LVS+Keepalived+DNS 高可用项目
项目架构
主机规划
| 主机 | IP | 角色 | 软件 |
|---|---|---|---|
| lb-master | 172.25.250.105 | 主备负载均衡器 | ipvsadm,keepalived |
| lb-backup | 172.25.250.106 | 同时做web和dns调度 | ipvsadm,keepalived |
| dns-master | 172.25.250.107 | VIP:172.25.250.100 | bind |
| dns-slave | 172.25.250.108 | LVS DNS 节点互为主从同步 | bind |
| web01 | 172.25.250.201 | nginx,bind-utils | |
| web02 | 172.25.250.202 | LVS WEB 节点,VIP:172.25.250.200 | nginx,bind-utils |
| web03 | 172.25.250.203 | nginx,bind-utils |
!!!本章笔记中博主是根据自己的主机规划来修改主机名以及 IP 地址的这一步不是必须的,大家根据自身虚拟机本来的就好,记得哪台主机做的什么角色就行
注意:所有主机的防火墙和 Selinux 都关闭
# 关闭防火墙
systemctl disable --now firewalld
# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
永久挂载仓库
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# cat /etc/fstab
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=589b1fb8-b9eb-461f-ab73-55252609a21e /boot xfs defaults 0 0
UUID=95BF-10A3 /boot/efi vfat umask=0077,shortname=winnt 0 2
/dev/mapper/rhel-swap none swap defaults 0 0
/dev/sr0 /mnt iso9660 defaults 0 0
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# mount -a搭建 DNS 服务
配置主服务 DNS
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname dns-master
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.107 /24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160挂载仓库并下载服务
[root@dns-master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns-master ~]# dnf -y install bind
修改核心配置文件
[root@dns-master ~]# vim /etc/named.conf
[root@dns-master ~]# cat /etc/named.conf
options {
listen-on port 53 { 172.25.250.107;172.25.250.100; };
directory "/var/named";
};
zone "mingyue.com" IN {
type master;
file "mingyue.zone";
allow-transfer { 172.25.250.108; };
};
zone "250.25.172.in-addr.arpa" IN {
type master;
file "mingyue.fanxiang";
allow-transfer { 172.25.250.108; };
};
检查配置文件是否有误(没有消息提示说明配置文件修改没问题,若有根据提示修改配置文件)
[root@dns-master ~]# named-checkconf 编写正向解析区域数据文件
[root@dns-master ~]# vim /var/named/mingyue.zone
[root@dns-master ~]# cat /var/named/mingyue.zone
$TTL 1D
@ IN SOA ns1.mingyue.com. root.mingyue.com. (0 1H 1D 1W 3D)
IN NS ns1.mingyue.com.
IN NS ns2
ns1 IN A 172.25.250.107
ns2 IN A 172.25.250.108
www IN A 172.25.250.200
txt IN TXT "AaBbCcDdEeFf"
检查正向解析区域数据文件是否有误
[root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.zone
zone mingyue.com/IN: loaded serial 0
OK
编写反向解析区域数据文件并检查是否有误
[root@dns-master ~]# cp -a /var/named/mingyue.zone /var/named/mingyue.fanxiang
[root@dns-master ~]# ll /var/named/
total 24
drwxrwx---. 2 named named 6 Aug 28 2024 data
drwxrwx---. 2 named named 6 Aug 28 2024 dynamic
-rw-r--r--. 1 root root 202 Apr 12 14:09 mingyue.fanxiang
-rw-r--r--. 1 root root 202 Apr 12 14:09 mingyue.zone
-rw-r-----. 1 root named 2112 Aug 28 2024 named.ca
-rw-r-----. 1 root named 152 Aug 28 2024 named.empty
-rw-r-----. 1 root named 152 Aug 28 2024 named.localhost
-rw-r-----. 1 root named 168 Aug 28 2024 named.loopback
drwxrwx---. 2 named named 6 Aug 28 2024 slaves
[root@dns-master ~]# vim /var/named/mingyue.fanxiang
[root@dns-master ~]# cat /var/named/mingyue.fanxiang
$TTL 1D
@ IN SOA ns1.mingyue.com. root.mingyue.com. (0 1H 1D 1W 3D)
IN NS ns1.mingyue.com.
IN NS ns2
ns1 IN A 172.25.250.107
ns2 IN A 172.25.250.108
200 IN PTR www.mingyue.com.
txt IN TXT "AaBbCcDdEeFf"
[root@dns-master ~]# named-checkzone mingyue.com /var/named/mingyue.fanxiang
zone mingyue.com/IN: loaded serial 0
OK启动服务并测试
[root@dns-master ~]# systemctl start named
[root@dns-master ~]# dig -t NS mingyue.com @172.25.250.107
; <<>> DiG 9.16.23-RH <<>> -t NS mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14162
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f082f46b7ee541bf0100000067fa0532ff3c047be69773cd (good)
;; QUESTION SECTION:
;mingyue.com. IN NS
;; ANSWER SECTION:
mingyue.com. 86400 IN NS ns1.mingyue.com.
mingyue.com. 86400 IN NS ns2.mingyue.com.
