当前位置: 首页 > web >正文

keeplived双击热备配置

web 2025/7/16 9:01:08

目录

一、主备模式

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

三、基于直接路由(DR)的双击热备

四、配置互为主从模式

操作前准备:准备五台主机,都把其中一个网卡跳到VNET1模式,第二快网卡设置可以联网的网络

一、主备模式

使用两台主机(ip为192.168.100.1和192.168.100.2)

####192.168.100.1
##安装nginx和keeplived
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# echo web1 > /usr/share/nginx/html/index.html
​
[root@web1 ~]# yum install -y keepalived
[root@web1 ~]# cd /etc/keepalived/
[root@web1 keepalived]# ls
keepalived.conf.sample
##修改配置文件
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
​
[root@web1 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web1 keepalived]# systemctl start keepalived.service 
##可以看到起来了三个虚拟IP
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​

####192.168.100.2
[root@web2 ~]# yum install -y nginx
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# echo web2 > /usr/share/nginx/html/index.html
​
[root@web2 ~]# yum install -y keepalived
[root@web2 ~]# cd /etc/keepalived/
[root@web2 keepalived]# ls
keepalived.conf.sample
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
[root@web2 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web2 keepalived]# systemctl start keepalived.service
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主的keepalived断了时,自动切换备用

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主服务起来了,从新提供服务

####192.168.100.1
[root@web1 keepalived]# systemctl start keepalived.service 
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

####192.168.100.1
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103 }
track_script {          #在实例中引用脚本    check_nginx}
}
​
​
[root@web1 keepalived]# vim check_nginx.sh 
Count1=`netstat -antp |grep -v grep |grep nginx |wc -l`
if [ $Count1 -eq 0 ]; then systemctl restart nginxsleep 2  Count2=`netstat -antp |grep -v grep |grep nginx |wc -l`if [ $Count2 -eq 0 ]; then service keepalived stop      else      exit 0  fi
else   exit 0  
fi 
​
[root@web1 keepalived]# chmod +x check_nginx.sh 
​
[root@web1 keepalived]# systemctl restart keepalived.service 
####192.168.100.2
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
track_script {          #在实例中引用脚本    check_nginx}
}
​
[root@web2 keepalived]# chmod +x check_nginx.sh 
[root@web2 keepalived]# ls
check_nginx.sh  keepalived.conf  keepalived.conf.sample
​
[root@web2 keepalived]# systemctl restart keepalived.service

三、基于直接路由(DR)的双击热备

另外再准备两台主机(ip为192.168.100.100和192.168.100.10)作为服务器,前面两台作为真实访问的服务器

第一台服务器配置,指定一个访问路径下必须存在的一个文件test.html,否则无法访问

####192.168.100.100
##安装ipvsadm和keepalived服务
[root@lvs1 ~]# yum install -y ipvsadm
[root@lvs1 ~]# modprobe ip_vs
​
[root@lvs1 ~]# yum install -y keepalived
##编辑配置文件指向访问的真实服务器
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
​
[root@lvs1 ~]# systemctl start keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:5c brd ff:ff:ff:ff:ff:ffinet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b5c/64 scope link noprefixroute valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:66 brd ff:ff:ff:ff:ff:ffinet 192.168.58.180/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b66/64 scope link noprefixroute valid_lft forever preferred_lft forever

第二台服务器配置

####192.168.100.10
[root@lvs2 ~]# yum install -y ipvsadm
[root@lvs2 ~]# modprobe ip_vs
​
[root@lvs2 ~]# yum install -y keepalived
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs2 ~]# systemctl start keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0      

关闭两台真实访问的服务器的keepalived服务,防止干扰,配好路由,同时创建一个检测文件test.html,,当这文件不存在时,无法访问

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
[root@web1 keepalived]# cd /usr/share/nginx/html/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web1 html]# echo test > test.html
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
​
[root@web1 html]# cat test.html 
test
[root@web1 html]# cd
[root@web1 ~]# ifconfig lo:0 192.168.100.103/32
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web1 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# route add -host 192.168.100.103 dev lo:0
[root@web1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo
​
####192.168.100.2
[root@web2 keepalived]# systemctl stop keepalived.service 
[root@web2 keepalived]# cd /usr/share/nginx/html/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web2 html]# echo test > test.html
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
[root@web2 html]# cat test.html 
test
[root@web2 html]# cd
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web2 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# route add -host 192.168.100.103 dev lo:0
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

添加一个sorry服务,当访问不到test,html文件时,将访问sorry服务

####192.168.100.1
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service 
####192.168.100.2
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service

再加一台主机(ip为192.168.100.203),写好访问的sorry内容

####192.168.100.203
[root@bogon ~]# yum install -y nginx
[root@bogon ~]# systemctl start nginx
[root@bogon ~]# echo sorry > /usr/share/nginx/html/index.html
[root@bogon ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# route add -host 192.168.100.103 dev lo:0
[root@bogon ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    102    0        0 ens33
192.168.58.0    0.0.0.0         255.255.255.0   U     102    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     101    0        0 ens34
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

把192.168.100.1和192.168.100.2的test.html文件移到/opt目录下

####192.168.100.1
[root@web1 html]# mv test.html /opt/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
####192.168.100.2
[root@web2 html]# mv test.html /opt/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png

四、配置互为主从模式

把访问文件移动回来

####192.168.100.1
[root@web1 html]# mv /opt/test.html  ./
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
####192.168.100.2
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html

编辑服务器的互为主从的配置文件

####192.168.100.100
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
##后面再加上
vrrp_instance VI_2 {state BACKUPinterface ens160virtual_router_id 52priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
[root@lvs1 ~]# systemctl restart keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0    
####192.168.100.10
[root@lvs2 ~]# vim keepalived.conf
##后面加上
vrrp_instance VI_2 {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}[root@lvs2 ~]# systemctl restart keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0
http://www.xdnf.cn/news/15564.html

相关文章:

  • Spring Security 实践及源码学习
  • 如何轻松将音乐从安卓设备传输到安卓设备
  • 504网关超时可能是哪些原因导致?
  • 短剧小程序的「技术革命」:从「粗放生长」到「精准运营」
  • Docker镜像导入、导出操作指南
  • 工业喷涂机器人的革新:艾利特协作机器人引领人机交互新纪元
  • Zookeeper入门安装与使用详解
  • PyTorch 数据加载实战:从 CSV 到图像的全流程解析
  • OpenCV 对数变换函数logTransform()
  • 手提式干粉灭火器检查工作,如何做到可执行、可追溯、可管理?
  • 基于深度学习的LSTM、GRU对大数据交通流量分析与预测的研究
  • 06-C语言:第06天笔记
  • 通过 1Panel MCP 自动部署静态网站
  • Flink Watermark原理与实战
  • Python 中 sys 库的全面解析与实战应用​
  • Agentic AI 的威胁与缓解措施
  • 【编程】-环形缓冲区
  • Basilisk库教程(二)
  • TimSort 类:论Arrays.sort的稳定性
  • Axios 和 Promise 区别对比
  • 小智完整MCP交互流程(以调节音量为例)
  • 网络基础10--ACL与包过滤
  • 从浏览器到服务器:TCP 段的网络传输之旅
  • 微信小程序翻书效果
  • Linux修改ssh默认端口,禁止root登录,禁止密码登录并同时开启公钥认证
  • 笔试——Day9
  • 【机器学习深度学习】大模型推理速度与私有化部署的价值分析
  • 前端开发常见问题技术文章大纲
  • 企业级实时流处理:Kafka Streams完整解决方案
  • html js express 连接数据库mysql