lvs 부하 균형 및 듀얼 핫 스페어 고가용 설정(keepalived)
8833 단어 엔터프라이즈급 운영 방안
소개
keepalived의 역할은 서버의 상태를 검측하는 것이다. 만약에 웹 서버가 다운되거나 작업이 고장나면 Keepalived는 검측하고 고장난 서버를 시스템에서 제거하며 이 서버의 작업을 다른 서버로 대체한다. 서버가 정상적으로 작동하면 Keepalived는 서버를 서버 그룹에 자동으로 추가한다. 이런 작업은 모두 자동으로 완성되고 인공적인 간섭이 필요 없다.인공적으로 해야 할 일은 고장난 서버를 복구하는 것뿐이다.
원리
Layer3,4,5는 IP/TCP 프로토콜 창고의 IP 층, TCP 층, 그리고 응용 층에서 작업한다. 원리는 다음과 같다. Keepalived가 Layer3의 방식으로 작업할 때 Keepalived는 정기적으로 서버 그룹에 있는 서버에 ICMP 패키지를 보낸다. 만약에 어떤 서비스의 IP 주소가 활성화되지 않은 것을 발견하면 Keepalived는 이 서버의 실효를 보고하고 이를 서버 그룹에서 제거한다.이런 상황의 전형적인 예는 어떤 서버가 불법으로 꺼진 것이다.Layer3 방식은 서버의 IP 주소가 서버에서 제대로 작동하는지 여부를 기준으로 합니다.
환경 구성
서버1: MASTER 서버 4: BACKUP 서버 2: Real 서버 1 서버 3: Real 서버 2
구성 단계
1. 서버1을 사용하여 lvs 부하 균형 DR 모드
[root@server1 ~]# ip addr add 172.25.254.100/24 dev eth0
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.2:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.3:80 -g
[root@server1 ~]# /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
[root@server1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
2, 서버 2 및 서버 3 Read 서버 구성
[root@server2 ~]# ip addr add 172.25.254.100/32 dev eth0
[root@server2 ~]# arptables -A IN -d 172.25.254.100 -j DROP
[root@server2 ~]# arptables -A OUT -s 172.25.254.100 -j mangle --mangle-ip-s 172.25.254.2
[root@server2 ~]# arptables -L
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.254.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.254.100 anywhere anywhere anywhere any any any any --mangle-ip-s server2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
이때 물리기 접근 vip는 lvs 부하 균형 조회를 실현한다
3. keepalived 설정
서버 1 구성
1. keepalived 패키지 다운로드
[root@server1 ~]# ls
keepalived-1.4.3.tar.gz
[root@server1 ~]# tar zxf keepalived-1.4.3.tar.gz
[root@server1 ~]# ls
keepalived-1.4.3 keepalived-1.4.3.tar.gz
[root@server1 ~]# yum install -y gcc openssl-devel ## kp
2, 컴파일, 검사 및 설치
[root@server1 keepalived-1.4.3]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV ##
[root@server1 keepalived-1.4.3]# make && make install ##
[root@server1 keepalived-1.4.3]# cd /usr/local/keepalived/
[root@server1 keepalived]# ll ##
total 16
drwxr-xr-x 2 root root 4096 Jun 21 23:09 bin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 etc
drwxr-xr-x 2 root root 4096 Jun 21 23:09 sbin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 share
3. 소프트 연결 생성
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/ ##
[root@server1 keepalived]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived ##
