基于centos7上面搭建LVS+keepalived

59519751

基于centos7上面搭建LVS+keepalived
　　地址规划调度服务器

• DR1 主服务器：192.168.10.173
  
• DR2 备份服务器：192.168.10.174
  

　　调度服务器

• wed1：192.168.10.171
  
• web2：192.168.10.172
  

　　虚拟ip

• vip：192.168.10.10
  

　　客户机

• client：192.168.10.11
  

　　1：配置调度服务器DR1,DR2

[root@localhost ~]# yum install ipvsadm keepalived -y
　　修改DR调度服务器ip地址

• DR1
  

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# ifconfig
ens33: flags=4163  mtu 1500
inet 192.168.10.173  netmask 255.255.255.0  broadcast 192.168.10.255
inet6 fe80::4f55:9684:f902:826a  prefixlen 64  scopeid 0x20
ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
RX packets 10547  bytes 11417482 (10.8 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 4596  bytes 318550 (311.0 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 19  base 0x2000

　　改调度服务器的主配置文件

[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# cat /etc/sysctl.conf | grep net
net.ipv4.ip_forward=1 #路由转发功能
net.ipv4.conf.all.send_redirects = 0 #关闭proc里面的重定向
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p #重启使之生效

• 创建虚拟网卡
  

[root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33:0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33:0 #把拷贝里面的东西全部删除添加以下内容
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33:0
DEVICE=ens33:0 #虚拟网卡名称
ONBOOT=yes  #虚拟网卡开启
IPADDR=192.168.100.10 #虚拟ip
NETMASK=255.255.255.0 #子网掩码
[root@localhost ~]# ifup /etc/sysconfig/network-scripts/ifcfg-ens33:0 #启用虚拟网卡
[root@localhost ~]# ifconfig
ens33: flags=4163  mtu 1500
inet 192.168.10.173  netmask 255.255.255.0  broadcast 192.168.10.255
inet6 fe80::4f55:9684:f902:826a  prefixlen 64  scopeid 0x20
ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
RX packets 11849  bytes 11530565 (10.9 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 5254  bytes 396894 (387.5 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 19  base 0x2000  
ens33:0: flags=4163  mtu 1500
inet 192.168.100.10  netmask 255.255.255.0  broadcast 192.168.100.255
ether 00:0c:29:a8:47:ad  txqueuelen 1000  (Ethernet)
device interrupt 19  base 0x2000  

• 在/etc/init.d/底下添加服务启动脚本
  

[root@localhost ~]# vim /etc/init.d/fir.sh
[root@localhost ~]# cat /etc/init.d/fir.sh
#!/bin/bash
GW=192.168.10.1 #网关
VIP=192.168.10.10 #虚拟ip
RIP1=192.168.10.172 #节点服务器ip
RIP2=192.168.10.171
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting --------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsamd stoped----------------------[ok]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped---------------"
exit 1
else
echo "ipvsamd Runing ---------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
[root@localhost ~]# chmod +x /etc/init.d/fir.sh
[root@localhost ~]# service fir.sh start #启动脚本
ipvsadm starting --------------------[ok] #执行成功
[root@localhost ~]# systemctl status ipvsadm.service #查看状态
● ipvsadm.service - Initialise the Linux Virtual Server
Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; disabled; vendor preset: disabled)
Active: active (exited) since 五 2018-06-22 10:09:34 CST; 1min 5s ago
Process: 7835 ExecStart=/bin/bash -c exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm (code=exited, status=0/SUCCESS)
Main PID: 7835 (code=exited, status=0/SUCCESS)
6月 22 10:09:33 localhost.localdomain systemd[1]: Starting Initialise the Linux Virtual Server...
6月 22 10:09:34 localhost.localdomain systemd[1]: Started Initialise the Linux Virtual Server.

