keepalived三主热备架构
目录
架构规划
三台server操作
分别修改三台server主机
所有节点安装Keepalived和Nginx
serverA配置Keepalived
serverB配置Keepalived
serverC配置Keepalived
所有节点配置Nginx负载均衡
远程复制给其他两台主机
验证是否有文件
三台server上启动服务
配置三台jdk
下载JDK21
查看并解压文件
配置JDK
刷新配置文件验证JDK
配置三台Tomcat
下载tomcat
查看并解压
配置tomcat
刷新配置并启动
验证VIP绑定
停止serverA的keepalived服务,看是否转移到serverC
DNS服务器
安装服务
修改主配置文件
修改区域文件
修改数据文件
检查配置并重启服务
client客户端操作
客户端测试
实验完成
架构规划
三台server操作
分别修改三台server主机
[root@192 ~]# hostnamectl hostname serverA
[root@192 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.193.30/24 ipv4.gateway 192.168.193.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@serverA ~]# nmcli c up ens160
[root@192 ~]# hostnamectl hostname serverB
[root@192 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.193.31/24 ipv4.gateway 192.168.193.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@serverB ~]# nmcli c up ens160
[root@192 ~]# hostnamectl hostname serverC
[root@192 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.193.32/24 ipv4.gateway 192.168.193.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@serverC ~]# nmcli c up ens160所有节点安装Keepalived和Nginx
yum install -y keepalived nginxserverA配置Keepalived
[root@serverA ~]# vi /etc/keepalived/keepalived.conf
[root@serverA ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.100
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens160
virtual_router_id 52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.101
}
}
vrrp_instance VI_3 {
state BACKUP
interface ens160
virtual_router_id 53
priority 60
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.102
}
}
serverB配置Keepalived
[root@serverB ~]# vi /etc/keepalived/keepalived.conf
[root@serverB ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 60
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.100
}
}
vrrp_instance VI_2 {
state MASTER
interface ens160
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.101
}
}
vrrp_instance VI_3 {
state BACKUP
interface ens160
virtual_router_id 53
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.102
}
}
serverC配置Keepalived
[root@serverC ~]# vi /etc/keepalived/keepalived.conf
[root@serverC ~]# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.100
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens160
virtual_router_id 52
priority 60
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.101
}
}
vrrp_instance VI_3 {
state MASTER
interface ens160
virtual_router_id 53
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.193.102
}
}
所有节点配置Nginx负载均衡
[root@serverA conf.d]# vi /etc/nginx/conf.d/server.conf
[root@serverA conf.d]# cat /etc/nginx/conf.d/server.conf
upstream backend {
server 192.168.193.41:8080;
server 192.168.193.42:8080;
server 192.168.193.43:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
}
}
远程复制给其他两台主机
[root@serverA conf.d]# scp -r /etc/nginx/conf.d/server.conf [email protected]:/etc/nginx/conf.d/
The authenticity of host '192.168.193.31 (192.168.193.31)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.31' (ED25519) to the list of known hosts.
[email protected]'s password:
server.conf 100% 241 578.5KB/s 00:00
[root@serverA conf.d]# scp -r /etc/nginx/conf.d/server.conf [email protected]:/etc/nginx/conf.d/
The authenticity of host '192.168.193.32 (192.168.193.32)' can't be established.
ED25519 key fingerprint is SHA256:uMFqXde/hjx7VDo4nYuEbEq2Mf0JkBwzkezkB5D64NQ.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: 192.168.193.31
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.193.32' (ED25519) to the list of known hosts.
[email protected]'s password:
server.conf 100% 241 450.6KB/s 00:00验证是否有文件
[root@serverB ~]# cd /etc/nginx/conf.d/
[root@serverB conf.d]# ls
server.conf
[root@serverC ~]# cat /etc/nginx/conf.d/server.conf
upstream backend {
server 192.168.193.41:8080;
server 192.168.193.42:8080;
server 192.168.193.43:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://backend;
}
}
三台server上启动服务
[root@serverC ~]# systemctl start keepalived
[root@serverC ~]# systemctl enable keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@serverC ~]# systemctl start nginx
[root@serverC ~]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.配置三台jdk
下载JDK21
wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz查看并解压文件
[root@tomcat2 ~]# ls
anaconda-ks.cfg jdk-21_linux-x64_bin.tar.gz myfile
[root@tomcat2 ~]# tar -zxf jdk-21_linux-x64_bin.tar.gz -C /usr/local
[root@tomcat2 ~]# ls /usr/local
bin etc games include jdk-21.0.6 lib lib64 libexec sbin share src
配置JDK
[root@tomcat2 ~]# vim /etc/profile
[root@tomcat2 ~]# tail -n 3 /etc/profile
export JAVA_HOME=/usr/local/jdk-21.0.6/
export PATH=$PATH:$JAVA_HOME/bin
刷新配置文件验证JDK
[root@tomcat2 ~]# source /etc/profile
[root@tomcat2 ~]# java -version
java version "21.0.6" 2025-01-21 LTS
Java(TM) SE Runtime Environment (build 21.0.6+8-LTS-188)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.6+8-LTS-188, mixed mode, sharing)
