The implementation of LVS + preserved dual master model

Topology:

Client LVS1 LVS2 RS1 RS2
192.168.2.1 DIP 192.168.2.128 VIP 192.168.2.198 DIP 192.168.2.129 VIP 192.168.2.199 192.168.2.130 192.168.2.131

To implement the dual master model, we need to configure two virtual router groups, that is, each host needs to be configured with two VRRP? Instances, and each virtual interface is configured with a virtual IP. The same group of virtual router IDs of LVS1 and LVS2 are mutually primary and standby. Here, if you don't understand the implementation principle of VRRP or see the configuration information later, RS1 and RS2 need to configure two groups of routes in dual master mode, When the request from VIP1 is received and sent to the lo:0 network card for processing, the request from VIP2 is received and sent to the lo:1 network card for processing

Upper configuration:

###########################           LVS1 To configure          ######################### 

yum install nginx -y
echo "Sorry, the server is under maintenance..' > /usr/share/nginx/html/index.html
systemctl start nginx

! Configuration File for keepalived

global_defs {           ##For email alarm, it's easy to configure it as a local mailbox, and the email alarm here is also weak. Later, we use the ability of keepalive to call script to develop the alarm or the professional level program like zabbix
   notification_email {
        root@localhost       
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node1                   ##Set to hostname, unique
   vrrp_mcast_group4 224.0.0.112     ##Multicast address
}

###  Configure virtual IP configuration area 

vrrp_instance VI_1 {
    state MASTER                    #Status is divided into MASTER | BACKUP
    interface eno16777736           ##Which physical interface is floating ip bound to
    virtual_router_id 31            ##Virtual router id, set to be consistent with the other
    priority 100                    ##priority
    advert_int 1                    ##Heartbeat detection frequency, default 1s
#    nopreempt                       ##Non preemptive mode
    authentication {
        auth_type PASS
        auth_pass f1GDsVH6      ##VRRP multicast, consistent with the same group of virtual VIPs
    }
    virtual_ipaddress {
        192.168.2.198/24 dev eno16777736 label eno16777736:1    ##Set vip address
    }

    notify_master "/etc/keepalived/scripts/notify.sh master"      ##Execute script when status changes to master
    notify_backup "/etc/keepalived/scripts/notify.sh backup"     ##Execute script when status changes to backup
    notify_fault "/etc/keepalived/scripts/notify.sh fault"     ##Execute script when state fails
}

vrrp_instance VI_2 {
    state BACKUP
    interface eno16777736
    virtual_router_id 32
    priority 98
    advert_int 1
#    nopreempt
    authentication {
        auth_type PASS
        auth_pass f1GDsV78
    }
    virtual_ipaddress {
        192.168.2.199/24 dev eno16777736 label eno16777736:2
    }

    notify_master "/etc/keepalived/scripts/notify.sh master"      ##Execute script when status changes to master
    notify_backup "/etc/keepalived/scripts/notify.sh backup"     ##Execute script when status changes to backup
    notify_fault "/etc/keepalived/scripts/notify.sh fault"     ##Execute script when state fails

}

###  LVS rule configuration area
##Because of the dual master model, we need to configure two groups of VIP clusters. When LVS2 goes down, LVS2 virtual IP drifts to the local machine. We need to have 192.168.2.199 cluster configuration on LVS1, and vice versa

virtual_server 192.168.2.198 80 {
    delay_loop 1
    lb_algo wlc
    lb_kind DR
#   persistence_timeout 300
    protocol TCP
    sorry_server 127.0.0.1 80
  real_server 192.168.2.130 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

  real_server 192.168.2.131 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

}

virtual_server 192.168.2.199 80 {
    delay_loop 1
    lb_algo wlc
    lb_kind DR
#   persistence_timeout 300
    protocol TCP
    sorry_server 127.0.0.1 80
  real_server 192.168.2.130 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

  real_server 192.168.2.131 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }
}

###########################           LVS2 To configure          #########################
yum install nginx -y
echo "Sorry, the server is under maintenance..' > /usr/share/nginx/html/index.html
systemctl start nginx

