keepalived + LVS实现高可用负载均衡集群

4个节点：

keepalived1:

IP:172.16.20.10

hostname:

OS:CentOS Linux release 7.1.1503 (Core)

NetworkDEVICE:eno16777728

keepalived2:

IP:172.16.20.12

hostname:

OS:CentOS Linux release 7.1.1503 (Core)

NetworkDEVICE:eno16777728

Real Server1:

IP:172.16.100.40

hostname:

OS:CentOS Linux release 7.4.1708 (Core)

NetworkDEVICE:ens32

Real Server2:

IP:172.16.100.50

hostname:

OS:CentOS Linux release 7.4.1708 (Core)

NetworkDEVICE:ens32

还有一个节点是客户端，IP地址为172.16.100.20，OS为MacOSX。其中Real Server2还是yum源。VIP为172.16.20.100，各节点之间的都能相互解析主机名，使用了公钥认证

两个keepalived节点开启核心转发功能，操作是在keepalived1节点中完成的：

# echo 1 > /proc/sys/net/ipv4/ip_forward; ssh 'echo 1 > /proc/sys/net/ipv4/ip_forward'

安装keepalived，ipvsadm，httpd，其中httpd的作用是Sorry_server:

# yum install -y keepalived，ipvsadm，httpd; ssh 'yum install -y keepalived，ipvsadm，httpd'

# echo "<h1>The system is upgrading on knode1 Please wait a few minutes retry!<h1>" > /var/www/html/index.html

keepalived2也是一样的，但为了测试效果，加以区别，可显示不同的内容

# echo "<h1>The system is upgrading on knode2 Please wait a few minutes retry!<h1>" > /var/www/html/index.html

# systemctl start http; ssh 'systemctl start http'

配置keepalived，在不停止服务的前提下可以通过脚本的方式进行流转，且流转的时候发邮件：

# cp /etc/keepalived/keepalived.conf{,.bak} ```先备份一下```

# vim /etc/keepalived/keepalived.conf

1 ! Configuration File for keepalived 2 3 global_defs { 4notification_email { 5root@localhost 6} 7notification_email_from kaadmin@localhost 8smtp_server 127.0.0.1 9smtp_connect_timeout 3010router_id LVS_DEVEL11vrrp_mcast_group4 224.0.1.11812 }13 14 vrrp_script chk_down {15script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"16interval 117weight - }19 20 vrrp_instance VI_1 {21state MASTER22interface eno1677772823virtual_router_id 14424priority 10025advert_int 126authentication {27 auth_type PASS28 auth_pass 44dace615cdd5d26 29}30virtual_ipaddress {31172.16.20.100/16 dev eno16777728 label eno16777728:132}33 34track_script {35 chk_down36}37 38notify_master "/etc/keepalived/notify.sh master"39notify_backup "/etc/keepalived/notify.sh backup"40notify_fault "/etc/keepalived/notify.sh fault"41 }42 43 virtual_server 172.16.20.100 80 {44delay_loop 645lb_algo wrr46lb_kind DR47nat_mask 255.255.0.048protocol TCP49sorry_server 127.0.0.1 8050 51real_server 172.16.100.40 80 {52 weight 153 HTTP_GET {54 url {55path /56status_code 200 57 }58 connect_timeout 359 nb_get_retry 360 delay_before_retry 361 }62}63real_server 172.16.100.50 80 {64 weight 265 HTTP_GET {66 url {67path /68status_code 200 69 }70 connect_timeout 371 nb_get_retry 372 delay_before_retry 373 }74}75 }

将keepalived1节点中/etc/keepalived/keepalived.conf文件复制keepalived2节点中，将state MASTER改为state BACKUP，priority 100改为priority 90即可

# vim /etc/keepalived/notify.sh

1 #!/bin/bash 2 # 3 4 vip=172.16.20.100 5 contact='root@localhost' 6 7 notify() { 8mailsubject="`hostname` to be $1: $vip floating" 9mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"10echo $mailbody | mail -s "$mailsubject" $contact11 }12 13 case "$1" in14master)15 notify master16 exit 017;;18backup)19 notify backup20 exit 021;;22fault)23 notify fault24 exit 025;;26*)27 echo 'Usage: `basename $0` {master|backup|fault}'28 exit 129;;30 esac

也将此脚本复制到keepalived2节点中

启动两个keepalived节点：

# systemctl start keepalived; ssh 'systemctl start keepalived'

此时可查看自动生成的ipvs规则

# ipvsadm -L -n

两台Real Server中修改内核参数，将Real Server中VIP配置在ens32网卡的别名ens32:0上，并限制其不能响应对VIP地址的请求：

# vim set.sh

1 #!/bin/bash2 #3 vip=172.16.20.1004 ifconfig ens32:0 $vip broadcast $vip netmask 255.255.255.255 up5 route add -host $vip ens32:06 echo 1 > /proc/sys/net/ipv4/conf/ens32/arp_ignore7 echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore8 echo 2 > /proc/sys/net/ipv4/conf/ens32/arp_announce9 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

为Real Server1提供内容，因为Real Server2位所有节点的yum源，就懒得去修改了：

# echo "<h1>This is on real server1<h1>" > /var/www/html/index.html

启动两个Real Server的服务：

# systemctl start httpd; ssh 'systemctl start httpd'

客户端进行访问、测试