lvs-master:192.168.9.201
lvs-backup:192.168.9.202
vip:192.168.9.200
web1:192.168.9.203
web2:192.168.9.204
netmask:255.255.255.0
gateway:192.168.9.1
網絡拓撲:
<a href="http://img1.51cto.com/attachment/201010/154055336.jpg" target="_blank"></a>
echo "============================ 更新系統時間 ======================"
yum install -y ntp
ntpdate time.nist.gov
echo "00 01 * * * /usr/sbin/ntpdate time.nist.gov" /etc/crontab
echo “============================ 關閉不用服務 =======================”
/root/del_servcie.sh # 附件中自定義腳本
echo “========================= 安裝ipvsadm、keepalived ==================”
[root@master ~]# cd /usr/local/src
[root@master ~]# ln -sv /usr/src/kernels/2.6.18-194.el5-i686/ /usr/src/linux
[root@master ~]# tar -zxvf ipvsadm-1.24.tar.gz
[root@master ~]# cd ipvsadm-1.24
[root@master ~]# make;make install
[root@master ~]# cd ..
[root@master ~]# tar -zxvf keepalived-1.1.17.tar.gz
[root@master ~]# cd keepalived-1.1.17
[root@master ~]# ./configure
編譯的時候出現這個提示,說明keepalived和核心結合了,如果不是這樣的,需要加上這個參數./configure --with-kernel-
dir=/kernel/path
Keepalived configuration
------------------------
Keepalived version : 1.1.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch : No
Use Debug flags : No
echo “======================= 配置keepalived ===========================”
[root@master ~]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[root@master ~]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@master ~]# mkdir /etc/keepalived
[root@master ~]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
smtp_server smtp.163.com
# smtp_connect_timeout 30
router_id LVS_DEVEL
}
# VIP1
vrrp_instance VI_1 {
state MASTER #備份伺服器上将MASTER改為BACKUP
interface eth0 #網卡名稱
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100 # 備份服務上将100改為90
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.9.200
#(如果有多個VIP,繼續換行填寫.)
virtual_server 192.168.9.200 80 {
delay_loop 6 #(每隔10秒查詢realserver狀态)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的連接配接60秒内被配置設定到同一台realserver)
protocol TCP #(用TCP協定檢查realserver狀态)
real_server 192.168.9.203 80 {
weight 100 #(權重)
TCP_CHECK {
connect_timeout 10 #(10秒無響應逾時)
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
real_server 192.168.9.204 80 {
weight 100
connect_timeout 10
}
[root@master ~]# service keepalived start|stop
[root@master ~]# chkconfig –level 2345 keepalived on
echo “====================== 配置realserver =========================”
在web伺服器上執行腳本添加vip
[root@web_1 ~]# vi /root/lvs_real.sh
#!/bin/bash
# description: Config realserver
SNS_VIP=192.168.9.200
. /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@web_1 ~]# chmod +x /roo/lvs_real.sh
[root@web_1 ~]# /root/lvs_real.sh start
[root@web_1 ~]# echo “/root/lvs_real.sh start” >> /etc/rc.local
echo “===================== 測試LVS+keepalived ========================”
#LVS_master、LVS_backup上開啟keepalived,LVS_master先綁定VIP
/sbin/ifconfig eth1:0 inet VIP netmask 255.255.255.255 #此處先隻在master上加,如果master挂掉,backup會自動啟用
LVS_master:
<a href="http://img1.51cto.com/attachment/201010/154209809.jpg" target="_blank"></a>
LVS_backup:
<a href="http://img1.51cto.com/attachment/201010/154241173.jpg" target="_blank"></a>
#解析域名,測試通路,LVS轉發
或者可以用/etc/init.d/ipvsadm status 檢視(ipvsadm有時候看不到IP)
<a href="http://img1.51cto.com/attachment/201010/154407568.jpg" target="_blank"></a>
#測試關閉LVS_master,短暫的掉包後,LVS_backup馬上接替工作
<a href="http://img1.51cto.com/attachment/201010/154438783.jpg" target="_blank"></a>
LVS_backup接替LVS_master綁定VIP
<a href="http://img1.51cto.com/attachment/201010/154506634.jpg" target="_blank"></a>
LVS_backup負責轉發
<a href="http://img1.51cto.com/attachment/201010/154530799.jpg" target="_blank"></a>
LVS_master重新開機完成後,就會自動接回控制權,繼續負責轉發
<a href="http://img1.51cto.com/attachment/201010/154552509.jpg" target="_blank"></a>
#測試關閉其中一台realserver
<a href="http://img1.51cto.com/attachment/201010/154613452.jpg" target="_blank"></a>
通過上面測試可以知道,當realserver故障或者無法提供服務時,負載均衡器通過健康檢查自動把失效的機器從轉發隊列删除掉,
實作故障隔離,保證使用者的通路不受影響
#重新開機被關閉的realserver
<a href="http://img1.51cto.com/attachment/201010/154632533.jpg" target="_blank"></a>
當realserver故障恢複後,負載均衡器通過健康檢查自動把恢複後的機器添加到轉發隊列中
常見問題:
1:master挂掉後,備的沒有自動接起服務
首先檢查備的vip是否有啟動,如果沒啟動,仔細檢查配置檔案keepalived.conf裡面的vrrp_instance裡的interface是否為實際網卡的名稱。
2:啟動keepalived後vip沒有啟動
檢查配置檔案是否在/etc/keepalived/下 如果在别的地方移動到/etc/keepalived/下,嘗試過日過不在和個地方就會報錯
本文轉自 轉身撞牆角 51CTO部落格,原文連結:http://blog.51cto.com/chentianwang/1708867
![ACS基本配置-權限等級管理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)