前言
对于理论不是很了解的小伙伴可以看看我之前写的博客
链接: https://blog.csdn.net/m0_47219942/article/details/108368922.
实验环境
-
为了进一步提高公司网站的负载能力,公司决定扩展现有的网站平台,基于LVS构筑负载均衡群集。考虑到群集的访问效率,管理员准备采用LVS群集的DR模式,共享存储设备存放在内部专有网络中
-
五台centos7虚拟机
- LVS1:192.168.100.130
- LVS2:192.168.100.129
- Web1:192.168.100.201
- Web2:192.168.100.202
- VIP:192.168.100.10
- Win 7:192.168.100.100
实验拓扑结构图
实验目的
win7客户机通过访问lvs调度器漂移IP地址可以成功访问web节点服务器内容
调度器配置
- 两台LVS服务器都安装工具包
yum install keepalived ipvsadm -y 'keepalived:双机热备要用到的,ipvsadm:调度管理要用'
- 两台LVS服务器都开启路由转发,关闭重定向
vim /etc/sysctl.conf
'尾行插入下段配置'
net.ipv4.ip_forward=1
'proc响应关闭重定向功能'
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@localhost ~]# sysctl -p '重载配置,立即生效'
net.ipv4.ip_forward = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
- 两台LVS服务器都修改网卡为仅主机模式
- 两台LVS服务器都为ens33配置IP地址、ens33:0配置ⅥP地址
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0 '配置虚拟ip地址'
'删除原本内容,添加以下配置'
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容,修改为static'
BOOTPROTO=static
'...省略内容,尾行添加内容'
IPADDR=192.168.100.130
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp -p ifcfg-ens33 ifcfg-ens33:0
[root@localhost network-scripts]# vim ifcfg-ens33:0 '配置虚拟ip地址'
'删除原本内容,添加以下配置'
DEVICE=ens33:0
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容,修改为static'
BOOTPROTO=static
'...省略内容,尾行添加内容'
IPADDR=192.168.100.129
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
- 两台LVS服务器都创建脚本便于service管理
cd /etc/init.d
vim dr.sh
#'编辑以下脚本内容'
#!/bin/bash
GW=192.168.100.1
VIP=192.168.100.10 #'虚拟IP'
RIP1=192.168.100.201 #'真实web服务器ip'
RIP2=192.168.100.202
case "$1" in
start)
/sbin/ipvsadm --save > /etc/sysconfig/ipvsadm #'保存配置'
systemctl start ipvsadm #'启动服务'
/sbin/ifconfig ens33:0 $VIP broadcast $VIP netmask 255.255.255.255 broadcast $VIP up
/sbin/route add -host $VIP dev ens33:0 #'添加路由网段信息'
/sbin/ipvsadm -A -t $VIP:80 -s rr #'指定虚拟服务访问入口,指定轮询算法'
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g #'指定真实服务器,-g表示dr模式'
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
echo "ipvsadm starting [ok]"
;;
stop)
/sbin/ipvsadm -C #'清空缓存'
systemctl stop ipvsadm #'关闭服务'
ifconfig ens33:0 down #'关闭接口'
route del $VIP #'删除路由信息'
echo "ipvsadm stoped [ok]"
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then #'判断文件存在与否决定状态'
echo "ipvsadm stoped"
exit 1
else
echo "ipvsadm Runing [ok]"
fi
;;
*)
echo "Usage:$0 {start|stop|status}"
exit 1
esac
exit 0
[root@localhost init.d]# chmod +x dr.sh
[root@localhost init.d]# service dr.sh start
ipvsadm starting [ok]
[root@localhost init.d]# systemctl stop firewalld.service
[root@localhost init.d]# setenforce 0
配置两台节点服务器
- 在两台节点服务器上安装配置httpd服务
yum install httpd -y
- 配置两台节点IP地址绑定VIP
- LVS-DR中,两台节点服务器要配置绑定VIP地址
- VIP地址仅用作Web响应数据包的源地址,并不监听客户机的访问请求
- 都修改为仅主机模式
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-n0C8hbiY-1599011612983)(C:\Users\kevin\AppData\Roaming\Typora\typora-user-images\image-20200901230131659.png)]](https://img-blog.csdnimg.cn/20200902095614538.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L20wXzQ3MjE5OTQy,size_16,color_FFFFFF,t_70#pic_center)
