准备环境:
操作系统:CentOS7.9
Keepalived + LVS 高可用集群实验规划
主调度器:IP:192.168.100.2 VIP:192.168.100.200
从调度器:IP:192.168.100.1 VIP:192.168.100.200
Web节点服务器1:IP:192.168.100.3 lo:0: 192.168.100.200
Web节点服务器2:IP:192.168.100.4 lo:0: 192.168.100.200
配置主服务器
调整/proc内核参数,关闭ARP响应
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p ##生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
安装keepalived和LVS集群管理工具
[root@localhost ~]# yum -y install keepalived.x86_64 ipvsadm
修改keepalived配置文件
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_1 ##主调度器名称
}
vrrp_instance VI_1 { ##定义VRRP热备实例
state MASTER ##主调度器热备状态
interface ens33 ##承载VIP接口的物理接口
virtual_router_id 51 ##虚拟路由器的ID号,每个热备组保持一致
priority 100 ##主调度器的优先级,越大越优先
advert_int 1 ##通告间隔秒数(心跳频率)
authentication { ##主从热备认证信息
auth_type PASS ##认证类型
auth_pass 1111 ##密码子串
}
virtual_ipaddress { ##指定群集VIP地址
192.168.100.200
}
}
**配置后台Web服务器池**
virtual_server 192.168.100.200 80 { ##虚拟服务器地址(VIP)端口
delay_loop 15 ##健康检查的间隔时间(秒)
lb_algo rr ##轮询调度算法(rr)
lb_kind DR ##直接路由(DR)群集工作模式
persistence_timeout 60 ##连接保持时间(秒)
protocol TCP ##应用服务采用的是TCP协议
real_server 192.168.100.3 80 { ##第一台web节点的地址端口
weight 1 ##节点的权重
TCP_CHECK { ##健康检查的方式
connect_port 80 ##检查的目标端口
connect_timeout 3 ##连接超时(秒)
nb_get_retry 3 ##重试次数
delay_before_retry 4 ##重试间隔(秒)
}
}
real_server 192.168.100.4 80 { ##第二台web节点的地址端口号
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
启动keepalived服务
[root@localhost ~]# systemctl enable keepalived.service --now
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c5:90:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.200/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::a146:fc1a:ce17:d217/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置从服务器
调整/proc内核参数,关闭ARP响应
[root@localhost ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p ##生效
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
修改keepalived配置文件
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
}
**配置后台Web服务器池**
virtual_server 192.168.100.200 80 {
delay_loop 15
lb_algo rr
lb_kind DR
persistence_timeout 60
protocol TCP
real_server 192.168.100.3 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.4 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
启动keepalived服务
[root@localhost ~]# systemctl enable keepalived.service --now
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:29:1d:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::c839:a28c:e8e6:16e7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
注意:主服务器没有发生故障在从服务器是看不到VIP地址的,当主服务down掉时在从服务器上就可以查看到VIP地址
配置Web1节点服务器(web1和web2节点服务器配置相同再此只拿web1举栗子)
配置虚拟IP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.100.200 ##VIP地址
NETMASK=255.255.255.255
ONBOOT=yes
[root@localhost network-scripts]# ifup ifcfg-lo:0
[root@localhost network-scripts]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
为虚拟接口lo:0配置VIP地址
[root@localhost ~]# echo "route add -host 192.168.100.200 dev lo:0" >>/etc/rc.local
[root@localhost ~]# route add -host 192.168.100.200 dev lo:0
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.100.200 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# vim /var/www/html/index.html
192.168.100.3
测试访问VIP地址看看是否可以切换