Keepalived 双主热备和三主热备

firstacui2026-01-15 12:28

Keepalived 双主热备和三主热备

1. 双主热备架构

1.1 节点规划

角色 主机名 软件 IP地址
用户 client 192.168.72.90
keepalived vip 192.168.72.100 192.168.72.101
master master keepalived, nginx 192.168.72.30
backup backup keepalived, nginx 192.168.72.32
web tomcat1 tomcat 192.168.72.41
web tomcat2 tomcat 192.168.72.42
DNS轮询 dns nginx 192.168.72.11

1.2 环境准备

克隆5台服务器。

1.2.1 配置tomcat1

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat1
[root@localhost ~]# bash
[root@tomcat1 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat1 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.41/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat1 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat1 ~]# setenforce 0
[root@tomcat1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@tomcat1 ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.2 配置comtat2

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat2
[root@localhost ~]# bash
[root@tomcat2 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat2 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.42/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat2 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat2 ~]# setenforce 0
[root@tomcat2 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@tomcat2 ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.3 配置master

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname master && bash
[root@master ~]#

2、设置IP地址

bash 复制代码 
[root@master ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.30/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@master ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@master ~]# setenforce 0
[root@master ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@master ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.4 配置backup

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname backup && bash
[root@backup ~]#

2、设置IP地址

bash 复制代码 
[root@backup ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.32/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@backup ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@backup ~]# setenforce 0
[root@backup ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@backup ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
1.2.5 配置dns

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname dns && bash
[root@dns ~]#

2、设置IP地址

bash 复制代码 
[root@dns ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.11/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@dns ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@dns ~]# setenforce 0
[root@dns ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@dns ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

1.3 搭建tomcat1

1.3.1 安装JDK

1、下载JDK

bash 复制代码 
[root@tomcat1 ~]# wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
--2026-01-14 10:32:43--  https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz
Resolving download.oracle.com (download.oracle.com)... 23.58.108.145
Connecting to download.oracle.com (download.oracle.com)|23.58.108.145|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197085853 (188M) [application/x-gzip]
Saving to: 'jdk-21_linux-x64_bin.tar.gz'

jdk-21_linux-x64_bin.tar.gz       100%[==========================================================>] 187.96M  3.50MB/s    in 51s     

2026-01-14 10:33:35 (3.66 MB/s) - 'jdk-21_linux-x64_bin.tar.gz' saved [197085853/197085853]

2、解压安装JDK

bash 复制代码 
[root@tomcat1 ~]# tar -zxf jdk-21_linux-x64_bin.tar.gz -C /usr/local
[root@tomcat1 ~]# cd /usr/local/jdk-21.0.9/
[root@tomcat1 jdk-21.0.9]# pwd
/usr/local/jdk-21.0.9

3、配置JDK

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# vim /etc/profile

.....
export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin

4、验证JDK配置

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# source /etc/profile
[root@tomcat1 jdk-21.0.9]# java --version
java 21.0.9 2025-10-21 LTS
Java(TM) SE Runtime Environment (build 21.0.9+7-LTS-338)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.9+7-LTS-338, mixed mode, sharing)
1.3.2 安装tomcat

1、下载tomcat

bash 复制代码 
[root@tomcat1 jdk-21.0.9]# cd
[root@tomcat1 ~]# wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
--2026-01-14 10:37:59--  https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.15/bin/apache-tomcat-11.0.15.tar.gz
Resolving dlcdn.apache.org (dlcdn.apache.org)... 151.101.2.132, 2a04:4e42::644
Connecting to dlcdn.apache.org (dlcdn.apache.org)|151.101.2.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14317088 (14M) [application/x-gzip]
Saving to: 'apache-tomcat-11.0.15.tar.gz'

apache-tomcat-11.0.15.tar.gz      100%[==========================================================>]  13.65M  12.7MB/s    in 1.1s    

2026-01-14 10:38:00 (12.7 MB/s) - 'apache-tomcat-11.0.15.tar.gz' saved [14317088/14317088]

