LVS-keepalived双机热备部署

需要准备6台虚拟机

创建访问页面

修改vim /etc/exports允许20和30访问

/web 192.168.100.20(rw) 192.168.100.30(rw)

设置服务

查看可以访问这个主机的ip

showmount -e 192.168.100.10

安装http服务

yum -y install httpd

配置首页并且启动服务

echo "www.benet.com" > /var/www/html/index.html

安装ipvsadm keepalived 04-05

修改配置文件

vim /etc/keepalived/keepalived.conf

vrrp_instance VI_1 {

    state MASTER

    interface ens32

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }   

        192.168.100.253

    }   

}   

 

    lb_kind DR

    persistence_timeout 50

    protocol TCP

    

    real_server 192.168.100.20 80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

        }   

    }   

}   

 

    lb_kind DR

    persistence_timeout 50

    protocol TCP

    

    real_server 192.168.100.30 80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }   

    }   

}

测试配置

05的配置

! Configuration File for keepalived

 

global_defs {

   router_id LVS_BACKUP

}

 

vrrp_instance VI_1 {

    state BACKUP

    interface ens32

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        192.168.100.253

    }

}

 

virtual_server 192.168.100.254 80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    persistence_timeout 50

    protocol TCP

 

    real_server 192.168.100.20 80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

 

virtual_server 192.168.100.253 80 {

    delay_loop 6

    lb_algo rr

    lb_kind DR

    persistence_timeout 50

    protocol TCP

 

    real_server 192.168.100.30 80 {

        weight 1

        TCP_CHECK {

            connect_port 80

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

检查漂移地址

ipvsadm -ln

配置

DEVICE=lo:0

IPADDR=192.168.100.253

NETMASK=255.255.255.255

NETWORK=127.0.0.0

# If you're having problems with gated making 127.0.0.0/8 a martian,

# you can change this to something else (255.255.255.255, for example)

BROADCAST=127.255.255.255

ONBOOT=yes

NAME=loopback

LVS服务器配置keepalived主节点内核参数  2台都需要配置

net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.send_redirects = 0

net.ipv4.conf.ens32.send_redirects = 0

WEB服务器

net.ipv4.conf.all.arp_ignore = 1

net.ipv4.conf.all.arp_announce = 2

net.ipv4.conf.default.arp_ignore = 1

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.lo.arp_ignore = 1

net.ipv4.conf.lo.arp_announce = 2

配置内网ip

指定默认网关

GATEWAY=192.168.100.254

echo "GATEWAY=192.168.100.254" >> /etc/sysconfig/network-scripts/ifcfg-ens32 &&

systemctl restart network

网关配置路由

net.ipv4.ip_forward = 1

启动防火墙

设置防火墙规则

firewall-cmd --add-interface=ens32 --zone=trusted

firewall-cmd --add-interface=ens34 --zone=external

firewall-cmd --set-default-zone=trusted 

 

配置外网ip     添加一块外网网卡

vim /etc/sysconfig/network-scripts/ifcfg-ens34

 

TYPE=Ethernet

BOOTPROTO=static

NAME=ens34

DEVICE=ens34

ONBOOT=yes

IPADDR=192.168.200.254

NETMASK=255.255.255.0

PROXY_METHOD=none

BROWSER_ONLY=no

PREFIX=24

IPV4_FAILURE_FATAL=no

IPV6INIT=no

ZONE=external

查看防火墙区域

firewall-cmd --get-zone-of-interface=ens32

firewall-cmd --get-zone-of-interface=ens34

firewall-cmd --get-default-zone

查看ip伪装

firewall-cmd --zone=external --remove-masquerade

删除伪装

firewall-cmd --list-all --zone=external

配置伪装映射

firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 source address=192.168.100.0/24 masquerade'

将外网端口映射到内网

firewall-cmd --zone=external --add-rich-rule='rule family=ipv4

destination address=192.168.200.254/32 forward-port port=80

protocol=tcp to-addr=192.168.100.253'

允许http访问

firewall-cmd --add-service=http --zone=external

firewall-cmd --list-all --zone=external

安装dns

yum -y install bind bind-utils bind-chroot

cat /etc/named.conf

options {

listen-on port 53 { any; };

directory "/var/named";

};

zone "benet.com."   IN   {

type master ;

file "benet.com.zone";

};

named-checkconf /etc/named.conf

cat /var/named/benet.com.zone

$TTL 86400

@ SOA benet.com. root.benet.com. (

2020081210

1H

15M

1W

1D

)

@ NS centos06.benet.com.

centos06 A 192.168.200.254

www A 192.168.200.254

named-checkzone benet.com /var/named/benet.com.zone

给外网网卡指定dns服务器

echo "DNS1=192.168.200.254" >>  /etc/sysconfig/network-scripts/ifcfg-ens34

客户端指定

配置防火墙允许dns访问

firewall-cmd --add-service=dns --zone=external

配置网站服务器自动挂载共享目录  2台web服务器都要配置

192.168.100.10:/web     /var/www/html           nfs             defaults,_netdev 0 0

重启生效

查看挂载

客户端访问测试

http://www.benet.com/