[root@server4 ~]# which keepalived
/sbin/keepalived
4. 프로필 수정
/etc/keepalived/keepalived.conf 1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost #
6 }
7 notification_email_from [email protected]
8 smtp_server 127.0.0.1 ##
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 # vrrp_strict ## ,
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER ## MASTER
19 interface eth0
20 virtual_router_id 51 ## ,BACKUP MASTER
21 priority 100
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.254.100 ##vip
29 }
30 }
31
32 virtual_server 172.25.254.100 80 { ##vip
33 delay_loop 1
34 lb_algo rr
35 lb_kind DR
36 # persistence_timeout 50 ##
37 protocol TCP
38
39 real_server 172.25.254.2 80 { Rip1
40 weight 1
41 TCP_CHECK {
42 connect_timeout 3
43 retry 3
44 delay_before_retry 3
45 }
46 }
47 real_server 172.25.254.3 80 { Rip2
48 weight 1
49 TCP_CHECK {
50 connect_timeout 3
51 retry 3
52 delay_before_retry 3
53 }
54 }
55 }
server4
서버 4에 gcc ipvsadm openssl-devel 등 의존 패키지 설치[root@server4 ~]# yum install ipvsadm gcc openssl-devel httpd -y
1. 서버 1의 /usr /local /keepalived 디렉터리를 서버 4에 직접 복사
[root@server1 keepalived]# scp -r /usr/local/keepalived/ server4:/usr/local/
2. 서버 4에서 소프트 연결 만들기
[root@server4 ~]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server4 ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 ~]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
3. 서버 1의 프로필을 서버 4로 복사
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf server4:/etc/keepalived/
root@server4's password:
keepalived.conf 100% 1015 1.0KB/s 00:00
4. server4 프로필 수정
서버 4 프로필과 서버 1은 차이가 많지 않습니다. 두 줄만 바꾸면 됩니다. 17 vrrp_instance VI_1 {
18 state BACKUP ###
19 interface eth0
20 virtual_router_id 51
21 priority 50 ### server1
22 advert_int 1
서버 1 및 서버 4 구성 성공
1. 서버 1과 서버 4를 켜는keepalived
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
테스트:
설정이 성공한 후에 우리는 물리기기로 vip에 접근했다. 접근 결과는 서버2와 서버3 윤문이고 ARp는 서버1의 물리 주소를 가리킨다. 서버1의 kp가 닫힌 후에 물리기기가 접근하면 윤문은 여전히 정상적이다. 그러나arp는 서버4의 물리 주소를 가리킨다. 따라서 호스트가 고장났을 때 예비 기능은 신속하게 작업을 대체한다. 서버1이 kp를 열면 물리기기가 서버1의 물리 주소를 가리킨다.호스트가 정상적으로 회복되면 호스트가 바로 vip를 인수하여 이중 핫 스페어를 사용할 수 있음을 나타낸다[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
Layer3,4,5는 IP/TCP 프로토콜 창고의 IP 층, TCP 층, 그리고 응용 층에서 작업한다. 원리는 다음과 같다. Keepalived가 Layer3의 방식으로 작업할 때 Keepalived는 정기적으로 서버 그룹에 있는 서버에 ICMP 패키지를 보낸다. 만약에 어떤 서비스의 IP 주소가 활성화되지 않은 것을 발견하면 Keepalived는 이 서버의 실효를 보고하고 이를 서버 그룹에서 제거한다.이런 상황의 전형적인 예는 어떤 서버가 불법으로 꺼진 것이다.Layer3 방식은 서버의 IP 주소가 서버에서 제대로 작동하는지 여부를 기준으로 합니다.
