一開始粗心大意沒有注意到“LVS操作手冊”。fullnat模式下在配置keepalived的時候,與dr、nat、tun是有很大的區別的。
這裏根據自身實戰的經驗和lvs操作手冊中的步驟,重新用自己的語言整理下:
注意不要安裝libnl libnl-devel,否則有報錯,如果沒遇到報錯也無所謂
在完成fullnat內核編譯之後,我們就可以配置keepalived了:
一、安裝keepalived、ipvsadm
必須要用tools壓縮包中的來安裝,不要用其他開源版本
1.1 keepalived
cd tools/keepalived; ./configure --with-kernel-dir="/lib/modules/`uname -r`/build"; make; make install;
cp -a bin/genhash /usr/local/bin/ cp -a bin/keepalived /sbin/ cp -a keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived cp -a keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf cp -a keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
1.2 ipvsadm
cd tools/ipvsadm; make; make install;
二、系統自身參數配置
1、
打開irqbalance # service irqbalance start # chkconfig --level 2345 irqbalance on
2、
路徑:/etc/sysctl.conf # configure for lvs net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.core.netdev_max_backlog = 500000
三、keepalived配置文件
3.1 使用主備模式部署
global部分
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}local address部分
#這部分官方推薦用多個ip地址,本次試驗就用服務器自身地址,如果需要用到多個地址,需要在rc.local中添加綁ip的命令。
local_address_group laddr_g1 {
192.168.122.101 #這裏可以用本機的ip
}virtual server group部分
#看到這裏需要將vip和vport都聲明,這就是一個區別。
virtual_server_group shanks1 {
192.168.122.123 80
}vrrp_sunc_group部分
vrrp_sync_group lvs_1 {
group {
VI_1
}
notify_master /home/work/public/opbin/script/change_hostname_to_master.sh
notify_backup /home/work/public/opbin/script/change_hostname_to_backup.sh
smtp_alert
}vrrp instance 部分
vrrp_instance VI_1 {
state BACKUP #主備都是backup
interface eth0
virtual_router_id 156
priority 100 #備機上設置成10
advert_int 1
nopreempt FALSE #設置成切換不搶佔
authentication {
auth_type PASS
auth_pass wocao
}
virtual_ipaddress {
192.168.122.123
}
}virtual server部分
virtual_server 192.168.122.123 80 {
delay_loop 6
lb_algo rr
lb_kind FNAT
protocol TCP
syn_proxy
laddr_group_name laddr_g1 #local address group
real_server 172.16.122.123 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}最終的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
local_address_group laddr_g1 {
192.168.122.101
}
virtual_server_group shanks1 {
192.168.122.123 80
}
vrrp_sync_group lvs_1 {
group {
VI_1
}
notify_master /home/work/public/opbin/script/change_hostname_to_master.sh
notify_backup /home/work/public/opbin/script/change_hostname_to_backup.sh
smtp_alert
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 156
priority 100 #備機上設置成10
advert_int 1
nopreempt FALSE
authentication {
auth_type PASS
auth_pass wocao
}
virtual_ipaddress {
192.168.122.123
}
}
virtual_server 192.168.122.123 80 {
delay_loop 6
lb_algo rr
lb_kind FNAT
protocol TCP
syn_proxy
laddr_group_name laddr_g1 #local address group
real_server 172.16.122.123 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}3.2 使用集羣模式部署
global部分
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}local address部分
#這部分官方推薦用多個ip地址,本次試驗就用服務器自身地址,如果需要用到多個地址,需要在rc.local中添加綁ip的命令。
local_address_group laddr_g1 {
192.168.122.101 #這裏可以用本機ip
}virtual server group部分
#看到這裏需要將vip和vport都聲明,這就是一個區別。
virtual_server_group shanks1 {
192.168.122.123 80
}virtual server部分
virtual_server 192.168.122.123 80 {
delay_loop 6
lb_algo rr
lb_kind FNAT
protocol TCP
syn_proxy
laddr_group_name laddr_g1 #local address group
alpha
omega #我一般是把這個註釋掉,不讓它去自動的del虛ip。
quorum 1
hysteresis 0
quorum_up " ip addr add 10.255.255.123/32 dev lo;" #add
#quorum_up " ip addr add 10.255.255.123/32 dev lo; ip addr add 10.255.255.124/32 dev lo;"
quorum_down "ip addr del 10.255.255.123/32 dev lo;" #del vip 我一般是把這個註釋掉,不讓它去自動的del虛ip。
real_server 172.16.122.123 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}最終的配置文件
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
local_address_group laddr_g1 {
192.168.122.101
}
virtual_server_group shanks1 {
192.168.122.123 80
}
virtual_server 192.168.122.123 80 {
delay_loop 6
lb_algo rr
lb_kind FNAT
protocol TCP
syn_proxy
laddr_group_name laddr_g1 #local address group
alpha
#omega
quorum 1
hysteresis 0
quorum_up " ip addr add 10.255.255.123/32 dev lo;" #add
#quorum_down "ip addr del 10.255.255.123/32 dev lo;" #del vip
real_server 172.16.122.123 80 {
weight 100
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}最後啓動keepalived。關於zebra、ospf後續補充
遇到的報錯:
1、#在安裝完keepalived之後,安裝ipvsadm的時候,遇到了如下的報錯: [root@lvs ipvsadm]# make make: *** Norule to make target `../keepalived/keepalived/libipvs-2.6/libipvs.a', needed by`ipvsadm'. Stop. [root@lvsipvsadm]# ll ../keepalived/keepalived/libipvs-2.6/libipvs.a ls: cannotaccess ../keepalived/keepalived/libipvs-2.6/libipvs.a: No such file ordirectory 解決辦法: 這是由於使用http://shanks.blog.51cto.com/3899909/1387489這種方式打包的內核rpm,安裝時候沒有裝kernel-devel導致的,裝下就好了。
2、在make ipvsadm的時候遇到了如下的報錯: /usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:496: undefined reference to `nlmsg_free' ../keepalived/keepalived/libipvs-2.6/libipvs.a(libipvs.o): In function `ipvs_update_dest': /usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:467: undefined reference to `nlmsg_free' ../keepalived/keepalived/libipvs-2.6/libipvs.a(libipvs.o):/usr/local/src/tools/keepalived/keepalived/libipvs-2.6/libipvs.c:437: more undefined references to `nlmsg_free' follow collect2: ld returned 1 exit status make: *** [ipvsadm] Error 1 解決辦法: 這是由於服務器上安裝了libnl,卸載libnl、libnl-devel之後,重新編譯keepalived和ipvsadm即可。