2、解压安装tomcat

bash 复制代码 
[root@tomcat1 ~]# tar -zxf apache-tomcat-11.0.15.tar.gz -C /usr/local
[root@tomcat1 ~]# cd /usr/local/apache-tomcat-11.0.15/
[root@tomcat1 apache-tomcat-11.0.15]# pwd
/usr/local/apache-tomcat-11.0.15

3、配置Tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# vim /etc/profile
....
export CATALINA_HOME=/usr/local/apache-tomcat-11.0.15
export PATH=$PATH:$CATALINA_HOME/bin

4、让tomcat配置生效

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# source /etc/profile

5、修改欢迎页

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

6、启动tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

7、访问tomcat

bash 复制代码 
[root@tomcat1 apache-tomcat-11.0.15]# curl localhost:8080
tomcat1 192.168.72.41

1.4 搭建tomcat2

1、复制jdk和tomcat安装目录

bash 复制代码 
[root@tomcat1 ~]# scp -r /usr/local/jdk-21.0.9/ /usr/local/apache-tomcat-11.0.15/ 192.168.72.42:/usr/local/

2、查看是否复制成功

bash 复制代码 
[root@tomcat2 ~]# ls /usr/local
apache-tomcat-11.0.15  bin  etc  games  include  jdk-21.0.9  lib  lib64  libexec  sbin  share  src

3、复制配置文件

bash 复制代码 
[root@tomcat1 ~]# scp /etc/profile 192.168.72.42:/etc/
root@192.168.72.42's password: 
profile                                                                                            100% 2064     2.4MB/s   00:00

4、验证配置文件

bash 复制代码 
[root@tomcat2 ~]# tail -6 /etc/profile

export JAVA_HOME=/usr/local/jdk-21.0.9
export PATH=$PATH:$JAVA_HOME/bin

export CATALINA_HOME=/usr/local/apache-tomcat-11.0.15
export PATH=$PATH:$CATALINA_HOME/bin

5、让配置生效

bash 复制代码 
[root@tomcat2 ~]# source /etc/profile

6、启动tomcat

bash 复制代码 
[root@tomcat2 ~]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

7、修改欢迎页

bash 复制代码 
[root@tomcat2 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

8、访问tomcat

bash 复制代码 
[root@tomcat2 ~]# curl localhost:8080
tomcat2 192.168.72.42

1.5 搭建master

1.5.1 安装nginx

1、安装nginx服务

bash 复制代码 
[root@master ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@master ~]# vim /etc/nginx/conf.d/tomcat.conf

文件的内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
}       

server {
        listen          80;
        server_name     192.168.72.100;
        location / {
                proxy_pass      http://web;
        }
}

3、启动nginx服务

bash 复制代码 
[root@master ~]# systemctl start nginx
1.5.2 安装keepalived

1、安装keepalived

bash 复制代码 
[root@master ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@master ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@master ~]# ll /etc/keepalived/
total 8
-rw-r--r--. 1 root root 3550 May 15  2025 keepalived.conf
-rw-r--r--. 1 root root 3550 Jan 14 11:14 keepalived.conf.bak
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
}

3、启动keepalived

bash 复制代码 
[root@master ~]# systemctl start keepalived.service

4、查看IP

bash 复制代码 
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6a:7e:b2 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.30/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.100/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6a:7eb2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

5、访问nginx

bash 复制代码 
[root@master ~]# curl 192.168.72.100
tomcat1 192.168.72.41 
[root@master ~]# curl 192.168.72.100
tomcat2 192.168.72.42 
[root@master ~]# curl 192.168.72.100
tomcat1 192.168.72.41 
[root@master ~]# curl 192.168.72.100
tomcat2 192.168.72.42

1.6 搭建backup

1.6.1 安装nginx

1、安装nginx

bash 复制代码 
[root@backup ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@backup ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

bash 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
}       

server {
        listen          80;
        server_name     192.168.72.101;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动nginx

bash 复制代码 
[root@backup ~]# systemctl start nginx
1.6.2 安装keepalived

1、安装keepalived

bash 复制代码 
[root@backup ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@backup ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
}

