LVS负载均衡之DR+KeepAlived双机热备实验
1、项目需求:四台节点+一台客户机
【1-2】DR负载均衡调度器两台,一主一备
192.168.60.80
192.168.60.90
【3-4】web网站服务器两台
192.168.60.50
192.168.60.70
【5】客户机作为访问虚拟地址
192.168.60.250
2、架构部署过程
再部署之前关闭所有服务器的防火防护
systemctl stop firewalld
setenforce 0
【1】DR负载均衡器配置(两台一模一样之配置)
yum install -y keepalived ipvsadm
vim /etc/sysctl.conf
#开启路由功能
net.ipv4.ip_forward=1
#proc响应关闭重定向功能
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.ens33.send_redirects=0
sysctl -p //生效命令
——————————————————————
添加虚拟网卡
cp ifcfg-ens33 ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.60.250
NETMASK=255.255.255.0
ifup ens33:0
————————————————————————
DR启动脚本
cd /etc/init.d/
vim dr.sh
#!/bin/bash
GW=192.168.60.1
VIP=192.168.60.250
WEB1IP=192.168.60.50
WEB2IP=192.168.60.70
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.0 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $WEB1IP:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $WEB2IP:80 -g
echo "ipvsadm starting .................[OK]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route delete $VIP
echo "ipvsadm stoped ............[OK]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped"
exit 1
else
echo "ipvsadm running"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
——————————————————————————
chmod +x /etc/init.d/dr.sh
ifconfig //查看IP地址是否存在,如果不存在使用
systemctl start NetworkManager
//开启成功之后关闭NetworkManager功能
systemctl restart network
service dr.sh start
【2】Apache服务器配置(两台都一样,不同的会指出)
yum install -y httpd
cd /etc/sysconfig/network-scripts/
cp -p ifcfg-lo ifcfg-lo:0
vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.60.10
NETMASK=255.255.255.0
ONBOOT=yes
cd /var/www/html
vim index.html
<h1>this is accp web</h1>
在另一台web节点上面为了验证效果设置不同的网页
cd /var/www/html
vim index.html
<h1>this is benet web</h1>
————————————————————————————————————
web节点arp过滤脚本
vim /etc/init.d/web.sh
#!/bin/bash
VIP=192.168.60.250
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.0 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p > /dev/null 2>&1
echo "realserver start ok"
;;
stop)
ifconfig lo:0 down
route delete $VIP /dev/null 2>&1
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
echo "realserver stop ok"
;;
*)
echo "Usage:$0 {start|stop}"
exit 1
esac
exit 0
——————————————————————————————————
chmod +x /etc/init.d/web/sh
ifconfig //查看IP地址是否存在,如果不存在使用
systemctl start NetworkManager
//开启成功之后关闭NetworkManager功能
systemctl restart network
service web.sh start
systemctl start httpd
【3】在调度服务器上面部署keepalived部署
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
#指向自己本地
smtp_server 127.0.0.1
smtp_connect_timeout 30
#指定lvs名称,主备不相同
router_id LVS_01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
#服务器类型master,如果是备份服务器则是BACKUP
state MASTER
#接口网卡名称
interface ens33
#组号,同一组组号相同(主备组号相同)
virtual_router_id 51
#优先级越大越优先,备份服务器的优先级要小于主服务器
priority 100
advert_int 1
#认证,不建议修改,keepalived服务器所有都要相同
authentication {
auth_type PASS
auth_pass 1111
}
#虚拟IP地址
virtual_ipaddress {
192.168.60.250
}
}
virtual_server 192.168.60.250 80 {
delay_loop 6
#lvs算法--轮询
lb_algo rr
#lvs模式DR
lb_kind DR
persistence_timeout 50
protocol TCP
#web1服务器配置信息
real_server 192.168.60.50 80 {
weight 1
#tcp检查,健康自检
TCP_CHECK {
connect_timeout 3
#添加连接端口
connect_port 80
nb_get_retry 3
delay_before_retry 3
}
}
#web2服务器配置信息
real_server 192.168.60.70 80 {
#权重
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
nb_get_retry 3
delay_before_retry 3
}
}
}
————————————————————————
systemctl start keepalived
【4】客户机验证
在lvs服务器上面重启网卡,测试与漂移地址的连通性
ping 192.168.60.250 -t //时间有点小长
多起几次网卡或者启用网络管理工具
systemctl start NetManager
在浏览器中访问web节点,192.168.60.250,刷新查看效果。
