环境:
系统硬件:vmware vsphere (CPU:2*4核,内存2G,双网卡)
LVS服务器(两台):
系统:Centos7.0 64位(LVS+keepalived)
LvsMaster:192.168.1.21 (主VIP:192.168.1.20 ,备VIP:192.168.1.18)
LvsBackup:192.168.1.22 (主VIP:192.168.1.18 ,备VIP:192.168.1.20)
Nginx服务器(三台):
系统:Centos7.0 64位(Nginx服务,VIP:192.168.1.18)
IIS01:192.168.1.31
IIS02:192.168.1.32
IIS03:192.168.1.33
IIS服务器(三台):
系统:Windwos2008R2 64位( IIS服务,VIP:192.168.1.20)
IIS01:192.168.1.41
IIS02:192.168.1.42
IIS03:192.168.1.43
安装步骤:
1.安装Web服务器(Linxu,nginx,主网卡接口名称:ens192)
此处以服务器:web01,IP地址为:192.168.1.31说明(另外两台参考此处)
1.1 安装系统(假定已经安装好系统,并且已经能够正常提供Nginx服务)
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[[email protected] ~]# uname -rs
Linux 3.10.0-123.20.1.el7.x86_64
修改主机名
[[email protected] ~]# hostnamectl set-hostname web01
[[email protected] ~]# hostname
web01
[[email protected] ~]# ip add show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:94:02:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.31/24 brd 192.168.1.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe94:24a/64 scope link
valid_lft forever preferred_lft forever
[[email protected] ~]# curl http://192.168.1.31
<html>
<head>
<title>Web 01 10:43:18</title>
</head>
<body>
<h1>Web Server 01 index.html</h1>
<p>2015-03-17 10:43:18</p>
</body>
</html>
1.2 设置服务器,以支持vip访问
方法1:直接创建lo:0文件,并且绑定VIP(192.168.1.18)
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo:0
打开编辑器,输入以下内容
DEVICE=lo:0
IPADDR=192.168.1.18
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback
保存、退出
重启
[[email protected] ~]# shutdown -r now
测试是否绑定VIP
[[email protected] ~]# ip add show lo:0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
解决ARP问题
[[email protected] ~]# vim /etc/sysctl.conf
打开编辑器,输入以下内容
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
保存、退出
设置即时生效
[[email protected] ~]# sysctl -f
设置说明
#arp_ignore=1,系统只回答目的IP为是本地IP的包。也就是对广播包不做响应。
#arp_announce=2,系统忽略IP包的源地址(source address),而根据目标主机(target host),选择本地地址。
#arp_ignore 限制arp应答。限制等级:
#0:对于其它设备 的arp请求,应答所有其它接口的上IP的arp应答
#1:对于其它设备的arp请求,只应答本接口上IP的arp应答
#arp_announce 限制arp通告。限制等级:
#0:在接口上通告所有接口上IP的arp广播
#1:对于其它设备的arp请求,在接口上尽量限制广播通告应答(不够严格)
#2:只通告本接口上IP的arp广播
方法2:通过命令绑定绑定VIP(192.168.1.18)
[[email protected] ~]# vim /usr/local/sbin/lvs_realserver.sh
打开编辑器,输入以下内容
#!/bin/bash
VIP=192.168.1.18
/etc/rc.d/init.d/functions
case "$1" in
start)
ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add -host $VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
ifconfig lo:0 down
route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
保存、退出
运行,查看是否生效,是否绑定VIP
[[email protected] ~]# /usr/local/sbin/lvs_realserver.sh start
[[email protected] ~]# ip add show lo:0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
显示绑定即inet 192.168.1.18/32 brd 192.168.1.18 scope global lo:0
设置自动启动
[[email protected] ~]# vim /etc/rc.d/rc.local
打开编辑器,添加以下内容
/usr/local/sbin/lvs_realserver.sh start
保存退出
设置运行权限(否则启动后,依然不会自动运行)
[[email protected] ~]#chmod 755 /etc/rc.d/rc.local
2.安装Web服务器(Windows2008r2,IIS,主网卡接口名称:本地连接)
此处以服务器:IIS01,IP地址为:192.168.1.41说明(另外两台参考此处)
2.1 安装系统(假定已经安装好系统,并且已经能够正常提供IIS服务)
IP地址:192.168.1.41
子网掩码:255.255.255.0
默认网关:192.168.1.1
首选DNS:192.168.1.1
网页内容:
<html>
<head>
<title>IIS 01 10:43:18</title>
</head>
<body>
<h1>IIS 01 index.html</h1>
<p>2015-03-17 10:43:18</p>
</body>
</html>
2.2 设置服务器,添加环回接口,以支持vip访问
打开设备管理器-右键服务器名-添加过时硬件-打开硬件添加向导
下一步-安装我手动从列表选择的硬件(高级)-下一步-打开安装的硬件类型
选择网络适配器-下一步
厂商选择(Microsoft),网络适配器选择(Microsoft Loopback Adapter)-下一步-下一步
点击完成
打开网络连接,修改Microsoft Loopback Adapter名称为realserver
打开realserverTCP/IPv4属性 修改IP地址
IP地址:192.168.1.20
子网掩码:255.255.255.255
确认退出
运行cmd 打开命令行提示符窗口
运行以下命令修改网卡接口(即本地连接)、环回接口(即realserver) 连接模式,用于解决ARP问题(否则TCP的状态会一直处于SYN_RECV 状态)
netsh interface ipv4 set interface "本地连接" weakhostreceive=enabled
netsh interface ipv4 set interface "本地连接" weakhostsend=enabled
netsh interface ipv4 set interface "realserver" weakhostreceive=enabled
netsh interface ipv4 set interface "realserver" weakhostsend=enabled
