Centos7-Lvs+Keepalived架構
LVS+Keepalived
介紹
1?、???LVS
LVS?是一個開源的軟件,可以實現?LINUX?平臺下的簡單負載均衡。?LVS?是?Linux Virtual Server?的縮寫,意思是?Linux?虛擬服務器。目前有三種?IP?負載均衡技術(?VS/NAT?、?VS/TUN?和?VS/DR?);八種調度算法(?rr,wrr,lc,wlc,lblc,lblcr,dh,sh?)。
2?、???keepalived
Keepalived??是運行在?lvs??之上,是一個用于做雙機熱備(?HA?)的軟件,它的主要功能是實現真實機的故障隔離及負載均衡器間的失敗切換,提高系統的可用性。
運行原理
keepalived?通過選舉(看服務器設置的權重)挑選出一臺熱備服務器做?MASTER?機器,?MASTER?機器會被分配到一個指定的虛擬?ip?,外部程序可通過該ip?訪問這臺服務器,如果這臺服務器出現故障(斷網,重啟,或者本機器上的?keepalived crash?等),?keepalived?會從其他的備份機器上重選(還是看服務器設置的權重)一臺機器做?MASTER?并分配同樣的虛擬?IP?,充當前一臺?MASTER?的角色。
選舉策略
選舉策略是根據?VRRP?協議?,完全按照權重大小,權重最大(?0?~?255?)的是?MASTER?機器,下面幾種情況會觸發選舉。
1.?keepalived?啟動的時候;
2. master?服務器出現故障(斷網,重啟,或者本機器上的?keepalived crash?等,而本機器上其他應用程序?crash?不算);
3.?有新的備份服務器加入且權重最大。
配置實例
lvs_vip?:?172.16.10.188
lvs1+keepalived?主:?172.16.10.102
lvs2+keepalived?備:?172.16.10.142
nginx1?:?172.16.10.162
nginx2?:?172.16.10.167
安裝?ipvsadm?和?keepalived
#?yum?-y?install?ipvsadm?keepalived
修改?keepalived?主的配置
#?vim/etc/keepalived/keepalived.conf
global_defs{
notification_email{******@163.com?????????#報警接收人,多個寫多行}notification_email_from?******@163.com????#報警發件人smtp_server?smtp.163.com???#發送email時使用的smtp服務器地址smtp_connect_timeout?30???#smtp超時時間router_id?LVS1??????#表示運行keepalived服務器的一個標識,發郵件時顯示在郵件主題的信息
}
#不使用SYNCGroup的話,如果路由有2個網段,一個內網,一個外網,每個網段開啟一個VRRP實例,假設VRRP配置為檢查內網,那么當外網出現問題時,VRRP會認為自己是健康的,則不會發送Master和Backup的切換,從而導致問題,SyncGroup可以把兩個實例都放入SyncGroup,這樣的話,Group里任何一個實例出現問題都會發生切換
vrrp_sync_grouptest?{?????
group{loadbalance
}
}vrrp_instanceloadbalance?{state?MASTER??????????#指定keepalived的角色,MASTER表示此主機是主服務器,BACKUP表示此主機是備用服務器interface?eno16777736???#指定HA監測網絡的接口lvs_sync_daemon_inteface?eno16777736????#負載均衡器之間的監控接口,類似于HA?HeartBeat的心跳線virtual_router_id?38????#虛擬路由標識,這個標識是一個數字,同一個vrrp實例使用唯一的標識。即同一vrrp_instance下,MASTER和BACKUP必須是一致的priority?100????#定義優先級,數字越大,優先級越高,在同一個vrrp_instance下,MASTER的優先級必須大于BACKUP的優先級advert_int?5???#定MASTER與BACKUP負載均衡器之間同步檢查的時間間隔,單位是秒
authentication{auth_type?PASS???#設置驗證類型,主要有PASS和AH兩種auth_pass?1111???#設置驗證密碼,在同一個vrrp_instance下,MASTER與BACKUP必須使用相同的密碼才能正常通信
}
virtual_ipaddress{172.16.10.188???#設置虛擬IP地址,可以設置多個虛擬IP地址,每行一個
}
}virtual_server172.16.10.188?80?{?????#設置虛擬服務器,需要指定虛擬IP地址和服務端口,IP與端口之間用空格隔開delay_loop?6????#設置運行情況檢查時間,單位是秒lb_algo?rr????#設置負載調度算法,這里設置為rr,即輪詢算法lb_kind?DR???#設置LVS實現負載均衡的機制,有NAT、TUN、DR三個模式可選#persistence_timeout?20???#會話保持時間,單位是秒。這個選項對動態網頁是非常有用的,為集群系統中的session共享提供了一個很好的解決方案。protocol?TCP???#指定轉發協議類型,有TCP和UDP兩種real_server?172.16.10.162?80?{????#配置服務節點1,需要指定realserver的真實IP地址和端口,IP與端口之間用空格隔開weight1???#配置服務節點的權值,權值大小用數字表示,數字越大,權值越高TCP_CHECK?{connect_timeout?3???#表示3秒無響應超時nb_get_retry?3???#表示重試次數delay_before_retry?3??#表示重試間隔
