centos7配置keepalive+lvs

拓扑图

  • 用户访问www.abc.com解析到10.4.7.8,防火墙做DNAT将访问10.4.7.8:80的请求转换到VIP 172.16.10.7:80,负载均衡器再将请求转发到后端web服务器。

实验环境

VIP:负载均衡服务器的虚拟ip地址

LB :负载均衡服务器

realserver:后端真实服务器

一、配置防火墙,先让内网服务器能上网

1、先确认网关服务器能上网

(1) 查看网关服务器ip地址
[root@gateway ~]# ifconfig ens33 |grep -w "inet"
        inet 10.4.7.8  netmask 255.255.255.0  broadcast 10.4.7.255
[root@gateway ~]# ifconfig ens37 |grep -w "inet"
        inet 172.16.10.8  netmask 255.255.255.0  broadcast 172.16.10.255

(2) ping百度
[root@gateway ~]# ping www.baidu.com -c 2
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=1 ttl=128 time=9.51 ms
64 bytes from 39.156.66.14 (39.156.66.14): icmp_seq=2 ttl=128 time=8.90 ms

2、防火墙开启路由转发,并配置NAT规则

(1) 开启路由转发
[root@gateway ~]# sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
[root@gateway ~]# sysctl -p

(2) 配置SNAT让来自172.16.10.0/24的内网用户能上网(公网ip不固定就是用自动寻路)
[root@gateway ~]# iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -j  MASQUERADE

(3) 配置DNAT让访问目标地址是10.4.7.8:80的请求,跳转到VIP172.16.10.7:80
[root@gateway ~]# iptables -t nat -A PREROUTING -p tcp  -d 10.4.7.8 --dport 80 -j DNAT --to-destination 172.16.10.7:80
[root@gateway ~]# service iptables save

3、将所有内网服务器网关指向gateway服务器内网ip

(1) lvs-master
[root@lvs-master ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 
[root@lvs-master ~]# systemctl restart network
[root@lvs-master ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=198 ms

(2) lvs-slave
[root@lvs-slave ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 
[root@lvs-slave ~]# systemctl restart network
[root@lvs-slave ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=2 ttl=127 time=218 ms

(3) web1
[root@web1 ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
[root@web1 ~]# systemctl restart network 
[root@web1 ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=221 ms

(4) web2
[root@web2 ~]# echo -e "GATEWAY=172.16.10.8\nDNS1=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33
[root@web2 ~]# systemctl restart network
[root@web2 ~]# ping www.baidu.com
PING www.wshifen.com (104.193.88.77) 56(84) bytes of data.
64 bytes from 104.193.88.77 (104.193.88.77): icmp_seq=1 ttl=127 time=209 ms

二、配置keepalive+lvs

1、安装keepalived+lvs(keepalived和lvs 在一台服务器上,主备都安装)

(1) lvs-master
[root@lvs-master ~]# yum -y install keepalived   ipvsadm
[root@lvs-master ~]# keepalived -v                                     # 查看keepalived版本号
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
[root@lvs-master ~]# ipvsadm -v                                        # 查看ipvsadm版本号
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)

(2) lvs-slave
[root@lvs-slave ~]# yum -y install keepalived   ipvsadm
[root@lvs-slave ~]# keepalived -v
Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
[root@lvs-slave ~]# ipvsadm -v
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)

2、配置keepalived+lvs主、备(keepalived是专门为lvs设计的)

  • 设置非抢占模式只在master上配置就可以

    (1) 配置 lvs-master
    [root@lvs-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
    [root@lvs-master ~]# cat /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    global_defs {
    router_id LVS_DEVEL_01 # keepalive标识符,主备不能相同
    }
    vrrp_instance VI_1 { # VRRP实例,主备必须相同
    state MASTER # 角色,MASTER为主,BACKUP为备
    #state BACKUP # 如果是非抢占模式要两边都为BACKUP
    interface ens33 # 监听的网卡
    virtual_router_id 51 # 虚拟路由标识,主备必须相同
    priority 150 # 优先级,主要高于备
    #nopreempt # 开启非抢占模式(在优先级高的上面配置)
    advert_int 1 # 主备同步检查间隔1秒
    authentication { # 主备认证密码
    auth_type PASS
    auth_pass 1111
    }
    virtual_ipaddress {
    172.16.10.7 # 设置虚拟ip地址
    }
    }
    ################ 上面是keepalived设置,下面是lvs设置 ##################
    virtual_server 172.16.10.7 80 { # 基于上面的VIP创建虚拟服务器
    delay_loop 6 # 健康检查时间
    lb_algo rr # 调度算法rr为轮训
    lb_kind DR # 负载均衡模式DR路由模式
    persistence_timeout 50 # 会话保持时间
    protocol TCP # 转发协议类型

