高可用Keepalived+LVS搭建流程
本流程搭建1个master,1个backup节点的Keepalived,使用lvs轮询2个节点的服务。
一、使用版本
- CentOS 7.7
- Keepalived 1.3.5
- ipvsadm 1.27(单独安装是为了一些命令排错方便)
二、部署架构
其中node4节点为高可用keepalived的backup节点
三、搭建步骤
1. node1搭建步骤:
1.1安装LVS,Keepalived软件
yum install ipvsadm -y
yum install keepalived -y
1.2 备份Keepalived配置文件
cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak #
1.3 修改Keepalived配置文件
vi keepalived.conf
修改以下内容
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id zhangyongli_node1
vrrp_skip_check_adv_addr
# vrrp_strict #一定要注释,不然无法用VIP端口访问
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.241.200/24 dev ens33 label ens33:8 #VIP地址
}
}
virtual_server 192.168.241.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 0
protocol TCP
real_server 192.168.241.135 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.241.136 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
1.4 将Keepalived配置文件拷贝到node4节点相同位置
scp keepalived.conf root@192.168.241.137:`pwd`
2. node2,node3搭建步骤:
2.1 修改内核
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
2.2 设置隐藏vip
ifconfig lo:3 192.168.241.200 netmask 255.255.255.255
2.3 安装httpd
yum install httpd -y
2.4 启动httpd
service httpd start
2.5 编写默认页面
vi /var/www/html/index.html
from 192.168.241.13x
2.6 测试访问页面
注意
如果无法访问,请确认防火墙是否关闭,例如:
#关闭防火墙
systemctl stop firewalld.service
#开机禁用防火墙
systemctl disable firewalld
3 启动node1的 Keepalived
systemctl start keepalived.service
使用浏览器访问,刷新可以看到轮询
4 node4节点搭建
修改keepalived.conf配置文件
state MASTER
修改为:
state BACKUP
priority 100
修改为:
priority 50
启动node4的Keepalived
systemctl start keepalived.service
如果可以看到进出规则,则代表备用节点搭建成功
[root@node4 keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.241.200:80 rr
-> 192.168.241.135:80 Route 1 0 0
-> 192.168.241.136:80 Route 1 0 0
如果此时卸载node1节点机器的网卡
[root@node1 keepalived]# ifconfig ens33 down
在去看node4节点的ifconfig 可以看到新增vip,而且访问http://192.168.241.135/不受影响
[root@node4 keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.137 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::a00:bbcf:f084:c262 prefixlen 64 scopeid 0x20<link>
inet6 fe80::1cc3:a0c9:64a0:954f prefixlen 64 scopeid 0x20<link>
inet6 fe80::65b3:d6a1:6050:b12f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:32:9f:f4 txqueuelen 1000 (Ethernet)
RX packets 2121 bytes 205779 (200.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1423 bytes 187265 (182.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 36 bytes 3060 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3060 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@node4 keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.137 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::a00:bbcf:f084:c262 prefixlen 64 scopeid 0x20<link>
inet6 fe80::1cc3:a0c9:64a0:954f prefixlen 64 scopeid 0x20<link>
inet6 fe80::65b3:d6a1:6050:b12f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:32:9f:f4 txqueuelen 1000 (Ethernet)
RX packets 2252 bytes 220670 (215.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1555 bytes 198756 (194.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:32:9f:f4 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 36 bytes 3060 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3060 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
四、采坑日记
4.1 无法使用VIP端口访问
keepalived.conf 文件注释掉vrrp_strict。
4.2 刷新时间过长
可以通过"ipvsadm -p timeout" 来设置
[root@node4 keepalived]# ipvsadm -L --timeout
Timeout (tcp tcpfin udp): 900 120 300
[root@node4 keepalived]# ipvsadm --set 1 2 1
[root@node4 keepalived]# ipvsadm -L --timeout
Timeout (tcp tcpfin udp): 1 2 1
(转发请注明出处:http://www.cnblogs.com/zhangyongli2011/ 如发现有错,请留言,谢谢)