配置三台Tomcat
下载tomcat
[root@tomcat1 ~]# wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.5/bin/apache-tomcat-11.0.5.tar.gz
查看并解压
[root@tomcat1 ~]# ls
anaconda-ks.cfg apache-tomcat-11.0.5.tar.gz jdk-21_linux
4_bin.tar.gz
[root@tomcat1 ~]# tar -zxf apache-tomcat-11.0.5.tar.gz -C /usr/local/
[root@tomcat1 ~]# cd /usr/local/
[root@tomcat1 local]# ls
apache-tomcat-11.0.5 bin etc games include jdk-21.0.6 lib lib64 libexec sbin share src
[root@tomcat1 local]# mv apache-tomcat-11.0.5/ tomcat-11.0.5/
[root@tomcat1 local]# cd tomcat-11.0.5/
[root@tomcat1 tomcat-11.0.5]# ls配置tomcat
[root@tomcat2 tomcat-11.0.5]# vim /etc/profile
[root@tomcat2 tomcat-11.0.5]# tail -n 3 /etc/profile
export TOMCAT_HOME=/usr/local/tomcat-11.0.5
export PATH=$PATH:$TOMCAT_HOME/bin刷新配置并启动
[root@tomcat2 tomcat-11.0.5]# source /etc/profile
[root@tomcat2 tomcat-11.0.5]# startup.sh
Using CATALINA_BASE: /usr/local/tomcat-11.0.5
Using CATALINA_HOME: /usr/local/tomcat-11.0.5
Using CATALINA_TMPDIR: /usr/local/tomcat-11.0.5/temp
Using JRE_HOME: /usr/local/jdk-21.0.6/
Using CLASSPATH: /usr/local/tomcat-11.0.5/bin/bootstrap.jar:/usr/local/tomcat-11.0.5/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Tomcat started.
验证VIP绑定
[root@serverA ~]# ip addr show ens160
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:4a:9c:7c brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.30/24 brd 192.168.193.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.193.100/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe4a:9c7c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@serverB ~]# ip addr show ens160
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:a0:1e:13 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.31/24 brd 192.168.193.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.193.101/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea0:1e13/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@serverC ~]# ip addr show ens160
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:98:fb:7c brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.32/24 brd 192.168.193.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.193.102/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe98:fb7c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
停止serverA的keepalived服务,看是否转移到serverC
[root@serverA ~]# systemctl stop keepalived
[root@serverC ~]# ip addr show ens160
2: ens160: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:98:fb:7c brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.193.32/24 brd 192.168.193.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.193.102/32 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.193.100/32 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe98:fb7c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
DNS服务器
[root@192 ~]# hostnamectl hostname dns
[root@192 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.193.11/24 ipv4.gateway 192.168.193.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@192 ~]# nmcli c up ens160
安装服务
[root@dns ~]# yum install -y bind bind-utils
[root@dns ~]# systemctl start named
[root@dns ~]# systemctl enable named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
修改主配置文件
[root@dns ~]# vi /etc/named.conf
[root@dns ~]# head -n 15 /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.193.11; };
listen-on-v6 port 53 { ::1; };
修改区域文件
[root@dns ~]# tail -n 10 /etc/named.conf
zone "example.com" IN {
type master;
file "/var/named/example.com.zone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
修改数据文件
[root@dns ~]# cat /var/named/example.com.zone
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
1800 ; Serial
3600 ; Refresh
1800 ; Retry
6040 ; Expire
1800 ; Minimum TTL
)
@ IN NS ns1.example.com.
@ IN A 192.168.193.100
@ IN A 192.168.193.101
@ IN A 192.168.193.102
www IN A 192.168.193.100
www IN A 192.168.193.101
www IN A 192.168.193.102
ns1 IN A 192.168.193.11
检查配置并重启服务
[root@dns ~]# named-checkconf
[root@dns ~]# named-checkzone example.com /var/named/example.com.zone
zone example.com/IN: loaded serial 1800
OK
[root@dns ~]# systemctl restart namedclient客户端操作
[root@192 ~]# hostnamectl hostname client
[root@192 ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.193.90/24 ipv4.gateway 192.168.193.2 ipv4.dns 192.168.193.11 connection.autoconnect yes
[root@192 ~]# nmcli c up ens160
客户端测试
[root@client ~]# dig www.example.com
; <<>> DiG 9.16.23-RH <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8311
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: efcea6c80851d1460100000067e39fd49e0b91c78f25f130 (good)
;; QUESTION SECTION:
;www.example.com. IN A
;; ANSWER SECTION:
www.example.com. 86400 IN A 192.168.193.101
www.example.com. 86400 IN A 192.168.193.100
www.example.com. 86400 IN A 192.168.193.102
;; Query time: 2 msec
;; SERVER: 192.168.193.11#53(192.168.193.11)
;; WHEN: Wed Mar 26 14:33:56 CST 2025
;; MSG SIZE rcvd: 120