1、环境准备
设备 |
IP地址 |
作用 |
系统版本 |
Keepalived-Lvs |
192.168.100.118 |
Keepalived-Lvs负载冗余 |
Rocky8.6 |
Keepalived-Lvs |
192.168.100.123 |
Keepalived-Lvs负载冗余 |
Rocky8.6 |
Nginx |
192.168.100.110 |
Nginx-Web反向代理+web |
Rocky8.6 |
Nginx |
192.168.100.114 |
Nginx-Web反向代理+web |
Rocky8.6 |
client |
192.168.100.250 |
测试 |
Rocky8.6 |
1-1、时间同步
#所有节点时间同步:
[root@node118 ~]# yum -y install chrony
[root@node118 ~]# systemctl enable --now chronyd
[root@node118 ~]# chronyc sources
1-2、基于主机名互相通信
# 两个节点步骤相同:
[root@node118 ~]# vim /etc/hosts
192.168.100.118 node118.wang.org
192.168.100.123 node123.wang.org
[root@node118 ~]# vim /etc/hostname
node118.wang.org
1-3、打通SSH互信
[root@node118 ~]# ssh-keygen
[root@node118 ~]# ssh-copy-id node123.wang.org
[root@node123 ~]# ssh-keygen
[root@node123 ~]# ssh-copy-id node118.wang.org
1-4、安装程序
# 两个节点都需安装:
[root@node118 ~]# yum install -y keepalived ipvsadm
2、配置keepalived
[root@node118 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@wang.org
}
notification_email_from root@wang.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node118
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# vrrp_mcast_group4 224.0.0.18 #组播,如果开启组播,请把单播注释
}
vrrp_instance VI_1 { #定义VRRP实例,实例名自定义
state MASTER #指定Keepalived的角色,MASTER为主服务器,BACKUP为备用服务器
interface eth0 #指定HA监测的接口
virtual_router_id 51 #虚拟路由标识(1-255),在一个VRRP实例中主备服务器ID必须一样
priority 100 #优先级,数字越大越优先,主服务器优先级必须高于备服务器
advert_int 1 #设置主备之间同步检查时间间隔,单位秒
authentication { #设置验证类型和密码
auth_type PASS #验证类型
auth_pass 1111 #设置验证密码,同一实例中主备密码要保持一致
}
virtual_ipaddress { #定义虚拟IP地址
192.168.200.88 dev eth0 label eth0:1
}
unicast_src_ip 192.168.100.118 #定义单播
unicast_peer {
192.168.100.123
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 61
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.200.99 dev eth0 label eth0:2
}
unicast_src_ip 192.168.100.123
unicast_peer {
192.168.100.118
}
}
virtual_server 192.168.200.88 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.100.110 80 {
weight 1
HTTP_GET {
url {
path /
# digest 640205b7b0fc66c1ea91c463fac6334d
status_code 200
}
connect_timeout 2
retry 3
delay_before_retry 1
}
}
real_server 192.168.100.114 80 {
weight 1
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# status_code 200
# }
TCP_CHECK {
connect_timeout 2
retry 3
delay_before_retry 1
connect_port 80
}
}
}
virtual_server 192.168.200.99 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.100.110 80 {
weight 1
HTTP_GET {
url {
path /
# digest 640205b7b0fc66c1ea91c463fac6334d
status_code 200
}
connect_timeout 2
retry 3
delay_before_retry 1
}
}
real_server 192.168.100.114 80 {
weight 1
# HTTP_GET {
# url {
# path /
# digest 640205b7b0fc66c1ea91c463fac6334d
# status_code 200
# }
TCP_CHECK {
connect_timeout 2
retry 3
delay_before_retry 1
connect_port 80
}
}
}
3、将配置文件复制给另一个节点
[root@node118 ~]# scp /etc/keepalived/keepalived.conf node123.wang.org:/etc/keepalived/keepalived.conf
4、另一个节点修改配置文件
global_defs {
notification_email {
root@wang.org
}
notification_email_from root@wang.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node123
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.88 dev eth0 label eth0:1
}
unicast_src_ip 192.168.100.123
unicast_peer {
192.168.100.118
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 61
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.200.99 dev eth0 label eth0:2
} unicast_src_ip 192.168.100.123
unicast_peer {
192.168.100.118
}
}
# 其他配置不变
5、后端服务器配置
# 所有后端服务器节点执行:
[root@node110 ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
[root@node110 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@node110 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@node110 ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
[root@node110 ~]# ifconfig lo:0 192.168.100.88 netmask 255.255.255.255 broadcast 192.168.100.88 up
[root@node110 ~]# ifconfig lo:1 192.168.100.99 netmask 255.255.255.255 broadcast 192.168.100.99 up
[root@node110 ~]# route add -host 192.168.100.88 dev lo:0
[root@node110 ~]# route add -host 192.168.100.99 dev lo:1
[root@node110 ~]# systemctl restart nginx.service
6、查看两节点的ip和ipvs规则情况
[root@node118 ~]# systemctl restart keepalived.service ;ssh node123.wang.org 'systemctl restart keepalived' #启动keepalived
[root@node118 ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:d6:eb:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.118/24 brd 192.168.100.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.100.88/32 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fed6:ebf3/64 scope link
valid_lft forever preferred_lft forever
[root@node118 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.88:80 rr
-> 192.168.100.110:80 Route 1 0 0
-> 192.168.100.114:80 Route 1 0 0
TCP 192.168.100.99:80 rr persistent 50
-> 192.168.100.110:80 Route 1 0 0
-> 192.168.100.114:80 Route 1 0 0
[root@node123 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:02:b1:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.123/24 brd 192.168.100.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.100.99/32 scope global eth0:2
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe02:b1c5/64 scope link
valid_lft forever preferred_lft forever
[root@node123 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.88:80 rr persistent 50
-> 192.168.100.110:80 Route 1 0 0
-> 192.168.100.114:80 Route 1 0 0
TCP 192.168.100.99:80 rr persistent 50
-> 192.168.100.110:80 Route 1 0 0
-> 192.168.100.114:80 Route 1 0 0
7、客户端测试
[root@wdy software]#while :;do curl 192.168.100.88;sleep 1;done
192.168.100.110
192.168.100.114
192.168.100.110
192.168.100.114
192.168.100.110
192.168.100.114
192.168.100.110
192.168.100.114
192.168.100.110