(1) Experimental environment: two high-availability hosts, two web hosts
(2) On Ha1 and Ha2 servers, use keepalived to achieve high availability and high load
1. Configure the load scheduler (Ha1, Ha2 are the same)
1.1. Turn off the firewall & selinux
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
1.2. Install high availability service and ipvsadm tool
yum -y install ipvsadm keepalived
modprobe ip_vs
cat /proc/net/ip_vs
1.3. Configure keeplived (Ha1 (main) and Ha2 (standby) must be configured)
#配置keeplived(Ha1、Ha2上都要设置)
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak
vim keepalived.conf
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1 #邮件服务指向本地
smtp_connect_timeout 30
router_id LVS_01 #指定服务器名称,主备服务器名称不同
vrrp_skip_check_adv_addr
# vrrp_strict #禁用vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { #定义VRRP热备实例参数
state MASTER #指定热备状态,主:MASTER,备:BACKUP
interface ens160 #指定承载地址的物理接口
virtual_router_id 1 #指定虚拟路由器的ID号,主备保持一致
priority 100 #指定服务器优先级,主:100,备:90
advert_int 1 #通告间隔秒数(心跳频率)
authentication { #定义认证信息
autu_type PASS #认证类型
auth_pass P@ssw0rd #指定验证密码,主备保持一致
}
virtual_ipaddress { #指定集群地址
192.168.100.200
}
}
virtual_server 192.168.100.200 80 { #指定虚拟服务器地址、端口,定义虚拟服务器和web服务器参数
delay_loop 6 #健康检查的间隔时间(秒)
lb_algo rr #指定调度算法,轮询(rr)
lb_kind DR #指定集群工作模式,直接路由(DR)
persistence_timeout 50 #连接保持时间(秒)
protocol TCP #应用服务采用的是TCP协议
real_server 192.168.100.37 80 { #指定第一个web节点地址、端口
weight 1 #节点的权重
TCP_CHECK {
connect_port 80 #添加检查的目标端口
connect_timeout 3 #添加连接超时(秒)
nb_get_retry 3 #添加重试次数
delay_before_retry 4 #添加重试间隔
}
}
real_server 192.168.100.38 80 { #指定第二个web节点的地址、端口
weight 1
HTTP_GET {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
注释:删除后面多余的配置
#启动keepalived
systemctl start keepalived
1.4. Back up server-related configuration files
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_02
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 1
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass P@ssw0rd
}
virtual_ipaddress {
192.168.100.200
}
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.37 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
real_server 192.168.100.38 80 {
weight 1
HTTP_GET {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
1.5. Start the keepalived service
systemctl start keepalived
ip addr show dev ens160 #查看集群IP是否添加成功
1.6. Configure distribution strategy (master, backup)
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm
ipvsadm -C
ipvsadm -A -t 192.168.100.200:80 -s rr
ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.37:80 -g
ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.38:80 -g
ipvsadm
ipvsadm -ln
ipvsadm-save > /etc/sysconfig/ipvsadm
1.7. Adjust the kernel proc response parameters, turn off the redirection parameter response of the Linux kernel
vim /etc/sysctl.conf
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens160.send_redirects = 0
sysctl -p
(3) Configure virtual IP addresses and add loopback routes for the two web servers
1. Adjust kernel parameters
vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
2. Configure the loopback address (the address is the cluster address)
ifconfig lo:0 192.168.100.200 netmask 255.255.255.255 broadcast 192.168.100.200
3. Add routing
route add -host 192.168.10.150 dev lo:0
(4) Test web service cluster
1. Turn off the firewall and selinux of the two web servers
systemctl stop firewalld
systemctl enable firewalld
setenforce 0
2. Create a test web page on two web servers
/usr/share/nginx/html
rm -rf *
echo "web1:192.168.100.37" > index.html
echo "web2:192.168.100.38" > index.html
3. Restart the web server
systemctl restart nginx
4. Check the highly available server, currently only the main server has a virtual IP
5. Client access test, successfully achieve load balancing
6. High-availability server test, shut down the main server, check the backup server, the backup server successfully seized the virtual IP