一、环境准备
1.1 网络拓扑结构
text
客户端 (192.168.1.x)
↓
LVS 服务器 (VIP: 192.168.1.100, RIP: 192.168.1.10)
↓
后端服务器 (192.168.1.101, 192.168.1.102)1.2 服务器信息
二、安装步骤
2.1 在 LVS 服务器上安装
bash
# 1. 更新系统
sudo yum update -y
# 2. 安装必要的依赖
sudo yum install -y gcc gcc-c++ make kernel-devel openssl-devel popt-devel
# 3. 安装IPVS管理工具和Keepalived
sudo yum install -y ipvsadm keepalived
# 4. 检查内核是否支持LVS
lsmod | grep ip_vs
# 如果没有输出,需要加载模块
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
# 5. 设置开机自动加载模块
echo "modprobe ip_vs" >> /etc/rc.local
echo "modprobe ip_vs_rr" >> /etc/rc.local
echo "modprobe ip_vs_wrr" >> /etc/rc.local
echo "modprobe ip_vs_sh" >> /etc/rc.local
chmod +x /etc/rc.local
# 6. 检查安装
ipvsadm --version
keepalived --version2.2 在后端服务器上安装(示例为Nginx)
bash
# 1. 安装Nginx
sudo yum install -y nginx
# 2. 启动Nginx
sudo systemctl start nginx
sudo systemctl enable nginx
# 3. 创建测试页面
echo "Server: 192.168.1.101" | sudo tee /usr/share/nginx/html/index.html
# 在web2上使用:echo "Server: 192.168.1.102" | sudo tee /usr/share/nginx/html/index.html
# 4. 放行防火墙
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload三、简单配置 Demo
3.1 LVS DR 模式配置(最简单实用的配置)
3.1.1 LVS 主服务器配置 (/etc/keepalived/keepalived.conf)
bash
# 备份原配置文件
sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
# 创建新的配置文件
sudo tee /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
router_id LVS_MASTER # 标识名称
}
# 虚拟IP配置
vrrp_instance VI_1 {
state MASTER # 主服务器设置为MASTER,备机设置为BACKUP
interface ens33 # 网卡名称,使用 ip addr 命令查看
virtual_router_id 51 # 虚拟路由ID,主备必须一致
priority 100 # 优先级,主服务器设高(100),备机设低(90)
advert_int 1 # 检查间隔,秒
authentication {
auth_type PASS
auth_pass 1111 # 认证密码,主备必须一致
}
virtual_ipaddress {
192.168.1.100/24 # 虚拟IP地址,客户端访问的IP
}
}
# 虚拟服务器配置(负载均衡规则)
virtual_server 192.168.1.100 80 {
delay_loop 6 # 健康检查间隔(秒)
lb_algo wrr # 调度算法:加权轮询
lb_kind DR # LVS模式:直接路由
persistence_timeout 0 # 会话保持时间,0为不保持
protocol TCP # 协议
# 真实服务器1
real_server 192.168.1.101 80 {
weight 1 # 权重
TCP_CHECK { # TCP健康检查
connect_timeout 3 # 连接超时时间
nb_get_retry 3 # 重试次数
delay_before_retry 3 # 重试间隔
connect_port 80 # 检查端口
}
}
# 真实服务器2
real_server 192.168.1.102 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
EOF3.1.2 LVS 备服务器配置
bash
# 在备服务器上执行
sudo tee /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
router_id LVS_BACKUP
}
vrrp_instance VI_1 {
state BACKUP # 备机
interface ens33 # 根据实际情况修改
virtual_router_id 51 # 与主机一致
priority 90 # 优先级低于主机
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100/24
}
}
# 虚拟服务器配置与主机相同
virtual_server 192.168.1.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 192.168.1.101 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.102 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
EOF3.2 后端服务器配置(DR模式特殊配置)
在每个后端服务器(192.168.1.101 和 192.168.1.102)上执行:
bash
# 1. 创建配置脚本
sudo tee /etc/init.d/lvs_dr << 'EOF'
#!/bin/bash
# LVS-DR模式配置脚本
VIP=192.168.1.100
case "$1" in
start)
echo "Starting LVS-DR configuration..."
# 配置ARP抑制(防止后端服务器响应VIP的ARP请求)
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
# 添加VIP到本地回环接口lo
ifconfig lo:0 $VIP netmask 255.255.255.255 up
# 添加路由(让发往VIP的数据包从lo接口出去)
route add -host $VIP dev lo:0
echo "LVS-DR configuration completed."
