lvs+DR置文檔:(64位機器)
#create by laoseng
#lvs最好的是用url進行健康檢測。但是端口方便,一般用。在配置文件,其中的url字符串是md5加密的值.學習補充!lvs重啓後恢復需要15s
環境:
系統版本:Centos5.4(64位)
軟件版本:ipvsadm-1.24.tar.gz,keepalived-1.1.17.tar.gz
lvs1(Master):
eth0: 192.168.1.131
eth1:192.168.2.131
vip: ip:192.168.1.133
lvs2(Backup):
eth0: 192.168.1.132
eth1:192.168.2.132
vip: 暫時無
#建議內網外ip分配採用最後8位相同的方式,這樣便於管理
web:
realServer1 eth0:192.168.1.134
realServer2 eth0:192.168.1.135
mkdir -p /tool/laoseng/lvs
cd /tool/laoseng/lvs
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
wget http://www.keepalived.org/software/keepalived-1.1.17.tar.gz
modprobe ip_vs #把ip_vs模塊加載到內核
lsmod|grep ip_vs
cat /etc/redhat-release
uname -r
yum install -y kernel-devel
ln -s /usr/src/kernels/2.6.32-220.el6.i686 /usr/src/linux
2.6.32-220.el6.i686
#安裝ipvsadm軟件
cd /tool/laoseng/lvs
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
make
make install
cd ../
#安裝keepalived軟件
cd /tool/laoseng/lvs
tar zxvf keepalived-1.1.17.tar.gz
cd keepalived-1.1.17
./configure
make
make install
cd ..
#查看安裝狀況並複製到啓動目錄下:
ls -l /usr/local/sbin/keepalived
ls -l /usr/local/etc/rc.d/init.d/keepalived
ls -l /usr/local/etc/sysconfig/keepalived
ls -l /usr/local/etc/keepalived
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
service keepalived start
#配置轉發及其防火牆
sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward=1#' /etc/sysctl.conf
sysctl -p
#配置文檔keepalived.conf
vim /etc/keepalived/keepalived.conf
#====================lvs1上的======start=======================
! Configuration File for keepalived
global_defs { #全局配置
notification_email {
}
notification_email_from [email protected]
smtp_server 127.0.0.1 #連接本機的mail
smtp_connect_timeout 30
router_id LVS_laoseng01 #唯一的lvs1和lvs2應該配置不同名字。這裏設置lvs1:LVS_laoseng01 lvs2:LVS_laoseng02
}
vrrp_instance VI_1 { #一個實例,一個實例代表一個服務
state MASTER #lvs1和lvs2上設置不同,lvs1:MASTER lvs2:BACKUP
interface eth0 #獲取數據的網卡,一般生產環境上是外網的ip。
lvs_sync_daemon_inteface eth1
virtual_router_id 51
priority 150 #備份服務上優先級要低於100,如改爲90
advert_int 1 #檢測的間隔,按秒。
authentication { #檢測密鑰,就是接頭暗號。
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #是對外服務的ip。就是讓用戶訪問的。VIP.就是以後網站對外提供服務的ip。域名需要綁定此ip
#192.168.200.16
192.168.1.133
}
}
virtual_server 192.168.1.133 80 { #那個vip提供轉發,就是接受到用戶請求後轉發的ip
delay_loop 6 #輪訓
lb_algo wrr #算法
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50 #會話保持 50秒
protocol TCP #tcp服務
real_server 200.166.188.108 80 { #轉發給的真是的webip
weight 1
TCP_CHECK {
connect_timeout 8 #超時時間
nb_get_retry 3 #嘗試次數。
delay_before_retry 3 #延遲。
connect_port 80 #連接端口。
}
}
real_server 200.166.188.109 80 {
weight 1
TCP_CHECK {
connect_timeout 8
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#====================lvs1上的======end=========================
#lvs2上配置更改根據上邊。
#啓動服務
/etc/init.d/keepalived start
#查看進程和lvs狀態
ps -ef |grep keepalived
ipvsadm -L -n
#==========start======================在web realserver服務器=================================
#在每個web端執行腳本ipvs_rs可以放到/usr/local/sbin/
#!/bin/bash
# Written by laoseng ([email protected])
# description: Config realserver lo and apply noarp
WEB_VIP=192.168.1.133
. /etc/rc.d/init.d/functions #加載系統的函數庫。
case "$1" in
start)
ifconfig lo:0 $WEB_VIP netmask 255.255.255.255 broadcast $WEB_VIP #綁定ip.linux上一個網卡可以綁定多個,lo:0中的0只能到255
/sbin/route add -host $WEB_VIP dev lo:0 #添加一個主機路由到lo:0上
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore #下邊的四行是抑制arp響應。通過的arp欺騙來完成。讓lvs選擇發給誰,而不是讓他們自動響應。
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $WEB_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep "$WEB_VIP"`
isrothere=`netstat -rn | grep "lo:0" | grep "$web_VIP"`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
exit 0
#==========end======================在web realserver服務器===================================
#查看ip狀態
ifconfig
#解決694 udp端口
iptables -A INPUT -p udp --dport 694 -j APPCPT;