lvs/tun + keepalived

拓扑图:

环境 4台服务器都是 redhat5.4

软件keepalived-1.2.6ipvsadm-1.2.4nginx-1.5.2

配置:

node

tar -zxvf keepalived-1.2.6.tar.gz-C /usr/local/src/

cd /usr/local/src/keepalived-1.2.6/

cp /usr/local/etc/rc.d/init.d/keepalived/etc/init.d/

cp /usr/local/etc/sysconfig/keepalived/etc/sysconfig/

mkdir /etc/keepalived

cp /usr/local/sbin/keepalived /usr/sbin/

cp/usr/local/etc/keepalived/keepalived.conf /etc/keepalived/

vim /etc/keepalived/keepalived.conf

yum install ipvsadm



[root@node1 ~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived


global_defs {

 notification_email {

#    [email protected]

#   [email protected]

    root@localhost   }

 notification_email_from root@localhost

 smtp_server smtp.localhost

 smtp_connect_timeout 30

 router_id LVS_DEVEL

}

默认的配置文件中,使用第三方smtp服务器,但这在现实中几乎没有意义(需要验证的原因),我们将其指定为localhost,将通知信息的发送交给本地sendmail服务处理。查阅说明文档得知route_id配置是为了标识当前节点,当然两个节点的此项设置可相同,也可不相同。


vrrp_instance VI_1 {

  state MASTER        #指定A节点为主节点备用节点上设置为BACKUP即可

  interface eth0         #绑定虚拟IP的网络接口

  virtual_router_id 51   #VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP

  priority 100             #主节点的优先级(1-254之间),备用节点必须比主节点优先级低

  advert_int 1            #组播信息发送间隔,两个节点设置必须一样

  authentication {      #设置验证信息,两个节点必须一致

auth_typePASS

      auth_pass 1111

   }

  virtual_ipaddress {   #指定虚拟IP, 两个节点设置必须一样

      222.22.49.4

             #192.168.200.18/24

}

默认的配置文件中,竟然没有子网掩码,从而导致使用了默认子网掩码255.255.255.255,如果导致无法从其它机器访问虚拟IPkeepalived虚拟IP无法ping通)。

}

virtual_server 222.22.49.4 80 {

delay_loop 3

lb_algo rr

lb_kind TUN #有三种模式NAT DR TUN

protocol TCP

ha_suspend


real_server 211.10.10.2 80 {

weight 1

TCP_CHECK {

connect_port 80

connect_timeout 3

}

}

real_server 124.202.148.15 80 {

weight 1

TCP_CHECK {

connect_port 80

connect_timeout 3

}

}

}



测试及验证:拔掉节点A的网线,就发现虚拟IP已经绑定到节点B上,再恢复A节点的网线,虚拟IP又绑定回节点A之上。


为了实现更多的功能可以添加脚本

vrrp_scripttrack_script实现:

keepalived的配置文件最前面加入以下代码,定义一个脚本:

vrrp_script check_local { #定义一个名称为check_local的检查脚本


  script "/usr/local/keepalived/bin/check_local.sh" #shell脚本的路径


  interval 5  #运行间隔


}


再在vrrp_instance配置中加入以下代码使用上面定义的脚本:


track_script {


check_local


}


我们在/usr/local/keepalived/bin/check_local.sh中写我们的脚本










realserver

搭建nginx环境参见http://zhoulinjun.blog.51cto.com/3911076/1253921




[root@localhost network-scripts]# vim/etc/rc.local


#!/bin/sh

#

# This script will be executed *after* allthe other init scripts.

# You can put your own initialization stuffin here if you don't

# want to do the full Sys V style initstuff.


touch /var/lock/subsys/local

route add -host 222.22.49.4 dev tunl0

/usr/local/nginx/sbin/nginx



[root@localhost network-scripts]# vim/etc/sysconfig/network-scripts/ifcfg-tunl0


TYPE=Ethernet

HWaddr=00:00:00:00:00:00

DEVICE=tunl0

BOOTPROTO=none

NETMASK=255.255.255.255

IPADDR=222.22.49.4




windowsserver 2008 R2上做lvs/DR模式时

windows服务器配置:

