当前位置: 首页 > article >正文

centos7配置keepalive+lvs

拓扑图

  • 用户访问www.abc.com解析到10.4.7.8,防火墙做DNAT将访问10.4.7.8:80的请求转换到VIP 172.16.10.7:80,负载均衡器再将请求转发到后端web服务器。
    请添加图片描述

实验环境
在这里插入图片描述
VIP:负载均衡服务器的虚拟ip地址
LB :负载均衡服务器
realserver:后端真实服务器

一、配置防火墙,先让内网服务器能上网

1、先确认网关服务器能上网

(1) 查看网关服务器ip地址
[root@gateway ~]# ifconfig ens33 |grep -w "inet"
        inet 10.4.7.8  netmask 255.255.255.0  broadcast 10.4.7.255
[root@gateway ~]# ifconfig ens37 |grep -w "inet"
        inet 172.16.10.8  netmask 255.255.255.0  broadcast 172.16.10.255

(2) ping百度
[root@gateway ~]# ping www.baidu.com -c 2
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=1 ttl=128 time=9.51 ms
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=2 ttl=128 time=8.90 ms

2、防火墙开启路由转发,并配置NAT规则

(1) 开启路由转发
[root@gateway ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
[root@gateway ~]# sysctl -p

(2) 配置SNAT让来自172.16.10.0/24的内网用户能上网(公网ip不固定就是用自动寻路)
[root@gateway ~]# iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -j  MASQUERADE

(3) 配置DNAT让访问目标地址是10.4.7.8:80的请求,跳转到VIP172.16.10.7:80
[root@gateway ~]# iptables -t nat -A PREROUTING -p tcp  -d 10.4.7.8 --dport 80 -j DNAT --to-destination 172.16.10.7:80
[root@gateway ~]# service iptables save

3、将所有内网服务器网关指向gateway服务器内网ip

(1) lvs-master
[root@lvs-master ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 
[root@lvs-master ~]# systemctl restart network
[root@lvs-master ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=198 ms

(2) lvs-slave
[root@lvs-slave ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 
[root@lvs-slave ~]# systemctl restart network
[root@lvs-slave ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=2 ttl=127 time=218 ms

(3) web1
[root@web1 ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
[root@web1 ~]# systemctl restart network 
[root@web1 ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=221 ms

(4) web2
[root@web2 ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
[root@web2 ~]# systemctl restart network
[root@web2 ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=209 ms

二、配置keepalive+lvs

1、安装keepalived+lvs(keepalived和lvs 在一台服务器上,主备都安装)

(1) lvs-master
[root@lvs-master ~]# yum -y install keepalived   ipvsadm
[root@lvs-master ~]# keepalived -v                                     # 查看keepalived版本号
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
[root@lvs-master ~]# ipvsadm -v                                        # 查看ipvsadm版本号
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)

(2) lvs-slave
[root@lvs-slave ~]# yum -y install keepalived   ipvsadm
[root@lvs-slave ~]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
[root@lvs-slave ~]# ipvsadm -v
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)

2、配置keepalived+lvs主、备(keepalived是专门为lvs设计的)

  • 设置非抢占模式只在master上配置就可以
(1) 配置 lvs-master
[root@lvs-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lvs-master ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   router_id LVS_DEVEL_01   # keepalive标识符,主备不能相同
}
vrrp_instance VI_1 {        # VRRP实例,主备必须相同
    state MASTER            # 角色,MASTER为主,BACKUP为备
    #state BACKUP            # 如果是非抢占模式要两边都为BACKUP
    interface ens33         # 监听的网卡
    virtual_router_id 51    # 虚拟路由标识,主备必须相同
    priority 150            # 优先级,主要高于备
    #nopreempt               # 开启非抢占模式(在优先级高的上面配置)
    advert_int 1            # 主备同步检查间隔1秒
    authentication {        # 主备认证密码
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {     
        172.16.10.7         # 设置虚拟ip地址
    }
}
################ 上面是keepalived设置,下面是lvs设置 ##################
virtual_server 172.16.10.7 80 {       # 基于上面的VIP创建虚拟服务器
    delay_loop 6                      # 健康检查时间
    lb_algo rr                        # 调度算法rr为轮训
    lb_kind DR                        # 负载均衡模式DR路由模式
    persistence_timeout 50            # 会话保持时间
    protocol TCP                      # 转发协议类型

