负载均衡LVS入门与实践

# 负载均衡 LVS 入门与实践

# 一、安装 MySQL5.7

	#1、下载 MySQL 官方扩展源
	[root@db01 ~]# rpm -ivh http://repo.mysql.com/yum/mysql-5.7-community/el/7/x86_64/mysql57-community-release-el7-10.noarch.rpm

	#2、安装 mysql5.7，文件过大可能会导致下载缓慢
	[root@db01 ~]# yum install mysql-community-server -y

	#3、启动并加入开机自动启动
	[root@db01 ~]# systemctl start mysqld && systemctl enable mysqld

	#4、查看端口是否启动
	[root@db01 ~]# netstat -lntp
	Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
	tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3788/sshd
	tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4018/master
	tcp6 0 0 :::3306 :::* LISTEN 4628/mysqld
	tcp6 0 0 :::22 :::* LISTEN 3788/sshd
	tcp6 0 0 ::1:25 :::* LISTEN 4018/master

	#5、由于 mysql5.7 默认配置密码，需要过滤 temporary password 关键字查看对应登陆数据库密码
	[root@db01 ~]# grep 'temporary password' /var/log/mysqld.log

	#6、登录 mysql 数据库 [password 中填写上一步过滤的密码]
	[root@db01 ~]# mysql -uroot -p$(awk '/temporary password/{print $NF}' /var/log/mysqld.log)

	#6、重新修改数据库密码
	mysql> ALTER USER 'root'@'%' IDENTIFIED BY 'passwd';
	mysql> grant all on . to 'app'@'192.168.40.%' identified by 'passwd';

# 二、 NFS 服务部署

	#1.NFS 服务安装
	[root@nfs ~]# yum -y install nfs-utils

	#2.NFS 服务配置
	[root@nfs ~]# cat /etc/exports
	/data 192.168.40.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

	#3.NFS 服务初始化
	[root@nfs ~]# mkdir /data
	[root@nfs ~]# groupadd -g 666 www
	[root@nfs ~]# useradd -u 666 -g 666 www
	[root@nfs ~]# chown -R www.www /data/

	#4.NFS 服务启动
	[root@nfs ~]# systemctl enable nfs-server && systemctl start nfs-server

	#5. 客户端挂载 NFS
	客户端也创建一个uid为666，gid为666，统一身份，避免后续出现权限不足的情况
	[root@backup mnt]# groupadd -g 666 www
	[root@backup mnt]# useradd -g 666 -u 666 www
	[root@nfs-client ~]# yum -y install nfs-utils
	[root@nfs-client ~]# showmount -e 192.168.40.103
	[root@nfs-client ~]# mkdir /data
	[root@nfs-client ~]# mount -t nfs 192.168.40.103:/data /data

	#6. 客户端永久挂载 NFS
	[root@nfs-client ~]# vim /etc/fstab 192.168.40.103:/data /data nfs defaults 0 0

# 三、部署 web01

# 3.1 部署 Nginx

	#1.Nginx 安装
	[root@web01 ~]# yum install nginx -y

	#2. 配置 Nginx 进程运行用户
	[root@web01 ~]# groupadd -g666 www
	[root@web01 ~]# useradd -u666 -g666 www
	[root@web01 ~]# sed -i '/^user/c user www;' /etc/nginx/nginx.conf

	#3. 启动 Nginx，并将 Nginx 加入开机自启
	[root@web01 ~]# systemctl enable nginx && systemctl start nginx

# 3.2 部署 PHP7.1

	#1、移除旧版 php
	[root@web01 ~]# yum remove php-mysql-5.4 php php-fpm php-common

	#2.2 安装扩展源
	[root@web01 ~]# yum localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm -y

	#3、安装 php7.1 版本
	[root@web01 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb

	#4、启动 php
	[root@web01 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
	[root@web01 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
	[root@web01 ~]# systemctl start php-fpm && systemctl enable php-fpm

