LVS+Keepalive
https://blog.csdn.net/weixin_42342456/article/details/86100090
| IP | 角色 | 主机名 | 用户名/密码 |
|---|---|---|---|
| 172.16.102.38 | Nginx web | node1 | root/1 |
| 172.16.102.39 | Nginx web | node2 | root/1 |
| 172.16.0.52 | lvs+keepalived | LVS1 | root/123456 |
| 172.16.0.53 | lvs+keepalived | LVS2 | root/123456 |
(1)配置后端web服务器 Web_Server1 基本配置:
yum -y install epel-release //安装Nginx源 yum -y install nginx //安装Nginx systemctl start nginx //启动Nginx服务 systemctl enable nginx //加入开机自启 mv /usr/share/nginx/html/index.html /usr/share/nginx/html/index.html_bak //备份原有默认页面 vi /usr/share/nginx/html/index.html //测试页面 This is Server 111111 //测试页面内容 为了便于实验验证,关闭防火墙和selinux systemctl stop firewalld setenforce 0
(2)配置LVS LVS1
yum -y install keepalived* ipvsadm # 安装keepalived和lvs管理工具 modprobe ip_vs //加载内核模块 mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak //备份配置文件
主端
vim /etc/keepalived/keepalived.conf //配置keepalived和DR
vi /etc/keepalived/keepalived.conf //配置keepalived和DR global_defs { router_id LVS_TEST #服务器名字 } vrrp_instance VI_1 { state MASTER #配置主备,备用机此配置项为BACKUP interface ens33 #指定接口 virtual_router_id 51 #指定路由ID,主备必须一样 priority 101 #设置优先级,主略高于备份 advert_int 1 #设置检查时间 authentication { auth_type PASS #设置验证加密方式 auth_type 1234 #设置验证密码 } virtual_ipaddress { 192.168.1.100 } } virtual_server 192.168.1.100 80 { delay_loop 15 #健康检查时间 lb_algo rr #LVS调度算法 lb_kind DR #LVS工作模式 !persistence 60 #是否保持连接,!不保持 protocol TCP #服务采用TCP协议 real_server 192.168.1.10 80 { weight 1 #权重 TCP_CHECK { #TCP检查 connect_port 80 #检查端口80 connect_timeout 3 #超时时间3秒 nb_get_retry 3 #重试次数3次 delay_before_retry 4 #重试间隔4秒 } } real_server 192.168.1.20 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } }
为了方便实验验证关闭防火墙和selinux
systemctl stop firewalld
setenforce 0
重启keepalived服务
systemctl restart keepalived
systemctl enable keepalived
通过ip a验证虚拟IP是否生效
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:1c:36:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.30/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 172.16.102.100/32 scope global ens33 #虚拟IP
valid_lft forever preferred_lft forever
inet6 fe80::e407:238a:8fd0:2ee8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# -----------------------------我做的----------------------------------
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 98:f5:37:e1:b7:0e brd ff:ff:ff:ff:ff:ff
inet 172.16.0.52/16 brd 172.16.255.255 scope global noprefixroute enp7s0
valid_lft forever preferred_lft forever
inet 172.16.102.100/32 scope global enp7s0 #可以看到VIP
valid_lft forever preferred_lft forever
inet6 fe80::2979:e126:dc3e:6627/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp8s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 98:f5:37:e1:b7:0f brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:97:2a:e9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:97:2a:e9 brd ff:ff:ff:ff:ff:ff
LVS2的配置同LVS1,只需将配置文件中下面两处修改即可
vim /etc/keepalived/keepalived.conf
global_defs { router_id LVS_TEST } vrrp_instance VI_1 { state BACKUP #类型为备份 interface em1 virtual_router_id 51 priority 99 #优先级 advert_int 1 authentication { auth_type PASS auth_type 1234 } virtual_ipaddress { 172.16.102.100 } } virtual_server 172.16.102.100 80 { delay_loop 15 lb_algo rr lb_kind DR !persistence 60 protocol TCP real_server 172.16.102.38 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } real_server 172.16.102.39 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 3 nb_get_retry 3 delay_before_retry 4 } } }
关掉主服务器的keepalived服务,验证备份的keepalived是否生效
systemctl stop keepalived
# 主端
在备端查看VIP是否已经漂移
[root@lvs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:97:50:6a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.40/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 172.16.102.100/32 scope global ens33 #虚拟IP漂到备份服务器上了
valid_lft forever preferred_lft forever
inet6 fe80::422b:2205:9d05:215d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
# --------------------------我做的-----------------------
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether d4:ae:52:78:82:3c brd ff:ff:ff:ff:ff:ff
inet 172.16.0.53/16 brd 172.16.255.255 scope global noprefixroute em1
valid_lft forever preferred_lft forever
inet 172.16.102.100/32 scope global em1 # VIP飘过来了
valid_lft forever preferred_lft forever
inet6 fe80::634b:7788:48cb:554f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: em2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether d4:ae:52:78:82:3e brd ff:ff:ff:ff:ff:ff
4: em3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether d4:ae:52:78:82:40 brd ff:ff:ff:ff:ff:ff
5: em4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether d4:ae:52:78:82:42 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:04:73:82 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:04:73:82 brd ff:ff:ff:ff:ff:ff
验证DR是否生效 
NAT+keepalived模式
说明:NAT模式的话,两个lvs调度器分别需要两张网卡,一张用来连接内部web服务器,一张模拟外网,其他配置跟DR+keepalived模式一样,只需给两台lvs调度服务器分别添加一张网卡,在keepalived配置文件中再添加一个虚拟IP,将lvs模式从DR修改成NAT即可,具体操作步骤如下: (1)给两台lvs调度服务器添加一张网卡,跟第一张网卡不要在同一网段即可(此处省略),我添加网卡的网段如下: LVS1 
LVS2 
(2)其他要安装的包和需要关闭的东西和前面DR+keepalived模式一样(此处省略),唯一不同的是需要在两台LVS调度器上启用路由转发功能,具体操作如下:
echo "1" > /proc/sys/net/ipv4/ip_forward
(3)修改keepalived配置文件,大致内容与DR+keepalived模式一样,具体要修改的地方如下: LVS1
vi /etc/keepalived/keepalived.conf
......
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_type 1234
}
virtual_ipaddress {
172.16.102.100
}
}
# 再原来DR+keepalived模式的基础上添加一个虚拟IP
vrrp_instance VI_2 {
state MASTER
interface ens37 #指定接口为新添加的网卡
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_type 1234
}
virtual_ipaddress {
172.16.1.100
}
}
# 这一块将原来的172.16.102.100改为172.16.1.100,并将模式改为NAT,其他配置不变
virtual_server 172.16.1.100 80 {
delay_loop 15
lb_algo rr
lb_kind NAT #LVS工作模式
!persistence 60
protocol TCP
......
修改完之后重启服务
systemctl restart keepalived
LVS2修改的内容跟LVS1一样,修改完后重启服务(此处省略) (4)验证NAT+keepalived模式是否成功 
关掉LVS1上的keepalived服务,再次验证,看keepalived有没有成功
systemctl stop keepalived
虚拟IP成功漂到备份服务器上 
lvs负载正常跳转
