实验环境:
LVS01:192.168.0.149 #(外网)
10.0.0.13 #(内网)
LVS02:192.168.0.150
10.0.0.14
web01:10.0.0.15 #(web环境自行搭建)
web02:10.0.0.16 #(web环境自行搭建)
VIP:192.168.0.145
安装准备:
[root@LVS01 ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)[root@LVS01 ~]# uname -r2.6.32-573.el6.x86_64[root@LVS01 ~]# lsmod|grep ip_vs #查看是否安装LVS,或启用LVS
[root@LVS01 ~]# ls -ld /usr/src/kernels/2.6.32-573.12.1.el6.x86_64drwxr-xr-x 22 root root 4096 Dec 18 00:12 /usr/src/kernels/2.6.32-573.12.1.el6.x86_64[root@LVS01 ~]# ln -s /usr/src/kernels/2.6.32-573.12.1.el6.x86_64/ /usr/src/linux[root@LVS01 ~]# grep forward /etc/sysctl.conf #开启内核转发
# Controls IP packet forwardingnet.ipv4.ip_forward = 1执行
# sysctl -p1.安装LVS:
[root@LVS01 ~]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
[root@LVS01 ~]# tar xf ipvsadm-1.26.tar.gz [root@LVS01 ~]# cd ipvsadm-1.26[root@LVS01 ipvsadm-1.26]# make[root@LVS01 ipvsadm-1.26]# make install[root@LVS01 ipvsadm-1.26]# lsmod|grep ip_vs[root@LVS01 ipvsadm-1.26]# which ipvsadm/sbin/ipvsadm[root@LVS01 ipvsadm-1.26]# cd ..[root@LVS01 ~]# ipvsadm --versionipvsadm v1.26 2008/5/15 (compiled with popt and IPVS v1.2.1)[root@LVS01 ~]# lsmod|grep ip_vsip_vs 125694 0 libcrc32c 1246 1 ip_vsipv6 334932 141 ip_vs#出现以上三行结果,表示安装成功2.安装Keepalived:
[root@LVS01 tools]# ln -s /usr/src/kernels/2.6.32-573.12.1.el6.x86_64/ /usr/src/linux
[root@LVS01 tools]# tar xf keepalived-1.2.7.tar.gz[root@LVS01 tools]# cd keepalived-1.2.7[root@LVS01 keepalived-1.2.7]# ./configure............................................Keepalived version : 1.2.7Compiler : gccCompiler flags : -g -O2Extra Lib : -lpopt -lssl -lcrypto -lnlUse IPVS Framework : YesIPVS sync daemon support : YesIPVS use libnl : YesUse VRRP Framework : YesUse VRRP VMAC : YesSNMP support : NoUse Debug flags : No#以上最后结果中,最好最少有3个Yes,如下:Use IPVS Framework : Yes #ipvs框架IPVS sync daemon support : Yes #ipvs同步支持Use VRRP Framework : Yes #VRRP框架[root@LVS01 keepalived-1.2.7]# make[root@LVS01 keepalived-1.2.7]# make install[root@LVS01 keepalived-1.2.7]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/[root@LVS01 keepalived-1.2.7]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/[root@LVS01 keepalived-1.2.7]# mkdir /etc/keepalived -p[root@LVS01 keepalived-1.2.7]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/[root@LVS01 keepalived-1.2.7]# cp /usr/local/sbin/keepalived /usr/sbin/[root@LVS01 keepalived-1.2.7]# /etc/init.d/keepalived startStarting keepalived: [ OK ][root@LVS01 keepalived-1.2.7]# ps -ef|grep keepalivedroot 14563 1 0 06:57 ? 00:00:00 keepalived -Droot 14565 14563 0 06:57 ? 00:00:00 keepalived -Droot 14566 14563 0 06:57 ? 00:00:00 keepalived -Droot 14570 13038 0 06:57 pts/0 00:00:00 grep keepalived[root@LVS01 keepalived-1.2.7]# /etc/init.d/keepalived stopStopping keepalived: [ OK ][root@LVS01 keepalived-1.2.7]# ps -ef|grep keepalived|grep -v grep3.配置Keepalived:
主(LVS01):
[root@LVS01 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs { notification_email { 1729294227@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.0.200 smtp_connect_timeout 30 router_id LVS_1}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.145/24 }}virtual_server 192.168.0.145 80 { delay_loop 6 lb_algo wrr #负载均衡算法 lb_kind DR #负载均衡模式 nat_mask 255.255.255.0 #子网掩码 persistence_timeout 300 #会话保持 protocol TCP #协议 real_server 10.0.0.15 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.16 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } }}
备(LVS02):[root@LVS02 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs { notification_email { 1729294227@qq.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.0.200 smtp_connect_timeout 30 router_id LVS_2}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.0.145/24 }}virtual_server 192.168.0.145 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 300 protocol TCP real_server 10.0.0.15 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 10.0.0.16 80 { weight 1 TCP_CHECK { connect_timeout 8 nb_get_retry 3 delay_before_retry 3 connect_port 80 } }}
