当前位置: 首页 > news >正文

keeplived双击热备配置

news 2025/7/16 9:48:44

目录

一、主备模式

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

三、基于直接路由(DR)的双击热备

四、配置互为主从模式

操作前准备:准备五台主机,都把其中一个网卡跳到VNET1模式,第二快网卡设置可以联网的网络

一、主备模式

使用两台主机(ip为192.168.100.1和192.168.100.2)

####192.168.100.1
##安装nginx和keeplived
[root@web1 ~]# yum install -y nginx
[root@web1 ~]# systemctl start nginx
[root@web1 ~]# echo web1 > /usr/share/nginx/html/index.html
​
[root@web1 ~]# yum install -y keepalived
[root@web1 ~]# cd /etc/keepalived/
[root@web1 keepalived]# ls
keepalived.conf.sample
##修改配置文件
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
​
[root@web1 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web1 keepalived]# systemctl start keepalived.service 
##可以看到起来了三个虚拟IP
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​

####192.168.100.2
[root@web2 ~]# yum install -y nginx
[root@web2 ~]# systemctl start nginx
[root@web2 ~]# echo web2 > /usr/share/nginx/html/index.html
​
[root@web2 ~]# yum install -y keepalived
[root@web2 ~]# cd /etc/keepalived/
[root@web2 keepalived]# ls
keepalived.conf.sample
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
}
​
[root@web2 keepalived]# ls
keepalived.conf  keepalived.conf.sample
[root@web2 keepalived]# systemctl start keepalived.service
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主的keepalived断了时,自动切换备用

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

当主服务起来了,从新提供服务

####192.168.100.1
[root@web1 keepalived]# systemctl start keepalived.service 
[root@web1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.101/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.102/32 scope global ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
​
####192.168.100.2
[root@web2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:5d brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:885d/64 scope link noprefixroute valid_lft forever preferred_lft forever
5: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:80:88:67 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe80:8867/64 scope link noprefixroute valid_lft forever preferred_lft forever

二、添加检测nginx服务是否正常脚本,不正常则关闭keepalived服务

####192.168.100.1
[root@web1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web1
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103 }
track_script {          #在实例中引用脚本    check_nginx}
}
​
​
[root@web1 keepalived]# vim check_nginx.sh 
Count1=`netstat -antp |grep -v grep |grep nginx |wc -l`
if [ $Count1 -eq 0 ]; then systemctl restart nginxsleep 2  Count2=`netstat -antp |grep -v grep |grep nginx |wc -l`if [ $Count2 -eq 0 ]; then service keepalived stop      else      exit 0  fi
else   exit 0  
fi 
​
[root@web1 keepalived]# chmod +x check_nginx.sh 
​
[root@web1 keepalived]# systemctl restart keepalived.service 
####192.168.100.2
[root@web2 keepalived]# vim keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id web2
}
vrrp_script check_nginx {script /etc/keepalived/check_nginx.sh    #检测脚本interval 2   #执行间隔时间
}
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 3authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.101192.168.100.102192.168.100.103}
track_script {          #在实例中引用脚本    check_nginx}
}
​
[root@web2 keepalived]# chmod +x check_nginx.sh 
[root@web2 keepalived]# ls
check_nginx.sh  keepalived.conf  keepalived.conf.sample
​
[root@web2 keepalived]# systemctl restart keepalived.service

三、基于直接路由(DR)的双击热备

另外再准备两台主机(ip为192.168.100.100和192.168.100.10)作为服务器,前面两台作为真实访问的服务器

第一台服务器配置,指定一个访问路径下必须存在的一个文件test.html,否则无法访问

####192.168.100.100
##安装ipvsadm和keepalived服务
[root@lvs1 ~]# yum install -y ipvsadm
[root@lvs1 ~]# modprobe ip_vs
​
[root@lvs1 ~]# yum install -y keepalived
##编辑配置文件指向访问的真实服务器
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
​
[root@lvs1 ~]# systemctl start keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
[root@lvs1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:5c brd ff:ff:ff:ff:ff:ffinet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 192.168.100.103/32 scope global ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b5c/64 scope link noprefixroute valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:16:2b:66 brd ff:ff:ff:ff:ff:ffinet 192.168.58.180/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe16:2b66/64 scope link noprefixroute valid_lft forever preferred_lft forever

第二台服务器配置

####192.168.100.10
[root@lvs2 ~]# yum install -y ipvsadm
[root@lvs2 ~]# modprobe ip_vs
​
[root@lvs2 ~]# yum install -y keepalived
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state BACKUPinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCP
​real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
​
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@lvs2 ~]# systemctl start keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0      

关闭两台真实访问的服务器的keepalived服务,防止干扰,配好路由,同时创建一个检测文件test.html,,当这文件不存在时,无法访问

####192.168.100.1
[root@web1 keepalived]# systemctl stop keepalived.service 
[root@web1 keepalived]# cd /usr/share/nginx/html/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web1 html]# echo test > test.html
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
​
[root@web1 html]# cat test.html 
test
[root@web1 html]# cd
[root@web1 ~]# ifconfig lo:0 192.168.100.103/32
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.182/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web1 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web1 ~]# route add -host 192.168.100.103 dev lo:0
[root@web1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo
​
####192.168.100.2
[root@web2 keepalived]# systemctl stop keepalived.service 
[root@web2 keepalived]# cd /usr/share/nginx/html/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png
[root@web2 html]# echo test > test.html
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
[root@web2 html]# cat test.html 
test
[root@web2 html]# cd
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet 192.168.100.103/0 scope global lo:0valid_lft forever preferred_lft foreverinet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:cd brd ff:ff:ff:ff:ff:ffinet 192.168.100.2/24 brd 192.168.100.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9cd/64 scope link noprefixroute valid_lft forever preferred_lft forever
7: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:66:09:d7 brd ff:ff:ff:ff:ff:ffinet 192.168.58.181/24 brd 192.168.58.255 scope global noprefixroute ens224valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe66:9d7/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@web2 ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
[root@web2 ~]# ifconfig lo:0 192.168.100.103/32
[root@web2 ~]# route add -host 192.168.100.103 dev lo:0
[root@web2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    101    0        0 ens224
127.0.0.0       0.0.0.0         255.0.0.0       U     30     0        0 lo
192.168.58.0    0.0.0.0         255.255.255.0   U     101    0        0 ens224
192.168.100.0   0.0.0.0         255.255.255.0   U     100    0        0 ens160
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

