环境说明
拓扑结构:
(图片来源网络,侵删)
rpm包:
ipvsadm-1.27-7.el7.x86_64
keepalived-1.3.5-1.el7.x86_64
nginx-1.12.2
部署LVS节点
LVS1:
1.安装lvs和keepalived
[root@lvs1 ~]# yum -y install keepalived ipvsadm
2. 修改Keepalived配置文件 (lvs1上)
[root@lvs1 ~]# cat /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 [email protected]
6 [email protected]
7 [email protected]
8 }
9 notification_email_from [email protected]
10 smtp_server 192.168.200.1
11 smtp_connect_timeout 30
12 router_id LVS1
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
18
19 vrrp_instance VI_1 { # 第一个主备集群
20 state MASTER
21 interface eth0
22 virtual_router_id 51
23 priority 100
24 advert_int 1
25 authentication {
26 auth_type PASS
27 auth_pass TANG_ENGINEER #做优先级对比的密码 ,可以自定义 ,但要统一
28 }
29 virtual_ipaddress {
30 192.168.4.33 # vip地址1
31 }
32 }
33
34 virtual_server 192.168.4.33 80 {
35 delay_loop 6
36 lb_algo wrr
37 lb_kind DR
38 protocol TCP
39
40 real_server 192.168.4.66 80 { # RS1
41 weight 1
42 TCP_CHECK { #做tcp端口校验
43 connect_timeout 3
44 nb_get_retry 3
45 delay_before_retry 3
46 }
47 }
48 real_server 192.168.4.77 80 { # RS2
49 weight 1
50 TCP_CHECK { #做tcp端口校验
51 connect_timeout 3
52 nb_get_retry 3
53 delay_before_retry 3
54 }
55 }
56 }
57 ############### 访问192.168.4.33 时LVS1为主 LVS2为备
58 vrrp_instance VI_2 { # 第二个主备集群
59 state MASTER
60 interface eth0
61 virtual_router_id 50 #VRID 值要跟第一个不一样
62 priority 10
63 advert_int 1
64 authentication {
65 auth_type PASS
66 auth_pass tang_engineer #做优先级对比的密码 ,可以自定义 ,但要统一
67 }
68 virtual_ipaddress {
69 192.168.4.22 # vip地址2
70 }
71 }
72
73 virtual_server 192.168.4.22 80 {
74 delay_loop 6
75 lb_algo wrr
76 lb_kind DR
77 protocol TCP
78
79 real_server 192.168.4.66 80 { # RS1
80 weight 1
81 TCP_CHECK {
82 connect_timeout 3
83 nb_get_retry 3
84 delay_before_retry 3
85 }
86 }
87 real_server 192.168.4.77 80 { # RS2
88 weight 1
89 TCP_CHECK {
90 connect_timeout 3#做tcp端口校验
91 nb_get_retry 3
92 delay_before_retry 3
93 }
94 }
95 }
############### 访问192.168.4.22 时LVS2为主 LVS1为备
- [root@lvs1 ~]# systemctl restart keepalived.service
- [root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.4.22:80 wrr
-> 192.168.4.66:80 Route 1 0 0
-> 192.168.4.77:80 Route 1 0 0
TCP 192.168.4.33:80 wrr
-> 192.168.4.66:80 Route 1 0 0
-> 192.168.4.77:80 Route 1 0 0
LVS2:
(步骤和lvs1相同,对比keepalived文件)
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 [email protected]
6 [email protected]
7 [email protected]
8 }
9 notification_email_from [email protected]
10 smtp_server 192.168.200.1
11 smtp_connect_timeout 30
12 router_id LVS1
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
18
19 vrrp_instance VI_1 { # 第一个主备集群
20 state MASTER
21 interface eth0
22 virtual_router_id 51 # 第一个主备集群的VRID
23 priority 100
24 advert_int 1
25 authentication {
26 auth_type PASS
