当前位置: 首页 > news >正文

keeplived双击热备配置

news 2025/7/16 10:20:15

目录

一、主备模式

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

三、基于直接路由(DR)的双击热备

四、配置互为主从模式

操作前准备:准备五台主机,都把其中一个网卡跳到VNET1模式,第二快网卡设置可以联网的网络

一、主备模式

使用两台主机(ip为192.168.100.1和192.168.100.2)

####192.168.100.1
##安装nginx和keeplived
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# echo web1 > /usr/share/nginx/html/index.html
​
[root@web1 ~]# yum install -y keepalived
[root@web1 ~]# cd /etc/keepalived/
[root@web1 keepalived]# ls
keepalived.conf.sample
##修改配置文件
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
​
[root@web1 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web1 keepalived]# systemctl start keepalived.service 
##可以看到起来了三个虚拟IP
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​

####192.168.100.2
[root@web2 ~]# yum install -y nginx
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# echo web2 > /usr/share/nginx/html/index.html
​
[root@web2 ~]# yum install -y keepalived
[root@web2 ~]# cd /etc/keepalived/
[root@web2 keepalived]# ls
keepalived.conf.sample
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
[root@web2 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web2 keepalived]# systemctl start keepalived.service
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主的keepalived断了时,自动切换备用

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主服务起来了,从新提供服务

####192.168.100.1
[root@web1 keepalived]# systemctl start keepalived.service 
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

####192.168.100.1
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103 }
track_script {          #在实例中引用脚本    check_nginx}
}
​
​
[root@web1 keepalived]# vim check_nginx.sh 
Count1=`netstat -antp |grep -v grep |grep nginx |wc -l`
if [ $Count1 -eq 0 ]; then systemctl restart nginxsleep 2  Count2=`netstat -antp |grep -v grep |grep nginx |wc -l`if [ $Count2 -eq 0 ]; then service keepalived stop      else      exit 0  fi
else   exit 0  
fi 
​
[root@web1 keepalived]# chmod +x check_nginx.sh 
​
[root@web1 keepalived]# systemctl restart keepalived.service 
####192.168.100.2
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
track_script {          #在实例中引用脚本    check_nginx}
}
​
[root@web2 keepalived]# chmod +x check_nginx.sh 
[root@web2 keepalived]# ls
check_nginx.sh  keepalived.conf  keepalived.conf.sample
​
[root@web2 keepalived]# systemctl restart keepalived.service

三、基于直接路由(DR)的双击热备

另外再准备两台主机(ip为192.168.100.100和192.168.100.10)作为服务器,前面两台作为真实访问的服务器

第一台服务器配置,指定一个访问路径下必须存在的一个文件test.html,否则无法访问

####192.168.100.100
##安装ipvsadm和keepalived服务
[root@lvs1 ~]# yum install -y ipvsadm
[root@lvs1 ~]# modprobe ip_vs
​
[root@lvs1 ~]# yum install -y keepalived
##编辑配置文件指向访问的真实服务器
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
​
[root@lvs1 ~]# systemctl start keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:5c brd ff:ff:ff:ff:ff:ffinet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b5c/64 scope link noprefixroute valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:66 brd ff:ff:ff:ff:ff:ffinet 192.168.58.180/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b66/64 scope link noprefixroute valid_lft forever preferred_lft forever

第二台服务器配置

####192.168.100.10
[root@lvs2 ~]# yum install -y ipvsadm
[root@lvs2 ~]# modprobe ip_vs
​
[root@lvs2 ~]# yum install -y keepalived
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs2 ~]# systemctl start keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0      

关闭两台真实访问的服务器的keepalived服务,防止干扰,配好路由,同时创建一个检测文件test.html,,当这文件不存在时,无法访问

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
[root@web1 keepalived]# cd /usr/share/nginx/html/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web1 html]# echo test > test.html
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
​
[root@web1 html]# cat test.html 
test
[root@web1 html]# cd
[root@web1 ~]# ifconfig lo:0 192.168.100.103/32
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web1 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# route add -host 192.168.100.103 dev lo:0
[root@web1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo
​
####192.168.100.2
[root@web2 keepalived]# systemctl stop keepalived.service 
[root@web2 keepalived]# cd /usr/share/nginx/html/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web2 html]# echo test > test.html
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
[root@web2 html]# cat test.html 
test
[root@web2 html]# cd
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web2 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# route add -host 192.168.100.103 dev lo:0
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

添加一个sorry服务,当访问不到test,html文件时,将访问sorry服务

####192.168.100.1
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service 
####192.168.100.2
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service

