主机规划
| 主机 | 系统 | 安装应用 | 网络 | IP |
|---|---|---|---|---|
| client | redhat 9.5 | 无 | NAT | 192.168.23.115/24 |
| lvs-master | rocky 9.5 | ipvsadm,keepalived | NAT | 192.168.23.116/24,VIP :192.168.23.100/32 |
| lvs-backup | rocky 9.5 | ipvsadm,keepalived | NAT | 192.168.23.117/24,VIP :192.168.23.100/32 |
| rs1 | openEuler 24.03 | nginx,nfs-utils | NAT | 192.168.23.118/24 |
| rs2 | openEuler 24.03 | nginx,nfs-utils | NAT | 192.168.23.119/24 |
| nfs | redhat 9.5 | nfs-utils | NAT | 192.168.23.120/24 |
注意:关闭所有主机的 防火墙 和 SELinux
NFS配置
# 1. 修改主机名
[root@localhost ~]# hostnamectl hostname nfs
# 2. 修改IP
[root@localhost ~]# nmcli c m ens160 ipv4.method manual ipv4.addresses 192.168.72.120/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
[root@nfs ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:D8:AE:96
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.72.120/24
IP4.GATEWAY: 192.168.72.2
IP4.ROUTE[1]: dst = 192.168.72.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.72.2, mt = 100
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fed8:ae96/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
# 3. 安装nfs
[root@nfs ~]# dnf install nfs-utils -y
# 4. 配置nfs
[root@nfs ~]# mkdir /nfs/share -p
[root@nfs ~]# cd /nfs/share/
[root@nfs share]# echo "rs1 index.html" > index1.html
[root@nfs share]# echo "rs2 index.html" > index2.html
[root@nfs ~]# vim /etc/exports
[root@nfs ~]# cat /etc/exports
/nfs/share 192.168.72.118(rw,sync) 192.168.72.119(rw,sync)
# 5. 启动服务
[root@nfs ~]# systemctl start nfs-server
# 6. 功能测试
[root@nfs ~]# showmount -e 192.168.72.120
Export list for 192.168.72.120:
/nfs/share 192.168.72.119,192.168.72.118搭建RS服务器
RS1 配置
# 1. 修改主机名
[root@localhost ~]# hostnamectl hostname rs1
# 2. 修改IP地址
[root@localhost ~]# nmcli c mod ens160 ipv4.method manual ipv4.addresses 192.168.72.118/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
[root@rs1 ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:F7:63:AB
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.72.118/24
IP4.GATEWAY: 192.168.72.2
IP4.ROUTE[1]: dst = 192.168.72.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.72.2, mt = 100
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fef7:63ab/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
# 3. 安装nginx和nfs
dnf install nginx nfs-utils -y
# 4. 挂载共享目录
[root@rs1 ~]# mount -t nfs 192.168.72.120:/nfs/share /usr/share/nginx/html/
# 4. 启动服务
root@rs1 ~]# systemctl start nginx nfs-server
# 5. 功能测试
[root@rs1 ~]# showmount -e 192.168.72.120
Export list for 192.168.72.120:
/nfs/share 192.168.72.119,192.168.72.118
# 6. 自动挂载
[root@rs1 ~]# vim /etc/fstab
......
192.168.72.120:/nfs/share /usr/share/nginx/html/ nfs defaults 0 0
# 重新加载 systemd 管理器配置
[root@rs2 ~]# systemctl daemon-reload
# 配置自动挂载的所有文件系统,无需重启立即生效
[root@rs2 ~]# mount -a
# 7. 配置nginx
[root@rs1 ~]# vim /etc/nginx/conf.d/rs1.conf
[root@rs1 ~]# cat /etc/nginx/conf.d/rs1.conf
server {
listen 80;
server_name 192.168.72.118;
location / {
root /usr/share/nginx/html;
index index1.html;
}
}
# 8. 开机自动启动
[root@rs1 ~]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@rs1 ~]# systemctl enable nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
# 9. 功能测试
[root@rs1 ~]# curl 192.168.72.118
rs1 index.htmlRS2 配置
关闭RS1服务器,然后我们对这台服务器进行克隆,取名为 RS2,然后启动 RS2 并做如下的修改。
# 1. 修改主机名
[root@rs1 ~]# hostnamectl hostname rs2
# 2. 修改IP地址
[root@rs1 ~]# nmcli c modify ens160 ipv4.addresses 192.168.72.119/24
[root@rs1 ~]# nmcli c up ens160
# 3. 自动挂载,这里我们直接复制过去
[root@rs1 ~]# scp /etc/fstab 192.168.72.119:/etc/
The authenticity of host '192.168.72.119 (192.168.72.119)' can't be established.