;;
stop)
echo "Stopping LVS-DR configuration..."
# 删除VIP
ifconfig lo:0 down
# 恢复ARP设置
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo "LVS-DR configuration removed."
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
EOF
# 2. 添加执行权限
sudo chmod +x /etc/init.d/lvs_dr
# 3. 启动配置
sudo /etc/init.d/lvs_dr start
# 4. 设置开机自启
echo "/etc/init.d/lvs_dr start" | sudo tee -a /etc/rc.local
sudo chmod +x /etc/rc.local
# 5. 验证配置
ifconfig lo:0
route -n | grep 192.168.1.1003.3 启动和验证 LVS
3.3.1 启动 Keepalived
bash
# 在主备LVS服务器上执行
sudo systemctl start keepalived
sudo systemctl enable keepalived
sudo systemctl status keepalived3.3.2 验证 LVS 配置
bash
# 1. 查看VIP是否绑定成功
ip addr show ens33
# 应该看到 ens33 上有 192.168.1.100 这个IP
# 2. 查看LVS规则
ipvsadm -Ln
# 输出应该类似:
# IP Virtual Server version 1.2.1 (size=4096)
# Prot LocalAddress:Port Scheduler Flags
# -> RemoteAddress:Port Forward Weight ActiveConn InActConn
# TCP 192.168.1.100:80 wrr
# -> 192.168.1.101:80 Route 1 0 0
# -> 192.168.1.102:80 Route 1 0 0
# 3. 查看连接统计
ipvsadm -Lnc
# 4. 测试后端服务器连通性
curl -I 192.168.1.101:80
curl -I 192.168.1.102:803.4 客户端测试
bash
# 从客户端(任意能访问192.168.1.100的机器)测试
# 多次访问,可以看到负载均衡效果
for i in {1..10}; do
curl -s http://192.168.1.100/
sleep 0.5
done
# 输出应该类似:
# Server: 192.168.1.101
# Server: 192.168.1.102
# Server: 192.168.1.101
# Server: 192.168.1.102四、故障转移测试
4.1 模拟主LVS故障
bash
# 在LVS主服务器上停止keepalived
sudo systemctl stop keepalived
# 在备LVS服务器上查看VIP是否接管
ip addr show ens33
# 应该看到备服务器上绑定了192.168.1.100
# 客户端继续访问,服务应该不受影响
curl http://192.168.1.100/4.2 模拟后端服务器故障
bash
# 在web1上停止Nginx
sudo systemctl stop nginx
# 在LVS服务器上查看状态
ipvsadm -Ln
# 故障的服务器应该被标记为不可用
# 客户端访问,流量会自动转发到正常的服务器
curl http://192.168.1.100/五、监控和管理脚本
5.1 简单的监控脚本
bash
# 创建监控脚本 /usr/local/bin/lvs_monitor.sh
sudo tee /usr/local/bin/lvs_monitor.sh << 'EOF'
#!/bin/bash
# LVS简单监控脚本
LOG_FILE="/var/log/lvs_monitor.log"
VIP="192.168.1.100"
BACKENDS=("192.168.1.101" "192.168.1.102")
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a $LOG_FILE
}
check_lvs_status() {
echo "=== LVS状态检查 ==="
echo "1. VIP状态:"
if ip addr show | grep -q $VIP; then
echo "VIP $VIP 已绑定"
else
echo "警告: VIP $VIP 未绑定!"
return 1
fi
echo -e "\n2. LVS规则:"
ipvsadm -Ln
echo -e "\n3. 后端服务器状态:"
for backend in ${BACKENDS[@]}; do
if timeout 2 nc -z $backend 80; then
echo "$backend: ✓ 正常"
else
echo "$backend: ✗ 故障"
fi
done
echo -e "\n4. 当前连接数:"
ipvsadm -Lnc | wc -l
}
case "$1" in
check)
check_lvs_status
;;
*)
echo "使用方法: $0 {check}"
exit 1
;;
esac
EOF
sudo chmod +x /usr/local/bin/lvs_monitor.sh
# 测试脚本
/usr/local/bin/lvs_monitor.sh check六、完整的快速部署脚本
6.1 LVS 服务器一键部署脚本
bash
#!/bin/bash
# lvs_install.sh - LVS服务器一键安装配置
set -e
# 配置变量
VIP="192.168.1.100"
INTERFACE="ens33"
ROLE="MASTER"
PRIORITY="100"
BACKEND_SERVERS=("192.168.1.101:80" "192.168.1.102:80")
echo "开始安装LVS服务器..."
