目录
二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务
操作前准备:准备五台主机,都把其中一个网卡跳到VNET1模式,第二快网卡设置可以联网的网络
一、主备模式
使用两台主机(ip为192.168.100.1和192.168.100.2)
####192.168.100.1
##安装nginx和keeplived
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# echo web1 > /usr/share/nginx/html/index.html
[root@web1 ~]# yum install -y keepalived
[root@web1 ~]# cd /etc/keepalived/
[root@web1 keepalived]# ls
keepalived.conf.sample
##修改配置文件
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id web1
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.101
192.168.100.102
192.168.100.103
}
}
[root@web1 keepalived]# ls
keepalived.conf keepalived.conf.sample
[root@web1 keepalived]# systemctl start keepalived.service
##可以看到起来了三个虚拟IP
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.100.101/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.102/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.103/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
####192.168.100.2
[root@web2 ~]# yum install -y nginx
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# echo web2 > /usr/share/nginx/html/index.html
[root@web2 ~]# yum install -y keepalived
[root@web2 ~]# cd /etc/keepalived/
[root@web2 keepalived]# ls
keepalived.conf.sample
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id web2
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.101
192.168.100.102
192.168.100.103
}
}
[root@web2 keepalived]# ls
keepalived.conf keepalived.conf.sample
[root@web2 keepalived]# systemctl start keepalived.service
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute
valid_lft forever preferred_lft forever
当主的keepalived断了时,自动切换备用
####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service ####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.100.101/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.102/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.103/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute
valid_lft forever preferred_lft forever
当主服务起来了,从新提供服务
####192.168.100.1
[root@web1 keepalived]# systemctl start keepalived.service
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.100.101/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.102/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.103/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute
valid_lft forever preferred_lft forever二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务
####192.168.100.1
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id web1
}
vrrp_script check_nginx {
script /etc/keepalived/check_nginx.sh #检测脚本
interval 2 #执行间隔时间
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.101
192.168.100.102
192.168.100.103
}
track_script { #在实例中引用脚本
check_nginx
}
}
[root@web1 keepalived]# vim check_nginx.sh
Count1=`netstat -antp |grep -v grep |grep nginx |wc -l`
if [ $Count1 -eq 0 ]; then
systemctl restart nginx
sleep 2
Count2=`netstat -antp |grep -v grep |grep nginx |wc -l`
if [ $Count2 -eq 0 ]; then
service keepalived stop
else
exit 0
fi
else
exit 0
fi
[root@web1 keepalived]# chmod +x check_nginx.sh
[root@web1 keepalived]# systemctl restart keepalived.service ####192.168.100.2
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id web2
}
vrrp_script check_nginx {
script /etc/keepalived/check_nginx.sh #检测脚本
interval 2 #执行间隔时间
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.101
192.168.100.102
192.168.100.103
}
track_script { #在实例中引用脚本
check_nginx
}
}
[root@web2 keepalived]# chmod +x check_nginx.sh
[root@web2 keepalived]# ls
check_nginx.sh keepalived.conf keepalived.conf.sample
[root@web2 keepalived]# systemctl restart keepalived.service 三、基于直接路由(DR)的双击热备
另外再准备两台主机(ip为192.168.100.100和192.168.100.10)作为服务器,前面两台作为真实访问的服务器
第一台服务器配置,指定一个访问路径下必须存在的一个文件test.html,否则无法访问
####192.168.100.100
##安装ipvsadm和keepalived服务
[root@lvs1 ~]# yum install -y ipvsadm
[root@lvs1 ~]# modprobe ip_vs
[root@lvs1 ~]# yum install -y keepalived
##编辑配置文件指向访问的真实服务器
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS1
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.103
}
}
virtual_server 192.168.100.103 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs1 ~]# systemctl start keepalived.service
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.103:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:16:2b:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.100.103/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe16:2b5c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:16:2b:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.180/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe16:2b66/64 scope link noprefixroute
valid_lft forever preferred_lft forever第二台服务器配置
####192.168.100.10
[root@lvs2 ~]# yum install -y ipvsadm
[root@lvs2 ~]# modprobe ip_vs
[root@lvs2 ~]# yum install -y keepalived
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS2
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.103
}
}
virtual_server 192.168.100.103 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@lvs2 ~]# systemctl start keepalived.service
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.103:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0 关闭两台真实访问的服务器的keepalived服务,防止干扰,配好路由,同时创建一个检测文件test.html,,当这文件不存在时,无法访问
####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service
[root@web1 keepalived]# cd /usr/share/nginx/html/
[root@web1 html]# ls
