实操:LVS-DR+keepalived群集搭建

思路

关闭重定向功能也就是ARP

ifup ens33:0 启用

break是结束当前所在的循环语句,继续执行后面本循环体之外的语句

exit 0 正常退出应用程序

exit 非零值 异常退出应用程序

后面的值是一个状态码,可以在执行程序后判断这个状态吗

程序:入口(main)有且只有一个,出口有多个

return返回的是状态码,echo返回的是值

GW 网关,vip虚拟IP地址,RIP是web服务器地址

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述
在这里插入图片描述

负载均衡器的缺点:session会话(7层),不可以session共享

nginx’可以反向代理解决7曾的会话共享

在这里插入图片描述

在这里插入图片描述

1 LVS两个节点步骤

1.1 更改主机名,便于查看,LVS负载均衡节点安装ipvsadm和keepalived双节热备实现高可用组件

[root@lvs ~]# hostnamectl set-hostname lvs1
[root@lvs ~]# su
[root@lvs1 ~]# 
[root@lvs1 ~]# yum install keepalived ipvsadm -y
[root@web2 network-scripts]# hostnamectl set-hostname lvs2
[root@web2 network-scripts]# su
[root@lvs2 network-scripts]# yum install keepalived ipvsadm -y

1.2 编辑路由配置文件

[root@lvs1 ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward=1	
#开启路由转发功能
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
//上面三条是proc响应关闭重定向功能

加载一下使配置生效

[root@lvs1 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

1.3 启动虚拟网卡ens33:0,分为临时启用和配置文件永久启用

临时启用:ifconfig 后面跟ens33:0 再跟IP地址

这里使用永久启用

[root@lvs1 ~]# cd /etc/sysconfig/network-scripts/
[root@lvs1 network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@lvs1 network-scripts]# vim ifcfg-ens33:0
#原有内容全部删除,添加下面四条内容
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0

此时自身的ENS33接口的IP地址是192.168.247.206,先不着急开启ens33:0网卡

[root@lvs1 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.247.206  netmask 255.255.255.0  broadcast 192.168.247.255

1.4 创建一个LVS节点的LVS启动脚本

[root@lvs1 network-scripts]# cd /etc/init.d/
[root@lvs1 init.d]# ls
functions  jexec  netconsole  network  README
[root@lvs1 init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.10
RIP1=192.168.100.201
RIP2=192.168.100.202
case "$1" in
start)
        /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
        #先保存
        systemctl start ipvsadm
        #先开启服务
        /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 $VIP up
        #开启ens33:0网卡,ip地址,广播地址,子网掩码
        /sbin/route add -host $VIP dev ens33:0
        #添加路由网段信息
        /sbin/ipvsadm -A -t $VIP:80 -s rr
        #添加LVS设置,访问80端口,使用轮询算法
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
        #-g 代表使用DR,上一次使用的是-m ,代表使用nat(此处为个人理解)
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
        echo "ipvsadm starting ____________________[ok]"
        ;;
stop)
        /sbin/ipvsadm -C
        #清除缓存
        systemctl stop ipvsadm
        #关闭LVS
        ifconfig ens33:0 down
        #关掉虚拟IP
        route del $VIP
        #删掉路由条目
        echo "ipvsadm stoped _______________________[ok]"
        ;;
status)
        if [ ! -e /var/lock/subsys/ipvsadm ];then
        #如果文件不存在,则
        echo "ipvsadm stoped _______________________"
        exit 1
                else
                echo "ipvsadm Runing____________________[ok]"
        fi
        ;;
*)
        echo "Usage: $0 {start|stop|status}"
        exit 1
esac
exit 0
[root@lvs1 init.d]# chmod +x dr.sh 

1.5 先别着急启动,把虚拟机的ens33网卡设置为仅主机模式,修改IP地址为静态IP地址

[root@lvs1 init.d]# cd -
/etc/sysconfig/network-scripts
[root@lvs1 network-scripts]# vim ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f432513-5d7a-455c-88b4-257a9a1dbb45"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.100.110
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@lvs1 init.d]# systemctl restart network
[root@lvs1 init.d]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.110  netmask 255.255.255.0  broadcast 192.168.100.255
        inet6 fe80::413b:c9ad:e0e:1afc  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:d6:c0:8a  txqueuelen 1000  (Ethernet)
        RX packets 55  bytes 4716 (4.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 42  bytes 5443 (5.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255
        ether 00:0c:29:d6:c0:8a  txqueuelen 1000  (Ethernet)

1.6 开启ens33:0网卡,关闭防火墙

[root@lvs1 ~]# ifup ens33:0
[root@lvs1 ~]# service dr.sh start
ipvsadm starting ____________________[ok]
[root@lvs1 ~]# systemctl stop firewalld
[root@lvs1 ~]# setenforce 0

1.7 此时LVS1第一个负载均衡节点已经配置完毕,接下来配置第二个LSV2,配置的内容和lvs1服务器节点一样,差别在静态ip地址

[root@web2 ~]# cd /etc/sysconfig/network-scripts/
[root@web2 network-scripts]# hostnamectl set-hostname lvs2
[root@web2 network-scripts]# su
[root@lvs2 network-scripts]# 
[root@lvs2 network-scripts]# yum install keepalived ipvsadm -y
[root@lvs2 network-scripts]# vim /etc/sysctl.conf 
[root@lvs2 network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@lvs2 network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@lvs2 network-scripts]# vim ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@lvs2 network-scripts]# cd /etc/init.d/
[root@lvs2 init.d]# vim dr.sh
//跟lvs1一致
[root@lvs2 init.d]# chmod +x dr.sh 
[root@lvs2 init.d]# cd -
/etc/sysconfig/network-scripts
[root@lvs2 network-scripts]# vim ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="ae47f80e-74ad-4ce3-b2f9-6d3899cd9a2b"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.100.111
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@lvs2 network-scripts]# systemctl restart network
[root@lvs2 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.111  netmask 255.255.255.0  broadcast 192.168.100.255
        inet6 fe80::1259:c72a:d63c:9f07  prefixlen 64 

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255
        ether 00:0c:29:6b:25:36  txqueuelen 1000  (Ethernet)
[root@lvs2 network-scripts]# cd -
/etc/init.d
[root@lvs2 init.d]# cd -
/etc/sysconfig/network-scripts
[root@lvs2 network-scripts]# service dr.sh start
ipvsadm starting ____________________[ok]
[root@lvs2 network-scripts]# systemctl stop firewalld
[root@lvs2 network-scripts]# setenforce 0
[root@lvs2 network-scripts]# 

2 下面就开始配置两台web节点服务器

2.1更改主机名

[root@localhost ~]# hostnamectl set-hostname web1
[root@localhost ~]# su
[root@web1 ~]#

2.2 安装httpd服务

[root@web1 ~]# yum install httpd -y

2.3 关闭防火墙和增强服务

[root@web1 yum.repos.d]# systemctl stop firewadlld
[root@web1 yum.repos.d]# setenforce 0

2.4 编辑站点的首页信息

[root@web1 ~]# cd /var/www/html
[root@web1 html]# echo "this is kgc web" > index.html

2.4 编辑lo:0虚拟网卡

[root@web1 html]# cd /etc/sysconfig/network-scripts/
[root@web1 network-scripts]# cp -p ifcfg-lo ifcfg-lo:0
[root@web1 network-scripts]# vim ifcfg-lo:0
//原有内容删除,写入下面内容
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=YES

2.5 编辑keepalived的web节点脚本,主要用来限制arp

[root@web1 network-scripts]# cd /etc/init.d/
[root@web1 init.d]# ls
functions  netconsole  network  README
[root@web1 init.d]# vim web.sh
#!/bin/bash
VIP=192.168.100.10
case "$1" in
start)
	ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
	/sbin/route add -host $VIP dev lo:0
	echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
	sysctl -p > /dev/null 2>&1
	echo "RealServer Start OK"
	;;
stop)
	ifconfig lo:0 down
	route del $VIP /dev/null 2>&1
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
	echo "RealServer Stoped"
	;;
*)
	echo "Usage: $0 {start|stop}"
	exit 1
esac
exit 0
把这个web.sh脚本scp到web2节点服务器
[root@web1 init.d]# scp /etc/init.d/web.sh root@192.168.247.154:/etc/init.d/
The authenticity of host '192.168.247.154 (192.168.247.154)' can't be established.
ECDSA key fingerprint is SHA256:Uc0B9+nBzRVbmkCb7FuoF+yLzqsWY8uacWKFdVJCVZE.
ECDSA key fingerprint is MD5:1b:1a:ef:ff:89:db:6e:70:f1:be:91:f8:87:cc:35:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.247.154' (ECDSA) to the list of known hosts.
root@192.168.247.154's password: 
web.sh                                               100%  760   464.9KB/s   00:00    
到web2查看
[root@localhost ~]# hostnamectl set-hostname web2
[root@localhost ~]# su
[root@web2 ~]# cd /etc/init.d/
[root@web2 init.d]# ls
functions  netconsole  network  README  web.sh

