LVS+Keepalived高可用集群
·
一、LVS概述
1. 什么是LVS
LVS (Linux Virtual Server) 是Linux内核内置的负载均衡器,工作在四层(传输层),支持TCP/UDP协议的负载均衡。
text
LVS特点: ├── 开源免费(Linux内核集成) ├── 高性能(内核态工作) ├── 高吞吐量 ├── 多种调度算法 ├── 多种工作模式 └── 透明代理
2. LVS核心组件
text
LVS组成部分:
├── 调度器 (Director)
│ └── 接收客户端请求,转发到后端服务器
├── 服务器池 (Real Server)
│ └── 实际处理请求的服务器
└── 共享存储
└── 为Real Server提供统一数据
3. LVS工作模式
text
三种工作模式: 1. NAT模式 (Network Address Translation) 客户端 → Director → Real Server → Director → 客户端 特点:请求和响应都经过Director 2. DR模式 (Direct Routing) 客户端 → Director → Real Server → 客户端(直接返回) 特点:请求经过Director,响应直接返回客户端 3. TUN模式 (IP Tunneling) 客户端 → Director → Real Server(隧道)→ 客户端 特点:适用于跨网段
4. LVS调度算法
bash
# 静态调度算法 轮询 (RR) # Round Robin 加权轮询 (WRR) # Weighted Round Robin 目标哈希 (DH) # Destination Hashing 源哈希 (SH) # Source Hashing # 动态调度算法 最少连接 (LC) # Least Connections 加权最少连接 (WLC) # Weighted Least Connections 最短延迟 (SED) # Shortest Expected Delay 永不排队 (NQ) # Never Queue 基于局部性的最少连接 (LBLC) 带复制的基于局部性最少连接 (LBLCR)
二、Keepalived概述
1. 什么是Keepalived
Keepalived 是一个用C语言编写的路由软件,主要提供负载均衡和高可用功能。
text
Keepalived特点: ├── 高可用(VRRP协议) ├── 健康检查 ├── 故障切换 ├── 配置简单 ├── 资源占用少 └── 与LVS完美集成
2. VRRP协议
text
VRRP (Virtual Router Redundancy Protocol) 虚拟路由冗余协议 原理: ├── 多台路由器组成虚拟路由器 ├── 虚拟IP (VIP) 对外提供服务 ├── 主路由器 (MASTER) 负责转发 ├── 备份路由器 (BACKUP) 待命 └── 主故障时备份自动接管
3. Keepalived工作原理
text
Keepalived工作流程: ┌─────────────────────────────────────────────────┐ │ Keepalived │ ├─────────────────────────────────────────────────┤ │ ┌─────────────┐ ┌─────────────────────┐ │ │ │ VRRP协议 │ ←──→ │ 健康检查 │ │ │ │ (高可用) │ │ (Health Check) │ │ │ └─────────────┘ └─────────────────────┘ │ │ │ │ │ │ ↓ ↓ │ │ ┌─────────────┐ ┌─────────────────────┐ │ │ │ VIP管理 │ │ LVS配置 │ │ │ │ (IP漂移) │ │ (IPVS管理) │ │ │ └─────────────┘ └─────────────────────┘ │ └─────────────────────────────────────────────────┘
三、环境准备
1. 环境规划
text
架构图:
┌─────────────────┐
│ 客户端 │
└────────┬────────┘
│
↓
┌─────────────────┐
│ VIP: 10.0.0.100│
└────────┬────────┘
│
┌───────────────┴───────────────┐
↓ ↓
┌─────────────────┐ ┌─────────────────┐
│ LVS-Master │ │ LVS-Backup │
│ 10.0.0.10 │ │ 10.0.0.11 │
└────────┬────────┘ └────────┬────────┘
│ │
└───────────────┬───────────────┘
↓
┌─────────────────┐
│ Real Server │
│ 10.0.0.20 │
│ 10.0.0.21 │
│ 10.0.0.22 │
└─────────────────┘
服务器规划:
| 角色 | 主机名 | IP地址 | VIP | 说明 |
|---|---|---|---|---|
| LVS-Master | lvs01 | 10.0.0.10 | 10.0.0.100 | 主调度器 |
| LVS-Backup | lvs02 | 10.0.0.11 | 10.0.0.100 | 备调度器 |
| Web1 | web01 | 10.0.0.20 | - | 后端服务器 |
| Web2 | web02 | 10.0.0.21 | - | 后端服务器 |
| Web3 | web03 | 10.0.0.22 | - | 后端服务器 |
2. 系统配置
bash
# 1. 设置主机名 hostnamectl set-hostname lvs01 hostnamectl set-hostname lvs02 hostnamectl set-hostname web01 hostnamectl set-hostname web02 hostnamectl set-hostname web03 # 2. 配置hosts文件 cat >> /etc/hosts << EOF 10.0.0.10 lvs01 10.0.0.11 lvs02 10.0.0.20 web01 10.0.0.21 web02 10.0.0.22 web03 EOF # 3. 关闭防火墙(或开放端口) systemctl stop firewalld systemctl disable firewalld # 4. 关闭SELinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # 5. 时间同步 yum install -y ntpdate ntpdate pool.ntp.org # 6. 开启IP转发(LVS节点) echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -p
四、LVS配置