3、启动keepalived

bash 复制代码 
[root@backup ~]# systemctl start keepalived.service

4、查看VIP

bash 复制代码 
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:79:ba:66 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.32/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe79:ba66/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

1.7 搭建dns

1、安装nginx

bash 复制代码 
[root@dns ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@dns ~]# vim /etc/nginx/conf.d/web.conf

文件内容如下:

bash 复制代码 
upstream web {
        server 192.168.72.100;
        server 192.168.72.101;
}       

server {
        listen          80;
        server_name     192.168.72.11;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动服务

bash 复制代码 
[root@dns ~]# systemctl start nginx

4、访问测试

bash 复制代码 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42

1.8 搭建高可用

1、编写检测脚本

bash 复制代码 
[root@master ~]# vim /etc/keepalived/check_nginx.sh

脚本内容如下:

bash 复制代码 
#!/bin/bash
count=`ps -C nginx --no-header | wc -l`
if [ $count -eq 0 ]; then
        /usr/bin/systemctl start nginx
        sleep 1
        if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
                /usr/bin/systemctl stop keepalived
        fi      
fi

2、给脚本赋予可执行权限

bash 复制代码 
[root@master ~]# chmod +x /etc/keepalived/check_nginx.sh
[root@master ~]# ll /etc/keepalived/check_nginx.sh
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh

3、修改keepalived配置文件

bash 复制代码 
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

4、重启keepalived

bash 复制代码 
[root@master ~]# systemctl restart keepalived.service

5、将脚本复制到backup

bash 复制代码 
[root@master ~]# scp -p /etc/keepalived/check_nginx.sh 192.168.72.32:/etc/keepalived/
The authenticity of host '192.168.72.32 (192.168.72.32)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.32' (ED25519) to the list of known hosts.
root@192.168.72.32's password: 
check_nginx.sh                                                                                                                                    100%  217   247.9KB/s   00:00

6、修改backup主机的keepalived配置文件

bash 复制代码 
[root@backup ~]# ll /etc/keepalived/check_nginx.sh
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

7、重启keepalived

bash 复制代码 
[root@backup ~]# systemctl restart keepalived.service

8、运行测试

bash 复制代码 
[root@backup ~]# systemctl stop nginx
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@backup ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@backup ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@backup ~]# curl 192.168.72.11
tomcat1 192.168.72.41

2. 三主热备架构

2.1 节点规划

角色 主机名 软件 IP地址
用户 client 192.168.72.90
keepalived vip 192.168.72.100
master serverA keepalived, nginx 192.168.72.30
backup serverB keepalived, nginx 192.168.72.31
backup serverC keepalived, nginx 192.168.72.32
web tomcat1 tomcat 192.168.72.41
web tomcat2 tomcat 192.168.72.42
web tomcat3 tomcat 192.168.72.43
DNS轮询 dns nginx 192.168.72.11

2.2 环境准备

这个项目是在双主热备的项目的基础上再增强的一个项目。所有原有的直接使用,但需要全新的克隆两台服务器,一台用于serverC的配置,一台用于tomcat3的配置。

2.2.1 配置serverC

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname serverC
[root@localhost ~]# bash
[root@serverC ~]#

2、设置IP地址

bash 复制代码 
[root@serverC ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.31/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@serverC ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@serverC ~]# setenforce 0
[root@serverC ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config

4、关闭防火墙

bash 复制代码 
[root@serverC ~]# systemctl disable --now firewalld.service 
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
2.2.2 配置tomcat3

1、设置主机名

bash 复制代码 
[root@localhost ~]# hostnamectl set-hostname tomcat3 && bash
[root@tomcat3 ~]#

2、设置IP地址

bash 复制代码 
[root@tomcat3 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.43/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@tomcat3 ~]# nmcli c up ens160

3、关闭selinux

bash 复制代码 
[root@tomcat3 ~]# setenforce 0
[root@tomcat3 ~]# sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/confi

4、关闭防火墙

bash 复制代码 
[root@tomcat3 ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".

