实验设备:4台相同版本服务器
环境要求:
iptables -F
setenforce 0
实验说明:
webserver 1:192.168.192.138
webserver 2:192.168.192.106
lesserver 1:192.168.192.106
lvsserver 2:192.168.192.105
实验步骤
1.构建webserver服务
安装web服务nginx或者httpd,两台webserver都安装
yum -y install nginx
echo "web1">/usr/share/nginx/html/index.html
echo "web2">/usr/share/nginx/html/index.html
systemctl start nginx
修改内核参数arp
写脚本进行修改,同时指明vip(virtual server IP)
vim arp.sh
#!/bin/bash
vip=192.168.192.11
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 $vip netmask $mask broadcast $vip up
route add -host $vip dev lo:0
;;
stop)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
复制两份分别在两台webserver上执行
bash arp.sh start
构建lvs
分别在两台lvsserver上安装lvs
yum -y install ipvsadm
vim lvs.sh
#!/bin/bash
vip='192.168.192.11'
iface='ens32:0'
mask='255.255.255.255'
port='80'
rs1='192.168.192.106'
rs2='192.168.192.138'
scheduler='rr'
type='-g'
case $1 in
start)
ifconfig $iface $vip netmask $mask broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type
;;
stop)
ipvsadm -C
ifconfig $iface down
;;
*)
echo "Usage $(basename $0) start|stop“;exit 1"
;;
esac
ipvs.sh脚本两台lvsserver都要执行
构建keepalive(单主模型,会出现单点失败)
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1(邮件服务器地址)
smtp_connect_timeout 30(邮件服务器连接市场)
router_id LVS_DEVEL
vrrp_mcast_group4 224.26.100.19 (发送组播地址,判断vrrp是否成功获取地址)
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.192.11
}
}
virtual_server 192.168.192.11 80 {
delay_loop 1
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80(添加sorry)
real_server 192.168.192.105 80 {
weight 1 (权重)
HTTP_GET {
url {
path /
status_code 200(状态相应码为check信息)
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
real_server 192.168.192.138 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
在lvsserver2上配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1(邮件服务器地址)
smtp_connect_timeout 30(邮件服务器连接市场)
router_id LVS_DEVEL
vrrp_mcast_group4 224.26.100.19 (发送组播地址,判断vrrp是否成功获取地址)
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 50
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.192.11
}
}
virtual_server 192.168.192.11 80 {
delay_loop 1
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80(添加sorry)
real_server 192.168.192.105 80 {
weight 1 (权重)
HTTP_GET {
url {
path /
status_code 200(状态相应码为check信息)
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
real_server 192.168.192.138 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
双主模型
在lvsserver1上配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1(邮件服务器地址)
smtp_connect_timeout 30(邮件服务器连接市场)
router_id LVS_DEVEL
vrrp_mcast_group4 224.26.100.19 (发送组播地址,判断vrrp是否成功获取地址)
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.192.11
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens32
virtual_router_id 51
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.192.22
}
track_interface {
ens32
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
}
virtual_server 192.168.192.11 80 {
delay_loop 1
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80(添加sorry)
real_server 192.168.192.105 80 {
weight 1 (权重)
HTTP_GET {
url {
path /
status_code 200(状态相应码为check信息)
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
real_server 192.168.192.138 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
在lvsserver2上配置
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1(邮件服务器地址)
smtp_connect_timeout 30(邮件服务器连接市场)
router_id LVS_DEVEL
vrrp_mcast_group4 224.26.100.19 (发送组播地址,判断vrrp是否成功获取地址)
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.192.11
}
}
vrrp_instance VI_2 {
state MASTER
interface ens32
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.192.22
}
track_interface {
ens32
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
}
virtual_server 192.168.192.11 80 {
delay_loop 1
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80(添加sorry)
real_server 192.168.192.105 80 {
weight 1 (权重)
HTTP_GET {
url {
path /
status_code 200(状态相应码为check信息)
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
real_server 192.168.192.138 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
}
connect_timeout 1
nb_get_retry 1
delay_before_retry 3
}
}
通知脚本
#!/bin/bash
contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*) echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
这个脚本上面在配置文件中已经进行调用,这里不再解释。