Keepalived 双主热备和三主热备

firstacui2026-01-15 12:28

Keepalived 双主热备和三主热备

1. 双主热备架构

1.1 节点规划

角色 主机名 软件 IP地址
用户 client 192.168.72.90
keepalived vip 192.168.72.100 192.168.72.101
master master keepalived, nginx 192.168.72.30
backup backup keepalived, nginx 192.168.72.32
web tomcat1 tomcat 192.168.72.41
web tomcat2 tomcat 192.168.72.42
DNS轮询 dns nginx 192.168.72.11

1.2 环境准备

克隆5台服务器。

1.2.1 配置tomcat1

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat1
[root@localhost ~]# bash
[root@tomcat1 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.41/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat1 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat1 ~]# setenforce 0
[root@tomcat1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@tomcat1 ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.2 配置comtat2

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat2
[root@localhost ~]# bash
[root@tomcat2 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.42/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat2 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat2 ~]# setenforce 0
[root@tomcat2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@tomcat2 ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.3 配置master

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname master && bash
[root@master ~]#

2、设置IP地址

bash 复制代码 
[root@master ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.30/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@master ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@master ~]# setenforce 0
[root@master ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@master ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.4 配置backup

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname backup && bash
[root@backup ~]#

2、设置IP地址

bash 复制代码 
[root@backup ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.32/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@backup ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@backup ~]# setenforce 0
[root@backup ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@backup ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.5 配置dns

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname dns && bash
[root@dns ~]#

2、设置IP地址

bash 复制代码 
[root@dns ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.11/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@dns ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@dns ~]# setenforce 0
[root@dns ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@dns ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

1.3 搭建tomcat1

1.3.1 安装JDK

1、下载JDK

bash 复制代码 
[root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
--2026-01-14 10:32:43--  https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
Resolving download.oracle.com (download.oracle.com)... 23.58.108.145
Connecting to download.oracle.com (download.oracle.com)|23.58.108.145|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197085853 (188M) [application/x-gzip]
Saving to: 'jdk-21_linux-x64_bin.tar.gz'

jdk-21_linux-x64_bin.tar.gz       100%[==========================================================>] 187.96M  3.50MB/s    in 51s     

2026-01-14 10:33:35 (3.66 MB/s) - 'jdk-21_linux-x64_bin.tar.gz' saved [197085853/197085853]

2、解压安装JDK

bash 复制代码 
[root@tomcat1 ~]# tar -zxf jdk-21_linux-x64_bin.tar.gz -C /usr/local
[root@tomcat1 ~]# cd /usr/local/jdk-21.0.9/
[root@tomcat1 jdk-21.0.9]# pwd
/usr/local/jdk-21.0.9

3、配置JDK

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# vim /etc/profile

.....
export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin

4、验证JDK配置

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# source /etc/profile
[root@tomcat1 jdk-21.0.9]# java --version
java 21.0.9 2025-10-21 LTS
Java(TM) SE Runtime Environment (build 21.0.9+7-LTS-338)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.9+7-LTS-338, mixed mode, sharing)
1.3.2 安装tomcat

1、下载tomcat

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# cd
[root@tomcat1 ~]# wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
--2026-01-14 10:37:59--  https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
Resolving dlcdn.apache.org (dlcdn.apache.org)... 151.101.2.132, 2a04:4e42::644
Connecting to dlcdn.apache.org (dlcdn.apache.org)|151.101.2.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14317088 (14M) [application/x-gzip]
Saving to: 'apache-tomcat-11.0.15.tar.gz'

apache-tomcat-11.0.15.tar.gz      100%[==========================================================>]  13.65M  12.7MB/s    in 1.1s    

2026-01-14 10:38:00 (12.7 MB/s) - 'apache-tomcat-11.0.15.tar.gz' saved [14317088/14317088]

2、解压安装tomcat

bash 复制代码 
[root@tomcat1 ~]# tar -zxf apache-tomcat-11.0.15.tar.gz -C /usr/local
[root@tomcat1 ~]# cd /usr/local/apache-tomcat-11.0.15/
[root@tomcat1 apache-tomcat-11.0.15]# pwd
/usr/local/apache-tomcat-11.0.15

3、配置Tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# vim /etc/profile
....
export CATALINA_HOME=/usr/local/apache-tomcat-11.0.15
export PATH=$PATH:$CATALINA_HOME/bin