환경 구성
서버1: MASTER 서버 4: BACKUP 서버 2: Real 서버 1 서버 3: Real 서버 2
구성 단계
1. 서버1을 사용하여 lvs 부하 균형 DR 모드
[root@server1 ~]# ip addr add 172.25.254.100/24 dev eth0
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.2:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.3:80 -g
[root@server1 ~]# /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
[root@server1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
2, 서버 2 및 서버 3 Read 서버 구성
[root@server2 ~]# ip addr add 172.25.254.100/32 dev eth0
[root@server2 ~]# arptables -A IN -d 172.25.254.100 -j DROP
[root@server2 ~]# arptables -A OUT -s 172.25.254.100 -j mangle --mangle-ip-s 172.25.254.2
[root@server2 ~]# arptables -L
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.254.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.254.100 anywhere anywhere anywhere any any any any --mangle-ip-s server2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
이때 물리기 접근 vip는 lvs 부하 균형 조회를 실현한다
3. keepalived 설정
서버 1 구성
1. keepalived 패키지 다운로드
[root@server1 ~]# ls
keepalived-1.4.3.tar.gz
[root@server1 ~]# tar zxf keepalived-1.4.3.tar.gz
[root@server1 ~]# ls
keepalived-1.4.3 keepalived-1.4.3.tar.gz
[root@server1 ~]# yum install -y gcc openssl-devel ## kp
2, 컴파일, 검사 및 설치
[root@server1 keepalived-1.4.3]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV ##
[root@server1 keepalived-1.4.3]# make && make install ##
[root@server1 keepalived-1.4.3]# cd /usr/local/keepalived/
[root@server1 keepalived]# ll ##
total 16
drwxr-xr-x 2 root root 4096 Jun 21 23:09 bin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 etc
drwxr-xr-x 2 root root 4096 Jun 21 23:09 sbin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 share
3. 소프트 연결 생성
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/ ##
[root@server1 keepalived]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived ##
[root@server4 ~]# which keepalived
/sbin/keepalived
4. 프로필 수정
/etc/keepalived/keepalived.conf 1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost #
6 }
7 notification_email_from [email protected]
8 smtp_server 127.0.0.1 ##
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 # vrrp_strict ## ,
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER ## MASTER
19 interface eth0
20 virtual_router_id 51 ## ,BACKUP MASTER
21 priority 100
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.254.100 ##vip
29 }
30 }
31
32 virtual_server 172.25.254.100 80 { ##vip
33 delay_loop 1
34 lb_algo rr
35 lb_kind DR
36 # persistence_timeout 50 ##
37 protocol TCP
38
39 real_server 172.25.254.2 80 { Rip1
40 weight 1
41 TCP_CHECK {
42 connect_timeout 3
43 retry 3
44 delay_before_retry 3
45 }
46 }
47 real_server 172.25.254.3 80 { Rip2
48 weight 1
49 TCP_CHECK {
50 connect_timeout 3
51 retry 3
52 delay_before_retry 3
53 }
54 }
55 }
server4
서버 4에 gcc ipvsadm openssl-devel 등 의존 패키지 설치[root@server4 ~]# yum install ipvsadm gcc openssl-devel httpd -y
1. 서버 1의 /usr /local /keepalived 디렉터리를 서버 4에 직접 복사
[root@server1 keepalived]# scp -r /usr/local/keepalived/ server4:/usr/local/
2. 서버 4에서 소프트 연결 만들기
[root@server4 ~]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server4 ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 ~]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
3. 서버 1의 프로필을 서버 4로 복사