2008R2上添加了loopback adapter,配置VIP 222.22.49.4,掩码255.255.255.255 网关指定222.22.49.4。在windows 在两台windows上搭建好IIS,建立站点,需要输入一下命令:

netsh interface ipv4 set interface"net" weakhostreceive=enabled

netsh interface ipv4 set interface"net" weakhostsend=enabled

netsh interface ipv4 set interface"loopback" weakhostreceive=enabled

netsh interface ipv4 set interface"loopback" weakhostsend=enabled



测试:




[root@node1 ~]#  ip add

1: lo:  <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd  00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft  forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:ac:a9:e3 brd  ff:ff:ff:ff:ff:ff

   inet 222.22.49.2/24 brd 222.22.49.255  scope global eth0

inet 222.22.49.4/32 scope global eth0

   inet6 fe80::20c:29ff:feac:a9e3/64 scope  link

      valid_lft forever preferred_lft  forever

3: sit0:  <NOARP> mtu 1480 qdisc noop

   link/sit 0.0.0.0  brd 0.0.0.0


[root@node2 ~]#  ip add

1: lo:  <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft  forever

2: eth0:  <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:06:bb:52 brd  ff:ff:ff:ff:ff:ff

   inet 222.22.49.3/24 brd 222.22.49.255  scope global eth0

   inet6 fe80::20c:29ff:fe06:bb52/64 scope  link

      valid_lft forever preferred_lft  forever

3: sit0:  <NOARP> mtu 1480 qdisc noop

   link/sit 0.0.0.0  brd 0.0.0.0

[root@node2 ~]#






[root@node1 ~]# ipvsadm -l

IP Virtual Server version 1.2.1(size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port          Forward Weight ActiveConn InActConn

TCP 222.22.49.4:http rr

-> 124.202.148.15:http         Tunnel  1      1         1        

-> 211.10.10.2:http            Tunnel  1      1         2        

[root@node1 ~]#






[root@localhost ~]#/usr/local/nginx/sbin/nginx -s stop

[root@node1 ~]# ipvsadm -l

IP Virtual Server version 1.2.1(size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port          Forward Weight ActiveConn InActConn

TCP 222.22.49.4:http rr

-> 124.202.148.15:http         Tunnel  1      0         2        

[root@node1 ~]#








[root@node1 ~]# service keepalived stop


[root@node1 ~]#  ip add

1: lo:  <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd  00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth0:  <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:ac:a9:e3 brd  ff:ff:ff:ff:ff:ff

   inet 222.22.49.2/24 brd 222.22.49.255  scope global eth0

   inet6 fe80::20c:29ff:feac:a9e3/64 scope  link

      valid_lft forever preferred_lft  forever

3: sit0:  <NOARP> mtu 1480 qdisc noop

   link/sit 0.0.0.0  brd 0.0.0.0

[root@node1 ~]#

[root@node2 ~]#  ip add

1: lo:  <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

   link/loopback 00:00:00:00:00:00 brd  00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

   inet6 ::1/128 scope host

      valid_lft forever preferred_lft  forever

2: eth0:  <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

   link/ether 00:0c:29:06:bb:52 brd  ff:ff:ff:ff:ff:ff

   inet 222.22.49.3/24 brd 222.22.49.255  scope global eth0

inet  222.22.49.4/32 scope global eth0

   inet6 fe80::20c:29ff:fe06:bb52/64 scope  link

      valid_lft forever preferred_lft  forever

3: sit0:  <NOARP> mtu 1480 qdisc noop

   link/sit 0.0.0.0  brd 0.0.0.0

[root@node2 ~]#



[root@node2 ~]# ipvsadm -l

IP Virtual Server version 1.2.1(size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port          Forward Weight ActiveConn InActConn

TCP 222.22.49.4:http rr

-> 124.202.148.15:http         Tunnel  1      1         1        

[root@node2 ~]#



你可能感兴趣的:(keepalived,LVS/TUN)