      real_server 172.16.10.5 80 {      # 设置第一台后端web服务器
          weight 1                      # 设置web服务器权重
          HTTP_GET {                    # 设置健康检查页面,健康检查方式 常见有 TCP_CHECK, HTTP_GET, SSL_GET, MISC_CHECK(自定义脚本)
              url {
                  path /index.html
                  # digest的值这样生成 genhash -s 172.16.10.5 -p 80 -u /index.html
                  digest d8cf4a4aed83e042d2b147561f1c83df
              }
              connect_timeout 8             # 设置响应超时时间
              nb_get_retry 3                # 设置超时重试次数
              delay_before_retry 3          # 设置超时重试间隔
          }
      }
      
      real_server 172.16.10.6 80 {      # 设置第二台后端web服务器
          weight 1                      # 设置web服务器权重
          HTTP_GET {                    # 设置健康检查页面
              url {
                  path /index.html
                  # digest的值这样生成 genhash -s 172.16.10.6 -p 80 -u /index.html
                  digest  0583558e12e704650cd8bd72e0274347
              }
              connect_timeout 8             # 设置响应超时时间
              nb_get_retry 3                # 设置超时重试次数
              delay_before_retry 3          # 设置超时重试间隔
          }
      }
    

    }


    (2) 配置lvs-slave
    [root@lvs-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
    [root@lvs-slave ~]# cat /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    global_defs {
    router_id LVS_DEVEL_02 # keepalive标识符,主备不能相同
    }
    vrrp_instance VI_1 { # VRRP实例,主备必须相同
    state BACKUP # 角色,MASTER为主,BACKUP为备
    interface ens33 # 监听的网卡
    virtual_router_id 51 # 虚拟路由标识,主备必须相同
    priority 90 # 优先级,主要高于备
    advert_int 1 # 主备同步检查间隔1秒
    authentication { # 主备认证密码
    auth_type PASS
    auth_pass 1111
    }
    virtual_ipaddress {
    172.16.10.7 # 设置虚拟ip地址
    }
    }

    ################ 上面是keepalived设置,下面是lvs设置 ##################
    virtual_server 172.16.10.7 80 { # 根据上面的VIP创建虚拟服务器
    delay_loop 6 # 健康检查时间
    lb_algo rr # 调度算法rr为轮训
    lb_kind DR # 负载均衡模式DR路由模式
    persistence_timeout 50 # 会话保持时间
    protocol TCP # 转发协议类型

      real_server 172.16.10.5 80 {      # 设置第一台后端web服务器
          weight 1                      # 设置web服务器权重
          HTTP_GET {                    # 设置健康检查页面
              url {
                  path /index.html
                  # digest的值这样生成 genhash -s 172.16.10.5 -p 80 -u /index.html
                  digest  d8cf4a4aed83e042d2b147561f1c83df
              }
              connect_timeout 8             # 设置响应超时时间
              nb_get_retry 3                # 设置超时重试次数
              delay_before_retry 3          # 设置超时重试间隔
          }
      }
    
      real_server 172.16.10.6 80 {      # 设置第二台后端web服务器
          weight 1                      # 设置web服务器权重
          HTTP_GET {                    # 设置健康检查页面
              url {
                  path /index.html
                  # digest的值这样生成 genhash -s 172.16.10.6 -p 80 -u /index.html
                  digest  0583558e12e704650cd8bd72e0274347
              }
              connect_timeout 8             # 设置响应超时时间
              nb_get_retry 3                # 设置超时重试次数
              delay_before_retry 3          # 设置超时重试间隔
          }
      }
    

    }

三、配置nginx服务器

1、配置web1

(1) 安装nginx
[root@web1 ~]# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@web1 ~]# yum -y install nginx