1. 安装ipvsadm
bash
# CentOS/RHEL yum install -y ipvsadm # Ubuntu/Debian apt install -y ipvsadm # 查看LVS内核模块 lsmod | grep ip_vs modprobe ip_vs modprobe ip_vs_rr modprobe ip_vs_wrr modprobe ip_vs_lc modprobe ip_vs_wlc modprobe ip_vs_sh # 查看版本 ipvsadm -v
2. 配置LVS(DR模式)
bash
# LVS-Master (10.0.0.10) # 创建LVS脚本 cat > /usr/local/bin/lvs_dr.sh << 'EOF' #!/bin/bash # 配置VIP VIP=10.0.0.100 # 后端服务器 RS1=10.0.0.20 RS2=10.0.0.21 RS3=10.0.0.22 # 配置VIP到网卡 /sbin/ifconfig ens33:0 $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev ens33:0 # 清空IPVS规则 /sbin/ipvsadm -C # 设置LVS服务 /sbin/ipvsadm -A -t $VIP:80 -s wlc -p 600 # 添加后端服务器 /sbin/ipvsadm -a -t $VIP:80 -r $RS1:80 -g -w 1 /sbin/ipvsadm -a -t $VIP:80 -r $RS2:80 -g -w 2 /sbin/ipvsadm -a -t $VIP:80 -r $RS3:80 -g -w 3 # 查看配置 /sbin/ipvsadm -ln EOF chmod +x /usr/local/bin/lvs_dr.sh # 执行脚本 /usr/local/bin/lvs_dr.sh # 保存配置 ipvsadm -S > /etc/sysconfig/ipvsadm
3. 配置后端Real Server
bash
# 在所有Web服务器上执行 (10.0.0.20/21/22) cat > /usr/local/bin/realserver.sh << 'EOF' #!/bin/bash VIP=10.0.0.100 # 配置ARP抑制(DR模式关键配置) /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev lo:0 # 配置ARP响应策略 echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce # 永久生效 cat >> /etc/sysctl.conf << EOF net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 EOF sysctl -p # 启动Web服务 systemctl start nginx systemctl enable nginx EOF chmod +x /usr/local/bin/realserver.sh /usr/local/bin/realserver.sh
4. 测试LVS
bash
# 1. 查看LVS状态 ipvsadm -ln # 输出示例: IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.100:80 wlc persistent 600 -> 10.0.0.20:80 Route 1 0 0 -> 10.0.0.21:80 Route 2 0 0 -> 10.0.0.22:80 Route 3 0 0 # 2. 查看连接统计 ipvsadm -lnc # 3. 测试访问 curl http://10.0.0.100 # 4. 压测 ab -n 10000 -c 100 http://10.0.0.100/
五、Keepalived安装与配置
1. 安装Keepalived
bash
# CentOS/RHEL yum install -y keepalived # Ubuntu/Debian apt install -y keepalived # 查看版本 keepalived -v # 启用IP转发 echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf sysctl -p
2. 主节点配置(LVS-Master)
bash
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
# 全局定义
global_defs {
# 通知邮件
notification_email {
admin@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# VRRP实例配置
vrrp_instance VI_1 {
state MASTER # 主节点
interface ens33 # 监听的网络接口
virtual_router_id 51 # 虚拟路由ID(1-255,主备必须一致)
priority 100 # 优先级(主节点高于备节点)
advert_int 1 # 检查间隔(秒)
# 认证配置
authentication {
auth_type PASS
auth_pass 1111
}
# 虚拟IP地址
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:0
}
# 脚本检查
track_script {
check_lvs
}
}
# 虚拟服务器配置(LVS)
virtual_server 10.0.0.100 80 {
delay_loop 6 # 健康检查间隔
lb_algo wlc # 调度算法
lb_kind DR # 工作模式
persistence_timeout 600 # 持久连接时间
protocol TCP # 协议
# 后端服务器1
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
