CentOS7 编译安装LVS 互为主备 (实测 笔记 Centos 7.0 + ipvsadm 1.27 + keepalived 1.2.15 )
时间:2016-04-10 00:24 来源:linux.it.net.cn 作者:IT
CentOS7 编译安装LVS 互为主备 (实测 笔记 Centos 7.0 + ipvsadm 1.27 + keepalived 1.2.15 )
环境:
系统硬件:vmware vsphere (CPU:2*4核,内存2G,双网卡)
LVS服务器(两台):
系统:Centos7.0 64位(LVS+keepalived)
LvsMaster:192.168.1.21 (主VIP:192.168.1.20 ,备VIP:192.168.1.18)
LvsBackup:192.168.1.22 (主VIP:192.168.1.18 ,备VIP:192.168.1.20)
Nginx服务器(三台):
系统:Centos7.0 64位(Nginx服务,VIP:192.168.1.18)
IIS01:192.168.1.31
IIS02:192.168.1.32
IIS03:192.168.1.33
IIS服务器(三台):
系统:Windwos2008R2 64位( IIS服务,VIP:192.168.1.20)
IIS01:192.168.1.41
IIS02:192.168.1.42
IIS03:192.168.1.43
安装步骤:
1.安装Web服务器(Linxu,nginx,主网卡接口名称:ens192)
此处以服务器:web01,IP地址为:192.168.1.31说明(另外两台参考此处)
1.1 安装系统(假定已经安装好系统,并且已经能够正常提供Nginx服务)
[root@web01 ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[root@web01 ~]# uname -rs
Linux 3.10.0-123.20.1.el7.x86_64
修改主机名
[root@web01 ~]# hostnamectl set-hostname web01
[root@web01 ~]# hostname
web01
[root@web01 ~]# ip add show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:94:02:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/24 brd 192.168.1.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe94:24a/64 scope link
valid_lft forever preferred_lft forever
[root@web01 ~]# curl http://192.168.1.31
<html>
<head>
<title>Web 01 10:43:18</title>
</head>
<body>
<h1>Web Server 01 index.html</h1>
<p>2015-03-17 10:43:18</p>
</body>
</html>
1.2 设置服务器,以支持vip访问
方法1:直接创建lo:0文件,并且绑定VIP(192.168.1.18)
[root@web01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
打开编辑器,输入以下内容
DEVICE=lo:0
IPADDR=192.168.1.18
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
保存、退出
重启
[root@web01 ~]# shutdown -r now
测试是否绑定VIP
[root@web01 ~]# ip add show lo:0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
解决ARP问题
[root@web01 ~]# vim /etc/sysctl.conf
打开编辑器,输入以下内容
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
保存、退出
设置即时生效
[root@web01 ~]# sysctl -f
设置说明
#arp_ignore=1,系统只回答目的IP为是本地IP的包。也就是对广播包不做响应。
#arp_announce=2,系统忽略IP包的源地址(source address),而根据目标主机(target host),选择本地地址。
#arp_ignore 限制arp应答。限制等级:
#0:对于其它设备 的arp请求,应答所有其它接口的上IP的arp应答
#1:对于其它设备的arp请求,只应答本接口上IP的arp应答
#arp_announce 限制arp通告。限制等级:
#0:在接口上通告所有接口上IP的arp广播
#1:对于其它设备的arp请求,在接口上尽量限制广播通告应答(不够严格)
#2:只通告本接口上IP的arp广播
方法2:通过命令绑定绑定VIP(192.168.1.18)
[root@web01 ~]# vim /usr/local/sbin/lvs_realserver.sh
打开编辑器,输入以下内容
#!/bin/bash
VIP=192.168.1.18
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
保存、退出
运行,查看是否生效,是否绑定VIP
[root@web01 ~]# /usr/local/sbin/lvs_realserver.sh start
[root@web01 ~]# ip add show lo:0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
设置自动启动
[root@web01 ~]# vim /etc/rc.d/rc.local
打开编辑器,添加以下内容
/usr/local/sbin/lvs_realserver.sh start
保存退出
设置运行权限(否则启动后,依然不会自动运行)
[root@web01 ~]#chmod 755 /etc/rc.d/rc.local
2.安装Web服务器(Windows2008r2,IIS,主网卡接口名称:本地连接)
此处以服务器:IIS01,IP地址为:192.168.1.41说明(另外两台参考此处)
2.1 安装系统(假定已经安装好系统,并且已经能够正常提供IIS服务)