(2) 增加虚拟主机
[root@web1 ~]# cat /etc/nginx/conf.d/www_abc_com.conf 
server {
    listen       80;
    server_name  www.abc.com;
    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@web1 ~]# echo "web1-172.16.10.5" > /usr/share/nginx/html/index.html

(3) 配置vip,以及抑制ARP广播脚本
[root@web1 ~]# cat /etc/init.d/lvs_realserver 
#!/bin/sh  
VIP=172.16.10.7

Usage ()
{
  echo "Usage:`basename $0` (start|stop)"
  exit 1
}

if [ $# -ne 1 ];then
  Usage
fi

case $1 in
  start)
  echo "reparing for Real Server"
  echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255  up
#/sbin/route add -host $VIP dev lo:0
  ;;
  stop)
  /sbin/ifconfig lo:0 down
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  echo "stop Real Server"
  ;; 
  *)
  Usage
esac

2、配置web2

(1) 安装nginx
[root@web2 ~]# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[root@web2 ~]# yum -y install nginx

(2) 增加虚拟主机
[root@web2 ~]# cat /etc/nginx/conf.d/www_abc_com.conf 
server {
    listen       80;
    server_name  www.abc.com;
    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@web2 ~]# echo "web2-172.16.10.6" > /usr/share/nginx/html/index.html

(3) 编写绑定vip和抑制ARP广播脚本
[root@web2 ~]# cat /etc/init.d/lvs_realserver 
#!/bin/sh  
VIP=172.16.10.7

Usage ()
{
  echo "Usage:`basename $0` (start|stop)"
  exit 1
}

if [ $# -ne 1 ];then
  Usage
fi

case $1 in
  start)
  echo "reparing for Real Server"
  echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "1" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "2" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255  up
#/sbin/route add -host $VIP dev lo:0
  ;;
  stop)
  /sbin/ifconfig lo:0 down
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_ignore
  echo "0" >/proc/sys/net/ipv4/conf/ens33/arp_announce
  echo "stop Real Server"
  ;; 
  *)
  Usage
esac

四、启动服务器

(1) 启动keepalive和lvs
[root@lvs-master ~]# systemctl start keepalived
[root@lvs-slave ~]# systemctl start keepalived

(2) 启动nginx、启动绑定VIP并抑制ARP广播的脚本
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# /etc/init.d/lvs_realserver start
[root@web1 ~]# ifconfig lo:0 |grep "inet"
        inet 172.16.10.7  netmask 255.255.255.255   # 已经绑定vip

[root@web2 ~]# systemctl start nginx
[root@web2 ~]# /etc/init.d/lvs_realserver start
[root@web2 ~]# ifconfig lo:0 |grep "inet"
        inet 172.16.10.7  netmask 255.255.255.255



(3) 查看keepalived当前的vip状态和监听的后端web节点
[root@lvs-master ~]# ip add
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP
    inet 172.16.10.3/24 brd 172.16.10.255 scope global ens33   # 这是本机地址
    inet 172.16.10.7/32 scope global ens33    # keepalived已经绑定VIP成功
    
[root@lvs-master ~]# ipvsadm -L
TCP  lvs-master:http rr persistent 50
  -> 172.16.10.5:http             Route   1      3          0     # 监听后端web1      
  -> 172.16.10.6:http             Route   1      0          0     # 监听后端web2

五、客户端绑定hosts,并访问http://www.abc. com

1、设置hosts

172.16.10.7 www.abc.com

2、访问测试(由于是轮训rr算法,多次访问才会访问到web1上面)

相关推荐
2401_878961722 天前
lvs介绍 模式
服务器·数据库·lvs
2401_850410832 天前
LVS简介
运维·nginx·tomcat·lvs
弗罗里达老大爷2 天前
负载均衡-lvs
运维·负载均衡·lvs
qq_448941085 天前
1、lvs介绍和模式
负载均衡·lvs
a1denzzz5 天前
lvs介绍与应用
lvs
yangfeipancc6 天前
LVS介绍
lvs
2401_871213306 天前
lvs负载均衡
运维·负载均衡·lvs
TianyaOAO6 天前
lvs介绍和DR模式
服务器·网络·lvs
学Linux的语莫9 天前
负载均衡,高可用,监控服务搭建总结
linux·服务器·分布式·ceph·lvs
马立杰11 天前
LVS能否实现两台服务器的负载均衡
linux·lvs