LVS+KeepaLived+Nginx SSL(一)
LVS+KeepaLived+Nginx SSL验证keepalived安装
[*]yum-yinstall kernel-developenssl-*ipvsadm
[*]wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
[*]tar zxf keepalived-1.2.2.tar.gz
[*]cdkeepalived-1.2.2
[*]vim keepalived/libipvs-2.6/ip_vs.h
[*]
[*]#将#include /* For __beXX types in userland */移动到#include 下面,以解决make时的报错问题
[*]
[*]./configure ./configure --with-kernel-dir=/usr/src/kernels/2.6.18-274.18.1.el5-x86_64/
[*]make && make install
[*]#--with-kernel-dir编译选项 是为了增加IPVS支持
[*]
[*]mkdir /etc/keepalived/
[*]vim /etc/keepalived/keepalived.conf
[*]#加入下面的内容
[*]vrrp_instance VI_1 {
[*] state MASTER
[*] interface eth0
[*] virtual_router_id 51
[*] priority 200
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 1111
[*] }
[*] virtual_ipaddress {
[*] 192.168.5.230
[*] }
[*]}
[*]
[*]virtual_server 192.168.5.230 443{
[*] delay_loop 6
[*] lb_algo rr
[*] lb_kind DR
[*] persistence_timeout 50
[*] protocol TCP
[*]
[*] real_server 192.168.5.202 443{
[*] weight 3
[*] inhibit_on_failure
[*] TCP_CHECK {
[*] connect_timeout 10
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 443
[*] }
[*] }
[*] real_server 192.168.5.204 443{
[*] weight 3
[*] inhibit_on_failure
[*] TCP_CHECK {
[*] connect_timeout 10
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 443
[*] }
[*] }
[*]}
[*]virtual_server 192.168.5.230 80{
[*] delay_loop 6
[*] lb_algo rr
[*] lb_kind DR
[*] inhibit_on_failure
[*] persistence_timeout 50
[*] protocol TCP
[*]
[*] real_server 192.168.5.202 80{
[*] weight 3
[*]
inhibit_on_failure
[*] TCP_CHECK {
[*] connect_timeout 10
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 80
[*] }
[*] }
[*] real_server 192.168.5.204 80{
[*] weight 3
[*]
inhibit_on_failure
[*] TCP_CHECK {
[*] connect_timeout 10
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 80
[*] }
[*] }
[*]}
[*]
[*]#然后用 keepalived 命令启动keepalived程序
[*]state #keepalived的状态 有MASTER和SLAVE 两种
[*]interface #实例绑定的网卡
[*]virtual_router_id #VRID
[*]priority #优先级,即使state指定为MASTER但如果,priority低也有可能变成SLAVE(受到nopreempt影响)
[*]advert_int #设定检测间隔
[*]authentication #设定验证方式:auth_type,以及验证密码:auth_pass
[*]virtual_ipaddress #VIP,可以写多个,每个占一行
[*]
[*]virtual_server #指定virtual server 以及端口号
[*]delay_loop #对realserver的检测间隔时间
[*]lb_algo #LVS的轮询算法
[*]lb_kind #LVS的工作模式为DR
[*]inhibit_on_failure #当检测失效后将权重标记为0
[*]persistence_timeout #将50s内来自同一ip的请求转发到同一后端
[*]protocol TCP #使用的协议
[*]real_server #后端web配置字段
[*]weight #权重,权重越高接收到的请求越多
[*]TCP_CHECK #检测方式
[*]connect_timeout #连接超时时间
[*]connect_port #健康检测端口
[*]nb_get_retry #重连次数
[*]delay_before_retry #重连间隔时间
#启动成功后可以通过ipvsadm命令来查看
realserver 启动脚本:
[*]#这个IP添加到网卡配置文件中也可以,我犯懒就直接拷贝了LT论坛中的脚本, 作者名字下面有写
[*]
[*]#!/bin/bash
[*]# description: Config realserver lo and apply noarp
[*]#Written by :NetSeek http://www.linuxtone.org
[*]
[*]SNS_VIP="192.168.5.230"
[*]
[*]. /etc/rc.d/init.d/functions
[*]
[*] case "$1" in
[*] start)
[*] ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
[*] /sbin/route add -host $SNS_VIP dev lo:0
[*] echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
[*] echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
[*] echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
[*] echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
[*] sysctl -p >/dev/null 2>&1
[*] echo "RealServer Start OK"
[*]
[*] ;;
[*] stop)
[*] ifconfig lo:0 down
[*] route del $SNS_VIP >/dev/null 2>&1
[*] echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
[*] echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
[*] echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
[*] echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
[*] echo "RealServer Stoped"
[*] ;;
[*] *)
[*] echo "Usage: $0 {start|stop}"
[*] exit 1
[*] esac
[*]
[*] exit 0
页:
[1]