一、部署环境:
服务器版本:CentOS6.5(Finnal)
网络拓扑:
二、需求分析:调度服务器与网页服务器均在同一网段局域网环境,用户提交的请求会经过调度器的分配指定到网页服务器,同时保证服务高可用性(任意一台网站服务器宕机后调度器会剔除它直至服务器恢复至正常;主调度器宕机后从调度器会接管它直至其恢复正常。)。
三、相关配置:
部署调度器LVS服务脚本:
#!/bin/sh mkdir tools cd tools/ # yum install lrzsz # rz # ls wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz # ls -lrt tar zxvf ipvsadm-1.24.tar.gz cd ipvsadm-1.24 # ls # uname -r ln -s /usr/src/kernels/2.6.32-431.17.1.el6.x86_64 /usr/src/linux # ll /usr/src/ |grep linux # ls make make install ipvsadm # lsmod|grep ip_vs
调度器配置脚本:
#!/bin/sh
# ipvs_ctl Start/Stop ipvsadm portmapper
#
# chkconfig: 345 96 97
#
# description: IPVSadm
#
# processname: ipvs_ctl
#create by stephen#2014-07-01
VIP=(
192.168.2.29
# 192.168.2.28
)
RIP=(
192.168.2.19
192.168.2.20
)
GW=192.168.2.1
. /etc/init.d/functions
start(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig eth1:$i ${VIP[$i]} broadcast ${VIP[$i]} netmask 255.255.255.255 up
# ifconfig eth1:$i
route add -host ${VIP[$i]} dev eth1:$i
# echo "1" >/proc/sys/net/ipv4/ip_forward
ipvsadm -C
ipvsadm -A -t ${VIP[$i]}:80 -s rr -p 600
for ((j=0;j<${#RIP[*]};j++))
do
ipvsadm -a -t ${VIP[$i]}:80 -r ${RIP[$j]}:80 -g
done
# ipvsadm
done
}
stop(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig eth1:$i down
# route del -host ${VIP[$i]} dev eth1:$i
# ipvsadm -C
ipvsadm -D -t ${VIP[$i]}:80
for ((j=0;j<${#RIP[*]};j++))
do
arping -c 1 -I eth1 -s ${VIP[$i]} $GW >/dev/null 2>&1
done
done
}
case "$1" in
start)
action "ipvs started" /bin/true
start
;;
stop)
action "ipvs stopped" /bin/true
stop
;;
*)
echo "Usage:$0 {start|stop}"
;;
esac真实服务器配置脚本:
#!/bin/sh
# created by stephen#2014-07-01
# description: config real server lo and apply non-arp
VIP=(
192.168.2.29
# 192.168.2.28
)
. /etc/init.d/functions
start(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig lo:$i ${VIP[$i]} broadcast ${VIP[$i]} netmask 255.255.255.255 up
ifconfig lo:$i
route add -host ${VIP[$i]} dev lo:$i
done
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
}
stop(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig lo:$i down
done
if [ ${#VIP[*]} -le 1 ];then
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
fi
}
case "$1" in
start)
action "realserver vip is tied" /bin/true
start
;;
stop)
action "realserver vip is canceled" /bin/true
stop
;;
*)
echo "Usage:$0 {start|stop}"
;;
esac真实服务器高可用性配置脚本:
#!/bin/sh
#created by stephen#2014-07-02
VIP=192.168.2.29
PORT=80
RIP=(
192.168.2.19
192.168.2.20
)
while true
do
for ((i=0;i<${#RIP[*]};i++))
do
PORT_COUNT=`nmap ${RIP[$i]} -p $PORT|grep open|wc -l`
if [ $PORT_COUNT -ne 1 ];then
if [ `ipvsadm -Ln|grep ${RIP[$i]}|wc -l` -ne 0 ];then
ipvsadm -d -t $VIP:$PORT -r ${RIP[$i]}:$PORT >/dev/null 2>&1
fi
else
if [ `ipvsadm -Ln|grep ${RIP[$i]}|wc -l` -eq 0 ];then
ipvsadm -a -t $VIP:$PORT -r ${RIP[$i]}:$PORT -g
fi
fi
done
sleep 10
done调度器高可用性配置脚本:
#!/bin/sh #created by stephen#2014-07-02 DIP=192.168.2.21 VIP=192.168.2.29 PORT=22 while true do PORT_COUNT=`nmap $DIP -p $PORT|grep open|wc -l` if [ $PORT_COUNT -ne 1 ];then if [ `ipvsadm -Ln|grep $VIP|wc -l` -eq 0 ];then /etc/init.d/ipvs_ctl start fi else if [ `ipvsadm -Ln|grep $VIP|wc -l` -eq 1 ];then /etc/init.d/ipvs_ctl stop fi fi sleep 5 done
其他
1. 开启80端口:
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT /etc/init.d/iptables save /etc/init.d/iptables restart
2. 配置完调度器后,修改其执行权限并把配置文件添加到自启动项:
cp ipvs_ctl /etc/init.d/ipvs_ctl chmod 700 /etc/init.d/ipvs_ctl chkconfig --add ipvs_ctl chkconfig --list|grep ipvs
3. 由于我们是通过查看服务器端口开启状况来实现探测的,在这里会使用到nmap:
yum install nmap -y
4. 修改调度器高可用性配置文件执行权限,并在后台执行,以及查看、取消后台进程命令:
chmod 700 check_lb.sh sh check_lb.sh & watch ipvsadm -Ln --stats jobs fg
5. 使用tcpdump抓包分析网络流量:
tcpdump -i eth1 tcp port 80 -s 1500