IP地址:192.168.1.41
子网掩码:255.255.255.0
默认网关:192.168.1.1
首选DNS:192.168.1.1
网页内容:
<html>
<head>
<title>IIS 01 10:43:18</title>
</head>
<body>
<h1>IIS 01 index.html</h1>
<p>2015-03-17 10:43:18</p>
</body>
</html>
2.2 设置服务器,添加环回接口,以支持vip访问
打开设备管理器-右键服务器名-添加过时硬件-打开硬件添加向导
下一步-安装我手动从列表选择的硬件(高级)-下一步-打开安装的硬件类型
选择网络适配器-下一步
厂商选择(Microsoft),网络适配器选择(Microsoft Loopback Adapter)-下一步-下一步
点击完成
打开网络连接,修改Microsoft Loopback Adapter名称为realserver
打开realserverTCP/IPv4属性 修改IP地址
IP地址:192.168.1.20
子网掩码:255.255.255.255
确认退出
运行cmd 打开命令行提示符窗口
运行以下命令修改网卡接口(即本地连接)、环回接口(即realserver) 连接模式,用于解决ARP问题(否则TCP的状态会一直处于SYN_RECV 状态)
netsh interface ipv4 set interface "本地连接" weakhostreceive=enabled
netsh interface ipv4 set interface "本地连接" weakhostsend=enabled
netsh interface ipv4 set interface "realserver" weakhostreceive=enabled
netsh interface ipv4 set interface "realserver" weakhostsend=enabled
netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostsend=enabled
3.安装LVS服务器(Linxu,ipvsadm,keepalived,主网卡接口名称:ens160)
此处以服务器:lvs_master,IP地址为:192.168.1.21说明(lvs_backup 参考此处)
3.1.安装lvs_master
安装 CentOS-7.0-1406-x86_64-DVD.iso
3.2.更新
[root@centos ~]# yum update
[root@centos ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[root@centos ~]# uname -rs
Linux 3.10.0-123.20.1.el7.x86_64
3.3.安装基本软件包
[root@centos ~]# yum install vim wget lsof gcc gcc-c++ bzip2 -y
[root@centos ~]# yum install net-tools bind-utils -y
3.4.修改主机名
[root@localhost ~]# hostnamectl set-hostname lvs_master
[root@lvs_master ~]# hostname
lvs_master
3.5.修改IP地址
[root@lvs_master ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens160"
ONBOOT="yes"
HWADDR="00:50:56:94:46:f8"
IPADDR="192.168.1.21"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
确认修改,退出
lvs_backup服务器修改说明:
HWADDR="lvs_backup相应MAC地址"
IPADDR="192.168.1.22"
[root@lvs_master ~]# ifconfig ens160
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::250:56ff:fe94:204c prefixlen 64 scopeid 0x20<link>
ether 00:50:56:94:20:4c txqueuelen 1000 (Ethernet)
RX packets 41559 bytes 59971168 (57.1 MiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 27992 bytes 2121802 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.6.安装ipvsadm
[root@lvs_master ~]# yum install ipvsadm -y
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
ipvsadm x86_64 1.27-4.el7 base 44 k
事务概要
================================================================================
安装 1 软件包
[root@lvs_master ~]# ipvsadm --version
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)
[root@lvs_master ~]# lsmod | grep ip_vs
ip_vs 136674 0
nf_conntrack 101024 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 2 xfs,ip_vs
3.7.安装keepalived
[root@lvs_master src]# yum install kernel-devel -y
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
kernel-devel x86_64 3.10.0-123.20.1.el7 updates 8.9 M
事务概要
================================================================================
