Keepalived实验

一、 LVS+Keepalived

实验:7-1为主; 7-2为备; 7-3和7-4为后端服务器

1.关闭防火墙和selinux

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0

2.配置主设备7-1

1.安装ipvsadm和keepalived

[root@localhost ~]# yum install ipvsadm.x86_64 keepalived.x86_64 -y

2.修改keepalived的配置

[root@localhost ~]# cd /etc/keepalived
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@localhost keepalived]# 

[root@localhost keepalived]# vim keepalived.conf10    smtp_server 127.0.0.1
12    router_id LVS_01
21     interface ens33
27         auth_pass 123123

把14行注释掉 

参数解析

30         192.168.91.188
34         virtual_server 192.168.91.188 80 {
37         lb_kind DR
38         persistence_timeout 041         real_server 192.168.91.103 80 {
43             TCP_CHECK {
44             connect_port  80

 50     real_server 192.168.91.104 80 {51         weight 152             TCP_CHECK {53             connect_port  8054             connect_timeout 355             nb_get_retry 356             delay_before_retry 357         }   58     }   

参数解析

3.开启ipvsadm

[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# systemctl start ipvsadm

[root@localhost keepalived]# systemctl restart keepalived.service 
[root@localhost keepalived]# systemctl restart ipvsadm.service 
[root@localhost keepalived]# ipvsadm -ln

3.配置7-3Web服务器

1.安装httpd并开启

[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# cd /var/www/html
[root@localhost html]# echo 7-3 > index.html
[root@localhost html]# systemctl restart httpd

4.配置7-4Web服务器

1.安装httpd并开启

[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# cd /var/www/html
[root@localhost html]# echo 7-4 > index.html
[root@localhost html]# systemctl restart httpd

 5.给7-3和7-4做虚拟网卡

[root@localhost html]# ifconfig lo:0 192.168.91.188/32
[root@localhost html]# 
[root@localhost html]# 
[root@localhost html]# ip a

给7-3和7-4添加ARP规则

vim /etc/sysctl.confnet.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

[root@localhost html]# sysctl -p[root@localhost html]# systemctl restart httpd
[root@localhost html]# 

6.用7-1传内容

[root@localhost keepalived]# scp keepalived.conf 192.168.91.102:/data

7.配置7-2的keepalived

1.安装keepalived和ipvsadm

[root@localhost ~]# yum install ipvsadm.x86_64 keepalived.x86_64 -y

2.复制文件

[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# ls
keepalived.conf
[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# 
[root@localhost keepalived]# mv /data/keepalived.conf  .

3.改配置文件

12    router_id LVS_02
20     state BACKUP
23     priority 80
vim keepalived.conf

[root@localhost keepalived]# systemctl start keepalived.service 
[root@localhost keepalived]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl start ipvsadm
[root@localhost keepalived]# 
[root@localhost keepalived]# ipvsadm -ln

8.把7-3和7-4的长连接关掉

[root@localhost html]# vim /etc/httpd/conf/httpd.conf354 keepalive off[root@localhost html]# systemctl restart httpd

9.去浏览器访问虚拟IP

7-3和7-4都可以成功访问

二、模式实验

抢占模式、非抢占模式、延迟抢占模式

默认是抢占模式;所以不需要弄

1.抢占模式

1.当主设备7-1keepalived开启时

7-1

7-2

虚拟IP192.168.91.188在主设置7-1上

2.当从设备7-2keepalived关闭时

7-1

7-2

虚拟IP到了从设备7-2上

2.非抢占模式

1.修改7-1的keepalived

vim keepalived.conf20     state BACKUP
21     nopreempt

 

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

 ip  a###看一下


3.延迟抢占模式

1.修改7-1配置

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

2.修改7-2配置

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

3.去7-1看结果

[root@localhost keepalived]# systemctl stop keepalived.service 
[root@localhost keepalived]# 
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1 
[root@localhost keepalived]# 

4.去7-2看结果

[root@localhost keepalived]# hostname -I
192.168.91.102 192.168.91.188 192.168.122.1 
[root@localhost keepalived]# 

5.去7-1看延迟抢占的结果

[root@localhost keepalived]# systemctl start keepalived.service 
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1 
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.122.1 
[root@localhost keepalived]# 
[root@localhost keepalived]# hostname -I
192.168.91.100 192.168.91.188 192.168.122.1 
[root@localhost keepalived]# 

