LVS+keeplived
关于安装,选择的系统是CentOS5.4,Keepalived的版本是1.2.1。也试用centos5.5+keepalived1.2.2,但是没成功,由于刚刚接触,还有经验深入troubleshooting。
1.先安装LVS
系统光盘中有rpm包(ipvsadm-1.24-10.i386.rpm ),也可以使用yum安装。
2. 安装keepalived,
a. 下载源码,wget http://www.keepalived.org/software/keepalived-1.2.1.tar.gz
b. 解压缩,
c, 编译时,需要使用内核代码,先执行如下命令
ln -s /usr/src/kernels/2.6.18-164.el5-i686/ /usr/src/linux
否则,编译后,Use IPVS Framework 和IPVS sync daemon support 是No。
或者使用参数
./configure –prefix=/usr/local/keepalived –with-kernel-dir=/usr/src/kernels/2.6.18-164.el5-x86_64/
Keepalived configuration
------------------------
Keepalived version : 1.2.1
Compiler : gcc
Compiler flags : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : No
IPVS sync daemon support : No
Use VRRP Framework : Yes
Use Debug flags : No
3. 安装
# ./configure --prefix=/usr/local/keepalived
# make
# make install
4. 复制文件到相应系统对应目录
# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# mkdir /etc/keepalived
# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
5. 配置keepalived,使用NAT模式
编辑/usr/local/keepalived/etc/keepalived/keepalived.conf,此配置使用NAT模式,完成后copy到/etc/keepalived/, 因为默认使用这个目录的配置文件。
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- [email protected]
- [email protected]
- }
- notification_email_from [email protected]
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id LVS_MASTER
- }
- vrrp_sync_group VG1 {
- group {
- VI_1
- VI_GATEWAY
- }
- }
- vrrp_instance VI_1 {
- state BACKUP
- interface eth0
- lvs_sync_daemon_inteface eth0
- virtual_router_id 51
- priority 100
- advert_int 1
- smtp_alert
- authentication {
- auth_type PASS
- auth_pass example
- }
- virtual_ipaddress {
- 10.130.193.251
- }
- }
- vrrp_instance VI_GATEWAY {
- state BACKUP
- interface eth1
- lvs_sync_daemon_inteface eth1
- virtual_router_id 52
- priority 100
- advert_int 1
- smtp_alert
- authentication {
- auth_type PASS
- auth_pass example
- }
- virtual_ipaddress {
- 172.20.8.254
- }
- }
- virtual_server 10.130.193.251 80 {
- delay_loop 6
- lb_algo rr
- lb_kind NAT
- nat_mask 255.255.255.0
- persistence_timeout 1800
- protocol TCP
- real_server 172.20.8.237 80 {
- weight 1
- TCP_CHECK {
- connect_timeout 10
- nb_get_retry 3
- delay_before_retry 3
- connect_port 80
- }
- }
- }
6. 启动keepalived
由于使用NAT模式,需要IP转发,执行如下命令。
# echo 1 > /proc/sys/net/ipv4/ip_forward
#/etc/rc.d/init.d/keepalived start
6.1设置开机启动
| # vi /etc/rc.d/rc.local |
- #!/bin/sh
- #
- # This script will be executed *after* all the other init scripts.
- # You can put your own initialization stuff in here if you don't
- # want to do the full Sys V style init stuff.
- touch /var/lock/subsys/local
- echo 1 > /proc/sys/net/ipv4/ip_forward
| #chkconfig keepalived on |
6.2设置默认启动参数
默认启动参数是-D,修改/etc/sysconfig/keepalived来设置默认启动参数。
- # --dump-conf -d Dump the configuration data.
- # --log-detail -D Detailed log messages.
- # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
- #
- KEEPALIVED_OPTIONS="-D -d -S 0"
7. 查看log
使用参数启动keepalived,然后再查看/var/log/messages
#/usr/local/keepalived/sbin/keepalived -d -D
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Group(VG1) Syncing instances to BACKUP state
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Instance(VI_GATEWAY) Entering BACKUP STATE
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: VRRP_Instance(VI_GATEWAY) removing protocol VIPs.
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: Remote SMTP server [10.130.170.57:25] connected.
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: Netlink reflector reports IP 10.130.171.252 removed
Mar 3 15:35:56 VSHcentos5 Keepalived_vrrp: Netlink reflector reports IP 192.168.158.132 removed
8. 查看转发和连接
# ipvsadm
# ipvsadm -lcn
9. 在LVS的主机上启用NAT,可使real server主动访问非子网的资源
- # iptables -t nat -A POSTROUTING -s 172.20.8.0/24 -o eth0 -j SNAT --to 10.130.193.231
- # /etc/rc.d/init.d/iptables save