安装 1 软件包
[root@lvs_master src]# ls /usr/src/kernels/
3.10.0-123.20.1.el7.x86_64
[root@lvs_master src]# cd /usr/local/src
[root@lvs_master src]# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
[root@lvs_master src]# tar zvxf keepalived-1.2.15.tar.gz
[root@lvs_master src]# cd keepalived-1.2.15
[root@lvs_master keepalived-1.2.15]# yum install popt-devel popt-static libnl-devel openssl-devel iptraf -y
[root@lvs_master keepalived-1.2.15]# ./configure --sysconfdir=/etc/ --sbindir=/usr/sbin/ --with-kernel-dir=/usr/src/kernels/3.10.0-123.20.1.el7.x86_64/
Keepalived configuration
------------------------
Keepalived version : 1.2.15
Compiler : gcc
Compiler flags : -g -O2 -DFALLBACK_LIBNL1
Extra Lib : -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : No
SNMP support : No
SHA1 support
Use Debug flags : No
[root@lvs_master keepalived-1.2.15]# make && make install
[root@lvs_master keepalived-1.2.15]# /usr/sbin/keepalived --version
Keepalived v1.2.15 (03/06,2015)
[root@lvs_master keepalived-1.2.15]# systemctl status keepalived
keepalived.service - SYSV: Start and stop Keepalived
Loaded: loaded (/etc/rc.d/init.d/keepalived)
Active: inactive (dead)
3.8.配置keepalived
[root@lvs_master /]# vim /etc/keepalived/keepalived.conf
打开编辑,修改
! Configuration File for keepalived
global_defs {
notification_email {
me@vicowong.com #警报接收邮件
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER #lvs_backup 将LVS_MASTER修改为LVS_BACKUP
}
vrrp_instance VI_IIS {
state MASTER #lvs_backup将MASTER改为BACKUP
interface ens160 #HA监测网络接口
virtual_router_id 51 #主、备机的virtual_router_id一定要相同,必须相同!
priority 120 #lvs_backup将120改为80
advert_int 1 #VRRP Multicast广播周期秒数
authentication {
auth_type PASS #VRRP认证方式
auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.20 #LVS虚拟地址
}
}
virtual_server 192.168.1.20 80 {
delay_loop 2 #延时等待时间
lb_algo wrr #轮询算法
lb_kind DR #传输模式
persistence_timeout 1 #单一链接重连保持时间
protocol TCP
real_server 192.168.1.41 80 {
weight 100 #权重
TCP_CHECK { #realserve的状态检测设置部分,单位是秒
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.42 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.43 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_NGINX {
state BACKUP #lvs_backup上将BACKUP改为MASTER
interface ens160 #HA监测网络接口
virtual_router_id 53 #主、备机的virtual_router_id一定要相同,必须相同
priority 80 #lvs_backup上将80改为120
advert_int 1 #VRRP Multicast广播周期秒数
authentication {
auth_type PASS #VRRP认证方式
auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.18 #LVS虚拟地址
}
}
virtual_server 192.168.1.18 80 {
delay_loop 2 #延时等待时间
lb_algo wrr #轮询算法
lb_kind DR #传输模式
persistence_timeout 1 #单一链接重连保持时间
protocol TCP
real_server 192.168.1.31 80 {
weight 100 #权重
TCP_CHECK { #realserve的状态检测设置部分,单位是秒
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.32 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.33 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
3.9 修改系统配置文件
[root@lvs_master src]# vim /etc/sysctl.conf
