参考链接
https://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html
https://yq.aliyun.com/articles/38538
vmware虚拟出4台主机,LVS服务器两张网卡,一桥接模式,一张仅主机模式,两台服务器都为仅主机模式。
LVS_master的桥接网卡ip 为192.168.1.196,内网ip:10.0.0.49。
lvs-backup:外网192.168.1.197,内网为::10.0.0.52。
两台web服务器的ip为10.0.0.51,10.0.0.52.
虚拟IP为192.168.1.198,虚拟网关为10.0.0.100
系统版本:CentOS Linux release 7.3.1611 (Core)
拓扑图:
【1】安装ipvsadm和keepalived
在LVS_master和LVS_backup两台机器上安装ipvsadm和keepalived
[root@localhost ~]# yum install -y ipvsadm[root@localhost ~]# yum install -y keepalived【2】配置主从LVS服务器
a,开户路由转发功能
[root@localhost ~]# vim /etc/sysctl.conf # sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1注意:删除配置文件中的 vrrp_strict,否则会导致不能ping能虚拟出来的VIP和虚拟网关,导致访问服务失败。
b,lvs_master keepalived配置文件
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_MASTER
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.198
}
}
vrrp_instance LAN_GATEWAY {
state MASTER
interface ens37
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 111
}
virtual_ipaddress {
10.0.0.100
}
}
virtual_server 192.168.1.198 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
# persistence_timeout 50
protocol TCP
real_server 10.0.0.51 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.52 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
c,lvs_backup keepalived配置文件
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_BACK
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.198
}
}
vrrp_instance LAN_GATEWAY {
state BACKUP
interface ens37
virtual_router_id 52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 111
}
virtual_ipaddress {
10.0.0.100
}
}
virtual_server 192.168.1.198 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
# persistence_timeout 50
protocol TCP
real_server 10.0.0.51 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.0.0.52 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}d,在两台LVS上运行keepalived服务
[root@localhost ~]# systemctl start keepalivede,配置两台WEB服务
将两台WEB服务器的网关设置成10.0.0.100.
配置WEB服务略。内容不一样即可,只做简单测试。
【3】结果
a,从局域网中的一台机器ping VIP 192.168.1.198可以ping通。
b,在LVS_master查看
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr
-> 10.0.0.51:80 Masq 1 0 0
-> 10.0.0.52:80 Masq 1 0 0 c,ens33 有VIP,ens37下有虚拟网关
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:4b:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.196/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.1.198/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe76:4b2d/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:76:4b:37 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.49/24 brd 10.0.0.255 scope global ens37
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::3dcf:cdc5:fb91:b4a4/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ffd,在WEB1中ping 虚拟网关可以ping通
[root@localhost keepalived]# ping 10.0.0.100
PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.
64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=0.353 ms
64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.325 ms
64 bytes from 10.0.0.100: icmp_seq=3 ttl=64 time=0.390 ms
64 bytes from 10.0.0.100: icmp_seq=4 ttl=64 time=0.554 ms
64 bytes from 10.0.0.100: icmp_seq=5 ttl=64 time=0.354 mse,在LVS_master,使用curl验证
[root@localhost ~]# curl 192.168.1.198
rs1rs1
[root@localhost ~]# curl 192.168.1.198
rs2rs2f,在局域网中验证
【3】热备验证
1,关闭LVS_master
[root@localhost ~]# shutdown -h now2,在LVS_backup查看
VIP和虚拟网关自动绑定到LVS_backup上
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8a:7a:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.197/24 brd 192.168.1.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.1.198/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8209:4d1d:a7e4:8658/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:8a:7a:0b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.50/24 brd 10.0.0.255 scope global ens37
valid_lft forever preferred_lft forever
inet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic ens37
valid_lft 1432sec preferred_lft 1432sec
inet 10.0.0.100/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8a:7a0b/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr
-> 10.0.0.51:80 Masq 1 0 1
-> 10.0.0.52:80 Masq 1 0 1 局域网上机器仍能正常访问
关闭WEB1中的web服务
[root@localhost ~]# systemctl stop nginx集群中服务只剩下WEB2了。
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr
-> 10.0.0.52:80 Masq 1 0 开启WEB1中的web服务
[root@localhost ~]# systemctl start nginx集群中服务又恢复正常
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr
-> 10.0.0.51:80 Masq 1 0 0
-> 10.0.0.52:80 Masq 1 0 0