1. 程式人生 > >基於centos7上面搭建LVS+keepalived

基於centos7上面搭建LVS+keepalived

虛擬ip 啟用 png tor ESS started try ase add

基於centos7上面搭建LVS+keepalived

地址規劃調度服務器

  • DR1 主服務器:192.168.10.173
  • DR2 備份服務器:192.168.10.174

調度服務器

  • wed1:192.168.10.171
  • web2:192.168.10.172

虛擬ip

  • vip:192.168.10.10

客戶機

  • client:192.168.10.11

1:配置調度服務器DR1,DR2

[root@localhost ~]# yum install ipvsadm keepalived -y

修改DR調度服務器ip地址

  • DR1
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 
 [root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.173  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::4f55:9684:f902:826a  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
        RX packets 10547  bytes 11417482 (10.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4596  bytes 318550 (311.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  base 0x2000

改調度服務器的主配置文件

[root@localhost ~]# vim /etc/sysctl.conf 
[root@localhost ~]# cat /etc/sysctl.conf | grep net
net.ipv4.ip_forward=1 #路由轉發功能
net.ipv4.conf.all.send_redirects = 0 #關閉proc裏面的重定向
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p #重啟使之生效
  • 創建虛擬網卡
[root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33:0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33:0 #把拷貝裏面的東西全部刪除添加以下內容
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33:0
DEVICE=ens33:0 #虛擬網卡名稱
ONBOOT=yes  #虛擬網卡開啟
IPADDR=192.168.100.10 #虛擬ip
NETMASK=255.255.255.0 #子網掩碼
[root@localhost ~]# ifup /etc/sysconfig/network-scripts/ifcfg-ens33:0 #啟用虛擬網卡
[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.173  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::4f55:9684:f902:826a  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
        RX packets 11849  bytes 11530565 (10.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5254  bytes 396894 (387.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  base 0x2000  

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255
        ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
        device interrupt 19  base 0x2000  
  • 在/etc/init.d/底下添加服務啟動腳本
[root@localhost ~]# vim /etc/init.d/fir.sh
[root@localhost ~]# cat /etc/init.d/fir.sh 
#!/bin/bash
GW=192.168.10.1 #網關
VIP=192.168.10.10 #虛擬ip
RIP1=192.168.10.172 #節點服務器ip
RIP2=192.168.10.171
case "$1" in
start)
        /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
        systemctl start ipvsadm
        /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
        /sbin/route add -host $VIP dev ens33:0
        /sbin/ipvsadm -A -t $VIP:80 -s rr
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
        echo "ipvsadm starting --------------------[ok]"
        ;;
        stop)
        /sbin/ipvsadm -C
        systemctl stop ipvsadm
        ifconfig ens33:0 down
        route del $VIP
        echo "ipvsamd stoped----------------------[ok]"
         ;;
        status)
        if [ ! -e /var/lock/subsys/ipvsadm ];then
        echo "ipvsadm stoped---------------"
        exit 1
                else
                echo "ipvsamd Runing ---------[ok]"
        fi
        ;;
        *)
        echo "Usage: $0 {start|stop|status}"
        exit 1
        esac
        exit 0
[root@localhost ~]# chmod +x /etc/init.d/fir.sh 
[root@localhost ~]# service fir.sh start #啟動腳本
ipvsadm starting --------------------[ok] #執行成功
[root@localhost ~]# systemctl status ipvsadm.service #查看狀態
● ipvsadm.service - Initialise the Linux Virtual Server
   Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; disabled; vendor preset: disabled)
   Active: active (exited) since 五 2018-06-22 10:09:34 CST; 1min 5s ago
  Process: 7835 ExecStart=/bin/bash -c exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm (code=exited, status=0/SUCCESS)
 Main PID: 7835 (code=exited, status=0/SUCCESS)

