环境描述:centos7最小化安装
1.环境说明:
名称 | IP | 说明 |
---|---|---|
master | ens33:192.168.0.61 | vip:192.168.0.60 |
backup | ens33:192.168.0.62 | vip:192.168.0.60 |
tomcat1 | ens33:192.168.0.63 | 负载 |
tomcat2 | ens33:192.168.0.64 | 负载 |
测试机在同网段随意一台均可
tomcat安装详细步骤上一篇文章有详细描述,这里不做赘述。
2.安装ipvsadm(管理工具)+keepalived
[root@localhost ~]# yum -y install ipvsadm keepalived
3.创建lvs主备服务器运行脚本程序
[root@localhost ~]# vim /sbin/lvsdr.sh
#!/bin/bash
VIP=192.168.0.60
RIP1=192.168.0.63
RIP2=192.168.0.64
/etc/rc.d/init.d/functions
case "$1" in
start)
echo "start LVS of DirectorServer"
#Set the Virtual IP Address
/sbin/ifconfig ens33:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev ens33:1
#Clear IPVS Table
/sbin/ipvsadm -C
#Set Lvs Add route link
/sbin/ipvsadm -A -t $VIP:8080 -s wrr -p 60
/sbin/ipvsadm -a -t $VIP:8080 -r $RIP1 -g
/sbin/ipvsadm -a -t $VIP:8080 -r $RIP2 -g
# /sbin/ipvsadm -A -t $VIP:80 -s wrr -p 60
# /sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g
# /sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g
#Run Lvs
/sbin/ipvsadm
;;
stop)
echo "Close LVS Directorserver"
/sbin/ifconfig ens33:1 down
/sbin/ipvsadm -C
;;
*)
echo "Usage0{start|stop}"
exit 1
esac
4.添加权限并执行
[root@localhost ~]# chmod 755 /sbin/lvsdr.sh
[root@localhost ~]# /sbin/lvsdr.sh start
[root@localhost ~]# ipvsadm -ln
查看路由配置结果,如下图则OK
5.添加到开机启动
[root@localhost ~]# vim /etc/rc.local
/sbin/lvsdr.sh start #追加此纪录
6.将配置程序SCP到backup,并执行4、5步骤
[root@localhost ~]# scp /sbin/lvsdr.sh 192.168.0.62:/sbin/lvsdr.sh
7.tomcat1创建real服务器运行脚本程序
[root@localhost ~]# vim /sbin/realdr.sh
#!/bin/bash
VIP=192.168.0.60
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/default/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/default/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p
8.分配权限并执行
[root@localhost ~]# chmod 755 /sbin/realdr.sh
[root@localhost ~]# /sbin/realdr.sh start
[root@localhost ~]# ifconfig
可查看到lo:0上已经有了vip地址
(注:最小化安装系统ifconfig命令没有,可yum -y install net-tools进行安装)
9.设置此real运行程序自启动
[root@localhost ~]# vim /etc/rc.local
/sbin/realdr.sh start #追加此内容
10.将此real运行程序scp到tomcat2,并执行8、9步骤
11.配置keepalived
有个好习惯,配置文件之前,将原有文件备份,以免将来需要还原旧文件,可cp一份,存放目录最自己习惯
[root@localhost ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #主名称
interface ens33 #注意主机网卡名称
virtual_router_id 51 #此id主备有所不同
priority 100 #backup优先级应小于master
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.60 #vip地址,多个的话往后续写即可
}
}
virtual_server 192.168.0.60 8080 {
delay_loop 6
lb_algo rr #轮询算法
lb_kind DR #模式为DR,最常用,效率高
persistence_timeout 50
protocol TCP
real_server 192.168.0.63 8080 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.0.64 8080 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
12.将master的keepalived配置文件scp到backup
[root@localhost ~]# scp /etc/keepalived/keepalived.conf 192.168.0.62:/etc/keepalived/keepalived.conf
修改名称、id以及优先级
13.开通防火墙端口,或者关闭防火墙
此为防火墙在开启状态,访问被阻,关闭防火墙或者允许页面端口通过都可以。
实验环境可关闭防火墙:
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
生产环境建议开启端口即可,增强服务器安全性:
[root@localhost tomcat8]# firewall-cmd --permanent --add-port=8080/tcp
success
[root@localhost tomcat8]# firewall-cmd --reload
success
14.在主备启动keepalived
[root@localhost ~]# systemctl restart keepalived
15.访问vip地址
由于是DR轮询,在访问时候会两个tomcat轮流返回页面,挂掉一台后还有一台承担负荷,不至于全网GG。
16.模拟master宕机
可关机、断网、停网卡服务、停keepalived服务、防火墙阻止服务/端口……任你飞
[root@localhost ~]# systemctl stop keepalived #这里停掉master上的keepalived服务
监测日志里可看见已经stop:
[root@localhost ~]# tail -f /var/log/messages
如下图,页面访问不受影响
模拟backup宕机效果一样
17.模拟tomcat1宕机
tomcat1关机后,192.168.0.63:8080已经访问不到,但192.168.0.60:8080页面依然坚挺
至此,搞定
将问题机器处理OK后启动即可。