十九、LVS简述与keepalived高可用
一.简述lvs四种集群特点及使用场景。
1.LVS的NAT模式
lvs-nat:本质是多目标IP的DNAT,通过将请求报文中的目标地址和目标端口修改为某挑出的RS的RIP和
PORT实现转发
(1)RIP和DIP应在同一个IP网络,且应使用私网地址;RS的网关要指向DIP
(2)请求报文和响应报文都必须经由Director转发,Director易于成为系统瓶颈
(3)支持端口映射,可修改请求报文的目标PORT
(4)VS必须是Linux系统,RS可以是任意OS系统
2.LVS的DR模式
LVS-DR:Direct Routing,直接路由,LVS默认模式,应用最广泛,通过为请求报文重新封装一个MAC首部进行转发,源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目标IP/PORT均保持不变。
DR模式的特点:
(1)Director和各RS都配置有VIP
(2)确保前端路由器将目标IP为VIP的请求报文发往Director
在前端网关做静态绑定VIP和Director的MAC地址
在RS上使用arptables工具
在RS上修改内核参数以限制arp通告及应答级别
(3)RS的RIP可以使用私网地址,也可以是公网地址;RIP与DIP在同一IP网络;RIP的网关不能指向DIP,以确保响应报文不会经由Director
(4)RS和Director要在同一个物理网络
(5)请求报文要经由Director,但响应报文不经由Director,而由RS直接发往Client
(6)不支持端口映射(端口不能修败)
(7)RS可使用大多数OS系统
3.LVS的TUN模式
转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS;RS直接响应给客户端(源IP是VIP,目标IP是CIP)
TUN模式特点:
(1)DIP, VIP, RIP可以是公网地址
(2)RS的网关一般不能指向DIP
(3)请求报文要经由Director,但响应不经由Director
(4)不支持端口映射
(5)RS的OS须支持隧道功能
4.LVS的FULLNAT模式
fullnat模式特点:
(1)VIP是公网地址,RIP和DIP是私网地址,且通常不在同一IP网络;因此,RIP的网关一般不会指向DIP
(2)RS收到的请求报文源地址是DIP,因此,只需响应给DIP;但Director还要将其发往Client
(3)请求和响应报文都经由Director
(4)相对NATi模式,可以更好的实现LVS-RealServer间跨VLAN通讯
(5)支持端口映射
注意:此类型kernel默认不支持。
二.描述LVS-DR工作原理,并配置实现。
1.LVS-DR工作原理
LVS-DR:Direct Routing,直接路由,LVS默认模式,应用最广泛,通过为请求报文重新封装一个MAC首部进行转发,源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目标IP/PORT均保持不变。
2.配置环境
环境:五台主机,所有主机禁用iptables和SELinux
一台:客户端 eth0:仅主机 192.168.0.6/24 GW:192.168.0.200
一台:ROUTER
eth0 :NAT 10.0.0.200/24
eth1: 仅主机 192.168.0.200/24
启用 IP_FORWARD
一台:LVS
eth0:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
两台RS:
RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200
3.Internet主机环境配置
[root@internet ~]# hostname
internet
[root@internet ~]# hostname -I
192.168.0.6
[root@internet ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.0.200 0.0.0.0 UG 0 0 0 eth0
[root@internet ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:23:41:33
TYPE=Ethernet
UUID=cc862482-de30-4de4-9c37-f9e211a5d4ed
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.0.6
PREFIX=24
GATEWAY=192.168.0.200
[root@internet ~]# ping 192.168.0.200 -c1
PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
64 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.324 ms
--- 192.168.0.200 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
[root@internet ~]# ping 10.0.0.7 -c1
PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.
64 bytes from 10.0.0.7: icmp_seq=1 ttl=63 time=0.392 ms
--- 10.0.0.7 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.392/0.392/0.392/0.000 ms
[root@internet ~]# ping 10.0.0.17 -c1
PING 10.0.0.17 (10.0.0.17) 56(84) bytes of data.
64 bytes from 10.0.0.17: icmp_seq=1 ttl=63 time=2.31 ms
--- 10.0.0.17 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.313/2.313/2.313/0.000 ms
4.Router网络配置
[root@router ~]# hostname
router
[root@router ~]# hostname -I
10.0.0.200 192.168.0.200
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=10.0.0.200
PREFIX=24
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR=192.168.0.200
PREFIX=24
[root@router ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
5.RS1网络配置
[root@rs1 ~]# hostname
rs1.magedu.org
[root@rs1 ~]# hostname -I
10.0.0.7
[root@rs1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=10.0.0.7
PREFIX=24
GATEWAY=10.0.0.200
[root@rs1 ~]# ip route list
default via 10.0.0.200 dev ens33 proto static metric 100
10.0.0.0/24 dev ens33 proto kernel scope link src 10.0.0.7 metric 100
[root@rs1 ~]# dnf -y install httpd
[root@rs1 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@rs1 ~]# hostname -I > /var/www/html/index.html
[root@rs1 ~]# curl 10.0.0.7
10.0.0.7
6.RS2网络配置
[root@rs2 ~]# hostname
rs2.magedu.org
[root@rs2 ~]# hostname -I
10.0.0.17
[root@rs2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.200
[root@rs2 ~]# ip route list
default via 10.0.0.200 dev ens33 proto static metric 100
10.0.0.0/24 dev ens33 proto kernel scope link src 10.0.0.17 metric 100
[root@rs2 ~]# dnf -y install httpd
[root@rs2 ~]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@rs2 ~]# hostname -I > /var/www/html/index.html
[root@rs2 ~]# curl 10.0.0.17
10.0.0.17
[root@rs2 ~]# ping 192.168.0.6 -c1
PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.