# 四、部署 web02

# 4.1 部署 Nginx

	#1.Nginx 安装
	[root@web01 ~]# yum install nginx -y

	#2. 配置 Nginx 进程运行用户
	groupadd -g666 www
	useradd -u666 -g666 www
	sed -i '/^user/c user www;' /etc/nginx/nginx.conf

	#3. 启动 Nginx，并将 Nginx 加入开机自启
	[root@web02 ~]# systemctl enable nginx && systemctl start nginx

# 4.2 部署 PHP7.1

	#1. 移除旧版 php
	[root@web02 ~]# yum remove php-mysql-5.4 php php-fpm php-common

	#2. 安装扩展源
	[root@web02 ~]# yum localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm -y

	#3. 安装 php7.1 版本
	[root@web02 ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb

	#4. 启动 php
	[root@web02 ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf
	[root@web02 ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf
	[root@web02 ~]# systemctl start php-fpm && systemctl enable php-fpm

# 五、部署博客 WeCenter

# 5.1 web01 配置

	#1. 修改 nginx 反代参数
	[root@web01 nginx]# cat /etc/nginx/proxy_params
	proxy_http_version 1.1;
	proxy_set_header Connectin "";

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 60;
	proxy_send_timeout 120;
	proxy_read_timeout 120;

	proxy_buffering on;
	proxy_buffer_size 32k;
	proxy_buffers 4 128k;
	proxy_temp_file_write_size 10240k;
	proxy_max_temp_file_size 10240k;

	#2. 修改 nginx 配置文件
	[root@web01 conf.d]# cat zh.hmallleasing.com.conf
	server {
	server_name zh.hmallleasing.com;
	listen 80;
	root /code/zh;

	location / {
	index index.php index.html;
	}

	location ~ \.php$ {
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_param HTTPS on; #支持前端用 https, 后端用 http
	include fastcgi_params;
	}
	}

	#3. 创建网站目录
	[root@web01 conf.d]# mkdir -p /code/zh

	#4. 重启 nginx 服务
	[root@web01 ~]# nginx -t
	[root@web01 ~]# systemctl reload nginx

	#5. 获取 WeCenter 代码
	[root@web01 ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.g

	#6. 解压网站源码文件，拷贝至对应站点目录，并授权站点目录
	[root@web01 ~]# tar xf wordpress-4.9.4-zh_CN.tar.gz
	[root@web01 ~]# cd /code/zh/uploads/
	[root@web01 ~]# scp -rp uploads/* root@192.168.1.116:/data/zh
	[root@web01 ~]# chown -R www.www /code/zh

	#7. 由于 wordpress 产品需要依赖数据库，所以需要手动建立数据库
	#1. 登陆数据库
	[root@db01 ~]# mysql -uroot -p

	#8. 创建 wordpress 数据库
	mysql> create database wordpress;
	mysql> grant all on . to 'app'@'192.168.1.%' identified by 'passwd';

	#9. 通过浏览器访问 wordpress, 并部署该产品
	http://zh.hmallleasing.com

	#10. 获取 Wordpress 产品的附件和图片存放的位置
	浏览器->右键->检查->Network->选择按钮->点击一下图片

	#11. 挂载 NFS
	[root@web01 ~]# mount -t nfs 192.168.1.116:/data/zh /code/zh/uploads

# 5.2 web02 配置

	#1. 修改 nginx 配置文件
	[root@web02 ~]# scp zh.hmallleasing.com.conf root@192.168.1.118:/etc/nginx/conf.d/
	[root@web02 ~]# scp /etc/nginx/proxy_params root@192.168.1.118:/etc/nginx

	#2. 创建网站目录
	[root@web02 ~]# mkdir /code/zh -p

	#3. 重启 nginx 服务
	[root@web02 ~]# nginx -t
	[root@web02 ~]# systemctl reload nginx

	#4. 获取 wordpress 代码
	[root@web02 ~]# scp -rp /code/zh/* root@192.168.1.118:/code/zh/
	[root@web02 ~]# chown -R www.www /code/zh

