(1)实验环境:两台高可用主机、两台web主机
(2)在Ha1、Ha2服务器上,利用keepalived实现高可用、高负载
1.配置负载调度器(Ha1、Ha2相同)
1.1.关闭防火墙&selinux
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
1.2.安装高可用服务和ipvsadm工具
yum -y install ipvsadm keepalived
modprobe ip_vs
cat /proc/net/ip_vs
1.3.配置keeplived(Ha1(主)、Ha2(备)上都要配置)
#配置keeplived(Ha1、Ha2上都要设置)
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #邮件服务指向本地
smtp_connect_timeout 30
router_id LVS_01 #指定服务器名称,主备服务器名称不同
vrrp_skip_check_adv_addr
# vrrp_strict #禁用vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { #定义VRRP热备实例参数
state MASTER #指定热备状态,主:MASTER,备:BACKUP
interface ens160 #指定承载地址的物理接口
virtual_router_id 1 #指定虚拟路由器的ID号,主备保持一致
priority 100 #指定服务器优先级,主:100,备:90
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息
autu_type PASS #认证类型
auth_pass P@ssw0rd #指定验证密码,主备保持一致
}
virtual_ipaddress { #指定集群地址
192.168.100.200
}
}
virtual_server 192.168.100.200 80 { #指定虚拟服务器地址、端口,定义虚拟服务器和web服务器参数
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
lb_kind DR #指定集群工作模式,直接路由(DR)
persistence_timeout 50 #连接保持时间(秒)
protocol TCP #应用服务采用的是TCP协议
real_server 192.168.100.37 80 { #指定第一个web节点地址、端口
weight 1 #节点的权重
TCP_CHECK {
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 4 #添加重试间隔
}
}
real_server 192.168.100.38 80 { #指定第二个web节点的地址、端口
weight 1
HTTP_GET {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
注释:删除后面多余的配置
#启动keepalived
systemctl start keepalived
1.4.备份服务器相关配置文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_02
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 1
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass P@ssw0rd
}
virtual_ipaddress {
192.168.100.200
}
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.37 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.38 80 {
weight 1
HTTP_GET {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
1.5.启动keepalived服务
systemctl start keepalived
ip addr show dev ens160 #查看集群IP是否添加成功
1.6.配置分发策略(主、备)
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
ipvsadm -C
ipvsadm -A -t 192.168.100.200:80 -s rr
ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.37:80 -g
ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.38:80 -g
ipvsadm
ipvsadm -ln
ipvsadm-save > /etc/sysconfig/ipvsadm
1.7.调整内核proc响应参数,关闭Linux内核的重定向参数响应
vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens160.send_redirects = 0
sysctl -p
(3)为两台web服务器配置虚拟IP地址和添加回环路由
1.调整内核参数
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
2.配置回环地址(地址就是集群地址)
ifconfig lo:0 192.168.100.200 netmask 255.255.255.255 broadcast 192.168.100.200
3.添加路由
route add -host 192.168.10.150 dev lo:0
(4)测试web服务集群
1.关闭两台web服务器的防火墙和selinux
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
2.在两台web服务器上创建测试网页
/usr/share/nginx/html
rm -rf *
echo "web1:192.168.100.37" > index.html
echo "web2:192.168.100.38" > index.html
3.重启web服务器
systemctl restart nginx
4.查看高可用服务器,目前只有主服务器存在虚拟IP
5.客户端访问测试,成功实现负载均衡
6.高可用服务器测试,关闭主服务器,查看备份服务器,备份服务器成功抢占虚拟IP