2.6回到web1,配置ens33网卡为静态

[root@web1 init.d]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
BOOTPROTO=static	//设为静态
IPADDR=192.168.100.201	//增加
NETMASK=255.255.255.0	//增加
GATEWAY=192.168.100.1	//增加                     

修改网卡模式为仅主机模式后,重启网卡

[root@web1 init.d]# systemctl restart network
[root@web1 init.d]# systemctl stop firewalld
[root@web1 init.d]# setenforce 0
setenforce: SELinux is disabled
[root@web1 init.d]# 
[root@web1 init.d]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.201  netmask 255.255.255.0  broadcast 192.168.100.255
        inet6 fe80::20c:29ff:fe3c:9844  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:3c:98:44  txqueuelen 1000  (Ethernet)
        RX packets 23168  bytes 17442648 (16.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4083  bytes 357167 (348.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.100.10  netmask 255.255.255.0
        loop  txqueuelen 1  (Local Loopback)

网卡修改完毕

2.7 开启服务

[root@web1 init.d]# ls
functions  netconsole  network  README  web.sh
[root@web1 init.d]# chmod +x web.sh 
[root@web1 init.d]# service web.sh start
RealServer Start OK
[root@web1 init.d]# systemctl start httpd
[root@web1 init.d]# 

自检一下

在这里插入图片描述

2.8 然后到另外一台服务器,web2去配置

跟web1一样的操作

先切换网卡为仅主机模式(ipvsadm和keepalived已经yum完毕)

[root@web2 init.d]# systemctl stop firewalld
[root@web2 init.d]# setenforce 0
setenforce: SELinux is disabled
[root@web2 init.d]# cd /var/www/html/
[root@web2 html]# echo "this is accp web2" > index.html
[root@web2 html]# cd /etc/sysconfig/network-scripts/
[root@web2 network-scripts]# ls
ifcfg-ens33  ifdown-isdn      ifup          ifup-plip      ifup-tunnel
ifcfg-lo     ifdown-post      ifup-aliases  ifup-plusb     ifup-wireless
ifdown       ifdown-ppp       ifup-bnep     ifup-post      init.ipv6-global
ifdown-bnep  ifdown-routes    ifup-eth      ifup-ppp       network-functions
ifdown-eth   ifdown-sit       ifup-ib       ifup-routes    network-functions-ipv6
ifdown-ib    ifdown-Team      ifup-ippp     ifup-sit
ifdown-ippp  ifdown-TeamPort  ifup-ipv6     ifup-Team
ifdown-ipv6  ifdown-tunnel    ifup-isdn     ifup-TeamPort
[root@web2 network-scripts]# cp -p ifcfg-lo ifcfg-lo:0
[root@web2 network-scripts]# ls
ifcfg-ens33  ifdown-ipv6      ifdown-tunnel  ifup-isdn    ifup-TeamPort
ifcfg-lo     ifdown-isdn      ifup           ifup-plip    ifup-tunnel
ifcfg-lo:0   ifdown-post      ifup-aliases   ifup-plusb   ifup-wireless
ifdown       ifdown-ppp       ifup-bnep      ifup-post    init.ipv6-global
ifdown-bnep  ifdown-routes    ifup-eth       ifup-ppp     network-functions
ifdown-eth   ifdown-sit       ifup-ib        ifup-routes  network-functions-ipv6
ifdown-ib    ifdown-Team      ifup-ippp      ifup-sit
ifdown-ippp  ifdown-TeamPort  ifup-ipv6      ifup-Team
[root@web2 network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=YES
[root@web2 network-scripts]# vim ifcfg-ens33 
# Generated by dracut initrd
NAME="ens33"
DEVICE="ens33"
ONBOOT=yes
NETBOOT=yes
UUID="e242604f-11ba-46c3-8112-0f30fac1082a"
IPV6INIT=yes
BOOTPROTO=static
TYPE=Ethernet
IPADDR=192.168.100.202
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@web2 network-scripts]# systemctl restart network
[root@web2 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.202  netmask 255.255.255.0  broadcast 192.168.100.255
lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.100.10  netmask 255.255.255.0
        loop  txqueuelen 1  (Local Loopback)
[root@web2 network-scripts]# cd /etc/init.d/
[root@web2 init.d]# ls
functions  netconsole  network  README  web.sh
[root@web2 init.d]# chmod +x web.sh 
[root@web2 init.d]# service web.sh start
RealServer Start OK
[root@web2 init.d]# systemctl start httpd
[root@web2 init.d]# ifup lo:0
[root@web2 init.d]# 