打开编辑器,修改
net.ipv4.ip_forward = 1
#net.ipv4.conf.default.rp_filter = 1
#net.ipv4.conf.default.accept_source_route = 0
#ernel.sysrq = 0
#kernel.core_uses_pid = 1
保存,退出
运行生效
[root@lvs_master src]# sysctl -p
net.ipv4.ip_forward = 1
3.10.LVS运行测试(主备LVS服务器各出打开三个终端,共6个终端,每个单独运行以下一条命令,用于监测服务运行状态)
一个终端查看日志信息
[root@lvs_master src]# tail -f /var/log/messages
一个终端查看LVS当前设置
[root@lvs_master src]# watch ipvsadm -Ln
一个终端查看转发情况
[root@lvs_master src]# watch ipvsadm -Lnc
3.11.设置自动运行keepalived
[root@lvs_master /]# vim /etc/rc.d/rc.local
打开编辑器,添加以下内容
iptables -F
systemctl start keepalived
保存,退出
[root@lvs_master /]# chmod -x /etc/rc.d/rc.local
3.12.重启keepalived服务
[root@lvs_master /]# systemctl restart keepalived
信息可以在之前三个终端反映出来
3.13.关闭selinux
[root@lvs_master ~]# vim /etc/selinux/config
打开编辑器,屏蔽以下两行
#SELINUX=enforcing
#SELINUXTYPE=targeted
添加以下一行
SELINUXTYPE=disabled
保存退出
重启后,查询是否关闭(显示Disabled则表示关闭)
[root@lvs_master ~]# shutdown -r now
[root@lvs_master ~]# getenforce
Disabled
(责任编辑:IT)
| CentOS7 编译安装LVS 互为主备 (实测 笔记 Centos 7.0 + ipvsadm 1.27 + keepalived 1.2.15 ) 环境: 系统硬件:vmware vsphere (CPU:2*4核,内存2G,双网卡) LVS服务器(两台): 系统:Centos7.0 64位(LVS+keepalived) LvsMaster:192.168.1.21 (主VIP:192.168.1.20 ,备VIP:192.168.1.18) LvsBackup:192.168.1.22 (主VIP:192.168.1.18 ,备VIP:192.168.1.20) Nginx服务器(三台): 系统:Centos7.0 64位(Nginx服务,VIP:192.168.1.18) IIS01:192.168.1.31 IIS02:192.168.1.32 IIS03:192.168.1.33 IIS服务器(三台): 系统:Windwos2008R2 64位( IIS服务,VIP:192.168.1.20) IIS01:192.168.1.41 IIS02:192.168.1.42 IIS03:192.168.1.43 安装步骤: 1.安装Web服务器(Linxu,nginx,主网卡接口名称:ens192) 此处以服务器:web01,IP地址为:192.168.1.31说明(另外两台参考此处) 1.1 安装系统(假定已经安装好系统,并且已经能够正常提供Nginx服务) [root@web01 ~]# cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) [root@web01 ~]# uname -rs Linux 3.10.0-123.20.1.el7.x86_64 修改主机名 [root@web01 ~]# hostnamectl set-hostname web01 [root@web01 ~]# hostname web01 [root@web01 ~]# ip add show ens192 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:50:56:94:02:4a brd ff:ff:ff:ff:ff:ff inet 192.168.1.31/24 brd 192.168.1.255 scope global ens192 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe94:24a/64 scope link valid_lft forever preferred_lft forever [root@web01 ~]# curl http://192.168.1.31 <html> <head> <title>Web 01 10:43:18</title> </head> <body> <h1>Web Server 01 index.html</h1> <p>2015-03-17 10:43:18</p> </body> </html> 1.2 设置服务器,以支持vip访问 方法1:直接创建lo:0文件,并且绑定VIP(192.168.1.18) [root@web01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0 打开编辑器,输入以下内容 DEVICE=lo:0 IPADDR=192.168.1.18 NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback 保存、退出 重启 [root@web01 ~]# shutdown -r now 测试是否绑定VIP [root@web01 ~]# ip add show lo:0 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0 解决ARP问题 [root@web01 ~]# vim /etc/sysctl.conf 打开编辑器,输入以下内容 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 保存、退出 设置即时生效 [root@web01 ~]# sysctl -f 设置说明 #arp_ignore=1,系统只回答目的IP为是本地IP的包。