4、让tomcat配置生效

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# source /etc/profile

5、修改欢迎页

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

6、启动tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

7、访问tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# curl localhost:8080
tomcat1 192.168.72.41

1.4 搭建tomcat2

1、复制jdk和tomcat安装目录

bash 复制代码 
[root@tomcat1 ~]# scp -r /usr/local/jdk-21.0.9/ /usr/local/apache-tomcat-11.0.15/ 192.168.72.42:/usr/local/

2、查看是否复制成功

bash 复制代码 
[root@tomcat2 ~]# ls /usr/local
apache-tomcat-11.0.15  bin  etc  games  include  jdk-21.0.9  lib  lib64  libexec  sbin  share  src

3、复制配置文件

bash 复制代码 
[root@tomcat1 ~]# scp /etc/profile 192.168.72.42:/etc/
root@192.168.72.42's password: 
profile                                                                                            100% 2064     2.4MB/s   00:00

4、验证配置文件

bash 复制代码 
[root@tomcat2 ~]# tail -6 /etc/profile

export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin

export CATALINA_HOME=/usr/local/apache-tomcat-11.0.15
export PATH=$PATH:$CATALINA_HOME/bin

5、让配置生效

bash 复制代码 
[root@tomcat2 ~]# source /etc/profile

6、启动tomcat

bash 复制代码 
[root@tomcat2 ~]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

7、修改欢迎页

bash 复制代码 
[root@tomcat2 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

8、访问tomcat

bash 复制代码 
[root@tomcat2 ~]# curl localhost:8080
tomcat2 192.168.72.42

1.5 搭建master

1.5.1 安装nginx

1、安装nginx服务

bash 复制代码 
[root@master ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@master ~]# vim /etc/nginx/conf.d/tomcat.conf

文件的内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
}       

server {
        listen          80;
        server_name     192.168.72.100;
        location / {
                proxy_pass      http://web;
        }
}

3、启动nginx服务

bash 复制代码 
[root@master ~]# systemctl start nginx
1.5.2 安装keepalived

1、安装keepalived

bash 复制代码 
[root@master ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@master ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@master ~]# ll /etc/keepalived/
total 8
-rw-r--r--. 1 root root 3550 May 15  2025 keepalived.conf
-rw-r--r--. 1 root root 3550 Jan 14 11:14 keepalived.conf.bak
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
}

3、启动keepalived

bash 复制代码 
[root@master ~]# systemctl start keepalived.service

4、查看IP

bash 复制代码 
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6a:7e:b2 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.30/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.100/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6a:7eb2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

5、访问nginx

bash 复制代码 
[root@master ~]# curl 192.168.72.100
tomcat1 192.168.72.41 
[root@master ~]# curl 192.168.72.100
tomcat2 192.168.72.42 
[root@master ~]# curl 192.168.72.100
tomcat1 192.168.72.41 
[root@master ~]# curl 192.168.72.100
tomcat2 192.168.72.42

1.6 搭建backup

1.6.1 安装nginx

1、安装nginx

bash 复制代码 
[root@backup ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@backup ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

bash 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
}       

server {
        listen          80;
        server_name     192.168.72.101;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动nginx

bash 复制代码 
[root@backup ~]# systemctl start nginx
1.6.2 安装keepalived

1、安装keepalived

bash 复制代码 
[root@backup ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@backup ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
}

3、启动keepalived

bash 复制代码 
[root@backup ~]# systemctl start keepalived.service

4、查看VIP

bash 复制代码 
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:79:ba:66 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.32/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe79:ba66/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

1.7 搭建dns

1、安装nginx

bash 复制代码 
[root@dns ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@dns ~]# vim /etc/nginx/conf.d/web.conf

文件内容如下:

bash 复制代码 
upstream web {
        server 192.168.72.100;
        server 192.168.72.101;
}       

server {
        listen          80;
        server_name     192.168.72.11;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动服务

bash 复制代码 
[root@dns ~]# systemctl start nginx

4、访问测试

bash 复制代码 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42

1.8 搭建高可用

1、编写检测脚本

bash 复制代码 
[root@master ~]# vim /etc/keepalived/check_nginx.sh

脚本内容如下:

bash 复制代码 
#!/bin/bash
count=`ps -C nginx --no-header | wc -l`
if [ $count -eq 0 ]; then
        /usr/bin/systemctl start nginx
        sleep 1
        if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
                /usr/bin/systemctl stop keepalived
        fi      
fi

