转:http://www.vpsa.net/?post=4
lvs + keepalived负载均衡上线差不多一年,非常稳定,没出过问题,就一次被机房ARP欺骗了'感情'!,做个笔记,顺便方便下大家.
首先要确定的是就一个keepalived.conf就可以搞定lvs + keeplived架构.不需要配置转发器.
环境:
lvs主: 192.168.1.201
lvs备: 192.168.1.202
vip1: 192.168.1.210
vip2: 192.168.1.211
这用到2个虚拟IP,比如网站用一个(www.abc.com),图片用一个(img.abc.com)。
real1: 192.168.1.203
real2: 192.168.1.204
安装:
运行 ln -s /usr/src/kernels/2.6.18-8.el5-i686 /usr/src/linux (对应好自己的系统内核)
ubuntu默认可能没内核文件夹,要apt-get,还有个就是keepalived重启脚本,我是用的apt-get install keepalived的,非常好用.
apt-cache search linux-headers-$(uname -r)
sudo apt-get install linux-headers-$(uname -r)
sudo find /usr -name '*linux-kernel*'
ls /usr/src/linux-kernel-headers-2.6.18/
sudo ln -s /usr/src/linux-kernel-headers-2.6.18/ /usr/src/linux
这个很关键,没有这个ipvsadm手动编译会报错,keepalived没运行这命令和运行命令后的结果不同,运行了才有lvs转发器功能.如下图没与有的编译结果:
如果Use IPVS Framework IPVS sync daemon support 不支持的话,转发器就没用,所以这必须注意的.
ipvsadm安装
#yum -y install ipvsadm 就可以了
keepalived安装
#./configure --prefix=/usr/local/keepalived
#make && make install
#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
#mkdir /etc/keepalived
然后lvs服务器 vi /etc/keepalived/keepalived.conf
keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER //从就改成BACKUP
interface eth0
virtual_router_id 51
priority 102 //从的权重要比102小就行
advert_int 1
authentication {
auth_type PASS
auth_pass 1234
}
virtual_ipaddress {
192.168.1.210
192.168.1.211
}
}
virtual_server 192.168.1.210 80 {
delay_loop 6 #(每隔6秒查询realserver状态)
lb_algo wrr #wrr 轮询方式
lb_kind DR #采用DR模式
persistence_timeout 50 #(同一IP的连接50秒内被分配到同一台realserver) 这个参数可解决session问题,但时间长不知道会不会影响性能,我设置过1200秒,好像没什么问题,可能是session应用得比较少。
protocol TCP #(用TCP协议检查realserver状态)
real_server 192.168.1.203 80 {
weight 3 #权重 3
TCP_CHECK {
connect_timeout 10 #(10秒无响应超时)
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 192.168.1.211 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.1.204 80 {
weight 3
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
参数说明:
state MASTER就是主服务器,BACKUP就是备服务器.
interface HA监测网络接口
virtual_router_id 虚拟路由ID,主备的ID必须相同.
mcast_src_ip (VRRP Multicast)广播源地址,分别取主,备机地址,不能取与virtual_ipaddress相同.
priority 主备机取不同的优先级,MASTER权值必须要大于BACKUP的权值(范围0-255).
advert_int 广播周期秒数,也就是切换间隔时间,值越小,切换间隔越短.
auth_type VRRP认证方式.
auth_pass VRRP认证密码.
virtual_ipaddress VIP地址.
没必要可以去掉这段邮件通知配置
global_defs {
notification_email {
[email protected] #收件地址
}
notification_email_from [email protected] #发件地址
smtp_server 127.0.0.1 #smtp服务器
smtp_connect_timeout 30 #连接smtp超时时间
router_id LVS_DEVEL
}
后端服务器(realserver)shell脚本:
lvs-real.sh
#!/bin/bash
VIP=192.168.1.210
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
基本就完了,如果后端是nginx注意配置虚拟主机的时候要 listen 80; 不要 listen ip:80,原因一看就都知道,配置完然后 ipvsadm -ln 看下运行状态
root@ubuntu-lvs01:~# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 129.63.117.102:80 wrr persistent 600
-> 129.63.117.134:80 Route 1 1127 453
TCP 129.63.117.103:80 wrr persistent 30
-> 129.63.117.137:80 Route 1 2621 861
-> 129.63.117.98:80 Route 1 2416 729
TCP 129.63.117.104:80 wrr persistent 30
-> 129.63.117.136:80 Route 3 7874 3168
-> 129.63.117.98:80 Route 1 2619 1095
如果就单纯的LVS可参考下 http://www.vpsa.net/?post=16 这样会更容易理解LVS里面参数的作用