安装
安装必要环境组件及应用
yum -y install gcc openssl-devel popt-devel libnl* kernel-devel ipvsadm libnfnetlink libnfnetlink-devel net-snmp-agent-libs
下载keepalived
wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
建立内核软连接
ln -s /usr/src/kernels/$(uname -r)/ /usr/src/linux
解压并进行编译安装
tar xvf keepalived-1.3.5.tar.gz
cd keepalived-1.3.5
./configure
make && make install
为方便以后操作给应用部分文件创建软连接
ln -s /usr/local/etc/keepalived/ /etc/
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/sbin/keepalived /usr/sbin/
==#也可以用yum直接安装==
配置文件解析
/etc/keepalived/keepalived.conf
global_defs {
# 全局配置模块
}
vrrp_instance VI_1 {
# VRRP配置模块
}
virtual_server 192.168.111.100 80 {
# LVS配置模块
}
配置实例
服务器 | IP地址 | 说明 |
---|---|---|
主LVS调度器 | 192.168.40.11 | 用于访问WEB服务器负载均衡 |
副LVS调度器 | 192.168.40.12 | 使用Keepalived做双机备份,保证LVS负载均衡稳定性 |
LVS调度器VIP | 192.168.111.100 | 在Keepalibed配置文件中写入VIP |
WEB服务器 | 192.168.40.135 | 使用LNMP环境的后端WEB服务器 |
WEB服务器2 | 192.168.40.136 | 使用LAMP环境的后端WEB服务器 |
配置主LVS服务器 vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
#主服务器参数
interface eno16777736
#网卡接口参数
virtual_router_id 51
#VRID,主备服务器要保持一致
priority 100
#优先级ID越大优先级越高
advert_int 1
#心跳线检验时间
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.111.100
#VIP地址
}
}
virtual_server 192.168.111.100 80 {
#LVS服务器地址,使用VIP地址
delay_loop 6
#健康检查时间
lb_algo rr
#LVS调度算法
lb_kind DR
#LVS工作模式
#persistence_timeout 50
#保持客户端的请求在这个时间段内全部发到同一个真实服务器,单位为秒
protocol TCP
#使用协议
real_server 192.168.40.135 80 {
#后端真实WEB服务器1
weight 1
#配置节点权重值,值高权重
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
real_server 192.168.40.136 80 {
#后端真实WEB服务器2
weight 1
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
}
配置备份服务器 vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
#备份服务器参数
interface ens33
#网卡接口参数
virtual_router_id 51
#VRID,主备服务器要保持一致
priority 99
#优先级ID越大优先级越高
advert_int 1
#心跳线检验时间
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.111.100
#VIP地址
}
}
virtual_server 192.168.111.100 80 {
#LVS服务器地址,使用VIP地址
delay_loop 6
#健康检查时间
lb_algo rr
#LVS调度算法
lb_kind DR
#LVS工作模式
#persistence_timeout 50
#保持客户端的请求在这个时间段内全部发到同一个真实服务器,单位为秒
protocol TCP
#使用协议
real_server 192.168.40.135 80 {
#后端真实WEB服务器1
weight 1
#配置节点权重值,值高权重
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
real_server 192.168.40.136 80 {
#后端真实WEB服务器2
weight 1
TCP_CHECK {
connect_timeout=20
connect_prot 80
nb_get_retry 3
}
}
}
配置完成启用keepalived服务,并加入开机自启
/usr/sbin/keepalived
echo '/usr/sbin/keepalived' >> /etc/rc.local
==#若用systemctl启动,提示PID file /usr/local/var/run/keepalived.pid not readable (yet?) after start.无法启用服务,可手动建立PID文件,并写入进程值(ps aux查看keepalived进程)再启动==
此时,就可以测试Keepalived高可用性了,可以用ip add查看主LVS服务器是否有192.168.111.100公网VIP地址,如果有再看备用LVS服务器是否有,备用服务器应该是没有的,把主LVS服务器的keepalived服务停用,再看备用LVS如果有公网VIP地址,说明Keepalived可以使用即可往下边看。
WEB服务器配置
两个WEB服务器分别都添加回环VIP地址 cat /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
BOOTPROTO=static
IPADDR=192.168.111.100
NETMASK=255.255.255.0
NETWORK=192.168.111.10
ONBOOT=yes
多个设备均被设置了VIP地址,为防止地址冲突,修改内核ARP参数 ==#注意此处eth0网卡,部分根据不同主机网卡信息变动,如果想永久生效还需要将网卡配置信息写入到配置文件中==
#!/bin/bash
#description: config realserver lo and apply noarp
WEB_VIP=192.168.111.100 #填写对应的公网VIP地址
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $WEB_VIP netmask 255.255.255.255 broadcast $WEB_VIP
/sbin/route add -host $WEB_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/default/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/default/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $WEB_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/default/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/default/arp_announce
echo "RealServer Stoped"
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $WEB_VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $WEB_VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
开启路由转发功能
sed -i '/ip_forward/s/0/1/' /etc/sysctl.conf
重新加载sysctl文件
sysctl -p
核查检验
在主备Keepalived服务器上查看ipvsadm此时状态
ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.111.100:80 rr
-> 192.168.40.135:80 Route 1 0 0
-> 192.168.40.136:80 Route 1 0 0
此时就可以访问VIP地址测试结果了
注:主写配置信息,测试服务因图片总是失效故截取至此,可自行依照案例做服务测试