准备工作
关闭防火墙
1
| systemctl stop firewalld
|
关闭虚拟机内核限制
1
2
| vi /etc/sysconfig/selinux
SELINUX=disabled
|
刷新配置 并查看
1
2
| source /etc/sysconfig/selinux
getenforce
|
安装
上传keepalived 压缩包,解压keepalived
1
| tar -zvxf keepalived-2.0.15.tar.gz
|
移动keepalived-2.0.15 到/usr/local目录下
1
2
| mv keepalived-2.0.15 /usr/local
mkdir /etc/keepalived
|
进入keepalived目录 ,编译、安装
1
2
3
| cd /usr/local/keepalived-2.0.15/
./configure --prefix=/usr/local/keepalived
make&make install
|
keepalived启动脚本变量引用文件,默认文件路径是/etc/sysconfig/,也可以不做软链接,直接修改启动脚本中文件路径即可(安装目录下)
1
| cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
|
将keepalived主程序加入到环境变量(安装目录下)
1
| cp /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived (此命令拷贝的文件为安装目录)
|
keepalived启动脚本(源码目录下),放到/etc/init.d/目录下就可以使用service命令便捷调用
1
| cp /usr/local/keepalived-2.0.15/keepalived/etc/init.d/keepalived /etc/init.d/keepalived (此命令拷贝的文件为解压目录)
|
将配置文件放到默认路径下
1
2
| mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf (此命令拷贝的文件为安装目录)
|
配置
修改配置文件
1
| vi /etc/keepalived/keepalived.conf
|
修改如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| ! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.110.100
}
}
virtual_server 192.168.110.100 9095 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.139.123 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.139.122 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
|
启动keepalived 查看keepalived状态
1
2
| systemctl start keepalived
systemctl status keepalived
|
查看keepalived虚拟ip
vip无法ping通
keepalived.conf中vip配置好后,通过ip addr可以看到vip已经顺利挂载,但是无法ping通,并且防火墙都已关闭,原因是keepalived.conf配置中默认vrrp_strict打开了,需要把它注释掉。重启keepalived即可ping通.
映射端口无法访问
vip可ping通后,访问vip映射端口无法访问,直接访问real_server的ip和端口可访问。
尝试Ping新ip 192.168.110.100
目前新ip 10.10.10.10 仅限虚拟机本机访问
方式一
1
| curl http://192.168.110.100/1.txt
|
方式二
1
| links http://192.168.110.100
|
NAT模式和路由器NAT模式类似,用于访问client和real_server在不同网段实现通信。如果你在一个局域网内做负载均衡选用NAT,那恭喜你,你肯定是无法访问。可以做个NAT模式的测试,需要在keepalived主机上配置双网卡,分别在两个不同网段中,如keepalived主机网卡对client地址为192.168.110.0/24,对real_server的地址为192.168.139.0/24。vip设置为192.168.110.100,real_server为192.168.139.123,可采用下面的keepalived.conf配置,配置正确后在keepalived主机上执行systemctl restart keepalived.service。从client上执行curl 192.168.110.100发现还是无法访问。这是由于real_server在接收到请求包后找不到路由进行数据返回,此时需要将keepalived主机作为网关,在real_server上添加回程路由route add default gw 192.168.139.123。192.168.139.123即为keepalived主机。考虑keepalived主机一般双机,因此此处可以用keepalived主机的虚拟IP。 现在再执行curl 192.168.110.100就可以正常返回
路由
想要网络中的机器都能够访问虚拟ip
所有CentOS(Linux)重启 会清空临时路由表,为什么不配置成永久路由,可以讲所有的配置命令 通过shell 编程保存到sh文件中 开机自动运行就重启也能生效,但是不想用了 移除开机自启sh文件即可,而永久路由才要一条一条删。
Linux路由
开启另外一台虚拟机,尝试ping虚拟ip 这时会发现ping不通
1
2
| yum install net-tools
route -n
|
1
2
3
| route add -net 192.168.110.100 dev ens33 gw 192.168.139.123 host 只加主机 net 整个网段
route add -host 192.168.110.0/24 dev ens33 gw 192.168.139.123
|
再次查看路由表,发现出现虚拟ip,尝试ping虚拟ip
1
2
| route -n
ping 10.10.10.10
|
意思就是 如果你想找10.10.10.10 你就去找192.168.139.123
Windows路由
以管理员身份打开命令提示符
1
2
| route add 192.168.110.100/24 mask 255.255.255.248 192.168.139.123
|
浏览器访问
高可用搭建
重新找一台虚拟机安装keepalived 修改配置文件如下:#两台虚拟ip统一改为 192.168.139.100 使虚拟ip跟虚拟机的ip在一个网段
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| ! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP ##改为BACKUP
interface ens33
virtual_router_id 51
priority 60 ##降低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.139.100
}
}
virtual_server 192.168.139.100 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
#sorry_server 192.168.200.200 1358
real_server 192.168.139.122 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.139.123 80 {
weight 1
HTTP_GET {
url {
path /
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
|
查看第二台的ip 此时第二台没有虚拟ip 虚拟ip在第一台
关闭第一台的keepalived 这时候第一台的虚拟ip没有了 此时的虚拟ip在第二台
1
| systemctl stop keepalived
|
这时候当你访问Tomcat 访问速度就会很慢就需要添加端口转发
1
| >windows在keepalived所在的机器没有配置iptables的情况下 看机器性能 网络状态看运气 配置了秒刷
|
端口转发
1
| yum install iptables-services
|
添加对应的ip转发规则
1
2
| iptables -t nat -A PREROUTING -p tcp -d 192.168.139.100 --dport 9095 -j REDIRECT 添加
iptables -t nat -D PREROUTING -p tcp -d 192.168.139.100 --dport 9095 -j REDIRECT 删除
|
添加、删除后都需要保存重启服务
1
2
3
4
5
| service iptables save
systemctl restart iptables.service
如果新装的centos 需要配置为开机自动运行 并重启虚拟机
systemctl enable iptables.service
|
第二台虚拟机也需要安装Nginx 安装好之后把第一台Nginx的配置文件拷贝到第二台,并重启Nginx 再到浏览器刷新这时候就可以秒刷了,无论是哪台keepalived都能达到秒刷效果。