一、 环境准备
主机名 |
Ip地址 |
系统版本 |
ha1 |
192.168.138.13 |
Centos7.3 |
ha2 |
192.168.138.14 |
Centos7.3 |
Rs1 |
192.168.138.15 |
Centos7.3 |
Rs2 |
192.168.138.16 |
Centos7.3 |
测试机器 |
192.168.138.17 |
Ubuntu |
- 关闭防火墙和selinux
- 时间同步
- 更改主机名
[root@localhost ~]# cat >> /etc/hosts << EOF
> 192.168.138.13 ha1
> 192.168.138.14 ha2
> 192.168.138.15 rs1
> 192.168.138.16 rs2
> EOF
重启之后才生效
当前生效: [root@localhost ~]# hostnamectl set-hostname ha1
- 在ha1和ha2 上安装 lvs,keepalived
#yum install ipvsadm keepalived –y
- 在rs1和rs2上安装httpd
#yum install httpd –y
二、 配置realserver(rs1,rs2上操作)
1.配置web测试主页
[root@rs1 ~]# echo "web5 test page! " >> /var/www/html/index.html
[root@rs2 ~]# echo "web6 test page! " >> /var/www/html/index.html
2.启动并设开机自启动
[root@rs1 ~]# systemctl start httpd
[root@rs1 ~]# systemctl eable httpd
3.测试访问web页面
[root@rs1 ~]# curl http://192.168.138.15
[root@rs2 ~]# curl http://192.168.138.16
4.rs端arp抑制(DR 模式)
如果不抑制, 广播消息会通过物理网卡到达真实服务器,而真实服务器上有VIP,所以,会响应此请求
抑制后,前端路由将请求发往VIP时,只能是Dirctor上的VIP
解决方法:修改Linux内核参数,将RS上的VIP配置为lo接口的别名,限制Linux仅对对应接口的ARP请求做响应
手动:
#Vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
脚本(自动):
[root@rs1 ~]# vim /etc/init.d/lvs_rs
#!/bin/sh
# Startup script handle the initialisation of LVS
# chkconfig: - 28 72
# description: Initialise the Linux Virtual Server for DR
#
### BEGIN INIT INFO
# Provides: ipvsadm
# Required-Start: $local_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: Initialise the Linux Virtual Server
# Description: The Linux Virtual Server is a highly scalable and highly
# available server built on a cluster of real servers, with the load
# balancer running on Linux.
# description: start LVS of DR-RIP
LOCK=/var/lock/ipvsadm.lock
VIP=192.168.138.10
. /etc/rc.d/init.d/functions
start() {
PID=`ifconfig | grep lo:10 | wc -l`
if [ $PID -ne 0 ];
then
echo "The LVS-DR-RIP Server is already running !"
else
/sbin/ifconfig lo:10 $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev lo:10
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore # 1– 只回答目标IP地址是来访网络接口本地地址的ARP查询请求
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce # 2-限制了使用本地的vip地址作为优先的网络接口
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
/bin/touch $LOCK
echo "starting LVS-DR-RIP server is ok !"
fi
}
stop() {
/sbin/route del -host $VIP dev lo:10
/sbin/ifconfig lo:10 down >/dev/null
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
rm -rf $LOCK
echo "stopping LVS-DR-RIP server is ok !"
}
status() {
if [ -e $LOCK ];
then
echo "The LVS-DR-RIP Server is already running !"
else
echo "The LVS-DR-RIP Server is not running !"
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $1 {start|stop|restart|status}"
exit 1
esac
exit 0
增加执行权限
[root@rs1 ~]# chmod +x /etc/init.d/lvs_rs
添加为系统服务
[root@rs1 ~]# chkconfig --add lvs_rs
设置为开机自启动
[root@rs1 ~]# chkconfig lvs_rs on
启动
[root@rs1 ~]# systemctl start lvs_rs
查看状态
[root@rs1 ~]# systemctl status lvs_rs
查看vip 是否绑定
[root@rs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.138.10/32 brd 192.168.138.10 scope global lo:10
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a6:ca:72 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.15/24 brd 192.168.138.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea6:ca72/64 scope link
valid_lft forever preferred_lft forever
三、 配置keepalived
[root@ha1 ~]# cd /etc/keepalived/
[root@ha1 keepalived]# ls
keepalived.conf
备份
[root@ha1 keepalived]# cp keepalived.conf{,.bak}
配置 /etc/keepalived/keepalived.conf 文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 { //实例配置
state MASTER //MASTER或BACKUP
interface ens33 //网卡接口
lvs_sync_daemon_interface ens33
virtual_router_id 51 //虚拟路由id
priority //优先级
advert_int 1
authentication { //认证
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //虚拟ip地址
192.168.138.10
}
}
virtual_server 192.168.138.10 80 {
delay_loop 6 //定义RS运行情况监测时间间隔
lb_algo wrr //定义负载调度算法
lb_kind DR //定义LVS的工作模式
nat_mask 255.255.255.0 //定义虚拟服务的mask
# persistence_timeout 300 //定义会话保持时间,S为单位
protocol TCP //指定转发协议
real_server 192.168.138.15 80 { //真实服务器IP地址和端口
weight 1 //定义RS的权重
TCP_CHECK { //RS server健康检查部分
connect_timeout 8 //连接超时
nb_get_retry 3 //定义重试次数
delay_before_retry 3 //定义重试时间间隔
connect_port 80 //定义健康检查端口
}
}
real_server 192.168.138.16 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@ha1 keepalived]# systemctl start keepalived
查看VIP是否添加成功
[root@ha1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:7f:09:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.138.13/24 brd 192.168.138.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.138.10/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7f:912/64 scope link
valid_lft forever preferred_lft forever
查看lvs配置是否成功
[root@ha1 keepalived]# ipvsadm -ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.138.10:80 0 0 0 0 0
-> 192.168.138.15:80 0 0 0 0 0
-> 192.168.138.16:80 0 0 0 0 0
四、测试
1.测试lvs功能
root@chengchen-virtual-machine:~# for ((i=1;i<=10;i++)); do curl http://192.168.138.10; done
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!
web6 test page!
web5 test page!