}
}real_server?172.16.10.167?80?{weight?1TCP_CHECK?{connect_timeout?3nb_get_retry?3delay_before_retry?3
}
}
}virtual_server172.16.10.188?443?{delay_loop?6lb_algo?rrlb_kind?DR#persistence_timeout?20protocol?TCPreal_server?172.16.10.162?443?{weight?1TCP_CHECK?{connect_timeout?3nb_get_retry?3delay_before_retry?3
}
}real_server?172.16.10.167?443?{weight?1TCP_CHECK?{connect_timeout?3nb_get_retry?3delay_before_retry?3
}
}
} 修改?keepalived?備的配置
基本都和主一樣,只需要修改幾處
state??BACKUP priority??99 router_id??LVS2
在兩臺?lvs?服務器上開啟路由轉發功能
#?vim/etc/sysctl.conf net.ipv4.ip_forward=?1 #?sysctl-p
添加?realserver ip?地址
#?ipvsadm-A?-t?172.16.10.188:80?-s?rr #?ipvsadm-a?-t?172.16.10.188:80?-r?172.16.10.162:80?-w?1 #?ipvsadm-a?-t?172.16.10.188:80?-r?172.16.10.167:80?-w?1 #?ipvsadm-A?-t?172.16.10.188:443?-s?rr #?ipvsadm-a?-t?172.16.10.188:443?-r?172.16.10.162:443?-w?1 #?ipvsadm-a?-t?172.16.10.188:443?-r?172.16.10.167:443?-w?1
查看
#?ipvsadm-l
啟動服務
#?systemctlstart?keepalived #?systemctlenable?keepalived
ipvsadm腳本
#?vim?/etc/init.d/ipvsadm
#!/bin/bash
#
#LVS?script?for?VS/DR
#
#./etc/rc.d/init.d/functions
#
VIP=172.16.10.188
RIP1=172.16.10.162
RIP2=172.16.10.167
PORT1=80
PORT2=443
Algorithm=rr
Weight=1
#
case"$1"?in
start)
#Since?this?is?the?Director?we?must?be?able?to?forward?packets
#只是臨時修改,重啟機器或重啟網卡失效echo?1?>?/proc/sys/net/ipv4/ip_forward
#Clear?all?ipvsadm?rules/services./usr/sbin/ipvsadm?-C
#Add?an?IP?virtual?service?for?VIP?/usr/sbin/ipvsadm?-A?-t?$VIP:$PORT1?-s$Algorithm
#Now?direct?packets?for?this?VIP?to
#the?real?server?IP?(RIP)?inside?the?cluster/usr/sbin/ipvsadm?-a?-t?$VIP:$PORT1?-r?$RIP1-g?-w?$Weight/usr/sbin/ipvsadm?-a?-t?$VIP:$PORT1?-r?$RIP2-g?-w?$Weight
#Add?an?IP?virtual?service?for?VIP?/usr/sbin/ipvsadm?-A?-t?$VIP:$PORT2?-s$Algorithm
#Now?direct?packets?for?this?VIP?to
#the?real?server?IP?(RIP)?inside?the?cluster/usr/sbin/ipvsadm?-a?-t?$VIP:$PORT2?-r?$RIP1-g?-w?$Weight/usr/sbin/ipvsadm?-a?-t?$VIP:$PORT2?-r?$RIP2-g?-w?$Weight/bin/touch?/var/lock/subsys/ipvsadm?&>/dev/null
;;
stop)
#Stop?forwarding?packetsecho?0?>?/proc/sys/net/ipv4/ip_forward
#Reset?ipvsadm/usr/sbin/ipvsadm?-C
#?Bringdown?the?VIP?interface/usr/sbin/route?del?$VIP/bin/rm?-f?/var/lock/subsys/ipvsadmecho?"ipvs?is?stopped..."