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf server4:/etc/keepalived/
root@server4's password:
keepalived.conf 100% 1015 1.0KB/s 00:00
4. server4 프로필 수정
서버 4 프로필과 서버 1은 차이가 많지 않습니다. 두 줄만 바꾸면 됩니다. 17 vrrp_instance VI_1 {
18 state BACKUP ###
19 interface eth0
20 virtual_router_id 51
21 priority 50 ### server1
22 advert_int 1
서버 1 및 서버 4 구성 성공
1. 서버 1과 서버 4를 켜는keepalived
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
테스트:
설정이 성공한 후에 우리는 물리기기로 vip에 접근했다. 접근 결과는 서버2와 서버3 윤문이고 ARp는 서버1의 물리 주소를 가리킨다. 서버1의 kp가 닫힌 후에 물리기기가 접근하면 윤문은 여전히 정상적이다. 그러나arp는 서버4의 물리 주소를 가리킨다. 따라서 호스트가 고장났을 때 예비 기능은 신속하게 작업을 대체한다. 서버1이 kp를 열면 물리기기가 서버1의 물리 주소를 가리킨다.호스트가 정상적으로 회복되면 호스트가 바로 vip를 인수하여 이중 핫 스페어를 사용할 수 있음을 나타낸다[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
1. 서버1을 사용하여 lvs 부하 균형 DR 모드
[root@server1 ~]# ip addr add 172.25.254.100/24 dev eth0
[root@server1 ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.2:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.254.100:80 -r 172.25.254.3:80 -g
[root@server1 ~]# /etc/init.d/ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
[root@server1 ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:http rr
-> server2:http Route 1 0 0
-> server3:http Route 1 0 0
2, 서버 2 및 서버 3 Read 서버 구성
[root@server2 ~]# ip addr add 172.25.254.100/32 dev eth0
[root@server2 ~]# arptables -A IN -d 172.25.254.100 -j DROP
[root@server2 ~]# arptables -A OUT -s 172.25.254.100 -j mangle --mangle-ip-s 172.25.254.2
[root@server2 ~]# arptables -L
Chain IN (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
DROP anywhere 172.25.254.100 anywhere anywhere any any any any
Chain OUT (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
mangle 172.25.254.100 anywhere anywhere anywhere any any any any --mangle-ip-s server2
Chain FORWARD (policy ACCEPT)
target source-ip destination-ip source-hw destination-hw hlen op hrd pro
[root@server2 ~]# /etc/init.d/arptables_jf save
Saving current rules to /etc/sysconfig/arptables: [ OK ]
이때 물리기 접근 vip는 lvs 부하 균형 조회를 실현한다
3. keepalived 설정
서버 1 구성
1. keepalived 패키지 다운로드
[root@server1 ~]# ls
keepalived-1.4.3.tar.gz
[root@server1 ~]# tar zxf keepalived-1.4.3.tar.gz
[root@server1 ~]# ls
keepalived-1.4.3 keepalived-1.4.3.tar.gz
[root@server1 ~]# yum install -y gcc openssl-devel ## kp
2, 컴파일, 검사 및 설치
[root@server1 keepalived-1.4.3]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV ##
[root@server1 keepalived-1.4.3]# make && make install ##
[root@server1 keepalived-1.4.3]# cd /usr/local/keepalived/
[root@server1 keepalived]# ll ##
total 16
drwxr-xr-x 2 root root 4096 Jun 21 23:09 bin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 etc
drwxr-xr-x 2 root root 4096 Jun 21 23:09 sbin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 share
3. 소프트 연결 생성
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/ ##
[root@server1 keepalived]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived ##
[root@server4 ~]# which keepalived
/sbin/keepalived
4. 프로필 수정
/etc/keepalived/keepalived.conf 1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost #
6 }
7 notification_email_from [email protected]
8 smtp_server 127.0.0.1 ##
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 # vrrp_strict ## ,
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER ## MASTER
19 interface eth0