三、多播修改

1.去7-2上抓包

[root@localhost keepalived]# tcpdump -i ens33 -nn src host  192.168.91.100

2.修改7-1的配置文件

vim keepalived.conf14    vrrp_mcast_group4 234.6.6.6

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

3.修改7-2的配置文件

vim  keepalived.conf14    vrrp_mcast_group4 234.6.6.6systemctl restart keepalived.service

4.去7-2上抓包看结果

[root@localhost keepalived]# tcpdump -i ens33 -nn src host  192.168.91.100

四、单播修改

1.修改7-1配置

 vim keepalived.conf31     unicast_src_ip 192.168.91.10032     unicast_peer { 33     192.168.91.10234 }

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

2.修改7-2配置

vim  keepalived.conf33     unicast_src 192.168.91.10234     unicast_peer {35     192.168.91.10036 }

[root@localhost keepalived]# vim keepalived.conf
[root@localhost keepalived]# 
[root@localhost keepalived]# systemctl restart keepalived.service 

3.去7-2上抓包

[root@localhost keepalived]# tcpdump -i ens33 -nn src host  192.168.91.100 and dst host 192.168.91.102

五、通知脚本

1.修改7-1配置

[root@localhost keepalived]# cd /opt
[root@localhost opt]# ls
rh
[root@localhost opt]# vim keepalived.sh
[root@localhost opt]# 
[root@localhost opt]# mv keepalived.sh keepalive.sh 
[root@localhost opt]# 
[root@localhost opt]# chmod +x keepalive.sh 
[root@localhost opt]# 
[root@localhost opt]# vim /etc/keepalived/keepalived.conf

vim keepalive.sh#!/bin/bash
#
contact='2305981334@qq.com'
notify() {mailsubject="$(hostname) to be $1, vip floating"mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)notify master;;
backup)notify backup;;
fault)notify fault;;
*)echo "Usage: $(basename $0) {master|backup|fault}"exit 1;;
esac

[root@localhost opt]# vim /etc/keepalived/keepalived.conf

先把刚刚加的这段删掉

 31     notify_master "/opt/keepalive.sh master"32     notify_backup "/opt/keepalive.sh backup"33     notify_fault "/opt/keepalive.sh fault"

systemctl restart keepalived.service
###重启[root@localhost ~]# killall keepalived

2.去QQ邮箱的垃圾箱,看一下

六、日志功能

1.去7-1上去修改

[root@localhost ~]# vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -S 6"
 74 local6.*                                                /data/keepalive.log
[root@localhost ~]# vim /etc/sysconfig/keepalived 
[root@localhost ~]# 
[root@localhost ~]# vim /etc/rsyslog.conf
[root@localhost ~]# 
[root@localhost ~]# systemctl restart rsyslog.service

[root@localhost ~]# ls /data/
ls: 无法访问/data/: 没有那个文件或目录
[root@localhost ~]# mkdir /data
[root@localhost ~]# ls /data/
[root@localhost ~]# systemctl restart keepalived.service 
[root@localhost ~]# 
[root@localhost ~]# ls /data/
keepalive.log
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# cat keepalive.log
cat: keepalive.log: 没有那个文件或目录
您在 /var/spool/mail/root 中有新邮件
[root@localhost ~]# cat /data/keepalive.log

七、脑裂

1.去7-2模拟脑裂

[root@localhost keepalived]# iptables -A INPUT -s 172.168.91.100 -j REJECT
[root@localhost keepalived]# 
[root@localhost keepalived]# ip a

2.去主设备7-1上看一下

当主设备7-1和从设备7-2上都有虚拟IP;代表脑裂;两台设备都认为自己是主

八、VRRP Script解决Nginx高可用问题

[root@localhost ~]# killall -0 nginx
nginx: no process found
[root@localhost ~]# 
[root@localhost ~]# echo $?
1
[root@localhost ~]# 

1.把7-1和7-2的ipvsadm关掉

[root@localhost ~]# systemctl stop ipvsadm.service

2.安装并开启7-1和7-2的Nginx

yum install epel-release -yyum install nginx -ysystemctl start nginx

3.去7-1的Nginx主配置文件中做反向代理

[root@localhost ~]# vim /etc/nginx/nginx.conf
[root@localhost ~]# 
[root@localhost ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost ~]# nginx -s reload
[root@localhost ~]# 
[root@localhost ~]# systemctl restart nginx

[root@localhost ~]# vim /etc/nginx/nginx.confupstream  web {server 192.168.91.103;server 192.168.91.104;
}location / {proxy_pass  http://web;
}