ED25519 key fingerprint is SHA256:IXJJgIYtrMMZ4EALsHR1+6xQNFLC6sUdQWpDW1Ub3fk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.72.119' (ED25519) to the list of known hosts.
root@192.168.72.119's password:
fstab 100% 770 661.4KB/s 00:00
# 重新加载 systemd 管理器配置
[root@rs2 ~]# systemctl daemon-reload
# 配置自动挂载的所有文件系统,无需重启立即生效
[root@rs2 ~]# mount -a
# 4. 配置nginx
[root@rs2 ~]# vim /etc/nginx/conf.d/rs2.conf
server {
listen 80;
server_name 192.168.72.119;
location / {
root /usr/share/nginx/html;
index index2.html;
}
}
# 4. 功能测试
[root@rs2 ~]# systemctl restart nginx
[root@rs2 ~]# curl 192.168.72.119
rs2 index.html搭建Keekalived+LVS服务
配置 master
### 1. 修改主机名
[root@localhost ~]# hostnamectl hostname lvs-master
### 2. 修改IP地址
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.116/24 ipv4.gateway 192.168.72.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
### 3. 安装keepalived和lvs
[root@lvs-master ~]# dnf install keepalived ipvsadm -y
### 4. 配置keepalive和lvs
# 安装完后首先保存当前的负载均衡配置
[root@lvs-master ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm
[root@lvs-master ~]# vim /etc/keepalived/keepalived.conf
[root@lvs-master ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lvs-master
}
# 可以配置自动化脚本
#vrrp_script xxx {
#}
vrrp_instance VI_1 {
state MASTER
interface ens160 # 注意修改网卡名称
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.72.100 # 虚拟IP地址
}
# 执行脚本
#track_script {
# xxx
#}
}
# 配置lvs,需要指定VIP地址
virtual_server 192.168.72.100 80 {
delay_loop 3 # 健康检查的间隔时间,单位为秒
lb_algo wrr # 负载均衡的算法,rr表示轮询
lb_kind DR # 负载均衡的模式,此处为DR模式,支持的模式有:NAT|DR|TUN
persistence_timeout 50 # 持久化时间,默认为秒。此处的配置相当于:ipvsadm -A -t 192.168.72.100:80 -s wrr -p 50
protocol TCP # 负载协议
# 配置真实服务器,配置的方式是:IP 端口号 相当于 ipvsadm -a -t 192.168.72.100:80 -r 192.168.72.118:80 -g -w 1
real_server 192.168.72.118 80 {
weight 3 # 权重
TCP_CHECK { # 检查
connect_timeout 3 # 连接时间,单位为秒
retry 3 # 重试次数
delay_before_retry 3 # 重试的间隔时间
}
}
real_server 192.168.72.119 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}配置backup
关闭master主机,然后克隆出 backup ,并启动backup,然后做如下的修改。
# 1. 修改主机名
[root@lvs-master ~]# hostnamectl hostname lvs-backup
# 2. 修改IP地址
[root@lvs-master ~]# nmcli c m ens160 ipv4.addresses 192.168.72.117/24
[root@lvs-master ~]# nmcli c up ens160
# 3. 修改配置文件
[root@lvs-backup ~]# vim /etc/keepalived/keepalived.conf
[root@lvs-backup ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lvs-backup
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.72.100
}
}
virtual_server 192.168.72.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.72.118 80 {
weight 3
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.72.119 80 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
# 4. 启动两台服务器
[root@lvs-master ~]# systemctl start keepalived ipvsadm
[root@lvs-backup ~]# systemctl start keepalived ipvsadm
# 5. 查询配置规则,发现规则成功创建
[root@lvs-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.72.100:80 rr persistent 50
-> 192.168.72.118:80 Route 1 0 0
-> 192.168.72.119:80 Route 1 0 0
[root@lvs-backup ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.72.100:80 rr persistent 50
-> 192.168.72.118:80 Route 1 0 0
-> 192.168.72.119:80 Route 1 0 0 修改RS服务器
我们需要为两台 RS 服务器配置 VIP,同时还需要配置核心参数。
### 1. 两台RS都配置VIP
[root@rs1 ~]# ifconfig lo:1 192.168.72.100 netmask 255.255.255.255 broadcast 192.168.72.100 up
[root@rs1 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.72.100/32 brd 192.168.72.100 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@rs2 ~]# ifconfig lo:1 192.168.72.100 netmask 255.255.255.255 broadcast 192.168.72.100 up
[root@rs2 ~]# ip a show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.72.100/32 brd 192.168.72.100 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
### 2. 添加内核参数
[root@rs1 ~]# cat >> /etc/sysctl.conf <<EOF
> net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward=0
> EOF
# 调用配置
[root@rs1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
# 也可以手动添加
[root@rs2 ~]# vim /etc/sysctl.conf
······
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward=0
[root@rs2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
### 3. 两台RS都增加一个路由
[root@rs1 ~]# route add -host 192.168.72.100 dev lo:1
# 查看路由表
[root@rs1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.72.2 0.0.0.0 UG 100 0 0 ens160
192.168.72.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
192.168.72.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@rs2 ~]# route add -host 192.168.72.100 dev lo:1
[root@rs2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.72.2 0.0.0.0 UG 100 0 0 ens160
192.168.72.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
192.168.72.100 0.0.0.0 255.255.255.255 UH 0 0 0 lo## 功能测试
此时打开浏览器,输入 `192.168.23.100` 网址IP,发现成功访问到真实服务器RS1,出现以下内容。
rs1 index.html
# 此时我们断开 RS1 的 nginx 服务
[root@rs1 ~]# systemctl stop nginx.service
# 刷新网页发现 IP 无法访问,但是过了几秒后又重新访问成功,此时访问到了RS2
rs2 index.html
### 因为我们在 Keepalived 配置文件中添加了延迟时间
[root@lvs-master ~]# vim /etc/keepalived/keepalived.conf
···
virtual_server 192.168.23.100 80 {
delay_loop 6 # 这里为 6s
···
}