keepalive+lvs

安装keepalive +lvs的master主机

Ip 192.168.195.131

1.安装master组件和依赖包

1	yum  install keepalived ipvsadm gcc openssl openssl-devel  -y

2.备份keepalived的配置文件

1	cp /etc/keepalived/keepalived.conf {,.bak}

3.编辑配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61

cat> /etc/keepalived/keepalived.conf<<EOF global_defs {    notification_email {      acassen@firewall.loc      failover@firewall.loc      3341084075@qq.com                       ## 此处设置虚ip切换时候的通知邮箱    }    notification_email_from Alexandre.Cassen@firewall.loc    smtp_server 127.0.0.1    smtp_connect_timeout 30    router_id LVS_DEVEL                       ##设置lvs的id全网唯一    vrrp_skip_check_adv_addr    vrrp_strict    vrrp_garp_interval 0    vrrp_gna_interval 0 }    vrrp_instance VI_1 {     state MASTER                   ## 设置lvs的状态，MASTE和SLAAVE  BACKUP需要修改此处     interface ens33                ##设置服务的接口     virtual_router_id 51          ##设置虚拟路由的id（master和backup）需要一致 ，不然主备无法通信，切换     priority 100                     ##设置主从的优先级  BACKUP需要修改此处     advert_int 1     authentication {               ##设置验证类型的和密码         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {           ##设置vip         192.168.195.12     } }    virtual_server 192.168.195.12 80 {     delay_loop 6                       ##健康检查间隔     lb_algo rr                             ## lvs调度算法     lb_kind DR                        ##lvs调度模式     persistence_timeout 50     ##会话保持的时间     protocol TCP                    ##协议        real_server 192.168.195.128 80 {    ##真实的服务器         weight 1                                 ##权重 1         TCP_CHECK {         connect_timeout 10                                                                                                              nb_get_retry 3                                                                                                                 delay_before_retry 3                                                                                                            connect_port 80                                                                                                                }          }        real_server 192.168.195.129 80 {                  weight 1        TCP_CHECK {         connect_timeout 10                                                                                                              nb_get_retry 3                                                                                                                 delay_before_retry 3                                                                                                            connect_port 80                                                                                                                }          } } EOF

4.开启路由转发

1）添加配置文件 开启网络转发

1	echo 1 > /proc/sys/net/ipv4/ip_forward

2）刷新配置

sysctl  -p

5重启keepalived服务并设置开机自启动

1）重启keepalive

1	systemctl restart keepalived

2）设置开机自启动

systemctl enable keepalived

注：如果服务启动不起来，并报错/usr/lib64/perl5/CORE/libperl.so: file too short，那就必须先升级perl，然后在重新安装这些步骤哦！

 

6查看服务

ipvsadm -l

安装keepalive +lvs backup主机

Ip 192.168.195.130

1.安装backup组件和依赖包

1	yum  install keepalived ipvsadm gcc openssl openssl-devel popt-devel -y

2.备份keepalived的配置文件

1	cp /etc/keepalived/keepalived.conf {,.bak}

3.编辑配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

vim /etc/keepalived/keepalived.conf global_defs {    notification_email {      acassen@firewall.loc      failover@firewall.loc      3341084075@qq.com    }    notification_email_from Alexandre.Cassen@firewall.loc    smtp_server 127.0.0.1:    smtp_connect_timeout 30    router_id LVS_DEVEL    vrrp_skip_check_adv_addr    vrrp_strict    vrrp_garp_interval 0    vrrp_gna_interval 0 }    vrrp_instance VI_1 {     state backup     interface ens33     virtual_router_id 51     priority 90     advert_int 1                 authentication {          auth_type PASS          auth_pass 1111     }     virtual_ipaddress {          192.168.195.12      } }    virtual_server 192.168.195.12 80 {     delay_loop 6        lb_algo rr       lb_kind DR     persistence_timeout 50       protocol TCP        real_server 192.168.195.128 80 {         weight 1          SSL_GET {              url {               path /               digest ff20ad2481f97b1754ef3e12ecd3a9cc             }             url {               path /mrtg/               digest 9b3a0c85a887a256d6939da88aabd8cd             }              conect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     }        real_server 192.168.195.129 80 {         weight 1          SSL_GET {             url {               path /               digest ff20ad2481f97b1754ef3e12ecd3a9cc             }             url {               path /mrtg/               digest 9b3a0c85a887a256d6939da88aabd8cd             }             connect_port 80             connect_timeout 3             nb_get_retry 3             delay_before_retry 3         }     } }

4.开启路由转发

1）添加配置文件

echo 1 > /proc/sys/net/ipv4/ip_forward

2）刷新配置

sysctl  -p

5重启keepalived服务并设置开机自启动

1）重启keepalive

systemctl restart keepalived

2）设置开机自启动

systemctl enable keepalived

注：如果服务启动不起来，并报错/usr/lib64/perl5/CORE/libperl.so: file too short，那就必须先升级perl，然后在重新安装这些步骤哦！

6查看服务

ipvsadm  -l

安装 nginx

这里使用ngixn的脚本安装

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

#!/bin/bash #2020年7月11日22:08:39 #by jackios ##### yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel net-tools cd /usr/local/src if [ ! -d nginx-1.16.1.tar.gz ]  ; then         wget http://nginx.org/download/nginx-1.16.1.tar.gz fi echo "tar" tar xf nginx-1.16.1.tar.gz -C /usr/local echo "build" cd /usr/local/nginx-1.16.1 useradd -s /sbin/nologin nginx -M ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --with-http_gzip_static_module \ --http-client-body-temp-path=/var/temp/nginx/client \ --http-proxy-temp-path=/var/temp/nginx/proxy \ --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \ --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \ --http-scgi-temp-path=/var/temp/nginx/scgi make -j2 make install -j2 echo "start" mkdir -p /var/temp/nginx mkdir -p /var/run/nginx /usr/local/nginx/sbin/nginx ps -ef|grep nginx netstat -ntlp|grep 80 systemctl stop firewall.service

 

使用脚本配置vip

• arp_ignore参数（1）含义：只响应目标IP配在真实物理网卡上的ARP解析；

• arp_announce参数（2）含义：忽略报文的源IP地址，使用主机上能够跟用户通信的真实网卡发送数据。

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

#!/bin/sh #LVS Client Server VIP=192.168.195.12 case  $1 in start)     ifconfig lo:1 $VIP netmask 255.255.255.255 broadcast $VIP     /sbin/route add -host $VIP dev lo:1     echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore     echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce     sysctl -p >/dev/null 2>&1     echo "RealServer Start OK"     exit 0     ;; stop)     ifconfig lo:1 down     route del $VIP >/dev/null 2>&1     echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore     echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce     echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore     echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce     echo "RealServer Stoped OK" exit 1 ;;    *)     echo "Usage: $0 {start|stop}" ;; esac

 

使用的脚本的命令在sh中有提示

最后在浏览器上访问 vip  192.168.58.12 就可到 192.168.58.128 或者129上的nginx上

---

 赞赏