Install
Install necessary environment components and applications
yum -y install gcc openssl-devel popt-devel libnl* kernel-devel ipvsadm libnfnetlink libnfnetlink-devel net-snmp-agent-libs
download keepalived
wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
Establish a kernel soft link
ln -s /usr/src/kernels/$(uname -r)/ /usr/src/linux
Unzip and compile and install
tar xvf keepalived-1.3.5.tar.gz
cd keepalived-1.3.5
./configure
make && make install
Create a soft link for some application files for the convenience of future operations
ln -s /usr/local/etc/keepalived/ /etc/
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/sbin/keepalived /usr/sbin/
==#You can also install it directly with yum==
Configuration file parsing
/etc/keepalived/keepalived.conf
global_defs {
# 全局配置模块
}
vrrp_instance VI_1 {
# VRRP配置模块
}
virtual_server 192.168.111.100 80 {
# LVS配置模块
}
Configuration instance
server | IP address | illustrate |
---|---|---|
Main LVS scheduler | 192.168.40.11 | Load balancing for accessing web servers |
Secondary LVS scheduler | 192.168.40.12 | Use Keepalived for dual-system backup to ensure the stability of LVS load balancing |
LVS Scheduler VIP | 192.168.111.100 | Write the VIP in the Keepalibed configuration file |
web server | 192.168.40.135 | Backend web server using LNMP environment |
WEB server 2 | 192.168.40.136 | Backend web server using LAMP environment |
Configure the main LVS server vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
#主服务器参数
interface eno16777736
#网卡接口参数
virtual_router_id 51
#VRID,主备服务器要保持一致
priority 100
#优先级ID越大优先级越高
advert_int 1
#心跳线检验时间
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.111.100
#VIP地址
}
}
virtual_server 192.168.111.100 80 {
#LVS服务器地址,使用VIP地址
delay_loop 6
#健康检查时间
lb_algo rr
#LVS调度算法
lb_kind DR
#LVS工作模式
#persistence_timeout 50
#保持客户端的请求在这个时间段内全部发到同一个真实服务器,单位为秒
protocol TCP
#使用协议
real_server 192.168.40.135 80 {
#后端真实WEB服务器1
weight 1
#配置节点权重值,值高权重
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
real_server 192.168.40.136 80 {
#后端真实WEB服务器2
weight 1
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
}
Configure backup server vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
#备份服务器参数
interface ens33
#网卡接口参数
virtual_router_id 51
#VRID,主备服务器要保持一致
priority 99
#优先级ID越大优先级越高
advert_int 1
#心跳线检验时间
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.111.100
#VIP地址
}
}
virtual_server 192.168.111.100 80 {
#LVS服务器地址,使用VIP地址
delay_loop 6
#健康检查时间
lb_algo rr
#LVS调度算法
lb_kind DR
#LVS工作模式
#persistence_timeout 50
#保持客户端的请求在这个时间段内全部发到同一个真实服务器,单位为秒
protocol TCP
#使用协议
real_server 192.168.40.135 80 {
#后端真实WEB服务器1
weight 1
#配置节点权重值,值高权重
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
real_server 192.168.40.136 80 {
#后端真实WEB服务器2
weight 1
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
}
After the configuration is completed, the keepalived service is enabled, and the boot auto-start is added.
/usr/sbin/keepalived
echo '/usr/sbin/keepalived' >> /etc/rc.local
==# If you use systemctl to start, it will prompt PID file /usr/local/var/run/keepalived.pid not readable (yet?) after start. The service cannot be enabled, you can manually create a PID file and write the process value (ps aux View the keepalived process) and restart ==
At this point, you can test the high availability of Keepalived. You can use ip add to check whether the main LVS server has a public VIP address of 192.168.111.100. If so, check whether the backup LVS server has it. The backup server should be absent. The keepalived service is disabled, and then look at the backup LVS, if there is a public VIP address, it means that Keepalived can be used and you can look down.
WEB server configuration
Both WEB servers add loopback VIP addresses cat /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
BOOTPROTO=static
IPADDR=192.168.111.100
NETMASK=255.255.255.0
NETWORK=192.168.111.10
ONBOOT=yes
Multiple devices have been set with VIP addresses. In order to prevent address conflicts, modify the kernel ARP parameters==# Note that the eth0 network card here is partly changed according to the information of different host network cards. If you want to take effect permanently, you need to write the network card configuration information to the configuration. in file==
#!/bin/bash
#description: config realserver lo and apply noarp
WEB_VIP=192.168.111.100 #填写对应的公网VIP地址
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $WEB_VIP netmask 255.255.255.255 broadcast $WEB_VIP
/sbin/route add -host $WEB_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/default/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/default/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $WEB_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/default/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/default/arp_announce
echo "RealServer Stoped"
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $WEB_VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $WEB_VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
Enable routing forwarding
sed -i '/ip_forward/s/0/1/' /etc/sysctl.conf
Reload the sysctl file
sysctl -p
verification inspection
Check the current status of ipvsadm on the active and standby Keepalived servers
ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.111.100:80 rr
-> 192.168.40.135:80 Route 1 0 0
-> 192.168.40.136:80 Route 1 0 0
At this point, you can access the VIP address test results.
Note: The main write configuration information, the test service is intercepted because the picture always fails, you can do the service test according to the case by yourself