20 virtual_router_id 51 ## ,BACKUP MASTER
21 priority 100
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.254.100 ##vip
29 }
30 }
31
32 virtual_server 172.25.254.100 80 { ##vip
33 delay_loop 1
34 lb_algo rr
35 lb_kind DR
36 # persistence_timeout 50 ##
37 protocol TCP
38
39 real_server 172.25.254.2 80 { Rip1
40 weight 1
41 TCP_CHECK {
42 connect_timeout 3
43 retry 3
44 delay_before_retry 3
45 }
46 }
47 real_server 172.25.254.3 80 { Rip2
48 weight 1
49 TCP_CHECK {
50 connect_timeout 3
51 retry 3
52 delay_before_retry 3
53 }
54 }
55 }
server4
서버 4에 gcc ipvsadm openssl-devel 등 의존 패키지 설치[root@server4 ~]# yum install ipvsadm gcc openssl-devel httpd -y
1. 서버 1의 /usr /local /keepalived 디렉터리를 서버 4에 직접 복사
[root@server1 keepalived]# scp -r /usr/local/keepalived/ server4:/usr/local/
2. 서버 4에서 소프트 연결 만들기
[root@server4 ~]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server4 ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 ~]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
3. 서버 1의 프로필을 서버 4로 복사
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf server4:/etc/keepalived/
root@server4's password:
keepalived.conf 100% 1015 1.0KB/s 00:00
4. server4 프로필 수정
서버 4 프로필과 서버 1은 차이가 많지 않습니다. 두 줄만 바꾸면 됩니다. 17 vrrp_instance VI_1 {
18 state BACKUP ###
19 interface eth0
20 virtual_router_id 51
21 priority 50 ### server1
22 advert_int 1
서버 1 및 서버 4 구성 성공
1. 서버 1과 서버 4를 켜는keepalived
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
테스트:
설정이 성공한 후에 우리는 물리기기로 vip에 접근했다. 접근 결과는 서버2와 서버3 윤문이고 ARp는 서버1의 물리 주소를 가리킨다. 서버1의 kp가 닫힌 후에 물리기기가 접근하면 윤문은 여전히 정상적이다. 그러나arp는 서버4의 물리 주소를 가리킨다. 따라서 호스트가 고장났을 때 예비 기능은 신속하게 작업을 대체한다. 서버1이 kp를 열면 물리기기가 서버1의 물리 주소를 가리킨다.호스트가 정상적으로 회복되면 호스트가 바로 vip를 인수하여 이중 핫 스페어를 사용할 수 있음을 나타낸다[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
1. keepalived 패키지 다운로드
[root@server1 ~]# ls
keepalived-1.4.3.tar.gz
[root@server1 ~]# tar zxf keepalived-1.4.3.tar.gz
[root@server1 ~]# ls
keepalived-1.4.3 keepalived-1.4.3.tar.gz
[root@server1 ~]# yum install -y gcc openssl-devel ## kp
2, 컴파일, 검사 및 설치
[root@server1 keepalived-1.4.3]# ./configure --prefix=/usr/local/keepalived --with-init=SYSV ##
[root@server1 keepalived-1.4.3]# make && make install ##
[root@server1 keepalived-1.4.3]# cd /usr/local/keepalived/
[root@server1 keepalived]# ll ##
total 16
drwxr-xr-x 2 root root 4096 Jun 21 23:09 bin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 etc
drwxr-xr-x 2 root root 4096 Jun 21 23:09 sbin
drwxr-xr-x 5 root root 4096 Jun 21 23:09 share
3. 소프트 연결 생성
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/ ##
[root@server1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/ ##
[root@server1 keepalived]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived ##
[root@server4 ~]# which keepalived
/sbin/keepalived
4. 프로필 수정
/etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 root@localhost #
6 }
7 notification_email_from [email protected]
8 smtp_server 127.0.0.1 ##
9 smtp_connect_timeout 30
10 router_id LVS_DEVEL
11 vrrp_skip_check_adv_addr
12 # vrrp_strict ## ,
13 vrrp_garp_interval 0
14 vrrp_gna_interval 0
15 }
16
17 vrrp_instance VI_1 {
18 state MASTER ## MASTER
19 interface eth0
20 virtual_router_id 51 ## ,BACKUP MASTER
21 priority 100
22 advert_int 1
23 authentication {
24 auth_type PASS