404.html 50x.html index.html nginx-logo.png
[root@web1 html]# echo test > test.html
[root@web1 html]# ls
404.html 50x.html index.html nginx-logo.png test.html
[root@web1 html]# cat test.html
test
[root@web1 html]# cd
[root@web1 ~]# ifconfig lo:0 192.168.100.103/32
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.103/0 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@web1 ~]# vim /etc/sysctl.conf
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@web1 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@web1 ~]# route add -host 192.168.100.103 dev lo:0
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.58.2 0.0.0.0 UG 101 0 0 ens224
127.0.0.0 0.0.0.0 255.0.0.0 U 30 0 0 lo
192.168.58.0 0.0.0.0 255.255.255.0 U 101 0 0 ens224
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
192.168.100.103 0.0.0.0 255.255.255.255 UH 0 0 0 lo
####192.168.100.2
[root@web2 keepalived]# systemctl stop keepalived.service
[root@web2 keepalived]# cd /usr/share/nginx/html/
[root@web2 html]# ls
404.html 50x.html index.html nginx-logo.png
[root@web2 html]# echo test > test.html
[root@web2 html]# ls
404.html 50x.html index.html nginx-logo.png test.html
[root@web2 html]# cat test.html
test
[root@web2 html]# cd
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.103/0 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@web2 ~]# vim /etc/sysctl.conf
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@web2 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@web2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.58.2 0.0.0.0 UG 101 0 0 ens224
127.0.0.0 0.0.0.0 255.0.0.0 U 30 0 0 lo
192.168.58.0 0.0.0.0 255.255.255.0 U 101 0 0 ens224
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# route add -host 192.168.100.103 dev lo:0
[root@web2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.58.2 0.0.0.0 UG 101 0 0 ens224
127.0.0.0 0.0.0.0 255.0.0.0 U 30 0 0 lo
192.168.58.0 0.0.0.0 255.255.255.0 U 101 0 0 ens224
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
192.168.100.103 0.0.0.0 255.255.255.255 UH 0 0 0 lo
添加一个sorry服务,当访问不到test,html文件时,将访问sorry服务
####192.168.100.1
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS1
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.103
}
}
virtual_server 192.168.100.103 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
sorry_server 192.168.100.203 80
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs2 ~]# systemctl start keepalived.service ####192.168.100.2
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS2
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.103
}
}
virtual_server 192.168.100.103 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
sorry_server 192.168.100.203 80
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs2 ~]# systemctl start keepalived.service 再加一台主机(ip为192.168.100.203),写好访问的sorry内容
####192.168.100.203
[root@bogon ~]# yum install -y nginx
[root@bogon ~]# systemctl start nginx
[root@bogon ~]# echo sorry > /usr/share/nginx/html/index.html
[root@bogon ~]# vim /etc/sysctl.conf
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@bogon ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@bogon ~]# route add -host 192.168.100.103 dev lo:0
[root@bogon ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.58.2 0.0.0.0 UG 102 0 0 ens33
192.168.58.0 0.0.0.0 255.255.255.0 U 102 0 0 ens33
192.168.100.0 0.0.0.0 255.255.255.0 U 101 0 0 ens34
192.168.100.103 0.0.0.0 255.255.255.255 UH 0 0 0 lo把192.168.100.1和192.168.100.2的test.html文件移到/opt目录下
####192.168.100.1
[root@web1 html]# mv test.html /opt/
[root@web1 html]# ls
404.html 50x.html index.html nginx-logo.png####192.168.100.2
[root@web2 html]# mv test.html /opt/
[root@web2 html]# ls
404.html 50x.html index.html nginx-logo.png
四、配置互为主从模式
把访问文件移动回来
####192.168.100.1
[root@web1 html]# mv /opt/test.html ./
[root@web1 html]# ls
404.html 50x.html index.html nginx-logo.png test.html####192.168.100.2
[root@web2 html]# ls
404.html 50x.html index.html nginx-logo.png test.html编辑服务器的互为主从的配置文件
####192.168.100.100
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
##后面再加上
vrrp_instance VI_2 {
state BACKUP
interface ens160
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.104
}
}
virtual_server 192.168.100.104 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
sorry_server 192.168.100.203 80
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs1 ~]# systemctl restart keepalived.service
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.103:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0
TCP 192.168.100.104:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0 ####192.168.100.10
[root@lvs2 ~]# vim keepalived.conf
##后面加上
vrrp_instance VI_2 {
state MASTER
interface ens160
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.104
}
}
virtual_server 192.168.100.104 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
sorry_server 192.168.100.203 80
real_server 192.168.100.1 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.100.2 80 {
weight 1
HTTP_GET {
url {
path /test.html
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
[root@lvs2 ~]# systemctl restart keepalived.service
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.103:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0
TCP 192.168.100.104:80 rr persistent 50
-> 192.168.100.1:80 Route 1 0 0
-> 192.168.100.2:80 Route 1 0 0