LVS +Keepalived + Nginx 双主备架构部署

环境说明

拓扑结构：

（图片来源网络，侵删）
rpm包：
ipvsadm-1.27-7.el7.x86_64
keepalived-1.3.5-1.el7.x86_64
nginx-1.12.2

部署LVS节点

LVS1:
1.安装lvs和keepalived
[root@lvs1 ~]# yum -y install keepalived ipvsadm
2. 修改Keepalived配置文件 （lvs1上）

[root@lvs1 ~]# cat  /etc/keepalived/keepalived.conf

  1 ! Configuration File for keepalived
  2 
  3 global_defs {
  4    notification_email {
  5      [email protected]
  6      [email protected]
  7      [email protected]
  8    }
  9    notification_email_from [email protected]
 10    smtp_server 192.168.200.1
 11    smtp_connect_timeout 30
 12    router_id LVS1      
 13    vrrp_skip_check_adv_addr
 14    vrrp_strict
 15    vrrp_garp_interval 0
 16    vrrp_gna_interval 0
 17 }
 18 
 19 vrrp_instance VI_1 {   # 第一个主备集群
 20     state MASTER
 21     interface eth0
 22     virtual_router_id 51
 23     priority 100
 24     advert_int 1
 25     authentication {
 26         auth_type PASS
 27         auth_pass TANG_ENGINEER   #做优先级对比的密码 ，可以自定义 ，但要统一
 28     }
 29     virtual_ipaddress {
 30         192.168.4.33       # vip地址1
 31     }
 32 }
 33 
 34 virtual_server 192.168.4.33 80 {  
 35     delay_loop 6
 36     lb_algo wrr
 37     lb_kind DR
 38     protocol TCP
 39 
 40     real_server 192.168.4.66 80 {      		 # RS1
 41         weight 1
 42        TCP_CHECK {				#做tcp端口校验
 43             connect_timeout 3
 44             nb_get_retry 3
 45             delay_before_retry 3
 46         }
 47     }
 48     real_server 192.168.4.77 80 { 			# RS2
 49         weight 1
  50        TCP_CHECK {		#做tcp端口校验
 51             connect_timeout 3
 52             nb_get_retry 3
 53             delay_before_retry 3
 54         }
 55     }
 56 }
 57 ###############   访问192.168.4.33 时LVS1为主 LVS2为备 
 58 vrrp_instance VI_2 {				 # 第二个主备集群
 59     state MASTER
 60     interface eth0				
 61     virtual_router_id 50           #VRID 值要跟第一个不一样
 62     priority 10
 63     advert_int 1
 64     authentication {
 65         auth_type PASS
 66         auth_pass tang_engineer     #做优先级对比的密码 ，可以自定义 ，但要统一
 67     }
 68     virtual_ipaddress {
 69         192.168.4.22			  # vip地址2
 70     }
 71 }
 72 
 73 virtual_server 192.168.4.22 80 {				
 74     delay_loop 6
 75     lb_algo wrr
 76     lb_kind DR
 77     protocol TCP
 78 
 79     real_server 192.168.4.66 80 {			 # RS1
 80         weight 1
 81        TCP_CHECK {
 82             connect_timeout 3
 83             nb_get_retry 3
 84             delay_before_retry 3
 85         }
 86     }
 87     real_server 192.168.4.77 80 {			 # RS2
 88         weight 1
 89        TCP_CHECK {						
 90             connect_timeout 3#做tcp端口校验
 91             nb_get_retry 3
 92             delay_before_retry 3
 93         }
 94     }
 95 }
###############   访问192.168.4.22 时LVS2为主 LVS1为备

3. [root@lvs1 ~]# systemctl restart keepalived.service
4. [root@lvs1 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.4.22:80 wrr
  -> 192.168.4.66:80              Route   1      0          0         
  -> 192.168.4.77:80              Route   1      0          0         
TCP  192.168.4.33:80 wrr
  -> 192.168.4.66:80              Route   1      0          0         
  -> 192.168.4.77:80              Route   1      0          0         

LVS2:
(步骤和lvs1相同，对比keepalived文件)

