LVS+Keepalived群集
环境准备:
DR1 主:192.168.100.101---->CentOS 7-2
DR2 备:192.168.100.102---->CentOS 7-3
web1:192.168.100.111---->CentOS 7-4
web1:192.168.100.112---->CentOS 7-5
vip:192.168.100.10
客户机:192.168.100.10
提前准备在线yum源的软件安装:
CentOS 7-2:
[root@localhost ~]# yum install ipvsadm keepalived -y
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
//安装完成后验证有没有此主配置文件
CentOS 7-3:
[root@localhost ~]# yum install ipvsadm keepalived -y
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
//安装完成后验证有没有此主配置文件
CentOS 7-4:
[root@localhost ~]# yum install httpd -y
CentOS 7-5:
[root@localhost ~]# yum install httpd -y
将所有网卡改为仅主机模式,同时修改网卡配置文件:
**CentOS 7-2:**
[root@localhost keepalived]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BROWSER_ONLY="no"
BOOTPROTO="static" //改dhcp为static
......此处省略多行
ONBOOT="yes"
IPADDR=192.168.100.101 //在末行按o,在下行插入以下内容
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
//修改完成后输入:wq保存退出
[root@localhost keepalived]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost keepalived]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@localhost keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.101 netmask 255.255.255.0 broadcast 192.168.100.255
//确认下网卡是否修改完成
**CentOS 7-3:**
[root@localhost keepalived]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BROWSER_ONLY="no"
BOOTPROTO="static" //改dhcp为static
......此处省略多行
ONBOOT="yes"
IPADDR=192.168.100.102 //在末行按o,在下行插入以下内容
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
//修改完成后输入:wq保存退出
[root@localhost keepalived]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost keepalived]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@localhost keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.102 netmask 255.255.255.0 broadcast 192.168.100.255
//确认下网卡是否修改完成
//此时可以同网段内测试ping通,看地址是否生效:
[root@localhost keepalived]# ping 192.168.100.101
PING 192.168.100.101 (192.168.100.101) 56(84) bytes of data.
64 bytes from 192.168.100.101: icmp_seq=1 ttl=64 time=0.658 ms
64 bytes from 192.168.100.101: icmp_seq=2 ttl=64 time=1.21 ms
//此时两台调度主机相互连通
**CentOS 7-4:**
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BROWSER_ONLY="no"
BOOTPROTO="static" //改dhcp为static
......此处省略多行
ONBOOT="yes"
IPADDR=192.168.100.111 //在末行按o,在下行插入以下内容
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
//修改完成后输入:wq保存退出
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.111 netmask 255.255.255.0 broadcast 192.168.100.255
//确认下网卡是否修改完成
**CentOS 7-5:**
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BROWSER_ONLY="no"
BOOTPROTO="static" //改dhcp为static
......此处省略多行
ONBOOT="yes"
IPADDR=192.168.100.112 //在末行按o,在下行插入以下内容
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
//修改完成后输入:wq保存退出
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.112 netmask 255.255.255.0 broadcast 192.168.100.255
//确认下网卡是否修改完成
//此时可以同网段内测试ping通,看地址是否生效:
[root@localhost ~]# ping 192.168.100.111
PING 192.168.100.111 (192.168.100.111) 56(84) bytes of data.
