注意:NAT模式的keepalive做的时候vip和dip都要漂移,因为要在real-server上配置指向lvs上的dip地址的路由,这个路由只能指定一个dip地址,所以dip要跟着一起漂移过去;还有一个方法就是写一个脚本,当lvs-server在master和backup之间切换时实现在real-server上重新指定一个在工作状态的lvs-server的dip的路由,这个比较复杂,不如直接实现dip漂移
注意:这个vip和dip可以不是你机器上eth0和eth1接口上的网卡地址,直接在keepalived配置文件里配置的时候随意写一个
前提:基于NAT的keepalive最好real-server用192的地址,vip要用桥接模式的地址,保证客户端地址不能和real-server相通,也就是构建一个内网和外网的环境
关闭iptables和selinux
两台real-server上都有web服务
第一步:在lvs-server上安装keepalived
在master-server上:yum install keepalived -y
[root@centos7 /etc/keepalived]#vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@magedu.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_keepalive(随便写)
}
vrrp_instance VI_1 { # 配置vip
state MASTER
interface eth0(桥接模式的网卡)
virtual_router_id 20(不能乱改,会影响keepalive工作)
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.17.123.100/16(vip地址)
}
}
vrrp_instance VI_2 { #配置dip
state MASTER
interface eth1(仅主机模式的ip地址,也可以是桥接模式的ip)
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.159.123/24(lvs上的dip地址)
}
}
virtual_server 172.17.123.100 80 { vip地址
delay_loop 6 服务器切换间隔
lb_algo rr 工作方式为轮询
lb_kind NAT keepalive是基于NAT模式
nat_mask 255.255.0.0 (不同于DR模式,DR模式是255.255.255.255)
# persistence_timeout 50
protocol TCP
real_server 192.168.159.131 80 { (后端 real-serverip地址)
weight 1
HTTP_GET {
url {
path /
# digest ff20ad2481f97b1754ef3e12ecd3a9cc 注释掉,因为对keepalive可能会有影响
}
url {
path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd注释掉,因为对keepalive可能会有影响
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.17.123.100 80 { vip地址
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.159.128 80{ 后端real-server地址
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
在lvs-server-backup上:yum install keepalived -y
[root@centos7 /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@magedu.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_keepalive
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20()
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.17.123.100/16 vip地址
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 20
priority 180
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.159.123/24(dip地址)
}
}
virtual_server 172.17.123.100 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.0.0
# persistence_timeout 50
protocol TCP
real_server 192.168.159.131 80 {
weight 1
HTTP_GET {
url {
path /
# digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.17.123.100 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.159.128 80{
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
# digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
第二步:分别在lvs-server-master和lvs-server-backup上开启路由转发
在lvs-server-master 上:echo 1 > /proc/sys/net/ipv4/ip_forward
lvs-server-backup上:echo 1 > /proc/sys/net/ipv4/ip_forward
第三步:分别在lvs-server-master和lvs-server-backup上配置路由指向lvs-server的dip地址(lvs-server就是lvs-server)
ip route add default via 192.168.159.123(是lvs-server的dip地址)
ip route add default via 192.168.159.123
第四步:开启master和backup的lvs-server :systemctl start keepalived
在客户端测试:
[root@localhost ~]# for i in {1..100};do curl 172.17.123.100;sleep 1;done
发现停止任何一台lvs-server都不会影响到客户端的正常访问
说明;在keepalived配置文件里添加的vip和dip不是手工用ifconfig添加的,就是直接在配置文件里指定一个vip和dip地址,这两个地址在master出问题时才起作用,他们俩个一起漂移到backup上,分别到eth0和eth1的网卡上发挥各自的作用,master上也有自己原有的eth0和eth1的ip 地址,一个网卡上可以有多个地址