keepalive+lvs的vip高可用实验

浏览:92
jackios 2020-09-09 17:20

安装keepalive +lvs的master主机

Ip 192.168.195.131

1.安装master组件和依赖包

yum  install keepalived ipvsadm gcc openssl openssl-devel  -y

2.备份keepalived的配置文件

cp /etc/keepalived/keepalived.conf {,.bak}

3.编辑配置文件

cat> /etc/keepalived/keepalived.conf<<EOF
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     3341084075@qq.com                       ## 此处设置虚ip切换时候的通知邮箱
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL                       ##设置lvs的id全网唯一
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
 
vrrp_instance VI_1 {
    state MASTER                   ## 设置lvs的状态,MASTE和SLAAVE  BACKUP需要修改此处
    interface ens33                ##设置服务的接口
    virtual_router_id 51          ##设置虚拟路由的id(master和backup)需要一致 ,不然主备无法通信,切换
    priority 100                     ##设置主从的优先级  BACKUP需要修改此处
    advert_int 1
    authentication {               ##设置验证类型的和密码
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {           ##设置vip
        192.168.195.12
    }
}
 
virtual_server 192.168.195.12 80 {
    delay_loop 6                       ##健康检查间隔
    lb_algo rr                             ## lvs调度算法
    lb_kind DR                        ##lvs调度模式
    persistence_timeout 50     ##会话保持的时间
    protocol TCP                    ##协议
 
    real_server 192.168.195.128 80 {    ##真实的服务器
        weight 1                                 ##权重 1
        TCP_CHECK {
        connect_timeout 10                                                                                                     
        nb_get_retry 3                                                                                                        
        delay_before_retry 3                                                                                                   
        connect_port 80                                                                                                       
        }     
    }
 
    real_server 192.168.195.129 80 {
       
        weight 1
       TCP_CHECK {
        connect_timeout 10                                                                                                     
        nb_get_retry 3                                                                                                        
        delay_before_retry 3                                                                                                   
        connect_port 80                                                                                                       
        }     
    }
}
EOF

4.开启路由转发

1)添加配置文件 开启网络转发

echo 1 > /proc/sys/net/ipv4/ip_forward

2)刷新配置

sysctl  -p

5重启keepalived服务并设置开机自启动

1)重启keepalive

systemctl restart keepalived

2)设置开机自启动

systemctl enable keepalived

注:如果服务启动不起来,并报错/usr/lib64/perl5/CORE/libperl.so: file too short,那就必须先升级perl,然后在重新安装这些步骤哦!

 

6查看服务

ipvsadm -l

image.png

安装keepalive +lvs backup主机

Ip 192.168.195.130

1.安装backup组件和依赖包

yum  install keepalived ipvsadm gcc openssl openssl-devel popt-devel -y

2.备份keepalived的配置文件

cp /etc/keepalived/keepalived.conf {,.bak}

3.编辑配置文件

vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     3341084075@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1:
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
 
vrrp_instance VI_1 {
    state backup
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1            
    authentication { 
        auth_type PASS 
        auth_pass 1111
    }
    virtual_ipaddress { 
        192.168.195.12 
    }
}
 
virtual_server 192.168.195.12 80 {
    delay_loop 6   
    lb_algo rr  
    lb_kind DR
    persistence_timeout 50  
    protocol TCP   
    real_server 192.168.195.128 80 {
        weight 1 
        SSL_GET { 
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            } 
            conect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
 
    real_server 192.168.195.129 80 {
        weight 1 
        SSL_GET {
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

4.开启路由转发

1)添加配置文件

echo 1 > /proc/sys/net/ipv4/ip_forward

2)刷新配置

sysctl  -p

5重启keepalived服务并设置开机自启动

1)重启keepalive

systemctl restart keepalived

2)设置开机自启动

systemctl enable keepalived

注:如果服务启动不起来,并报错/usr/lib64/perl5/CORE/libperl.so: file too short,那就必须先升级perl,然后在重新安装这些步骤哦!

6查看服务

ipvsadm  -l

image.png

安装 nginx

这里使用ngixn的脚本安装

#!/bin/bash
#2020年7月11日22:08:39
#by jackios
#####
yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel net-tools
cd /usr/local/src
if [ ! -d nginx-1.16.1.tar.gz ]  ; then
        wget http://nginx.org/download/nginx-1.16.1.tar.gz
fi
echo "tar"
tar xf nginx-1.16.1.tar.gz -C /usr/local
echo "build"
cd /usr/local/nginx-1.16.1
useradd -s /sbin/nologin nginx -M
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/temp/nginx/client \
--http-proxy-temp-path=/var/temp/nginx/proxy \
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
--http-scgi-temp-path=/var/temp/nginx/scgi
make -j2
make install -j2
echo "start"
mkdir -p /var/temp/nginx
mkdir -p /var/run/nginx
/usr/local/nginx/sbin/nginx
ps -ef|grep nginx
netstat -ntlp|grep 80
systemctl stop firewall.service

 

使用脚本配置vip

  • arp_ignore参数(1)含义:只响应目标IP配在真实物理网卡上的ARP解析;

  • arp_announce参数(2)含义:忽略报文的源IP地址,使用主机上能够跟用户通信的真实网卡发送数据。


#!/bin/sh
#LVS Client Server
VIP=192.168.195.12
case  $1 in
start)
    ifconfig lo:1 $VIP netmask 255.255.255.255 broadcast $VIP
    /sbin/route add -host $VIP dev lo:1
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
    sysctl -p >/dev/null 2>&1
    echo "RealServer Start OK"
    exit 0
    ;;
stop)
    ifconfig lo:1 down
    route del $VIP >/dev/null 2>&1
    echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
    echo "RealServer Stoped OK"
exit 1
;;
   *)
    echo "Usage: $0 {start|stop}"
;;
esac


使用的脚本的命令在sh中有提示

最后在浏览器上访问 vip  192.168.58.12 就可到 192.168.58.128 或者129上的nginx上


如果觉得我的文章对你有用,请随意赞赏

待完善
不要去追一匹马,用追马的时间种草,待到春暖花开时,就会有一批骏马任你挑选;不要去刻意巴结一个人,用暂时没有朋友的时间,去提升自己的能力,待到时机成熟时,就会有一批的朋友与你行。用人情做出来的朋友只是暂时的,用人格吸引来的朋友才是长久的。所以种下梧桐树,引得凤凰来。你若盛开,蝴蝶自来,你若精彩,天自安排
微信扫码登录测试

Powered by Jackios V1.0 Copyright © 2019-2020 liuql 版权所有 备案号: 鲁ICP19026293号