参考链接
https://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html
https://yq.aliyun.com/articles/38538
vmware虚拟出4台主机,LVS服务器两张网卡,一桥接模式,一张仅主机模式,两台服务器都为仅主机模式。
LVS_master的桥接网卡ip 为192.168.1.196,内网ip:10.0.0.49。
lvs-backup:外网192.168.1.197,内网为::10.0.0.52。
两台web服务器的ip为10.0.0.51,10.0.0.52.
虚拟IP为192.168.1.198,虚拟网关为10.0.0.100
系统版本:CentOS Linux release 7.3.1611 (Core)
拓扑图:
【1】安装ipvsadm和keepalived
在LVS_master和LVS_backup两台机器上安装ipvsadm和keepalived
[root@localhost ~]# yum install -y ipvsadm[root@localhost ~]# yum install -y keepalived【2】配置主从LVS服务器
a,开户路由转发功能
[root@localhost ~]# vim /etc/sysctl.conf # sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1注意:删除配置文件中的 vrrp_strict,否则会导致不能ping能虚拟出来的VIP和虚拟网关,导致访问服务失败。
b,lvs_master keepalived配置文件
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_MASTERvrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.1.198}
}vrrp_instance LAN_GATEWAY {state MASTERinterface ens37virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 111}virtual_ipaddress {10.0.0.100}
}virtual_server 192.168.1.198 80 {delay_loop 6lb_algo rrlb_kind NAT
# persistence_timeout 50protocol TCPreal_server 10.0.0.51 80 {weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 80}}real_server 10.0.0.52 80 {weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 80}}
}
c,lvs_backup keepalived配置文件
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_BACKvrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.1.198}
}vrrp_instance LAN_GATEWAY {state BACKUPinterface ens37virtual_router_id 52priority 80advert_int 1authentication {auth_type PASSauth_pass 111}virtual_ipaddress {10.0.0.100}
}virtual_server 192.168.1.198 80 {delay_loop 6lb_algo rrlb_kind NAT
# persistence_timeout 50protocol TCPreal_server 10.0.0.51 80 {weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 80}}real_server 10.0.0.52 80 {weight 1TCP_CHECK {connect_timeout 3nb_get_retry 3delay_before_retry 3connect_port 80}}
}d,在两台LVS上运行keepalived服务
[root@localhost ~]# systemctl start keepalivede,配置两台WEB服务
将两台WEB服务器的网关设置成10.0.0.100.
配置WEB服务略。内容不一样即可,只做简单测试。
【3】结果
a,从局域网中的一台机器ping VIP 192.168.1.198可以ping通。
b,在LVS_master查看
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr-> 10.0.0.51:80 Masq 1 0 0 -> 10.0.0.52:80 Masq 1 0 0 c,ens33 有VIP,ens37下有虚拟网关
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:76:4b:2d brd ff:ff:ff:ff:ff:ffinet 192.168.1.196/24 brd 192.168.1.255 scope global ens33valid_lft forever preferred_lft foreverinet 192.168.1.198/32 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe76:4b2d/64 scope link valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:76:4b:37 brd ff:ff:ff:ff:ff:ffinet 10.0.0.49/24 brd 10.0.0.255 scope global ens37valid_lft forever preferred_lft foreverinet 10.0.0.100/32 scope global ens37valid_lft forever preferred_lft foreverinet6 fe80::3dcf:cdc5:fb91:b4a4/64 scope link valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ffd,在WEB1中ping 虚拟网关可以ping通
[root@localhost keepalived]# ping 10.0.0.100
PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.
64 bytes from 10.0.0.100: icmp_seq=1 ttl=64 time=0.353 ms
64 bytes from 10.0.0.100: icmp_seq=2 ttl=64 time=0.325 ms
64 bytes from 10.0.0.100: icmp_seq=3 ttl=64 time=0.390 ms
64 bytes from 10.0.0.100: icmp_seq=4 ttl=64 time=0.554 ms
64 bytes from 10.0.0.100: icmp_seq=5 ttl=64 time=0.354 mse,在LVS_master,使用curl验证
[root@localhost ~]# curl 192.168.1.198
rs1rs1
[root@localhost ~]# curl 192.168.1.198
rs2rs2f,在局域网中验证
【3】热备验证
1,关闭LVS_master
[root@localhost ~]# shutdown -h now2,在LVS_backup查看
VIP和虚拟网关自动绑定到LVS_backup上
[root@localhost keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8a:7a:01 brd ff:ff:ff:ff:ff:ffinet 192.168.1.197/24 brd 192.168.1.255 scope global ens33valid_lft forever preferred_lft foreverinet 192.168.1.198/32 scope global ens33valid_lft forever preferred_lft foreverinet6 fe80::8209:4d1d:a7e4:8658/64 scope link valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8a:7a:0b brd ff:ff:ff:ff:ff:ffinet 10.0.0.50/24 brd 10.0.0.255 scope global ens37valid_lft forever preferred_lft foreverinet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic ens37valid_lft 1432sec preferred_lft 1432secinet 10.0.0.100/32 scope global ens37valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe8a:7a0b/64 scope link valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000link/ether 52:54:00:73:41:3c brd ff:ff:ff:ff:ff:ff[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr-> 10.0.0.51:80 Masq 1 0 1 -> 10.0.0.52:80 Masq 1 0 1 局域网上机器仍能正常访问
关闭WEB1中的web服务
[root@localhost ~]# systemctl stop nginx集群中服务只剩下WEB2了。
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr-> 10.0.0.52:80 Masq 1 0 开启WEB1中的web服务
[root@localhost ~]# systemctl start nginx集群中服务又恢复正常
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.198:80 rr-> 10.0.0.51:80 Masq 1 0 0 -> 10.0.0.52:80 Masq 1 0 0