    real_server 172.16.10.5 80 {      # 设置第一台后端web服务器
        weight 1                      # 设置web服务器权重
        HTTP_GET {                    # 设置健康检查页面,健康检查方式 常见有 TCP_CHECK, HTTP_GET, SSL_GET, MISC_CHECK(自定义脚本)
            url {
                path /index.html
                # digest的值这样生成 genhash -s 172.16.10.5 -p 80 -u /index.html
                digest d8cf4a4aed83e042d2b147561f1c83df
            }
            connect_timeout 8             # 设置响应超时时间
            nb_get_retry 3                # 设置超时重试次数
            delay_before_retry 3          # 设置超时重试间隔
        }
    }
    
    real_server 172.16.10.6 80 {      # 设置第二台后端web服务器
        weight 1                      # 设置web服务器权重
        HTTP_GET {                    # 设置健康检查页面
            url {
                path /index.html
                # digest的值这样生成 genhash -s 172.16.10.6 -p 80 -u /index.html
                digest  0583558e12e704650cd8bd72e0274347
            }
            connect_timeout 8             # 设置响应超时时间
            nb_get_retry 3                # 设置超时重试次数
            delay_before_retry 3          # 设置超时重试间隔
        }
    }
}

---------------------------------------------------------------------------------------------------

(2) 配置lvs-slave
[root@lvs-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@lvs-slave ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   router_id LVS_DEVEL_02   # keepalive标识符,主备不能相同
}
vrrp_instance VI_1 {        # VRRP实例,主备必须相同
    state BACKUP             # 角色,MASTER为主,BACKUP为备
    interface ens33         # 监听的网卡
    virtual_router_id 51    # 虚拟路由标识,主备必须相同
    priority 90             # 优先级,主要高于备
    advert_int 1            # 主备同步检查间隔1秒
    authentication {        # 主备认证密码
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {     
        172.16.10.7   # 设置虚拟ip地址
    }
}

################ 上面是keepalived设置,下面是lvs设置 ##################
virtual_server 172.16.10.7 80 {       # 根据上面的VIP创建虚拟服务器
    delay_loop 6                      # 健康检查时间
    lb_algo rr                        # 调度算法rr为轮训
    lb_kind DR                        # 负载均衡模式DR路由模式
    persistence_timeout 50            # 会话保持时间
    protocol TCP                      # 转发协议类型

    real_server 172.16.10.5 80 {      # 设置第一台后端web服务器
        weight 1                      # 设置web服务器权重
        HTTP_GET {                    # 设置健康检查页面
            url {
                path /index.html
                # digest的值这样生成 genhash -s 172.16.10.5 -p 80 -u /index.html
                digest  d8cf4a4aed83e042d2b147561f1c83df
            }
            connect_timeout 8             # 设置响应超时时间
            nb_get_retry 3                # 设置超时重试次数
            delay_before_retry 3          # 设置超时重试间隔
        }
    }

    real_server 172.16.10.6 80 {      # 设置第二台后端web服务器
        weight 1                      # 设置web服务器权重
        HTTP_GET {                    # 设置健康检查页面
            url {
                path /index.html
                # digest的值这样生成 genhash -s 172.16.10.6 -p 80 -u /index.html
                digest  0583558e12e704650cd8bd72e0274347
            }
            connect_timeout 8             # 设置响应超时时间
            nb_get_retry 3                # 设置超时重试次数
            delay_before_retry 3          # 设置超时重试间隔
        }
    }
}

三、配置nginx服务器

1、配置web1

(1) 安装nginx
[root@web1 ~]# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@web1 ~]# yum -y install nginx

(2) 增加虚拟主机
[root@web1 ~]# cat /etc/nginx/conf.d/www_abc_com.conf 
server {
    listen       80;
    server_name  www.abc.com;
    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@web1 ~]# echo "web1-172.16.10.5" > /usr/share/nginx/html/index.html

(3) 配置vip,以及抑制ARP广播脚本
[root@web1 ~]# cat /etc/init.d/lvs_realserver 
#!/bin/sh  
VIP=172.16.10.7

