一、问题
(1)先部署lvs
原因:在先部署web时,路由添加因为虚拟IP绑定在web上,所以路由到达地址为本地或者另一个虚拟机上。
二、配置过程
(1)LVS-DR模式搭建
1、先配置LVS
《1》、现在私有云>子网>IP地址管理>虚拟IP绑定服务器
《2》、下载ipvs管理工具
yum install ipvsadm -y
《3》内部再次绑定虚拟IP
ifconfig lo:0 192.168.2.200(绑定的虚拟ip) broadcast 192.168.2.200 netmask 255.255.255.255 up
《4》配置LVS集群
ipvsadm -A -t 192.168.2.200:80 -s rr
ipvsadm -a -t 192.168.2.200:80 -r 192.168.2.30:80(真实服务器) -g
ipvsadm -a -t 192.168.2.200:80 -r 192.168.2.40:80(真实服务器)-g
ipvsadm -l
ipvsadm --set 1 2 1
2、真实服务器的配置
《1》下载nginx或者apache作为验证页面(或/var/www/html/index.html)
《2》修改内核参数禁用RS端响应ARP广播功能。配置RS端的虚拟IP
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 192.168.2.200 netmask 255.255.255.255 broadcast 192.168.2.200 up
《3》添加路由
route add -host 192.168.2.200 dev lo:0
《4》web2操作同步与web1
3、绑定弹性公网IP到虚拟IP上
4、访问虚拟IP
(2)另一台机器同步与LVS1
(3)keepalived配置
《1》修改master配置文件 (vim /etc/keepalived/keepalived.conf)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.200
}
}
virtual_server 192.168.2.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.255
persistence_timeout 1
protocol TCP
real_server 192.168.2.205 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.2.231 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
conect_port 80
}
}
}
《2》keepalived backup配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.200
}
}
virtual_server 192.168.2.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.255
persistence_timeout 1
protocol TCP
real_server 192.168.2.205 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.2.231 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
conect_port 80
}
}
}
《3》重启keepalived
三、验证
《1》关掉master上的keepalived
成功实现高可用与负载均衡
《2》负载均衡验证
可以在ipvsadm -l 观察访问结果