|
配置过程如下: 分析架构:如果ld是单一节点,那么这个ld挂了,整个架构也就挂了,所以我们这里必须考虑到High Availabiliity(HA),我们这里就是通过keepalived这个高可用软件来实现的。 1.客户端配置:
#ifconfig eth0 192.168.18.106 #route add default gw 192.168.18.254 2.Router端配置: #ifconfig eth0 192.168.18.254 #ifconfig eth0:0 192.168.19.100 打开包转发 #echo 1 > /proc/sys/net/ipv4/ip_forward
3.分发器Master的配置: 安装lvs到分发器上面 配置好yum源,保证能够读取到介质中的Cluster目录! cat /etc/yum.repos.d/aa.repo
[aa] name=aa baseurl=file:///media/Server enabled=1 gpgcheck=0 [Cluster] name=cluster baseurl=file:///media/Cluster enabled=1 gpgcheck=0 #yum -y install ipvsadm #ifconfig eth0 192.168.19.300 安装keepalived,并通过其绑定VTP
#tar zxf keepalived-1[1].1.17.tar.gz #yum install gcc openssl-devel kernel-devel ipvsadm -y (不装一会安装会有问题) #ln -s /usr/src/kernels/2.6.18-238.el5-i686/ /usr/src/linux(这条不能复制粘贴,因为要看你机器的内核版本,可以粘过去进行tab键补齐) #cd keepalived-1.1.17 #./configure --prefix=/usr/local/keepalived #make #make install
安装后,把人家提供好的文件进行对应的复制! #cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ #cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ #mkdir -pv /etc/keepalived mkdir: 已创建目录“/etc/keepalived” #cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ #ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 删减自定义配置文件就行:
#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { router_id dr1 } vrrp_sync_group http { group { apache } }
vrrp_instance apache { state MASTER interface eth0 virtual_router_id 51 priority 180 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.19.250 } } virtual_server 192.168.19.50 80 { delay_loop 6 lb_algo rr lb_kind DR # persistence_timeout 3600 protocol TCP real_server 192.168.19.101 80{ weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } real_server 192.168.19.102 80{ weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } }
启动服务 #/etc/init.d/keepalived start 4.分发器Backup的配置: 安装lvs到分发器上面
配置好yum源,保证能够读取到介质中的Cluster目录! cat /etc/yum.repos.d/aa.repo
[aa] name=aa baseurl=file:///media/Server enabled=1 gpgcheck=0 [Cluster] name=cluster baseurl=file:///media/Cluster enabled=1 gpgcheck=0 #yum -y install ipvsadm #ifconfig eth0 192.168.19.200 安装keepalived,并通过其绑定VTP
#tar zxf keepalived-1[1].1.17.tar.gz #yum install gcc openssl-devel kernel-devel ipvsadm -y (不装一会安装会有问题) #ln -s /usr/src/kernels/2.6.18-238.el5-i686/ /usr/src/linux(这条不能复制粘贴,因为要看你机器的内核版本,可以粘过去进行tab键补齐) #cd keepalived-1.1.17 #./configure --prefix=/usr/local/keepalived #make #make install
安装后,把人家提供好的文件进行对应的复制! #cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ #cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ #mkdir -pv /etc/keepalived mkdir: 已创建目录“/etc/keepalived” #cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ #ln -s /usr/local/keepalived/sbin/keepalived /sbin/ 删减自定义配置文件就行:
#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { router_id dr2 #(这里名字注意要和master的不一样就行) } vrrp_sync_group http { group { apache } }
vrrp_instance apache { state BACKUP #(这里要改成backup,备机) interface eth0 virtual_router_id 51 priority 100 #(这里级别要比主机低点就好) advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.19.250 } } virtual_server 192.168.19.50 80 { delay_loop 6 lb_algo rr lb_kind DR # persistence_timeout 3600 protocol TCP real_server 192.168.19.101 80{ weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } real_server 192.168.19.102 80{ weight 1 TCP_CHECK { connect_timeout 3 connect_port 80 } } }
5.real server的配置: #ifconfig eth0 192.168.19.100
绑定VTP:利用脚本来实现:
#!/bin/bash
VIP=192.168.19.250
ROUTE=192.168.19.100
start() {
ifconfig lo:0 $VIP/32 broadcast $VIP up
route add -host $VIP dev lo:0
route add default gw $ROUTE
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo start;
}
stop() {
route del default gw $ROUTE
route del -host $VIP dev lo:0
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo stop;
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo 'start | stop'
esac 把这个脚本放到/etc/init.d/下面 启动:/etc/init.d/vip.sh start 其他real server的配置同理 6.到master主机上面验证: 测试第一步:查看绑定的VTP
#ip add sh 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0:
mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:a6:09:10 brd ff:ff:ff:ff:ff:ff inet 192.168.19.300/24 brd 192.168.19.255 scope global eth0 inet 192.168.19.250/32 scope global eth0c inet6 fe80::20c:29ff:fea6:910/64 scope link valid_lft forever preferred_lft forever 3: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0
测试第二步,查看real server的连通性 l#elinks http://192.168.19.102/index.html --dump 102 #elinks http://192.168.19.101/index.html --dump 101
测试第三步,查看ipvsadm 规则 #ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.19.250:80 rr -> 192.168.19.101:80 Route 1 0 0 -> 192.168.19.102:80 Route 1 0 0
测试第四步,同客户端测试 [iyunv@~]# elinks http://192.168.19.250/index.html --dump 101 [iyunv@~]# elinks http://192.168.19.250/index.html --dump 102 [iyunv@~]# elinks http://192.168.19.250/index.html --dump 101 [iyunv@~]# elinks http://192.168.19.250/index.html --dump 102启动BACKUP ld2#/etc/init.d/keepalived start 启动 keepalived: [确定]
关闭master上的keepalived,模拟失败 再在client上测试,看访问能否继续!
如果没有问题,在real server(192.168.19.101)上关闭服务 ld1#ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.19.250:80 rr -> 192.168.19.102:80 Route 1 0 0 ld1#ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.19.250:80 rr -> 192.168.19.101:80 Route 1 0 0 -> 192.168.19.102:80 Route 1 0 0
解决无用的广播包太多,造成ld无法绑定vip ld1上执行 iptables -F iptables -A INPUT -m ttl --ttl-eq 255 -j REJECT iptables -I INPUT -s $ld2ip -j ACCEPT
ld2上执行 iptables -F iptables -A INPUT -m ttl --ttl-eq 255 -j REJECT iptables -I INPUT -s $ld1ip -j ACCEPT
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2013-10-17 08:54:53
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