Keepalived+LVS HAProxy

把上周DR模式的所有环境清理
proxy:VIP(eth0:0),ipvsadm -C
web1:VIP(lo:0),地址冲突那4个参数
web2:VIP(lo:0),地址冲突那4个参数


------------------------------------------------------------------------------------
web1:

# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id web1 #修改这里成web1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.80 #修改这里成192.168.4.80
}
}

把之后的行都清空


# systemctl start keepalived.service

# iptables -F #清空防火墙,linux以一共2个防火墙
# iptables -nL
# ip a s #全称是ip addr show ,这个配的VIP只能通过这个命令来看,ifconfig这个命令不能看得到的。

页面显示
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
... ...
inet 192.168.4.100/24 brd 192.168.4.255 scope global eth0
... ...
inet 192.168.4.80/32 scope global eth0 #添加的VIP4.80可以在这里通过
... ...


或者可以指定看eth0
# ip a s eth0
--------------------------------------------------------------------------
web2:

# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id web2 #修改这里成web2
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state BACKUP #修改这里成BACKUP,从设备
interface eth0
virtual_router_id 51
priority 50 #修改这里成50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.80 #修改这里成192.168.4.80
}
}
把之后的行都清空


# systemctl start keepalived.service

# iptables -F #清空防火墙,linux以一共2个防火墙
# iptables -nL
# ip a s #只有当web1挂了,它才能有VIP,192.168.4.80,才能通过这个命令查看得到。添加的VIP可以在这里通过。

或者可以指定看eth0
# ip a s eth0
-----------------------------------------------------------
通过把web1关机,来验证web2能否获得VIP,4.80。

web1:
# poweroff

web2:
# ip a s eth0
-----------------------------------------------------------
然后再把web1开机,验证web2是否失去了VIP,4.80。

web1:
# systemctl stop keepalived.service
# ip a s eth0 #看到获得了VIP

web2:
# ip a s eth0 #看到失去了VIP
###########################################################################################
克隆新的虚拟机pxory2,配地址192.168.4.6
# nmcli connection modify eth0 ipv4.method manual ipv4.addresses 192.168.4.6/24 connection.autoconnect yes
# nmcli connection up eth0^C
# hostnamectl set-hostname proxy2
# hostname proxy2
# yum-config-manager --add ftp://192.168.4.254/rhel7
# yum repolist
------------------------------------------------------------------------
web1和web2都要执行执行以下步骤

systemctl stop keepalived.service
cp ifcfg-lo{,:0}

vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.4.15
NETMASK=255.255.255.255
NETWORK=192.168.4.15
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=192.168.4.15
ONBOOT=yes
NAME=lo:0

vim /etc/sysctl.conf

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2

systemctl restart network
systemctl start httpd
--------------------------------------------------------------------------
proxy上操作:

# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.15
}
}

virtual_server 192.168.4.15 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP

real_server 192.168.4.100 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.200 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}


# scp /etc/keepalived/keepalived.conf root@192.168.4.6:/etc/keepalived/
--------------------------------------------------------------------
proxy2上操作:

# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS2
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.15
}
}

virtual_server 192.168.4.15 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP

real_server 192.168.4.100 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.200 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
----------------------------------------------------------------------------------------
proxy和proxy2上操作:
keepalived关闭 #systemctl stop keepalived.service
ipvsadm -C #清空所有的ipvs规则

web1,web2上操作:
清理掉所有的VIP,lo:0
/etc/sysconfig/network-scripts/ ,可以把它们都mv ifcfg-lo:0{,.bak},或者都删掉ifcfg-lo:0
内核参数/etc/sysctl.conf,注释掉那4行
sysctl -p #让设置生效
systemctl restart network
# nmcli connection down eth0
------------------------------------
proxy上操作:
# yum -y install haproxy.x86_64


---------------------------------------------------
nginx lvs,keeplived+lvs
haproxy F5 Big-IP

nginx: http 7层调度
tcp 4层调度

-------------------------------------------------------
proxy上操作:

vim /etc/haproxy/haproxy.cfg

... ...
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen webs 0.0.0.0:80 #只增加改这4行,要手打!
balance roundrobin
server web1 192.168.2.100:80
server web2 192.168.2.200:80

可以把之后的东西都dd删掉

# systemctl start haproxy.service
# ss -tunlp | grep 80
tcp LISTEN 0 128 *:80 *:* users:(("haproxy",pid=3187,fd=5))
----------------------
客户端client访问

# curl 192.168.4.5
192.168.2.100
# curl 192.168.4.5
192.168.2.200
##################################################################
# vim /etc/haproxy/haproxy.cfg
[root@proxy ~]# systemctl restart haproxy.service

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen stats
bind 0.0.0.0:1080
stats refresh 30s
stats uri /stats
stats realm Haproxy Manager
stats auth admin:admin

listen webs 0.0.0.0:80
balance roundrobin
server web1 192.168.2.100:80
server web2 192.168.2.200:80
"/etc/haproxy/haproxy.cfg" 73L, 2452C 73,5 底端

----------------------------------------
客户端访问
http://192.168.4.5:1080/stats
输入用户名和密码

 

posted @ 2019-04-29 00:39  安于夏  阅读(156)  评论(0)    收藏  举报