拓扑图:
环境: 4台服务器都是 redhat5.4
软件:keepalived-1.2.6、ipvsadm-1.2.4、nginx-1.5.2
配置:
node
tar -zxvf keepalived-1.2.6.tar.gz-C /usr/local/src/
cd /usr/local/src/keepalived-1.2.6/
cp /usr/local/etc/rc.d/init.d/keepalived/etc/init.d/
cp /usr/local/etc/sysconfig/keepalived/etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/sbin/keepalived /usr/sbin/
cp/usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
vim /etc/keepalived/keepalived.conf
yum install ipvsadm
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost }
notification_email_from root@localhost
smtp_server smtp.localhost
smtp_connect_timeout 30
router_id LVS_DEVEL
}
默认的配置文件中,使用第三方smtp服务器,但这在现实中几乎没有意义(需要验证的原因),我们将其指定为localhost,将通知信息的发送交给本地sendmail服务处理。查阅说明文档得知route_id配置是为了标识当前节点,当然两个节点的此项设置可相同,也可不相同。
vrrp_instance VI_1 {
state MASTER #指定A节点为主节点备用节点上设置为BACKUP即可
interface eth0 #绑定虚拟IP的网络接口
virtual_router_id 51 #VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组
priority 100 #主节点的优先级(1-254之间),备用节点必须比主节点优先级低
advert_int 1 #组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_typePASS
auth_pass 1111
}
virtual_ipaddress { #指定虚拟IP, 两个节点设置必须一样
222.22.49.4
#192.168.200.18/24
}
默认的配置文件中,竟然没有子网掩码,从而导致使用了默认子网掩码255.255.255.255,如果导致无法从其它机器访问虚拟IP(keepalived虚拟IP无法ping通)。
}
virtual_server 222.22.49.4 80 {
delay_loop 3
lb_algo rr
lb_kind TUN #有三种模式NAT 、DR 、TUN
protocol TCP
ha_suspend
real_server 211.10.10.2 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
real_server 124.202.148.15 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
}
测试及验证:拔掉节点A的网线,就发现虚拟IP已经绑定到节点B上,再恢复A节点的网线,虚拟IP又绑定回节点A之上。
为了实现更多的功能可以添加脚本
vrrp_script及track_script实现:
在keepalived的配置文件最前面加入以下代码,定义一个脚本:
vrrp_script check_local { #定义一个名称为check_local的检查脚本
script "/usr/local/keepalived/bin/check_local.sh" #shell脚本的路径
interval 5 #运行间隔
}
再在vrrp_instance配置中加入以下代码使用上面定义的脚本:
track_script {
check_local
}
我们在/usr/local/keepalived/bin/check_local.sh中写我们的脚本
realserver
搭建nginx环境参见http://zhoulinjun.blog.51cto.com/3911076/1253921
[root@localhost network-scripts]# vim/etc/rc.local
#!/bin/sh
#
# This script will be executed *after* allthe other init scripts.
# You can put your own initialization stuffin here if you don't
# want to do the full Sys V style initstuff.
touch /var/lock/subsys/local
route add -host 222.22.49.4 dev tunl0
/usr/local/nginx/sbin/nginx
[root@localhost network-scripts]# vim/etc/sysconfig/network-scripts/ifcfg-tunl0
TYPE=Ethernet
HWaddr=00:00:00:00:00:00
DEVICE=tunl0
BOOTPROTO=none
NETMASK=255.255.255.255
IPADDR=222.22.49.4
在windowsserver 2008 R2上做lvs/DR模式时
windows服务器配置:
在2008R2上添加了loopback adapter,配置VIP 222.22.49.4,掩码255.255.255.255 网关指定222.22.49.4。在windows 在两台windows上搭建好IIS,建立站点,需要输入一下命令:
netsh interface ipv4 set interface"net" weakhostreceive=enabled
netsh interface ipv4 set interface"net" weakhostsend=enabled
netsh interface ipv4 set interface"loopback" weakhostreceive=enabled
netsh interface ipv4 set interface"loopback" weakhostsend=enabled
测试:
[root@node1 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:ac:a9:e3 brd ff:ff:ff:ff:ff:ff inet 222.22.49.2/24 brd 222.22.49.255 scope global eth0 inet 222.22.49.4/32 scope global eth0 inet6 fe80::20c:29ff:feac:a9e3/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 |
[root@node2 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:06:bb:52 brd ff:ff:ff:ff:ff:ff inet 222.22.49.3/24 brd 222.22.49.255 scope global eth0 inet6 fe80::20c:29ff:fe06:bb52/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@node2 ~]# |
[root@node1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1(size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 222.22.49.4:http rr
-> 124.202.148.15:http Tunnel 1 1 1
-> 211.10.10.2:http Tunnel 1 1 2
[root@node1 ~]#
[root@localhost ~]#/usr/local/nginx/sbin/nginx -s stop
[root@node1 ~]# ipvsadm -l
IP Virtual Server version 1.2.1(size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 222.22.49.4:http rr
-> 124.202.148.15:http Tunnel 1 0 2
[root@node1 ~]#
[root@node1 ~]# service keepalived stop
[root@node1 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:ac:a9:e3 brd ff:ff:ff:ff:ff:ff inet 222.22.49.2/24 brd 222.22.49.255 scope global eth0 inet6 fe80::20c:29ff:feac:a9e3/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@node1 ~]# |
[root@node2 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:06:bb:52 brd ff:ff:ff:ff:ff:ff inet 222.22.49.3/24 brd 222.22.49.255 scope global eth0 inet 222.22.49.4/32 scope global eth0 inet6 fe80::20c:29ff:fe06:bb52/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@node2 ~]# |
[root@node2 ~]# ipvsadm -l
IP Virtual Server version 1.2.1(size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 222.22.49.4:http rr
-> 124.202.148.15:http Tunnel 1 1 1
[root@node2 ~]#