1.安装ipvsadm
# yum -y install ipvsadm
2. 安装keepalived
# wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz
# tar -zxf keepalived-1.2.24.tar.gz
# yum -y install popt popt-devel
# yum -y install libnfnetlink libnfnetlink-devel
# cd keepalived-1.2.24
# ./configure --prefix=/usr/local/keepalived --sysconf=/etc
# make && make install
# ln -s /usr/local/keepalived/sbin/keepalived /sbin/
3. 配置Keepalived
# vim /etc/keepalived/keepalived.conf
主机配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_BACKUP_DEVEL 主备机可变
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER 主机为MASTER,备机为BACKUP
interface eno50332208 注意使用的网卡
virtual_router_id 51 主备机必须一致
priority 100 主机必须比备机大
advert_int 1 主备机同步检查时间间隔
authentication {
auth_type PASS 验证类型,有PASS和HA两种
auth_pass 1111 验证密码,主备机必须使用相同的类型和密码才能正常通讯
}
virtual_ipaddress {
192.168.79.200 虚拟IP(VIP)
}
}
virtual_server 192.168.79.200 80 {
delay_loop 6 运行情况检查时间
lb_algo wrr 负载均衡调度算法
lb_kind DR 负载均衡机制,有NAT、TUN、DR三种
persistence_timeout 60 会话保持时间
protocol TCP
real_server 192.168.79.11 80 {
weight 1
TCP_CHECK {
connect_timeout 3 3秒无响应则超时
nb_get_retry 3 重试次数
delay_before_retry 3 重试间隔时间
}
}
}
备机配置
在主机配置基础上修改,观察主机配置的蓝色部分
4. 配置防火墙
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# yum -y install iptables-services
# vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT
-A INPUT -d 192.168.79.0/24 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT
# systemctl start iptables.service
5. 配置real server(注意开启服务端口)
# vim /etc/init.d/lvsrs
# chmod 755 /etc/init.d/lvsrs
# chmod 755 /etc/rc.d/init.d/functions
# service lvsrs start
lvsrs脚本内容
#!/bin/bash
#description: start real server
VIP=192.168.79.200
./etc/rc.d/init.d/functions
case "$1" in
start)
echo "Start LVS of Real Server"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "Close LVS Director Server"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage : $0 {start|stop}"
exit 1
esac
6. 开启Keepalived,配置ipvsadm
# systemctl start keepalived.service
# ipvsadm -A -t 192.168.79.200:80 -s wrr -p 10
# ipvsadm -a -t 192.168.79.200:80 -t 192.168.79.11:80 -g -w 1
# ipvsadm -a -t 192.168.79.200:80 -t 192.168.79.129:80 -g -w 1
7. 测试
测试点一:负载均衡功能:两个不同客户机请求,查看是否由不同的real server响应(可用openresty配置好站点,不同server响应内容不同即可观测)
测试点二:real server故障转移功能:关闭其中一台real server的nginx,查看请求是否转移到另一台real server
测试点三:主备切换功能:关闭主机Keepalived(备机正常),查看备机Keepalived是否接管VIP并继续提供负载均衡服务和故障转移;
重启备机Keepalived(主机正常),查看主机是否继续拥有VIP并继续提供负载均衡服务和故障转移