;;
status)if?[?!?-e?/var/lock/subsys/ipvsadm?];?thenecho?"ipvsadm?is?stopped?..."elseecho?"ipvs?is?running?..."ipvsadm?-L?-nfi
;;
*)echo?"Usage:?$0{start|stop|status}"
;;
esac 添加開機啟動
#?vim/etc/rc.d/rc.local /etc/init.d/ipvsadmstart #?chmod+x?/etc/rc.d/rc.loca
relearserver端配置(nginx)
修改內核參數
#?vim/etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1 net.ipv4.conf.lo.arp_announce=2 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.ip_forward=0
#?sysctl?-p
配置虛擬IP地址
臨時添加
#?ifconfiglo:0?172.16.10.188?netmask?255.255.255.255?broadcast?172.16.10.188
永久添加
#?vim?/etc/sysconfig/network-scripts/ifcfg-lo:0
TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no NAME=lo:0 DEVICE=lo:0 ONBOOT=yes IPADDR=172.16.10.188 NETMASK=255.255.255.255
配置路由
臨時添加
#?routeadd?-host?172.16.10.188?dev?lo:0
永久添加
#?vim?/etc/sysconfig/network-scripts/route-lo:0 172.16.10.188dev?lo:0
到此配置完成
測試
停止?keepalived?主,查看?vip?是否漂移到備,并測試是否可以正常訪問
查看日志信息
#?tail-f?/var/log/messages
查看?LVS?當前設置
#?watch?ipvsadm?-Ln
查看轉發情況
#?watch?ipvsadm?-Lnc
在測試中我發現,使用?rr?算法,一個用戶的請求會被分發到兩臺?nginx?上,這并不是我想要的結果,大概看了一下?lvs?的八種算法,最后將?rr?替換為了?sh(源地址散列),具體介紹自行百度,之后,同一個用戶的請求可以被分發在同一臺?nginx?上面了。
但是我又發現?keepalived?配置中有調度算法和權重,?ipvsadm?中也有調度算法和權重,這是不是會有沖突呢,會使用誰的算法。
經過測試,手動配置完?keepalived?和?ipvsadm?之后,例如:?keepalived?算法為?sh?,權重為?3?。?ipvsadm?算法為?rr?,權重為?1?。啟動?keepalived?,ipvsadm-l?查看,發現算法替換為?sh?,權重為?3?。
手動將?ipvsadm?的配置修改,算法為?rr?,權重為?1?,?keepalived?不重啟,?ipvsadm-l?查看,配置生效,經測試,使用的是手動改動過后的配置。
所以這兩個的配置要一樣。
LVS?負載均衡中?arp_ignore?和?arp_annonuce?參數配置的含義
arp_ignore:定義對目標地址為本地IP的ARP詢問不同的應答模式0? 0?-?(默認值):?回應任何網絡接口上對任何本地IP地址的arp查詢請求? 1?-?只回答目標IP地址是來訪網絡接口本地地址的ARP查詢請求? 2?-只回答目標IP地址是來訪網絡接口本地地址的ARP查詢請求,且來訪IP必須在該網絡接口的子網段內? 3?-?不回應該網絡界面的arp請求,而只對設置的唯一和連接地址做出回應? 4-7?-?保留未使用? 8?-不回應所有(本地地址)的arp查詢
arp_announce:對網絡接口上,本地IP地址的發出的,ARP回應,作出相應級別的限制:?確定不同程度的限制,宣布對來自本地源IP地址發出Arp請求的接口? 0?-?(默認)?在任意網絡接口(eth0,eth1,lo)上的任何本地地址? 1?-盡量避免不在該網絡接口子網段的本地地址做出arp回應.?當發起ARP請求的源IP地址是被設置應該經由路由達到此網絡接口的時候很有用.此時會檢查來訪IP是否為所有接口上的子網段內ip之一.如果改來訪IP不屬于各個網絡接口上的子網段內,那么將采用級別2的方式來進行處理.? 2?-?對查詢目標使用最適當的本地地址.在此模式下將忽略這個IP數據包的源地址并嘗試選擇與能與該地址通信的本地地址.首要是選擇所有的網絡接口的子網中外出訪問子網中包含該目標IP地址的本地地址.?如果沒有合適的地址被發現,將選擇當前的發送網絡接口或其他的有可能接受到該ARP回應的網絡接口來進行發送.
