lvs+keepalived配置过程

时间:2020-12-09 03:06:48

---恢复内容开始---

###lb01 操作

####1.关闭keepalived iptables selinux

 

####2.手工添加LVS转发

 

#####1)配置lvs 添加vip

ip addr add 10.0.0.3/24 dev eth0 label eth0:0

#####2)配置lvs规则

ipvsadm-save   -n            

ipvsadm -C                   

ipvsadm --set 30 5 60        

ipvsadm -A -t 10.0.0.3:80 -s wrr -p 20  

 

ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.7:80 -g -w 1

ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.8:80 -g -w 1

 

ipvsadm -ln --stats

 

#####3)手工在RS端绑定

####每台real server端执行

#####绑定vip

ip addr add 10.0.0.3/32 dev lo label lo:0

 

#####4)手工在RS端抑制ARP响应

cat >>/etc/sysctl.conf<<EOF

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

net.ipv4.conf.lo.arp_ignore = 1

net.ipv4.conf.lo.arp_announce = 2

EOF

sysctl -p

 

####3.lb01 测试 web01 web02 是否可用

[root@lb01 ~]# curl 10.0.0.7/xiaoyu.html

web02 www

[root@lb01 ~]# curl -H Host:blog.etiantian.org 10.0.0.7/xiaoyu.html

web02 blog

[root@lb01 ~]# curl 10.0.0.8/xiaoyu.html

web01 www

[root@lb01 ~]# curl -H Host:blog.etiantian.org 10.0.0.8/xiaoyu.html

web01 blog

 

#####4.windows hosts 解析

10.0.0.3 www.etiantian.org  blog.etiantian.org

 

lb01  keepalived配置文件

global_defs {

   notification_email {

    49000448-@qq.com

   }

   notification_email_from Alexandre.Cassen@firewall.loc

   smtp_server 192.168.200.1

   smtp_connect_timeout 30

   router_id LVS_01

}

 

vrrp_instance VI_1 {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 150

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

     10.0.0.3/24 dev eth0 label eth0:1

    }

}

 

virtual_server 10.0.0.3 80 {

    delay_loop 6         

    lb_algo wrr               

    lb_kind DR                

    nat_mask 255.255.255.0

    persistence_timeout 50    

    protocol TCP               

 

    real_server 10.0.0.7 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

 

    real_server 10.0.0.8 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

1.1 lb02 keepalived 配置文件

global_defs {

   notification_email {

    49000448-@qq.com

   }

   notification_email_from Alexandre.Cassen@firewall.loc

   smtp_server 192.168.200.1

   smtp_connect_timeout 30

   router_id LVS_02

}

 

vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

     10.0.0.3/24 dev eth0 label eth0:1

    }

}

virtual_server 10.0.0.3 80 {

    delay_loop 6         

    lb_algo wrr               

    lb_kind DR               

    nat_mask 255.255.255.0

    persistence_timeout 50    

    protocol TCP               

 

    real_server 10.0.0.7 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

 

    real_server 10.0.0.8 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

 

1.1 #####lvs高可用---keepalived 

keepalived.conf  

#1.global_defs  全局定义

#2.vrrp 实例配置  VIP

#3.lvs的配置

#配置keepalived管理 lvs

#1. 删除之前配置的VIP

ip addr del   10.0.0.3/24 dev eth0 label eth0:0

#2.配置lb01 lb02 上面的keepalived

 

[root@lb01 ~]# cat /etc/keepalived/keepalived.conf

global_defs {

   router_id LVS_01

}

 

vrrp_instance VI_1 {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 150

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

     10.0.0.3/24 dev eth0 label eth0:1

    }

}

 

virtual_server 10.0.0.3 80 {

    delay_loop 6         

    lb_algo wrr               

    lb_kind DR               

    nat_mask 255.255.255.0

    persistence_timeout 50    

    protocol TCP               

 

    real_server 10.0.0.7 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

 

    real_server 10.0.0.8 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

 

[root@lb02 ~]# cat /etc/keepalived/keepalived.conf

global_defs {

   router_id LVS_02

}

 

vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

     10.0.0.3/24 dev eth0 label eth0:1

    }

}

virtual_server 10.0.0.3 80 {

    delay_loop 6         

    lb_algo wrr               

    lb_kind DR               

    nat_mask 255.255.255.0

    persistence_timeout 50    

protocol TCP               

 

    real_server 10.0.0.7 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

    real_server 10.0.0.8 80 {

        weight 1             

        TCP_CHECK {

        connect_timeout 8      

        nb_get_retry 3

        delay_before_retry 3

        connect_port 80

        }

    }

}

##3.测试是否能管理lvs

ipvsadm-save -n >/tmp/ipvsadm.save 

ipvsadm -C 

ipvsadm -ln 

/etc/init.d/keepalived restart

ipvsadm -ln 

 

---恢复内容结束---