• 配置keepalived
  

[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
smtp_server 127.0.0.1 #监听本地地址
vrrp_instance VI_1 {
state MASTER #从服务器改为BACKUP
router_id LVS_01       #从服务器改为02
virtual_router_id 10 #默认51组号根据需求更改 主服务器组号10从服务器也要改成10
priority 100 #优先级100 从服务器优先级小于100就行
auth_pass 951116 #密码改为自己的预定义密码
virtual_ipaddress {
192.168.10.10 #虚拟ip保留一个就行
}
virtual_server 192.168.10.10 80 { #对应着虚拟ip地址
delay_loop 6
lb_algo rr #rr轮询机制
lb_kind DR #NAT改为DR
persistence_timeout 50
protocol TCP
real_server 192.168.10.171 80 { #改为真实节点ip
weight 1
TCP_CHECK { #SSL_GET改为TCP_CHECK
connect_port 80 #申明连接端口
connect_timeout 3 #在这行上面添加
nb_get_retry 3
delay_before_retry 3
}   
}   
#中间8行删除
复制上面9行申明另一个节点服务器
real_server 192.168.10.172 80 {
weight 1
TCP_CHECK { #SSL_GET改为TCP_CHECK
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}   
}  
[root@localhost keepalived]# ip addr show dev ens33:0 #检查虚拟网卡
2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a8:47:ad brd ff:ff:ff:ff:ff:ff
inet 192.168.10.173/24 brd 192.168.10.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.10/32 brd 192.168.10.10 scope global ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::4f55:9684:f902:826a/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# systemctl start keepalived.service  #开启服务
[root@localhost keepalived]# systemctl status keepalived.service  #检查服务有没有开启
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2018-06-22 13:09:08 CST; 5s ago
Process: 9546 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 9547 (keepalived)
CGroup: /system.slice/keepalived.service
└─9547 /usr/sbin/keepalived -D

[root@localhost keepalived]# systemctl stop firewalld.service  #关闭防火墙
[root@localhost keepalived]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since 五 2018-06-22 13:11:18 CST; 2s ago
Docs: man:firewalld(1)
Main PID: 673 (code=exited, status=0/SUCCESS)
6月 20 22:04:32 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
6月 20 22:04:44 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type 'beyond-scope' is not suppor...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: beyond-scope: INVALID_ICMPTYPE: No sup...me.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type 'failed-policy' is not suppo...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: failed-policy: INVALID_ICMPTYPE: No su...me.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: ICMP type 'reject-route' is not suppor...v6.
6月 20 22:04:50 localhost.localdomain firewalld[673]: WARNING: reject-route: INVALID_ICMPTYPE: No sup...me.
6月 22 13:11:07 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
6月 22 13:11:18 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost keepalived]# setenforce 0 #关闭安全模块

• DR2
  

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# ifconfig
ens33: flags=4163  mtu 1500
inet 192.168.10.174  netmask 255.255.255.0  broadcast 192.168.10.255
inet6 fe80::dd16:ddab:ca60:3922  prefixlen 64  scopeid 0x20
ether 00:0c:29:39:91:0b  txqueuelen 1000  (Ethernet)
RX packets 10674  bytes 11430615 (10.9 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 4643  bytes 332468 (324.6 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 19  base 0x2000

• 修改内核文件在/etc/stsctl.conf
  

[root@localhost network-scripts]# vim /etc/sysctl.conf
[root@localhost network-scripts]# cat /etc/sysctl.conf | grep net
net.ipv4.ip_forward=1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost network-scripts]# sysctl -p #启动
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0

• 配置虚拟ip
  

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# cat ifcfg-ens33:0
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.10.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# ifup ens33:0 #这直接启动会有个报错ip冲突
ERROR     : [/etc/sysconfig/network-scripts/ifup-eth] Error, some other host (00:0C:29:A8:47:AD) already uses address 192.168.10.10
[root@localhost network-scripts]# systemctl restart network #重启一下网卡再启动虚拟网卡
[root@localhost network-scripts]# ifup ens33:0
[root@localhost network-scripts]# ifconfig
ens33:0: flags=4163  mtu 1500
inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
ether 00:0c:29:39:91:0b  txqueuelen 1000  (Ethernet)
device interrupt 19  base 0x2000

• 做ipvsadm启动脚本
  

[root@localhost init.d]# vim ipvs.sh
[root@localhost init.d]# cat ipvs.sh
#!/bin/bash
GW=192.168.10.1
VIP=192.168.10.10
RIP1=192.168.10.171
RIP2=192.168.10.172
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting --------------------[ok]"
;;
stop)
/sbin/ipvsadm -C
systemctl stop ipvsadm
ifconfig ens33:0 down
route del $VIP
echo "ipvsamd stoped----------------------[ok]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm stoped---------------"
exit 1
else
echo "ipvsamd Runing ---------[ok]"
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
exit 1
esac
exit 0
[root@localhost init.d]# chmod +x ipvs.sh
[root@localhost init.d]# service ipvs.sh start
ipvsadm starting --------------------[ok]