  1 ! Configuration File for keepalived
  2 
  3 global_defs {
  4    notification_email {
  5      [email protected]
  6      [email protected]
  7      [email protected]
  8    }
  9    notification_email_from [email protected]
 10    smtp_server 192.168.200.1
 11    smtp_connect_timeout 30
 12    router_id LVS1
 13    vrrp_skip_check_adv_addr
 14    vrrp_strict
 15    vrrp_garp_interval 0
 16    vrrp_gna_interval 0
 17 }
 18 
 19 vrrp_instance VI_1 {			  # 第一个主备集群
 20     state MASTER
 21     interface eth0
 22    virtual_router_id 51 			  # 第一个主备集群的VRID
 23     priority 100
 24     advert_int 1
 25     authentication {
 26         auth_type PASS
 27         auth_pass TANG_ENGINEER    #做优先级对比的密码 ，可以自定义 ，但要统一
 28     }
 29     virtual_ipaddress {
 30         192.168.4.33			  # vip地址1
 31     }
 32 }
 33 
 34 virtual_server 192.168.4.33 80 {
 35     delay_loop 6
 36     lb_algo wrr
 37     lb_kind DR
 38     protocol TCP
 39 
 40     real_server 192.168.4.66 80 {   
 41         weight 1
 42        TCP_CHECK {			#做tcp端口校验
 43             connect_timeout 3
 44             nb_get_retry 3
 45             delay_before_retry 3
 46         }
 47     }
 48     real_server 192.168.4.77 80 {
 49         weight 1

50        TCP_CHECK {      #做tcp端口校验
 51             connect_timeout 3
 52             nb_get_retry 3
 53             delay_before_retry 3
 54         }
 55     }
 56 }
 57 ############
 58 vrrp_instance VI_2 {
 59     state BAKEUP
 60     interface eth1
 61     virtual_router_id 50		  # 第二个主备集群的VRID
 62     priority 10
 63     advert_int 1
 64     authentication {
 65         auth_type PASS
 66         auth_pass tang_engineer     #做优先级对比的密码 ，可以自定义 ，但要统一
 67     }
 68     virtual_ipaddress {
 69         192.168.4.22     # vip地址2
 70     }
 71 }
 72 
 73 virtual_server 192.168.4.22 80 {     	#定义集群二
 74     delay_loop 6
 75     lb_algo wrr
 76     lb_kind DR
 77     protocol TCP
 78 
 79     real_server 192.168.4.66 80 {			#RS1
 80         weight 1
 81        TCP_CHECK {			 #做tcp端口校验
 82             connect_timeout 3
 83             nb_get_retry 3
 84             delay_before_retry 3
 85         }
 86     }
 87     real_server 192.168.4.77 80 {			#RS2
 88         weight 1
 89        TCP_CHECK {       #做tcp端口校验
 90             connect_timeout 3
 91             nb_get_retry 3
 92             delay_before_retry 3
 93         }
 94     }
 95 }

查看LVS节点的VIP
LVS1的VIP为：192.168.4.33
[root@lvs1 ~]# ip a s eth0
inet 192.168.4.22/22 scope global eth0

LVS2的VIP为：192.168.4.22
[root@lvs1 ~]# ip a s eth0
inet 192.168.4.22/32 scope global eth0

web服务器配置

VIP地址配置
[root@web1 ~]# cp /etc/sysconfig/network-scripts/ifcfg- \ l{o,o:0,o:1}

[root@web1 ~]#cat /etc/sysconfig/network-scripts/ifcfg-\ l{o:0,o:1}

DEVICE=lo:0
IPADDR=192.168.4.33
NETMASK=255.255.255.255
NETWORK=192.168.4.33
BROADCAST=192.168.4.33
ONBOOT=yes
NAME=lo:0

DEVICE=lo:1
IPADDR=192.168.4.22
NETMASK=255.255.255.255
NETWORK=192.168.4.22
BROADCAST=192.168.4.22
ONBOOT=yes
NAME=lo:1

忽略ARP广播
[root@web1 ~]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_anounce = 2

激活VIP
[root@web1 ~]# systemctl restart network

[root@web1 ~]# ifconfig lo:0
lo:0: flags=73 mtu 65536
inet 192.168.4.33 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
[root@web1 ~]# ifconfig lo:1
lo:1: flags=73 mtu 65536
inet 192.168.4.22 netmask 255.255.255.255
loop txqueuelen 1 (Local Loopback)
注：web1 和 web2 的配置一致所以采用 rsync 同步后激活VIP即可
部署web测试页面，开启web服务
[root@web1 ~]#echo Holle world > /usr/local/nginx/html/index.html
(web1 和 web2 已经做了 网页目录的实时同步 )

[root@web1 ~]#ss -antpu |grep nginx
tcp LISTEN 0 128 *:80 : users:((“nginx”,pid=2147,fd=6),(“nginx”,pid=2146,fd=6))

[root@web2 ~]#ss -antpu |grep nginx
tcp LISTEN 0 128 *:80 : users:((“nginx”,pid=2147,fd=6),(“nginx”,pid=2146,fd=6))

客户端测试

[root@yaya ~]# curl 192.168.4.33
Holle world

[root@yaya ~]# curl 192.168.4.22
Holle world

可以看到通过访问不同的VIP地址均可收到相同的页面信息
以上架构均已通过测试上线，有不队之处欢迎指出
谢谢