单点故障,要将DR添加到高可用集群(HA)中,下面介绍的是添加到HA的heartbeat中。由于heartheat对后端没有健康检查,这就需要借助ldirectord对heartbeat进行后端检查。即将DR添加到ldirectord中,再将ldirectord服务添加到heartbeat中,前面博文中已经有heartdbeat的安装和测试,可以参考前面的博文。
2.将DR添加到ldirectord服务中,再将ldirectord服务添加到高可用集群(HA)的heartbeat中、测试
1.配置ldirectord、测试(调度端)
#在管理端1和管理端2安装、配置好heartbeat的情况下
1.配置ldirectord、查看策略是否写进内核
[[email protected] yum.repos.d]# cd/usr/share/doc/ldirectord-3.9.5/
[[email protected] ldirectord-3.9.5]# ls
COPYING ldirectord.cf
[[email protected] ldirectord-3.9.5]# cp ldirectord.cf/etc/ha.d/ #复制
[[email protected] ldirectord-3.9.5]# cd /etc/ha.d/
[[email protected] ha.d]# vim ldirectord.cf #进入配置文件
25virtual=172.25.25.200:80 #虚拟ip
26 real=172.25.25.113:80 gate #真正的服务端
27 real=172.25.25.114:80 gate #同上
28 fallback=127.0.0.1:80 gate #当所有服务端都出故障之后,使用本地回环
29 service=http #服务httpd
30 scheduler=rr #机制轮叫
31 #persistent=600
32 #netmask=255.255.255.255
33 protocol=tcp #协议
34 checktype=negotiate
35 checkport=80 端口
36 request="index.html" #服务的测试页名称
37 # receive="Test Page"
38 # virtualhost=www.x.y.z
[[email protected] ha.d]# /etc/init.d/ipvsadm stop #停掉ipvsadm
ipvsadm: Clearing the current IPVS table: [ OK ]
ipvsadm: Unloading modules: [ OK ]
[[email protected] ha.d]# ipvsadm -L #查看,没有策略
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
->RemoteAddress:Port ForwardWeight ActiveConn InActConn
[[email protected] ha.d]# /etc/init.d/ldirectord restart #开启ldirectord
Restarting ldirectord... success
[[email protected] ha.d]# ipvsadm -L #查看
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
->RemoteAddress:Port ForwardWeight ActiveConn InActConn
TCP 172.25.25.200:httprr
->server3.example.com:http Route 1 0 0
->172.25.25.114:http Route 1 0 0
2.测试
#刚开始是服务端1
#刷新之后,服务端2
#将停掉服务端1和服务端2的httpd,测试
[[email protected] ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[[email protected] yum.repos.d]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
#本地回环
2.将ldirectord服务添加到heartbeat中
[[email protected] ha.d]# vim haresources
150 server1.example.com IPaddr::172.25.25.200/24/eth0ldirectord httpd #添加虚拟ip,调度,httpd服务
[[email protected] ha.d]# /etc/init.d/ldirectord stop #将ldirectord服停止(不能手动开启)
Stopping ldirectord... Success
[[email protected] ha.d]# ip addr del 172.25.25.200/24 dev #将vip删掉
[[email protected] ha.d]# /etc/init.d/heartbeat start #开启heartbeat
Starting High-Availability services: INFO: Resource is stopped
Done.
[[email protected] ha.d]# scp haresources 1ldirectord.cf72.25.25.111:/etc/ha.d/ #将修改过的文件传给服务端1
[email protected]‘s password:
haresources 100%5972 5.8KB/s 00:00
ldirectord.cf 100%8281 8.1KB/s 00:00
[[email protected] ha.d]# /etc/init.d/heartbeat start #开启服务端1的heartbeat
Starting High-Availability services: INFO: Resource is stopped
Done.
3.整体测试
#将服务开启之后,服务在服务端1(主)
[[email protected] ha.d]# ip addr show #查看ip
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueuestate UNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8scope host lo
inet6 ::1/128 scopehost
valid_lft foreverpreferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UP qlen 1000
link/ether 52:54:00:ec:8b:36brd ff:ff:ff:ff:ff:ff
inet 172.25.25.111/24brd 172.25.25.255 scope global eth0
inet 172.25.25.200/24brd 172.25.25.255 scope global secondary eth0 #虚拟ip成功
inet6fe80::5054:ff:feec:8b36/64 scope link
valid_lft foreverpreferred_lft forever
[[email protected] ha.d]# /etc/init.d/heartbeat stop #若将服务端1的heartbeat停掉
Stopping High-Availability services: Done.
#测试,服务到了服务端2(备)
[[email protected] ha.d]# ip addr show #查看ip,虚拟ip到了服务端2
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueuestate UNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8scope host lo
inet6 ::1/128 scopehost
valid_lft foreverpreferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UP qlen 1000
link/ether52:54:00:85:1a:3b brd ff:ff:ff:ff:ff:ff
inet 172.25.25.112/24brd 172.25.25.255 scope global eth0
inet 172.25.25.200/24brd 172.25.25.255 scope global secondary eth0#虚拟ip
inet6fe80::5054:ff:fe85:1a3b/64 scope link
valid_lft foreverpreferred_lft forever
[[email protected] ha.d]# /etc/init.d/heartbeat start #将服务端1的heartbeat开启
Starting High-Availability services: INFO: Resource is stopped
Done.
#测试,服务自动回到了服务端1(主)
[[email protected] ha.d]# ip addr show #查看ip,虚拟ip自动回到到了服务端1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueuestate UNKNOWN
link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8scope host lo
inet6 ::1/128 scopehost
valid_lft foreverpreferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UP qlen 1000
link/ether52:54:00:ec:8b:36 brd ff:ff:ff:ff:ff:ff
inet 172.25.25.111/24brd 172.25.25.255 scope global eth0
inet 172.25.25.200/24brd 172.25.25.255 scope global secondary eth0
inet6fe80::5054:ff:feec:8b36/64 scope link
valid_lft foreverpreferred_lft forever