目录
2.4 调整proc响应参数,关闭linux内核的重定向参数响应
2.5 将主服务器的keepalived的配置文件远程传输到备服务器上,并进行必要的修改
主keepalived:192.168.80.100 lvs
备keepalived:192.168.80.101 lvs
web1:192.168.80.102
web2:192.168.80.103
vip:192.168.80.188
客户机访问
- #关闭防火墙和selinux服务
- [root@localhost ~]#systemctl stop firewalld.service
- [root@localhost ~]#setenforce 0
-
- #yum安装keepalived和ipvsadm工具
- [root@localhost ~]#yum install ipvsadm keepalived -y
- #添加ip_vs模块
- [root@localhost ~]#modprobe ip_vs
- [root@localhost ~]#cat /proc/net/ip_vs
- IP Virtual Server version 1.2.1 (size=4096)
- Prot LocalAddress:Port Scheduler Flags
- -> RemoteAddress:Port Forward Weight ActiveConn InActConn
- #保存原来的配置并开启ipvsadm
- [root@localhost keepalived]#ipvsadm-save > /etc/sysconfig/ipvsadm
- [root@localhost keepalived]#systemctl start ipvsadm.service
- [root@localhost keepalived]#cd /etc/keepalived/
- [root@localhost keepalived]#cp keepalived.conf keepalived.conf.bak
- #复制一份,备份使用
-
- #修改keepalived的配置文件
- [root@localhost keepalived]#vim keepalived.conf
- global_defs {
- router_id HA_TEST_R2 ####本路由器的服务器名称 HA_TEST_R2
- }
- vrrp_instance VI_1 { ####定义VRRP热备实列
- state BACKUP ####热备状态,backup表示辅服务器
- interface ens33 ####表示承载VIP地址的物理接口
- virtual_router_id 1 ####虚拟路由器的ID号,每个热备组保持一致
- priority 99 ####优先级,优先级越大优先级越高
- advert_int 1 ####通告间隔秒数(心跳频率)
- authentication { ####认证信息,每个热备组保持一致
- auth_type PASS ####认证类型
- auth_pass 123456 ####认证密码
- }
- virtual_ipaddress { ####漂移地址(VIP),可以是多个
- 192.168.100.10
- }
- }
-
-
- #需要修改项
- global_defs {
- notification_email {
- acassen@firewall.loc
- failover@firewall.loc
- sysadmin@firewall.loc
- }
- notification_email_from Alexandre.Cassen@firewall.loc
- smtp_server 127.0.0.1
- #修改邮箱指向自己(10行)
- smtp_connect_timeout 30
- router_id LVS_01
- #指定服务器名称主备需要不一样(12行)
- vrrp_skip_check_adv_addr
- #vrrp_strict
- #14行需要注释否则服务启动有问题
- vrrp_garp_interval 0
- vrrp_gna_interval 0
- }
-
- vrrp_instance VI_1 {
- state MASTER
- #指定服务器类型MASTER为主 BACKUP为备(20行)
- interface ens33
- #修改网卡名称为ens33(21)
- virtual_router_id 10
- #指定虚拟路由器的ID号主备需要一致
- #nopreempt
- #非抢占模式两个节点都需要配置去掉注释
- priority 100
- #设定优先级数字越大优先级越高,准备需要不一样
- advert_int 1
- #通告间隔(查看是否存活)
- authentication {
- auth_type PASS
- #认证类型
- auth_pass 123456
- #修改验证密码,主备需要一样(27行)
- }
- virtual_ipaddress {
- 192.168.80.188
- #指定群集vip地址
- }
- }
- virtual_server 192.168.80.188 80 {
- delay_loop 6
- #健康间隔时间6秒
- lb_algo rr
- #调度算法轮询
- lb_kind DR
- #lvs模式为DR
- persistence_timeout 0
- #连接保持时间改为0 否则 无法体现效果
- protocol TCP
- #采用协议
-
- real_server 192.168.91.102 80 {
- #43行修改地址为真实主机地址
- weight 1
- #45行删除
- #节点权重
- TCP_CHECK{
- connect_port 80
- #检查目标端口
- connect_timeout 3
- #连接超时
- nb_get_retry 3
- #重试次数
- delay_before_retry 3
- #重试间隔时间
- }
- }
- real_server 192.168.80.103 80 {
- #第二个
- weight 1
- TCP_CHECK{
- connect_port 80
- connect_timeout 3