;; ADDITIONAL SECTION:
ns1.mingyue.com. 86400 IN A 172.25.250.107
ns2.mingyue.com. 86400 IN A 172.25.250.108
;; Query time: 2 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:16:18 CST 2025
;; MSG SIZE rcvd: 136
[root@dns-master ~]# dig -t A www.mingyue.com @172.25.250.107
; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10116
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8529c23b6b32e1a60100000067fa0561d02e583eade8e231 (good)
;; QUESTION SECTION:
;www.mingyue.com. IN A
;; ANSWER SECTION:
www.mingyue.com. 86400 IN A 172.25.250.200
;; Query time: 0 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:17:05 CST 2025
;; MSG SIZE rcvd: 88
[root@dns-master ~]# dig -x 172.25.250.200 @172.25.250.107
; <<>> DiG 9.16.23-RH <<>> -x 172.25.250.200 @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d8d9bf0abd0af37d0100000067fa0587155762c6e39574b9 (good)
;; QUESTION SECTION:
;200.250.25.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
200.250.25.172.in-addr.arpa. 86400 IN PTR www.mingyue.com.
;; Query time: 9 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:17:43 CST 2025
;; MSG SIZE rcvd: 113配置从服务 DNS
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname dns-slave
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.108/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
挂载仓库并下载软件
[root@dns-slave ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns-slave ~]# dnf -y install bind
修改核心配置文件
[root@dns-slave ~]# vim /etc/named.conf
[root@dns-slave ~]# cat /etc/named.conf
options {
listen-on port 53 { 172.25.250.108;172.25.250.100; };
directory "/var/named";
};
zone "mingyue.com" IN {
type slave;
file "slaves/mingyue.zone";
masters { 172.25.250.107; };
allow-transfer { none; };
};
zone "250.25.172.in.addr.arpa" IN {
type slave;
masters { 172.25.250.107; };
file "slaves/mingyue.fanxiang";
allow-transfer { none; };
};
检查配置文件是否有误(没有消息提示说明配置文件修改没问题,若有根据提示修改配置文件)
[root@dns-slave ~]# named-checkconf
启动服务并测试(若是没有文件检查防火墙是否关闭)
[root@dns-slave ~]# ls /var/named/slaves
[root@dns-slave ~]# systemctl start named
[root@dns-slave ~]# ls /var/named/slaves/
mingyue.fanxiang mingyue.zone
[root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.107
; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64898
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ce420687d228d5b40100000067fa0d06077ab9fafd700f17 (good)
;; QUESTION SECTION:
;www.mingyue.com. IN A
;; ANSWER SECTION:
www.mingyue.com. 86400 IN A 172.25.250.200
;; Query time: 4 msec
;; SERVER: 172.25.250.107#53(172.25.250.107)
;; WHEN: Sat Apr 12 14:49:42 CST 2025
;; MSG SIZE rcvd: 88
[root@dns-slave ~]# dig -t A www.mingyue.com @172.25.250.108
; <<>> DiG 9.16.23-RH <<>> -t A www.mingyue.com @172.25.250.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14843
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 137473cba75fd4b90100000067fa0d18e153428993edd1ef (good)
;; QUESTION SECTION:
;www.mingyue.com. IN A
;; ANSWER SECTION:
www.mingyue.com. 86400 IN A 172.25.250.200
;; Query time: 2 msec
;; SERVER: 172.25.250.108#53(172.25.250.108)
;; WHEN: Sat Apr 12 14:50:00 CST 2025
;; MSG SIZE rcvd: 88
搭建 web 服务
web01
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname web01
[root@web01 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1753sec preferred_lft 1753sec
inet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
挂载仓库并下载软件
[root@web01 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web01 ~]# dnf -y install nginx
配置 nginx
[root@web01 ~]# vim /etc/nginx/conf.d/web01.conf
[root@web01 ~]# cat /etc/nginx/conf.d/web01.conf
server {
listen 80;
server_name www.mingyue.com;
root /usr/share/nginx/html;
}
修改 DNS
[root@web01 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web01 ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web01 ~]# nmcli d show | grep DNS
IP4.DNS[1]: 172.25.250.100
编写首页
[root@web01 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html
启动服务并测试
[root@web01 ~]# systemctl start nginx
[root@web01 ~]# curl localhost
web01 - 172.25.250.201
web02
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname web02
[root@web02 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 987sec preferred_lft 987sec
inet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute
valid_lft forever preferred_lft forever
挂载仓库并下载软件
[root@web02 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web02 ~]# dnf -y install nginx
配置 nginx
[root@web02 ~]# vim /etc/nginx/conf.d/web02.conf
[root@web02 ~]# cat /etc/nginx/conf.d/web02.conf
server {
listen 80;
server_name www.mingiyue.com;