4.curl看一下

[root@localhost ~]# curl 192.168.91.100
7-3
[root@localhost ~]# curl 192.168.91.100
7-4

 5.7-1直接复制给7-2

[root@localhost ~]# scp /etc/nginx/nginx.conf  192.168.91.102:/etc/nginx/nginx.conf
root@192.168.91.102's password: 
nginx.conf                                                       100% 2448   200.2KB/s   00:00    
[root@localhost ~]# 

6.去7-2curl看一下

[root@localhost keepalived]# systemctl restart nginx
[root@localhost keepalived]# curl 192.168.91.102
7-3
[root@localhost keepalived]# curl 192.168.91.102
7-4

7.去7-1修改keepalive

[root@localhost ~]# vim /etc/keepalived/keepalived.conf

18 vrrp_script check_down {19         script "/etc/keepalived/ng.sh"20         interval 121         weight -3022         fall 1 23         rise 224         timeout 225 }40     track_script {41     check_down42 }  

[root@localhost ~]# vim /etc/keepalived/keepalived.conf
[root@localhost ~]# 
[root@localhost ~]# scp /etc/keepalived/keepalived.conf 192.168.91.102:/etc/keepalived/
root@192.168.91.102's password: 
keepalived.conf                                                  100%  888   503.4KB/s   00:00    
[root@localhost ~]# systemctl restart keepalived.service 

8.去7-2

[root@localhost keepalived]# systemctl restart keepalived.service 
[root@localhost keepalived]# 

9.浏览器访问一下

不能直接把主设备7-1关机;关机之后,7-2从设备直接成为主设备;我们就测试不出,刚刚写的脚本的作用

10.把主设备nginx停掉

[root@localhost ~]# systemctl stop nginx
[root@localhost ~]# 

11.7-2看一下结果

[root@localhost keepalived]# ip a

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/727446.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

色彩表示空间:RGB、HIS、YUV、YIQ

一、RGB颜色空间 含义: RGB颜色空间使用相加混合法,将三个彩色分量按不同比例叠加,从而在屏幕上呈现出各种颜色。三个分量分别代表红色(R)、绿色(G)和蓝色(B)。 转换计…

接口测试,后端接口还没开发完,如何测?解决看这一篇就够了......

前言 在测试的时候经常会碰到后端开发工程师的接口还没有开发完成,但是测试任务已经分配过来。没有接口怎么测试呢? 测试人员可以通过 mock server 自己去造一个接口来访问。mock server 可用于模拟真实的接口。收到请求时,它会根据配置返回…

2022年浙江省职业院校技能大赛信息安全管理与评估 理论题一阶段

培训、环境、资料 公众号:Geek极安云科 网络安全群:775454947极安云科专注于技能提升,赋能 2024年广东省高校的技能提升,在培训中我们的应急响应环境 成功押题成功,知识点、考点、内容完美还原大赛赛题环境&#xff0c…

嵌入式学习34-网络通信2 bind

1.recvfrom ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen); 功能: 从套接字中 接收数据 参数: sockfd: …

如何选择阅读软件技术学习书籍

如何选择阅读软件技术学习书籍 这里以软件技术学习的角度结合自身感悟谈谈,如何选择阅读书籍。 人的时间和精力都是非常有限的,软件技术学习者如何选择阅读书籍。以下是从我的经验教训总结的一些体会: 1、确定自己的兴趣领域和阅读目标 选…

blast原理与使用技巧,最全最详细

BLAST 序列比对 在生物信息学领域,序列比对是一项基础而关键的任务。它帮助研究人员识别基因、理解蛋白质功能,并揭示物种之间的进化关系。 本文旨在介绍BLAST(Basic Local Alignment Search Tool)的原理及其不同变体,…

SD-WAN专线对本地网络有哪些要求?

