LVS+keepalived实战案例

目录

部署LVS

安装软件

创建VIP

创建保存规则文件

给RS添加规则

验证规则

部署RS端

安装软件

页面内容

添加VIP

配置系统ARP

传输到rs-2

客户端测试

查看规则文件

实现keepalived

编辑配置文件

传输文件给backup

修改backup的配置文件

开启keepalived服务

查看VIP

停止master查看VIP是否漂移

测试访问

LVS的高可用已实现

部署LVS

安装软件

[root@lvs-master ~]# yum install ipvsadm keepalived -y[root@lvs-backup ~]# yum install ipvsadm keepalived -y

创建VIP

[root@lvs-master ~]# ip a a dev ens160 192.168.193.20/32[root@lvs-backup ~]# ip a a dev ens160 192.168.193.20/32

创建保存规则文件

[root@lvs-master ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@lvs-master ~]# systemctl start ipvsadm[root@lvs-backup ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@lvs-backup ~]# systemctl start ipvsadm

给RS添加规则

[root@lvs-master ~]# ipvsadm -A -t 192.168.193.20:80 -s rr
[root@lvs-master ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.162:80 -g
[root@lvs-master ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.163:80 -g[root@lvs-backup ~]# ipvsadm -A -t 192.168.193.20:80 -s rr
[root@lvs-backup ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.162:80 -g
[root@lvs-backup ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.163:80 -g

验证规则

[root@lvs-master ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.193.20:80 rr-> 192.168.193.162:80           Route   1      0          0         -> 192.168.193.163:80           Route   1      0          0  [root@lvs-backup ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.193.20:80 rr-> 192.168.193.162:80           Route   1      0          0         -> 192.168.193.163:80           Route   1      0          0  

部署RS端

安装软件

[root@rs-1 ~]# yum install -y nginx[root@rs-1 ~]# systemctl start nginx[root@rs-2 ~]# yum install -y nginx[root@rs-2 ~]# systemctl start nginx

页面内容

[root@rs-1 ~]# echo "rs-1" > /usr/share/nginx/html/index.html[root@rs-2 ~]# echo "rs-2" > /usr/share/nginx/html/index.html

添加VIP

[root@rs-1 ~]# ip a a dev lo 192.168.193.20/32[root@rs-2 ~]# ip a a dev lo 192.168.193.20/32

配置系统ARP

忽略ARP广播

匹配精确ip地址回包

[root@rs-1 ~]# vim /etc/sysctl.conf
[root@rs-1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2

传输到rs-2

[root@rs-1 ~]# scp /etc/sysctl.conf root@192.168.193.163:/etc/sysctl.conf
The authenticity of host '192.168.193.163 (192.168.193.163)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.163' (ED25519) to the list of known hosts.
root@192.168.193.163's password: 
sysctl.conf                               100%  584   893.1KB/s   00:00  [root@rs-2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2

客户端测试

[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1

查看规则文件

增加了访问次数

[root@lvs-master ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.193.20:80 rr-> 192.168.193.162:80           Route   1      0          0         -> 192.168.193.163:80           Route   1      0          0 

实现keepalived

编辑配置文件

[root@lvs-master ~]# cd /etc/keepalived/
[root@lvs-master keepalived]# ls
keepalived.conf[root@lvs-master keepalived]# cat keepalived.conf
! Configuration File for keepalivedglobal_defs {router_id master
}vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 80priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.193.20/24}
}
virtual_server 192.168.193.20 80 {delay_loop 3lb_algo rrlb_kind DRprotocol TCPreal_server 192.168.193.162 80 {weight 1inhibit_on_failure TCP_CHECK {connect_port 80 connect_timeout 3  } }	real_server 192.168.193.163 80 {weight 1inhibit_on_failureTCP_CHECK {     connect_port 80 connect_timeout 3}}}

传输文件给backup

[root@lvs-master keepalived]# scp /etc/keepalived/keepalived.conf root@192.168.193.165:/etc/keepalived/keepalived.conf
The authenticity of host '192.168.193.165 (192.168.193.165)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.165' (ED25519) to the list of known hosts.
root@192.168.193.165's password: 
keepalived.conf                                    100%  771     1.0MB/s   00:00 

修改backup的配置文件

nopreempt  #不抢占资源

[root@lvs-backup ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalivedglobal_defs {router_id backup
}vrrp_instance VI_1 {state BACKUPinterface ens160nopreemptvirtual_router_id 80priority 50advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.193.20/24}
}
virtual_server 192.168.193.20 80 {delay_loop 3lb_algo rrlb_kind DRprotocol TCPreal_server 192.168.193.162 80 {weight 1inhibit_on_failure TCP_CHECK {connect_port 80 connect_timeout 3  } }	real_server 192.168.193.163 80 {weight 1inhibit_on_failureTCP_CHECK {     connect_port 80 connect_timeout 3}}}

开启keepalived服务

[root@lvs-master ~]# systemctl start keepalived
[root@lvs-master ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; preset: d>Active: active (running) since Tue 2025-05-13 20:27:23 CST; 7s agoMain PID: 17223 (keepalived)Tasks: 3 (limit: 5900)Memory: 2.2M[root@lvs-backup ~]# systemctl start keepalived
[root@lvs-backup ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability MonitorLoaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; preset: d>Active: active (running) since Tue 2025-05-13 20:28:13 CST; 6s agoMain PID: 6321 (keepalived)Tasks: 3 (limit: 5900)

查看VIP

[root@lvs-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:1a:14:ce brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 192.168.193.164/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160valid_lft 1581sec preferred_lft 1581secinet 192.168.193.20/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.193.20/24 scope global secondary ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe1a:14ce/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@lvs-backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:e1:d9:00 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 192.168.193.165/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160valid_lft 1067sec preferred_lft 1067secinet 192.168.193.20/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee1:d900/64 scope link noprefixroute valid_lft forever preferred_lft forever

停止master查看VIP是否漂移

[root@lvs-master ~]# systemctl stop keepalived
[root@lvs-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:1a:14:ce brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 192.168.193.164/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160valid_lft 1413sec preferred_lft 1413secinet 192.168.193.20/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe1a:14ce/64 scope link noprefixroute valid_lft forever preferred_lft forever[root@lvs-backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:e1:d9:00 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 192.168.193.165/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160valid_lft 1795sec preferred_lft 1795secinet 192.168.193.20/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.193.20/24 scope global secondary ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee1:d900/64 scope link noprefixroute valid_lft forever preferred_lft forever

测试访问

[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1

LVS的高可用已实现