也就是对广播包不做响应。 #arp_announce=2,系统忽略IP包的源地址(source address),而根据目标主机(target host),选择本地地址。 #arp_ignore 限制arp应答。限制等级: #0:对于其它设备 的arp请求,应答所有其它接口的上IP的arp应答 #1:对于其它设备的arp请求,只应答本接口上IP的arp应答 #arp_announce 限制arp通告。限制等级: #0:在接口上通告所有接口上IP的arp广播 #1:对于其它设备的arp请求,在接口上尽量限制广播通告应答(不够严格) #2:只通告本接口上IP的arp广播 方法2:通过命令绑定绑定VIP(192.168.1.18) [root@web01 ~]# vim /usr/local/sbin/lvs_realserver.sh 打开编辑器,输入以下内容 #!/bin/bash VIP=192.168.1.18 /etc/rc.d/init.d/functions case "$1" in start) ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP /sbin/route add -host $VIP dev lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >/dev/null 2>&1 echo "RealServer Start OK" ;; stop) ifconfig lo:0 down route del $VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "RealServer Stoped" ;; *) echo "Usage: $0 {start|stop}" exit 1 esac exit 0 保存、退出 运行,查看是否生效,是否绑定VIP [root@web01 ~]# /usr/local/sbin/lvs_realserver.sh start [root@web01 ~]# ip add show lo:0 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0 设置自动启动 [root@web01 ~]# vim /etc/rc.d/rc.local 打开编辑器,添加以下内容 /usr/local/sbin/lvs_realserver.sh start 保存退出 设置运行权限(否则启动后,依然不会自动运行) [root@web01 ~]#chmod 755 /etc/rc.d/rc.local 2.安装Web服务器(Windows2008r2,IIS,主网卡接口名称:本地连接) 此处以服务器:IIS01,IP地址为:192.168.1.41说明(另外两台参考此处) 2.1 安装系统(假定已经安装好系统,并且已经能够正常提供IIS服务) IP地址:192.168.1.41 子网掩码:255.255.255.0 默认网关:192.168.1.1 首选DNS:192.168.1.1 网页内容: <html> <head> <title>IIS 01 10:43:18</title> </head> <body> <h1>IIS 01 index.html</h1> <p>2015-03-17 10:43:18</p> </body> </html> 2.2 设置服务器,添加环回接口,以支持vip访问 打开设备管理器-右键服务器名-添加过时硬件-打开硬件添加向导 下一步-安装我手动从列表选择的硬件(高级)-下一步-打开安装的硬件类型 选择网络适配器-下一步 厂商选择(Microsoft),网络适配器选择(Microsoft Loopback Adapter)-下一步-下一步 点击完成 打开网络连接,修改Microsoft Loopback Adapter名称为realserver 打开realserverTCP/IPv4属性 修改IP地址 IP地址:192.168.1.20 子网掩码:255.255.255.255 确认退出 运行cmd 打开命令行提示符窗口 运行以下命令修改网卡接口(即本地连接)、环回接口(即realserver) 连接模式,用于解决ARP问题(否则TCP的状态会一直处于SYN_RECV 状态) netsh interface ipv4 set interface "本地连接" weakhostreceive=enabled netsh interface ipv4 set interface "本地连接" weakhostsend=enabled netsh interface ipv4 set interface "realserver" weakhostreceive=enabled netsh interface ipv4 set interface "realserver" weakhostsend=enabled netsh interface ipv4 set interface "loopback" weakhostreceive=enabled netsh interface ipv4 set interface "loopback" weakhostsend=enabled 3.安装LVS服务器(Linxu,ipvsadm,keepalived,主网卡接口名称:ens160) 此处以服务器:lvs_master,IP地址为:192.168.1.21说明(lvs_backup 参考此处) 3.1.安装lvs_master 安装 CentOS-7.0-1406-x86_64-DVD.iso 3.2.更新 [root@centos ~]# yum update [root@centos ~]# cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) [root@centos ~]# uname -rs Linux 3.10.0-123.20.1.el7.x86_64 3.3.安装基本软件包 [root@centos ~]# yum install vim wget lsof gcc gcc-c++ bzip2 -y [root@centos ~]# yum install net-tools bind-utils -y 3.4.修改主机名 [root@localhost ~]# hostnamectl set-hostname lvs_master [root@lvs_master ~]# hostname lvs_master 3.5.