SD-WAN(软件定义广域网)是一种新型的网络架构,通过软件定义的方式,将网络控制平面和数据转发平面进行分离,从而实现网络的灵活性、可编程性和自动化管理。在部署SD-WAN专线时,本地网络需要满足一些要求&…

sass 重写elementui样式

$namespace: promotion 这段代码中的 forward 指令用于将 element-plus/theme-chalk/src/mixins/config.scss 文件中的内容导入当前的 Sass 文件,并使用命名空间 promotion。这样做的目的是可以在当前文件中使用被导入文件中的 mixin,而不会与当前文件中…

面试题,手动取消监听

vue2中,watch如何在监听一次后,就销毁 在 Vue.js 中,watch 监听器无法直接在监听一次之后自动销毁。然而,你可以通过在监听器内部手动注销(取消)监听来达到类似的效果。Vue 提供了 vm.$watch 方法来创建一…

【Amazon策略权限】开启costexplorer、成本优化中心等权限功能设置,以及委派给成员账号组织的只读权限操作步骤

文章目录 一、问题需求二、操作流程1. 开启成本优化中心2. 成本管理首选项中开启关联账户访问3.为子用户设置OU只读权限4.为子用户设置CE(Cost Explorer)只读权限5. 为在组织中的成员用户创建委派策略,开启OU只读权限 三、参考资料 一、问题需…

MT4移动止损策略:灵活应对市场波动

在外汇交易中,移动止损策略是一种重要的风险管理工具,能够帮助交易者在市场波动时保护利润和控制风险。特别是在MT4平台上,这一策略的应用更加便捷和灵活。本文将深入探讨MT4移动止损策略的定义、应用方法、优势和注意事项,帮助读…

JavaSE(上)-Day1

JavaSE(上)-Day1 CMD终端的常见命令配置环境变量的作用?高级记事本安装(略,正版收费)各个语言的运行方式区别为什么Java可以实现跨平台?JDK和JRE的认识JDK是什么?由什么组成JRE是什么?由什么组…

通义灵码-智能编码辅助工具

1.介绍 通义灵码,是阿里云出品的一款基于通义大模型的智能编码辅助工具,提供行级/函数级实时续写、自然语言生成代码、单元测试生成、代码注释生成、代码解释、研发智能问答、异常报错排查等能力,并针对阿里云 SDK/OpenAPI 的使用场景调优&a…

2024.3.6每日一题

LeetCode 找出数组中的 K -or 值 题目链接:2917. 找出数组中的 K-or 值 - 力扣(LeetCode) 题目描述 给你一个下标从 0 开始的整数数组 nums 和一个整数 k 。 nums 中的 K-or 是一个满足以下条件的非负整数: 只有在 nums 中&…

安卓手机如何使用JuiceSSH实现公网远程连接本地Linux服务器

文章目录 1. Linux安装cpolar2. 创建公网SSH连接地址3. JuiceSSH公网远程连接4. 固定连接SSH公网地址5. SSH固定地址连接测试 处于内网的虚拟机如何被外网访问呢?如何手机就能访问虚拟机呢? cpolarJuiceSSH 实现手机端远程连接Linux虚拟机(内网穿透,手机端连接Linux虚拟机) …

P 1135 奇怪的电梯

P 1135 奇怪的电梯 vis是个标记访问过还是没访问过。回溯使用。 find 如果找到位置标为真,代表找到了 find为假时,打印 -1 整体使用深度遍历,向上,向都试 注意越界,电梯进入负的,或高过楼层,或此…

蓝桥杯-队列

队列的实例化 步骤 1 导包 2 通过LinedList类创建对象 Queue<引用数据类型>queue new LinkedList<>(); 队列特点&#xff1a;先进显出&#xff0c;例如&#xff1a;1&#xff0c;2&#xff0c;3依次进入队列&#xff0c;出队列顺序也是1&#xff0c;2&#xf…

Spring Bean 生成流程详细解析

很多人把spring的相关内容当作背八股文&#xff0c;认为只在面试时能用上&#xff0c;实际开发根本用不到。实际上早期的我也是这么想的&#xff0c;但随着开发年限的增长&#xff0c;解决了越来越多的难题后&#xff0c;不得不承认&#xff0c;这些基础知识的学习有着无法替代…

【剑指offer--C/C++】JZ6 从尾到头打印链表

一、题目 二、本人思路及代码 直接在链表里进行翻转不太方便操作&#xff0c;但是数组就可以通过下标进行操作&#xff0c;于是&#xff0c; 思路1、 先遍历链表&#xff0c;以此存到vector中&#xff0c;然后再从后往前遍历这vector,存入到一个新的vector&#xff0c;就完成…

【C++从0到王者】第五十一站:B+树

文章目录 一、B树1.B树的概念2.B树的特性3.B树的插入的过程4.总结 二、B*树1. B*树的概念2.B*树的分裂 三、总结四、B树系列和哈希和平衡搜索树作对比五、B树的一些应用1.索引2.MySQL索引3.MyISAM2.InnoDB 一、B树 1.B树的概念 B树是B树的变形&#xff0c;是在B树基础上优化的…