2、给脚本赋予可执行权限

bash 复制代码 
[root@master ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@master ~]# ll /etc/keepalived/check_nginx.sh
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh

3、修改keepalived配置文件

bash 复制代码 
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

4、重启keepalived

bash 复制代码 
[root@master ~]# systemctl restart keepalived.service

5、将脚本复制到backup

bash 复制代码 
[root@master ~]# scp -p /etc/keepalived/check_nginx.sh 192.168.72.32:/etc/keepalived/
The authenticity of host '192.168.72.32 (192.168.72.32)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.32' (ED25519) to the list of known hosts.
root@192.168.72.32's password: 
check_nginx.sh                                                                                                                                    100%  217   247.9KB/s   00:00

6、修改backup主机的keepalived配置文件

bash 复制代码 
[root@backup ~]# ll /etc/keepalived/check_nginx.sh
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

7、重启keepalived

bash 复制代码 
[root@backup ~]# systemctl restart keepalived.service

8、运行测试

bash 复制代码 
[root@backup ~]# systemctl stop nginx
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@backup ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@backup ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41

2. 三主热备架构

2.1 节点规划

角色 主机名 软件 IP地址
用户 client 192.168.72.90
keepalived vip 192.168.72.100
master serverA keepalived, nginx 192.168.72.30
backup serverB keepalived, nginx 192.168.72.31
backup serverC keepalived, nginx 192.168.72.32
web tomcat1 tomcat 192.168.72.41
web tomcat2 tomcat 192.168.72.42
web tomcat3 tomcat 192.168.72.43
DNS轮询 dns nginx 192.168.72.11

2.2 环境准备

这个项目是在双主热备的项目的基础上再增强的一个项目。所有原有的直接使用,但需要全新的克隆两台服务器,一台用于serverC的配置,一台用于tomcat3的配置。

2.2.1 配置serverC

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname serverC
[root@localhost ~]# bash
[root@serverC ~]#

2、设置IP地址

bash 复制代码 
[root@serverC ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.31/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@serverC ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@serverC ~]# setenforce 0
[root@serverC ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@serverC ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
2.2.2 配置tomcat3

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat3 && bash
[root@tomcat3 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat3 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.43/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat3 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat3 ~]# setenforce 0
[root@tomcat3 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/confi

4、关闭防火墙

bash 复制代码 
[root@tomcat3 ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

2.3 搭建tomcat3

1、从tomcat1复制JDK和tomcat安装目录到tomcat3

bash 复制代码 
[root@tomcat1 ~]# scp -r /usr/local/jdk-21.0.9/ /usr/local/apache-tomcat-11.0.15/ 192.168.72.43:/usr/local/

2、从tomcat1复制配置文件到tomcat3

bash 复制代码 
[root@tomcat1 ~]# scp /etc/profile 192.168.72.43:/etc/
root@192.168.72.43's password: 
profile                                                                                            100% 2064     2.1MB/s   00:00

3、让配置生效

bash 复制代码 
[root@tomcat3 ~]# source /etc/profile

4、修改欢迎页

bash 复制代码 
[root@tomcat3 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

5、启动tomcat

bash 复制代码 
[root@tomcat3 ~]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

6、验证tomcat

bash 复制代码 
[root@tomcat3 ~]# curl localhost:8080
tomcat3 192.168.72.43

2.4 修改master

1、修改nginx的配置文件

bash 复制代码 
[root@master ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容修改如下:

bash 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}

server {
        listen          80;
        server_name     192.168.72.100;
        location / {
                proxy_pass      http://web;
        }
}

2、修改keepalived配置文件

bash 复制代码 
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state BACKUP
    interface ens160
    virtual_router_id 53
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、重启nginx和keepalived

bash 复制代码 
[root@master ~]# systemctl restart nginx
[root@master ~]# systemctl restart keepalived.service

4、查看IP

bash 复制代码 
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6a:7e:b2 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.30/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.100/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6a:7eb2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.5 修改backup

1、修改nginx配置文件

bash 复制代码 
[root@backup ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}

server {
        listen          80;
        server_name     192.168.72.101;
        location / {
                proxy_pass      http://web;
        }
}

