[系统运维] CentOS 7 搭建 Keepalived+LVS NAT模式高可用集群

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> CentOS 7 搭建 Keepalived+LVS NAT模式高可用集群 -> 正文阅读

[系统运维]CentOS 7 搭建 Keepalived+LVS NAT模式高可用集群

环境

主机	IP及网卡
lvs调度器（DS1）	桥接：192.168.1.101（ens37）? ? ? ? ?NAT：1921.68.2.109（ens33）
lvs调度器（DS2）	桥接：192.168.1.100（ens37）? ? ? ? ?NAT：1921.68.2.110（ens33）
web服务器（RS1）	192.168.2.111（ens33）
web服务器（RS2）	192.168.2.112（ens33）
VIP	192.168.1.200? ens37
DIP	192.168.2.150? ens33

?注意：因为 keepalived?可以配置?VIP，所以 lvs 不用配置 ipvsadm -A ******，ipvsadm -a ****

拓扑

虚拟机创建及?LVS 集群?NAT?模式搭建?

CentOS 7 搭建 LVS集群 NAT模式_tom马的博客-CSDN博客

安装 keepalived（2台都要安装）

yum install keepalived -y

一、lvs调度器1????????192.168.1.101

1、Master 配置

vim /etc/keepalived/keepalived.conf

# master
global_defs {
	router_id lvs-keepalived
}
 
vrrp_instance VI_1 {
	state MASTER
	interface ens37
	virtual_router_id 51
	priority 100
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass 1111
	}
	virtual_ipaddress {
		192.168.1.200/24   # 配置 VIP
	}
}
 
vrrp_instance VI_2 {
	state MASTER
	interface ens33
	virtual_router_id 52
	priority 100
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass 1111
	}
	virtual_ipaddress {
		192.168.2.150/24    # 配置 DIP
	}
}
 
virtual_server 192.168.1.200 80 {
	delay_loop 6
	lb_algo rr
	lb_kind NAT
	protocol TCP
 
	real_server 192.168.2.111 80 {
		weight 1
		TCP_CHECK {
			connect_timeout 3
			connect_port 80
		}
	}
	
	real_server 192.168.2.112 80  {
		weight 1
		TCP_CHECK {
			connect_timeout 3
			connect_port 80
		}
	}
}

2、启动

systemctl start keepalived

3、查看IP

因为这台是master，所以现在可以看到 ens37 和?ens33?上面分别了多出了一个IP，对应 VIP?和?DIP

[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
? ? inet 127.0.0.1/8 scope host lo
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 ::1/128 scope host?
? ? ? ?valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
? ? link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
? ? ? ?valid_lft forever preferred_lft forever
? ? inet 192.168.2.150/24 scope global secondary ens33
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute?
? ? ? ?valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
? ? link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
? ? ? ?valid_lft forever preferred_lft forever
? ? inet 192.168.1.200/24 scope global secondary ens37
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute?
? ? ? ?valid_lft forever preferred_lft forever?

4、查看 ipvs

[root@kvm109 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.200:80 rr
  -> 192.168.2.111:80             Masq    1      0          0         
  -> 192.168.2.112:80             Masq    1      0          0         
TCP  192.168.2.109:80 rr
  -> 192.168.2.111:80             Masq    1      0          0         
  -> 192.168.2.112:80             Masq    1      0          0

?二、调度器2????????192.168.1.100

1、Backup?配置

vim /etc/keepalived/keepalived.conf

# Backup
global_defs {
	router_id lvs-keepalived
}
 
vrrp_instance VI_1 {
	state BACKUP
	interface ens37
	virtual_router_id 51
	priority 90
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass 1111
	}
	virtual_ipaddress {
		192.168.1.200/24
	}
}
 
vrrp_instance VI_2 {
	state BACKUP
	interface ens33
	virtual_router_id 52
	priority 90
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass 1111
	}
	virtual_ipaddress {
		192.168.2.150/24
	}
}
 
virtual_server 192.168.1.200 80 {
	delay_loop 6
	lb_algo rr
	lb_kind NAT
	protocol TCP
 
	real_server 192.168.2.111 80 {
		weight 1
		TCP_CHECK {
			connect_timeout 3
			connect_port 80
		}
	}
	
	real_server 192.168.2.112 80  {
		weight 1
		TCP_CHECK {
			connect_timeout 3
			connect_port 80
		}
	}
}

2、查看IP

因为这台是 backup，只能看到自己的2张网卡信息，看不到?VIP?和?DIP

[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

3、查看 ipvs

[root@kvm110 ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.200:http rr
  -> 192.168.2.111:http           Masq    1      0          0         
  -> 192.168.2.112:http           Masq    1      0          0         
TCP  kvm110:http rr
  -> 192.168.2.111:http           Masq    1      0          0         
  -> 192.168.2.112:http           Masq    1      0          0

?三、web?服务器（2台都要修改）

1、修改网关

vim /etc/sysconfig/network-scripts/ifcfg-ens33

# 内容
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=e92e4fb7-96ed-4623-90cb-f5f9461f7b67
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.2.111
NETMASK=255.255.255.0
GATEWAY=192.168.2.150    # 指向 LVS 的 DIP
DNS1=8.8.8.8

四、验证集群

五、验证高可用?

1、尝试关掉?DS1 服务器

[root@kvm109 ~]# systemctl stop keepalived

2、查看?DS1?服务器的?IP，VIP?和?DIP?不见了

[root@kvm109 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a1:5b:59 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.109/24 brd 192.168.2.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6963:2857:478c:ecd4/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a1:5b:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.101/24 brd 192.168.1.255 scope global noprefixroute ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::ae1c:36e0:2072:3c3c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

3、此时查看?DS2?服务器的?IP，发现?VIP?和 DIP?漂移过来了

[root@kvm110 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
? ? inet 127.0.0.1/8 scope host lo
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 ::1/128 scope host?
? ? ? ?valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
? ? link/ether 00:0c:29:fb:5a:a1 brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.2.110/24 brd 192.168.2.255 scope global noprefixroute ens33
? ? ? ?valid_lft forever preferred_lft forever
? ? inet 192.168.2.150/24 scope global secondary ens33
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 fe80::6963:2857:478c:ecd4/64 scope link tentative noprefixroute dadfailed?
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 fe80::e701:4a84:c716:58b9/64 scope link noprefixroute?
? ? ? ?valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
? ? link/ether 00:0c:29:fb:5a:ab brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute ens37
? ? ? ?valid_lft forever preferred_lft forever
? ? inet 192.168.1.200/24 scope global secondary ens37
? ? ? ?valid_lft forever preferred_lft forever
? ? inet6 fe80::a379:a4d:829a:6d0e/64 scope link noprefixroute?
? ? ? ?valid_lft forever preferred_lft forever
?