實驗環境:
lvs-master 192.168.1.236
lvs-backup 192.168.1.237
lvs-dr-vip 192.168.1.238
web1 192.168.1.239
web2 192.168.1.240
注:yum安裝的軟件包版本要一致
1.分別在兩臺服務器上安裝lvs和keepalived
[root@lvs-master ~]# yum -y install ipvsadm
[root@lvs-master ~]# yum -y install keepalived
[root@lvs-backup ~]# yum -y install ipvsadm
[root@lvs-backup ~]# yum -y install keepalived
2.修改lvs-master的配置文件
[root@lvs-master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected] #email 通知
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER #設置lvs的狀態,報錯MASTER和BACKUP兩種,必須大寫
interface eth1 #設置對外服務的接口
virtual_router_id 51 #設置虛擬路由表示
priority 100 #設置優先級,數值越大,優先級越高
advert_int 1 #設置同步時間間隔
authentication { #設置驗證類型和密碼
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #設置lvs vip
192.168.1.238
}
}
virtual_server 192.168.1.238 80 {
delay_loop 6 #健康檢查時間間隔
lb_algo wrr #負載均衡調度算法
lb_kind DR #負載均衡轉發規則
#persistence_timeout 20 #設置會話保持時間,對bbs等很有用
protocol TCP #協議
real_server 192.168.1.239 80 {
weight 3 #設置權重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.240 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
修改lvs-backup的配置
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.238
}
}
virtual_server 192.168.1.238 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 20
protocol TCP
real_server 192.168.1.239 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.240 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
3.在兩臺Realserver端增加配置(即web1和web2,配置一樣)
配置web服務
[root@web1~]# yum -y install httpd
[root@web1 ~]# echo "web11 " > /var/www/html/index.html
[root@web2~]# yum -y install httpd
[root@web2 ~]# echo "web22 " > /var/www/html/index.html
[root@web1 ~]# /etc/rc.d/init.d/realserver (web1與web2配置一樣)
#!/bin/bash
# description: Config realserver lo and apply noarp
SNS_VIP=192.168.1.238
. /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@web1 ~]# chmod o+x /etc/rc.d/init.d/realserver
簡單說明以上述腳本的作用:
1)vip(virtual ip)。直接路由模式的vip必須跟服務器對外提供服務的ip地址在同一個網段,並且lvs 負載均衡器和其他所有提供相同功能的服務器都使用這個vip;
2)vip被綁定在環回接口lo0:0上,其廣播地址是其本身,子網掩碼是255.255.255.255。這與標準的網絡地址設置有很大的不同。採用這種可變長掩碼方式把網段劃分成只含一個主機地址的目的是避免ip地址衝突;
3)echo這段的作用是抑制arp廣播。如果不做arp抑制,將會有衆多的機器向其他宣稱:“嗨!我是奧巴馬,我在這裏呢!”,這樣就亂套了。
4.測試
在lvs-master上啓動keepalived與ipvsadm
[root@lvs-master ~]# /etc/init.d/ipvsadm start
[root@lvs-master ~]# /etc/init.d/keepalived start
在lvs-backup上啓動keepalived與ipvsadm
[root@lvs-backup ~]# /etc/init.d/ipvsadm start
[root@lvs-backup ~]# /etc/init.d/keepalived start
在web1上啓動realserver
[root@web1 ~]# /etc/init.d/realserver start
在web2上啓動realserver
[root@web2 ~]# /etc/init.d/realserver start
測試web訪問
[root@web1 ~]# /etc/init.d/httpd start #啓動apache
[root@web2 ~]# /etc/init.d/httpd start
關閉web1
[root@web1 ~]# /etc/init.d/httpd stop
高可用測試
關閉lvs-master的keepalived與ipvsadm
[root@lvs-master ~]# /etc/init.d/keepalived stop
[root@lvs-master ~]# /etc/init.d/ipvsadm stop
在lvs-backup上查看lvs的vip
測試web訪問是否依然正常
有上圖可看出網站訪問正常