keepalived 单独使用,配置
lvs单独使用,配置(nat模式)
##################################keepalived 单独使用,配置#####################################################
这里考虑nginx stop后不会触发keepalive漂移,就增加了一个脚本使用。
2.主备都装好keepalived
yum -y install keepalived
yum -y install keepalived
3.主配置文件: /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100
}
track_script {
check_web
}
}
chmod +x /scripts/check_web.sh
##################check_web.sh#########
#!/bin/sh
nginxpid=$(pidof nginx | wc -l)
#1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginxpid -eq 0 ];then
systemctl start nginx
sleep 2
#2.等待2秒后再次获取一次Nginx状态
nginxpid=$(pidof nginx | wc -l)
#3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginxpid -eq 0 ];then
systemctl stop keepalived
pkill keepalived
fi
fi
###########################################
4.备配置文件
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100
}
}
5.区别
6.测试
主站停掉keepalived,vip会漂移到备份keepalived
用windows测试arp -a发现mac地址也会漂移到备份的mac
#################################keepalived 单独使用,配置end######################################################
#################################lvs单独使用,配置(nat模式)######################################################
#########################################################################
一、Client:
eth0:外网: 10.0.0.10
eth1:无内网
1.关闭eth1私网: [root@client ~]# ifdown eth1
#########################################################################
二、route:
eth0外网: 10.0.0.200
eth1内网: 172.16.1.200
1.开启forward转发:
[root@route ~]# vim /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@route ~]# sysctl -p
net.ipv4.ip_forward = 1
iptables -t nat -A PREROUTING -d 10.0.0.200 -j DNAT --to 172.16.1.100
查看:路由及防火墙信息
[root@localhost ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere localhost.localdomain to:172.16.1.100
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.2 0.0.0.0 UG 102 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 102 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
#########################################################################
三、DS节点:
eth0:无
eth1:
VIP: 172.16.1.100
DIP: 172.16.1.3 (自己本身的地址)
1.配置一个虚拟VIP地址
eth1 172.16.1.3
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
eth1:1 172.16.1.100
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.16.1.100
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1:1
DEVICE=eth1:1
ONBOOT=yes
2.网关指向Route路由设备;
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.16.1.3
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DNS=223.5.5.5
GATEWAY=172.16.1.200
3.关闭eth0网卡;
ifdown eth0
4.配置LVS规则,这个要开启外网装的,放在前面
[root@lvs-master ~]# yum install ipvsadm -y
装好才有命令再配置 1.增加一个VIP 2.添加real server ip地址,这个可以是负载均衡的或者是真正后端的web或者tomcat -m nat 模式
ipvsadm -A -t 172.16.1.100:80 -s rr
ipvsadm -a -t 172.16.1.100:80 -r 172.16.1.6:80 -m
ipvsadm -a -t 172.16.1.100:80 -r 172.16.1.11:80 -m
#########################################################################
四、RS1节点:
eth0:无外网
eth1:RIP:172.16.1.6
1.配置nginx /code/index.html 跟11有点最好不一样,后面好测试
[root@localhost conf.d]# cat /etc/nginx/conf.d/lvs.conf
server {
listen 80;
server_name lvs.oldxu.com;
root /code;
client_max_body_size 50m;
location / {
index index.html;
}
}
2.网关指向DS的IP地址
[root@localhost conf.d]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.16.1.11
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth1
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
GATEWAY=172.16.1.3
DNS=223.5.5.5
[root@localhost conf.d]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.1.3 0.0.0.0 UG 101 0 0 eth1
172.16.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
3.关闭公网IP地址
[root@proxy-01 ~]# ifdown eth0
#########################################################################
五、RS2节点:
eth0:无外网
eth1:RIP:172.16.1.11
1.配置nginx (同上)
2.网关指向DS的IP地址(同上)
3.关闭公网IP地址
[root@proxy-01 ~]# ifdown eth0
#########################################################################
测试:当然全都要关闭防火墙和selinux
1.client 10.0.0.10
配置成功后测试带head有hosts信息:发现可以轮询访问VIP
[root@backup ~]# curl -HHost:lvs.oldxu.com http://10.0.0.200 | grep WEB
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<title>WEB002微信html5游戏平台——9miao.com国内最大微信开发者社区</title>
100 30320 100 30320 0 0 12.5M 0 --:--:-- --:--:-- --:--:-- 14.4M
[root@backup ~]# curl -HHost:lvs.oldxu.com http://10.0.0.200 | grep WEB
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<title>WEB001微信html5游戏平台——9miao.com国内最大微信开发者社区</title>
100 30320 100 30320 0 0 10.6M 0 --:--:-- --:--:-- --:--:-- 14.4M
#################################lvs单独使用,配置(nat模式)end######################################################