25 auth_pass 1111
26 }
27 virtual_ipaddress {
28 172.25.254.100 ##vip
29 }
30 }
31
32 virtual_server 172.25.254.100 80 { ##vip
33 delay_loop 1
34 lb_algo rr
35 lb_kind DR
36 # persistence_timeout 50 ##
37 protocol TCP
38
39 real_server 172.25.254.2 80 { Rip1
40 weight 1
41 TCP_CHECK {
42 connect_timeout 3
43 retry 3
44 delay_before_retry 3
45 }
46 }
47 real_server 172.25.254.3 80 { Rip2
48 weight 1
49 TCP_CHECK {
50 connect_timeout 3
51 retry 3
52 delay_before_retry 3
53 }
54 }
55 }
server4
서버 4에 gcc ipvsadm openssl-devel 등 의존 패키지 설치[root@server4 ~]# yum install ipvsadm gcc openssl-devel httpd -y
1. 서버 1의 /usr /local /keepalived 디렉터리를 서버 4에 직접 복사
[root@server1 keepalived]# scp -r /usr/local/keepalived/ server4:/usr/local/
2. 서버 4에서 소프트 연결 만들기
[root@server4 ~]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server4 ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 ~]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
3. 서버 1의 프로필을 서버 4로 복사
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf server4:/etc/keepalived/
root@server4's password:
keepalived.conf 100% 1015 1.0KB/s 00:00
4. server4 프로필 수정
서버 4 프로필과 서버 1은 차이가 많지 않습니다. 두 줄만 바꾸면 됩니다. 17 vrrp_instance VI_1 {
18 state BACKUP ###
19 interface eth0
20 virtual_router_id 51
21 priority 50 ### server1
22 advert_int 1
서버 1 및 서버 4 구성 성공
1. 서버 1과 서버 4를 켜는keepalived
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
테스트:
설정이 성공한 후에 우리는 물리기기로 vip에 접근했다. 접근 결과는 서버2와 서버3 윤문이고 ARp는 서버1의 물리 주소를 가리킨다. 서버1의 kp가 닫힌 후에 물리기기가 접근하면 윤문은 여전히 정상적이다. 그러나arp는 서버4의 물리 주소를 가리킨다. 따라서 호스트가 고장났을 때 예비 기능은 신속하게 작업을 대체한다. 서버1이 kp를 열면 물리기기가 서버1의 물리 주소를 가리킨다.호스트가 정상적으로 회복되면 호스트가 바로 vip를 인수하여 이중 핫 스페어를 사용할 수 있음을 나타낸다[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@server4 ~]# yum install ipvsadm gcc openssl-devel httpd -y
[root@server1 keepalived]# scp -r /usr/local/keepalived/ server4:/usr/local/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@server4 ~]# ln -s /usr/local/keepalived/etc/keepalived/ /etc/
[root@server4 ~]# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
[root@server4 ~]# chmod +x /usr/local/keepalived/etc/rc.d/init.d/keepalived
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf server4:/etc/keepalived/
root@server4's password:
keepalived.conf 100% 1015 1.0KB/s 00:00
17 vrrp_instance VI_1 {
18 state BACKUP ###
19 interface eth0
20 virtual_router_id 51
21 priority 50 ### server1
22 advert_int 1
1. 서버 1과 서버 4를 켜는keepalived
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server4 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
테스트:
설정이 성공한 후에 우리는 물리기기로 vip에 접근했다. 접근 결과는 서버2와 서버3 윤문이고 ARp는 서버1의 물리 주소를 가리킨다. 서버1의 kp가 닫힌 후에 물리기기가 접근하면 윤문은 여전히 정상적이다. 그러나arp는 서버4의 물리 주소를 가리킨다. 따라서 호스트가 고장났을 때 예비 기능은 신속하게 작업을 대체한다. 서버1이 kp를 열면 물리기기가 서버1의 물리 주소를 가리킨다.호스트가 정상적으로 회복되면 호스트가 바로 vip를 인수하여 이중 핫 스페어를 사용할 수 있음을 나타낸다[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
[root@foundation77 Desktop]# arp -d 172.25.254.100
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f2:23:ae [ether] on br0
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# curl 172.25.254.100
server3
[root@foundation77 Desktop]# curl 172.25.254.100
server2
[root@foundation77 Desktop]# arp -an | grep 100
? (172.25.254.100) at 52:54:00:f9:4e:d3 [ether] on br0
좋은 웹페이지 즐겨찾기
