|
|
- NAT模式
#!/bin/bash
#开启director服务器上的路由转发功能:
echo 1 > /proc/sys/net/ipv4/ip_forward
#关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
#director设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -j MASQUERADE
#director设置ipvsadm
IPVSADM='/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 192.168.31.166:80 -s lc -p 300
$IPVSADM -a -t 192.168.31.166:80 -r 192.168.21.100:80 -m -w 1
- DR配置
director上vim /usr/local/sbin/lvs_dr.sh
- #!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
ipv=/sbin/ipvsadm
vip=192.168.31.110
rs1=192.168.31.100
rs2=192.168.31.101
ifconfig eth0:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip dev eth0:0
$ipv -C
$ipv -A -t $vip:80 -s rr
$ipv -a -t $vip:80 -r $rs1:80 -g -w 1
$ipv -a -t $vip:80 -r $rs2:80 -g -w 1
两台rs上:vim /usr/local/sbin/lvs_dr_rs.sh
#!/bin/bash
vip=192.168.31.110
ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
route add -host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
环境说明
操作系统Centos 6.4 X86_64
DR1-Master:172.17.0.211
DR2-Backup:172.17.0.212
VIP:172.17.0.210
RealServer1:172.17.0.213
RealServer1:172.17.0.214
1.安装centos扩展源eple-release
[iyunv@DR1 yum.repos.d]# yum -y install epel-releaseyum -y install epel-release
2.安装IPVS管理工具
[iyunv@DR1 yum.repos.d]# yum -y install ipvsadm
3.再DR1和DR2主机上分别安装keepalived
[iyunv@DR1 yum.repos.d]# yum -y install keepalived
4.配置keepalived
[iyunv@DR1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
yinqiang1119@126.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 60.207.246.98
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.17.0.210
}
}
virtual_server 172.17.0.210 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 172.17.0.213 80 {
weight1
TCP_CHECK{
connect_timeout8
nb_get_retry3
delay_before_retry3
connect_port80
}
}
real_server 172.17.0.214 80 {
weight1
TCP_CHECK{
connect_timeout8
nb_get_retry3
delay_before_retry3
connect_port80
}
}
}
5.配置web服务器,realserver1和realserver2节点
由于采用的是DR方式调度,Real_Server会以LVS的VIP来直接回复Client,所以需要在Real_Server的lo上开启LVS的VIP来与Client建立通信
1)yum –y install httpd
[iyunv@RealServer1 ~]# yum -y install httpd
2)在RealServer1和RealServer2上的脚本realserver.sh:
vim /etc/init.d/realserver.sh
#add for chkconfig
#chkconfig: 2345 70 30 #234都是文本界面,5就是图形界面X,70启动顺序号,30系统关闭,脚本
#止顺序号
#description: RealServer's script #关于脚本的简短描述
#processname: realserver.sh #第一个进程名,后边设置自动时会用到
#!/bin/bash
VIP=172.17.0.210
source /etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
3)//为realserver.sh添加权限
[iyunv@RealServer1 ~]# chmod 755 /etc/init.d/realserver.sh
[iyunv@RealServer2 ~]# chmod 755 /etc/init.d/realserver.sh
4)启动keepalived和realserver.sh脚本
[iyunv@RealServer1 ~]# /etc/init.d/realserver.sh start
[iyunv@RealServer2 ~]# /etc/init.d/realserver.sh start
[iyunv@DR1 ~]# /etc/init.d/keepalived start
[iyunv@DR2 ~]# /etc/init.d/keepalived start
5)测试
[iyunv@DR1 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.210:80 wrr persistent 50
-> 172.17.0.213:80 Route 1 0 0
-> 172.17.0.214:80 Route 3 0 0
[iyunv@DR1 ~]#
[iyunv@DR2 keepalived]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.210:80 wrr persistent 50
-> 172.17.0.213:80 Route 1 0 0
-> 172.17.0.214:80 Route 3 0 0
[iyunv@DR2 keepalived]#
|
|
|
|
|
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-1-3 13:07:19
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