2.3 搭建tomcat3

1、从tomcat1复制JDK和tomcat安装目录到tomcat3

bash 复制代码 
[root@tomcat1 ~]# scp -r /usr/local/jdk-21.0.9/ /usr/local/apache-tomcat-11.0.15/ 192.168.72.43:/usr/local/

2、从tomcat1复制配置文件到tomcat3

bash 复制代码 
[root@tomcat1 ~]# scp /etc/profile 192.168.72.43:/etc/
root@192.168.72.43's password: 
profile                                                                                            100% 2064     2.1MB/s   00:00

3、让配置生效

bash 复制代码 
[root@tomcat3 ~]# source /etc/profile

4、修改欢迎页

bash 复制代码 
[root@tomcat3 ~]# echo "$(hostname) $(hostname -I)" > /usr/local/apache-tomcat-11.0.15/webapps/ROOT/index.jsp

5、启动tomcat

bash 复制代码 
[root@tomcat3 ~]# startup.sh 
Using CATALINA_BASE:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_HOME:   /usr/local/apache-tomcat-11.0.15
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-11.0.15/temp
Using JRE_HOME:        /usr/local/jdk-21.0.9
Using CLASSPATH:       /usr/local/apache-tomcat-11.0.15/bin/bootstrap.jar:/usr/local/apache-tomcat-11.0.15/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

6、验证tomcat

bash 复制代码 
[root@tomcat3 ~]# curl localhost:8080
tomcat3 192.168.72.43

2.4 修改master

1、修改nginx的配置文件

bash 复制代码 
[root@master ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容修改如下:

bash 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}

server {
        listen          80;
        server_name     192.168.72.100;
        location / {
                proxy_pass      http://web;
        }
}

2、修改keepalived配置文件

bash 复制代码 
[root@master ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state BACKUP
    interface ens160
    virtual_router_id 53
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、重启nginx和keepalived

bash 复制代码 
[root@master ~]# systemctl restart nginx
[root@master ~]# systemctl restart keepalived.service

4、查看IP

bash 复制代码 
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6a:7e:b2 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.30/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.100/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6a:7eb2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.5 修改backup

1、修改nginx配置文件

bash 复制代码 
[root@backup ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}

server {
        listen          80;
        server_name     192.168.72.101;
        location / {
                proxy_pass      http://web;
        }
}

2、修改keepalived配置文件

bash 复制代码 
[root@backup ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_backup
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface ens160
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state BACKUP
    interface ens160
    virtual_router_id 53
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、重启nginx和keepalived

bash 复制代码 
[root@backup ~]# systemctl restart nginx
[root@backup ~]# systemctl restart keepalived.service

4、查看IP

bash 复制代码 
[root@backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:79:ba:66 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.32/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.101/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe79:ba66/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.6 搭建serverC

2.6.1 搭建nginx

1、安装nginx

bash 复制代码 
[root@serverC ~]# dnf install nginx -y

2、配置nginx

bash 复制代码 
[root@serverC ~]# vim /etc/nginx/conf.d/tomcat.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.41:8080;
        server 192.168.72.42:8080;
        server 192.168.72.43:8080;
}       

server {
        listen          80;
        server_name     192.168.72.102;
        location / {
                proxy_pass      http://web;
        }       
}

3、启动nginx

bash 复制代码 
[root@serverC ~]# systemctl start nginx
2.6.2 搭建keepalived

1、安装keepalived

bash 复制代码 
[root@serverC ~]# dnf install keepalived -y

2、配置keepalived

bash 复制代码 
[root@master ~]# scp -p /etc/keepalived/* 192.168.72.31:/etc/keepalived/
The authenticity of host '192.168.72.31 (192.168.72.31)' can't be established.
ED25519 key fingerprint is SHA256:s1BvgtBs1UxSKS+5fVxpZGEOB76pE1/J2MAZnhNW6Wo.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: 192.168.72.32
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.31' (ED25519) to the list of known hosts.
root@192.168.72.31's password: 
check_nginx.sh                                                                                     100%  217   467.5KB/s   00:00    
keepalived.conf                                                                                    100% 1045     1.6MB/s   00:00    
keepalived.conf.bak                                                                                100% 3550     3.2MB/s   00:00

