Configure a kept + LVS server

Topological graph

Working principle analysis:

1. Kept uses VRRP hot backup protocol to realize the multi machine hot backup function of Linux server.

2.VRRP, virtual routing redundancy protocol, is a backup solution for routers.

3. Multiple routers form a hot standby group to provide services through shared virtual IP addresses.

4. In each hot standby group, only one primary router provides services at the same time, and other routers are in redundant state.

5. If the current online router fails, other routers will automatically take over the virtual IP address according to the set priority and continue to provide services.

Cluster deployment:

1.: configure the network environment and set the network parameters of Web1} web2 server (you cannot copy the network card name)

 

    [root@web1 ~]# nmcli connection modify eth0 ipv4.method manual \
    ipv4.addresses 192.168.4.100/24 connection.autoconnect yes
    [root@web1 ~]# nmcli connection up eth0

 

Next, configure the VIP address for web1

Note: the subnet mask here must be 32 (that is, all 255). The network address is the same as the IP address, and the broadcast address is the same as the IP address.

    [root@web1 ~]# cd /etc/sysconfig/network-scripts/
    [root@web1 ~]# cp ifcfg-lo  ifcfg-lo:0
    [root@web1 ~]# vim ifcfg-lo:0
    DEVICE=lo:0
    #Equipment name
    IPADDR=192.168.4.15
    #IP address
    NETMASK=255.255.255.255
    #Subnet mask
    NETWORK=192.168.4.15
    #network address
    BROADCAST=192.168.4.15
    #Broadcast address
    ONBOOT=yes
    #Activate the network card after power on
    NAME=lo:0
    #Network card name
    [root@web1 ~]# vim /etc/sysctl.conf
    #Manually write the following four lines, English Vocabulary: ignore, announce
    net.ipv4.conf.all.arp_ignore = 1
    net.ipv4.conf.lo.arp_ignore = 1
    net.ipv4.conf.lo.arp_announce = 2
    net.ipv4.conf.all.arp_announce = 2
    #arp_ Ignore (prevent inbound conflict)
    #arp_ Announcement (anti outbound conflict)
    [root@web1 ~]# sysctl  -p                #Refresh to make the configuration file take effect immediately
​

    [root@web1 ~]# systemctl restart network        #service network restart 
    [root@web1 ~]# ip  a   s                        #View IP address

[Click and drag to move]
​

2. Set the network parameters of Web2 server (you cannot copy the network card name)

    [root@web2 ~]# nmcli connection modify eth0 ipv4.method manual \
    ipv4.addresses 192.168.4.200/24 connection.autoconnect yes
    [root@web2 ~]# nmcli connection up eth0
    [root@web2 ~]# cd /etc/sysconfig/network-scripts/
    [root@web2 ~]# cp ifcfg-lo  ifcfg-lo:0
    [root@web2 ~]# vim ifcfg-lo:0
    DEVICE=lo:0
    IPADDR=192.168.4.15
    NETMASK=255.255.255.255
    NETWORK=192.168.4.15
    BROADCAST=192.168.4.15
    ONBOOT=yes
    NAME=lo:0
    [root@web2 ~]# vim /etc/sysctl.conf
    #Manually write the following four lines, English Vocabulary: ignore, announce
    net.ipv4.conf.all.arp_ignore = 1
    net.ipv4.conf.lo.arp_ignore = 1
    net.ipv4.conf.lo.arp_announce = 2
    net.ipv4.conf.all.arp_announce = 2
    #arp_ Ignore (prevent inbound conflict)
    #arp_ Announcement (anti outbound conflict)
    [root@web2 ~]# sysctl  -p             #Refresh to make the configuration file take effect immediately
    [root@web2 ~]# systemctl restart network        #service network restart 
    [root@web2 ~]# ip a  s                            #View IP address

2. Configure the network parameters of the proxy host (VIP is not configured, and VIP is automatically configured by keepalived), and directly delete the configuration file of the VIP network card created on the proxy host.

Note: you cannot copy the network card name.

    [root@proxy ~]# rm -rf /etc/sysconfig/network-scripts/ifcfg-eth0:0
    [root@proxy ~]# nmcli connection modify eth0 ipv4.method manual \
    ipv4.addresses 192.168.4.5/24 connection.autoconnect yes
    [root@proxy ~]# nmcli connection up eth0

Configure the network parameters of proxy2 host (VIP is not configured, and VIP is automatically configured by keepalived). Note: according to the previous course environment, the virtual machine does not exist by default, and a new virtual machine proxy2 needs to be built.

Note: you cannot copy the network card name.

    [root@proxy2 ~]# nmcli connection modify eth0 ipv4.method manual \
    ipv4.addresses 192.168.4.6/24 connection.autoconnect yes
    [root@proxy2 ~]# nmcli connection up eth0

3. Configure background web Services

Install software, customize Web pages (web1 and web2 hosts)

​

    [root@web1 ~]# yum -y install httpd
    [root@web1 ~]# echo "192.168.4.100" > /var/www/html/index.html
    [root@web2 ~]# yum -y install httpd
    [root@web2 ~]# echo "192.168.4.200" > /var/www/html/index.html

[Click and drag to move]
​

Start the Web server software (web1 and web2 hosts)

    [root@web1 ~]# systemctl start httpd ; systemctl enable httpd
    [root@web2 ~]# systemctl start httpd ; systemctl enable httpd

