实战环境(CentOS7)
VIP 10.211.55.180(虚拟IP) LVS1 10.211.55.151(主LVS) LVS2 10.211.55.152(备LVS) RS1 10.211.55.171(真实服务器1) RS2 10.211.55.172(真实服务器2)
初始化环境所有节点
iptalbes -F #清空防火墙
systemctl stop firewalld #关闭防火墙
systemctl disable firewalld #停止防火墙开机自启动
setenforce 0 #临时关闭selinux
sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config #关闭selinux
yum -y install epel-release #安装epel源
LVS1、2操作
1、安装keepalived ipvsadm
yum -y install keepalived ipvsadm
[root@localhost ~]# lsmod |grep ip_vs #检查ipvs模块
ip_vs_rr 12600 1
ip_vs 145497 3 ip_vs_rr
nf_conntrack 139264 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
2、配置keepalived (LVS1、2)
2.1 修改keepalived的配置文件
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict #
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #LVS1的这里是MASTER,则LVS2的改为BACKUP
interface eth0 #CENTOS7 ens33
virtual_router_id 51 #主备要是一致的
priority 100 #LVS1的是100,则LVS2的为100以下就行,比如90,权重越大,VIP则飘在哪一边99 89
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.211.55.180 #VIP
}
}
virtual_server 10.211.55.180 80 { #VIP
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.211.55.171 80 { #后端RS1检测
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.211.55.172 80 { #后端RS2检测
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
2.2 设置开机启动(LVS1、2)
systemctl enable keepalived
systemctl start keepalived
3、配置LVS,执行下面的脚本(LVS1、2),并把脚本设置为开机启动
vi /opt/lvs_dr.sh
#!/bin/sh
# description: Start LVS of Director server
VIP=10.211.55.180
RIP1=10.211.55.171
RIP2=10.211.55.172
case "$1" in
start)
echo " start LVS of Director Server"
# set the Virtual IP Address and sysctl parameter
# /sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
# route add -host $VIP dev eth0:0
echo "1" >/proc/sys/net/ipv4/ip_forward
#Clear IPVS table
/sbin/ipvsadm -C
#set LVS
/sbin/ipvsadm -A -t $VIP:80 -s rr # -p 600 #需要会话持久化则把此处的-p 600取消注释
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g
#Run LVS
/sbin/ipvsadm
;;
stop)
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ipvsadm -C
# /sbin/ifconfig eth0:0 down
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
chmod +x /opt/lvs_dr.sh #加执行权限
echo "/opt/lvs_dr.sh start" >>/etc/profile #开机自启动
4、配置RS操作,执行下面操作(RS1、2)
安装nginx
yum -y install nginx #RS1、2 都安装
echo 10.211.55.171 >/usr/share/nginx/html/index.html #RS1上操作
echo 10.211.55.172 >/usr/share/nginx/html/index.html #RS2上操作
systemctl start nginx #RS1、2 都操作
设置RS脚本,并设置开机自启动
vi /opt/lvs_rs.sh
#!/bin/bash VIP=10.211.55.180 /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 echo “1″ >/proc/sys/net/ipv4/conf/lo/arp_ignore echo “2″ >/proc/sys/net/ipv4/conf/lo/arp_announce echo “1″ >/proc/sys/net/ipv4/conf/all/arp_ignore echo “2″ >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
此操作是在回环设备上绑定了一个虚拟IP地址,并设定其子网掩码为255.255.255.255,与Director Server上的虚拟IP保持互通,然后禁止了本机的ARP请求。
由于虚拟ip,也就是上面的VIP地址,是Director Server和所有的Real server共享的,如果有ARP请求VIP地址时,Director Server与所有Real server都做应答的话,就出现问题了,因此,需要禁止Real server响应ARP请求。而lvsrs脚本的作用就是使Real Server不响应arp请求。
chmod + /opt/lvs_rs.sh #加执行权限
echo "/opt/lvs_rs.sh " #开机自启动
5、测试
找一个客户机,执行下面的命令
->$ for i in `seq 20`;do curl 10.211.55.180;done
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172