[root@localhost soft]# uname -a
Linux localhost.localdomain 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost soft]# cat /etc/redhat-release
CentOS release 6.5 (Final)html
LVS版本:ipvsadm-1.26
keepalived版本:keepalived-1.2.4
popt-static:popt-static-1.13-7.el6.x86_64.rpm
[root@localhost soft]# yum install popt*
http://linux.linuxidc.com/2012%E5%B9%B4%E8%B5%84%E6%96%99/3%E6%9C%88/24%E6%97%A5/%E8%A7%A3%E5%86%B3CentOS%206.2%E4%B8%8B%E5%AE%89%E8%A3%85ipvsadm-1.26%E6%8A%A5%E9%94%99/
免費下載地址在 http://linux.linuxidc.com/
用戶名與密碼都是www.linuxidc.com
具體下載目錄在 /2012年資料/3月/24日/解決CentOS 6.2下安裝ipvsadm-1.26報錯/
ln -s /usr/src/kernels/2.6.32-279.el6.i686//usr/src/linux/
ip規劃
對外vip192.168.88.100
LVS1linux
[root@localhost ipvsadm-1.26]# rpm -qa | grep popt
popt-1.13-7.el6.x86_64
popt-static-1.13-7.el6.x86_64
popt-devel-1.13-7.el6.x86_64
[root@localhost ipvsadm-1.26]# rpm -qa | grep libnl
libnl-1.1.4-2.el6.x86_64
libnl-devel-1.1.4-2.el6.x86_64
[root@localhost soft]# cd ipvsadm-1.26
[root@localhost soft]# tar -zxf ipvsadm-1.26.tar.gz
[root@localhost ipvsadm-1.26]# make && make installweb
[root@localhost ~]# lsmod |grep ip_vs
ip_vs_rr 1420 0
ip_vs 125220 2 ip_vs_rr
libcrc32c 1246 1 ip_vs
ipv6 317340 144 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
echo "1">/proc/sys/net/ipv4/ip_forward
[root@localhost ~]# ifconfig eth1:1 192.168.88.100 netmask 255.255.255.0 up
或者
[root@localhost ~]# ifconfig eth1:1 192.168.88.100 netmask 255.255.255.255 up
[root@localhost ~]# route add -host 192.168.88.100 dev eth1
[root@localhost ~]#ipvsadm -C
[root@localhost ~]#ipvsadm -A -t 192.168.88.100:80 -s rr -p 600
[root@localhost ~]#ipvsadm -a -t 192.168.88.100:80 -r 192.168.88.147:80 -g
[root@localhost ~]#ipvsadm -a -t 192.168.88.100:80 -r 192.168.88.149:80 -g
[root@localhost ~]# ipvsadm -L -n --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.88.100:80 0 0 0 0 0
-> 192.168.60.149:80 0 0 0 0 0
-> 192.168.88.147:80 0 0 0 0 0vim
LVS服務器
REALSERVER
[root@localhost ~]# ifconfig lo:0 192.168.88.100 netmask 255.255.255.255 up
[root@localhost ~]# route add -host 192.168.88.100 dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
上面操做中,第一行是清除內核虛擬服務器列表中的全部記錄,第二行是添加一條新的虛擬IP記錄。這個新的IP是192.168.60.200,
同時指定 持續服務時間爲600秒。第3、四行是在新加虛擬IP記錄中添加兩條新的Real Server記錄,而且指定LVS 的工做模式爲直接路由模式。
查看ipv列表狀態: watch ipvsadm -ln
修改/etc/selinux/config 文件
將SELINUX=enforcing改成SELINUX=disabled
yum install openssl-devel
[root@localhost soft]# wget http://www.keepalived.org/software/keepalived-1.2.4.tar.gz
[root@localhost soft]# tar zxvf keepalived-1.2.4.tar.gz
[root@localhost soft]# cd keepalived-1.2.4
[root@localhost keepalived-1.2.4]# ./configure && make && make install
######### 將keepalived作成啓動服務,方便管理##########
[root@localhost keepalived-1.2.4]# mkdir /etc/keepalived/
[root@localhost keepalived-1.2.4]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
[root@localhost keepalived-1.2.4]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@localhost keepalived-1.2.4]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@localhost keepalived-1.2.4]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@localhost keepalived-1.2.4]# service keepalived startcookie
二、開啓路由轉發
[root@localhost keepalived-1.2.4]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
root@localhost keepalived-1.2.4]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296負載均衡
三、配置Keepalived vi /etc/keepalived/keepalived.conf
! Configuration File for keepaliveddom
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_MASTER #BACKUP上修改成LVS_BACKUP
}tcp
vrrp_instance VI_1 {
state MASTER #BACKUP上修改成BACKUP
interface eth1
virtual_router_id 51
priority 100 #BACKUP上修改成80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.100
}
}
vrrp_instance LAN_GATEWAY {
state MASTER #BACKUP上修改成LVS_BACKUP
interface eth2
virtual_router_id 52
priority 100 #BACKUP上修改成80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.2
}
}oop
virtual_server 192.168.88.100 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.88.147 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.88.148 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
BACKUP服務器同上配置,先安裝lvs再安裝keepalived,而後配置/etc/keepalived/keepalived.conf,只需將批註部分改一下便可。
、LVS負載均衡配置
ifconfig eth1:0 192.168.88.100 netmask 255.255.255.255 broadcast 192.168.88.255 up
route add -host 192.168.10.3 dev eth1:0
ipvsadm -C
ipvsadm -A -t 192.168.10.3:8080 -s rr
# Set Real Server
ipvsadm -a -t 192.168.10.3:8080 -r 192.168.10.7:8080 -g
ipvsadm -a -t 192.168.10.3:8080 -r 192.168.10.11:8080 -g
ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port
Forward Weight ActiveConn InActConn
TCP
192.168.10.3:webcache wrr
-> 192.168.10.11:webcache
Route
-> 192.168.10.7:webcache
另外每臺
Real Server
上要執行以下命令:
ifconfig lo:0 192.168.10.3 netmask 255.255.255.255 broadcast 192.168.10.255 up
route add -host 192.168.10.3 dev lo:0
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p http://www.cnblogs.com/mchina/archive/2012/08/27/2644391.html http://blog.chinaunix.net/uid-20794164-id-1840738.html