目录
部署LVS
安装软件
[root@lvs-master ~]# yum install ipvsadm keepalived -y
[root@lvs-backup ~]# yum install ipvsadm keepalived -y创建VIP
[root@lvs-master ~]# ip a a dev ens160 192.168.193.20/32
[root@lvs-backup ~]# ip a a dev ens160 192.168.193.20/32创建保存规则文件
[root@lvs-master ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@lvs-master ~]# systemctl start ipvsadm
[root@lvs-backup ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@lvs-backup ~]# systemctl start ipvsadm给RS添加规则
[root@lvs-master ~]# ipvsadm -A -t 192.168.193.20:80 -s rr
[root@lvs-master ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.162:80 -g
[root@lvs-master ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.163:80 -g
[root@lvs-backup ~]# ipvsadm -A -t 192.168.193.20:80 -s rr
[root@lvs-backup ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.162:80 -g
[root@lvs-backup ~]# ipvsadm -a -t 192.168.193.20:80 -r 192.168.193.163:80 -g
验证规则
[root@lvs-master ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.193.20:80 rr
-> 192.168.193.162:80 Route 1 0 0
-> 192.168.193.163:80 Route 1 0 0
[root@lvs-backup ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.193.20:80 rr
-> 192.168.193.162:80 Route 1 0 0
-> 192.168.193.163:80 Route 1 0 0 部署RS端
安装软件
[root@rs-1 ~]# yum install -y nginx
[root@rs-1 ~]# systemctl start nginx
[root@rs-2 ~]# yum install -y nginx
[root@rs-2 ~]# systemctl start nginx页面内容
[root@rs-1 ~]# echo "rs-1" > /usr/share/nginx/html/index.html
[root@rs-2 ~]# echo "rs-2" > /usr/share/nginx/html/index.html添加VIP
[root@rs-1 ~]# ip a a dev lo 192.168.193.20/32
[root@rs-2 ~]# ip a a dev lo 192.168.193.20/32配置系统ARP
忽略ARP广播
匹配精确ip地址回包
[root@rs-1 ~]# vim /etc/sysctl.conf
[root@rs-1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2传输到rs-2
[root@rs-1 ~]# scp /etc/sysctl.conf root@192.168.193.163:/etc/sysctl.conf
The authenticity of host '192.168.193.163 (192.168.193.163)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.163' (ED25519) to the list of known hosts.
root@192.168.193.163's password:
sysctl.conf 100% 584 893.1KB/s 00:00
[root@rs-2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
客户端测试
[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1
查看规则文件
增加了访问次数
[root@lvs-master ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.193.20:80 rr
-> 192.168.193.162:80 Route 1 0 0
-> 192.168.193.163:80 Route 1 0 0 实现keepalived
编辑配置文件
[root@lvs-master ~]# cd /etc/keepalived/
[root@lvs-master keepalived]# ls
keepalived.conf
[root@lvs-master keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 80
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.20/24
}
}
virtual_server 192.168.193.20 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.193.162 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
real_server 192.168.193.163 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
}
传输文件给backup
[root@lvs-master keepalived]# scp /etc/keepalived/keepalived.conf root@192.168.193.165:/etc/keepalived/keepalived.conf
The authenticity of host '192.168.193.165 (192.168.193.165)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.165' (ED25519) to the list of known hosts.
root@192.168.193.165's password:
keepalived.conf 100% 771 1.0MB/s 00:00 修改backup的配置文件
nopreempt #不抢占资源
[root@lvs-backup ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id backup
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
nopreempt
virtual_router_id 80
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.20/24
}
}
virtual_server 192.168.193.20 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.193.162 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
real_server 192.168.193.163 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
}
开启keepalived服务
[root@lvs-master ~]# systemctl start keepalived
[root@lvs-master ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; preset: d>
Active: active (running) since Tue 2025-05-13 20:27:23 CST; 7s ago
Main PID: 17223 (keepalived)
Tasks: 3 (limit: 5900)
Memory: 2.2M
[root@lvs-backup ~]# systemctl start keepalived
[root@lvs-backup ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; preset: d>
Active: active (running) since Tue 2025-05-13 20:28:13 CST; 6s ago
Main PID: 6321 (keepalived)
Tasks: 3 (limit: 5900)
查看VIP
[root@lvs-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:1a:14:ce brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.164/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160
valid_lft 1581sec preferred_lft 1581sec
inet 192.168.193.20/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.193.20/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1a:14ce/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@lvs-backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:e1:d9:00 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.165/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160
valid_lft 1067sec preferred_lft 1067sec
inet 192.168.193.20/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee1:d900/64 scope link noprefixroute
valid_lft forever preferred_lft forever
停止master查看VIP是否漂移
[root@lvs-master ~]# systemctl stop keepalived
[root@lvs-master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:1a:14:ce brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.164/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160
valid_lft 1413sec preferred_lft 1413sec
inet 192.168.193.20/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1a:14ce/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@lvs-backup ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:e1:d9:00 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.165/24 brd 192.168.193.255 scope global dynamic noprefixroute ens160
valid_lft 1795sec preferred_lft 1795sec
inet 192.168.193.20/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.193.20/24 scope global secondary ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee1:d900/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试访问
[root@localhost ~]# curl 192.168.193.20
rs-1
[root@localhost ~]# curl 192.168.193.20
rs-2
[root@localhost ~]# curl 192.168.193.20
rs-1