修改IP地址 [root@lvs_master ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" PEERDNS="yes" PEERROUTES="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_FAILURE_FATAL="no" NAME="ens160" ONBOOT="yes" HWADDR="00:50:56:94:46:f8" IPADDR="192.168.1.21" NETMASK="255.255.255.0" GATEWAY="192.168.1.1" 确认修改,退出 lvs_backup服务器修改说明: HWADDR="lvs_backup相应MAC地址" IPADDR="192.168.1.22" [root@lvs_master ~]# ifconfig ens160 ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::250:56ff:fe94:204c prefixlen 64 scopeid 0x20<link> ether 00:50:56:94:20:4c txqueuelen 1000 (Ethernet) RX packets 41559 bytes 59971168 (57.1 MiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 27992 bytes 2121802 (2.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 3.6.安装ipvsadm [root@lvs_master ~]# yum install ipvsadm -y ================================================================================ Package 架构 版本 源 大小 ================================================================================ 正在安装: ipvsadm x86_64 1.27-4.el7 base 44 k 事务概要 ================================================================================ 安装 1 软件包 [root@lvs_master ~]# ipvsadm --version ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1) [root@lvs_master ~]# lsmod | grep ip_vs ip_vs 136674 0 nf_conntrack 101024 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6 libcrc32c 12644 2 xfs,ip_vs 3.7.安装keepalived [root@lvs_master src]# yum install kernel-devel -y ================================================================================ Package 架构 版本 源 大小 ================================================================================ 正在安装: kernel-devel x86_64 3.10.0-123.20.1.el7 updates 8.9 M 事务概要 ================================================================================ 安装 1 软件包 [root@lvs_master src]# ls /usr/src/kernels/ 3.10.0-123.20.1.el7.x86_64 [root@lvs_master src]# cd /usr/local/src [root@lvs_master src]# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz [root@lvs_master src]# tar zvxf keepalived-1.2.15.tar.gz [root@lvs_master src]# cd keepalived-1.2.15 [root@lvs_master keepalived-1.2.15]# yum install popt-devel popt-static libnl-devel openssl-devel iptraf -y [root@lvs_master keepalived-1.2.15]# ./configure --sysconfdir=/etc/ --sbindir=/usr/sbin/ --with-kernel-dir=/usr/src/kernels/3.10.0-123.20.1.el7.x86_64/ Keepalived configuration ------------------------ Keepalived version : 1.2.15 Compiler : gcc Compiler flags : -g -O2 -DFALLBACK_LIBNL1 Extra Lib : -lssl -lcrypto -lcrypt -lnl Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : Yes fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : No SNMP support : No SHA1 support Use Debug flags : No [root@lvs_master keepalived-1.2.15]# make && make install [root@lvs_master keepalived-1.2.15]# /usr/sbin/keepalived --version Keepalived v1.2.15 (03/06,2015) [root@lvs_master keepalived-1.2.15]# systemctl status keepalived keepalived.service - SYSV: Start and stop Keepalived Loaded: loaded (/etc/rc.d/init.d/keepalived) Active: inactive (dead) 3.8.