! Configuration File for keepalived

global_defs {           ##For email alarm, it's easy to configure it as a local mailbox, and the email alarm here is also weak. Later, we use the ability of keepalive to call script to develop the alarm or the professional level program like zabbix
   notification_email {
        root@localhost       
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node2                   ##Set to hostname, unique
   vrrp_mcast_group4 224.0.0.112     ##Multicast address
}

vrrp_instance VI_1 {
    state BACKUP                    #Status is divided into MASTER | BACKUP
    interface eno16777736           ##Which physical interface is floating ip bound to
    virtual_router_id 31            ##Virtual router id, set to be consistent with the other
    priority 98                     ##priority
    advert_int 1                    ##Heartbeat detection frequency, default 1s
#    nopreempt                       ##Non preemptive mode
    authentication {
        auth_type PASS
        auth_pass f1GDsVH6      ##VRRP multicast, consistent with the same group of virtual VIPs
    }
    virtual_ipaddress {
        192.168.2.198/24 dev eno16777736 label eno16777736:1    ##Set vip address
    }

    notify_master "/etc/keepalived/scripts/notify.sh master"      ##Execute script when status changes to master
    notify_backup "/etc/keepalived/scripts/notify.sh backup"     ##Execute script when status changes to backup
    notify_fault "/etc/keepalived/scripts/notify.sh fault"     ##Execute script when state fails
}

vrrp_instance VI_2 {
    state MASTER
    interface eno16777736
    virtual_router_id 32
    priority 100
    advert_int 1
#    nopreempt
    authentication {
        auth_type PASS
        auth_pass f1GDsV78
    }
    virtual_ipaddress {
        192.168.2.199/24 dev eno16777736 label eno16777736:2
    }

    notify_master "/etc/keepalived/scripts/notify.sh master"      ##Execute script when status changes to master
    notify_backup "/etc/keepalived/scripts/notify.sh backup"     ##Execute script when status changes to backup
    notify_fault "/etc/keepalived/scripts/notify.sh fault"     ##Execute script when state fails
}

virtual_server 192.168.2.198 80 {
    delay_loop 1
    lb_algo wlc
    lb_kind DR
#   persistence_timeout 300
    protocol TCP
    sorry_server 127.0.0.1 80
  real_server 192.168.2.130 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

  real_server 192.168.2.131 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

}

virtual_server 192.168.2.199 80 {
    delay_loop 1
    lb_algo wlc
    lb_kind DR
#   persistence_timeout 300
    protocol TCP
    sorry_server 127.0.0.1 80
  real_server 192.168.2.130 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }

  real_server 192.168.2.131 80{
    weight 1
    TCP_CHECK {
            connect_port 80
        connect_timeout 1
            nb_get_retry 2
        delay_before_retry 1
    }
  }
}

########################   RS1 To configure   ########################
yum install nginx -y
echo "192.168.2.130' > /usr/share/nginx/html/index.html
systemctl start nginx
## Execute the script set LVS rs.sh
bash set_lvs_rs.sh start

########################   RS2 To configure   ########################
yum install nginx -y
echo "192.168.2.131' > /usr/share/nginx/html/index.html
systemctl start nginx
## Execute the script set LVS rs.sh
bash set_lvs_rs.sh start

The dual master model of LVS + preserved has been completed. Through the test, we can get:
1. The DNS rounds work normally when LVS1 and LVS2 are normal.
2. When LVS1 or any one of them goes down, the floating IP floats to another host, and both VIP s still work normally
3. When any TCP 80 port layer 4 of NGINX is abnormal, keepalived will automatically delete it from the rule, otherwise, it will be added automatically
4. When NGINX is down at the same time, keep alive temporarily provides sorry server
5. When vip changes, keepalived will automatically send an email to inform the administrator

Set LVS rs.sh script content:

#!/bin/bash
#
vip1='192.168.2.198'
vip2='192.168.2.199'
mask='255.255.255.255'

case $1 in
start)
    echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

    ifconfig lo:0 $vip1 netmask $mask broadcast $vip1 up
    ifconfig lo:1 $vip2 netmask $mask broadcast $vip2 up
    route add -host $vip1 dev lo:0
    route add -host $vip2 dev lo:1
    ;;
stop)
    ifconfig lo:0 down
    ifconfig lo:1 down

    echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
    echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce

    ;;
*)
    echo "Usage $(basename $0) start|stop"
    exit 1
    ;;
esac

notify.sh script content:

[root@node2 scripts]# cat notify.sh 
#!/bin/bash
#
contact='root@localhost'

notify() {
        local mailsubject="$(hostname) to be $1, vip floating"
        local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
        echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
        notify master
        ;;
backup)
        notify backup
        ;;
fault)
        notify fault
        ;;
*)
        echo "Usage: $(basename $0) {master|backup|fault}"
        exit 1
        ;;
esac

Tags: Linux Nginx yum network Zabbix

Posted on Mon, 02 Dec 2019 18:50:21 -0800 by fussy