keepalived+lvs基础配置
#以下过程使用root用户操作。
一、安装keepalived
#下载keepalived安装文件
cd /app/tmp
wget http://10.0.73.93/soft/haproxy/keepalived-1.2.1.tar.gz
tar -zxvf keepalived-1.2.1.tar.gz
cd /app/tmp/keepalived-1.2.1
#ln -s /usr/src/kernels/<kernel-version> /usr/src/linux
#安装openssl和popt
yum -y install openssl-devel.x86_64
yum -y install popt-devel.x86_64
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
chkconfig --add keepalived
chkconfig keepalived on
二、安装ipvsadm
1)安装
yum -y install kernel
yum -y install popt-devel.x86_64 popt.x86_64 libnl-devel libnl popt-static
yum -y install ipvsadm
2)配置 keepalived
# vim /etc/keepalived/keepalived
! Configuration File for keepalived
global_defs {
notification_email {
itop_mw@sf-express.com
}
notification_email_from itop_mw@sf-express.com
smtp_server mail.sf-express.com
smtp_connect_timeout 30
router_id TEST # router_id 按照系统代码来命名以便于区分
}
vrrp_instance VI_1 {
state BACKUP # 状态:DIR上用MASTER,RS2备用服务器上用BACKUP
interface eth0
virtual_router_id 83
priority 99 # 优先级别:DIR上用100,RS2用99
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
10.203.13.83
}
}
# 启用80端口
virtual_server 10.203.13.83 80 {
delay_loop 6 # 每隔6秒查询real server的状态
lb_algo rr # lvs算法
lb_kind DR # Driect Route
#nat_mask 255.255.255.252
persistence_timeout 60 # 同一ip的连接60秒内被分配到同一台real server
protocol TCP # 用tcp协议查询real server状态
real_server 10.203.13.37 80 { # 节点IP
weight 100 # 权重为100
TCP_CHECK {
connect_timeout 3 # 3秒无反应超时
nb_get_retry 3
delay_before_retry 3
connet_port 80
}
}
real_server 10.203.13.46 80 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connet_port 80
}
}
}
# 启用443端口
virtual_server 10.203.13.83 443 {
delay_loop 6 # 每隔6秒查询real server的状态
lb_algo rr # lvs算法RR
lb_kind DR # Driect Route
#nat_mask 255.255.255.252
persistence_timeout 60 # 同一ip的连接60秒内被分配到同一台real server
protocol TCP # 用tcp协议查询real server状态
real_server 10.203.13.37 443 {
weight 100 # 权重为100
TCP_CHECK {
connect_timeout 3 # 3秒无反应超时
nb_get_retry 3
delay_before_retry 3
connet_port 443
}
}
real_server 10.203.13.46 443 {
weight 100
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connet_port 443
}
}
}
------- 参考文件:
3)配置ipvsadm(DR模式)
# vim /etc/keepalived/lvs_dr.sh
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=10.203.13.83 # vip
rs1=10.203.13.37 # 后端节点
rs2=10.203.13.46 # 后端节点
$ipv -C
$ipv -A -t $vip:80 -s wrr
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1
$ipv -A -t $vip:443 -s wrr
$ipv -a -t $vip:443 -r $rs1:443 -g -w 1
$ipv -a -t $vip:443 -r $rs2:443 -g -w 1
------- 参考文件:
4)配置网卡内核参数
# vim /etc/keepalived/lvs_rs.sh
#! /bin/bash
#指定vip是在回环地址地址上;子网掩码全设255,表明只发不回
vip=10.203.13.83 # vip
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
#添加路由
route add -host $vip lo:0
#调整内核参数
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
------ 参考文件:
5)重启keepalived/LVS
/etc/init.d/keepalived restart
/etc/init.d/ipvsadm restart
6) 查看ipvsadm转发列表
#ipvsadm -Ln
[root@cnsz22VLK7775:/etc/keepalived]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.203.13.83:80 wrr
-> 10.203.13.37:80 Route 1 0 0
-> 10.203.13.46:80 Local 1 0 0
TCP 10.203.13.83:443 wrr
-> 10.203.13.37:443 Route 1 0 0
-> 10.203.13.46:443 Local 1 0 0
