1、实验环境
- 主机A:操作系统CentOS 7.6.1810,IP地址192.168.0.86,Keepalived版本2.0.2,ipvsadm版本1.27
- 主机B:操作系统CentOS 7.6.1810,IP地址192.168.0.88,运行Apache 2.4.37提供Web服务
- 主机C:操作系统CentOS 7.6.1810,IP地址192.168.0.110,运行Apache 2.4.37提供Web服务
- 负载均衡算法/机制/健康检查:rr/DR/TCP_CHECK
- VIP:192.168.0.5
主机A的角色为LB,主机BC角色为后端RS。这里仅实现负载均衡,而不对LB做高可用集群。
2、在主机A上配置Keepalived
这里不使用Keepalived邮件发送和VRRP功能,所以全局配置使用默认,而VRRP不进行配置,仅配置LVS部分。Keepalived配置如下:
! Configuration File for keepalived
global_defs {
notification_email {
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
virtual_server 192.168.0.5 80 {
delay_loop 5
lb_algo rr
lb_kind DR
persistence_timeout 100
protocol TCP
real_server 192.168.0.88 80 {
inhibit_on_failure
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 5
}
}
real_server 192.168.0.110 80 {
inhibit_on_failure
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 5
}
}
}因为在Keepalived中没有配置VRRP功能,所以必须手动为主机A的ens160网卡接口绑定VIP:
[root@localhost keepalived]# ip addr add 192.168.0.5/24 dev ens160
启动Keepalived:
[root@localhost keepalived]# systemctl start keepalived
Keepalived启动后可以通过ipvsadm查看当前的RS组:
[root@localhost keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.5:80 rr persistent 100 -> 192.168.0.88:80 Route 1 0 0 -> 192.168.0.110:80 Route 1 0 0
3、在主机BC上绑定VIP并配置ARP抑制
通过以下脚本为lo绑定VIP并配置ARP抑制:
#!/bin/bash VIP=192.168.0.5 /usr/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p
注意:脚本中调用了ifconfig命令,请确保该命令已经安装。
编写完脚本后,通过chmod命令为脚本赋予可执行权限,然后执行该脚本。
4、验证
首先直接访问主机B跟主机C:
http://192.168.0.88
http://192.168.0.110
主机B与主机C均正常提供Web服务。此时通过VIP192.168.0.5进行访问:
由于没有设置后端节点的权重,所以这里访问会平均分配给两个后端RS。通过在主机A上使用ipvsadm也可以查看到当前各个后端RS的负载情况:
[root@localhost keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.5:80 rr -> 192.168.0.88:80 Route 1 1 0 -> 192.168.0.110:80 Route 1 1 0
此时,将主机B上的Web服务停止,查看集群情况:
[root@localhost keepalived]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.5:80 rr -> 192.168.0.88:80 Route 0 0 0 -> 192.168.0.110:80 Route 1 0 0
主机B的权重已经被调整为0了,说明Keepalived已经检测到主机B出现故障,接下去的请求就不会再转发给主机B了。