LVS+KeepaLived+Nginx SSL验证
keepalived安装
- yum -y install kernel-devel openssl-* ipvsadm
- wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
- tar zxf keepalived-1.2.2.tar.gz
- cd keepalived-1.2.2
- vim keepalived/libipvs-2.6/ip_vs.h
- #将#include <linux/types.h> /* For __beXX types in userland */移动到#include <sys/types.h>下面,以解决make时的报错问题
- ./configure ./configure --with-kernel-dir=/usr/src/kernels/2.6.18-274.18.1.el5-x86_64/
- make && make install
- #--with-kernel-dir编译选项 是为了增加IPVS支持
- mkdir /etc/keepalived/
- vim /etc/keepalived/keepalived.conf
- #加入下面的内容
- vrrp_instance VI_1 {
- state MASTER
- interface eth0
- virtual_router_id 51
- priority 200
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.5.230
- }
- }
- virtual_server 192.168.5.230 443 {
- delay_loop 6
- lb_algo rr
- lb_kind DR
- persistence_timeout 50
- protocol TCP
- real_server 192.168.5.202 443 {
- weight 3
- inhibit_on_failure
- TCP_CHECK {
- connect_timeout 10
- nb_get_retry 3
- delay_before_retry 3
- connect_port 443
- }
- }
- real_server 192.168.5.204 443 {
- weight 3
inhibit_on_failure
- TCP_CHECK {
- connect_timeout 10
- nb_get_retry 3
- delay_before_retry 3
- connect_port 443
- }
- }
- }
- virtual_server 192.168.5.230 80 {
- delay_loop 6
- lb_algo rr
- lb_kind DR
- inhibit_on_failure
- persistence_timeout 50
- protocol TCP
- real_server 192.168.5.202 80 {
- weight 3
-
inhibit_on_failure
- TCP_CHECK {
- connect_timeout 10
- nb_get_retry 3
- delay_before_retry 3
- connect_port 80
- }
- }
- real_server 192.168.5.204 80 {
- weight 3
-
inhibit_on_failure
- TCP_CHECK {
- connect_timeout 10
- nb_get_retry 3
- delay_before_retry 3
- connect_port 80
- }
- }
- }
- #然后用 keepalived 命令启动keepalived程序
- state #keepalived的状态 有MASTER和SLAVE 两种
- interface #实例绑定的网卡
- virtual_router_id #VRID
- priority #优先级,即使state指定为MASTER但如果,priority低也有可能变成SLAVE(受到nopreempt影响)
- advert_int #设定检测间隔
- authentication #设定验证方式:auth_type,以及验证密码:auth_pass
- virtual_ipaddress #VIP,可以写多个,每个占一行
- virtual_server #指定virtual server 以及端口号
- delay_loop #对realserver的检测间隔时间
- lb_algo #LVS的轮询算法
- lb_kind #LVS的工作模式为DR
- inhibit_on_failure #当检测失效后将权重标记为0
- persistence_timeout #将50s内来自同一ip的请求转发到同一后端
- protocol TCP #使用的协议
- real_server #后端web配置字段
- weight #权重,权重越高接收到的请求越多
- TCP_CHECK #检测方式
- connect_timeout #连接超时时间
- connect_port #健康检测端口
- nb_get_retry #重连次数
- delay_before_retry #重连间隔时间
#启动成功后可以通过ipvsadm命令来查看
realserver 启动脚本:
- #这个IP添加到网卡配置文件中也可以,我犯懒就直接拷贝了LT论坛中的脚本, 作者名字下面有写
- #!/bin/bash
- # description: Config realserver lo and apply noarp
- #Written by :NetSeek http://www.linuxtone.org
- SNS_VIP="192.168.5.230"
- . /etc/rc.d/init.d/functions
- case "$1" in
- start)
- ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP
- /sbin/route add -host $SNS_VIP dev lo:0
- echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
- echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
- echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
- echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
- sysctl -p >/dev/null 2>&1
- echo "RealServer Start OK"
- ;;
- stop)
- ifconfig lo:0 down
- route del $SNS_VIP >/dev/null 2>&1
- echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
- echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
- echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
- echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
- echo "RealServer Stoped"
- ;;
- *)
- echo "Usage: $0 {start|stop}"
- exit 1
- esac
- exit 0
转载于:https://blog.51cto.com/unixlike/785935