netsh interface ipv4 set interface "loopback" weakhostreceive=enabled
netsh interface ipv4 set interface "loopback" weakhostsend=enabled
3.安装LVS服务器(Linxu,ipvsadm,keepalived,主网卡接口名称:ens160)
此处以服务器:lvs_master,IP地址为:192.168.1.21说明(lvs_backup 参考此处)
3.1.安装lvs_master
安装 CentOS-7.0-1406-x86_64-DVD.iso
3.2.更新
[[email protected] ~]# yum update
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[[email protected] ~]# uname -rs
Linux 3.10.0-123.20.1.el7.x86_64
3.3.安装基本软件包
[[email protected] ~]# yum install vim wget lsof gcc gcc-c++ bzip2 -y
[[email protected] ~]# yum install net-tools bind-utils -y
3.4.修改主机名
[[email protected] ~]# hostnamectl set-hostname lvs_master
[[email protected]_master ~]# hostname
lvs_master
3.5.修改IP地址
[[email protected]_master ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="ens160"
ONBOOT="yes"
HWADDR="00:50:56:94:46:f8"
IPADDR="192.168.1.21"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
确认修改,退出
lvs_backup服务器修改说明:
HWADDR="lvs_backup相应MAC地址"
IPADDR="192.168.1.22"
[[email protected]_master ~]# ifconfig ens160
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::250:56ff:fe94:204c prefixlen 64 scopeid 0x20<link>
ether 00:50:56:94:20:4c txqueuelen 1000 (Ethernet)
RX packets 41559 bytes 59971168 (57.1 MiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 27992 bytes 2121802 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.6.安装ipvsadm
[[email protected]_master ~]# yum install ipvsadm -y
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
ipvsadm x86_64 1.27-4.el7 base 44 k
事务概要
================================================================================
安装 1 软件包
[[email protected]_master ~]# ipvsadm --version
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)
[[email protected]_master ~]# lsmod | grep ip_vs
ip_vs 136674 0
nf_conntrack 101024 9 ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 2 xfs,ip_vs
3.7.安装keepalived
[[email protected]_master src]# yum install kernel-devel -y
================================================================================
Package 架构 版本 源 大小
================================================================================
正在安装:
kernel-devel x86_64 3.10.0-123.20.1.el7 updates 8.9 M
事务概要
================================================================================
安装 1 软件包
[[email protected]_master src]# ls /usr/src/kernels/
3.10.0-123.20.1.el7.x86_64
[[email protected]_master src]# cd /usr/local/src
[[email protected]_master src]# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
[[email protected]_master src]# tar zvxf keepalived-1.2.15.tar.gz
[[email protected]_master src]# cd keepalived-1.2.15
[[email protected]_master keepalived-1.2.15]# yum install popt-devel popt-static libnl-devel openssl-devel iptraf -y
[[email protected]_master keepalived-1.2.15]# ./configure --sysconfdir=/etc/ --sbindir=/usr/sbin/ --with-kernel-dir=/usr/src/kernels/3.10.0-123.20.1.el7.x86_64/
Keepalived configuration
------------------------
Keepalived version : 1.2.15
Compiler : gcc
Compiler flags : -g -O2 -DFALLBACK_LIBNL1
Extra Lib : -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : No
SNMP support : No
SHA1 support
Use Debug flags : No
[[email protected]_master keepalived-1.2.15]# make && make install
[[email protected]_master keepalived-1.2.15]# /usr/sbin/keepalived --version
Keepalived v1.2.15 (03/06,2015)
[[email protected]_master keepalived-1.2.15]# systemctl status keepalived
keepalived.service - SYSV: Start and stop Keepalived
Loaded: loaded (/etc/rc.d/init.d/keepalived)
Active: inactive (dead)
3.8.配置keepalived
[[email protected]_master /]# vim /etc/keepalived/keepalived.conf
打开编辑,修改
! Configuration File for keepalived
global_defs {
notification_email {
[email protected] #警报接收邮件
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER #lvs_backup 将LVS_MASTER修改为LVS_BACKUP
}
vrrp_instance VI_IIS {
state MASTER #lvs_backup将MASTER改为BACKUP
interface ens160 #HA监测网络接口
virtual_router_id 51 #主、备机的virtual_router_id一定要相同,必须相同!
