实验一

Keepalived+Lvs+Nginx 实现高可用集群，保证nginx服务正常运行

系统centos7

IP	主机名	作用
192.168.28.141/24	klmaster	配置Keepalived（Master）、配置LVS，作为负载均衡器
192.168.28.143/24	klbackup	配置Keepalived（Backup）、配置LVS，作为负载均衡器
192.168.28.144/24	nginx1	配置nginx，作为RS web服务器测试
192.168.28.145/24	nginx2	配置nginx，作为RS web服务器测试

klmaster配置

通过Keepalived自动配置lvs，无需单独配置lvs。

[root@klmaster ~]# yum -y install keepalived ipvsadm
[root@klmaster ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id Directory01    #标识Keepalived，作为Backup的Keepalived此处应不同
   vrrp_skip_check_adv_addr
#  vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER    #定义Keepalived角色，并非决定因素，起决定作用的是priority优先级
    interface ens33    #检测的网络接口
    virtual_router_id 66    #虚拟路由器标识，主备Keepalived一致
    priority 100    #优先级
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {    #设置VIP
        192.168.28.150 dev ens33 label ens33:0
    }
}

virtual_server 192.168.28.150 80 {    #配置lvs的VIP和端口
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.28.144 80 {    #作为RS的nginx1的真实IP
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
        }
    
    real_server 192.168.28.145 80 {    #作为RS的nginx2的真实IP
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
        }
    }

klbackup配置

[root@klbackup ~]# yum -y install keepalived ipvsadm
[root@klbackup ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id Directory02
   vrrp_skip_check_adv_addr
#  vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 66
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.28.150 dev ens33 label ens33:0
    }
}

virtual_server 192.168.28.150 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 50
    protocol TCP

    real_server 192.168.28.144 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
        }
    
    real_server 192.168.28.145 80 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
        }
    }

nginx1配置

[root@nginx1 ~]# yum -y install nginx
[root@nginx1 ~]# vim /usr/share/nginx/html/index.html
This is nginx1 page!
[root@nginx1 ~]# systemctl enable --now nginx
[root@nginx1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-lo:0
[root@nginx1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.28.150
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
[root@nginx1 ~]# systemctl restart network
[root@nginx1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.144  netmask 255.255.255.0  broadcast 192.168.28.255
        inet6 fe80::20c:29ff:febf:6bb8  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:bf:6b:b8  txqueuelen 1000  (Ethernet)
        RX packets 609  bytes 56028 (54.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 880  bytes 236014 (230.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 36  bytes 3060 (2.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36  bytes 3060 (2.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.28.150  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)

[root@nginx1 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
[root@nginx1 ~]# systemctl -p

nginx2配置

[root@nginx2 ~]# yum -y install nginx
[root@nginx2 ~]# vim /usr/share/nginx/html/index.html
This is nginx2 page!
[root@nginx2 ~]# systemctl enable --now nginx
[root@nginx2 ~]# cp /etc/sysconfig/network-scripts/ifcfg-lo /etc/sysconfig/network-scripts/ifcfg-lo:0
[root@nginx2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.28.150
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
[root@nginx2 ~]# systemctl restart network
[root@nginx2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.28.144  netmask 255.255.255.0  broadcast 192.168.28.255
        inet6 fe80::20c:29ff:febf:6bb8  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:bf:6b:b8  txqueuelen 1000  (Ethernet)
        RX packets 609  bytes 56028 (54.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 880  bytes 236014 (230.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 36  bytes 3060 (2.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36  bytes 3060 (2.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:0: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 192.168.28.150  netmask 255.255.255.255
        loop  txqueuelen 1000  (Local Loopback)

[root@nginx2 ~]# vim /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
[root@nginx2 ~]# systemctl -p

查看各项配置

启动Keepalived

[root@klmaster ~]# systemctl enable --now keepalived
[root@klbackup ~]# systemctl enable --now keepalived

查看lvs规则

[root@klmaster ~]# ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.28.150:80 rr persistent 50
  -> 192.168.28.144:80            Route   1      0          0
  -> 192.168.28.145:80            Route   1      0          0


[root@klbackup ~]# ipvsadm -Ln
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.28.150:80 rr persistent 50
  -> 192.168.28.144:80            Route   1      0          0
  -> 192.168.28.145:80            Route   1      0          0

分别在主备Keepalived主机上抓包查看组播信息

此时主备Keepalived都正常运行，但klmaster优先级priority高，klmaster的Keepalived在提供服务

[root@klmaster ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:24:47.755711 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:48.757495 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:49.758650 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:50.759840 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:51.761223 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:24:52.762540 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20

[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
20:43:35.348367 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:36.349916 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:37.351849 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:38.353368 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:39.354468 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:43:40.355704 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20

先关闭Keepalived（Master），等待两三秒再开启Keepalived（Master）；此时抓包信息产生变化

[root@klmaster ~]# systemctl stop keepalived

[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
[root@klbackup ~]# tcpdump -i ens33 -nn | grep 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes

20:49:39.034550 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:40.036474 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:41.038048 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:41.332438 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 0, authtype simple, intvl 1s, length 20
#此时Keepalived切换为backup
20:49:41.981848 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:42.983526 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:43.984625 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
20:49:44.985372 IP 192.168.28.143 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 90, authtype simple, intvl 1s, length 20
#此时Keepalived切换为master
20:49:49.988233 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:50.988865 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:51.990114 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
20:49:52.991064 IP 192.168.28.141 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20

 测试

前提：Keepalived主备、Lvs都已正常运行，nginx1/2都正常运行

访问VIP 192.168.28.150

关闭Keepalived（Master），再访问VIP，业务正常，抓包发现Keepalived（Backup）已启用

关闭nginx2，再访问VIP