配置keepalived [root@lvs_master /]# vim /etc/keepalived/keepalived.conf 打开编辑,修改 ! Configuration File for keepalived global_defs { notification_email { me@vicowong.com #警报接收邮件 } notification_email_from root@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_MASTER #lvs_backup 将LVS_MASTER修改为LVS_BACKUP } vrrp_instance VI_IIS { state MASTER #lvs_backup将MASTER改为BACKUP interface ens160 #HA监测网络接口 virtual_router_id 51 #主、备机的virtual_router_id一定要相同,必须相同! priority 120 #lvs_backup将120改为80 advert_int 1 #VRRP Multicast广播周期秒数 authentication { auth_type PASS #VRRP认证方式 auth_pass 1111 #VRRP口令字 } virtual_ipaddress { 192.168.1.20 #LVS虚拟地址 } } virtual_server 192.168.1.20 80 { delay_loop 2 #延时等待时间 lb_algo wrr #轮询算法 lb_kind DR #传输模式 persistence_timeout 1 #单一链接重连保持时间 protocol TCP real_server 192.168.1.41 80 { weight 100 #权重 TCP_CHECK { #realserve的状态检测设置部分,单位是秒 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.1.42 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.1.43 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } vrrp_instance VI_NGINX { state BACKUP #lvs_backup上将BACKUP改为MASTER interface ens160 #HA监测网络接口 virtual_router_id 53 #主、备机的virtual_router_id一定要相同,必须相同 priority 80 #lvs_backup上将80改为120 advert_int 1 #VRRP Multicast广播周期秒数 authentication { auth_type PASS #VRRP认证方式 auth_pass 1111 #VRRP口令字 } virtual_ipaddress { 192.168.1.18 #LVS虚拟地址 } } virtual_server 192.168.1.18 80 { delay_loop 2 #延时等待时间 lb_algo wrr #轮询算法 lb_kind DR #传输模式 persistence_timeout 1 #单一链接重连保持时间 protocol TCP real_server 192.168.1.31 80 { weight 100 #权重 TCP_CHECK { #realserve的状态检测设置部分,单位是秒 connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.1.32 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.1.33 80 { weight 100 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } 3.9 修改系统配置文件 [root@lvs_master src]# vim /etc/sysctl.conf 打开编辑器,修改 net.ipv4.ip_forward = 1 #net.ipv4.conf.default.rp_filter = 1 #net.ipv4.conf.default.accept_source_route = 0 #ernel.sysrq = 0 #kernel.core_uses_pid = 1 保存,退出 运行生效 [root@lvs_master src]# sysctl -p net.ipv4.ip_forward = 1 3.10.LVS运行测试(主备LVS服务器各出打开三个终端,共6个终端,每个单独运行以下一条命令,用于监测服务运行状态) 一个终端查看日志信息 [root@lvs_master src]# tail -f /var/log/messages 一个终端查看LVS当前设置 [root@lvs_master src]# watch ipvsadm -Ln 一个终端查看转发情况 [root@lvs_master src]# watch ipvsadm -Lnc 3.11.设置自动运行keepalived [root@lvs_master /]# vim /etc/rc.d/rc.local 打开编辑器,添加以下内容 iptables -F systemctl start keepalived 保存,退出 [root@lvs_master /]# chmod -x /etc/rc.d/rc.local 3.12.重启keepalived服务 [root@lvs_master /]# systemctl restart keepalived 信息可以在之前三个终端反映出来 3.13.关闭selinux [root@lvs_master ~]# vim /etc/selinux/config 打开编辑器,屏蔽以下两行 #SELINUX=enforcing #SELINUXTYPE=targeted 添加以下一行 SELINUXTYPE=disabled 保存退出 重启后,查询是否关闭(显示Disabled则表示关闭) [root@lvs_master ~]# shutdown -r now [root@lvs_master ~]# getenforce Disabled (责任编辑:IT) |