lvs+keepalive笔记nat模式
lvs+keepalive笔记nat模式[*]
[*]最近在整理用于测试的站点,最近在也仔细阅读秋香的书;受益良多。虽然nat模式在实际应用可能不多,
[*]但是本着学习LVS的想法,开始了。以我的小站为例!具体记录下:
[*]
[*]1、安装lvs+keepalve (略)安装方法见:http://myhat.blog.运维网.com/391263/616571
[*]2、nat模式下,ADSL动态IP侦测脚本(略)(仅针对测试环境,真实环境估计没人用ADSL。呵),具体脚本见:
[*]http://myhat.blog.运维网.com/391263/616468
[*]3、lvs_real脚本
[*]4、keepalived.conf配置文件
[*]
[*]拓补:
[*][互联网]------------
[*]
[*]lvs_keepalive_nat 角色:nat,lvs,keepalive,iptables
[*]
[*]当时,在这里做了端口映射,lvs_keepalive_nat 死不成功!查看keepalive权威指南后,发现因为
[*]keepalive的构架里有关于iptables的内容,而如果我们再使用了iptables的话,会造成lvs_keepalive_nat不能用!
[*]
[*]# iptables -L -t nat #只有一条nat,没有端口映射相关。
[*]Chain PREROUTING (policy ACCEPT)
[*]target prot opt source destination
[*]
[*]Chain POSTROUTING (policy ACCEPT)
[*]target prot opt source destination
[*]MASQUERADEall--192.168.10.0/24 anywhere
[*]
[*]Chain OUTPUT (policy ACCEPT)
[*]target prot opt source destination
[*]
[*]==============================================================
[*]3、lvs_real脚本
[*]因为是动态IP,客户端也必须要侦测VIP的地址,因为他们会随时变动!因为客户端方的VIP地址,
[*]使用的还是上次的VIP地址,为此,需要让客户不定期的去更新VIP的地址!
[*]操作方法:让客户端定期的去执行lvs_real check,以便更新VIP的地址。
[*]# cat /sbin/lvs_real
[*]#!/bin/bash
[*]#description:start realserver
[*]vip=`ping postfixlinux.3322.org -c 1 | grep from | cut -d ":" -f 1 | cut -d " " -f 4`
[*]now_ip=`ifconfig lo:0 | grep addr | awk -F ":" '{print $2}' | cut -d " " -f 1`
[*]
[*]source /etc/rc.d/init.d/functions
[*]
[*]case $1 in
[*]
[*]start)
[*] echo "Start Realserver"
[*] /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
[*] echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[*] echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[*] echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[*] echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
[*];;
[*]
[*]stop)
[*] echo "Stop Realserver"
[*] /sbin/ifconfig lo:0 down
[*] echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[*] echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
[*] echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
[*] echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
[*];;
[*]
[*]check)
[*] echo "Check Vip address"
[*] if [ "$vip" != "$now_ip" ];then
[*] /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
[*] echo "Vip address is update!"
[*] else
[*] echo "You VIP address is OK!"
[*] fi
[*]
[*];;
[*]
[*]*)
[*] echo "Usage: $0 (start | stop | check)"
[*]exit 1
[*]esac
[*]
[*]4、keepalived.conf配置文件
[*]# cat /etc/keepalived/keepalived.conf
[*]! Configuration File for keepalived
[*]
[*]global_defs {
[*] notification_email {
[*] xx@xx.com
[*] }
[*] notification_email_from xxx@163.com
[*]vrrp_instance VI_1 {
[*] state MASTER
[*] interface eth0
[*] virtual_router_id 51
[*] priority 100
[*] advert_int 1
[*] authentication {
[*] auth_type PASS
[*] auth_pass 1111
[*] }
[*] virtual_ipaddress {
[*] 192.168.10.38
[*] }
[*]}
[*]#这个IP是经常性的变动的!因为是ADSL自动攻取的。
[*]virtual_server 183.39.113.73 8080 {
[*] delay_loop 6
[*] lb_algo wlc
[*] lb_kind NAT
[*] nat_mask 255.255.255.0
[*]virtual_server8080 {
[*] protocol TCP
[*]
[*] real_server 192.168.10.6 80 {
[*] weight 100
[*] TCP_CHECK {
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 80
[*] }
[*] }
[*]
[*] real_server 192.168.10.17 80 {
[*] weight 50
[*] TCP_CHECK {
[*] connect_timeout 3
[*] nb_get_retry 3
[*] delay_before_retry 3
[*] connect_port 80
[*] }
[*]}
[*]
[*]
[*]查看具体的分配情况!
[*]# ipvsadm -lnc
[*]IPVS connection entries
[*]pro expire state source virtual destination
[*]TCP 00:42 TIME_WAIT 1.202.220.2:30100 183.39.113.73:8080 192.168.10.17:80
[*]TCP 14:57 ESTABLISHED 119.137.96.120:1952 183.39.113.73:8080 192.168.10.6:80
[*]TCP 00:44 TIME_WAIT 1.202.220.2:30735 183.39.113.73:8080 192.168.10.6:80
[*]
[*]因为是单个主机,所以VRRP的部分,基本没改!
页:
[1]