CentOS 7 搭建 Keepalived+LVS NAT模式 高可用集群
原创
©著作权归作者所有:来自51CTO博客作者Tom马的原创作品,请联系作者获取转载授权,否则将追究法律责任
环境
主机
| IP及网卡
|
lvs调度器(DS1)
| 桥接:192.168.1.101(ens37) NAT:1921.68.2.109(ens33)
|
lvs调度器(DS2)
| 桥接:192.168.1.100(ens37) NAT:1921.68.2.110(ens33)
|
web服务器(RS1)
| 192.168.2.111(ens33)
|
web服务器(RS2)
| 192.168.2.112(ens33)
|
VIP
| 192.168.1.200 ens37
|
DIP
| 192.168.2.150 ens33
|
注意:因为 keepalived 可以配置 VIP,所以 lvs 不用配置 ipvsadm -A ******,ipvsadm -a ****
拓扑
虚拟机创建及 LVS 集群 NAT 模式搭建
安装 keepalived(2台都要安装)
yum install keepalived -y
一、lvs调度器1 192.168.1.101
1、Master 配置
vim /etc/keepalived/keepalived.conf
# master
global_defs {
router_id lvs-keepalived
}
vrrp_instance VI_1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.200/24 # 配置 VIP
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.150/24 # 配置 DIP
}
}
virtual_server 192.168.1.200 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
protocol TCP
real_server 192.168.2.111 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
real_server 192.168.2.112 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
}
2、启动
systemctl start keepalived
3、查看IP
因为这台是master,所以现在可以看到 ens37 和 ens33 上面分别了多出了一个IP,对应 VIP 和 DIP
[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.150/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.1.200/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4、查看 ipvs
[root@kvm109 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.200:80 rr
-> 192.168.2.111:80 Masq 1 0 0
-> 192.168.2.112:80 Masq 1 0 0
TCP 192.168.2.109:80 rr
-> 192.168.2.111:80 Masq 1 0 0
-> 192.168.2.112:80 Masq 1 0 0
二、调度器2 192.168.1.100
1、Backup 配置
vim /etc/keepalived/keepalived.conf
# Backup
global_defs {
router_id lvs-keepalived
}
vrrp_instance VI_1 {
state BACKUP
interface ens37
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.200/24
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.150/24
}
}
virtual_server 192.168.1.200 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
protocol TCP
real_server 192.168.2.111 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
real_server 192.168.2.112 80 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
}
2、查看IP
因为这台是 backup,只能看到自己的2张网卡信息,看不到 VIP 和 DIP
[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3、查看 ipvs
[root@kvm110 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.200:http rr
-> 192.168.2.111:http Masq 1 0 0
-> 192.168.2.112:http Masq 1 0 0
TCP kvm110:http rr
-> 192.168.2.111:http Masq 1 0 0
-> 192.168.2.112:http Masq 1 0 0
三、web 服务器(2台都要修改)
1、修改网关
vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 内容
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e92e4fb7-96ed-4623-90cb-f5f9461f7b67
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.2.111
NETMASK=255.255.255.0
GATEWAY=192.168.2.150 # 指向 LVS 的 DIP
DNS1=8.8.8.8
四、验证集群
五、验证高可用
1、尝试关掉 DS1 服务器
[root@kvm109 ~]# systemctl stop keepalived
2、查看 DS1 服务器的 IP,VIP 和 DIP 不见了
[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3、此时查看 DS2 服务器的 IP,发现 VIP 和 DIP 漂移过来了
[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.2.150/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 192.168.1.200/24 scope global secondary ens37
valid_lft forever preferred_lft forever
inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3、这时再次访问集群