root /usr/share/nginx/html;
}修改 DNS
[root@web02 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web02 ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web02 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 172.25.250.100
编写首页
[root@web02 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html
启动服务并测试
[root@web02 ~]# systemctl start nginx
[root@web02 ~]# curl localhost
web02 - 172.25.250.202
web03
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname web03
[root@web03 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1027sec preferred_lft 1027sec
inet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute
valid_lft forever preferred_lft forever
挂载仓库并下载软件
[root@web03 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@web03 ~]# dnf -y install nginx
配置 nginx
[root@web03 ~]# vim /etc/nginx/conf.d/web03.conf
[root@web03 ~]# cat /etc/nginx/conf.d/web03.conf
server {
listen 80;
server_name www.mingyue.com;
root /usr/share/nginx/html;
}
修改 DNS
[root@web03 ~]# nmcli c modify ens160 ipv4.dns 172.25.250.100
[root@web03 ~]# nmcli c up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@web03 ~]# nmcli d show ens160 | grep DNS
IP4.DNS[1]: 172.25.250.100
编写首页
[root@web03 ~]# echo $(hostname) - $(hostname -I) > /usr/share/nginx/html/index.html
启动服务并测试
[root@web03 ~]# systemctl start nginx
[root@web03 ~]# curl localhost
web03 - 172.25.250.203搭建 Keepalived 和 LVS
配置master
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname lb-master
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.105/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
挂载仓库并下载软件
[root@lb-master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@lb-master ~]# dnf -y install keepalived ipvsadm bind-utils
配置 Keepalived
[root@lb-master ~]# vim /etc/keepalived/keepalived.conf
[root@lb-master ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_master
}
vrrp_instance VI_web {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200
}
}
virtual_server 172.25.250.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.250.201 80 {
weight 3
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.250.202 80 {
weight 2
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.250.203 80 {
weight 1
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_dns {
state BACKUP
interface ens160
virtual_router_id 52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100
}
}
virtual_server 172.25.250.100 53 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol UDP
real_server 172.25.250.107 53 {
weight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"
}
}
real_server 172.25.250.108 53 {
weight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"
}
}
}
编写检测脚本文件并赋予权限
[root@lb-master ~]# vim /etc/keepalived/checkdns.sh
[root@lb-master ~]# cat /etc/keepalived/checkdns.sh
#!/bin/bash
[ $# -le 2 ] && { echo "usage: $0 -h <ip>"; exit 2; }
domain=$3
while getopts "h:" OPT; do
case $OPT in
h)
host=$OPTARG
;;
*)
echo "usage: $0 -h <ip>" && exit 1
;;
esac
done
dig @${host} txt ${domain} +time=1 | grep "\<AaBbCcDdEeFf\>" > /dev/null
exit $?
[root@lb-master ~]# chmod a+x /etc/keepalived/checkdns.sh
[root@lb-master ~]# ll /etc/keepalived/checkdns.sh
-rwxr-xr-x. 1 root root 411 Apr 12 15:41 /etc/keepalived/checkdns.sh
启动服务
[root@lb-master ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lb-master ~]# systemctl start keepalived.service ipvsadm.service
[root@lb-master ~]# ip a show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:22:88:c0 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.105/24 brd 172.25.250.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 172.25.250.200/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe22:88c0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看 LVS 规则
[root@lb-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.250.200:80 wrr
-> 172.25.250.201:80 Route 3 0 0
-> 172.25.250.202:80 Route 2 0 0
-> 172.25.250.203:80 Route 1 0 0
UDP 172.25.250.100:53 rr
-> 172.25.250.107:53 Route 1 0 0
-> 172.25.250.108:53 Route 1 0 0 配置backup
修改主机名和 IP 地址
[root@localhost ~]# hostnamectl hostname lb-backup
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.106/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
挂载仓库并下载软件
[root@lb-backup ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@lb-backup ~]# dnf -y install keepalived ipvsadm bind-utils
复制 keepalived 的配置文件到 backup 主机中并修改
[root@lb-master ~]# scp /etc/keepalived/keepalived.conf 172.25.250.106:/etc/keepalived
The authenticity of host '172.25.250.106 (172.25.250.106)' can't be established.