然后修改/etc/keepalived/keepalived.conf文件

bash 复制代码 
[root@serverC ~]# ll /etc/keepalived/check_nginx.sh 
-rwxr-xr-x. 1 root root 217 Jan 14 11:44 /etc/keepalived/check_nginx.sh


[root@serverC ~]# vim /etc/keepalived/keepalived.conf

文件内容如下:

bash 复制代码 
global_defs {
   router_id LVS_master
}

vrrp_script chk_nginx {
    script "/etc/keepalived/check_nginx.sh"
    interval 2
    timeout 2
    weight -20
    fall 3
    rise 2
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens160
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.100
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens160
    virtual_router_id 52
    priority 80
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.101
    }
    track_script {
        chk_nginx
    }
}

vrrp_instance VI_3 {
    state MASTER
    interface ens160
    virtual_router_id 53
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.72.102
    }
    track_script {
        chk_nginx
    }
}

3、启动keepalived

bash 复制代码 
[root@serverC ~]# systemctl start keepalived.service

4、查看IP

bash 复制代码 
[root@serverC ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:b5:91:af brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.72.31/24 brd 192.168.72.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 192.168.72.102/32 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb5:91af/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.7 修改dns

1、修改nginx配置

bash 复制代码 
[root@dns ~]# vim /etc/nginx/conf.d/web.conf

文件内容如下:

nginx 复制代码 
upstream web {
        server 192.168.72.100;
        server 192.168.72.101;
        server 192.168.72.102;
}

server {
        listen          80;
        server_name     192.168.72.11;
        location / {
                proxy_pass      http://web;
        }
}

2、重启nginx

bash 复制代码 
[root@dns ~]# systemctl restart nginx

3、验证项目

bash 复制代码 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat2 192.168.72.42 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat3 192.168.72.43 
[root@dns ~]# curl 192.168.72.11
tomcat1 192.168.72.41

2. 优化

2.1 抢占模式和非抢占模式

默认情况下,keepalived 使用的是抢占模式,即,如果Master主机宕机恢复后,VIP 依然会在 master 所在主机上。这个样做的弊端是:会产生网络抖动。所以在生产环境中,推荐使用非抢占模式,它不会因为 master 主机恢复后 VIP 漂移,除非当前所在 VIP 的主机宕机。

要想实现非抢占模式,我们需要将配置文件中的所有 state MASTER 的配置修改为 state BACKUP,同时都配置 nopreempt

相关推荐
小二·2 小时前
Python Web 开发进阶实战:微前端架构初探 —— 基于 Webpack Module Federation 的 Vue 微应用体系
前端·python·架构
阿呆5912 小时前
html前端开发注释的写法
前端·html
pusheng20252 小时前
守护能源与数据的安全防线:从UL 2075标准解析储能及数据中心氢探技术的演进
前端·安全
.又是新的一天.2 小时前
【前端Web开发HTML5+CSS3+移动web视频教程】02 html - 列表、表格、表单
前端·html·html5
程序员鱼皮2 小时前
你的 IP 归属地,是咋被挖出来的?
前端·后端·计算机·程序员·互联网·编程经验
小酒星小杜2 小时前
在AI时代,技术人应该每天都要花两小时来构建一个自身的构建系统 - 总结篇
前端·vue.js·人工智能
燕山石头2 小时前
jeecg统一异常处理根据不同模块返回指定响应信息
前端
PyHaVolask3 小时前
CSRF跨站请求伪造
android·前端·csrf
程序员海军3 小时前
我的2025:做项目、跑副业、见人、奔波、搬家、维权、再回上海
前端·程序员·年终总结
热门推荐
01GitHub 镜像站点02网站改了域名,如何查找?03Linux下V2Ray安装配置指南04Labelme从安装到标注:零基础完整指南05安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)06AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南07UV安装并设置国内源08百度网盘偷偷给电脑“降频”?092025-04-03 Latex学习1——本地配置Latex + VScode环境10自用Proteus(8.15)常用元器件图示和功能介绍(持续更新...)