ipvsadm?參數詳解
#?ipvsadm-h ipvsadmv1.27?2008/5/15?(compiled?with?popt?and?IPVS?v1.2.1) Usage:ipvsadm?-A|E?-t|u|f?service-address?[-sscheduler]?[-p?[timeout]]?[-M?netmask]?[--pe?persistence_engine]?[-bsched-flags]ipvsadm?-D?-t|u|f?service-addressipvsadm?-Cipvsadm?-Ripvsadm?-S?[-n]ipvsadm?-a|e?-t|u|f?service-address?-rserver-address?[options]ipvsadm?-d?-t|u|f?service-address?-rserver-addressipvsadm?-L|l?[options]ipvsadm?-Z?[-t|u|f?service-address]ipvsadm?--set?tcp?tcpfin?udpipvsadm?--start-daemon?state[--mcast-interface?interface]?[--syncid?sid]ipvsadm?--stop-daemon?stateipvsadm?-hOptions:--tcp-service?-t?service-address??service-address?is?host[:port]--udp-service?-u?service-address??service-address?is?host[:port]--fwmark-service??-f?fwmark?????????fwmark?is?an?integer?greater?than?zero--ipv6????????-6???????????????????fwmark?entryuses?IPv6--scheduler???-s?scheduler?????????one?ofrr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq,thedefault?scheduler?is?wlc.--pe????????????engine??????????????alternate?persistence?engine?maybe?sip,not?setby?default.--persistent??-p?[timeout]?????????persistentservice--netmask?????-M?netmask???????????persistentgranularity?mask--real-server?-r?server-address???server-address?is?host?(and?port)--gatewaying??-g???????????????????gatewaying(direct?routing)?(default)--ipip????????-i???????????????????ipip?encapsulation?(tunneling)--masquerading?-m???????????????????masquerading?(NAT)--weight??????-w?weight????????????capacity?ofreal?server--u-threshold?-x?uthreshold????????upperthreshold?of?connections--l-threshold?-y?lthreshold????????lowerthreshold?of?connections--mcast-interface?interface?????????multicast?interface?for?connectionsync--syncid?sid????????????????????????syncid?for?connectionsync?(default=255)--connection??-c???????????????????output?ofcurrent?IPVS?connections--timeout???????????????????????????output?of?timeout(tcp?tcpfin?udp)--daemon????????????????????????????output?of?daemoninformation--stats?????????????????????????????output?ofstatistics?information--rate??????????????????????????????output?of?rateinformation--exact?????????????????????????????expand?numbers(display?exact?values)--thresholds????????????????????????output?of?thresholdsinformation--persistent-conn???????????????????output?of?persistentconnection?info--nosort????????????????????????????disable?sortingoutput?of?service/server?entries--sort??????????????????????????????does?nothing,?forbackwards?compatibility--ops?????????-o???????????????????one-packet?scheduling--numeric?????-n???????????????????numericoutput?of?addresses?and?ports--sched-flags?-b?flags?????????????schedulerflags?(comma-separated)--add-service?????-A????????add?virtual?service?with?option??在內核的虛擬服務器表中添加一條新的虛擬服務器記錄。也就是增加一臺新的虛擬服務器??--edit-service????-E????????edit?virtual?service?with?options??編輯內核虛擬服務器表中的一條虛擬服務器記錄??--delete-service??-D????????delete?virtual?service??刪除內核虛擬服務器表中的一條虛擬服務器記錄??--clear???????????-C????????clear?the?whole?table??清除內核虛擬服務器表中的所有記錄??--restore?????????-R????????restore?rules?from?stdin??恢復虛擬服務器規則??--save????????????-S????????save?rules?to?stdout??保存虛擬服務器規則,輸出為-R?選項可讀的格式??--add-server??????-a????????add?real?server?with?options??在內核虛擬服務器表的一條記錄里添加一條新的真實服務器??