实验·部署LVS+Keepalived高可用集群

实验·部署LVS+Keepalived高可用集群

一、实验环境

所有的服务器均设为仅主机模式

注意:设为仅主机模式前先将需要的软件安装完成

lvs-master 20.0.0.20

lvs-slave 20.0.0.30

server01 20.0.0.40

server02 20.0.0.50

Win10 20.0.0.200

VIP 20.0.0.100

二、实验步骤

2.1 lvs-master与lvs-slave配置调度服务器

//安装keeplalived与ipvsadm//
[root@lvs-slave|lvs-master ~]# yum -y install keepalived ipvsadm

//文件内核设置//
[root@lvs-slave|lvs-master ~]# vim /etc/sysctl.conf
...
net.ipv4.ip_forward=1
#proc响应关闭重定向功能
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

//使配置文件生效//
[root@lvs-slave|lvs-master ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

//修改网卡配置//
[root@lvs-slave|lvs-master ~]# cd /etc/sysconfig/network-scripts/
[root@lvs-slave|lvs-master network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@lvs-slave|lvs-master network-scripts]# vim ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=20.0.0.100
NETMASK=255.255.255.0
#全部删除只需要写上面四行

//写出LVS-DR脚本文件//
[root@lvs-slave|lvs-master ~]# cd /etc/init.d/
[root@lvs-slave|lvs-master init.d]# vim dr.sh
#!/bin/bash
GW=20.0.0.1
VIP=20.0.0.100
RIP1=20.0.0.40
RIP2=20.0.0.50
case "$1" in
start)
	/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
	systemctl start ipvsadm
    /sbin/ifconfig ens33:0 $VIP netmask 255.255.255.255 broadcast $VIP up
	/sbin/route add -host $VIP dev ens33:0
	/sbin/ipvsadm -A -t $VIP:80 -s rr
    /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
	/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
	echo "ipvsadm 开启成功"
	;;
stop)
	/sbin/ipvsadm -C
	systemctl stop ipvsadm
    ifconfig ens33:0 down
    route del $VIP
    echo "ipvsadm 关闭成功"
	;;
status)
	if [! -e /var/lock/subsys/ipvsadm ];then
    echo "ipvsadm 关闭中..."
	exit 1
		else
        echo "ipvsadm 正在运行中..."
	fi
    ;;
*)
	echo "Usage:$0{start|stop|status}"
	exit 1
esac

//添加执行权限//
[root@lvs-slave|lvs-master init.d]# chmod +x dr.sh

//重启网卡并开启lvs-dr功能//
[root@lvs-slave|lvs-master init.d]# setenforce 0
[root@lvs-slave|lvs-master init.d]# systemctl stop firewalld
[root@lvs-slave|lvs-master init.d]# service network start
[root@lvs-slave|lvs-master init.d]# service dr.sh start

2.2 server01配置

//安装web服务测试//
[root@server01 ~]# yum -y install httpd
[root@server01 ~]# echo "
this is server01 web
" > /var/www/html/index.html
[root@server01 ~]# service httpd start
Redirecting to /bin/systemctl start httpd.service
[root@server01 ~]# setenforce 0
[root@server01 ~]# systemctl stop firewalld
 
//修改网卡信息//
[root@server01 ~]# cd /etc/sysconfig/network-scripts/
[root@server01 network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@server01 network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=20.0.0.100
NETMASK=255.255.255.0
ONBOOT=yes

[root@server01 ~]# cd /etc/init.d/
[root@server01 init.d]# vim web.sh
#!/bin/bash
VIP=20.0.0.100
case "$1" in
start)
	ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
    /sbin/route add -host $VIP dev lo:0
	echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
	sysctl -p >/dev/null 2>&1
	echo "RealServer Start OK"
	;;
stop)
	ifconfig lo:0 down
    route del $VIP /dev/null 2>&1
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
	echo "RealServer Stopd"
	;;
*)
	echo "Usage:$0{start|stop}"
	exit 1
esac
exit 0

[root@server01 init.d]# chmod +x web.sh
[root@server01 init.d]# service web.sh start

2.3 server02配置

//安装web服务测试//
[root@server02 ~]# yum -y install httpd
[root@server02 ~]# echo "
this is server02 web
" > /var/www/html/index.html
[root@server02 ~]# service httpd start
Redirecting to /bin/systemctl start httpd.service
[root@server02 ~]# setenforce 0
[root@server02 ~]# systemctl stop firewalld
 
 //修改网卡信息//
[root@server02 ~]# cd /etc/sysconfig/network-scripts/
[root@server02 network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@server02 network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=20.0.0.100
NETMASK=255.255.255.0
ONBOOT=yes

[root@server01 ~]# cd /etc/init.d/
[root@server01 init.d]# vim web.sh
#!/bin/bash
VIP=20.0.0.100
case "$1" in
start)
	ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
    /sbin/route add -host $VIP dev lo:0
	echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
	sysctl -p >/dev/null 2>&1
	echo "RealServer Start OK"
	;;
stop)
	ifconfig lo:0 down
    route del $VIP /dev/null 2>&1
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
	echo "RealServer Stopd"
	;;
*)
	echo "Usage:$0{start|stop}"
	exit 1
esac
exit 0

[root@server01 init.d]# chmod +x web.sh
[root@server01 init.d]# service web.sh start

2.4 Keepalived部署

[root@lvs-slave|lvs-master ~]# cd /etc/keepalived/
[root@lvs-slave|lvs-master ~]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_01
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }   
    virtual_ipaddress {
        20.0.0.100
    }   
}   
virtual_server 20.0.0.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind dr
    persistence_timeout 50
    protocol TCP

    real_server 20.0.0.40 80 {
        weight 1
        TCP_CHECK{
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
    real_server 20.0.0.50 80 {
        weight 1
        TCP_CHECK{
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

[root@lvs-slave|lvs-master ~]# systemctl start keepalived

三、实验结果

//lvs-master重启网卡//
[root@lvs-master ~]# service network restart
//lvs-slave重启网卡//
[root@lvs-slave ~]# service network restart

Win 10里面尝试ping通通之后就可以取浏览器访问VIP