環境
| 主機 | IP及網卡 |
| lvs排程器(DS1) | 橋接:192.168.1.101(ens37) NAT:1921.68.2.109(ens33) |
| lvs排程器(DS2) | 橋接:192.168.1.100(ens37) NAT:1921.68.2.110(ens33) |
| web伺服器(RS1) | 192.168.2.111(ens33) |
| web伺服器(RS2) | 192.168.2.112(ens33) |
| VIP | 192.168.1.200 ens37 |
| DIP | 192.168.2.150 ens33 |
注意:因為 keepalived 可以配置 VIP,是以 lvs 不用配置 ipvsadm -A ******,ipvsadm -a ****
拓撲
虛拟機建立及 LVS 叢集 NAT 模式搭建
安裝 keepalived(2台都要安裝)
yum install keepalived -y 一、lvs排程器1 192.168.1.101
1、Master 配置
vim /etc/keepalived/keepalived.conf
# master
global_defs {
router_id lvs-keepalived
}
vrrp_instance VI_1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.200/24 # 配置 VIP
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.150/24 # 配置 DIP
}
}
virtual_server 192.168.1.200 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
protocol TCP
real_server 192.168.2.111 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
real_server 192.168.2.112 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
} 2、啟動
systemctl start keepalived 3、檢視IP
因為這台是master,是以現在可以看到 ens37 和 ens33 上面分别了多出了一個IP,對應 VIP 和 DIP
[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.150/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.1.200/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4、檢視 ipvs
[root@kvm109 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.200:80 rr
-> 192.168.2.111:80 Masq 1 0 0
-> 192.168.2.112:80 Masq 1 0 0
TCP 192.168.2.109:80 rr
-> 192.168.2.111:80 Masq 1 0 0
-> 192.168.2.112:80 Masq 1 0 0 二、排程器2 192.168.1.100
1、Backup 配置
vim /etc/keepalived/keepalived.conf
# Backup
global_defs {
router_id lvs-keepalived
}
vrrp_instance VI_1 {
state BACKUP
interface ens37
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.200/24
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.150/24
}
}
virtual_server 192.168.1.200 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
protocol TCP
real_server 192.168.2.111 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
real_server 192.168.2.112 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
} 2、檢視IP
因為這台是 backup,隻能看到自己的2張網卡資訊,看不到 VIP 和 DIP
[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever 3、檢視 ipvs
[root@kvm110 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.200:http rr
-> 192.168.2.111:http Masq 1 0 0
-> 192.168.2.112:http Masq 1 0 0
TCP kvm110:http rr
-> 192.168.2.111:http Masq 1 0 0
-> 192.168.2.112:http Masq 1 0 0 三、web 伺服器(2台都要修改)
1、修改網關
vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 内容
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e92e4fb7-96ed-4623-90cb-f5f9461f7b67
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.2.111
NETMASK=255.255.255.0
GATEWAY=192.168.2.150 # 指向 LVS 的 DIP
DNS1=8.8.8.8 四、驗證叢集
五、驗證高可用
1、嘗試關掉 DS1 伺服器
[root@kvm109 ~]# systemctl stop keepalived 2、檢視 DS1 伺服器的 IP,VIP 和 DIP 不見了
[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute
valid_lft forever preferred_lft forever 3、此時檢視 DS2 伺服器的 IP,發現 VIP 和 DIP 漂移過來了
[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.150/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.1.200/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever