系统环境:
centos64位系统
lvs-master:10.20.189.240
lvs-backup:10.20.189.241
vip:10.20.189.239
web1:10.20.189.242
web2:10.20.189.243
首先在lvs-master:10.20.189.240
[root@master ~]# cd /usr/local/src
[root@master ~]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz
[root@master ~]# wget http://www.keepalived.org/software/keepalived-1.2.7.tar.gz
[root@master ~]# tar -zxvf ipvsadm-1.24.tar.gz
[root@master ~]# cd ipvsadm-1.24
[root@master ~]# ln -s /usr/src/kernels/2.6.18-238.el5-x86_64/ /usr/src/linux
(32位系统用:ln -s /usr/src/kernels/2.6.18-194.el5-i686/ /usr/src/linux)
不加这个软连接的话,在执行make的时候会出现类似如下的错误编译信息:
libipvs.h:14:23: error: net/ip_vs.h: No such file or directory
查找下此文件 find / -name ip_vs.h 发现64位系统在这个目录下/usr/src/kernels/2.6.18-238.el5-x86_64,所以就有了前面的软连接
/usr/src/kernels/2.6.18-238.el5-x86_64/include/net/ip_vs.h
[root@master ~]# make && make install
[root@master ~]# cd ..
[root@master ~]# tar -zxvf keepalived-1.2.7.tar.gz
[root@master ~]# cd keepalived-1.2.7
[root@master ~]# ./configure --sysconf=/etc (指定配置文件的安装路径)
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files.
解决:
[root@master ~]# yum -y install openssl-devel
版本1.2.7的编译信息如下:
------------------------
Keepalived version : 1.2.7
Compiler : gcc
Compiler flags : -g -O2 -DETHERTYPE_IPV6=0x86dd
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : No
SNMP support : No
Use Debug flags : No
版本1.1.17的编译信息如下:
Keepalived configuration
------------------------
Keepalived version : 1.1.17
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
Use VRRP Framework : Yes
Use LinkWatch : No
Use Debug flags : No
[root@master ~]# make
[root@master ~]# make install
[root@master ~]# ln -s /usr/local/sbin/keepalived /sbin/
[root@master ~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server smtp.163.com
# smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER #备份服务器上将MASTER改为BACKUP
interface eth0
virtual_router_id 51
priority 100 # 备份服务器上将100改为90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.20.189.239
}
}
virtual_server 10.20.189.239 80 {
delay_loop 6 #(每隔10秒查询realserver状态)
lb_algo rr #(lvs 算法)
lb_kind DR #(Direct Route)
persistence_timeout 60 #(同一IP的连接60秒内被分配到同一台realserver)
protocol TCP #(用TCP协议检查realserver状态)
real_server 10.20.189.242 80 {
weight 3 #(权重)
TCP_CHECK {
connect_timeout 5 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.20.189.243 80 {
weight 3
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# service keepalived start
[root@master ~]# chkconfig --level 2345 keepalived on
lvs-backup对照lvs-master安装相应软件,注意keepalive.conf有细微区别
配置realserver 10.20.189.242
[root@web_1 ~]# yum install httpd -y
[root@web_1 ~]# /etc/init.d/httpd start
[root@web_1 ~]# vi /root/lvs_real.sh
#!/bin/bash
SNS_VIP=10.20.189.239
/etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $SNS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@web_1 ~]# chmod +x /root/lvs_real.sh
[root@web_1 ~]# /root/lvs_real.sh start
[root@web_1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:82:A5:C2
inet addr:10.20.189.242 Bcast:10.20.189.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25257 errors:0 dropped:0 overruns:0 frame:0
TX packets:7730 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12159312 (11.5 MiB) TX bytes:502344 (490.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1120 (1.0 KiB) TX bytes:1120 (1.0 KiB)
lo:0 Link encap:Local Loopback
inet addr:10.20.189.239 Mask:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
[root@web_1 ~]# echo "/root/lvs_real.sh start" >> /etc/rc.local
#LVS_master、LVS_backup上开启keepalived,LVS_master先绑定VIP
LVS_master:
[root@localhost keepalived]# ip add
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:64:7b:9f brd ff:ff:ff:ff:ff:ff
inet 10.20.189.240/23 brd 10.20.189.255 scope global eth0
inet 10.20.189.239/32 scope global eth0
LVS_backup:
[root@wpstest-9d9b39c keepalived]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:92:2d:e8 brd ff:ff:ff:ff:ff:ff
inet 10.20.189.241/23 brd 10.20.189.255 scope global eth0
#解析域名,测试访问,LVS转发
#测试关闭LVS_master,短暂的掉包后,LVS_backup马上接替工作
/etc/init.d/keepalived stop
LVS_backup接替LVS_master绑定VIP
[root@wpstest-9d9b39c keepalived]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:92:2d:e8 brd ff:ff:ff:ff:ff:ff
inet 10.20.189.241/23 brd 10.20.189.255 scope global eth0
inet 10.20.189.239/32 scope global eth0
LVS_master重启完成后,就会自动接回控制权,继续负责转发
#测试关闭其中一台realserver 10.20.189.242 /etc/init.d/httpd stop
通过上面测试可以知道,当realserver故障或者无法提供服务时,负载均衡器通过健康检查自动把失效的机器从转发队列删除掉,实现故障隔离,保证用户的访问不受影响
#重启被关闭的realserver
当realserver故障恢复后,负载均衡器通过健康检查自动把恢复后的机器添加到转发队列中