# 后端服务器2
real_server 10.0.0.21 80 {
weight 2
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
# 后端服务器3
real_server 10.0.0.22 80 {
weight 3
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
}
# 健康检查脚本
vrrp_script check_lvs {
script "/usr/local/bin/check_lvs.sh"
interval 2
weight -20
fall 2
rise 1
}
EOF
# 创建健康检查脚本
cat > /usr/local/bin/check_lvs.sh << 'EOF'
#!/bin/bash
# LVS健康检查脚本
# 检查ipvsadm是否运行
ipvsadm -ln > /dev/null 2>&1
if [ $? -ne 0 ]; then
exit 1
fi
# 检查LVS服务是否存在
ipvsadm -ln | grep "10.0.0.100:80" > /dev/null 2>&1
if [ $? -ne 0 ]; then
exit 1
fi
# 检查是否有活跃的后端服务器
ACTIVE_RS=$(ipvsadm -ln | grep -c "Route")
if [ $ACTIVE_RS -eq 0 ]; then
exit 1
fi
exit 0
EOF
chmod +x /usr/local/bin/check_lvs.sh
3. 备节点配置(LVS-Backup)
bash
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
notification_email {
admin@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_BACKUP
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP # 备节点
interface ens33
virtual_router_id 51
priority 90 # 优先级低于主节点
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:0
}
track_script {
check_lvs
}
}
virtual_server 10.0.0.100 80 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 600
protocol TCP
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.21 80 {
weight 2
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.22 80 {
weight 3
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
}
vrrp_script check_lvs {
script "/usr/local/bin/check_lvs.sh"
interval 2
weight -20
fall 2
rise 1
}
EOF
# 同样需要创建健康检查脚本
cat > /usr/local/bin/check_lvs.sh << 'EOF'
#!/bin/bash
ipvsadm -ln > /dev/null 2>&1
exit $?
EOF
chmod +x /usr/local/bin/check_lvs.sh
4. 启动Keepalived
bash
# 启动服务 systemctl start keepalived systemctl enable keepalived # 查看状态 systemctl status keepalived # 查看日志 journalctl -u keepalived -f # 查看VIP ip addr show # 查看LVS配置 ipvsadm -ln
六、LVS+Keepalived高级配置
1. 多VIP配置
bash
# 支持多个虚拟IP
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
# 多个虚拟IP
virtual_ipaddress {
10.0.0.100/24 dev ens33
10.0.0.101/24 dev ens33
10.0.0.102/24 dev ens33
}
}
# 多个虚拟服务
virtual_server 10.0.0.100 80 {
...
}
virtual_server 10.0.0.100 443 {
...
}
virtual_server 10.0.0.101 3306 {
...
}
2. TCP健康检查
bash
# TCP端口健康检查
virtual_server 10.0.0.100 3306 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 10.0.0.20 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
connect_port 3306
}
}
}
3. 自定义健康检查脚本
bash
cat > /usr/local/bin/check_http.sh << 'EOF'
#!/bin/bash
# 自定义HTTP健康检查
VIP=$1
PORT=$2
RS_IP=$3
# 检查后端服务
curl -s -o /dev/null -w "%{http_code}" http://$RS_IP:$PORT/health | grep -q "200"
if [ $? -eq 0 ]; then
exit 0
else
exit 1
fi
EOF
chmod +x /usr/local/bin/check_http.sh
# 在keepalived配置中使用
real_server 10.0.0.20 80 {
weight 1
MISC_CHECK {
misc_path "/usr/local/bin/check_http.sh 10.0.0.100 80 10.0.0.20"
misc_timeout 5
misc_dynamic
}
}
4. 邮件告警配置
bash
# 在global_defs中添加
global_defs {
# 邮件配置
notification_email {
admin@example.com
ops@example.com