ED25519 key fingerprint is SHA256:zQRVAzxowh+vQParI9tLut0o4tqknS8RIH86Oa4QB/A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.25.250.106' (ED25519) to the list of known hosts.
root@172.25.250.106's password:
keepalived.conf 100% 1652 287.3KB/s 00:00
[root@lb-backup ~]# vim /etc/keepalived/keepalived.conf
[root@lb-backup ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_backup
}
vrrp_instance VI_web {
state BACKUP
interface ens160
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.200
}
}
virtual_server 172.25.250.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 172.25.250.201 80 {
weight 3
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.250.202 80 {
weight 2
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 172.25.250.203 80 {
weight 1
TCP_CHECK{
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_dns {
state MASTER
interface ens160
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100
}
}
virtual_server 172.25.250.100 53 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol UDP
real_server 172.25.250.107 53 {
weight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.107 txt.chengke.com"
}
}
real_server 172.25.250.108 53 {
weight 1
MISC_CHECK {
connect_timeout 3
misc_path "/etc/keepalived/checkdns.sh -h 172.25.250.108 txt.chengke.com"
}
}
}
复制检测脚本文件到 backup 主机中
[root@lb-master ~]# scp /etc/keepalived/checkdns.sh 172.25.250.106:/etc/keepalived
root@172.25.250.106's password:
checkdns.sh 100% 411 71.5KB/s 00:00
[root@lb-backup ~]# cd /etc/keepalived/
[root@lb-backup keepalived]# ll
total 8
-rwxr-xr-x. 1 root root 411 Apr 12 15:46 checkdns.sh
-rw-r--r--. 1 root root 1652 Apr 12 15:48 keepalived.conf
启动服务
[root@lb-backup ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@lb-backup ~]# systemctl start keepalived.service ipvsadm.service
[root@lb-backup ~]# ip a show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:66:17:9c brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.106/24 brd 172.25.250.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe66:179c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看 LVS 规则
[root@lb-backup ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.250.200:80 wrr
-> 172.25.250.201:80 Route 3 0 0
-> 172.25.250.202:80 Route 2 0 0
-> 172.25.250.203:80 Route 1 0 0
UDP 172.25.250.100:53 rr
-> 172.25.250.107:53 Route 1 0 0
-> 172.25.250.108:53 Route 1 0 0 DNS 服务器增加 VIP 和配置内核参数
主服务器
增加 VIP
[root@dns-master ~]# ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
[root@dns-master ~]# route add -host 172.25.250.100 dev lo:0
[root@dns-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
配置内核参数
[root@dns-master ~]# vim /etc/sysctl.conf
[root@dns-master ~]# cat /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@dns-master ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
从服务器
增加 VIP
[root@dns-slave ~]# ifconfig lo:0 172.25.250.100 netmask 255.255.255.255 up
[root@dns-slave ~]# route add -host 172.25.250.100 dev lo:0
[root@dns-slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.100/32 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
配置内核参数
[root@dns-slave ~]# vim /etc/sysctl.conf
[root@dns-slave ~]# cat /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@dns-slave ~]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
修改 web 服务器
web01
增加 VIP
[root@web01 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
[root@web01 ~]# route add -host 172.25.250.200 dev lo:0
[root@web01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.200/32 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:68:31:7f brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.201/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1420sec preferred_lft 1420sec
inet6 fe80::20c:29ff:fe68:317f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置内核参数
[root@web01 ~]# vim /etc/sysctl.conf
[root@web01 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0
web02
增加 VIP
[root@web02 ~]# ifconfig lo:0 172.25.250.200 netmask 255.255.255.255 up
[root@web02 ~]# route add -host 172.25.250.200 dev lo:0
[root@web02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.200/32 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:7e:8e:dc brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.202/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1477sec preferred_lft 1477sec
inet6 fe80::20c:29ff:fe7e:8edc/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置内核参数
[root@web02 ~]# vim /etc/sysctl.conf
[root@web02 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0web03
增加 VIP
[root@web03 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.250.200/32 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:12:a5:be brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.250.203/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
valid_lft 1612sec preferred_lft 1612sec
inet6 fe80::20c:29ff:fe12:a5be/64 scope link noprefixroute
valid_lft forever preferred_lft forever
配置内核参数
[root@web03 ~]# vim /etc/sysctl.conf
[root@web03 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.ip_forward = 0测试
[root@client ~]# curl 172.25.250.200
web03 - 172.25.250.203
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202
[root@client ~]# curl 172.25.250.200
web01 - 172.25.250.201
[root@client ~]# curl 172.25.250.200
web03 - 172.25.250.203
[root@client ~]# curl 172.25.250.200
web02 - 172.25.250.202