4.手工在RS绑定VIP(两台web机器上):
web01:
[root@web01 ~]# curl -i localhost
HTTP/1.1 200 OKServer: nginx/1.6.3Date: Thu, 26 Nov 2015 12:09:12 GMTContent-Type: text/htmlContent-Length: 24Last-Modified: Thu, 26 Nov 2015 09:19:01 GMTConnection: keep-aliveETag: "5656ce85-18"Accept-Ranges: bytes192.168.0.151:test1-web[root@web01 ~]# ifconfig lo:0 192.168.0.145/32 up[root@web01 ~]# ifconfig lo:0lo:0 Link encap:Local Loopback inet addr:192.168.0.145 Mask:0.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1web02:
[root@web02 ~]# curl -i localhostHTTP/1.1 200 OKServer: nginx/1.6.3Date: Sat, 07 Nov 2015 16:18:31 GMTContent-Type: text/htmlContent-Length: 24Last-Modified: Sat, 07 Nov 2015 13:27:39 GMTConnection: keep-aliveETag: "563dfc4b-18"Accept-Ranges: bytes192.168.0.160:test2-web[root@web02 ~]# ifconfig lo:0 192.168.0.145/32 up[root@web02 ~]# ifconfig lo:0lo:0 Link encap:Local Loopback inet addr:192.168.0.145 Mask:0.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1#以上可通过脚本实现
注意,做好以下三点保证IP不冲突:1.绑定在回环接口上(lo)
2.绑定VIP地址3.子网掩码是:255.255.255.2555.手工在RS端(两台web机器上)抑制ARP响应:
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announceecho "1" >/proc/sys/net/ipv4/conf/all/arp_ignoreecho "2" >/proc/sys/net/ipv4/conf/all/arp_announce#以上可通过脚本实现6.最终测试:
[root@LVS01 ~]# /etc/init.d/keepalived start
[root@LVS01 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.0.145:80 wrr persistent 300 -> 10.0.0.15:80 Route 1 0 0 -> 10.0.0.16:80 Route 1 0 0[root@LVS01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a4:26:69 brd ff:ff:ff:ff:ff:ff inet 192.168.0.149/24 brd 192.168.0.255 scope global eth0 inet 192.168.0.145/24 scope global secondary eth0 inet6 fe80::20c:29ff:fea4:2669/64 scope link valid_lft forever preferred_lft forever3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a4:26:73 brd ff:ff:ff:ff:ff:ff inet 10.0.0.13/24 brd 10.0.0.255 scope global eth3 inet6 fe80::20c:29ff:fea4:2673/64 scope link valid_lft forever preferred_lft forever
[root@LVS02 ~]# /etc/init.d/keepalived start
[root@LVS02 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.0.145:80 wrr persistent 300 -> 10.0.0.15:80 Route 1 0 0 -> 10.0.0.16:80 Route 1 0 0[root@LVS02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:6a:27:b4 brd ff:ff:ff:ff:ff:ff inet 192.168.0.150/24 brd 192.168.0.255 scope global eth0 inet6 fe80::20c:29ff:fe6a:27b4/64 scope link valid_lft forever preferred_lft forever3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:6a:27:be brd ff:ff:ff:ff:ff:ff inet 10.0.0.14/24 brd 10.0.0.255 scope global eth3 inet6 fe80::20c:29ff:fe6a:27be/64 scope link valid_lft forever preferred_lft forever7.模拟“故障”测试高可用:
[root@LVS01 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ][root@LVS01 ~]# ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a4:26:69 brd ff:ff:ff:ff:ff:ff inet 192.168.0.149/24 brd 192.168.0.255 scope global eth0 inet6 fe80::20c:29ff:fea4:2669/64 scope link valid_lft forever preferred_lft forever3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:a4:26:73 brd ff:ff:ff:ff:ff:ff inet 10.0.0.13/24 brd 10.0.0.255 scope global eth3 inet6 fe80::20c:29ff:fea4:2673/64 scope link valid_lft forever preferred_lft forever[root@LVS02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:6a:27:b4 brd ff:ff:ff:ff:ff:ff inet 192.168.0.150/24 brd 192.168.0.255 scope global eth0 inet 192.168.0.145/24 scope global secondary eth0 inet6 fe80::20c:29ff:fe6a:27b4/64 scope link valid_lft forever preferred_lft forever3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:6a:27:be brd ff:ff:ff:ff:ff:ff inet 10.0.0.14/24 brd 10.0.0.255 scope global eth3 inet6 fe80::20c:29ff:fe6a:27be/64 scope link valid_lft forever preferred_lft forever嘿嘿,VIP飘移成功,看web界面吧!