2、修改keepalived配置文件

bash 复制代码 
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state BACKUP
    interface ens160
    virtual_router_id 53
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、重启nginx和keepalived

bash 复制代码 
[root@backup ~]# systemctl restart nginx
[root@backup ~]# systemctl restart keepalived.service

4、查看IP

bash 复制代码 
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:79:ba:66 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.32/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe79:ba66/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.6 搭建serverC

2.6.1 搭建nginx

1、安装nginx

bash 复制代码 
[root@serverC ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@serverC ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}       

server {
        listen          80;
        server_name     192.168.72.102;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动nginx

bash 复制代码 
[root@serverC ~]# systemctl start nginx
2.6.2 搭建keepalived

1、安装keepalived

bash 复制代码 
[root@serverC ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@master ~]# scp -p /etc/keepalived/* 192.168.72.31:/etc/keepalived/
The authenticity of host '192.168.72.31 (192.168.72.31)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: 192.168.72.32
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.31' (ED25519) to the list of known hosts.
root@192.168.72.31's password: 
check_nginx.sh                                                                                     100%  217   467.5KB/s   00:00    
keepalived.conf                                                                                    100% 1045     1.6MB/s   00:00    
keepalived.conf.bak                                                                                100% 3550     3.2MB/s   00:00

然后修改/etc/keepalived/keepalived.conf文件

bash 复制代码 
[root@serverC ~]# ll /etc/keepalived/check_nginx.sh 
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh


[root@serverC ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state MASTER
    interface ens160
    virtual_router_id 53
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、启动keepalived

bash 复制代码 
[root@serverC ~]# systemctl start keepalived.service

4、查看IP

bash 复制代码 
[root@serverC ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:b5:91:af brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.31/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb5:91af/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.7 修改dns

1、修改nginx配置

bash 复制代码 
[root@dns ~]# vim /etc/nginx/conf.d/web.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.100;
        server 192.168.72.101;
        server 192.168.72.102;
}

server {
        listen          80;
        server_name     192.168.72.11;
        location / {
                proxy_pass      http://web;
        }
}

2、重启nginx

bash 复制代码 
[root@dns ~]# systemctl restart nginx

3、验证项目

bash 复制代码 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41

2. 优化

2.1 抢占模式和非抢占模式

默认情况下,keepalived 使用的是抢占模式,即,如果Master主机宕机恢复后,VIP 依然会在 master 所在主机上。这个样做的弊端是:会产生网络抖动。所以在生产环境中,推荐使用非抢占模式,它不会因为 master 主机恢复后 VIP 漂移,除非当前所在 VIP 的主机宕机。

要想实现非抢占模式,我们需要将配置文件中的所有 state MASTER 的配置修改为 state BACKUP,同时都配置 nopreempt

相关推荐
We་ct21 小时前
LeetCode 205. 同构字符串:解题思路+代码优化全解析
前端·算法·leetcode·typescript
2301_8127314121 小时前
CSS3笔记
前端·笔记·css3
ziblog21 小时前
CSS3白云飘动动画特效
前端·css·css3
越努力越幸运50821 小时前
CSS3学习之网格布局grid
前端·学习·css3
半斤鸡胗21 小时前
css3基础
前端·css
ziblog21 小时前
CSS3创意精美页面过渡动画效果
前端·css·css3
akangznl21 小时前
第四章 初识css3
前端·css·css3·html5
会豪21 小时前
深入理解 CSS3 滤镜(filter):从基础到实战进阶
前端·css·css3
头顶一只喵喵21 小时前
CSS3进阶知识:CSS3盒子模型,box-sizing:content-box和box-sizing:border-box的讲解
前端·css·css3
小飞大王66621 小时前
css进阶用法
前端·css
热门推荐
01GitHub 镜像站点02Vue-skills的中文文档03一文了解国产算子编程语言 TileLang,TileLang 对国产开源生态的影响与启示04Claude Code Skills 实用使用手册05让 Trae IDE 智能体 “读懂”文档 Excel+PDF+DOCX :mcp-documents-reader 工具使用指南06UV安装并设置国内源07Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services08在Trae中使用Pencil MCP09OpenClaw部署与配置教程:在Mac mini上接入国产大模型与飞书10OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)