keepalived+lvs基础配置

#以下过程使用root用户操作。

一、安装keepalived

#下载keepalived安装文件

cd /app/tmp

wget http://10.0.73.93/soft/haproxy/keepalived-1.2.1.tar.gz

tar -zxvf keepalived-1.2.1.tar.gz

cd /app/tmp/keepalived-1.2.1

#ln -s /usr/src/kernels/<kernel-version> /usr/src/linux

#安装openssl和popt

yum -y install openssl-devel.x86_64

yum -y install popt-devel.x86_64

 

./configure

make && make install

 

cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/

cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/

mkdir /etc/keepalived

cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/

cp /usr/local/sbin/keepalived /usr/sbin/

chkconfig --add keepalived

chkconfig keepalived on

 

 

二、安装ipvsadm

1）安装

yum -y install kernel

yum -y install popt-devel.x86_64 popt.x86_64 libnl-devel libnl popt-static

yum -y install ipvsadm

 

 

2）配置 keepalived

# vim /etc/keepalived/keepalived

 

! Configuration File for keepalived

 global_defs {

   notification_email {

        itop_mw@sf-express.com

   }

   notification_email_from itop_mw@sf-express.com

   smtp_server mail.sf-express.com

   smtp_connect_timeout 30

   router_id TEST          # router_id 按照系统代码来命名以便于区分

}

 

 

vrrp_instance VI_1 {

     state BACKUP          # 状态：DIR上用MASTER，RS2备用服务器上用BACKUP

     interface eth0

     virtual_router_id 83

     priority 99             # 优先级别：DIR上用100，RS2用99

     advert_int 1

     authentication {

        auth_type PASS

        auth_pass 2222

     }

    virtual_ipaddress {

        10.203.13.83

     }

    }

 

   # 启用80端口

   virtual_server 10.203.13.83 80 {

     delay_loop 6                     # 每隔6秒查询real server的状态

     lb_algo rr                        # lvs算法

     lb_kind DR                       # Driect Route

     #nat_mask 255.255.255.252        

     persistence_timeout 60           # 同一ip的连接60秒内被分配到同一台real server

     protocol TCP                     # 用tcp协议查询real server状态

 

     real_server 10.203.13.37 80 {    # 节点IP

        weight 100                    # 权重为100

        TCP_CHECK {

            connect_timeout 3         # 3秒无反应超时

            nb_get_retry 3

            delay_before_retry 3

            connet_port 80

        }

    }

 

    real_server 10.203.13.46 80 {

        weight 100

        TCP_CHECK {

            connect_timeout 10

            nb_get_retry 3

            delay_before_retry 3

            connet_port 80

          }

      }

   }

 

   # 启用443端口

   virtual_server 10.203.13.83 443 {

     delay_loop 6                     # 每隔6秒查询real server的状态   

     lb_algo rr                       # lvs算法RR

     lb_kind DR                       # Driect Route

     #nat_mask 255.255.255.252        

     persistence_timeout 60           # 同一ip的连接60秒内被分配到同一台real server

     protocol TCP                     # 用tcp协议查询real server状态

     

     real_server 10.203.13.37 443 {

        weight 100                    # 权重为100

        TCP_CHECK {

            connect_timeout 3          # 3秒无反应超时

            nb_get_retry 3

            delay_before_retry 3

            connet_port 443

        }

    }

 

    real_server 10.203.13.46 443 {

        weight 100

        TCP_CHECK {

            connect_timeout 10

            nb_get_retry 3

            delay_before_retry 3

            connet_port 443

          }

      }

   }

 

------- 参考文件：

 

 

 

3）配置ipvsadm（DR模式）

# vim /etc/keepalived/lvs_dr.sh

#! /bin/bash

    echo 1 > /proc/sys/net/ipv4/ip_forward

    

    ipv=/sbin/ipvsadm

    vip=10.203.13.83     # vip

    rs1=10.203.13.37     # 后端节点

    rs2=10.203.13.46   # 后端节点

    

    $ipv -C

    $ipv -A -t $vip:80 -s wrr

    $ipv -a -t $vip:80 -r $rs1:80 -g -w 1

    $ipv -a -t $vip:80 -r $rs2:80 -g -w 1

 

    $ipv -A -t $vip:443 -s wrr

    $ipv -a -t $vip:443 -r $rs1:443 -g -w 1

    $ipv -a -t $vip:443 -r $rs2:443 -g -w 1

 

 

------- 参考文件：

 

 

 

4）配置网卡内核参数

# vim /etc/keepalived/lvs_rs.sh

#! /bin/bash

    #指定vip是在回环地址地址上；子网掩码全设255，表明只发不回

    vip=10.203.13.83  # vip

    ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up

     

    #添加路由

    route add -host $vip lo:0

    

    #调整内核参数

    echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore

    echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce

    echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore

    echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce

 

------ 参考文件：

 

5）重启keepalived/LVS

/etc/init.d/keepalived restart

/etc/init.d/ipvsadm restart

 

6) 查看ipvsadm转发列表

#ipvsadm -Ln

 

[root@cnsz22VLK7775:/etc/keepalived]#ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  10.203.13.83:80 wrr

  -> 10.203.13.37:80              Route   1      0          0         

  -> 10.203.13.46:80              Local   1      0          0         

TCP  10.203.13.83:443 wrr

  -> 10.203.13.37:443             Route   1      0          0         

  -> 10.203.13.46:443             Local   1      0          0