LVS学习笔记--DR模式部署

一、部署环境：
服务器版本：CentOS6.5(Finnal)

网络拓扑：





二、需求分析：调度服务器与网页服务器均在同一网段局域网环境，用户提交的请求会经过调度器的分配指定到网页服务器，同时保证服务高可用性（任意一台网站服务器宕机后调度器会剔除它直至服务器恢复至正常；主调度器宕机后从调度器会接管它直至其恢复正常。）。

三、相关配置：
部署调度器LVS服务脚本：

#!/bin/sh
mkdir tools
cd tools/
# yum install lrzsz
# rz
# ls
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.24.tar.gz # ls -lrt
tar zxvf ipvsadm-1.24.tar.gz
cd ipvsadm-1.24
# ls
# uname -r
ln -s /usr/src/kernels/2.6.32-431.17.1.el6.x86_64 /usr/src/linux
# ll /usr/src/ |grep linux
# ls
make
make install
ipvsadm
# lsmod|grep ip_vs

调度器配置脚本：

#!/bin/sh
# ipvs_ctl	Start/Stop ipvsadm portmapper
#
# chkconfig: 345 96 97
#
# description: IPVSadm
#
# processname: ipvs_ctl

#create by stephen#2014-07-01
VIP=(
192.168.2.29
# 192.168.2.28
)
RIP=(
192.168.2.19
192.168.2.20
)
GW=192.168.2.1

. /etc/init.d/functions

start(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig eth1:$i ${VIP[$i]} broadcast ${VIP[$i]} netmask 255.255.255.255 up
# ifconfig eth1:$i
route add -host ${VIP[$i]} dev eth1:$i
# echo "1" >/proc/sys/net/ipv4/ip_forward
ipvsadm -C
ipvsadm -A -t ${VIP[$i]}:80 -s rr -p 600
for ((j=0;j<${#RIP[*]};j++))
do
ipvsadm -a -t ${VIP[$i]}:80 -r ${RIP[$j]}:80 -g
done
# ipvsadm
done
}

stop(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig eth1:$i down
# route del -host ${VIP[$i]} dev eth1:$i
# ipvsadm -C
ipvsadm -D -t ${VIP[$i]}:80
for ((j=0;j<${#RIP[*]};j++))
do
arping -c 1 -I eth1 -s ${VIP[$i]} $GW >/dev/null 2>&1
done
done
}

case "$1" in
start)
action "ipvs started" /bin/true
start
;;
stop)
action "ipvs stopped" /bin/true
stop
;;
*)
echo "Usage:$0 {start|stop}"
;;
esac

真实服务器配置脚本：

#!/bin/sh
# created by stephen#2014-07-01

# description: config real server lo and apply non-arp

VIP=(
192.168.2.29
# 192.168.2.28
)

. /etc/init.d/functions

start(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig lo:$i ${VIP[$i]} broadcast ${VIP[$i]} netmask 255.255.255.255 up
ifconfig lo:$i
route add -host ${VIP[$i]} dev lo:$i
done
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
}

stop(){
for ((i=0;i<${#VIP[*]};i++))
do
ifconfig lo:$i down
done
if [ ${#VIP[*]} -le 1 ];then
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
fi
}
case "$1" in
start)
action "realserver vip is tied" /bin/true
start
;;
stop)
action "realserver vip is canceled" /bin/true
stop
;;
*)
echo "Usage:$0 {start|stop}"
;;
esac

真实服务器高可用性配置脚本：

#!/bin/sh
#created by stephen#2014-07-02
VIP=192.168.2.29
PORT=80
RIP=(
192.168.2.19
192.168.2.20
)
while true
do
for ((i=0;i<${#RIP[*]};i++))
do
PORT_COUNT=`nmap ${RIP[$i]} -p $PORT|grep open|wc -l`
if [ $PORT_COUNT -ne 1 ];then
if [ `ipvsadm -Ln|grep ${RIP[$i]}|wc -l` -ne 0 ];then
ipvsadm -d -t $VIP:$PORT -r ${RIP[$i]}:$PORT >/dev/null 2>&1
fi
else
if [ `ipvsadm -Ln|grep ${RIP[$i]}|wc -l` -eq 0 ];then
ipvsadm -a -t $VIP:$PORT -r ${RIP[$i]}:$PORT -g
fi
fi
done
sleep 10
done

调度器高可用性配置脚本：

#!/bin/sh
#created by stephen#2014-07-02
DIP=192.168.2.21
VIP=192.168.2.29
PORT=22
while true
do
PORT_COUNT=`nmap $DIP -p $PORT|grep open|wc -l`
if [ $PORT_COUNT -ne 1 ];then
if [ `ipvsadm -Ln|grep $VIP|wc -l` -eq 0 ];then
/etc/init.d/ipvs_ctl start
fi
else
if [ `ipvsadm -Ln|grep $VIP|wc -l` -eq 1 ];then
/etc/init.d/ipvs_ctl stop
fi
fi
sleep 5
done

其他

1. 开启80端口：

/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart

2. 配置完调度器后，修改其执行权限并把配置文件添加到自启动项：

cp ipvs_ctl /etc/init.d/ipvs_ctl
chmod 700 /etc/init.d/ipvs_ctl
chkconfig --add ipvs_ctl
chkconfig --list|grep ipvs

3. 由于我们是通过查看服务器端口开启状况来实现探测的，在这里会使用到nmap：

yum install nmap -y

4. 修改调度器高可用性配置文件执行权限，并在后台执行，以及查看、取消后台进程命令：

chmod 700 check_lb.sh
sh check_lb.sh &
watch ipvsadm -Ln --stats
jobs
fg

5. 使用tcpdump抓包分析网络流量：

tcpdump -i eth1 tcp port 80 -s 1500

本文出自 “小鬼的地盘” 博客，请务必保留此出处http://zhoufwind.blog.51cto.com/1029821/1433684