1.vagrant+virtualbox虚拟环境配置
box地址:https://pan.baidu.com/s/1sl2vVmH 秘钥:qm7z
相关vagrant操作可以百度,该box为cent6.7版本,nginx,php-fpm已安装,相关配置可以修改以适应自己的环境
Vagrant.configure("2") do |config|
(1..4).each do |i|
config.vm.define "node#{i}" do |node|
# 设置虚拟机的Box
node.vm.box = "mybox"
# 设置虚拟机的主机名
node.vm.hostname="node#{i}"
# 设置虚拟机的IP
node.vm.network "private_network", ip: "192.168.59.#{i}"
# 设置主机与虚拟机的共享目录
node.vm.synced_folder "E:/vagrant", "/vagrant"
# VirtaulBox相关配置
node.vm.provider "virtualbox" do |v|
# 设置虚拟机的名称
v.name = "node#{i}"
# 设置虚拟机的内存大小
v.memory = 4096
# 设置虚拟机的CPU个数
v.cpus = 1
end
# 使用shell脚本进行软件安装和配置
end
end
end
2.ipvsadm和keepalived安装
我的版本:
ipvsadm-1.26.tar.gz
https://pan.baidu.com/s/1o8qWGnK 秘钥:gn7e
keepalived-1.4.0.tar.gz dnck
https://pan.baidu.com/s/1geDVxqN 秘钥:2nsm
安装依赖 : yum -y install openssl openssl-devel popt popt-devel libnl-devel kenel-devel
检测ipvs模块是否已安装:lsmod
ipvsadm不需要configure,存在makefile文件所以可以直接make && make install
keepalived:./configure --prefix=/usr/local/keepalived ;make;make install
3.真实服务器配置
VIP客户端LVS_REAL脚本配置
#!/bin/bash
#description : start realserver
VIP=192.168.59.110
#/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
赋予脚本执行权限:chmod +x lvs_real启动/停止脚本:lvs_real start /stop
查看VIP是否已生效:ip addr ,注意必须设置在lo网卡,并且VIP可负载均衡器的VIP是一样的。
4.负载配置
把配置目录复制一份到/etc下面: cp -r /usr/local/keepalived/etc/keepalived/ /etc/
MASTER配置:vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_MASTER
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 150
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.59.110
}
}
virtual_server 192.168.59.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 192.168.59.3 80 {
weight 100
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.59.4 80 {
weight 100
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
SLAVE配置:vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_BACKUP
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.59.110
}
}
virtual_server 192.168.59.110 80 {
delay_loop 6
lb_algo rr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 192.168.59.3 80 {
weight 100
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.59.4 80 {
weight 100
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
注意:主负载均衡器(MASTER)与备份负载均衡器
(BACKUP)配置文件的差异一共只有 3 处: 全局定义的 route_id、vrrp_instance state 以及vrrp_instance 的优先级 priority。
5.启动服务
启动运行:keepalived -D -f /etc/keepalived/keepalived.conf
相关日志文件:/var/log/message
pkill keepalived 杀死keepalived相关进程
查看负载均衡器情况:ipvsadm
查看连接状态:ipvsadm -lcn
注意:只有MASTER上才会在eth1上绑定VIP,虽然在SLAVE上运行了,但不会绑定,可以杀死MASTER进程,查看日志发现SLAVE变成了MASTER状态,ip addr查看可以看到在SLAVE上绑定了VIP,如果重启MASTER,SLAVE负载器重新回到SLAVE状态。当某个真实服务不可用是,访问VIP照样可用,可以访问另一个真实后端服务。
即支持 故障隔离和恢复,主备负载
相关配置:
1.在/etc/hosts配置DNS如: 192.168.59.110 local.web.com
2.在/etc/sysctl.conf 配置
net.ipv4.ip_forward = 1
net.ipv4.ip_nonlocal_bind = 1
ipvsadm是用来对LVS的管理
6.笔记
监听网卡TCP数据包:tcpdump -i eth1 -nn 'tcp'
查看TCP连接情况:netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
TCP状态:http://blog.csdn.net/zhangdaisylove/article/details/46793567
SYN_SEND :client发送SYN报文,还未收到ACK。
SYN_RECV :server接收到SYN报文,并发送ACK,等待client响应ACK.
ESTABLISHED:client收到server的ACK报文后;server收到client的ACK报文后。
以上三种状态用于三次握手阶段
-------四次撒手阶段状态变化---------
FIN_WAIT1:主动断开连接端(A),发送FIN报文,等待接收被动断开连接端(B端)的ACK。
CLOSE_WAIT:(B端)等待自己数据发送完毕,如果大量CLOSE_WAIT状态的连接数,未主动变成LAST_ACK状态,很可能代码问题,
FIN_WAIT2:A收到(B端)ACK报文,并等待接收FIN报文
LAST_ACK:(B端)从CLOSE_WAIT主动变成此状态,发送FIN报文,等待(A端的)ACK报文
TIME_WAIT:(A端)接收到B的FIN报文后的状态,TIME_WAIT是TCP协议用以保证被重新分配的socket不会受到之前残留的延迟重发报文影响的机制,是必要的逻辑保证。
CLOSED:A端TIME_WAIT状态经过timeout时间后变成CLOSED;B端收到A的ACK报文后变成CLOSED状态。
至此连接断开,socket回收
和TIME_WAIT状态有关的系统参数有一般由3个,
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30