}
notification_email_from keepalived@example.com
smtp_server smtp.example.com
smtp_connect_timeout 30
# 通知脚本
notify_master "/usr/local/bin/notify.sh master"
notify_backup "/usr/local/bin/notify.sh backup"
notify_fault "/usr/local/bin/notify.sh fault"
}
# 创建通知脚本
cat > /usr/local/bin/notify.sh << 'EOF'
#!/bin/bash
# Keepalived状态通知脚本
STATE=$1
DATE=$(date '+%Y-%m-%d %H:%M:%S')
HOSTNAME=$(hostname)
case $STATE in
master)
echo "$DATE - $HOSTNAME 成为MASTER节点" | mail -s "Keepalived Master" admin@example.com
;;
backup)
echo "$DATE - $HOSTNAME 成为BACKUP节点" | mail -s "Keepalived Backup" admin@example.com
;;
fault)
echo "$DATE - $HOSTNAME 出现故障" | mail -s "Keepalived Fault" admin@example.com
;;
esac
logger -t keepalived "State changed to: $STATE"
EOF
chmod +x /usr/local/bin/notify.sh
七、后端Web服务器配置
1. 安装配置Nginx
bash
# 在所有Web服务器上安装Nginx
yum install -y nginx
# 创建测试页面
cat > /usr/share/nginx/html/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Web Server $(hostname)</title>
</head>
<body>
<h1>Welcome to $(hostname)</h1>
<p>Server IP: $(hostname -I | awk '{print $1}')</p>
<p>Hostname: $(hostname)</p>
</body>
</html>
EOF
# 创建健康检查接口
cat > /usr/share/nginx/html/health << EOF
OK
EOF
# 配置Nginx
cat > /etc/nginx/conf.d/health.conf << 'EOF'
server {
listen 80;
server_name _;
location /health {
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
EOF
# 启动Nginx
systemctl start nginx
systemctl enable nginx
# 测试
curl http://localhost/health
2. 配置ARP抑制(永久生效)
bash
cat > /etc/sysctl.d/99-lvs.conf << 'EOF' # LVS DR模式ARP配置 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 EOF sysctl -p /etc/sysctl.d/99-lvs.conf # 创建VIP启动脚本 cat > /etc/systemd/system/lvs-vip.service << 'EOF' [Unit] Description=LVS VIP configuration After=network.target [Service] Type=oneshot ExecStart=/sbin/ifconfig lo:0 10.0.0.100 netmask 255.255.255.255 broadcast 10.0.0.100 up ExecStart=/sbin/route add -host 10.0.0.100 dev lo:0 RemainAfterExit=yes [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable lvs-vip systemctl start lvs-vip
八、测试与验证
1. 测试脚本
bash
#!/bin/bash
# test_lvs.sh - LVS+Keepalived测试脚本
VIP="10.0.0.100"
LVS_MASTER="10.0.0.10"
LVS_BACKUP="10.0.0.11"
echo "=========================================="
echo "LVS+Keepalived集群测试"
echo "=========================================="
# 1. 测试VIP访问
echo -e "\n1. 测试VIP访问:"
curl -s http://$VIP/ | grep -o "Welcome to.*"
# 2. 查看LVS调度统计
echo -e "\n2. LVS调度统计:"
ipvsadm -ln --stats | grep "10.0.0.100"
# 3. 查看连接分布
echo -e "\n3. 连接分布:"
ipvsadm -lnc | grep -c "10.0.0.100"
# 4. 测试后端健康检查
echo -e "\n4. 后端健康检查:"
for rs in 10.0.0.20 10.0.0.21 10.0.0.22; do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" http://$rs/health)
echo "$rs: $STATUS"
done
# 5. 查看Keepalived状态
echo -e "\n5. Keepalived状态:"
systemctl status keepalived | grep -E "Active|MASTER|BACKUP"
# 6. VIP归属
echo -e "\n6. VIP当前所在节点:"
ping -c 1 $VIP > /dev/null
arping -c 1 $VIP 2>/dev/null | grep "reply"
