一開始粗枝大葉沒有注意到「LVS操做手冊」。fullnat模式下在配置keepalived的時候,與dr、nat、tun是有很大的區別的。
bash
這裏根據自身實戰的經驗和lvs操做手冊中的步驟,從新用本身的語言整理下:
服務器
注意不要安裝libnl libnl-devel,不然有報錯,若是沒遇到報錯也無所謂
ide
在完成fullnat內核編譯以後,咱們就能夠配置keepalived了:
oop
1、安裝keepalived、ipvsadmui
必需要用tools壓縮包中的來安裝,不要用其餘開源版本
spa
1.1 keepalived.net
cd tools/keepalived; ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"; make; make install;
cp -a bin/genhash /usr/local/bin/ cp -a bin/keepalived /sbin/ cp -a keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived cp -a keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf cp -a keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
1.2 ipvsadm
orm
cd tools/ipvsadm; make; make install;
2、系統自身參數配置
router
一、server
打開irqbalance # service irqbalance start # chkconfig --level 2345 irqbalance on
二、
路徑:/etc/sysctl.conf # configure for lvs net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.core.netdev_max_backlog = 500000
3、keepalived配置文件
3.1 使用主備模式部署
global部分
global_defs { notification_email { shanks@51cto.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL }
local address部分
#這部分官方推薦用多個ip地址,本次試驗就用服務器自身地址,若是須要用到多個地址,須要在rc.local中添加綁ip的命令。 local_address_group laddr_g1 { 192.168.122.101 #這裏能夠用本機的ip }
virtual server group部分
#看到這裏須要將vip和vport都聲明,這就是一個區別。 virtual_server_group shanks1 { 192.168.122.123 80 }
vrrp_sunc_group部分
vrrp_sync_group lvs_1 { group { VI_1 } notify_master /home/work/public/opbin/script/change_hostname_to_master.sh notify_backup /home/work/public/opbin/script/change_hostname_to_backup.sh smtp_alert }
vrrp instance 部分
vrrp_instance VI_1 { state BACKUP #主備都是backup interface eth0 virtual_router_id 156 priority 100 #備機上設置成10 advert_int 1 nopreempt FALSE #設置成切換不搶佔 authentication { auth_type PASS auth_pass wocao } virtual_ipaddress { 192.168.122.123 } }
virtual server部分
virtual_server 192.168.122.123 80 { delay_loop 6 lb_algo rr lb_kind FNAT protocol TCP syn_proxy laddr_group_name laddr_g1 #local address group real_server 172.16.122.123 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
最終的配置文件
! Configuration File for keepalived global_defs { notification_email { shanks@51cto.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } local_address_group laddr_g1 { 192.168.122.101 } virtual_server_group shanks1 { 192.168.122.123 80 } vrrp_sync_group lvs_1 { group { VI_1 } notify_master /home/work/public/opbin/script/change_hostname_to_master.sh notify_backup /home/work/public/opbin/script/change_hostname_to_backup.sh smtp_alert } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 156 priority 100 #備機上設置成10 advert_int 1 nopreempt FALSE authentication { auth_type PASS auth_pass wocao } virtual_ipaddress { 192.168.122.123 } } virtual_server 192.168.122.123 80 { delay_loop 6 lb_algo rr lb_kind FNAT protocol TCP syn_proxy laddr_group_name laddr_g1 #local address group real_server 172.16.122.123 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
3.2 使用集羣模式部署
global部分
global_defs { notification_email { shanks@51cto.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL }
local address部分
#這部分官方推薦用多個ip地址,本次試驗就用服務器自身地址,若是須要用到多個地址,須要在rc.local中添加綁ip的命令。 local_address_group laddr_g1 { 192.168.122.101 #這裏能夠用本機ip }
virtual server group部分
#看到這裏須要將vip和vport都聲明,這就是一個區別。 virtual_server_group shanks1 { 192.168.122.123 80 }
virtual server部分
virtual_server 192.168.122.123 80 { delay_loop 6 lb_algo rr lb_kind FNAT protocol TCP syn_proxy laddr_group_name laddr_g1 #local address group alpha omega #我通常是把這個註釋掉,不讓它去自動的del虛ip。 quorum 1 hysteresis 0 quorum_up " ip addr add 10.255.255.123/32 dev lo;" #add #quorum_up " ip addr add 10.255.255.123/32 dev lo; ip addr add 10.255.255.124/32 dev lo;" quorum_down "ip addr del 10.255.255.123/32 dev lo;" #del vip 我通常是把這個註釋掉,不讓它去自動的del虛ip。 real_server 172.16.122.123 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
最終的配置文件
! Configuration File for keepalived global_defs { notification_email { shanks@51cto.com } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } local_address_group laddr_g1 { 192.168.122.101 } virtual_server_group shanks1 { 192.168.122.123 80 } virtual_server 192.168.122.123 80 { delay_loop 6 lb_algo rr lb_kind FNAT protocol TCP syn_proxy laddr_group_name laddr_g1 #local address group alpha #omega quorum 1 hysteresis 0 quorum_up " ip addr add 10.255.255.123/32 dev lo;" #add #quorum_down "ip addr del 10.255.255.123/32 dev lo;" #del vip real_server 172.16.122.123 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
最後啓動keepalived。關於zebra、ospf後續補充
遇到的報錯:
一、#在安裝完keepalived以後,安裝ipvsadm的時候,遇到了以下的報錯: [root@lvs ipvsadm]# make make: *** Norule to make target `../keepalived/keepalived/libipvs-2.6/libipvs.a', needed by`ipvsadm'. Stop. [root@lvsipvsadm]# ll ../keepalived/keepalived/libipvs-2.6/libipvs.a ls: cannotaccess ../keepalived/keepalived/libipvs-2.6/libipvs.a: No such file ordirectory 解決辦法: 這是因爲使用http://shanks.blog.51cto.com/3899909/1387489這種方式打包的內核rpm,安裝時候沒有裝kernel-devel致使的,裝下就行了。
二、在make ipvsadm的時候遇到了以下的報錯: /usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:496: undefined reference to `nlmsg_free' ../keepalived/keepalived/libipvs-2.6/libipvs.a(libipvs.o): In function `ipvs_update_dest': /usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:467: undefined reference to `nlmsg_free' ../keepalived/keepalived/libipvs-2.6/libipvs.a(libipvs.o):/usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:437: more undefined references to `nlmsg_free' follow collect2: ld returned 1 exit status make: *** [ipvsadm] Error 1 解決辦法: 這是因爲服務器上安裝了libnl,卸載libnl、libnl-devel以後,從新編譯keepalived和ipvsadm便可。