一、实验环境
[root@node1 ~]# uname -r 3.10.0-862.el7.x86_64 [root@node1 ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) lvs+keepalived master:inode1: 192.168.31.101 lvs+keepalived backup:inode2: 192.168.31.102 nginx01:inode3:192.168.31.103----页面信息 www.ywx3.com nginx02:inode4:192.168.31.104----页面信息 www.ywx4.com VIP:192.168.31.111
二、LVS+Keepalived+nginx的部署
1、nginx部署
nginx01(inode3)和nginx02(inode4)
yum install -y nginx systemctl nginx start #nginx01的页面信息 echo 'www.ywx3.com' > /usr/local/nginx/html/index.html #nginx02的页面信息 echo 'www.ywx4.com' > /usr/local/nginx/html/index.html
[root@node3 ~]# curl 192.168.31.103 www.ywx3.com [root@node4 ~]# curl 192.168.31.104 www.ywx4.com
2、部署lvs+keepalived
inode1和inode2
yum install -y ipvsadm keepalived
3、编写lvs+keepalived的配置文件
lvs+keepalived master
! Configuration File for keepalived global_defs { notification_email { yaowangxi@163.com } notification_email_from yaowangxi@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_Keepalived_Master } # VIP1 vrrp_instance VI_1 { state MASTER interface ens160 lvs_sync_daemon_inteface ens160 virtual_router_id 51 priority 100 advert_int 5 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.31.111 } } virtual_server 192.168.31.111 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 60 protocol TCP real_server 192.168.31.103 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.31.104 80 { weight 100 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
lvs+keepalived backup
! Configuration File for keepalived global_defs { notification_email { yaowangxi@163.com } notification_email_from yaowangxi@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_Keepalived_Backup } # VIP1 vrrp_instance VI_1 { state BACKUP interface ens160 lvs_sync_daemon_inteface ens160 virtual_router_id 51 priority 90 advert_int 5 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.31.111 } } virtual_server 192.168.31.111 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 60 protocol TCP real_server 192.168.31.103 80 { weight 1 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.31.104 80 { weight 1 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
4、配置nginx01和nginx02上的VIP并抑制arp广播
配置VIP,nginx01(inode3)和nginx02(inode4)操作一样
cd /etc/sysconfig/network-scripts/ cp cp ifcfg-lo ifcfg-lo:0 vim ifcfg-lo:0 DEVICE=lo:0 IPADDR=192.168.31.111 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback ifup ifcfg-lo:0
nginx01(inode3) [root@node3 network-scripts]# ifconfig|sed -n '/lo:0/,$p' lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 192.168.31.111 netmask 255.255.255.255 loop txqueuelen 1000 (Local Loopback) nginx02(inode4) [root@node4 network-scripts]# ifconfig|sed -n '/lo:0/,$p' lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 192.168.31.111 netmask 255.255.255.255 loop txqueuelen 1000 (Local Loopback)
配置arp抑制nginx01(inode3)和nginx02(inode4)操作一样
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
5、启动keepalived
lvs+keepalived master(inode1)和lvs+keepalived backup(inode2)
systemctl start keepalived
6、查看VIP地址
VIP地址在inode1上 [root@node1 ~]# ip addr list|grep -w "192.168.31.111" inet 192.168.31.111/32 scope global ens160
7、查看ipvsadm并访问vip
在inode1上查看 [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.31.111:80 rr persistent 60 -> 192.168.31.103:80 Route 100 0 0 -> 192.168.31.104:80 Route 100 0 0
[root@node3 network-scripts]# curl 192.168.31.111 www.ywx3.com [root@node4 network-scripts]# curl 192.168.31.111 www.ywx4.com
8、关闭nginx01,查看ipvsadm(inode1上)
inode3 [root@node3 ~]# nginx -s stop [root@node3 ~]# ps -ef |grep 'nginx' root 17695 17147 0 08:05 pts/0 00:00:00 grep --color=auto nginx inode1 [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.31.111:80 rr persistent 60 -> 192.168.31.104:80 Route 100 0 1 #RS nginx01(inode3)192.168.31.103已经被移除
9、恢复nginx01,inode3会自动添加进ipvsadm
nginx01(inode3) [root@node3 ~]# nginx [root@node3 ~]# ps -ef |grep 'nginx' root 17699 1 0 08:07 ? 00:00:00 nginx: master process nginx nginx 17700 17699 0 08:07 ? 00:00:00 nginx: worker process root 17702 17147 0 08:07 pts/0 00:00:00 grep --color=auto nginx inode1 [root@node1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.31.111:80 rr persistent 60 -> 192.168.31.103:80 Route 1 0 0 -> 192.168.31.104:80 Route 100 0 0
10、关闭inode1的keepalived,VIP会自动漂移到inode2上
inode1 [root@node1 ~]# ip addr list|grep -w '192.168.31.111' inet 192.168.31.111/32 scope global ens160 [root@node1 ~]# systemctl stop keepalived [root@node1 ~]# ip addr list|grep -w '192.168.31.111' [root@node1 ~]# inode2 [root@node2 ~]# ip addr list|grep -w '192.168.31.111' inet 192.168.31.111/32 scope global ens160 [root@node2 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.31.111:80 rr persistent 60 -> 192.168.31.103:80 Route 1 0 0 -> 192.168.31.104:80 Route 1 0 0
三、lvs+keepalived的配置文件解析
#keepalived部分 global_defs { notification_email { yaowangxi@163.com } notification_email_from 441520481@qq.com smtp_server 192.168.80.1 smtp_connection_timeout 30 router_id LVS_DEVEL # 设置lvs的id,在一个网络内应该是唯一的 } vrrp_instance VI_1 { state MASTER #指定Keepalived的角色,MASTER为主,BACKUP为备 记得大写 interface eno160 #网卡id 不同的电脑网卡id会有区别 可以使用:ip a查看 virtual_router_id 51 #虚拟路由编号,主备要一致 priority 100 #定义优先级,数字越大,优先级越高,主DR必须大于备用DR advert_int 1 #检查间隔,默认为1s authentication { #这里配置的密码最多为8位,主备要一致,否则无法正常通讯 auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.31.111 #定义虚拟IP(VIP)为192.168.31.111,可多设,每行一个 } } #LVS部分 # 定义对外提供服务的LVS的VIP以及port virtual_server 192.168.31.111 80 { delay_loop 6 # 设置健康检查时间,单位是秒 lb_algo rr # 设置负载调度的算法为wlc lb_kind DR # 设置LVS实现负载的机制,有NAT、TUN、DR三个模式 nat_mask 255.255.255.0 persistence_timeout 0 protocol TCP real_server 192.168.31.103 80 { # 指定real server1的IP地址 weight 1 # 配置节点权值,数字越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.31.104 80 { # 指定real server2的IP地址 weight 1 # 配置节点权值,数字越大权重越高 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
四、realserver脚本文件
#虚拟的vip 根据自己的实际情况定义 SNS_VIP=192.168.31.111 /etc/rc.d/init.d/functions case "$1" in start) ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP /sbin/route add -host $SNS_VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) ifconfig lo:0 down route del $SNS_VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0