• keepalived部署
  

[root@localhost init.d]# cd /etc/keepalived/
[root@localhost keepalived]# vim keepalived.conf
global_defs {
...
smtp_server 127.0.0.1           #指向本地
router_id LVS_01   #指定名称,备份服务器不同名称
...            
}
vrrp_instance VI_1 {
state BACKUP     
priority 99              #优先级备份小于主服务器 主服务器优先级100 从就是100以下
virtual_router_id 10     #组号相同
auth_pass abc123         #验证密码
...
...
virtual_ipaddress {
192.168.10.10
}
...
...
virtual_server 192.168.10.10 80 {
...
real_server 192.168.10.10 {
weight 1
SSL_GET { #改为TCP_CHECK  删除下列八行
connect_port 80 #加上本行
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}   
}   
#复制上列9行 添加另一个真实节点ip
real_server 192.168.10.172 {
weight 1
TCO_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}   
}
[root@localhost keepalived]# systemctl start keepalived #启动keepalived
[root@localhost keepalived]# ip addr show dev ens33:0 #查看虚拟ip
2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:39:91:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.174/24 brd 192.168.10.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.10.10/32 brd 192.168.10.10 scope global ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::dd16:ddab:ca60:3922/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# systemctl stop firewalld.service  #关闭防火墙
[root@localhost keepalived]# setenforce 0  #关闭安全模块
　　2：配置节点服务器

• wed1
  [root@localhost ~]# yum instal httpd -y
  [root@localhost ~]# ifconfig
  ens33: flags=4163  mtu 1500
  inet 192.168.10.171  netmask 255.255.255.0  broadcast 192.168.10.255
  inet6 fe80::db6:37af:7ef1:189b  prefixlen 64  scopeid 0x20
  inet6 fe80::1ad5:1879:acb3:d22  prefixlen 64  scopeid 0x20
  ether 00:0c:29:40:c2:52  txqueuelen 1000  (Ethernet)
  RX packets 1007027  bytes 1415625529 (1.3 GiB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 533224  bytes 785105538 (748.7 MiB)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  [root@localhost ~]# systemctl start httpd.service #开启http服务
  [root@localhost ~]# systemctl status httpd.service #查看状态
  ● httpd.service - The Apache HTTP Server
  Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Active: active (running) since 三 2018-05-16 13:33:03 CST; 1 months 6 days ago
  Docs: man:httpd(8)
  man:apachectl(8)
  Process: 57260 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
  [root@localhost ~]# cd /var/www/html/
  [root@localhost html]# echo "this is accp web" > index.html #添加网站首页
  [root@localhost html]# cd /etc/sysconfig/network-scripts/ #配置虚拟网卡
  [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0 #复制回环网卡文本
  [root@localhost network-scripts]# vim ifcfg-lo:0 #添加一下四句话
  [root@localhost network-scripts]# cat ifcfg-lo:0 #暂时不开启因为一开启xshell就断掉了
  DEVICE=lo:0 #回环网卡子接口名称
  IPADDR=192.168.10.10 #虚拟ip
  NETMASK=255.255.255.0 #子网掩码
  ONBOOT=yes
  
• 控制服务启动脚本
  

[root@localhost network-scripts]# cd /etc/init.d/
[root@localhost init.d]# vim wed.sh
[root@localhost init.d]# chmod +x wed.sh
[root@localhost init.d]# cat wed.sh
#!/bin/bash
VIP=192.168.10.10
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0 #启用虚拟ip vip 添加网段
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore  #接受调度服务器给与的回馈
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1 #加载内核优化
echo "RealServer Start OK " #提示启动成功语句
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stopd"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@localhost init.d]# service wed.sh start
RealServer Start OK
[root@localhost init.d]# ifup lo:0 #开启回环网卡
[root@localhost init.d]# systemctl stop firewalld.service #关闭防火墙
[root@localhost init.d]# setenforce 0
[root@localhost ~]# firefox "http://127.0.0.1/" & #自测
　　自测（web1，web2）

• wed2 （与节点服务器wed1同样配置）
  

[root@localhost ~]# ifconfig
ens33: flags=4163  mtu 1500
inet 192.168.10.172  netmask 255.255.255.0  broadcast 192.168.10.255
inet6 fe80::1ad5:1879:acb3:d22  prefixlen 64  scopeid 0x20
ether 00:0c:29:03:24:0b  txqueuelen 1000  (Ethernet)
RX packets 1518  bytes 133795 (130.6 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 813  bytes 86276 (84.2 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

• 用192.168.10.10IP地址测试一下
  
  
  
• down掉主调度服务器看能不能正常访问
  
• 测试 （down掉了7-3主调度服务器）依然能访问