6月 22 10:09:33 localhost.localdomain systemd[1]: Starting Initialise the Linux Virtual Server...
6月 22 10:09:34 localhost.localdomain systemd[1]: Started Initialise the Linux Virtual Server.
  • 配置keepalived
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
smtp_server 127.0.0.1 #監聽本地地址
vrrp_instance VI_1 {
    state MASTER #從服務器改為BACKUP
router_id LVS_01       #從服務器改為02
virtual_router_id 10 #默認51組號根據需求更改 主服務器組號10從服務器也要改成10
priority 100 #優先級100 從服務器優先級小於100就行
auth_pass 951116 #密碼改為自己的預定義密碼
virtual_ipaddress {
        192.168.10.10 #虛擬ip保留一個就行
    } 
virtual_server 192.168.10.10 80 { #對應著虛擬ip地址
delay_loop 6
    lb_algo rr #rr輪詢機制
    lb_kind DR #NAT改為DR
    persistence_timeout 50
    protocol TCP
real_server 192.168.10.171 80 { #改為真實節點ip
 weight 1
        TCP_CHECK { #SSL_GET改為TCP_CHECK
connect_port 80 #申明連接端口
connect_timeout 3 #在這行上面添加
            nb_get_retry 3
            delay_before_retry 3
        }   
    }   
#中間8行刪除
復制上面9行申明另一個節點服務器
real_server 192.168.10.172 80 { 
 weight 1
        TCP_CHECK { #SSL_GET改為TCP_CHECK
connect_port 80 
connect_timeout 3 
            nb_get_retry 3
            delay_before_retry 3
        }   
    }  
[root@localhost keepalived]# ip addr show dev ens33:0 #檢查虛擬網卡
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:a8:47:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.173/24 brd 192.168.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.10.10/32 brd 192.168.10.10 scope global ens33:0
       valid_lft forever preferred_lft forever
    inet6 fe80::4f55:9684:f902:826a/64 scope link 
       valid_lft forever preferred_lft forever

[root@localhost keepalived]# systemctl start keepalived.service  #開啟服務
[root@localhost keepalived]# systemctl status keepalived.service  #檢查服務有沒有開啟
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since 五 2018-06-22 13:09:08 CST; 5s ago
  Process: 9546 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 9547 (keepalived)
   CGroup: /system.slice/keepalived.service
           └─9547 /usr/sbin/keepalived -D
[root@localhost keepalived]# systemctl stop firewalld.service  #關閉防火墻
[root@localhost keepalived]# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since 五 2018-06-22 13:11:18 CST; 2s ago
     Docs: man:firewalld(1)
 Main PID: 673 (code=exited, status=0/SUCCESS)

6月 20 22:04:32 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 20 22:04:44 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type ‘beyond-scope‘ is not suppor...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: beyond-scope: INVALID_ICMPTYPE: No sup...me.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type ‘failed-policy‘ is not suppo...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: failed-policy: INVALID_ICMPTYPE: No su...me.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type ‘reject-route‘ is not suppor...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: reject-route: INVALID_ICMPTYPE: No sup...me.
6月 22 13:11:07 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 22 13:11:18 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost keepalived]# setenforce 0 #關閉安全模塊
  • DR2
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.174  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::dd16:ddab:ca60:3922  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:39:91:0b  txqueuelen 1000  (Ethernet)
        RX packets 10674  bytes 11430615 (10.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4643  bytes 332468 (324.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  base 0x2000 
  • 修改內核文件在/etc/stsctl.conf
[root@localhost network-scripts]# vim /etc/sysctl.conf 
[root@localhost network-scripts]# cat /etc/sysctl.conf | grep net
net.ipv4.ip_forward=1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p #啟動
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
  • 配置虛擬ip
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# cat ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.10.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# ifup ens33:0 #這直接啟動會有個報錯ip沖突
ERROR     : [/etc/sysconfig/network-scripts/ifup-eth] Error, some other host (00:0C:29:A8:47:AD) already uses address 192.168.10.10
[root@localhost network-scripts]# systemctl restart network #重啟一下網卡再啟動虛擬網卡
[root@localhost network-scripts]# ifup ens33:0
[root@localhost network-scripts]# ifconfig 
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        ether 00:0c:29:39:91:0b  txqueuelen 1000  (Ethernet)
        device interrupt 19  base 0x2000
  • 做ipvsadm啟動腳本
[root@localhost init.d]# vim ipvs.sh
[root@localhost init.d]# cat ipvs.sh 
#!/bin/bash
GW=192.168.10.1
VIP=192.168.10.10
RIP1=192.168.10.171
RIP2=192.168.10.172
case "$1" in
start)
        /sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
        systemctl start ipvsadm
        /sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
        /sbin/route add -host $VIP dev ens33:0
        /sbin/ipvsadm -A -t $VIP:80 -s rr
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
        /sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
        echo "ipvsadm starting --------------------[ok]"
        ;;
        stop)
        /sbin/ipvsadm -C
        systemctl stop ipvsadm
        ifconfig ens33:0 down
        route del $VIP
        echo "ipvsamd stoped----------------------[ok]"
         ;;
        status)
        if [ ! -e /var/lock/subsys/ipvsadm ];then
        echo "ipvsadm stoped---------------"
        exit 1
                else
                echo "ipvsamd Runing ---------[ok]"
        fi
        ;;
        *)
        echo "Usage: $0 {start|stop|status}"
        exit 1
        esac
        exit 0
[root@localhost init.d]# chmod +x ipvs.sh
[root@localhost init.d]# service ipvs.sh start
ipvsadm starting --------------------[ok]
  • keepalived部署
[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
global_defs {
  ...
  smtp_server 127.0.0.1           #指向本地
  router_id LVS_01   #指定名稱,備份服務器不同名稱
  ...             
}
vrrp_instance VI_1 {
  state BACKUP     
  priority 99              #優先級備份小於主服務器 主服務器優先級100 從就是100以下
  virtual_router_id 10     #組號相同
      auth_pass abc123         #驗證密碼
  ...