	#5. 获取 Wordpress 产品的附件和图片存放的位置
	浏览器->右键->检查->Network->选择按钮->点击一下图片

	#6. 挂载 NFS
	[root@web02 ~]# mount -t nfs 192.168.1.116:/data/zh /code/zh/uploads

# 六、配置七层负载均衡

# 6.1 配置 Lb01

	#1. 修改 nginx 配置文件
	[root@lb01 conf.d]# cat zh.hmallleasing.com.conf
	upstream zh {
	server 192.168.1.117:80;
	server 192.168.1.118:80;
	}

	server {
	listen 443 ssl;
	server_name zh.hmallleasing.com;
	ssl_prefer_server_ciphers on;
	ssl_certificate /etc/nginx/sslkey/*.hmallleasing.com_chain.crt;
	ssl_certificate_key /etc/nginx/sslkey/*.hmallleasing.com_key.key;

	location / {
	proxy_pass http://zh;
	include proxy_params;
	}
	}

	server {
	listen 80;
	server_name zh.hmallleasing.com;
	return 302 https://$server_name$request_uri;
	}

	#2. 修改 nginx 反代参数
	[root@lb01 nginx]# cat proxy_params
	proxy_http_version 1.1;
	proxy_set_header Connectin "";

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 60;
	proxy_send_timeout 120;
	proxy_read_timeout 120;

	proxy_buffering on;
	proxy_buffer_size 32k;
	proxy_buffers 4 128k;
	proxy_temp_file_write_size 10240k;
	proxy_max_temp_file_size 10240k;

	#3. 上传 nginx 证书
	[root@lb01 ~]# mkdir /etc/nginx/sslkey
	[root@lb01 ~]# ll /etc/nginx/sslkey/
	*.hmallleasing.com_chain.crt
	*.hmallleasing.com_key.key

	#4. 重启 nginx
	[root@lb01 nginx]# nginx -t
	[root@lb01 nginx]# systemctl restart nginx

# 6.2 VIP 和 Arp 抑制脚本

	[root@lb01 scripts]# cat lvs_rs.sh
	#!/usr/bin/bash

	VIP=192.168.1.110
	DEV=lo:0

	case $1 in
	start)
	# ARP 抑制
	echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore
	echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

	echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
	echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce
	echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

	# VIP
	cat >/etc/sysconfig/network-scripts/ifcfg-${DEV} <<-EOF
	DEVICE=lo:0
	IPADDR=${VIP}
	NETMASK=255.0.0.0
	ONBOOT=yes
	NAME=loopback
	EOF

	ifup ${DEV} # 启动网卡
	systemctl start nginx
	;;


	stop)
	echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0" >/proc/sys/net/ipv4/conf/default/arp_ignore
	echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

	echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
	echo "0" >/proc/sys/net/ipv4/conf/default/arp_announce
	echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

	ifdown ${DEV} # 停止网卡
	rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV}
	systemctl stop nginx
	;;
	*)
	echo "Usage: sh $0 { start \| stop }"
	esac

# 6.3 配置 RS 节点 VIP 和 Arp 抑制

	[root@lb01 scripts]# chmod +x /scripts/lvs_rs.sh
	[root@lb01 scripts]# sh /scripts/lvs_rs.sh start
	[root@lb01 scripts]# ifconfig
	ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
	inet 192.168.1.113 netmask 255.255.255.0 broadcast 192.168.1.255
	ether 00:50:56:b7:a1:fc txqueuelen 1000 (Ethernet)
	RX packets 70472 bytes 6340792 (6.0 MiB)
	RX errors 0 dropped 1280 overruns 0 frame 0
	TX packets 6372 bytes 2196852 (2.0 MiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
	inet 127.0.0.1 netmask 255.0.0.0
	loop txqueuelen 1000 (Local Loopback)
	RX packets 0 bytes 0 (0.0 B)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 0 bytes 0 (0.0 B)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
	inet 192.168.1.110 netmask 255.0.0.0
	loop txqueuelen 1000 (Local Loopback)