- nb_get_retry 3
- delay_before_retry 3
- }
- }
- #启动服务、查看虚拟网卡vip
- systemctl start keepalived
- ip addr show dev ens33
-
- #调整proc响应参数,关闭Linux内核的重定向参数响应
- vim /etc/sysctl.conf
- net.ipv4.ip_forward = 1
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
-
- #刷新一下
- sysctl -p
-
- [root@localhost keepalived]#scp keepalived.conf root@192.168.80.101:/etc/keepalived/
-
-
- [root@localhost keepalived]#vim keepalived.conf
- #备份keepalive
- 12 router_id LVS_02
- 20 state BACKUP
- 23 priority 99
- [root@localhost keepalived]#systemctl start keepalived.service
- [root@localhost keepalived]#ipvsadm
- [root@localhost keepalived]#ipvsadm -ln
- [root@localhost keepalived]#vim /etc/sysctl.conf
- [root@localhost keepalived]#sysctl -p
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- net.ipv4.conf.ens33.send_redirects = 0
- [root@localhost ~]# systemctl stop firewalld.service
- [root@localhost ~]# setenforce 0
- [root@localhost ~]# yum install -y httpd
- [root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
- [root@localhost network-scripts]# vim ifcfg-lo:0
-
- [root@localhost network-scripts]# cat /etc/sysconfig/network-scripts/ifcfg-lo:0
- DEVICE=lo:0
- IPADDR=192.168.80.188
- NETMASK=255.255.255.255
- NETWORK=127.0.0.0
-
- [root@localhost network-scripts]# ifup lo:0
- [root@localhost network-scripts]# systemctl restart network
- [root@localhost network-scripts]# vim /etc/sysctl.conf
- [root@localhost network-scripts]# sysctl -p
- net.ipv4.conf.all.arp_ignore = 1
- net.ipv4.conf.all.arp_announce = 2
- net.ipv4.conf.default.arp_ignore = 1
- net.ipv4.conf.default.arp_announce = 2
- net.ipv4.conf.lo.arp_ignore = 1
- net.ipv4.conf.lo.arp_announce = 2
- [root@localhost network-scripts]# route add -host 192.168.80.188 lo:0
此时虚拟VIP在备用服务器,且依旧可以访问网站
关闭主服务器,我们也可以抓包来看变化
--关闭主服务器时,是192.168.80.101
--开启主服务器后,主服务器会抢占,因为主服务器优先级高,又会变成主服务器,192.168.80.100
默认模式使用的 抢占式,上面的实验使用的就是抢占模式
主节点会抢占回来,会造成两次网络动荡。
#注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKUP
- #1主机配置
- vrrp_instance VI_1 {
- state BACKUP #都为BACKUP
- interface ens33
- virtual_router_id 66
- priority 100 #优先级高
- advert_int 1
- nopreempt #添加此行,都为nopreempt
- #2主机配置
- vrrp_instance VI_1 {
- state BACKUP #都为BACKUP
- interface ens33
- virtual_router_id 66
- priority 80 #优先级低
- advert_int 1
- nopreempt #添加此行,都为nopreempt
- #延迟抢占
- preempt_delay # #指定抢占延迟时间为#s,默认延迟300s
- #注意:需要各keepalived服务器state为BACKUP,并且不要启用 vrrp_strict
- #1主机配置
- vrrp_instance VI_1 {
- state BACKUP #都为BACKUP
- interface eth0
- virtual_router_id 66
-
- priority 100 #优先级高
- advert_int 1
- preempt_delay 30 #抢占延迟模式,默认延迟300s
-
- #2主机配置
- vrrp_instance VI_1 {
- state BACKUP #都为BACKUP
- interface eth0
- virtual_router_id 66
- priority 80 #优先级低
- advert_int 1
-
- priority 80 #优先级高
- advert_int 1
- preempt_delay 60 #抢占延迟模式,默认延迟300s