  ...
  virtual_ipaddress {
        192.168.10.10
    }
  ...
    ...
virtual_server 192.168.10.10 80 {
...
real_server 192.168.10.10 {
        weight 1
        SSL_GET { #改為TCP_CHECK  刪除下列八行
       connect_port 80 #加上本行
       connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }   
    }   
#復制上列9行 添加另一個真實節點ip
  real_server 192.168.10.172 {
        weight 1
        TCO_CHECK {
            connect_port 80
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }   
    }
[root@localhost keepalived]# systemctl start keepalived #啟動keepalived
[root@localhost keepalived]# ip addr show dev ens33:0 #查看虛擬ip
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:39:91:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.174/24 brd 192.168.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.10.10/32 brd 192.168.10.10 scope global ens33:0
       valid_lft forever preferred_lft forever
    inet6 fe80::dd16:ddab:ca60:3922/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost keepalived]# systemctl stop firewalld.service  #關閉防火墻
[root@localhost keepalived]# setenforce 0  #關閉安全模塊

2:配置節點服務器

  • wed1
    [root@localhost ~]# yum instal httpd -y
    [root@localhost ~]# ifconfig 
    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.171  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::db6:37af:7ef1:189b  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::1ad5:1879:acb3:d22  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:40:c2:52  txqueuelen 1000  (Ethernet)
        RX packets 1007027  bytes 1415625529 (1.3 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 533224  bytes 785105538 (748.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    [root@localhost ~]# systemctl start httpd.service #開啟http服務
    [root@localhost ~]# systemctl status httpd.service #查看狀態
    ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
    Active: active (running) since 三 2018-05-16 13:33:03 CST; 1 months 6 days ago
     Docs: man:httpd(8)
           man:apachectl(8)
    Process: 57260 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
    [root@localhost ~]# cd /var/www/html/ 
    [root@localhost html]# echo "this is accp web" > index.html #添加網站首頁
    [root@localhost html]# cd /etc/sysconfig/network-scripts/ #配置虛擬網卡
    [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 #復制回環網卡文本
    [root@localhost network-scripts]# vim ifcfg-lo:0 #添加一下四句話
    [root@localhost network-scripts]# cat ifcfg-lo:0 #暫時不開啟因為一開啟xshell就斷掉了
    DEVICE=lo:0 #回環網卡子接口名稱
    IPADDR=192.168.10.10 #虛擬ip
    NETMASK=255.255.255.0 #子網掩碼
    ONBOOT=yes
  • 控制服務啟動腳本
[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim wed.sh
[root@localhost init.d]# chmod +x wed.sh 
[root@localhost init.d]# cat wed.sh 
#!/bin/bash
VIP=192.168.10.10
        case "$1" in
        start)
                ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP 
                /sbin/route add -host $VIP dev lo:0 #啟用虛擬ip vip 添加網段
                echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore  #接受調度服務器給與的回饋
                echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
                sysctl -p >/dev/null 2>&1 #加載內核優化
                echo "RealServer Start OK " #提示啟動成功語句
                ;;
        stop)
                ifconfig lo:0 down
                route del $VIP /dev/null 2>&1
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
                echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
                echo "RealServer Stopd"
                ;;
        *)
                echo "Usage: $0 {start|stop}"
                exit 1
        esac
        exit 0
[root@localhost init.d]# service wed.sh start
RealServer Start OK 
[root@localhost init.d]# ifup lo:0 #開啟回環網卡
[root@localhost init.d]# systemctl stop firewalld.service #關閉防火墻
[root@localhost init.d]# setenforce 0 
[root@localhost ~]# firefox "http://127.0.0.1/" & #自測

自測(web1,web2)
技術分享圖片
技術分享圖片

  • wed2 (與節點服務器wed1同樣配置)
[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.172  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::1ad5:1879:acb3:d22  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:03:24:0b  txqueuelen 1000  (Ethernet)
        RX packets 1518  bytes 133795 (130.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 813  bytes 86276 (84.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  • 用192.168.10.10IP地址測試一下
    技術分享圖片
    技術分享圖片
  • down掉主調度服務器看能不能正常訪問
  • 測試 (down掉了7-3主調度服務器)依然能訪問
    技術分享圖片

基於centos7上面搭建LVS+keepalived