##准备了4台虚拟机,用于测试
IP 作用
192.168.100.20 keepalived master
192.168.100.21 keepalived backup
192.168.100.30 nginx1
192.168.100.31 nginx2
192.168.100.200 虚拟ip VIP
##关闭selinux:
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config 或者
vim /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
##关闭防火墙:
systemctl disable firewalld.service
##重启使生效:
shutdown -r now##软件安装
在192.168.100.20及192.168.100.21上安装keepalived
在192.168.100.30及192.168.100.31上安装nginx##安装依赖包(4个机器都需要安装)
[root@localhost ~]# yum install -y gcc openssl-devel libnl libnl-devel libnfnetlink-devel net-tools vim wget lrzsz xz make
第一种编译安装keepalived方式
##keepalived-2.0.10.tar.gz下载
此为keepalived下载地址
https://www.keepalived.org/index.html
将下载的2.0.10的版本拷贝至/use/local/src下 解压安装
[root@localhost ~]# cd /usr/local/src
[root@localhost src]# rz -E ##上传keepalived-2.0.10.tar.gz
rz waiting to receive.
[root@localhost ~]# ls
keepalived-2.0.10.tar.gz
[root@localhost src]# tar -zxvf keepalived-2.0.10.tar.gz
keepalived-2.0.10/
....
....
....
[root@localhost src]# mv keepalived-2.0.10 ../keepalived
[root@localhost src]# cd /usr/local/keepalived/
[root@localhost keepalived]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
....
....
....
[root@localhost keepalived]# make && make install
Making all in lib
make[1]: 进入目录“/usr/local/keepalived/lib”
make all-am
make[2]: 进入目录“/usr/local/keepalived/lib”
CC memory.o
CC utils.o
....
....
....
[root@localhost keepalived]#
##keepalived配置
将keepalived配置文件拷贝到etc/keepalived下
[root@localhost keepalived]# mkdir /etc/keepalived
[root@localhost keepalived]# cp /usr/local/keepalived/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@localhost keepalived]#
##开机启动项
把 keepalived的启动文件复制到init.d下,加入开机启动项
[root@localhost keepalived]# cp /usr/local/keepalived/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
把keepalived加入系统命令目录
[root@localhost keepalived]# cp /usr/local/sbin/keepalived /usr/sbin/
启动keepalived命令
root@localhost keepalived]# /etc/init.d/keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@localhost keepalived]#
[root@localhost keepalived]# /etc/init.d/keepalived restart
Restarting keepalived (via systemctl): [ 确定 ]
[root@localhost keepalived]#
第二种yum源安装keepalived方式
添加阿里源,安装keepalived包
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum install -y keepalived.x86_64 [root@localhost ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf ##主配置文件配置keepalived
##配置MASTER服务器
cd /etc/keepalived #备份默认的keepalived配置
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
配置MASTER
[root@localhost keepalived]# vim keepalived.conf
global_defs {
notification_email {
edisonchou@hotmail.com
}
notification_email_from sns-lvs@gmail.com
smtp_server 192.168.80.1
smtp_connection_timeout 30
router_id LVS_DEVEL # 设置lvs的id,在一个网络内应该是唯一的
}
vrrp_instance VI_1 {
state MASTER #指定Keepalived的角色,MASTER为主,BACKUP为备 记得大写
interface ens160 #网卡id 不同的电脑网卡id会有区别 可以使用:ip a查看
virtual_router_id 51 #虚拟路由编号,主备要一致
priority 100 #定义优先级,数字越大,优先级越高,主DR必须大于备用DR
advert_int 1 #检查间隔,默认为1s
authentication { #这里配置的密码最多为8位,主备要一致,否则无法正常通讯
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200 #定义虚拟IP(VIP)为192.168.100.200,可多设,每行一个
}
}
定义对外提供服务的LVS的VIP以及**`port`**
virtual_server 192.168.100.200 80 {
delay_loop 6 # 设置健康检查时间,单位是秒
lb_algo rr # 设置负载调度的算法为wlc
lb_kind DR # 设置LVS实现负载的机制,有NAT、TUN、DR三个模式
nat_mask 255.255.255.0
persistence_timeout 0
protocol TCP
real_server 192.168.100.30 80 { # 指定Nginx1的IP地址
weight 3 # 配置节点权值,数字越大权重越高
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.100.31 80 { # 指定Nginx2的IP地址
weight 3 # 配置节点权值,数字越大权重越高
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
配置BACKUP服务器
cd /etc/keepalived ##备份默认的keepalived配置
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
配置BACKUP
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.200
}
}
virtual_server 192.168.100.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 0
protocol TCP
real_server 192.168.100.30 80 {
weight 3
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.100.31 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动keepalived服务
systemctl start keepalived.service
systemctl restart keepalived.service 第一种安装keepalived服务方式启动
/etc/init.d/keepalived start
/etc/init.d/keepalived restart
##nginx安装(第一种编译安装Nginx)
在192.168.100.30及192.168.100.31上安装nginx
##下载依赖文件压缩包
[root@localhost ~]# cd /usr/local/src/
[root@localhost src]#wget http://nginx.org/download/nginx-1.12.1.tar.gz
##解压资源
[root@localhost src]#tar -xf nginx-1.12.1.tar.gz
##设置权限
[root@localhost src]#t chown -R root:root ./##编译安装
[root@localhost src]# cd /usr/local/src/nginx-1.12.1/
[root@localhost nginx-1.12.1]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module
checking for OS
+ Linux 3.10.0-693.el7.x86_64 x86_64
....
....
....
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
[root@localhost nginx-1.12.1]# make && make install
make -f objs/Makefile
make[1]: 进入目录“/usr/local/src/nginx-1.12.1”
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
-o objs/src/core/nginx.o \
src/core/nginx.c
....
....
....
make[1]: 离开目录“/usr/local/src/nginx-1.12.1”
[root@localhost nginx-1.12.1]#
查看版本 检查正确性
[root@localhost nginx-1.12.1]# cd /usr/local/nginx/
[root@localhost nginx]# sbin/nginx -v
nginx version: nginx/1.12.1
[root@localhost nginx]# sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
##设置开机自启动
chkconfig nginx on
启动nginx服务
确保nginx已经正常运行了
[root@localhost /]# ps -ef|grep nginx
root 1552 1 0 15:27 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 1553 1552 0 15:27 ? 00:00:00 nginx: worker process
nginx 1554 1552 0 15:27 ? 00:00:00 nginx: worker process
root 11642 1258 0 16:55 pts/0 00:00:00 grep --color=auto nginx
第二种yum源安装Nginx
yum install nginx -y启动Nginx服务
systemctl start nginx
systemctl restart nginx
systemctl stop nginx##编辑realserver脚本文件两台机器都要搞 (Nginx服务器下)
进入init文件夹cd /etc/init.d/
##编辑脚本
[root@localhost init.d]# vim /etc/init.d/realserver
SNS_VIP=192.168.100.200
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@localhost init.d]#
##保存并设置脚本的执行权限
[root@localhost init.d]# chmod 755 /etc/init.d/realserver
[root@localhost init.d]# chmod 755 /etc/rc.d/init.d/functions
[root@localhost init.d]# service realserver start ##出现以下代表成功
/etc/rc.d/init.d/functions: 第 690 行:return: 只能从函数或者源脚本`返回'
RealServer Start OK
##查看执行结果 在Nginx服务器查看
网卡:inet 192.168.100.200/32 brd 192.168.100.200 scope global lo:0 VIP配置成功
[root@localhost init.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.100.200/32 brd 192.168.100.200 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:54:21:3b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.30/24 brd 192.168.100.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::d58a:a5b6:58b5:ac6a/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::ddfb:715a:9aa4:7292/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::f192:baab:eec0:800a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
修改Nginx网页
这个添加IP100.30 服务器
echo "Welcome to 192.168.100.30" > /usr/share/nginx/html/index.html
这个添加IP100.31 服务器
echo "Welcome to 192.168.100.31" > /usr/share/nginx/html/index.html
##ipvsadm管理虚拟服务
##安装ipvsadm (在keepalived服务器上添加)
用于查看lvs转发及代理情况的工具
在192.168.100.20及192.168.100.21上安装
[root@localhost keepalived]#yum install ipvsadm -y##添加一个虚拟服务192.168.100.200:80,使用轮询算法
ipvsadm -A -t 192.168.100.200:80 -s rr
##修改虚拟服务的算法为加权轮询
ipvsadm -E -t 192.168.100.200:80 -s wrr
##删除虚拟服务
ipvsadm -D -t 192.168.100.200:80
##2. 管理真实服务
添加一个真实服务器192.168.100.200,使用DR模式,权重2
[root@localhost /]# ipvsadm -A -t 192.168.100.200:80 -s rr
[root@localhost /]# ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.30 -g -w 1
[root@localhost /]# ipvsadm -a -t 192.168.100.200:80 -r 192.168.100.31 -g -w 1
[root@localhost keepalived]# ipvsadm -Ln ##主keepalived服务器
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.200:80 rr
-> 192.168.100.30:80 Route 3 0 0
-> 192.168.100.31:80 Route 3 0 0
[root@localhost /]# ipvsadm -Ln ##备keepalived服务器
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.200:80 rr
-> 192.168.100.30:80 Route 3 0 0
-> 192.168.100.31:80 Route 3 0 0
检查主keepalived 启动后的配置情况(网卡下出现192.168.100.200 VIP 说明主已经启动成功)
[root@localhost keepalived]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:ef:bd:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.20/24 brd 192.168.100.255 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.200/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::d58a:a5b6:58b5:ac6a/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::ddfb:715a:9aa4:7292/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::f192:baab:eec0:800a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
检查备keepalived 启动后的配置情况(网卡没出现192.168.100.200 VIP说明备服务器正常)
[root@localhost keepalived]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:85:8b:f4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::d58a:a5b6:58b5:ac6a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::ddfb:715a:9aa4:7292/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::f192:baab:eec0:800a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
##验证成功 :(在Nginx服务器上验证)
[root@localhost /]# curl http://192.168.100.200
Welcome to 192.168.100.31
root@localhost /]# curl http://192.168.100.200
Welcome to 192.168.100.30
测试vip监听的端口 telnet 192.168.100.200 80 (80为端口号)
请求虚拟IP查看转发的服务
KeepAlived高可用测试
停用主Keepalived后
[root@localhost /]# systemctl stop keepalived.service
[root@localhost /]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:e8:f9:a4 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.20/24 brd 192.168.100.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::d58a:a5b6:58b5:ac6a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::ddfb:715a:9aa4:7292/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::f192:baab:eec0:800a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
主Keepalived会飘到备keepalived服务器上 VIP地址回出现备Keepalived的网卡上
[root@localhost keepalived]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:4d:44:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.100.21/24 brd 192.168.100.255 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.100.200/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::d58a:a5b6:58b5:ac6a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::ddfb:715a:9aa4:7292/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::f192:baab:eec0:800a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@localhost keepalived]#
重启主keepalived
主服务恢复之后;vip又会自动漂移回主服务
LVS+KeepAlived+Nginx高可用验证成功
版权声明:本文为qq_15290209原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。