文章目录
一、LVS-DR的搭建
1.1、环境搭建
- 两台做LVS+keepalived架构
- 两台虚拟机做web服务器
服务器 | IP地址 | 虚拟地址 |
---|---|---|
LVS1 | 192.168.100.140 | ens33:0-192.168.100.10 |
LVS2 | 192.168.100.150 | ens33:0-192.168.100.10 |
Web1 | 192.168.100.160 | lo:0-192.168.100.10 |
web2 | 192.168.100.170 | lo:0-192.168.100.10 |
1.2、实验拓扑图
1.3: 主LVS调度器的配置
- 下载相应的软件包
yum install keepalived ipvsadm -y
- 添加路由转发功能,关闭重定向功能
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
#proc响应关闭重定向功能
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
sysctl -p //生效
-
配置real网卡
cd /etc/sysconfig/network-scripts/ vim ifcfg-ens33 IPADDR=192.168.100.140 GATEWAY=192.168.100.1 NETMASK=255.255.255.0
-
添加虚拟网卡
cd /etc/sysconfig/network-scripts/ cp ifcfg-ens33 ifcfg-ens33:0 vim ifcfg-ens33:0 DEVICE=ens33:0 ONBOOT=yes IPADDR=192.168.100.10 NETMASK=255.255.255.0
-
编辑LVS规则脚本
cd /etc/init.d/ vim dr.sh
#!/bin/bash GW=192.168.100.1 VIP=192.168.100.10 RIP1=192.168.100.160 RIP2=192.168.100.170 case "$1" in start) /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm systemctl start ipvsadm /sbin/ifconfig e0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up /sbin/route add -host $VIP dev e0 /sbin/ipvsadm -A -t $VIP:80 -s rr /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g echo "ipvsadm starting ok" ;; stop) /sbin/ipvsadm -C systemctl stop ipvsadm ifconfig ens33:0 down route del $VIP echo "ipvsadm stoped ok" ;; status) if [ ! -e /var/lock/subsys/ipvsadm ];then echo "ipvsadm stoped" exit 1 else echo "ipvsadm Runing ok" fi ;; *) echo "Usage: $0 {start|stop|status}" exit 1 esac exit 0
chmod +x dr.sh service dr.sh start ipvsadm starting --------------------[ok] systemctl stop firewalld.service setenforce 0
-
配置keepalived配置文件
//MASTER 192.168.100.140 [root@localhost init.d]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_01 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 10 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.100.10 } } virtual_server 192.168.100.10 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.100.160 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.100.170 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
-
检查LVS服务器的 ens33:0 和节点服务器的 lo:0虚拟网卡是否正常开启
-
关闭安全功能,开启服务
systemctl stop firewalld setenforce 0 systemctl start keepalived.service systemctl restart network service dr.sh start
-
另外一台lvs设置大致相同,不同之处如下
配置real网卡
cd /etc/sysconfig/network-scripts/ vim ifcfg-ens33 IPADDR=192.168.100.150 GATEWAY=192.168.100.1 NETMASK=255.255.255.0
添加虚拟网卡步骤相同
cd /etc/sysconfig/network-scripts/ cp ifcfg-ens33 ifcfg-ens33:0 vim ifcfg-ens33:0 DEVICE=ens33:0 ONBOOT=yes IPADDR=192.168.100.10 NETMASK=255.255.255.0
编辑LVS规则脚本(dr.sh)步骤相同
配置keepalived配置文件略有差异,不同之处如下
//BACKUP 192.168.100.150 [root@localhost init.d]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf router_id LVS_02 //这个两个虚拟id号,两个节点此处不能相同 state BACKUP virtual_router_id 10 //组号 这里设的要和热备的虚拟地址一致 priority 90
-
[root@localhost init.d]# cd /etc/keepalived/ [root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 '//邮件协议指向自己' smtp_connect_timeout 30 router_id LVS_01 '//router_id不能相同' vrrp_skip_check_adv_addr '//vrrp协议' vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER '//主服务器为MASTER,备服务器为BACKUP' interface ens33 '//主调度器的网卡名称' virtual_router_id 10 '//主备组号要相同' priority 100 '//优先级,备服务器的优先级要小于主' advert_int 1 authentication { '//主、备热备份认证信息,必须相同' auth_type PASS auth_pass 1111 '//主备密码要相同' } virtual_ipaddress { '//指定群集的VIP地址' 192.168.100.10 } } virtual_server 192.168.100.10 80 { '//虚拟服务器地址、端口' delay_loop 6 '//健康检查的间隔时间' lb_algo rr '//轮询算法' lb_kind DR '//修改为DR模式,DR的群集工作模式' persistence_timeout 50 protocol TCP '//应用服务采用的是TCP协议' real_server 192.168.100.160 80 { '//节点1配置,后面有多少节点就配多少个真实地址' weight 1 '//节点的权重' TCP_CHECK { '//健康检查方式' connect_port 80 '//检查的目的端口' connect_timeout 3 '//连接超时(秒)' nb_get_retry 3 '//重试次数' delay_before_retry 3 '//重试间隔(秒)' } } real_server 192.168.100.170 80 { '//节点1配置' weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
二: 节点服务器配置
2.1: web server 1 配置
-
节点地址 192.168.100.160
-
systemctl stop firewalld setenforce 0
-
下载httpd软件包
yum install httpd -y
-
配置real网卡
cd /etc/sysconfig/network-scripts/ vim ifcfg-ens33 IPADDR=192.168.100.160 GATEWAY=192.168.100.1
-
配置virtual网卡
cd /etc/sysconfig/network-scripts/ cp -p ifcfg-lo ifcfg-lo:0 vim ifcfg-lo:0 DEVICE=lo:0 ONBOOT=yes IPADDR=192.168.100.10 NETMASK=255.255.255.0
-
添加网页站点
[root@localhost ~]# cd /var/www/html [root@localhost html]# ls [root@localhost html]# echo "<h1>this is apache1</h1>" > index.html
-
配置LVS服务,编写LVS脚本
[root@localhost html]# cd /etc/init.d [root@localhost init.d]# ls functions netconsole network README [root@localhost init.d]# vim dr.sh #!/bin/bash VIP=192.168.100.10 '要与keepalived选的虚拟vip地址相同' case "$1" in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce sysctl -p > /dev/null 2>&1 echo "real server start ok" ;; stop) ifconfig lo:0 down route del $VIP /dev/null 2>&1 echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce echo "real server stop" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 [root@localhost init.d]# chmod +x dr.sh
-
关闭安全性功能,开启服务
systemctl stop firewalld setenforce 0 ifup lo:0 service dr.sh start systemctl start httpd
2.2: web server 2 配置
- 节点地址192.168.100.170
-
下载httpd软件包
yum insatll httpd -y
-
配置real网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# vim ifcfg-ens33 IPADDR=192.168.100.170 GATEWAY=192.168.100.1
-
配置virual网卡
[root@localhost html]# cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp -p ifcfg-lo ifcfg-lo:0 [root@localhost network-scripts]# vim ifcfg-lo:0 DEVICE=lo:0 ONBOOT=yes IPADDR=192.168.100.10 //注意这里两个节点所指的虚拟地址要相同 NETMASK=255.255.255.0
-
添加网页站点
[root@localhost ~]# cd /var/www/html [root@localhost html]# ls [root@localhost html]# echo "<h1>this is apache2</h1>" > index.html
-
配置LVS服务,编写脚本
[root@localhost html]# cd /etc/init.d [root@localhost init.d]# ls functions netconsole network README [root@localhost init.d]# vim dr.sh #!/bin/bash VIP=192.168.100.10 case "$1" in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce sysctl -p > /dev/null 2>&1 echo "real server start ok" ;; stop) ifconfig lo:0 down route del $VIP /dev/null 2>&1 echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce echo "real server stop" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 [root@localhost init.d]# chmod +x dr.sh
-
闭安全性功能,开启服务
systemctl stop firewalld setenforce 0 ifup lo:0 service dr.sh start systemctl start httpd
三: 客户机配置与访问测试
-
以上可以看出,LVS-DR的轮询访问
四: 验证keepalived 热备
-
断开主调度器的keepalived
//192.168.100.150 [root@localhost ~]# systemctl stop keepalived.service [root@localhost ~]# systemctl status keepalived.service ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: inactive (dead)
-
客户机访问
-
以上可以看出,LVS-DR的轮询访问