【配置keepalived实现LVS负载均衡】

一、基于 CentOS 构建 LVS+Keepalived 高可用群集

环境准备：

步骤：
1.keepalived主从上都安装keepalived和ipvsadm,并且保证主从都能启动keepalived服务。编辑keepalived配置文件，配置主从vrrp_instance，添加virtual_server和real_server

192.168.131.107主MASTER:
[root@manager ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL1
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.131.18
    }
}

virtual_server 192.168.131.18 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.131.109 80 {
        weight 1
		TCP_CHECK {
			connect_timeout 3
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		}	
	}
    real_server 192.168.131.207 80 {
        weight 1
		TCP_CHECK {
			connect_timeout 3
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		}	
	}
}

192.168.131.108从BACKUP：
[root@backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL2
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.131.18
    }
}


virtual_server 192.168.131.18 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.131.109 80 {
        weight 1
		TCP_CHECK {
			connect_timeout 3
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		}
     }
    real_server 192.168.131.207 80 {
        weight 1
		TCP_CHECK {
			connect_timeout 3
			nb_get_retry 3
			delay_before_retry 3
			connect_port 80
		}
     }

}

2.RS1和RS2环回绑定vip设置ARP抑制，并且安装httpd部署web服务器

192.168.131.109和192.168.131.207
在RS1和RS2上用编写脚本的方式实现环回绑定vip设置ARP抑制
[root@RS1 ~]# vim  /etc/init.d/lvs_rs 
#!/bin/sh 
#
# Startup script handle the initialisation of LVS 
# chkconfig: - 28 72 
# description: Initialise the Linux Virtual Server for DR 
#
### BEGIN INIT INFO 
# Provides: ipvsadm 
# Required-Start: $local_fs $network $named 
# Required-Stop: $local_fs $remote_fs $network 
# Short-Description: Initialise the Linux Virtual Server 
# Description: The Linux Virtual Server is a highly scalable and highly 
# available server built on a cluster of real servers, with the load 
# balancer running on Linux. 
# description: start LVS of DR-RIP 
LOCK=/var/lock/ipvsadm.lock 
VIP=192.168.131.18 
. /etc/rc.d/init.d/functions
	start() { 
	PID=`ifconfig | grep lo:10 | wc -l`
	if [ $PID -ne 0 ];
	then
		echo "The LVS-DR-RIP Server is already running !" 
	else
		/sbin/ifconfig lo:10 $VIP netmask 255.255.255.255 broadcast $VIP up 
		/sbin/route add -host $VIP dev lo:10 
		echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 
		echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce 
		echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore 
		echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce 
		echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore 
		echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce /bin/touch $LOCK 
		echo "starting LVS-DR-RIP server is ok !" 
		fi 
	}
	stop() {
		/sbin/route del -host $VIP dev lo:10 
		/sbin/ifconfig lo:10 down >/dev/null 
		echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore 
		echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce 
		echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore 
		echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce 
		echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore 
		echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce rm -rf $LOCK 
		echo "stopping LVS-DR-RIP server is ok !" 
		}
	status() { 
	if [ -e $LOCK ]; 
	then
		echo "The LVS-DR-RIP Server is already running !" 
	else
		echo "The LVS-DR-RIP Server is not running !" 
		fi 
	}
case "$1" in 
	start)
		start
		;; 
	stop) 
		stop 
		;; 
	restart)
		stop 
		start 
		;; 
	status)
		status 
		;; 
	*) 
		echo "Usage: $1 {start|stop|restart|status}" 
		exit 1 
esac 
exit 0
[root@RS1 ~]# chmod +x /etc/init.d/lvs_rs
[root@RS1 ~]# chkconfig --add lvs_rs
[root@RS1 ~]# chkconfig on lvs_rs
[root@RS1 ~]# systemctl retsart lvs_rs
[root@RS1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.131.18/32 brd 192.168.131.18 scope global lo:205
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
[root@RS1 ~]# yum install httpd -y     
[root@RS1 ~]# echo "`hostname -I` web" > /var/www/html/index.html

RS2重复上述操作。
3.RS1和RS2启动httpd,keepalived主从启动keepalived

[root@RS1 ~]# systemctl restart httpd
[root@RS2 ~]# systemctl restart httpd
[root@manager ~]# systemctl restart keepalived
[root@backup ~]# systemctl restart keepalived

4.测试：在一台客户机192.168.131.106上访问vip192.168.131.18

[root@pyy ~]# curl 192.168.131.18
192.168.131.109  web 

1）测试当keepalived中有一个挂了之后，观察主的资源vip是否转移到备

192.168.131.107主MASTER:
[root@manager ~]# systemctl stop keepalived
[root@manager ~]# ip addr
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:d0:85:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.131.107/24 brd 192.168.131.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever

192.168.131.108从BACKUP:
[root@backup ~]# ip addr
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:6b:42:87 brd ff:ff:ff:ff:ff:ff
    inet 192.168.131.108/24 brd 192.168.131.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.131.18/32 scope global ens33
       valid_lft forever preferred_lft forever

web服务器正常访问：
[root@pyy ~]# curl 192.168.131.18
192.168.131.109  web

2）测试当RS中有一个挂了之后，观察资源是否跳转到另一个web服务器

RS1 192.168.131.109:
[root@RS1 ~]# systemctl stop httpd

客户机192.168.131.106再次访问vip 192.168.131.108

[root@pyy ~]# curl 192.168.131.18
192.168.131.207 web

或者用watch查看：watch ipvsadm -Ln
没关闭RS1的httpd之前

关闭了RS1的httpd之后：