一、 LVS+Keepalived
实验:7-1为主; 7-2为备; 7-3和7-4为后端服务器
1.关闭防火墙和selinux
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
2.配置主设备7-1
1.安装ipvsadm和keepalived
[root@localhost ~]# yum install ipvsadm.x86_64 keepalived.x86_64 -y
2.修改keepalived的配置
[root@localhost ~]# cd /etc/keepalived
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# ls
keepalived.conf keepalived.conf.bak
[root@localhost keepalived]#
[root@localhost keepalived]# vim keepalived.conf
10 smtp_server 127.0.0.1
12 router_id LVS_01
21 interface ens33
27 auth_pass 123123
把14行注释掉
参数解析
30 192.168.91.188
34 virtual_server 192.168.91.188 80 {
37 lb_kind DR
38 persistence_timeout 0
41 real_server 192.168.91.103 80 {
43 TCP_CHECK {
44 connect_port 80
50 real_server 192.168.91.104 80 {
51 weight 1
52 TCP_CHECK {
53 connect_port 80
54 connect_timeout 3
55 nb_get_retry 3
56 delay_before_retry 3
57 }
58 }
参数解析
3.开启ipvsadm
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# systemctl restart keepalived.service
[root@localhost keepalived]# systemctl restart ipvsadm.service
[root@localhost keepalived]# ipvsadm -ln
3.配置7-3Web服务器
1.安装httpd并开启
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# cd /var/www/html
[root@localhost html]# echo 7-3 > index.html
[root@localhost html]# systemctl restart httpd
4.配置7-4Web服务器
1.安装httpd并开启
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# cd /var/www/html
[root@localhost html]# echo 7-4 > index.html
[root@localhost html]# systemctl restart httpd
5.给7-3和7-4做虚拟网卡
[root@localhost html]# ifconfig lo:0 192.168.91.188/32
[root@localhost html]#
[root@localhost html]#
[root@localhost html]# ip a
给7-3和7-4添加ARP规则
vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@localhost html]# sysctl -p
[root@localhost html]# systemctl restart httpd
[root@localhost html]#
6.用7-1传内容
[root@localhost keepalived]# scp keepalived.conf 192.168.91.102:/data
7.配置7-2的keepalived
1.安装keepalived和ipvsadm
[root@localhost ~]# yum install ipvsadm.x86_64 keepalived.x86_64 -y
2.复制文件
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]#
[root@localhost keepalived]# mv /data/keepalived.conf .
3.改配置文件
12 router_id LVS_02
20 state BACKUP
23 priority 80
vim keepalived.conf
[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]#
[root@localhost keepalived]# ipvsadm -ln
8.把7-3和7-4的长连接关掉
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
354 keepalive off
[root@localhost html]# systemctl restart httpd
9.去浏览器访问虚拟IP
7-3和7-4都可以成功访问
二、模式实验
抢占模式、非抢占模式、延迟抢占模式
默认是抢占模式;所以不需要弄
1.抢占模式
1.当主设备7-1keepalived开启时
7-1
7-2
虚拟IP192.168.91.188在主设置7-1上
2.当从设备7-2keepalived关闭时
7-1
7-2
虚拟IP到了从设备7-2上
2.非抢占模式
1.修改7-1的keepalived
vim keepalived.conf
20 state BACKUP
21 nopreempt
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
ip a###看一下
3.延迟抢占模式
1.修改7-1配置
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
2.修改7-2配置
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
3.去7-1看结果
[root@localhost keepalived]# systemctl stop keepalived.service
[root@localhost keepalived]#
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1
[root@localhost keepalived]#
4.去7-2看结果
[root@localhost keepalived]# hostname -I
192.168.91.102 192.168.91.188 192.168.122.1
[root@localhost keepalived]#
5.去7-1看延迟抢占的结果
[root@localhost keepalived]# systemctl start keepalived.service
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1
[root@localhost keepalived]#
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.91.188 192.168.122.1
[root@localhost keepalived]#
三、多播修改
1.去7-2上抓包
[root@localhost keepalived]# tcpdump -i ens33 -nn src host 192.168.91.100
2.修改7-1的配置文件
vim keepalived.conf
14 vrrp_mcast_group4 234.6.6.6
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
3.修改7-2的配置文件
vim keepalived.conf
14 vrrp_mcast_group4 234.6.6.6
systemctl restart keepalived.service
4.去7-2上抓包看结果
[root@localhost keepalived]# tcpdump -i ens33 -nn src host 192.168.91.100
四、单播修改
1.修改7-1配置
vim keepalived.conf
31 unicast_src_ip 192.168.91.100
32 unicast_peer {
33 192.168.91.102
34 }
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