4. The scheduler installs Keepalived and ipvsadm software. Note: the two LVS schedulers perform the same operation

    [root@proxy ~]# yum install -y keepalived
    [root@proxy ~]# systemctl enable keepalived
    [root@proxy ~]# yum install -y ipvsadm
    [root@proxy ~]# ipvsadm -C
    [root@proxy2 ~]# yum install -y keepalived
    [root@proxy2 ~]# systemctl enable keepalived
    [root@proxy2 ~]# yum install -y ipvsadm
    [root@proxy2 ~]# ipvsadm -C

5. Deploy Keepalived to achieve high availability of LVS-DR mode scheduler. Set Keepalived for LVS1 scheduler and start the service (operate on 192.168.4.5 host)

    [root@proxy ~]# vim /etc/keepalived/keepalived.conf
    global_defs {
      router_id  lvs1        #Line 12, set the route ID number (the experiment needs to be modified)
      vrrp_iptables            #Line 13, clear the firewall interception rules (the experiment needs to be modified and added manually)   
    }
    vrrp_instance VI_1 {
      state MASTER            #Line 21, MASTER server
      interface eth0            #Line 22, define the network interface (the network card name cannot be copied)
      virtual_router_id 51        #In line 23, the primary and secondary VRID numbers must be consistent
      priority 100            #Line 24, server priority
      advert_int 1
      authentication {
        auth_type pass
        auth_pass 1111                       
      }
      virtual_ipaddress {        #30 ~ 32 lines, VIP configuration (the experiment needs to be modified)
    192.168.4.15/24 
     }   
    }
    virtual_server 192.168.4.15 80 {        #Set the VIP rules of ipvsadm (the experiment needs to be modified)
      delay_loop 6                        #Default health check delay 6 seconds
      lb_algo rr                            #Set LVS scheduling algorithm to RR
      lb_kind DR                            #Set the LVS mode to DR (the experiment needs to be modified)
      #persistence_timeout 50                #(experiment needs to be deleted)
    #Note persistence_ The function of timeout is to keep the connection
    #After opening, the client always accesses the same server for a certain period of time (50 seconds)
      protocol TCP                        #TCP protocol
      real_server 192.168.4.100 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
        weight 1                            #Set the weight to 1
        TCP_CHECK {                        #For background real_ Health check for server (the experiment needs to be modified)
        connect_timeout 3                #The health check timeout is 3 seconds
        nb_get_retry 3                    #Health check retries 3 times
            delay_before_retry 3                #The interval between health checks is 3 seconds
        }
      }
     real_server 192.168.4.200 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
        weight 2                        #Set the weight to 2
        TCP_CHECK {                    #For background real_ Health check for server (the experiment needs to be modified)
             connect_timeout 3            #The health check timeout is 3 seconds
        nb_get_retry 3                #Health check retries 3 times
        delay_before_retry 3            #The interval between health checks is 3 seconds
        }
      }
    }
    [root@proxy1 ~]# systemctl start keepalived
    [root@proxy1 ~]# ipvsadm -Ln        #View LVS rules
    [root@proxy1 ~]# ip a  s            #View VIP configuration
    [root@proxy ~]# vim /etc/keepalived/keepalived.conf
    global_defs {
      router_id  lvs1        #Line 12, set the route ID number (the experiment needs to be modified)
      vrrp_iptables            #Line 13, clear the firewall interception rules (the experiment needs to be modified and added manually)   
    }
    vrrp_instance VI_1 {
      state MASTER            #Line 21, MASTER server
      interface eth0            #Line 22, define the network interface (the network card name cannot be copied)
      virtual_router_id 51        #In line 23, the primary and secondary VRID numbers must be consistent
      priority 100            #Line 24, server priority
      advert_int 1
      authentication {
        auth_type pass
        auth_pass 1111                       
      }
      virtual_ipaddress {        #30 ~ 32 lines, configure VIP (the experiment needs to be modified)
    192.168.4.15/24 
     }   
    }
    virtual_server 192.168.4.15 80 {        #Set the VIP rules of ipvsadm (the experiment needs to be modified)
      delay_loop 6                        #Default health check delay 6 seconds
      lb_algo rr                            #Set LVS scheduling algorithm to RR
      lb_kind DR                            #Set the LVS mode to DR (the experiment needs to be modified)
      #persistence_timeout 50                #(experiment needs to be deleted)
    #Note persistence_ The function of timeout is to keep the connection
    #After opening, the client always accesses the same server for a certain period of time (50 seconds)
      protocol TCP                        #TCP protocol
      real_server 192.168.4.100 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
        weight 1                            #Set the weight to 1
        TCP_CHECK {                        #For background real_ Health check for server (the experiment needs to be modified)
        connect_timeout 3                #The health check timeout is 3 seconds
        nb_get_retry 3                    #Health check retries 3 times
            delay_before_retry 3                #The interval between health checks is 3 seconds
        }
      }
     real_server 192.168.4.200 80 {        #Set the real IP of the back-end web server (the experiment needs to be modified)
        weight 2                        #Set the weight to 2
        TCP_CHECK {                    #For background real_ Health check for server (the experiment needs to be modified)
             connect_timeout 3            #The health check timeout is 3 seconds
        nb_get_retry 3                #Health check retries 3 times
        delay_before_retry 3            #The interval between health checks is 3 seconds
        }
      }
    }
    [root@proxy1 ~]# systemctl start keepalived
    [root@proxy1 ~]# ipvsadm -Ln        #View LVS rules
    [root@proxy1 ~]# ip a  s            #View VIP configuration

After configuration, the client can access

The client repeatedly connects using the curl command http://192.168.4.15 , check whether the visited page will poll different back-end real servers.

Keywords: lvs

Added by lli2k5 on Thu, 30 Dec 2021 18:44:15 +0200