centos7下配置LVS+KeepAlived高可用主备+2台tomcat负载图文篇

Posted 2021-12-23

环境描述：centos7最小化安装

1.环境说明：

名称	IP	说明
master	ens33：192.168.0.61	vip:192.168.0.60
backup	ens33：192.168.0.62	vip:192.168.0.60
tomcat1	ens33：192.168.0.63	负载
tomcat2	ens33：192.168.0.64	负载

测试机在同网段随意一台均可
tomcat安装详细步骤上一篇文章有详细描述，这里不做赘述。

2.安装ipvsadm(管理工具)+keepalived

[[email protected] ~]# yum -y install ipvsadm keepalived

3.创建lvs主备服务器运行脚本程序

[[email protected] ~]# vim /sbin/lvsdr.sh
#!/bin/bash 
VIP=192.168.0.60
RIP1=192.168.0.63
RIP2=192.168.0.64

/etc/rc.d/init.d/functions
case "$1" in
start)
       echo "start LVS of DirectorServer"
       #Set the Virtual IP Address
       /sbin/ifconfig ens33:1 $VIP broadcast $VIP netmask 255.255.255.255 up
       /sbin/route add -host $VIP dev ens33:1
       #Clear IPVS Table
       /sbin/ipvsadm -C
       #Set Lvs Add route link
       /sbin/ipvsadm -A -t $VIP:8080 -s wrr -p 60
       /sbin/ipvsadm -a -t $VIP:8080 -r $RIP1 -g
       /sbin/ipvsadm -a -t $VIP:8080 -r $RIP2 -g
  #      /sbin/ipvsadm -A -t $VIP:80 -s wrr -p 60
  #     /sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g
  #     /sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g
       #Run Lvs
       /sbin/ipvsadm
;;
stop)
echo "Close LVS Directorserver"
/sbin/ifconfig ens33:1 down
/sbin/ipvsadm -C
;;
*)
echo "Usage0start|stop"
exit 1
esac

4.添加权限并执行

[[email protected] ~]# chmod 755 /sbin/lvsdr.sh 
[[email protected] ~]# /sbin/lvsdr.sh start

[[email protected] ~]# ipvsadm -ln
查看路由配置结果，如下图则OK

5.添加到开机启动

[[email protected] ~]# vim /etc/rc.local
/sbin/lvsdr.sh start  #追加此纪录

6.将配置程序SCP到backup，并执行4、5步骤

[[email protected] ~]# scp /sbin/lvsdr.sh 192.168.0.62:/sbin/lvsdr.sh

7.tomcat1创建real服务器运行脚本程序

[[email protected] ~]# vim /sbin/realdr.sh 

#!/bin/bash
VIP=192.168.0.60
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
echo "1">/proc/sys/net/ipv4/conf/default/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/default/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p

8.分配权限并执行

[[email protected] ~]# chmod 755 /sbin/realdr.sh 
[[email protected] ~]# /sbin/realdr.sh start

[[email protected] ~]# ifconfig
可查看到lo:0上已经有了vip地址
（注：最小化安装系统ifconfig命令没有，可yum -y install net-tools进行安装）

9.设置此real运行程序自启动

[[email protected] ~]# vim /etc/rc.local
/sbin/realdr.sh start   #追加此内容

10.将此real运行程序scp到tomcat2，并执行8、9步骤

11.配置keepalived

有个好习惯，配置文件之前，将原有文件备份，以免将来需要还原旧文件，可cp一份，存放目录最自己习惯

[[email protected] ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak

[[email protected] ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs 
   notification_email 
        [email protected]

   
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0


vrrp_instance VI_1 
    state MASTER            #主名称
    interface ens33           #注意主机网卡名称
    virtual_router_id 51     #此id主备有所不同
    priority 100                  #backup优先级应小于master
    advert_int 1
    authentication 
        auth_type PASS
        auth_pass 1111
    
    virtual_ipaddress 
         192.168.0.60         #vip地址，多个的话往后续写即可

    


virtual_server 192.168.0.60 8080 
    delay_loop 6
    lb_algo rr                          #轮询算法
    lb_kind DR                       #模式为DR，最常用，效率高
    persistence_timeout 50
    protocol TCP

    real_server 192.168.0.63 8080 
        weight 1
        SSL_GET 
            url 
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            
            url 
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        
    
    real_server 192.168.0.64 8080 
        weight 1
        SSL_GET 
            url 
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            
            url 
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        
    

12.将master的keepalived配置文件scp到backup

[[email protected] ~]# scp /etc/keepalived/keepalived.conf 192.168.0.62:/etc/keepalived/keepalived.conf
修改名称、id以及优先级

13.开通防火墙端口，或者关闭防火墙

此为防火墙在开启状态，访问被阻，关闭防火墙或者允许页面端口通过都可以。
实验环境可关闭防火墙：

[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

生产环境建议开启端口即可，增强服务器安全性：

[[email protected] tomcat8]# firewall-cmd --permanent --add-port=8080/tcp
success
[[email protected] tomcat8]# firewall-cmd --reload
success

14.在主备启动keepalived

[[email protected] ~]# systemctl restart keepalived

15.访问vip地址

由于是DR轮询，在访问时候会两个tomcat轮流返回页面，挂掉一台后还有一台承担负荷，不至于全网GG。

16.模拟master宕机

可关机、断网、停网卡服务、停keepalived服务、防火墙阻止服务/端口……任你飞
[[email protected] ~]# systemctl stop keepalived #这里停掉master上的keepalived服务
监测日志里可看见已经stop：
[[email protected] ~]# tail -f /var/log/messages

如下图，页面访问不受影响

模拟backup宕机效果一样

17.模拟tomcat1宕机

tomcat1关机后，192.168.0.63:8080已经访问不到，但192.168.0.60:8080页面依然坚挺


至此，搞定
将问题机器处理OK后启动即可。