# 6.4 配置 Lb02

	#1. 修改 nginx 配置文件
	[root@lb02 conf.d]# cat zh.hmallleasing.com.conf
	upstream zh {
	server 192.168.1.117:80;
	server 192.168.1.118:80;
	}

	server {
	listen 443 ssl;
	server_name zh.hmallleasing.com;
	ssl_prefer_server_ciphers on;
	ssl_certificate /etc/nginx/sslkey/*.hmallleasing.com_chain.crt;
	ssl_certificate_key /etc/nginx/sslkey/*.hmallleasing.com_key.key;

	location / {
	proxy_pass http://zh;
	include proxy_params;
	}
	}

	server {
	listen 80;
	server_name zh.hmallleasing.com;
	return 302 https://$server_name$request_uri;
	}

	#2. 修改 nginx 反代参数
	[root@lb02 conf.d]# cat proxy_params
	proxy_http_version 1.1;
	proxy_set_header Connectin "";

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 60;
	proxy_send_timeout 120;
	proxy_read_timeout 120;

	proxy_buffering on;
	proxy_buffer_size 32k;
	proxy_buffers 4 128k;
	proxy_temp_file_write_size 10240k;
	proxy_max_temp_file_size 10240k;

	#3. 上传 nginx 证书
	[root@lb02 ~]# mkdir /etc/nginx/sslkey
	[root@lb02 ~]# ll /etc/nginx/sslkey/
	*.hmallleasing.com_chain.crt
	*.hmallleasing.com_key.key


	#4. 重启 nginx
	[root@lb02 nginx]# nginx -t
	[root@lb02 nginx]# systemctl restart nginx

# 6.5 VIP 和 Arp 抑制脚本

	[root@lb02 scripts]# cat lvs_rs.sh
	#!/usr/bin/bash

	VIP=192.168.1.110
	DEV=lo:0

	case $1 in
	start)
	# ARP 抑制
	echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore
	echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

	echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
	echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce
	echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

	# VIP
	cat >/etc/sysconfig/network-scripts/ifcfg-${DEV} <<-EOF
	DEVICE=lo:0
	IPADDR=${VIP}
	NETMASK=255.0.0.0
	ONBOOT=yes
	NAME=loopback
	EOF

	ifup ${DEV} # 启动网卡
	systemctl start nginx
	;;


	stop)
	echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
	echo "0" >/proc/sys/net/ipv4/conf/default/arp_ignore
	echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

	echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
	echo "0" >/proc/sys/net/ipv4/conf/default/arp_announce
	echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

	ifdown ${DEV} # 停止网卡
	rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV}
	systemctl stop nginx
	;;
	*)
	echo "Usage: sh $0 { start \| stop }"
	esac

# 6.6 配置 RS 节点 VIP 和 Arp 抑制

	[root@lb01 scripts]# chmod +x /scripts/lvs_rs.sh
	[root@lb01 scripts]# sh /scripts/lvs_rs.sh start
	[root@lb01 scripts]# ifconfig
	ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
	inet 192.168.1.113 netmask 255.255.255.0 broadcast 192.168.1.255
	ether 00:50:56:b7:a1:fc txqueuelen 1000 (Ethernet)
	RX packets 70472 bytes 6340792 (6.0 MiB)
	RX errors 0 dropped 1280 overruns 0 frame 0
	TX packets 6372 bytes 2196852 (2.0 MiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
	inet 127.0.0.1 netmask 255.0.0.0
	loop txqueuelen 1000 (Local Loopback)
	RX packets 0 bytes 0 (0.0 B)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 0 bytes 0 (0.0 B)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	lo:0: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
	inet 192.168.1.110 netmask 255.0.0.0
	loop txqueuelen 1000 (Local Loopback)