priority 120 #lvs_backup将120改为80
advert_int 1 #VRRP Multicast广播周期秒数
authentication {
auth_type PASS #VRRP认证方式
auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.20 #LVS虚拟地址
}
}
virtual_server 192.168.1.20 80 {
delay_loop 2 #延时等待时间
lb_algo wrr #轮询算法
lb_kind DR #传输模式
persistence_timeout 1 #单一链接重连保持时间
protocol TCP
real_server 192.168.1.41 80 {
weight 100 #权重
TCP_CHECK { #realserve的状态检测设置部分,单位是秒
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.42 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.43 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
vrrp_instance VI_NGINX {
state BACKUP #lvs_backup上将BACKUP改为MASTER
interface ens160 #HA监测网络接口
virtual_router_id 53 #主、备机的virtual_router_id一定要相同,必须相同
priority 80 #lvs_backup上将80改为120
advert_int 1 #VRRP Multicast广播周期秒数
authentication {
auth_type PASS #VRRP认证方式
auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.18 #LVS虚拟地址
}
}
virtual_server 192.168.1.18 80 {
delay_loop 2 #延时等待时间
lb_algo wrr #轮询算法
lb_kind DR #传输模式
persistence_timeout 1 #单一链接重连保持时间
protocol TCP
real_server 192.168.1.31 80 {
weight 100 #权重
TCP_CHECK { #realserve的状态检测设置部分,单位是秒
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.32 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.33 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
3.9 修改系统配置文件
[[email protected]_master src]# vim /etc/sysctl.conf
打开编辑器,修改
net.ipv4.ip_forward = 1
#net.ipv4.conf.default.rp_filter = 1
#net.ipv4.conf.default.accept_source_route = 0
#ernel.sysrq = 0
#kernel.core_uses_pid = 1
保存,退出
运行生效
[[email protected]_master src]# sysctl -p
net.ipv4.ip_forward = 1
3.10.LVS运行测试(主备LVS服务器各出打开三个终端,共6个终端,每个单独运行以下一条命令,用于监测服务运行状态)
一个终端查看日志信息
[[email protected]_master src]# tail -f /var/log/messages
一个终端查看LVS当前设置
[[email protected]_master src]# watch ipvsadm -Ln
一个终端查看转发情况
[[email protected]_master src]# watch ipvsadm -Lnc
3.11.设置自动运行keepalived
[[email protected]_master /]# vim /etc/rc.d/rc.local
打开编辑器,添加以下内容
iptables -F
systemctl start keepalived
保存,退出
3.12.重启keepalived服务
[[email protected]_master /]# systemctl restart keepalived
信息可以在之前三个终端反映出来
3.13.关闭selinux
[[email protected]_master ~]# vim /etc/selinux/config
打开编辑器,屏蔽以下两行
#SELINUX=enforcing
#SELINUXTYPE=targeted
添加以下一行
SELINUXTYPE=disabled
保存退出
重启后,查询是否关闭(显示Disabled则表示关闭)
[[email protected]_master ~]# shutdown -r now
[[email protected]_master ~]# getenforce
Disabled