64 bytes from 192.168.100.111: icmp_seq=1 ttl=64 time=0.913 ms
64 bytes from 192.168.100.111: icmp_seq=2 ttl=64 time=0.830 ms
//此时两台节点服务器相互连通
调度服务器CentOS 7-2上的修改:
[root@localhost keepalived]# vim /etc/sysctl.conf
//在末行下插入以下内容
net.ipv4.ip_forward=1 //开启路由转发功能
net.ipv4.conf.all.send_redirects = 0 //proc响应关闭重定向功能
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
//修改完成后输入:wq保存退出
[root@localhost keepalived]# sysctl -p //生效
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
创建虚拟网卡:
[root@localhost ens33]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
......此处省略多行
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0
//先按50dd删除所有内容,再插入以下内容
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
//修改完成后输入:wq保存退出
[root@localhost network-scripts]# ifup ens33:0 //启用虚拟网卡
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
ether 00:0c:29:c2:51:f6 txqueuelen 1000 (Ethernet)
//这个是到时候要用来做虚拟IP的,也是访问的入站口
[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.10
RIP1=192.168.100.111
RIP2=192.168.100.112
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting ---------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsadm stoped--------------------[ok]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped--------------"
exit 1
else
echo "ipvsadm Runing-----------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
;;
esac
exit 0
//修改完成后输入:wq保存退出
[root@localhost init.d]# chmod +x dr.sh
[root@localhost init.d]# service dr.sh start
ipvsadm starting ---------------------[ok]
[root@localhost init.d]# systemctl stop firewalld.service
[root@localhost init.d]# setenforce 0
节点服务器CentOS 7-4的操作:
[root@localhost ~]# rpm -q httpd
httpd-2.4.6-90.el7.centos.x86_64
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# echo "this is accp web" > index.html
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
//把不需要的都删除,然后做如下修改
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=yes
//修改完成后输入:wq保存退出
[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim web.sh
#!/bin/bash
VIP=192.168.100.10
case "$1" in
start)
/sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $VIP /dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0
//修改完成后输入:wq保存退出
[root@localhost init.d]# chmod +x web.sh
[root@localhost init.d]# service web.sh start
RealServer Start OK
[root@localhost init.d]# ifup lo:0
[root@localhost init.d]# ifconfig
lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.100.10 netmask 255.255.255.0
loop txqueuelen 1 (Local Loopback)
//此时以上内容显示虚拟网卡启用成功
[root@localhost init.d]# firefox "http://127.0.0.1" &
[1] 8587 //进程号随机
//火狐浏览器放在后台自动执行,进程为8587,浏览器会自动弹出,会显示我们之前写入的网页内容
重启脚本:
[root@localhost init.d]# service web.sh stop
SIOCDELRT: No such device
RealServer Stopd
[1]- 完成 firefox "http://127.0.0.1"
[2]+ 完成 firefox "http://127.0.0.1"
[root@localhost init.d]# service web.sh start
RealServer Start OK
此时第一台节点服务器配置完成!
节点服务器CentOS 7-5的操作:
[root@localhost ~]# rpm -q httpd
httpd-2.4.6-90.el7.centos.x86_64
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost html]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
//把不需要的都删除,然后做如下修改
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=yes
//修改完成后输入:wq保存退出
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# echo "this is benet web" > index.html
[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim web.sh
#!/bin/bash
VIP=192.168.100.10
case "$1" in
start)
/sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $VIP /dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0
//修改完成后输入:wq保存退出
[root@localhost init.d]# chmod +x web.sh
[root@localhost init.d]# service web.sh start
RealServer Start OK
[root@localhost init.d]# ifup lo:0
[root@localhost html]# firefox "http://127.0.0.1" &
[1] 8767 //进程号随机
//火狐浏览器放在后台自动执行,进程为8767,浏览器会自动弹出,会显示我们之前写入的网页内容
!
重启脚本:
[root@localhost init.d]# service web.sh stop
SIOCDELRT: No such device
RealServer Stopd
[1]+ 完成 firefox "http://127.0.0.1"
[root@localhost init.d]# service web.sh start
RealServer Start OK
使用win7-1客户机验证LVS:
将网卡设置为仅主机,并将网关ipv4绑定为静态地址:
C:\Users\zhou>ping 192.168.100.10
正在 Ping 192.168.100.10 具有 32 字节的数据:
来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.100.10 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.100.10 的回复: 字节=32 时间=1ms TTL=64
来自 192.168.100.10 的回复: 字节=32 时间=1ms TTL=64
192.168.100.10 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 1ms,平均 = 0ms
测试调度服务器CentOS 7-2与两台web服务器的联通:
[root@localhost init.d]# ping 192.168.100.111
PING 192.168.100.111 (192.168.100.111) 56(84) bytes of data.
64 bytes from 192.168.100.111: icmp_seq=1 ttl=64 time=0.433 ms
64 bytes from 192.168.100.111: icmp_seq=2 ttl=64 time=0.501 ms
64 bytes from 192.168.100.111: icmp_seq=3 ttl=64 time=1.10 ms
^C
--- 192.168.100.111 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.433/0.681/1.109/0.303 ms
[root@localhost init.d]# ping 192.168.100.112
PING 192.168.100.112 (192.168.100.112) 56(84) bytes of data.