# 7. 负载测试
echo -e "\n7. 负载测试 (1000请求, 10并发):"
ab -n 1000 -c 10 http://$VIP/ 2>&1 | grep -E "Requests per second|Time per request|Failed"
echo -e "\n=========================================="
2. 故障切换测试
bash
#!/bin/bash # failover_test.sh - 故障切换测试 VIP="10.0.0.100" echo "开始故障切换测试..." # 1. 查看当前MASTER echo "1. 当前MASTER节点:" ssh lvs01 "ip addr show | grep 10.0.0.100" ssh lvs02 "ip addr show | grep 10.0.0.100" # 2. 停止主节点Keepalived echo -e "\n2. 停止主节点Keepalived..." ssh lvs01 "systemctl stop keepalived" sleep 5 # 3. 检查VIP是否漂移 echo "3. 检查VIP漂移:" ssh lvs01 "ip addr show | grep 10.0.0.100" ssh lvs02 "ip addr show | grep 10.0.0.100" # 4. 测试服务是否正常 echo -e "\n4. 测试服务可用性:" curl -s http://$VIP/ | grep -o "Welcome to.*" # 5. 恢复主节点 echo -e "\n5. 恢复主节点..." ssh lvs01 "systemctl start keepalived" sleep 10 # 6. 检查VIP是否回切 echo "6. 检查VIP回切:" ssh lvs01 "ip addr show | grep 10.0.0.100" ssh lvs02 "ip addr show | grep 10.0.0.100" echo -e "\n故障切换测试完成"
3. 性能测试
bash
#!/bin/bash
# performance_test.sh - 性能测试
VIP="10.0.0.100"
RESULTS="/tmp/lvs_perf_$(date +%Y%m%d_%H%M%S).txt"
echo "LVS性能测试报告" > $RESULTS
echo "================" >> $RESULTS
echo "测试时间: $(date)" >> $RESULTS
echo "" >> $RESULTS
# 不同并发测试
for CONC in 10 50 100 200 500; do
echo "测试并发: $CONC"
echo "" >> $RESULTS
echo "并发数: $CONC" >> $RESULTS
ab -n 10000 -c $CONC http://$VIP/ 2>&1 | tee -a $RESULTS
echo "----------------------------------------" >> $RESULTS
sleep 5
done
echo "性能测试完成,报告保存在: $RESULTS"
九、监控与运维
1. LVS监控脚本
bash
#!/bin/bash
# lvs_monitor.sh - LVS监控脚本
# 配置
VIP="10.0.0.100"
LOG_FILE="/var/log/lvs_monitor.log"
ALERT_EMAIL="admin@example.com"
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}
# 检查LVS服务
check_lvs() {
ipvsadm -ln | grep "$VIP:80" > /dev/null 2>&1
if [ $? -ne 0 ]; then
log "ERROR: LVS service for $VIP not found"
return 1
fi
return 0
}
# 检查后端服务器
check_realserver() {
local failed=0
for rs in $(ipvsadm -ln | grep "$VIP:80" | grep Route | awk '{print $2}'); do
curl -s -o /dev/null -w "%{http_code}" http://$rs/health | grep -q "200"
if [ $? -ne 0 ]; then
log "WARNING: Real server $rs is down"
failed=$((failed+1))
fi
done
return $failed
}
# 检查连接数
check_connections() {
local conn=$(ipvsadm -lnc | grep -c "$VIP:80")
if [ $conn -gt 10000 ]; then
log "WARNING: High connections: $conn"
echo "High connections: $conn" | mail -s "LVS Alert" $ALERT_EMAIL
fi
}
# 检查VIP
check_vip() {
ip addr show | grep "$VIP" > /dev/null 2>&1
if [ $? -eq 0 ]; then
log "INFO: VIP $VIP is on this node"
else
log "INFO: VIP $VIP is not on this node"
fi
}
# 主函数
main() {
check_lvs
check_realserver
check_connections
check_vip
}
main
2. Keepalived监控
bash
#!/bin/bash
# keepalived_monitor.sh - Keepalived监控
# 检查Keepalived进程
check_keepalived() {
if pgrep keepalived > /dev/null; then
echo "✓ Keepalived running"
return 0
else
echo "✗ Keepalived stopped"
return 1
fi
}
# 检查VRRP状态
check_vrrp() {
local state=$(ip addr show | grep -A2 "ens33:" | grep "inet 10.0.0.100" | wc -l)
