LVS+piranha(多实例配置）

一、负载均衡器端

1.安装（MASTER、BACKUP)

A、wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/CentOS-Base.repo

B、yum makecache

C、yum -y update

D、yum -y install ipvsadm modcluster piranha system-config-cluster php54 php54-cli php54-common 

2.撰写配置文件

 

vi /etc/sysconfig/ha/lvs.cf

serial_no = 28

primary = 10.10.10.100

primary_private = 172.28.29.100

service = lvs

backup_active = 1

backup = 10.10.10.200

backup_private = 172.28.29.200

heartbeat = 1

heartbeat_port = 539

keepalive = 6

deadtime = 18

network = direct

debug_level = NONE

monitor_links = 0

syncdaemon = 0

virtual web_http {

     active = 1

     address = 10.10.10.250 eth0:1

     vip_nmask = 255.255.255.0

     port = 80

     send = "GET / HTTP/1.0\r\n\r\n"

     expect = "HTTP"

     use_regex = 0

     load_monitor = none

     scheduler = wrr

     protocol = tcp

     timeout = 6

     reentry = 15

     quiesce_server = 0

     server web_realserver1 {

         address = 10.10.10.101

         active = 1

         port = 80

         weight = 1

     }

     server  web_realserver2 {

         address = 10.10.10.102

         active = 1

         port = 80

         weight = 1

     }

     server  web_realserver3 {

         address = 10.10.10.103

         active = 1

         port = 80

         weight = 1

     }

     server  web_realserver4 {

         address = 10.10.10.104

         active = 1

         port = 80

         weight = 1

     }

}

virtual bbs_http {

     active = 1

     address = 172.28.29.250 eth1:1

     vip_nmask = 255.255.255.0

     port = 80

     send = "GET / HTTP/1.0\r\n\r\n"

     expect = "HTTP"

     use_regex = 0

     load_monitor = none

     scheduler = wrr

     protocol = tcp

     timeout = 6

     reentry = 15

     quiesce_server = 0

     server  bbs_realserver1 {

         address = 172.28.29.101

         active = 1

         port = 80

         weight = 1

     }

     server  bbs_realserver2 {

         address = 172.28.29.102

         active = 1

         port = 80

         weight = 1

     }

     server  bbs_realserver3 {

         address = 172.28.29.103

         active = 1

         port = 80

         weight = 1

     }

     server  bbs_realserver4 {

         address = 172.28.29.104

         active = 1

         port = 80

         weight = 1

     }

}

 

3.启动LVS集群（先master后backup）

/etc/init.d/pulse start

二、后端的realserver端

1.撰写脚本

 

vi /etc/init.d/lvs_realserver 

#!/bin/bash

#description: LVS realsever

. /etc/rc.d/init.d/functions

WEB_VIP="10.10.10.250 172.28.29.250"

 

start(){

num=0

echo -ne 'Start LVS of RealServer'

for loop in $WEB_VIP

do

    ifconfig lo:$num $loop netmask 255.255.255.255 up

#    /sbin/route add -host $loop dev lo:$num

    num=$[num+1]

done

 

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

 

echo " OK"

}

 

stop(){

echo -ne 'Stop LVS of RealServer'

echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce

echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore

echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce

 

num=0

for loop in $WEB_VIP

do

    /sbin/ifconfig lo:$num down

#    /sbin/route del -host $loop

    num=$[num+1]

done

echo " OK"

}

restart(){

stop

start

}

 

case $1 in

 

start)

     start

      ;;

stop)

     stop

      ;;

restart)

     restart

      ;;

status)

     /sbin/ip add

      ;;

*)

   echo "Usage: $0 {start|stop|restart|status}"

   exit 1

esac

2.添加执行权限

chmod +x /etc/init.d/lvs_realserver

3.启动脚本

sh /etc/init.d/lvs_realserver start

 

三、防火墙配置

 

vi /etc/sysconfig/iptables

 

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [238237693:45658345413]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT 

-A FORWARD -j RH-Firewall-1-INPUT 

-A RH-Firewall-1-INPUT -i lo -j ACCEPT 

-A INPUT -s 10.10.10.0/24 -d 224.0.0.0/8 -i eth0 -j ACCEPT

-A INPUT -s 172.28.29.0/24 -d 224.0.0.0/8 -i eth1 -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 

-A RH-Firewall-1-INPUT -p esp -j ACCEPT 

-A RH-Firewall-1-INPUT -p ah -j ACCEPT 

-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT 

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT 

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT 

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT  

-A RH-Firewall-1-INPUT -s 172.28.29.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -s 10.10.10.0/255.255.255.0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

 

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 

COMMIT

 

四、看一下运行情况

 

[root@rabbit1 ~]# ipvsadm

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn     

TCP  10.10.10.250:http wrr

  -> 10.10.10.101:http            Local   1      115        448       

  -> 10.10.10.102:http            Route   1      137        452       

  -> 10.10.10.103:http            Route   1      111        454       

  -> 10.10.10.104:http            Route   1      141        440       

TCP  172.28.29.250:http wrr

  -> 172.28.29.101:http           Local   1      84         145       

  -> 172.28.29.102:http           Route   1      77         147       

  -> 172.28.29.103:http           Route   1      83         152       

  -> 172.28.29.104:http           Route   1      71         160      

 

 

 

转载于:https://blog.51cto.com/navyaijm/893756