# 七、接入四层负载均衡

# 7.1 安装 lvs 命令行工具

[root@lvs01 ~]# yum install ipvsadm -y

# 7.2 使用脚本生成 lvs 规则

	[root@lvs01 ~]# cat /scripts/lvs_ds.sh
	#!/usr/bin/bash
	VIP=192.168.1.110
	RS1=192.168.1.113
	RS2=192.168.1.114
	PORT=80
	SCHEDULER=rr
	DEV=ens192:1

	case $1 in
	start)
	# 配置虚拟 IP 地址 VIP
	cat >/etc/sysconfig/network-scripts/ifcfg-${DEV} <<-EOF
	TYPE=Ethernet
	BOOTPROTO=none
	DEFROUTE=yes
	NAME=${DEV}
	DEVICE=${DEV}
	ONBOOT=yes
	IPADDR=${VIP}
	PREFIX=24
	EOF

	# 启动网卡
	ifup ${DEV}

	# 配置 LVS 规则
	ipvsadm -C
	ipvsadm -A -t ${VIP}:${PORT} -s ${SCHEDULER}
	ipvsadm -a -t ${VIP}:${PORT} -r ${RS1} -g
	ipvsadm -a -t ${VIP}:${PORT} -r ${RS2} -g
	;;

	stop)
	ifdown ${DEV}
	rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV}
	ipvsadm -C
	;;
	*)
	echo "Usage: sh $0 { start \| stop }"
	;;
	esac

	[root@lvs01 ~]# chmod +x /scripts/lvs_ds.sh
	[root@lvs01 ~]# sh /scripts/lvs_ds.sh start

# 7.3 命令行配置 lvs 规则

	#1. 配置虚拟 IP 地址 VIP
	[root@lvs01 ~]# sh /scripts/lvs_ds.sh start

	#2. 配置 80 端口的调度
	[root@lvs01 ~]# ipvsadm -A -t 192.168.1.110:80 -s rr
	[root@lvs01 ~]# ipvsadm -a -t 192.168.1.110:80 -r 192.168.1.113:80 -g
	[root@lvs01 ~]# ipvsadm -a -t 192.168.1.110:80 -r 192.168.1.114:80 -g
	[root@lvs01 ~]# ipvsadm -L -n
	IP Virtual Server version 1.2.1 (size=4096)
	Prot LocalAddress:Port Scheduler Flags
	-> RemoteAddress:Port Forward Weight ActiveConn InActConn
	TCP 192.168.1.110:80 rr
	-> 192.168.1.113:80 Route 1 0 0
	-> 192.168.1.114:80 Route 1 0 0

	#3. 配置 443 端口的调度
	[root@lvs01 ~]# ipvsadm -A -t 192.168.1.110:443 -s rr
	[root@lvs01 ~]# ipvsadm -a -t 192.168.1.110:443 -r 192.168.1.113:443 -g
	[root@lvs01 ~]# ipvsadm -a -t 192.168.1.110:443 -r 192.168.1.114:443 -g
	[root@lvs01 ~]# ipvsadm -L -n
	IP Virtual Server version 1.2.1 (size=4096)
	Prot LocalAddress:Port Scheduler Flags
	-> RemoteAddress:Port Forward Weight ActiveConn InActConn
	TCP 192.168.1.110:80 rr
	-> 192.168.1.113:80 Route 1 0 0
	-> 192.168.1.114:80 Route 1 0 0
	TCP 192.168.1.110:443 rr
	-> 192.168.1.113:443 Route 1 0 0
	-> 192.168.1.114:443 Route 1 0 0