--edit-server?????-e????????edit?real?server?with?options??編輯一條虛擬服務器記錄中的某條真實服務器記錄??--delete-server???-d????????delete?real?server??刪除一條虛擬服務器記錄中的某條真實服務器記錄??--list????????????-L|-l?????list?the?table??顯示內核虛擬服務器表??--zero????????????-Z????????zero?counters?in?a?service?or?all?services??虛擬服務表計數器清零??--set?tcp?tcpfin?udp????????set?connection?timeout?values??設置連接超時值??--start-daemon??????????????start?connection?sync?daemon??啟動同步守護進程。他后面可以是master?或backup,用來說明LVS?Router?是master?或是backup。在這個功能上也可以采keepalived?的VRRP?功能。??--stop-daemon???????????????stop?connection?sync?daemon??停止同步守護進程??--help????????????-h????????display?this?help?message??顯示幫助信息Options:??--tcp-service??-t?service-address???service-address?is?host[:port]??說明虛擬服務器提供的是tcp?的服務[vip:port]?or?[real-server-ip:port]??--udp-service??-u?service-address???service-address?is?host[:port]??說明虛擬服務器提供的是udp?的服務[vip:port]?or?[real-server-ip:port]??--fwmark-service??-f?fwmark?????????fwmark?is?an?integer?greater?than?zero??說明是經過iptables?標記過的服務類型。??--scheduler????-s?scheduler?????????one?of?rr|wrr|lc|wlc|lblc|lblcr|dh|sh|sed|nq,the?default?scheduler?is?wlc.??使用的調度算法,有這樣幾個選項,默認的調度算法是:?wlc.??--persistent???-p?[timeout]?????????persistent?service??持久穩固的服務。這個選項的意思是來自同一個客戶的多次請求,將被同一臺真實的服務器處理。timeout?的默認值為300?秒??--netmask??????-M?netmask???????????persistent?granularity?mask??--real-server??-r?server-address????server-address?is?host?(and?port)??真實的服務器[Real-Server:port]??--gatewaying???-g???????????????????gatewaying?(direct?routing)?(default)??指定LVS?的工作模式為直接路由模式(也是LVS?默認的模式??--ipip?????????-i???????????????????ipip?encapsulation?(tunneling)??指定LVS?的工作模式為隧道模式??--masquerading?-m???????????????????masquerading?(NAT)??指定LVS?的工作模式為NAT?模式??--weight???????-w?weight????????????capacity?of?real?server??真實服務器的權值??--u-threshold??-x?uthreshold????????upper?threshold?of?connections??--l-threshold??-y?lthreshold????????lower?threshold?of?connections??--mcast-interface?interface?????????multicast?interface?for?connection?sync??指定組播的同步接口??--syncid?sid????????????????????????syncid?for?connection?sync?(default=255)??--connection???-c???????????????????output?of?current?IPVS?connections??顯示LVS?目前的連接?如:ipvsadm?-L?-c??--timeout???????????????????????????output?of?timeout?(tcp?tcpfin?udp)??顯示tcp?tcpfin?udp?的timeout?值?如:ipvsadm?-L?--timeout??--daemon????????????????????????????output?of?daemon?information??顯示同步守護進程狀態??--stats?????????????????????????????output?of?statistics?information??顯示統計信息??--rate??????????????????????????????output?of?rate?information??顯示速率信息??--thresholds????????????????????????output?of?thresholds?information??--persistent-conn???????????????????output?of?persistent?connection?info??--sort??????????????????????????????sorting?output?of?service/server?entries??對虛擬服務器和真實服務器排序輸出??--ops??????????-O???????????????????one-packet?scheduling??--numeric??????-n???????????????????numeric?output?of?addresses?and?ports??輸出IP?地址和端口的數字形式
?
? ? ? 本文轉自rshare 51CTO博客,原文鏈接:http://blog.51cto.com/1364952/1978602,如需轉載請自行聯系原作者
![python調用matlab環境配置、非常詳細!!!_[python][matlab]使用python調用matlab程序](http://pic.xiahunao.cn/python調用matlab環境配置、非常詳細!!!_[python][matlab]使用python調用matlab程序)
 支持向量機)
![讀《程序員的SQL金典》[2]--函數](http://pic.xiahunao.cn/讀《程序員的SQL金典》[2]--函數)