添加一个sorry服务,当访问不到test,html文件时,将访问sorry服务

####192.168.100.1
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS1
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service 
####192.168.100.2
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
​
global_defs {router_id LVS2
}
​
vrrp_instance VI_1 {state MASTERinterface ens160virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.103}
}
​
virtual_server 192.168.100.103 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
​real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
​
[root@lvs2 ~]# systemctl start keepalived.service

再加一台主机(ip为192.168.100.203),写好访问的sorry内容

####192.168.100.203
[root@bogon ~]# yum install -y nginx
[root@bogon ~]# systemctl start nginx
[root@bogon ~]# echo sorry > /usr/share/nginx/html/index.html
[root@bogon ~]# vim /etc/sysctl.conf 
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# sysctl -p
kernel.sysrq = 0
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
kernel.dmesg_restrict = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
​
[root@bogon ~]# route add -host 192.168.100.103 dev lo:0
[root@bogon ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.58.2    0.0.0.0         UG    102    0        0 ens33
192.168.58.0    0.0.0.0         255.255.255.0   U     102    0        0 ens33
192.168.100.0   0.0.0.0         255.255.255.0   U     101    0        0 ens34
192.168.100.103 0.0.0.0         255.255.255.255 UH    0      0        0 lo

把192.168.100.1和192.168.100.2的test.html文件移到/opt目录下

####192.168.100.1
[root@web1 html]# mv test.html /opt/
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png
####192.168.100.2
[root@web2 html]# mv test.html /opt/
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png

四、配置互为主从模式

把访问文件移动回来

####192.168.100.1
[root@web1 html]# mv /opt/test.html  ./
[root@web1 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html
####192.168.100.2
[root@web2 html]# ls
404.html  50x.html  index.html  nginx-logo.png  test.html

编辑服务器的互为主从的配置文件

####192.168.100.100
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
##后面再加上
vrrp_instance VI_2 {state BACKUPinterface ens160virtual_router_id 52priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}
[root@lvs1 ~]# systemctl restart keepalived.service 
[root@lvs1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0    
####192.168.100.10
[root@lvs2 ~]# vim keepalived.conf
##后面加上
vrrp_instance VI_2 {state MASTERinterface ens160virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.100.104}
}virtual_server 192.168.100.104 80 {delay_loop 6lb_algo rrlb_kind DRpersistence_timeout 50protocol TCPsorry_server 192.168.100.203 80real_server 192.168.100.1 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}real_server 192.168.100.2 80 {weight 1HTTP_GET {url {path /test.html}connect_timeout 3retry 3delay_before_retry 3}}
}[root@lvs2 ~]# systemctl restart keepalived.service 
[root@lvs2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.103:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0         
TCP  192.168.100.104:80 rr persistent 50-> 192.168.100.1:80             Route   1      0          0         -> 192.168.100.2:80             Route   1      0          0
http://www.lryc.cn/news/589190.html

相关文章:

  • 【高并发服务器】多路复用的总结 eventfd timerfd
  • 在Autodl服务器中使用VNC建立图形界面
  • JavaBean
  • 【亲测有效】ubuntu20.04服务器新建用户+vnc配置教程
  • 域名转发设置
  • linux 内核: 遍历当前所有进程
  • 演示扩展卡尔曼滤波在无人驾驶多传感器融合中的应用
  • Wiz笔记二次开发
  • 使用LNMP一键安装包安装PHP、Nginx、Redis、Swoole、OPcache
  • 可微分3D高斯溅射(3DGS)在医学图像三维重建中的应用
  • vllm本地部署qwen3-4b
  • 2.【C# in .NET】探秘数据类型:从底层机制到实战启示
  • 简单2步配置CadenceSkill开发编辑器,支持关键字高亮
  • 正则表达式使用示例
  • Ajax接收java后端传递的json对象包含长整型被截断导致丢失精度的解决方案
  • Flink SQL 性能优化实战
  • Nginx的反向代理
  • 光米投影 多余之物的本思
  • IPM31主板E3300usb键盘鼠标安装成功Sata接口硬盘IDE模式server2003-nt-5.2.3790
  • 服务器上PHP环境安装与更新版本和扩展(安装PHP、Nginx、Redis、Swoole和OPcache)
  • 26.将 Python 列表拆分为多个小块
  • 22.计算指定范围内数字的幂次和
  • 【c++】在const成员函数中使用mutex
  • CCF-GESP 等级考试 2025年6月认证Python四级真题解析
  • 【时时三省】(C语言基础)通过指针引用多维数组
  • mac上的app如何自动分类
  • MongoDB 数据库 启用访问控制
  • GitHub 上 Star 数量前 8 的开源 Web 应用项目
  • AI大模型开发架构设计(22)——LangChain的大模型架构案例实战
  • 飞搭系列 | 子事件流节点,让逻辑复用更简单!