实战环境(CentOS7)
VIP 10.211.55.180
LVS1 10.211.55.151
LVS1 10.211.55.151
RS1 10.211.55.171
RS2 10.211.55.172
初始化环境所有节点
iptalbes -F #清空防火墙
systemctl stop firewalld #关闭防火墙
systemctl disable firewalld #停止防火墙开机自启动
setenforce 0 #临时关闭selinux
sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config #关闭selinux
yum -y install epel-release #安装epel源
LVS1、2操作
1、安装keepalived ipvsadm
yum -y install keepalived ipvsadm
[root@localhost ~]# lsmod |grep ip_vs #检查ipvs模块
ip_vs_rr 12600 1
ip_vs 145497 3 ip_vs_rr
nf_conntrack 139264 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 4 xfs,ip_vs,nf_nat,nf_conntrack
2、配置keepalived (LVS1、2)
2.1 修改keepalived的配置文件
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
314334451@
}
notification_email_from 314334451@
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #LVS1的这里是MASTER,则LVS2的改为BACKUP
interface eth0
virtual_router_id 51
priority 100 #LVS1的是100,则LVS2的为100以下就行,比如90,权重越大,VIP则飘在哪一边
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.211.55.180 #VIP
}
}
virtual_server 10.211.55.180 80 { #VIP
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.211.55.171 80 { #后端RS1检测,如有问题则移除服务器,不再往该服务器发送请求
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.211.55.172 80 { #后端RS2检测,如有问题则移除服务器,不再往该服务器发送请求
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
2.2 设置开机启动(LVS1、2)
systemctl enable keepalived
systemctl start keepalived
3、配置LVS,执行下面的脚本(LVS1、2),并把脚本设置为开机启动
vi /opt/lvs_dr.sh
#!/bin/sh
# description: Start LVS of Director server
VIP=192.168.30.100
RIP1=192.168.30.71
RIP2=192.168.30.72
case "$1" in
start)
echo " start LVS of Director Server"
# set the Virtual IP Address and sysctl parameter
# /sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
# route add -host $VIP dev eth0:0
echo "1" >/proc/sys/net/ipv4/ip_forward
#Clear IPVS table
/sbin/ipvsadm -C
#set LVS
/sbin/ipvsadm -A -t $VIP:80 -s wrr # -p 600 #需要会话持久化则把此处的-p 600取消注释,或使用sh算法
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g -w1 #-g DR模式
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g -w1
#Run LVS
/sbin/ipvsadm
;;
stop)
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/ip_forward
/sbin/ipvsadm -C
# /sbin/ifconfig eth0:0 down
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
chmod +x /opt/lvs_dr.sh #加执行权限
echo "/opt/lvs_dr.sh start" >>/etc/profile #开机自启动
4、配置RS操作,执行下面操作(RS1、2)
安装nginx
yum -y install nginx #RS1、2 都安装
#配置测试页面
echo 10.211.55.171 >/usr/share/nginx/html/index.html #RS1上操作
echo 10.211.55.172 >/usr/share/nginx/html/index.html #RS2上操作
设置RS脚本,并设置开机自启动
vi /opt/lvs_rs.sh
#!/bin/bash
VIP=192.168.30.100
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up #添加虚拟IP
/sbin/route add -host $VIP dev lo:0 #添加网关
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
#end
此操作是在回环设备上绑定了一个虚拟IP地址,并设定其子网掩码为255.255.255.255,与Director Server上的虚拟IP保持互通,然后禁止了本机的ARP请求。
由于虚拟ip,也就是上面的VIP地址,是Director Server和所有的Real server共享的,如果有ARP请求VIP地址时,Director Server与所有Real server都做应答的话,就出现问题了,因此,需要禁止Real server响应ARP请求。而lvsrs脚本的作用就是使Real Server不响应arp请求。
chmod + /opt/lvs_rs.sh #加执行权限
echo "/opt/lvs_rs.sh " #开机自启动
5、测试
找一个客户机,执行下面的命令
->$ for i in `seq 20`;do curl 10.211.55.180;done
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
10.211.55.171
10.211.55.172
版权声明:本文内容来自第三方投稿或授权转载,原文地址:https://blog.51cto.com/slapping/2596721,作者:类似简单,版权归原作者所有。本网站转在其作品的目的在于传递更多信息,不拥有版权,亦不承担相应法律责任。如因作品内容、版权等问题需要同本网站联系,请发邮件至ctyunbbs@chinatelecom.cn沟通。