- 两台节点服务器为ens33配置IP地址,为lo:0配置VIP地址
cd /etc/sysconfig/network-scripts
cp -p ifcfg-lo ifcfg-lo:0
vim ifcfg-lo 0
DEVICE=lo:0
IPADDR=192.168.100.10
NETMASK=255.255.255.0
ONBOOT=yes
[root@localhost network-scripts]# vim ifcfg-ens33
'...省略内容,修改为static'
BOOTPROTO=static
'...省略内容,尾行添加内容'
IPADDR=192.168.100.201
NETMASK=255.255.255.0
GATEWAY=192.168.100.1
'其中web2服务器修改为192.168.100.202'
IPADDR=192.168.100.202
- 两个节点服务器配置抑制ARP响应
'配置抑制ARP脚本'
[root@localhost network-scripts]# vim /etc/init.d/web.sh
#!/bin/bash
VIP=192.168.100.10
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 'arp忽略'
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK "
;;
stop)
ifconfig lo:0 down
route del $VIP /dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore 'arp开启'
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stopd"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@localhost network-scripts]# chmod +x /etc/init.d/web.sh
- 两台节点服务器配置测试网址
分别创建测试网页,测试网页内容要不相同,以区别不同的节点服务器
cd /var/www/html
echo "this is kevin web" > index.html
[root@wlocalhost ~]# vim /var/www/html/index.html
<h1>this is benet web</h1>
- 重启网卡、开启虚拟端口、开启LVS服务、关闭防火墙
systemctl restart network
ifup ens33:0
service dr.sh start
systemctl start httpd
systemctl stop firewalld
setenforce 0
双机热备keepalived配置
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 '邮件协议指向自己'
smtp_connect_timeout 30
router_id LVS_01 'router_id不能相同'
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER '主服务器为MASTER,备服务器为BACKUP'
interface ens33
virtual_router_id 51 '主备组号要相同'
priority 100 '优先级,备服务器的优先级要小于主'
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 '主备密码要相同'
}
virtual_ipaddress {
192.168.100.10
}
}
virtual_server 192.168.100.10 80 {
delay_loop 6
lb_algo rr '轮询算法'
lb_kind DR '修改为DR模式'
persistence_timeout 50
protocol TCP
real_server 192.168.100.201 80 {
'节点1配置'
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.202 80 {
'节点2配置'
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
- 第二台lvs调度器与第一台调度器不同的地方
[root@localhost keepalived]# scp keepalived.conf root@192.168.100.130:/etc/keepalived/ '将keepalived.conf文件远程复制到130调度服务器上'
The authenticity of host '192.168.100.130 (192.168.100.130)' can't be established.
ECDSA key fingerprint is SHA256:W+MleaejDosjJJV1F2noJPAGWA/d2qESydwosqTqWWw.
ECDSA key fingerprint is MD5:68:5f:ee:e5:76:ca:96:01:5d:d8:b9:1f:4b:5a:58:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.130' (ECDSA) to the list of known hosts.
root@192.168.100.130's password:
keepalived.conf 100% 1195 1.0MB/s 00:00
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
'只需要修改三个地方'
...省略内容
router_id LVS_02 'router_id不能相同'
...省略内容
vrrp_instance VI_1 {
state BACKUP '此处选择为BACKUP备服务器'
priority 90 '优先级需要低于主服务器'
...省略内容
'其他配置都相同'
- 开启keepalived服务和网卡服务
systemctl start keepalived
service network restart
- 两台DR调度服务器通过ifconfig查看
测试
- 客户端配置
注意最后页面的点:如果一直刷新的是同一个网页内容,清除一下缓存,等待缓存时间结束再重新访问一下