部署环境
Name | Version |
---|---|
CentOS 7 | 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux |
keepalived | keepalived.x86_64 0:1.3.5-6.el7 |
主机规划
ip | function |
---|---|
192.168.106.131 | Keeplived master+Load Blancer 01 |
192.168.106.132 | Keeplived master+Load Blancer 02 |
192.168.106.128 | Real Server 01 |
192.168.106.130 | Real Server 02 |
... | ... |
各主机统一关闭
关闭SElinux
# getenforce
Enforcing
# setenforce 0 //临时关闭SElinux
# getenforce
Permissive
# vi /etc/selinux/config
//把SELINUX=enforcing改为SELINUX=disabled永久关闭SElinux
关闭firewalld
# systemctl stop firewalld //临时关闭防火墙
# systemctl disable firewalld //永久开机关闭防火墙
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
安装keepalived
131和132都安装keepalived
# yum install -y keepalived
设定v_ip为100,编辑131上master的keepalived配置文件(暂定义2台Real Server,复数台直接往下加。)
# vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#备用服务器上为 BACKUP
state MASTER
#绑定vip的网卡为ens33,你的网卡和阿铭的可能不一样,这里需要你改一下
interface ens33
virtual_router_id 51
#备用服务器上为90
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass zyshanlinux
}
virtual_ipaddress {
192.168.106.100
}
}
virtual_server 192.168.106.100 80 {
#(每隔10秒查询realserver状态)
delay_loop 10
#(lvs 算法)
lb_algo dh
#(DR模式)
lb_kind DR
#(同一IP的连接60秒内被分配到同一台realserver)
persistence_timeout 0
#(用TCP协议检查realserver状态)
protocol TCP
real_server 192.168.106.128 80 {
#(权重)
weight 100
TCP_CHECK {
#(10秒无响应超时)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.106.130 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
设定v_ip为100,编辑132上backup的keepalived配置文件
# vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
#备用服务器上为 BACKUP
state BACKUP
#绑定vip的网卡为ens33,你的网卡和阿铭的可能不一样,这里需要你改一下
interface ens33
virtual_router_id 51
#备用服务器上为90
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass zyshanlinux
}
virtual_ipaddress {
192.168.106.100
}
}
virtual_server 192.168.106.100 80 {
#(每隔10秒查询realserver状态)
delay_loop 10
#(lvs 算法)
lb_algo dh
#(DR模式)
lb_kind DR
#(同一IP的连接60秒内被分配到同一台realserver)
persistence_timeout 0
#(用TCP协议检查realserver状态)
protocol TCP
real_server 192.168.106.128 80 {
#(权重)
weight 100
TCP_CHECK {
#(10秒无响应超时)
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.106.130 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
131和132都启动keepalived,并确认都开启成功;这时ip addr可以看到V_IP在131master上,关闭131master上的keepalived,V_IP平滑到132backup上;重启131master上的keepalived,ip addr可以看到V_IP又平滑回131master上,实现高可用。
keepalived加入开机启动。
LVS DR
在所有的Real Server上都运行脚本/usr/local/sbin/lvs_rs.sh,所有站点域名解析到同一个ip上
# vi /usr/local/sbin/lvs_rs.sh
#/bin/bash
vip=192.168.106.100
#把vip绑定在lo上,是为了实现rs直接把结果返回给客户端
ifdown lo
ifup lo
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
#以下操作为更改arp内核参数,目的是为了让rs顺利发送mac地址给客户端
#参考文档www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
统一IP端口脚本也要添加进开机启动。