本流程搭建1个master，1个backup节点的Keepalived，使用lvs轮询2个节点的服务。

一、使用版本

• CentOS 7.7
• Keepalived 1.3.5
• ipvsadm 1.27（单独安装是为了一些命令排错方便）

二、部署架构

架构图

其中node4节点为高可用keepalived的backup节点

三、搭建步骤

1. node1搭建步骤：

1.1安装LVS,Keepalived软件

yum install ipvsadm  -y
yum install keepalived -y

1.2 备份Keepalived配置文件

cd /etc/keepalived/
cp keepalived.conf keepalived.conf.bak  #

1.3 修改Keepalived配置文件

vi keepalived.conf

修改以下内容

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id zhangyongli_node1
   vrrp_skip_check_adv_addr
#   vrrp_strict                   #一定要注释，不然无法用VIP端口访问
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         192.168.241.200/24 dev ens33 label ens33:8     #VIP地址
    }
}

virtual_server 192.168.241.200 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 0
    protocol TCP
  
    real_server 192.168.241.135 80 {
        weight 1 
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.241.136 80 {
        weight 1
        HTTP_GET {
            url {
              path /
              status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

1.4 将Keepalived配置文件拷贝到node4节点相同位置

scp keepalived.conf root@192.168.241.137:`pwd`

2. node2,node3搭建步骤:

2.1 修改内核

echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore 
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

2.2 设置隐藏vip

 ifconfig lo:3 192.168.241.200 netmask 255.255.255.255

2.3 安装httpd

yum install httpd -y

2.4 启动httpd

service httpd start

2.5 编写默认页面

vi /var/www/html/index.html
  from 192.168.241.13x 

2.6 测试访问页面

135机器 136机器

注意

如果无法访问，请确认防火墙是否关闭，例如：

#关闭防火墙      
systemctl stop firewalld.service  
#开机禁用防火墙 
systemctl disable firewalld

3 启动node1的 Keepalived

systemctl start keepalived.service

使用浏览器访问，刷新可以看到轮询

4 node4节点搭建

修改keepalived.conf配置文件

state MASTER
修改为：
state BACKUP

priority 100
修改为：
priority 50

启动node4的Keepalived

systemctl start keepalived.service

如果可以看到进出规则，则代表备用节点搭建成功

[root@node4 keepalived]#  ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.241.200:80 rr
  -> 192.168.241.135:80           Route   1      0          0         
  -> 192.168.241.136:80           Route   1      0          0   

如果此时卸载node1节点机器的网卡

[root@node1 keepalived]# ifconfig ens33 down

在去看node4节点的ifconfig 可以看到新增vip，而且访问http://192.168.241.135/不受影响

[root@node4 keepalived]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      inet 192.168.241.137  netmask 255.255.255.0  broadcast 192.168.241.255
      inet6 fe80::a00:bbcf:f084:c262  prefixlen 64  scopeid 0x20<link>
      inet6 fe80::1cc3:a0c9:64a0:954f  prefixlen 64  scopeid 0x20<link>
      inet6 fe80::65b3:d6a1:6050:b12f  prefixlen 64  scopeid 0x20<link>
      ether 00:0c:29:32:9f:f4  txqueuelen 1000  (Ethernet)
      RX packets 2121  bytes 205779 (200.9 KiB)
      RX errors 0  dropped 0  overruns 0  frame 0
      TX packets 1423  bytes 187265 (182.8 KiB)
      TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
      inet 127.0.0.1  netmask 255.0.0.0
      inet6 ::1  prefixlen 128  scopeid 0x10<host>
      loop  txqueuelen 1000  (Local Loopback)
      RX packets 36  bytes 3060 (2.9 KiB)
      RX errors 0  dropped 0  overruns 0  frame 0
      TX packets 36  bytes 3060 (2.9 KiB)
      TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node4 keepalived]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      inet 192.168.241.137  netmask 255.255.255.0  broadcast 192.168.241.255
      inet6 fe80::a00:bbcf:f084:c262  prefixlen 64  scopeid 0x20<link>
      inet6 fe80::1cc3:a0c9:64a0:954f  prefixlen 64  scopeid 0x20<link>
      inet6 fe80::65b3:d6a1:6050:b12f  prefixlen 64  scopeid 0x20<link>
      ether 00:0c:29:32:9f:f4  txqueuelen 1000  (Ethernet)
      RX packets 2252  bytes 220670 (215.4 KiB)
      RX errors 0  dropped 0  overruns 0  frame 0
      TX packets 1555  bytes 198756 (194.0 KiB)
      TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
      inet 192.168.241.200  netmask 255.255.255.0  broadcast 0.0.0.0
      ether 00:0c:29:32:9f:f4  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
      inet 127.0.0.1  netmask 255.0.0.0
      inet6 ::1  prefixlen 128  scopeid 0x10<host>
      loop  txqueuelen 1000  (Local Loopback)
      RX packets 36  bytes 3060 (2.9 KiB)
      RX errors 0  dropped 0  overruns 0  frame 0
      TX packets 36  bytes 3060 (2.9 KiB)
      TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

四、采坑日记

4.1 无法使用VIP端口访问

keepalived.conf 文件注释掉vrrp_strict。

4.2 刷新时间过长

可以通过"ipvsadm -p timeout" 来设置

[root@node4 keepalived]# ipvsadm -L --timeout
Timeout (tcp tcpfin udp): 900 120 300
[root@node4 keepalived]# ipvsadm --set 1 2 1
[root@node4 keepalived]# ipvsadm -L --timeout
Timeout (tcp tcpfin udp): 1 2 1