1、首先检测Linux服务器是否支持ipvs
执行如下命令:modprobe -l|grep ipvs
输出:
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko
表示支持!
否则需要手动下载安装ipvs
2、检查是否已经安装所必须的包
执行如下命令:
rpm -q kernel-devel
rpm -q gcc
rpm -q openssl
rpm -q openssl-devel
rpm -q popt
rpm -q popt-static
rpm -q kernel-headers
输出:package ** is not installed 需要手动安装;
yum命令是安装,更新,删除依赖包的命令;相当于一个软件包管理器;
安装方法:yum install kernel-devel -y
yum install gcc -y
……
3、安装ipvsadm
首先确定安装的版本,安装的版本应该与Linux内核版本一致;
通过:rpm -q kernel-devel 查看内核版本,根据内核版本,下载相对应的ipvsadm;
我的内核版本:kernel-devel-2.6.32-642.3.1.el6.x86_64
对应的ipvsadm版本:ipvsadm-1.26.tar.gz
4、解压
tar -zxvf ipvsadm-1.26.tar.gz
5、建立软连接
ln -s /usr/src/kernels/2.6.32-642.3.1.el6.x86_64 /usr/src/linux
6、编译安装
进入到ipvsadm-1.26下
执行 make && make install
报错可能是依赖的包缺失,需要安装:yum install -y libnl* popt*
至此,安装ipvsadm成功
7、keepalive安装
下载地址:http://www.keepalived.org/software/
解压;
进入到keepalive目录:cd keepalived-1.2.19
执行 ./configure
等待…………
执行 make
等待…………
执行 make install
安装完成。
8、配置主从服务器
进入如下目录: /usr/local/etc/keepalived/ 打开keepalived.conf文件
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id
priority
advert_int
authentication {
auth_type PASS
auth_pass
}
virtual_ipaddress {
192.168.91.230
}
}
virtual_server 192.168.91.230 {
delay_loop
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout
protocol TCP
real_server 192.168.91.231 {
weight
TCP_CHECK {
connect_timeout
nb_get_retry
delay_before_retry
connect_port
}
}
real_server 192.168.91.232 {
weight
TCP_CHECK {
connect_timeout
nb_get_retry
delay_before_retry
connect_port
}
}
}
主服务器
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id
priority
advert_int
authentication {
auth_type PASS
auth_pass
}
virtual_ipaddress {
192.168.91.230
}
}
virtual_server 192.168.91.230 {
delay_loop
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout
protocol TCP
real_server 192.168.91.231 {
weight
TCP_CHECK {
connect_timeout
nb_get_retry
delay_before_retry
connect_port
}
}
real_server 192.168.91.232 {
weight
TCP_CHECK {
connect_timeout
nb_get_retry
delay_before_retry
connect_port
}
}
}
备服务器
9、配置LVS server客户端
执行如下脚本即可:
#!/bin/bash
# description: Config realserver
LVS_VIP=192.168.91.230
/etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo: $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:
echo "" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null >&
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo: down
/sbin/route del $LVS_VIP >/dev/null >&
echo "" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit
esac
exit
10、keepalived的启动
service keepalived start 或者 keepalived -D -f /usr/local/etc/keepalived/keepalived.conf
查看日志:tail -f /var/log/messages
在默认情况下,Keepalived在启动时会查找/etc/Keepalived/Keepalived.conf配置文件
小结:到此为止,当主服务器或者从服务器上的tomcat挂掉之后,不会对客户端产生影响;
上述keepalived健康检测是协议检测,也就是说跟业务无关;
遗留问题:
1、 本机realserver宕掉后,不会切换到从服务器;(已解决,未配置LVS server客户端)
2、 Kill掉keepalived后,另一个不会自动接管VIP(已解决 是防火墙的原因,关闭防火墙即可)
3、 通过ip a命令,查看,两个机器同时占有VIP(已解决 是防火墙的原因,关闭防火墙即可)
同时keepalived kill掉之后,另一个会主动接管虚IP killall keepalived (杀掉keepalive进程 ,kill 与 all之间没有空格)
一些常用命令:
ip a 查看此时VIP是否启用
正常情况,输出:
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
inet 192.168.91.230/ brd 192.168.91.230 scope global lo:
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc mq state UP qlen
link/ether ::ae:9e:0e: brd ff:ff:ff:ff:ff:ff
inet 192.168.91.231/ brd 192.168.91.255 scope global eth0
inet 192.168.91.230/ scope global eth0
inet6 fe80:::aeff:fe9e:e20/ scope link
valid_lft forever preferred_lft forever
VIP未被此机抢占,输出:
: lo: <LOOPBACK,UP,LOWER_UP> mtu qdisc noqueue state UNKNOWN
link/loopback ::::: brd :::::
inet 127.0.0.1/ scope host lo
inet 192.168.91.230/ brd 192.168.91.230 scope global lo:
inet6 ::/ scope host
valid_lft forever preferred_lft forever
: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu qdisc mq state UP qlen
link/ether ::ae:ae:e4:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.91.232/ brd 192.168.91.255 scope global eth0
inet6 fe80:::aeff:feae:e4e8/ scope link
valid_lft forever preferred_lft forever
查看转发路由、转发规则命令:ipvsadm -ln
IP Virtual Server version 1.2. (size=)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.91.230: rr
-> 192.168.91.231: Local
-> 192.168.91.232: Route