if [ $state -eq 1 ]; then
echo "✓ MASTER mode active"
else
echo "✓ BACKUP mode active"
fi
}
# 查看Keepalived日志
check_logs() {
tail -5 /var/log/messages | grep keepalived
}
check_keepalived
check_vrrp
check_logs
3. 性能监控脚本
bash
#!/bin/bash
# perf_monitor.sh - 性能监控
# 监控LVS性能指标
while true; do
clear
echo "LVS性能监控 - $(date)"
echo "========================"
# 连接数统计
echo "连接统计:"
ipvsadm -ln --stats | grep "10.0.0.100"
echo ""
echo "速率统计:"
ipvsadm -ln --rate | grep "10.0.0.100"
echo ""
echo "后端服务器状态:"
ipvsadm -ln | grep "10.0.0.100" -A 5
sleep 5
done
十、常见问题与排错
1. LVS常见问题
bash
# 问题1:VIP无法访问 # 检查VIP配置 ip addr show | grep VIP # 检查ARP抑制 cat /proc/sys/net/ipv4/conf/all/arp_ignore # 检查路由 route -n # 问题2:调度不均衡 # 检查调度算法 ipvsadm -ln | grep scheduler # 检查持久连接 ipvsadm -ln | grep persistent # 问题3:后端服务器健康检查失败 # 手动测试 curl http://10.0.0.20/health # 检查防火墙 iptables -L -n # 问题4:IPVS模块未加载 modprobe ip_vs lsmod | grep ip_vs
2. Keepalived常见问题
bash
# 问题1:VRRP脑裂 # 检查防火墙是否阻止VRRP(协议112) iptables -I INPUT -p vrrp -j ACCEPT # 检查配置是否一致 diff /etc/keepalived/keepalived.conf lvs02:/etc/keepalived/keepalived.conf # 问题2:VIP不漂移 # 检查优先级配置 grep priority /etc/keepalived/keepalived.conf # 检查认证密码 grep auth_pass /etc/keepalived/keepalived.conf # 查看Keepalived日志 journalctl -u keepalived -f # 问题3:健康检查失败 # 测试脚本 /usr/local/bin/check_lvs.sh echo $? # 应该返回0
3. 排错脚本
bash
#!/bin/bash
# lvs_troubleshoot.sh - LVS排错脚本
echo "LVS故障排查工具"
echo "================"
# 1. 检查内核模块
echo "1. 内核模块检查:"
lsmod | grep -E "ip_vs|nf_conntrack"
# 2. 检查IPVS规则
echo -e "\n2. IPVS规则:"
ipvsadm -ln
# 3. 检查VIP配置
echo -e "\n3. VIP配置:"
ip addr show | grep -E "ens33|lo"
# 4. 检查ARP配置
echo -e "\n4. ARP配置:"
sysctl net.ipv4.conf.all.arp_ignore
sysctl net.ipv4.conf.all.arp_announce
# 5. 检查路由
echo -e "\n5. 路由表:"
route -n | grep -E "10.0.0.100|ens33"
# 6. 检查Keepalived
echo -e "\n6. Keepalived状态:"
systemctl status keepalived | grep -E "Active|MASTER|BACKUP"
# 7. 检查后端服务器
echo -e "\n7. 后端服务器健康检查:"
for rs in 10.0.0.20 10.0.0.21 10.0.0.22; do
curl -s -o /dev/null -w "$rs: %{http_code}\n" http://$rs/health
done
# 8. 测试访问
echo -e "\n8. VIP访问测试:"
curl -s -o /dev/null -w "VIP访问: %{http_code}\n" http://10.0.0.100/
# 9. 查看日志
echo -e "\n9. 最近错误日志:"
tail -20 /var/log/messages | grep -E "keepalived|LVS"
十一、总结
LVS+Keepalived架构优势
| 特性 | 说明 |
|---|---|
| 高可用 | VRRP协议保证故障自动切换 |
| 高性能 | 内核级负载均衡,转发效率高 |
| 可扩展 | 后端服务器可动态增减 |
| 健康检查 | 自动剔除故障节点 |
| 会话保持 | 支持持久连接配置 |
| 多种算法 | 10+种调度算法可选 |
架构选择建议
text
小型应用(<1000并发) ├── Nginx反向代理 + Keepalived └── 配置简单,功能足够 中型应用(1000-10000并发) ├── LVS/DR + Keepalived └── 高性能,性价比高 大型应用(>10000并发) ├── LVS + Keepalived + Nginx ├── 四层+七层混合架构 └── 最高性能,最灵活
最佳实践
-
网络规划
-
使用独立网段
-
配置内网通信
-
启用巨型帧
-
-
健康检查
-
合理设置超时
-
使用应用层检查
-
避免误判
-
-
监控告警
-
实时监控状态
-
及时发现问题
-
自动故障恢复
-
-
容量规划
-
预估峰值流量
-
预留扩展空间
-
定期压力测试
-
AtomGit 是由开放原子开源基金会联合 CSDN 等生态伙伴共同推出的新一代开源与人工智能协作平台。平台坚持“开放、中立、公益”的理念,把代码托管、模型共享、数据集托管、智能体开发体验和算力服务整合在一起,为开发者提供从开发、训练到部署的一站式体验。
更多推荐
1
0- 0
已为社区贡献3条内容
所有评论(0)