再加一台主机(ip为192.168.100.203),写好访问的sorry内容

####192.168.100.203
[root@bogon ~]# yum install -y nginx
[root@bogon ~]# systemctl start nginx
[root@bogon ~]# echo sorry > /usr/share/nginx/html/index.html
[root@bogon ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# route add -host 192.168.100.103 dev lo:0
[root@bogon ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    102    0        0 ens33
192.168.58.0    0.0.0.0         255.255.255.0   U     102    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     101    0        0 ens34
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

把192.168.100.1和192.168.100.2的test.html文件移到/opt目录下

####192.168.100.1
[root@web1 html]# mv test.html /opt/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
####192.168.100.2
[root@web2 html]# mv test.html /opt/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png

四、配置互为主从模式

把访问文件移动回来

####192.168.100.1
[root@web1 html]# mv /opt/test.html  ./
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
####192.168.100.2
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html

编辑服务器的互为主从的配置文件

####192.168.100.100
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
##后面再加上
vrrp_instance VI_2 {state BACKUPinterface ens160virtual_router_id 52priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
[root@lvs1 ~]# systemctl restart keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0    
####192.168.100.10
[root@lvs2 ~]# vim keepalived.conf
##后面加上
vrrp_instance VI_2 {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}[root@lvs2 ~]# systemctl restart keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0

文章转载自:
http://capework.tmizpp.cn
http://animate.tmizpp.cn
http://anarthrous.tmizpp.cn
http://blackfin.tmizpp.cn
http://bayonet.tmizpp.cn
http://atherosis.tmizpp.cn
http://akyab.tmizpp.cn
http://aeroginous.tmizpp.cn
http://adminicle.tmizpp.cn
http://calyptra.tmizpp.cn
http://ceilinged.tmizpp.cn
http://cerebrotonia.tmizpp.cn
http://brutism.tmizpp.cn
http://absorptive.tmizpp.cn
http://batch.tmizpp.cn
http://blacksnake.tmizpp.cn
http://bannerman.tmizpp.cn
http://boshbok.tmizpp.cn
http://capulet.tmizpp.cn
http://astrodome.tmizpp.cn
http://canine.tmizpp.cn
http://burgeon.tmizpp.cn
http://camas.tmizpp.cn
http://accuser.tmizpp.cn
http://centaurus.tmizpp.cn
http://brecknock.tmizpp.cn
http://boltrope.tmizpp.cn
http://cart.tmizpp.cn
http://basin.tmizpp.cn
http://cacorhythmic.tmizpp.cn
http://www.dtcms.com/a/281322.html

相关文章:

  • chrome浏览器(chrome138.0.0.0 )无法安装扩展程序,因为它使用了不受支持的清单版本解决方案
  • GAMES101 lec2-数学基础1(线性代数)
  • 03 51单片机之独立按键控制LED状态
  • HCIA第三次综合实验:VLAN
  • 连接new服务器注意事项
  • Java核心类库深度解析与实战:从字符串处理到计算器开发
  • 外网如何连接内网中的mysql数据库服务?跨网直接访问操作,不用公网IP
  • 人机协作系列(四)AI编程的下一个范式革命——看Factory AI如何重构软件工程?
  • 力扣——1071. 字符串的最大公因子
  • 解密AWS VPC路由表:显式关联与隐式关联,谁决定了网络出口?
  • 深入剖析Java并发基石:AQS原理与实战
  • java 并发面试题2
  • 【Java篇】IntelliJ IDEA 安装与基础配置指南
  • Linux操作系统从入门到实战(十)Linux开发工具(下)make/Makefile的推导过程与扩展语法
  • 大模型在1型糖尿病肾病V期预测及治疗方案制定中的应用研究
  • 快速了解 HTTPS
  • MyBatis Plus功能增强全解析:从手写SQL到优雅开发的进阶指南
  • 16、鸿蒙Harmony Next开发:组件扩展
  • KeilMDK5如何生成.bin文件
  • 项目进度跨地域团队协作困难,如何统一进度安排
  • PHP语法高级篇(三):Cookie与会话
  • Redis中的红锁
  • ADC采集、缓存
  • Axios 完整功能介绍和完整示例演示
  • 映美打印机-URL页面打印
  • Spring MVC 执行流程详解:一次请求经历了什么?
  • 微信小程序:在ios中border边框显示不全
  • XCTF-repeater三链破盾:PIE泄露+ROP桥接+Shellcode执行的艺术
  • PyTorch 数据加载实战:从 CSV 到图像的全流程解析
  • 股指期货主连和次主连的区别是什么?