64 bytes from 192.168.100.112: icmp_seq=1 ttl=64 time=0.885 ms
64 bytes from 192.168.100.112: icmp_seq=2 ttl=64 time=0.883 ms
64 bytes from 192.168.100.112: icmp_seq=3 ttl=64 time=0.973 ms
^C
--- 192.168.100.112 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.883/0.913/0.973/0.054 ms
//状态均为可达,说明配置无问题
此时在win7-1的浏览器中输入:http://192.168.100.10/会先显示this is benet web,再次刷新之后会显示this is accp web,此时说明LVS负载均衡成功!
调度服务器CentOS 7-2上keepalived的操作:
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# vim keepalived.conf
上部省略多行
smtp_server 127.0.0.1
router_id LVS_01 //改为LVS_01
vrrp_instance VI_1 {
......此处省略多行
auth_pass abc123 //密码改为后面的abc123
virtual_ipaddress {
192.168.100.10
virtual_server 192.168.100.10 80 { //虚拟地址加端口
delay_loop 6
lb_algo rr
lb_kind DR //此处改为DR
persistence_timeout 50
protocol TCP //此处修改为TCP
real_server 192.168.100.111 80 { //web1地址
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
//此处9yy在下行插入,然后修改IP即可
real_server 192.168.100.112 80 { //web2地址
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
//修改完成后输入:wq保存退出
[root@localhost keepalived]# systemctl start keepalived
//查看网卡状态
[root@localhost keepalived]# ip add show dev ens33:0
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:51:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.101/24 brd 192.168.100.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.100.10/32 brd 192.168.100.10 scope global ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::6a0c:e6a0:7978:3543/64 scope link
valid_lft forever preferred_lft forever
调度服务器CentOS 7-3上的修改:
[root@localhost keepalived]# systemctl stop firewalld.service
[root@localhost keepalived]# setenforce 0
[root@localhost keepalived]# vim /etc/sysctl.conf
//在末行下插入以下内容
net.ipv4.ip_forward=1 //开启路由转发功能
net.ipv4.conf.all.send_redirects = 0 //proc响应关闭重定向功能
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
//修改完成后输入:wq保存退出
[root@localhost keepalived]# sysctl -p //生效
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost keepalived]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
**创建虚拟网卡:**
[root@localhost ens33]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
......此处省略多行
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0
//先按50dd删除所有内容,再插入以下内容
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
//修改完成后输入:wq保存退出
[root@localhost network-scripts]# ifup ens33:0 //启用虚拟网卡
ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Error, some other host (00:0C:29:C2:51:F6) already uses address 192.168.100.10.
//此时会报错,只要我们重启网络服务就可以再次启动虚拟网卡了
[root@localhost network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@localhost network-scripts]# ifup ens33:0
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.10 netmask 255.255.255.0 broadcast 192.168.100.255
ether 00:0c:29:c2:51:f6 txqueuelen 1000 (Ethernet)
//这个是到时候要用来做虚拟IP的,也是访问的入站口
[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim dr.sh
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.10
RIP1=192.168.100.111
RIP2=192.168.100.112
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting ---------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsadm stoped--------------------[ok]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped--------------"
exit 1
else
echo "ipvsadm Runing-----------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
;;
esac
exit 0
//修改完成后输入:wq保存退出
[root@localhost init.d]# chmod +x dr.sh
[root@localhost init.d]# service dr.sh start
ipvsadm starting ---------------------[ok]
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
smtp_server 127.0.0.1· //自身的
router_id LVS_02 //序号写02
vrrp_skip_check_adv_addr
interface eth0
virtual_router_id 10 //id改为10
priority 99 //优先级为100以下
advert_int 1
authentication {
auth_type PASS
auth_pass abc123 //修改密码
virtual_ipaddress {
192.168.100.10 //删除另外三行,修改IP
virtual_server 192.168.100.10 80 { //修改IP和端口
delay_loop 6
lb_algo rr
lb_kind DR //NAT改为DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.111 80 { //web1地址
weight 1
TCP_CHECK { //下面的内容8dd删除8行
connect_port 80 //添加这行
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
//此处9yy在下行插入,然后修改IP即可
real_server 192.168.100.112 80 { //web2地址
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
//修改完成后输入:wq保存退出
[root@localhost keepalived]# systemctl start keepalived