# 安装软件
yum install -y ipvsadm keepalived
# 配置Keepalived
cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived
global_defs {
router_id LVS_${ROLE}
}
vrrp_instance VI_1 {
state ${ROLE}
interface ${INTERFACE}
virtual_router_id 51
priority ${PRIORITY}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
${VIP}/24
}
}
virtual_server ${VIP} 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
EOF
# 添加后端服务器配置
for server in "${BACKEND_SERVERS[@]}"; do
IFS=':' read -r ip port <<< "$server"
cat >> /etc/keepalived/keepalived.conf << EOF
real_server ${ip} ${port} {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port ${port}
}
}
EOF
done
echo "}" >> /etc/keepalived/keepalived.conf
# 启动服务
systemctl start keepalived
systemctl enable keepalived
# 加载LVS内核模块
modprobe ip_vs
modprobe ip_vs_rr
echo "LVS安装完成!"
echo "检查状态:ipvsadm -Ln"6.2 后端服务器一键配置脚本
bash
#!/bin/bash
# backend_setup.sh - 后端服务器一键配置
set -e
VIP="192.168.1.100"
echo "开始配置后端服务器..."
# 配置DR模式
cat > /etc/init.d/lvs_dr << 'EOF'
#!/bin/bash
VIP=192.168.1.100
case "$1" in
start)
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
ifconfig lo:0 $VIP netmask 255.255.255.255 up
route add -host $VIP dev lo:0
echo "LVS-DR配置完成"
;;
stop)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo "LVS-DR配置已清除"
;;
*)
echo "用法: $0 {start|stop}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/lvs_dr
/etc/init.d/lvs_dr start
# 设置开机自启
echo "/etc/init.d/lvs_dr start" >> /etc/rc.local
chmod +x /etc/rc.local
echo "后端服务器配置完成!"七、常见问题解决
7.1 LVS 常见问题
bash
# 问题1: VIP没有绑定
# 解决: 检查网卡名称和配置
ip addr show
# 修改配置文件中的interface参数
# 问题2: 后端服务器无法访问
# 解决: 检查防火墙和网络连通性
firewall-cmd --list-all
ping 后端服务器IP
# 问题3: LVS规则不生效
# 解决: 检查内核模块
lsmod | grep ip_vs
# 如果没有,手动加载
modprobe ip_vs
# 问题4: 客户端访问不通
# 解决: 检查ARP抑制配置
cat /proc/sys/net/ipv4/conf/all/arp_ignore
# 后端服务器应该是1,LVS服务器应该是07.2 快速排错命令
bash
# 1. 检查VIP绑定
ip addr show | grep 192.168.1.100
# 2. 检查LVS规则
ipvsadm -Ln
# 3. 检查后端服务器状态
for server in 192.168.1.101 192.168.1.102; do
echo "检查 $server:"
curl -I --connect-timeout 3 http://$server/
done
# 4. 检查Keepalived状态
systemctl status keepalived
journalctl -u keepalived -f
# 5. 检查连接跟踪
ipvsadm -Lnc | head -20八、扩展配置(可选)
8.1 添加更多调度算法
修改 /etc/keepalived/keepalived.conf 中的 lb_algo 参数:
bash
# 轮询算法(Round Robin)
lb_algo rr
# 加权轮询
lb_algo wrr
# 最少连接
lb_algo lc
# 加权最少连接
lb_algo wlc
# 源地址哈希(会话保持)
lb_algo sh8.2 添加健康检查页面
在后端服务器上创建健康检查页面:
bash
# 创建健康检查脚本
sudo tee /usr/share/nginx/html/health << 'EOF'
HTTP/1.1 200 OK
Content-Type: text/plain
OK
EOF
# 修改LVS健康检查配置
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
# 改为HTTP健康检查
HTTP_GET {
url {
path /health
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}总结
通过以上步骤,您已经成功在 CentOS 上部署了一个简单的 LVS 负载均衡集群。这个配置包含了:
主备高可用:Keepalived 实现 VIP 故障转移
负载均衡:LVS DR 模式分发流量到后端服务器
健康检查:自动检测后端服务器状态
简单监控:提供基本的监控脚本
这个 Demo 可以直接用于测试环境或小规模生产环境。对于大规模生产环境,还需要考虑:
更完善的监控告警
日志收集和分析
安全加固
性能调优