安装约定
LVS-VIP:192.168.1.4
LVS-NVIP:10.0.0.1
LVS-MASTER:
eth0:192.168.1.10
eth1:10.0.0.10
LVS-BACKUP:
eth0:192.168.1.11
eth1:10.0.0.11
WEB-1-REAL_SERVER:
eth0:192.168.1.20
WEB-2-REAL-SERVER:
eth0:192.168.1.21
在LVS-MASTER服务器上配置keepalived.conf
# vim /etc/keepalived/keepalived.conf
添加如下内容:
! Configuration File for keepalived
global_defs {
notification_email {
example@163.com
#failover@firewall.loc
#sysadmin@firewall.loc
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER
}
vrrp_sync_group VG_1 {
group {
VI_1
LAN_GATEWAY
}
smtp_alter
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.4
}
}
vrrp_instance LAN_GATEWAY {
state MASTER
interface eth1
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.1
}
}
virtual_server 192.168.1.4 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
#nat_mask 255.255.255.0
#persistence_timeout 50
protocol TCP
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /index.html
digest 0f3de760c7994ccd23ba4939fa7643be
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.21 80 {
weight 1
HTTP_GET {
url {
path /index.html
digest 32573d481e3fabd0311eca63555022af
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在LVS-BACKUP服务器上配置keepalived.conf
# vim /etc/keepalived/keepalived.conf
添加如下内容
! Configuration File for keepalived
global_defs {
notification_email {
example@163.com
#failover@firewall.loc
#sysadmin@firewall.loc
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_BACKUP
}
vrrp_sync_group VG_1 {
group {
VI_1
LAN_GATEWAY
}
smtp_alter
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.4
}
}
vrrp_instance LAN_GATEWAY {
state BACKUP
interface eth1
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.1
}
}
virtual_server 192.168.1.4 80 {
delay_loop 6
lb_algo rr
lb_kind NAT
#persistence_timeout 50
protocol TCP
real_server 10.0.0.20 80 {
weight 1
HTTP_GET {
url {
path /index.html
digest 0f3de760c7994ccd23ba4939fa7643be
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.21 80 {
weight 1
HTTP_GET {
url {
path /index.html
digest 32573d481e3fabd0311eca63555022af
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在主备lvs服务器上打开路由转发
# vim /etc/sysctl.conf
修改net.ipv4.ip_forward = 0 为 net.ipv4.ip_forward = 1
# sysctl -p
在realserver上配置eth0网卡ip
IPADDR=10.0.0.20 NETMASK=255.255.255.0 GATEWAY=10.0.0.1 DNS1=202.96.134.133 DNS2=202.96.128.86
配置dns的作用主要是为了上网,后面会用到,第二台realserver请将10.0.0.20改为10.0.0.21即可,关键是网关要设置为nvip地址10.0.0.1
启动集群
分别启动主备服务器的keepalived服务
# service keepalived start
说明:
采用HTTP_GET方式而没有采用TCP_CHECK的原因是,如果后端web响应为502等错误时,并不能正确踢掉不可用服务器。digest数据其实是网页的md5值,获取方式为在lvs服务器genhash -s 192.168.20.2 -p 80 -u /index.html 或在realserver服务器上md5sum index.html即可
如果后端服务器要上网,请在lvs服务器配置启动iptables,并配置如下防火墙规则即可
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.4
如果是非静态ip,请配置如下规则,但是比较占用资源
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE