LVS+KeepAlived

LVS KeepAlived部署

一、基本环境

1. IP地址配置

主机	IP地址	系统
LVS01	192.168.119.189/24	CentOS 7.8
LVS02	192.168.119.190/24	CentOS 7.8
web01	192.168.119.191/24 192.168.18.231/24	CentOS 7.8
web02	192.168.119.192/24 192.168.18.232/24	CentOS 7.8
NFS Server	192.168.18.233/24	CentOS 7.8
VIP	192.168.119.254/32

2. 主机名设置

# lvs01
$ hostnamectl set-hostname lvs01

# lvs02
$ hostnamectl set-hostname lvs02

# web01
$ hostnamectl set-hostname web01

# web02
$ hostnamectl set-hostname web-02

# nfs-server
$ hostnamectl set-hostname nfs-server

3. 关闭Selinux

# 临时
$ setenforce 0

# 永久
$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

二、配置LVS

1. 安装ipvsadm

$ yum install ipvsadm -y

2. 加载ip_vs模块

$ modprobe ip_vs
$ lsmod | grep ip_vs
ip_vs                 145497  0 
nf_conntrack          139264  7 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c              12644  4 xfs,ip_vs,nf_nat,nf_conntrack
$ cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn

3. 启动ipvsadm服务

$ ipvsadm --save > /etc/sysconfig/ipvsadm
$ systemctl start ipvsadm
$ systemctl enable ipvsadm
Created symlink from /etc/systemd/system/multi-user.target.wants/ipvsadm.service to /usr/lib/systemd/system/ipvsadm.service.
$ systemctl status ipvsadm
● ipvsadm.service - Initialise the Linux Virtual Server
   Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; enabled; vendor preset: disabled)
   Active: active (exited) since Mon 2021-03-22 04:37:01 EDT; 24s ago
 Main PID: 3050 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ipvsadm.service

Mar 22 04:37:01 lvs systemd[1]: Starting Initialise the Linux Virtual Server...
Mar 22 04:37:01 lvs systemd[1]: Started Initialise the Linux Virtual Server.

三、keepalived服务

1. LVS服务器安装服务

$ yum install keepalived -y

2. 防火墙

$ firewall-cmd --permanent --add-service=http
$ firewall-cmd --permanent --add-rich-rule="rule protocol value='vrrp' accept"
$ firewall-cmd --reload

3. LVS01配置keepalived

# 主负载平衡器的配置
$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak		# 备份
$ vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lvs01			 #路由器ID，一般配置为主机名
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER			#初始状态
    interface ens33			#网卡名
    virtual_router_id 100
    priority 150			 #优先级
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123.com
    }
    virtual_ipaddress {
	192.168.119.254/32 dev ens33 label ens33:254			# VIP
    }
}

virtual_server 192.168.119.254 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.119.191 80 {
        weight 1
        TCP_CHECK {
          connect_timeout 8  #8秒无响应超时
          nb_get_retry 3
          delay_before_retry 3
          connect_port 80
        }
    }
    real_server 192.168.119.192 80 {
        weight 1
        TCP_CHECK {
          connect_timeout 8  #8秒无响应超时
          nb_get_retry 3
          delay_before_retry 3
          connect_port 80

        }
    }
}

4. LVS02配置keepalived

# 主负载平衡器的配置
$ cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak		# 备份
$ vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lvs02			 #路由器ID，一般配置为主机名
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER			#初始状态
    interface ens33			#网卡名
    virtual_router_id 100
    priority 150			 #优先级
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123.com
    }
    virtual_ipaddress {
	192.168.119.254/32 dev ens33 label ens33:254			# VIP
    }
}

virtual_server 192.168.119.254 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.119.191 80 {
        weight 1
        TCP_CHECK {
          connect_timeout 8  #8秒无响应超时
          nb_get_retry 3
          delay_before_retry 3
          connect_port 80
        }
    }
    real_server 192.168.119.192 80 {
        weight 1
        TCP_CHECK {
          connect_timeout 8  #8秒无响应超时
          nb_get_retry 3
          delay_before_retry 3
          connect_port 80

        }
    }
}

5. 启动keepalived服务

$ systemctl start keepalived
$ systemctl enable keepalived

6. 查看虚拟地址是否生成在主负载平衡器上

# LVS01
$ ip a show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:49:f4:22 brd ff:ff:ff:ff:ff:ff
    inet 192.168.119.189/24 brd 192.168.119.255 scope global noprefixroute dynamic ens33
       valid_lft 1037sec preferred_lft 1037sec
    inet 192.168.119.254/32 scope global ens33:254
       valid_lft forever preferred_lft forever
    inet6 fe80::b222:9ba0:cbbb:d109/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
       
# LVS01停止keepalived，LVS02生成VIP
ip a show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:8e:c1:ca brd ff:ff:ff:ff:ff:ff
    inet 192.168.119.254/32 scope global ens33:254
       valid_lft forever preferred_lft forever
    inet 192.168.119.190/24 brd 192.168.119.255 scope global secondary noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::57de:125c:51c3:52aa/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

四、网站服务器

1. 安装Apache及启动

# 安装
$ yum install httpd -y

# 启动
$ systemctl start httpd
$ systemctl enable httpd

2. 配置访问页面

$ echo "<h1>This is web01 page!</h1>" > /var/www/html/index.html
$ echo "<h1>This is web02 page!</h1>" > /var/www/html/index.html

3. 防火墙

$ firewall-cmd --add-service=http --permanent
$ firewall-cmd --reload

4. 网站服务器配置脚本

$ vim lvs_dr_rs.sh
#!/bin/bash
VIP='192.168.119.254'
VIP_MASK='255.255.255.255'

case $1 in
start)
    echo '1' > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo '1' > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo '2' > /proc/sys/net/ipv4/conf/all/arp_announce
    echo '2' > /proc/sys/net/ipv4/conf/lo/arp_announce
    ifconfig lo:0 $VIP netmask $VIP_MASK broadcast $VIP up
    route add -host $VIP dev lo:0
    ;;
stop)
    ifconfig lo:0 down
    echo '0' > /proc/sys/net/ipv4/conf/all/arp_ignore
    echo '0' > /proc/sys/net/ipv4/conf/lo/arp_ignore
    echo '0' > /proc/sys/net/ipv4/conf/all/arp_announce
    echo '0' > /proc/sys/net/ipv4/conf/lo/arp_announce
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac

# 权限
$ chmod  x lvs_dr_rs.sh

# 启动
$ ./lvs_dr_rs.sh start

5. 访问测试

$ curl 192.168.119.254
<h1>This is web01 page!</h1>

五、NFS服务器

1. 安装nfs-utils软件包

# 安装（web服务器同时安装）
$ yum install nfs-utils -y

# 防火墙
$ firewall-cmd --add-service=nfs --add-service=mountd --add-service=rpc-bind --permanent
$ firewall-cmd --reload

# 启动
$ systemctl start nfs-server
$ systemctl enable nfs-server

2. 创建共享目录

$ mkdir /webroot
$ vim /etc/exports 
	/webroot 192.168.18.0/24(sync,rw,no_root_squash)
$ echo "<h1>This is a test page!</h1>" > /webroot/index.html

# 重启服务
$ systemctl restart nfs-server

3. 临时挂载NFS目录

$ mount 192.168.18.233:/webroot /var/www/html/

4. 永久挂载NFS目录

$ tail -1 /etc/fstab
192.168.18.233:/webroot /var/www/html           nfs     defaults 0 0

5. 访问测试

$ curl 192.168.119.254
<h1>This is a test page!</h1>