2.修改7-2配置
vim keepalived.conf
33 unicast_src 192.168.91.102
34 unicast_peer {
35 192.168.91.100
36 }
[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]#
[root@localhost keepalived]# systemctl restart keepalived.service
3.去7-2上抓包
[root@localhost keepalived]# tcpdump -i ens33 -nn src host 192.168.91.100 and dst host 192.168.91.102
五、通知脚本
1.修改7-1配置
[root@localhost keepalived]# cd /opt
[root@localhost opt]# ls
rh
[root@localhost opt]# vim keepalived.sh
[root@localhost opt]#
[root@localhost opt]# mv keepalived.sh keepalive.sh
[root@localhost opt]#
[root@localhost opt]# chmod +x keepalive.sh
[root@localhost opt]#
[root@localhost opt]# vim /etc/keepalived/keepalived.conf
vim keepalive.sh
#!/bin/bash
#
contact='2305981334@qq.com'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
[root@localhost opt]# vim /etc/keepalived/keepalived.conf
先把刚刚加的这段删掉
31 notify_master "/opt/keepalive.sh master"
32 notify_backup "/opt/keepalive.sh backup"
33 notify_fault "/opt/keepalive.sh fault"
systemctl restart keepalived.service
###重启
[root@localhost ~]# killall keepalived
2.去QQ邮箱的垃圾箱,看一下
六、日志功能
1.去7-1上去修改
[root@localhost ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
74 local6.* /data/keepalive.log
[root@localhost ~]# vim /etc/sysconfig/keepalived
[root@localhost ~]#
[root@localhost ~]# vim /etc/rsyslog.conf
[root@localhost ~]#
[root@localhost ~]# systemctl restart rsyslog.service
[root@localhost ~]# ls /data/
ls: 无法访问/data/: 没有那个文件或目录
[root@localhost ~]# mkdir /data
[root@localhost ~]# ls /data/
[root@localhost ~]# systemctl restart keepalived.service
[root@localhost ~]#
[root@localhost ~]# ls /data/
keepalive.log
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# cat keepalive.log
cat: keepalive.log: 没有那个文件或目录
您在 /var/spool/mail/root 中有新邮件
[root@localhost ~]# cat /data/keepalive.log
七、脑裂
1.去7-2模拟脑裂
[root@localhost keepalived]# iptables -A INPUT -s 172.168.91.100 -j REJECT
[root@localhost keepalived]#
[root@localhost keepalived]# ip a
2.去主设备7-1上看一下
当主设备7-1和从设备7-2上都有虚拟IP;代表脑裂;两台设备都认为自己是主
八、VRRP Script解决Nginx高可用问题
[root@localhost ~]# killall -0 nginx
nginx: no process found
[root@localhost ~]#
[root@localhost ~]# echo $?
1
[root@localhost ~]#
1.把7-1和7-2的ipvsadm关掉
[root@localhost ~]# systemctl stop ipvsadm.service
2.安装并开启7-1和7-2的Nginx
yum install epel-release -y
yum install nginx -y
systemctl start nginx
3.去7-1的Nginx主配置文件中做反向代理
[root@localhost ~]# vim /etc/nginx/nginx.conf
[root@localhost ~]#
[root@localhost ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
[root@localhost ~]#
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# vim /etc/nginx/nginx.conf
upstream web {
server 192.168.91.103;
server 192.168.91.104;
}
location / {
proxy_pass http://web;
}
4.curl看一下
[root@localhost ~]# curl 192.168.91.100
7-3
[root@localhost ~]# curl 192.168.91.100
7-4
5.7-1直接复制给7-2
[root@localhost ~]# scp /etc/nginx/nginx.conf 192.168.91.102:/etc/nginx/nginx.conf
root@192.168.91.102's password:
nginx.conf 100% 2448 200.2KB/s 00:00
[root@localhost ~]#
6.去7-2curl看一下
[root@localhost keepalived]# systemctl restart nginx
[root@localhost keepalived]# curl 192.168.91.102
7-3
[root@localhost keepalived]# curl 192.168.91.102
7-4
7.去7-1修改keepalive
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
18 vrrp_script check_down {
19 script "/etc/keepalived/ng.sh"
20 interval 1
21 weight -30
22 fall 1
23 rise 2
24 timeout 2
25 }
40 track_script {
41 check_down
42 }
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
[root@localhost ~]#
[root@localhost ~]# scp /etc/keepalived/keepalived.conf 192.168.91.102:/etc/keepalived/
root@192.168.91.102's password:
keepalived.conf 100% 888 503.4KB/s 00:00
[root@localhost ~]# systemctl restart keepalived.service
8.去7-2
[root@localhost keepalived]# systemctl restart keepalived.service
[root@localhost keepalived]#
9.浏览器访问一下
不能直接把主设备7-1关机;关机之后,7-2从设备直接成为主设备;我们就测试不出,刚刚写的脚本的作用
10.把主设备nginx停掉
[root@localhost ~]# systemctl stop nginx
[root@localhost ~]#
11.7-2看一下结果
[root@localhost keepalived]# ip a