我用前端两台服务器做一个lvs+keepalived访问到后端的两台nginx服务器,做一个简单的小测试,这里就不用ipvsadm,直接在keepalived里面配置lvs;首先简单介绍一下lvs-DR模式的工作情况吧,客户端访问到lvs,lvs会根据后端的负载情况,更改目标mac,然后直接发给一台后端服务器,后端服务器接到后会根据本地的route表将包发出去,直接以vip为source发送给客户端,而不经过lvs,所以DR要在本地配置一个vip并将该vip作为广播地址,然后将出口指向这个vip所在接口。
lvs01: 192.168.40.10
lvs02: 192.168.40.11
nginx01:192.168.40.12
nginx02:192.168.40.13
vip: 192.168.40.100
首先所有的服务器都开启路由转发功能:
[root@lvs01 ~]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1把前端两台安装keepalived。
[root@lvs01 ~]# yum install -y keepalived
[root@lvs02 ~]# yum install -y keepalived后端的两台nginx服务器做一个简单的处理,就把nginx服务开起来,确保网页能被访问到。
接下来直接配置keepalived文件。
1、备份keepalived配置文件:
[root@lvs01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lvs02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak2、修改keepalived配置文件:
[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.100
}
}
virtual_server 192.168.40.100 80 {
delay_loop 3
lb_algo rr ##使用rr算法
lb_kind DR ##使用DR模式
protocol TCP
real_server 192.168.40.12 80 {
weight 1
HTTP_GET { ##设置后端服务器的健康检查
url {
path /
status_code 200 ##检查返回值
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.40.13 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}这里要注意的就是健康检查的方式,有多种检查方式,其中我用的是检查网页返回状态码,相应的健康检查要对应检查的内容,否则会容易出错。
3、做好配置文件后将它scp到另一台lvs,也就是备份,然后要把备份的配置文件内容改一下:
state BACKUP ##状态设置为backup
interface ens33
virtual_router_id 51
priority 90 ##优先等级比master低4、启动keepalived,查看vip。
[root@lvs01 ~]# ip addr sh ens33
2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:49:e5:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.10/24 brd 192.168.40.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.40.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe49:e544/64 scope link
valid_lft forever preferred_lft forever 现在第一台lvs也就是master拥有了vip。
5、把后端的两台web服务器配置一下,可以直接写一个快速配置的脚本:
[root@nginx02 ~]# cat 2.sh
#!/bin/bash
Vip1=192.168.40.100
source /etc/rc.d/init.d/functions
case $1 in
start)
echo "config vip route arp" > /tmp/lvs1.txt
/sbin/ifconfig lo:0 $Vip1 broadcast $Vip1 netmask 255.255.255.255 up
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
route add -host $Vip1 dev lo:0
;;
stop)
echo "deletevip route arp" > /tmp/lvs2.txt
/sbin/ifconfig lo:0 down
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
route del -host $Vip1 dev lo:0
;;
*)
echo"Usage: $0 (start | stop)"
exit 1
esac两台后端服务器运行这个脚本:[root@nginx02 ~]# bash 2.sh start
这里执行start会给本地lo添加一个vip,将禁止arp广播回应,添加一个路由出口指向lo口。
[root@nginx02 ~]# ip addr sh lo
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.40.100/32 brd 192.168.40.100 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@nginx02 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.40.2 0.0.0.0 UG 100 0 0 ens33
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens37
192.168.40.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.40.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo 然后直接开另一台访问一下:
[root@centos ~]# curl http://192.168.40.100
nginx01
[root@centos ~]# curl http://192.168.40.100
nginx02
[root@centos ~]# curl http://192.168.40.100
nginx01
[root@centos ~]# curl http://192.168.40.100
nginx026、如果停止主的keepalived,那么vip会飘到备份上面。
[root@lvs01 ~]# systemctl stop keepalived
[root@lvs02 ~]# ip addr sh ens33
2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:38:e6:4e brd ff:ff:ff:ff:ff:ff
inet 192.168.40.11/24 brd 192.168.40.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.40.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe38:e64e/64 scope link
valid_lft forever preferred_lft forever 这时候我将主的服务再次开启那么他会抢占vip,这样可能会导致数据的丢失:
[root@lvs01 ~]# systemctl start keepalived
[root@lvs01 ~]# ip addr sh ens33
2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:49:e5:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.10/24 brd 192.168.40.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.40.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe49:e544/64 scope link
valid_lft forever preferred_lft foreve 7、设置不抢占模式:
vrrp_instance VI_1 {
state BACKUP ##设置两台keepalived都为backup或者是master
nopreempt ##只需要在主备的配置文件都添加,就不会抢占资源。
interface ens33
virtual_router_id 51
priority 100然后重启keepalived。这样就可以了。