64 bytes from 192.168.0.6: icmp_seq=1 ttl=128 time=0.985 ms
--- 192.168.0.6 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.985/0.985/0.985/0.000 ms
7.LVS网络配置
[root@lvs ~]# hostname
lvs.magedu.org
[root@lvs ~]# hostname -I
10.0.0.8
[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
[root@lvs ~]# ip route list
default via 10.0.0.200 dev ens33 proto static metric 100
10.0.0.0/24 dev ens33 proto kernel scope link src 10.0.0.8 metric 100
[root@lvs ~]# ping 192.168.0.6 -c1
PING 192.168.0.6 (192.168.0.6) 56(84) bytes of data.
64 bytes from 192.168.0.6: icmp_seq=1 ttl=128 time=0.568 ms
--- 192.168.0.6 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.568/0.568/0.568/0.000 ms
8.RS1的IPVS配置
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs1 ~]# ip addr add 10.0.0.100/32 dev lo:1
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:90:6a:33 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
9.RS2的IPVS配置
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs2 ~]# ip addr add 10.0.0.100/32 dev lo:1
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:d2:e5:0d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
10.LVS主机配置
[root@lvs ~]# ip addr add 10.0.0.100/32 dev lo:1
[root@lvs ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:7d:27:9a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7d:279a/64 scope link
valid_lft forever preferred_lft forever
[root@lvs ~]# dnf -y install ipvsadm
[root@lvs ~]# ipvsadm -A -t 10.0.0.100:80 -s rr
[root@lvs ~]# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.7:80 -g
[root@lvs ~]# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.17:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.7:80 Route 1 0 0
-> 10.0.0.17:80 Route 1 0 0
11.测试访问
[root@internet ~]# curl 10.0.0.100
10.0.0.17
[root@internet ~]# curl 10.0.0.100
10.0.0.7
[root@rs1 ~]# tail -f /var/log/httpd/access_log -n0
192.168.0.6 - - [22/Jul/2021:14:45:31 +0800] "GET / HTTP/1.1" 200 10 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
三.实现LVS+Keepalived高可用。
1.环境
环境:六台主机,所有主机禁用iptables和SELinux
一台:客户端 eth0:仅主机 192.168.0.6/24 GW:192.168.0.200
一台:ROUTER
eth0 :NAT 10.0.0.200/24
eth1: 仅主机 192.168.0.200/24
启用 IP_FORWARD
两台:Keepalived
KA1:ens33:NAT:DIP:10.0.0.8/24 GW:10.0.0.200
KA2:ens33:NAT:DIP:10.0.0.18/24 GW:10.0.0.200
两台RS:
RS1:eth0:NAT:10.0.0.7/24 GW:10.0.0.200
RS2:eth0:NAT:10.0.0.17/24 GW:10.0.0.200
2.Internet主机环境配置
[root@internet ~]# hostname
internet
[root@internet ~]# hostname -I
192.168.0.6
[root@internet ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.0.200 0.0.0.0 UG 0 0 0 eth0
[root@internet ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:23:41:33
TYPE=Ethernet
UUID=cc862482-de30-4de4-9c37-f9e211a5d4ed
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.0.6
PREFIX=24
GATEWAY=192.168.0.200
[root@internet ~]# ping 192.168.0.200 -c1
PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
64 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.324 ms
--- 192.168.0.200 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
[root@internet ~]# ping 10.0.0.7 -c1
PING 10.0.0.7 (10.0.0.7) 56(84) bytes of data.
64 bytes from 10.0.0.7: icmp_seq=1 ttl=63 time=0.392 ms
--- 10.0.0.7 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.392/0.392/0.392/0.000 ms
[root@internet ~]# ping 10.0.0.17 -c1
PING 10.0.0.17 (10.0.0.17) 56(84) bytes of data.
64 bytes from 10.0.0.17: icmp_seq=1 ttl=63 time=2.31 ms
--- 10.0.0.17 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.313/2.313/2.313/0.000 ms
3.Router网络配置
[root@router ~]# hostname
router
[root@router ~]# hostname -I
10.0.0.200 192.168.0.200
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=10.0.0.200
PREFIX=24
[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR=192.168.0.200
PREFIX=24
[root@router ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@router ~]# sysctl -p
net.ipv4.ip_forward = 1
5.KA1和KA2服务器环境准备配置
[root@ka1 ~]# hostname
ka1
[root@ka1 ~]# hostname -I
10.0.0.8 10.0.0.100
[root@ka1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=10.0.0.8
PREFIX=24
GATEWAY=10.0.0.200
[root@ka1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:DRMkd+pc7QQq5U60oJXc7SMPWNGk/YKGoEbOJ6GBQeY root@ka1
The key's randomart image is:
+---[RSA 3072]----+
|oo .++B=+ |
|+. ooBoOoo |
|oEo o .oX.o o |
| * o ..Bo*o+ |
|. * . . S+o.o |
| . o . .. |
| |
| |
| |
+----[SHA256]-----+
[root@ka1 ~]# ssh-copy-id 10.0.0.18
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.18 (10.0.0.18)' can't be established.
ECDSA key fingerprint is SHA256:k9AY1O0h/0rZ/CgtlSCzA4Ckon9UO8scYDhceU6Yxu8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.18's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.18'"
and check to make sure that only the key(s) you wanted were added.
[root@ka1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.8 ka1
10.0.0.18 ka2
[root@ka1 ~]# scp /etc/hosts ka2:/etc/hosts
The authenticity of host 'ka2 (10.0.0.18)' can't be established.
ECDSA key fingerprint is SHA256:k9AY1O0h/0rZ/CgtlSCzA4Ckon9UO8scYDhceU6Yxu8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ka2' (ECDSA) to the list of known hosts.
hosts 100% 185 76.2KB/s 00:00
[root@ka2 ~]# hostname
ka2
[root@ka2 ~]# hostname -I
10.0.0.18
[root@ka2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="ens33"
UUID="75c752d1-c219-4a56-bdea-e606599c9ed4"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=10.0.0.18
PREFIX=24
GATEWAY=10.0.0.200
[root@ka2 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dqJD+XtK2r3mhnu+wjo+0u7NsgY4otAbnas8BpiK+38 root@ka2
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| |
| . |
|.o o .o S . |
|* = +. + o |
|=o + +o.o. |
|+.+ o EB+o= |
|.+++.BB*B@*o |
+----[SHA256]-----+
[root@ka2 ~]# ssh-copy-id 10.0.0.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.8 (10.0.0.8)' can't be established.
ECDSA key fingerprint is SHA256:k9AY1O0h/0rZ/CgtlSCzA4Ckon9UO8scYDhceU6Yxu8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.8'"
and check to make sure that only the key(s) you wanted were added.
[root@ka2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.8 ka1
10.0.0.18 ka2
6.KA1服务器配置
##安装keepalived
[root@ka1 ~]# dnf -y install keepalived
##配置log日志
[root@ka1 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@ka1 ~]# vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
[root@ka1 ~]# systemctl restart rsyslog keepalived
##配置keepalived.conf
[root@ka1 ~]# cd /etc/keepalived/
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:1
}
}
virtual_server 10.0.0.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.7 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
7.KA2服务器配置
##安装keepalived
[root@ka2 ~]# dnf -y install keepalived
##配置log日志
[root@ka2 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@ka2 ~]# vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
[root@ka2 ~]# systemctl restart rsyslog keepalived
#配置keepalived.conf
[root@ka2 ~]# cd /etc/keepalived/
[root@ka2 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100/24 dev ens33 label ens33:1
}
}
virtual_server 10.0.0.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.7 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.17 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
8.RS1的IPVS配置
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs1 ~]# ip addr add 10.0.0.100/32 dev lo:1
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:90:6a:33 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
9.RS2的IPVS配置
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@rs2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@rs2 ~]# ip addr add 10.0.0.100/32 dev lo:1
[root@rs2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:d2:e5:0d brd ff:ff:ff:ff:ff:ff
inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
10.测试
[root@internet ~]# while : ;do curl 10.0.0.100 ;sleep 0.5;done
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
[root@ka1 ~]# systemctl stop keepalived
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@ka2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:60:01:58 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.18/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.0.0.100/24 scope global secondary ens33:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe60:158/64 scope link
valid_lft forever preferred_lft forever
[root@internet ~]# while : ;do curl 10.0.0.100 ;sleep 0.5;done
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
[root@ka1 ~]# echo Sorry Server1 > /var/www/html/index.html
[root@ka1 ~]# systemctl start httpd
[root@ka2 ~]# echo Sorry Server2 > /var/www/html/index.html
[root@ka2 ~]# systemctl start httpd
[root@rs1 ~]# systemctl stop httpd
[root@rs2 ~]# systemctl stop httpd
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 127.0.0.1:80 Route 1 0 12
[root@internet ~]# while : ;do curl 10.0.0.100 ;sleep 0.5;done
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
Sorry Server1
[root@ka1 ~]# systemctl stop keepalived
[root@internet ~]# while : ;do curl 10.0.0.100 ;sleep 0.5;done
Sorry Server2
Sorry Server2
Sorry Server2
Sorry Server2
Sorry Server2
Sorry Server2
Sorry Server2
Sorry Server2