2.9 两台web节点都重新启动一下lo:0网卡

[root@web1 init.d]# ifup lo:0

web2的httpd验证

在这里插入图片描述

3 此时上面两个节点已经部署好了,接下来到lvs节点部署keepdalived

3.1 编辑/etc/keepalived/keepalived.conf脚本

[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf 
 10    smtp_server 127.0.0.1	//smtp邮件服务
 12    router_id LVS_01			//router-id不能相同
 20     state MASTER			//主服务器是MASTER,从服务器是BACKUP
 21     interface ens33			//端口是ens33,未修改的eth0是centos6的网卡名称
 22     virtual_router_id 51	//虚拟的router-id指的是组号,同一个虚拟IP的服务器的组号要一致
 23     priority 100			//优先级,主服务器要比从服务器高,当主服务器宕机时,优先级会自动减,默认减10,所以为了让从服务器顶上去,从服务器的优先级可以设为95
 25     authentication { 		//auth 验证,如果修改的话,同一组号的数据都要相同,这里是实验,就不修改了
 26         auth_type PASS
 27         auth_pass 1111
 28     }
 29     virtual_ipaddress {		//虚拟IP地址,可以写多个,这里留一个就行,192.168.100.10
 30         192.168.200.10
 31         192.168.200.17
 32         192.168.200.18
 33     }
 34 virtual_server 192.168.100.10 80 {		//虚拟IP地址,访问80端口
 36     lb_algo rr				//轮询算法
 37     lb_kind DR				//改为DR模式
 41     real_server 192.168.100.201 80 {		//web节点服务器地址
 42         weight 1			//权重为1
 43         SSL_GET {			//把这一部分删除,43-51,添加使用TCP检查
 44             url {
 45               path /
 46               digest ff20ad2481f97b1754ef3e12ecd3a9cc
 47             } 
 48             url {
 49               path /mrtg/
 50               digest 9b3a0c85a887a256d6939da88aabd8cd
 51             } 
 43         TCP_CHECK {		//43-44为添加部分
 44             connect_port 80
//接下来吧real_server部分复制出来一份在同一个virtual_server中
 50     real_server 192.168.100.202 80 {
 51         weight 1
 52         TCP_CHECK {
 53             connect_port 80
 54             connect_timeout 3
 55             nb_get_retry 3
 56             delay_before_retry 3
 57         }
 58     }
 //然后把其余的部分删掉,
 61 virtual_server 10.10.10.2 1358 {		//从这一行起,往下全部删除

保存退出之后,使用scp复制此脚本到lvs2服务器节点上,然后进行修改

[root@lvs1 ~]# scp /etc/keepalived/keepalived.conf root@192.168.100.111:/etc/keepalived/
The authenticity of host '192.168.100.111 (192.168.100.111)' can't be established.
ECDSA key fingerprint is SHA256:x1H9Hass0iDGNKV6ZT9+Sc5KRNPzbWu3EE5vCsCGa+U.
ECDSA key fingerprint is MD5:99:54:50:44:f6:b5:e6:79:95:ac:79:b9:b4:a7:3a:4c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.111' (ECDSA) to the list of known hosts.
root@192.168.100.111's password: 
keepalived.conf                                      100% 1149   824.4KB/s   00:00    
[root@lvs1 ~]# 

此时切换到lvs2节点,修改scp过来的/etc/keepalived/keepalived.conf文件

[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf 
 12    router_id LVS_02
 20     state BACKUP
 23     priority 95

3.2 配置文件修改完毕,然后可以启动服务了

[root@lvs1 ~]# systemctl start keepalived.service 
[root@lvs2 ~]# systemctl start keepalived.service 

4 测试:打开客户端,设置仅主机模式,设置静态IP

在这里插入图片描述

在这里插入图片描述

4.1 只成功了一次,到服务器里面把网卡重新启动一下

[root@lvs1 ~]# systemctl restart network
[root@lvs1 ~]# ifup ens33:0
[root@lvs1 ~]# systemctl start keepalived.service 
[root@lvs1 ~]# 
[root@lvs2 ~]# systemctl restart network
[root@lvs2 ~]# ifup ens33:0

开启到lvs2的网卡,就成功了

在这里插入图片描述

4.2 这个时候去网页访问一下,访问到web2节点服务器内容

在这里插入图片描述

这个时候关掉LVS1服务器网卡,访问到web1节点服务器内容

[root@lvs1 network-scripts]# systemctl stop network
[root@lvs1 network-scripts]# 

在这里插入图片描述

再次开启LVS1服务器网卡,会发现无法访问,

在这里插入图片描述

再次关闭LVS1服务器网卡,可以访问,此时轮询到web2节点服务器上

在这里插入图片描述

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值