# 7.4 LVS+Keepalived 实现高可用

1.lvs01 和 lvs02 安装软件：

yum install keepalived ipvsadm -y

2. 必须关闭七层负载均衡的 keepalived

3. 删除 lvs 上的虚拟 IP，以及 ipvs 规则

[root@lvs01 ~]# sh /scripts/lvs_ds.sh stop

4. 配置 lvs-master

	[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf
	global_defs {
	router_id lb01
	}

	vrrp_instance VI_1 {
	state MASTER
	priority 200

	interface ens192
	virtual_router_id 50
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	192.168.1.110
	}
	}

	virtual_server 192.168.1.110 80 {
	delay_loop 6
	lb_algo rr
	lb_kind DR
	protocol TCP

	real_server 192.168.1.113 80 {
	weight 1
	TCP_CHECK {
	connect_port 80
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}

	real_server 192.168.1.114 80 {
	weight 1
	TCP_CHECK {
	connect_port 80
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}
	}

	virtual_server 192.168.1.110 443 {
	delay_loop 6
	lb_algo rr
	lb_kind DR
	protocol TCP

	real_server 192.168.1.113 443 {
	weight 1
	TCP_CHECK {
	connect_port 443
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}

	real_server 192.168.1.114 443 {
	weight 1
	TCP_CHECK {
	connect_port 443
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}
	}

5. 配置 lvs-backup

	[root@lvs02 ~]# cat /etc/keepalived/keepalived.conf
	global_defs {
	router_id lb02
	}

	vrrp_instance VI_1 {
	state BACKUP
	priority 150

	interface ens192
	virtual_router_id 50
	advert_int 1
	authentication {
	auth_type PASS
	auth_pass 1111
	}
	virtual_ipaddress {
	192.168.1.110
	}
	}

	# 配置集群地址访问的 IP+Port
	virtual_server 192.168.1.110 80 {
	# 健康检查的时间，单位：秒
	delay_loop 6
	# 配置负载均衡的算法
	lb_algo rr
	# 设置 LVS 的模式 NAT\|TUN\|DR
	lb_kind DR

	# 设置协议
	protocol TCP

	# 负载均衡后端的真实服务节点 RS-1
	real_server 192.168.1.113 80 {
	# 权重配比设置为 1
	weight 1
	# 设置健康检查
	TCP_CHECK {
	# 检测后端 80 端口
	connect_port 80
	# 超时时间
	connect_timeout 3
	# 重试次数 2 次
	nb_get_retry 2
	# 间隔时间 3s
	delay_beefore_retry 3
	}
	}
	# 负载均衡后端的真实服务节点 RS-2
	real_server 192.168.1.114 80 {
	weight 1
	TCP_CHECK {
	connect_port 80
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}
	}

	# 配置集群地址访问的 IP+Port
	virtual_server 192.168.1.110 443 {
	# 健康检查的时间，单位：秒
	delay_loop 6
	# 配置负载均衡的算法
	lb_algo rr
	# 设置 LVS 的模式 NAT\|TUN\|DR
	lb_kind DR

	# 设置协议
	protocol TCP

	# 负载均衡后端的真实服务节点 RS-1
	real_server 192.168.1.113 443 {
	# 权重配比设置为 1
	weight 1
	# 设置健康检查
	TCP_CHECK {
	# 检测后端 80 端口
	connect_port 443
	# 超时时间
	connect_timeout 3
	# 重试次数 2 次
	nb_get_retry 2
	# 间隔时间 3s
	delay_beefore_retry 3
	}
	}
	# 负载均衡后端的真实服务节点 RS-2
	real_server 192.168.1.114 443 {
	weight 1
	TCP_CHECK {
	connect_port 443
	connect_timeout 3
	nb_get_retry 2
	delay_beefore_retry 3
	}
	}
	}

6. 配置 RS 节点的 VIP 和 Arp 抑制

	[root@lb01 ~]# sh /scripts/lvs_rs.sh start
	[root@lb02 ~]# sh /scripts/lvs_rs.sh start

7. 启动 keepalived

	[root@lvs01 ~]# systemctl enable keepalived && systemctl start keepalived
	[root@lvs02 ~]# systemctl enable keepalived && systemctl start keepalived

8. 如果 realserver 节点故障，是否会自动将其移除

systemctl start nginx

9. 如果 ds 服务器故障，能否切换到备用节点

systemctl stop keepalived

LVS