1.基础环境配置
[root@lb1 ~]# systemctl stop firewalld # 关闭防火墙
[root@lb1 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux # 关闭selinux,重启生效
[root@lb1 ~]# setenforce 0 # 关闭selinux,临时生效
[root@lb1 ~]# yum -y install ntpdate.x86_64 # 安装 ntp 命令
[root@lb1 ~]# ntpdate 0.centos.pool.ntp.org # 时间同步
[root@lb1 ~]# yum install nginx -y # 安装nginx
2.web1,2服务器
[root@wb1 ~]# echo "web_1 221" > /usr/share/nginx/html/index.html
[root@wb2 ~]# echo "web_2 222" > /usr/share/nginx/html/index.html# 修改server_name
[root@lb1 ~]# vim /etc/nginx/nginx.confserver {listen 80;listen [::]:80;server_name www.example.com;root /usr/share/nginx/html;#启动并配置开机自启
[root@wb1 ~]# systemctl enable nginx --now
[root@wb2 ~]# systemctl enable nginx --now
3.配置lb1,lb2
这里两台机器是一致的,以lb1 举例操作一样
# 配置负载均衡模块
[root@lb1 ~]# mkdir /etc/nginx/conf.d/lb1.conf
[root@lb1 ~]# vim /etc/nginx/conf.d/lb1.conf
upstream backend {server 192.168.29.221:80 weight=1 max_fails=3 fail_timeout=20s;server 192.168.29.222:80 weight=1 max_fails=3 fail_timeout=20s;}server {listen 80;server_name www.example.com;location / {proxy_pass http://backend;proxy_set_header Host $host:$proxy_port;proxy_set_header X-Forwarded-For $remote_addr;}}
[root@lb1 ~]# systemctl enable nginx --now#可在测试节点上curl 来验证负载均衡是否配置成功
4.配置高可用 Keepalived 服务器(lb1,lb2 )
# 安装
[root@lb1 ~]# yum install keepalived -y[root@lb1 ~]# vim /etc/keepalived/keepalived.conf
lb1:
! Configuration File for keepalivedglobal_defs {notification_email {343590279@qq.com}smtp_server 192.168.29.1smtp_connect_timeout 30router_id LVS_lb1
}vrrp_script check_nginx {script "/shell/check-nginx.sh"interval 2weight -20timeout 10 user root root
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 150advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.29.100/24 dev ens33 label ens33:1}track_script {check_nginx}
}
vrrp_instance VI_2 {state BACKUPinterface ens33virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 2222}virtual_ipaddress {192.168.29.200/24 dev ens33 label ens33:2}track_script {check_nginx}
}[root@lb1 ~]# mkdir /shell
[root@lb1 ~]# touch /shell/check-nginx.sh
#!/bin/bash
run=`curl -I -m 10 -o /dev/null -s -w %{http_code} localhost`
if [ $run -ne 200 ];thensystemctl stop keepalived.service
fi
lb2:
! Configuration File for keepalivedglobal_defs {notification_email {343590279@qq.com}smtp_server 192.168.29.1smtp_connect_timeout 30router_id LVS_lb2
}vrrp_script check_nginx {script "/shell/check-nginx.sh"interval 2weight -20timeout 10 user root root
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.29.100/24 dev ens33 label ens33:1}track_script {check_nginx}
}vrrp_instance VI_2 {state MASTERinterface ens33virtual_router_id 52priority 150advert_int 1authentication {auth_type PASSauth_pass 2222}virtual_ipaddress {192.168.29.200/24 dev ens33 label ens33:2}track_script {check_nginx}
}[root@lb2 ~]# mkdir /shell
[root@lb2 ~]# touch /shell/check-nginx.sh
#!/bin/bash
run=`curl -I -m 10 -o /dev/null -s -w %{http_code} localhost`
if [ $run -ne 200 ];thensystemctl stop keepalived.service
fi
5.配置dns域名解析 机器上都配置一下
[root@lb1 conf.d]# vim /etc/hosts
192.168.29.100 www.example.com
192.168.29.200 www.example.com
6.验证
可以看到lb1 现在是192.168.29.100
[root@lb1 conf.d]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:34:e8:e9 brd ff:ff:ff:ff:ff:ffinet 192.168.29.145/24 brd 192.168.29.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet 192.168.29.100/24 scope global secondary ens33:1valid_lft forever preferred_lft foreverinet6 fe80::af4d:69e:aacf:f4e1/64 scope link noprefixroute valid_lft forever preferred_lft forever
lb2 现在是192.168.29.200:
[root@lb2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:da:e1:59 brd ff:ff:ff:ff:ff:ffinet 192.168.29.220/24 brd 192.168.29.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet 192.168.29.200/24 scope global secondary ens33:2valid_lft forever preferred_lft foreverinet6 fe80::b09a:b99e:bc92:62ee/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9073:a63f:e689:8462/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::7514:5e70:5d24:c66e/64 scope link noprefixroute valid_lft forever preferred_lft forever
如果此时在lb1 或者lb2 上 stop Keepalived 会看到100 或者200 飘到另一台机器上:
[root@lb2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:da:e1:59 brd ff:ff:ff:ff:ff:ffinet 192.168.29.220/24 brd 192.168.29.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet 192.168.29.100/24 scope global secondary ens33:1valid_lft forever preferred_lft foreverinet 192.168.29.200/24 scope global secondary ens33:2valid_lft forever preferred_lft foreverinet6 fe80::b09a:b99e:bc92:62ee/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::9073:a63f:e689:8462/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft foreverinet6 fe80::7514:5e70:5d24:c66e/64 scope link noprefixroute valid_lft forever preferred_lft forever
测试机器上测试:
[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web2 222
[root@server ~]# curl 192.168.29.145
web2 222
[root@server ~]# curl 192.168.29.145
web1 221
[root@server ~]# curl 192.168.29.145
web1 221[root@server ~]# curl www.example.com
web2 222
[root@server ~]# curl www.example.com
web2 222
[root@server ~]# curl www.example.com
web1 221
[root@server ~]# curl www.example.com
web2 222
[root@server ~]# curl www.example.com
web1 221
[root@server ~]# curl www.example.com
web1 221
[root@server ~]# curl www.example.com
web2 222