系统:CentOS5.6

HA:Keepalived 1.1.17
IP:
VIP:
10.0.1.250
10.0.1.251
DR(DIR):
10.0.1.120
10.0.1.121
Realserver(RIP):
10.0.1.122
10.0.1.123
Client(CIP):
10.0.1.203
配置
iptables -F
iptables -t nat -F
建议在LVS之上使用硬件防火墙,在本机上使用iptables会影响系统的性能。
DR:
1.配置yum源
ipvsadm 是Cluster人的一个软件包
yum install -y ipvsadm
2.安装keepalived
注:keepalived不会对语法进行检测,即使错误也不会有提示信息,所以书写过程中一定要认真。
DR1#tar fvxz keepalived-1.1.17.tar.gz
DR1#yum install kernel-devel ipvsadm -y (不装一会安装会有问题)
DR1#ln -s /usr/src/kernels/2.6.18-238.el5-x86_64/ /usr/src/linux
DR1#cd keepalived-1.1.17
DR1#./configure --prefix=/usr/local/keepalived
DR1#make
DR1#make install
安装后,把人家提供好的文件进行对应的复制!
DR1#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived  /etc/init.d/
DR1#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
DR1#mkdir -pv /etc/keepalived
DR1#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
DR1#ln -s /usr/local/keepalived/sbin/keepalived /sbin/
同样的安装步骤在DR2上执行一次!
Keepalived配置文件
DR1----->MASTER                                                     DR2------>BACKUP
! Configuration File for keepalived
global_defs {
  router_id dr1
}
vrrp_sync_group web122 {
       group {
               apache122
       }
}
vrrp_sync_group web123 {
       group {
               apache123
       }
}
vrrp_instance apache122 {
   state MASTER
   interface eth0
   virtual_router_id 51
   priority 100
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 1111
   }
   virtual_ipaddress {
       10.0.1.250
   }
}
virtual_server 10.0.1.250 80 {
       delay_loop 6
       lb_algo rr
       lb_kind DR
       protocol TCP
       real_server 10.0.1.122 80 {
       weight 1
       TCP_CHECK {
       connect_timeout 3
       connect_port 80
               }
       }
}
vrrp_instance apache123 {
   state BACKUP
   interface eth0
   virtual_router_id 52
   priority 99
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 2222
   }
   virtual_ipaddress {
       10.0.1.251
   }
}
virtual_server 10.0.1.251 80 {
       delay_loop 6
       lb_algo rr
       lb_kind DR
       protocol TCP
       real_server 10.0.1.123 80 {
       weight 1
       TCP_CHECK {
       connect_timeout 3
       connect_port 80
               }
       }
}
! Configuration File for keepalived
global_defs {
  router_id dr2
}
vrrp_sync_group web122 {
       group {
               apache122
       }
}
vrrp_sync_group web123 {
       group {
               apache123
       }
}
vrrp_instance apache123 {
   state MASTER
   interface eth0
   virtual_router_id 52
   priority 100
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 2222
   }
   virtual_ipaddress {
       10.0.1.251
   }
}
virtual_server 10.0.1.251 80 {
       delay_loop 6
       lb_algo rr
       lb_kind DR
       protocol TCP
       real_server 10.0.1.123 80 {
       weight 1
       TCP_CHECK {
       connect_timeout 3
       connect_port 80
               }
       }
}
vrrp_instance apache122 {
   state BACKUP
   interface eth0
   virtual_router_id 51
   priority 99
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass 1111
   }
   virtual_ipaddress {
       10.0.1.250
   }
}
virtual_server 10.0.1.250 80 {
       delay_loop 6
       lb_algo rr
       lb_kind DR
       protocol TCP
       real_server 10.0.1.122 80 {
       weight 1
       TCP_CHECK {
       connect_timeout 3
       connect_port 80
               }
       }
}
注:使用ipvsadm -ln 进行查看
Forward :
Route 为 DR模式
msq (masquerading) 为NAT模式
使用-A添加VIP
ipvsadm -A -t VIP:80 -s 算法
使用 -E 选项修改VIP
使用-a 添加realserver
ipvsadm -a -t VIP:80 -r  RIP -m
使用-s 添加算法
ipvsadm -A -t VIP:80 -s 算法
使用 -e  可修改权重
ipvsadm -e -t VIP:80 -r  RIP -w 100
使用-D删除VIP
RealServer1配置:
注:如果有路由器,需要将网关指向路由器
如路由器:eth0为公网地址  eth1为内网地址
route add default gw  eth1为内网地址
route add -host 10.0.1.250 dev lo:0
ifconfig lo:0 10.0.1.250 netmask 255.255.255.255 broadcast 10.0.1.250 up
修改内核参数,可以写入开机脚本或sysctl.conf。(/etc/rc.local)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
RealServer2配置:
注:如果有路由器,需要将网关指向路由器
如路由器:eth0为公网地址  eth1为内网地址
route add default gw  eth1为内网地址
route add -host 10.0.1.251 dev lo:0
ifconfig lo:0 10.0.1.251 netmask 255.255.255.255 broadcast 10.0.1.251 up
修改内核参数,可以写入开机脚本或sysctl.conf。(/etc/rc.local)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p  使当前生效
脚本:
#!/bin/bash
VIP1=10.0.1.250
ROUTE=路由接口地址
start() {
ifconfig lo:0 $VIP1/32 broadcast $VIP up
route add -host $VIP1 dev lo:0
route add default gw $ROUTE
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo start;
}
stop() {
route del default gw $ROUTE
route del -host $VIP1 dev lo:0
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo stop;
}
case $1 in
start)
       start
       ;;
stop)
       stop
       ;;
restart)
       stop
       start
       ;;
*)
       echo 'start | stop'
esac
注:可将脚本放入/etc/init.d下,如:service vip start
解决无用的广播包太多,造成DR无法绑定vip
DR1上执行
iptables -F
iptables -A INPUT -m ttl --ttl-eq 255 -j REJECT
iptables -I INPUT -s 10.0.1.121 -j ACCEPT
DR2上执行
iptables -F
iptables -A INPUT -m ttl --ttl-eq 255 -j REJECT
iptables -I INPUT -s 10.0.1.120 -j ACCEPT