Usage ()
{
  echo "Usage:`basename $0` (start|stop)"
  exit 1
}

if [ $# -ne 1 ];then
  Usage
fi

case $1 in
  start)
  echo "reparing for Real Server"
  echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255  up
#/sbin/route add -host $VIP dev lo:0
  ;;
  stop)
  /sbin/ifconfig lo:0 down
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  echo "stop Real Server"
  ;; 
  *)
  Usage
esac

2、配置web2

(1) 安装nginx
[root@web2 ~]# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@web2 ~]# yum -y install nginx

(2) 增加虚拟主机
[root@web2 ~]# cat /etc/nginx/conf.d/www_abc_com.conf 
server {
    listen       80;
    server_name  www.abc.com;
    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@web2 ~]# echo "web2-172.16.10.6" > /usr/share/nginx/html/index.html

(3) 编写绑定vip和抑制ARP广播脚本
[root@web2 ~]# cat /etc/init.d/lvs_realserver 
#!/bin/sh  
VIP=172.16.10.7

Usage ()
{
  echo "Usage:`basename $0` (start|stop)"
  exit 1
}

if [ $# -ne 1 ];then
  Usage
fi

case $1 in
  start)
  echo "reparing for Real Server"
  echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255  up
#/sbin/route add -host $VIP dev lo:0
  ;;
  stop)
  /sbin/ifconfig lo:0 down
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  echo "stop Real Server"
  ;; 
  *)
  Usage
esac

四、启动服务器

(1) 启动keepalive和lvs
[root@lvs-master ~]# systemctl start keepalived
[root@lvs-slave ~]# systemctl start keepalived

(2) 启动nginx、启动绑定VIP并抑制ARP广播的脚本
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# /etc/init.d/lvs_realserver start
[root@web1 ~]# ifconfig lo:0 |grep "inet"
        inet 172.16.10.7  netmask 255.255.255.255   # 已经绑定vip

[root@web2 ~]# systemctl start nginx
[root@web2 ~]# /etc/init.d/lvs_realserver start
[root@web2 ~]# ifconfig lo:0 |grep "inet"
        inet 172.16.10.7  netmask 255.255.255.255



(3) 查看keepalived当前的vip状态和监听的后端web节点
[root@lvs-master ~]# ip add
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP
    inet 172.16.10.3/24 brd 172.16.10.255 scope global ens33   # 这是本机地址
    inet 172.16.10.7/32 scope global ens33    # keepalived已经绑定VIP成功
    
[root@lvs-master ~]# ipvsadm -L
TCP  lvs-master:http rr persistent 50
  -> 172.16.10.5:http             Route   1      3          0     # 监听后端web1      
  -> 172.16.10.6:http             Route   1      0          0     # 监听后端web2

五、客户端绑定hosts,并访问http://www.abc. com

1、设置hosts

172.16.10.7 www.abc.com

2、访问测试(由于是轮训rr算法,多次访问才会访问到web1上面)
请添加图片描述


http://www.kler.cn/a/373978.html

相关文章:

  • 变压器漏感对整流电路的影响【电力电子技术3章】
  • Cloud Compare学习笔记
  • 100种算法【Python版】第9篇——二分法
  • linux学习笔记 Ubuntu下的守护进程supervisor安装与多项目部署
  • postgresql杀掉数据库连接阻塞
  • HTML5新增属性
  • X2JS: XML与JSON的完美转换工具
  • 基础IO -- 标准错误输出stderr
  • defer和async的区别
  • C#进阶1
  • vue3 ref和reactive踩坑
  • 实现Vue3/Nuxt3 预览excel文件
  • git revert‌和git reset,慎用git revert‌
  • 高阶数据结构--图(graph)
  • 微服务架构设计的初次尝试——基于以太坊智能合约 + NestJS 微服务的游戏社区与任务市场系统:架构设计
  • Android 刘海屏适配指南
  • Python酷库之旅-第三方库Pandas(182)
  • Mybatis-plus解决兼容oracle批量插入
  • centos7之LVS-NAT模式传统部署和docker部署
  • golang中的测试用例
  • 数据分析——大量数据进行分析
  • Spring Boot 3 + Spring Security + Knife4j 无法访问 Swagger 文档的问题及解决方案
  • 如何抓住鸿蒙生态崛起的机遇,解决开发挑战,创造更好的应用体验
  • Linux笔记--基础入门
  • aws 部署测试环境服务+ip域名绑定
  • 全国计算机等级考试二级