lvs-master:192.168.9.201
lvs-backup:192.168.9.202
vip:192.168.9.200
web1:192.168.9.203
web2:192.168.9.204
netmask:255.255.255.0
gateway:192.168.9.1
网络拓扑:
<a href="http://img1.51cto.com/attachment/201010/154055336.jpg" target="_blank"></a>
echo "============================ 更新系统时间 ======================"
yum install -y ntp
ntpdate time.nist.gov
echo "00 01 * * * /usr/sbin/ntpdate time.nist.gov" /etc/crontab
echo “============================ 关闭不用服务 =======================”
/root/del_servcie.sh # 附件中自定义脚本
echo “========================= 安装ipvsadm、keepalived ==================”
[root@master ~]# cd /usr/local/src
[root@master ~]# ln -sv /usr/src/kernels/2.6.18-194.el5-i686/ /usr/src/linux
[root@master ~]# tar -zxvf ipvsadm-1.24.tar.gz
[root@master ~]# cd ipvsadm-1.24
[root@master ~]# make;make install
[root@master ~]# cd ..
[root@master ~]# tar -zxvf keepalived-1.1.17.tar.gz
[root@master ~]# cd keepalived-1.1.17
[root@master ~]# ./configure
编译的时候出现这个提示,说明keepalived和内核结合了,如果不是这样的,需要加上这个参数./configure --with-kernel-
dir=/kernel/path
Keepalived configuration
------------------------
Keepalived version : 1.1.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch : No
Use Debug flags : No
echo “======================= 配置keepalived ===========================”
[root@master ~]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[root@master ~]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@master ~]# mkdir /etc/keepalived
[root@master ~]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
smtp_server smtp.163.com
# smtp_connect_timeout 30
router_id LVS_DEVEL
}
# VIP1
vrrp_instance VI_1 {
state MASTER #备份服务器上将MASTER改为BACKUP
interface eth0 #网卡名称
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100 # 备份服务上将100改为90
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.9.200
#(如果有多个VIP,继续换行填写.)
virtual_server 192.168.9.200 80 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo wlc #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
real_server 192.168.9.203 80 {
weight 100 #(权重)
TCP_CHECK {
connect_timeout 10 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
real_server 192.168.9.204 80 {
weight 100
connect_timeout 10
}
[root@master ~]# service keepalived start|stop
[root@master ~]# chkconfig –level 2345 keepalived on
echo “====================== 配置realserver =========================”
在web服务器上执行脚本添加vip
[root@web_1 ~]# vi /root/lvs_real.sh
#!/bin/bash
# description: Config realserver
SNS_VIP=192.168.9.200
. /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@web_1 ~]# chmod +x /roo/lvs_real.sh
[root@web_1 ~]# /root/lvs_real.sh start
[root@web_1 ~]# echo “/root/lvs_real.sh start” >> /etc/rc.local
echo “===================== 测试LVS+keepalived ========================”
#LVS_master、LVS_backup上开启keepalived,LVS_master先绑定VIP
/sbin/ifconfig eth1:0 inet VIP netmask 255.255.255.255 #此处先只在master上加,如果master挂掉,backup会自动启用
LVS_master:
<a href="http://img1.51cto.com/attachment/201010/154209809.jpg" target="_blank"></a>
LVS_backup:
<a href="http://img1.51cto.com/attachment/201010/154241173.jpg" target="_blank"></a>
#解析域名,测试访问,LVS转发
或者可以用/etc/init.d/ipvsadm status 查看(ipvsadm有时候看不到IP)
<a href="http://img1.51cto.com/attachment/201010/154407568.jpg" target="_blank"></a>
#测试关闭LVS_master,短暂的掉包后,LVS_backup马上接替工作
<a href="http://img1.51cto.com/attachment/201010/154438783.jpg" target="_blank"></a>
LVS_backup接替LVS_master绑定VIP
<a href="http://img1.51cto.com/attachment/201010/154506634.jpg" target="_blank"></a>
LVS_backup负责转发
<a href="http://img1.51cto.com/attachment/201010/154530799.jpg" target="_blank"></a>
LVS_master重启完成后,就会自动接回控制权,继续负责转发
<a href="http://img1.51cto.com/attachment/201010/154552509.jpg" target="_blank"></a>
#测试关闭其中一台realserver
<a href="http://img1.51cto.com/attachment/201010/154613452.jpg" target="_blank"></a>
通过上面测试可以知道,当realserver故障或者无法提供服务时,负载均衡器通过健康检查自动把失效的机器从转发队列删除掉,
实现故障隔离,保证用户的访问不受影响
#重启被关闭的realserver
<a href="http://img1.51cto.com/attachment/201010/154632533.jpg" target="_blank"></a>
当realserver故障恢复后,负载均衡器通过健康检查自动把恢复后的机器添加到转发队列中
常见问题:
1:master挂掉后,备的没有自动接起服务
首先检查备的vip是否有启动,如果没启动,仔细检查配置文件keepalived.conf里面的vrrp_instance里的interface是否为实际网卡的名称。
2:启动keepalived后vip没有启动
检查配置文件是否在/etc/keepalived/下 如果在别的地方移动到/etc/keepalived/下,尝试过日过不在和个地方就会报错
本文转自 转身撞墙角 51CTO博客,原文链接:http://blog.51cto.com/chentianwang/1708867
![ACS基本配置-权限等级管理[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)