27 auth_pass TANG_ENGINEER #做优先级对比的密码 ,可以自定义 ,但要统一
28 }
29 virtual_ipaddress {
30 192.168.4.33 # vip地址1
31 }
32 }
33
34 virtual_server 192.168.4.33 80 {
35 delay_loop 6
36 lb_algo wrr
37 lb_kind DR
38 protocol TCP
39
40 real_server 192.168.4.66 80 {
41 weight 1
42 TCP_CHECK { #做tcp端口校验
43 connect_timeout 3
44 nb_get_retry 3
45 delay_before_retry 3
46 }
47 }
48 real_server 192.168.4.77 80 {
49 weight 1
50 TCP_CHECK { #做tcp端口校验
51 connect_timeout 3
52 nb_get_retry 3
53 delay_before_retry 3
54 }
55 }
56 }
57 ############
58 vrrp_instance VI_2 {
59 state BAKEUP
60 interface eth1
61 virtual_router_id 50 # 第二个主备集群的VRID
62 priority 10
63 advert_int 1
64 authentication {
65 auth_type PASS
66 auth_pass tang_engineer #做优先级对比的密码 ,可以自定义 ,但要统一
67 }
68 virtual_ipaddress {
69 192.168.4.22 # vip地址2
70 }
71 }
72
73 virtual_server 192.168.4.22 80 { #定义集群二
74 delay_loop 6
75 lb_algo wrr
76 lb_kind DR
77 protocol TCP
78
79 real_server 192.168.4.66 80 { #RS1
80 weight 1
81 TCP_CHECK { #做tcp端口校验
82 connect_timeout 3
83 nb_get_retry 3
84 delay_before_retry 3
85 }
86 }
87 real_server 192.168.4.77 80 { #RS2
88 weight 1
89 TCP_CHECK { #做tcp端口校验
90 connect_timeout 3
91 nb_get_retry 3
92 delay_before_retry 3
93 }
94 }
95 }
查看LVS节点的VIP
LVS1的VIP为:192.168.4.33
[root@lvs1 ~]# ip a s eth0
inet 192.168.4.22/22 scope global eth0
LVS2的VIP为:192.168.4.22
[root@lvs1 ~]# ip a s eth0
inet 192.168.4.22/32 scope global eth0
web服务器配置
VIP地址配置
[root@web1 ~]# cp /etc/sysconfig/network-scripts/ifcfg- \ l{o,o:0,o:1}
[root@web1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-\ l{o:0,o:1}
DEVICE=lo:0
IPADDR=192.168.4.33
NETMASK=255.255.255.255
NETWORK=192.168.4.33
BROADCAST=192.168.4.33
ONBOOT=yes
NAME=lo:0
DEVICE=lo:1
IPADDR=192.168.4.22
NETMASK=255.255.255.255
NETWORK=192.168.4.22
BROADCAST=192.168.4.22
ONBOOT=yes
NAME=lo:1
忽略ARP广播
[root@web1 ~]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_anounce = 2
激活VIP
[root@web1 ~]# systemctl restart network
[root@web1 ~]# ifconfig lo:0
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.4.33 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@web1 ~]# ifconfig lo:1
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.4.22 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
注:web1 和 web2 的配置一致所以采用 rsync 同步后激活VIP即可
部署web测试页面,开启web服务
[root@web1 ~]#echo Holle world > /usr/local/nginx/html/index.html
(web1 和 web2 已经做了 网页目录的实时同步 )
[root@web1 ~]#ss -antpu |grep nginx
tcp LISTEN 0 128 *:80 : users:((“nginx”,pid=2147,fd=6),(“nginx”,pid=2146,fd=6))
[root@web2 ~]#ss -antpu |grep nginx
tcp LISTEN 0 128 *:80 : users:((“nginx”,pid=2147,fd=6),(“nginx”,pid=2146,fd=6))
客户端测试
[root@yaya ~]# curl 192.168.4.33
Holle world
[root@yaya ~]# curl 192.168.4.22
Holle world
可以看到通过访问不同的VIP地址均可收到相同的页面信息
以上架构均已通过测试上线,有不队之处欢迎指出
谢谢