拓扑
1、基本配置
根据拓扑配置IP
2、调度器配置
-安装ipvsadm,并启用ip_vs模块
[root@localhost~]#yum-yinstallipvsadm [root@localhost~]#modprobeip_vs [root@localhost~]#echo"modproceip_vs">>/etc/rc.local
-修改内核参数
[root@localhost~]#sysctl�Cp net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0 net.ipv4.conf.eth0.send_redirects=0
-安装keepalived,并修改配置文件
--安装
[root@localhost~]#cd/usr/src/ [root@localhostsrc]#tarzxfkeepalived-1.2.13.tar.gz [root@localhostsrc]#cdkeepalived-1.2.13 [root@localhostkeepalived-1.2.13]#./configure--prefix=/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/&&make&&makeinstall
global_defs{ notification_email{ acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_fromAlexandre.Cassen@firewall.loc smtp_server192.168.200.1 smtp_connect_timeout30 router_idLVS_DEVEL_1#调度器名称 }
vrrp_instanceVI_1{#热备组1 stateMASTER#热备状态 interfaceeth0 virtual_router_id51 priority100#优先级 advert_int1 authentication{ auth_typePASS auth_pass1111 } virtual_ipaddress{ 192.168.1.11#群集VIP地址 } } vrrp_instanceVI_2{#热备组2 stateBACKUP interfaceeth0 virtual_router_id52 priority90 advert_int1 authentication{ auth_typePASS auth_pass1111 } virtual_ipaddress{ 192.168.1.22 } }
irtual_server192.168.1.1180{#虚拟服务器地址(VIP),端口’ delay_loop6#健康检查时间间隔(s) lb_algorr#调度算法-轮询 lb_kindDR#集群工作模式 !persistence_timeout50#连接保持时间(s),去掉!启用 protocolTCP#应用服务采用的是TCP协议 real_server192.168.1.280{#第一个web节点的地址,端口 weight1#节点的权重 TCP_CHECK{#健康检查方式 connect_timeout3#连接超时 nb_get_retry3#重试次数 delay_before_retry3#重试间隔 } } real_server192.168.1.380{#第二个web节点的地址,端口 weight1 TCP_CHECK{ connect_timeout3 nb_get_retry3 delay_before_retry3 } } } virtual_server192.168.1.2280{ delay_loop6 lb_algorr lb_kindDR !persistence_timeout50 protocolTCP real_server192.168.1.280{ weight1 TCP_CHECK{ connect_timeout3 nb_get_retry3 delay_before_retry3 } } real_server192.168.1.380{ weight1 TCP_CHECK{ connect_timeout3 nb_get_retry3 delay_before_retry3 } } }
--重启服务
servicekeepalivedrestart
--同理配置另一调度器
3、节点服务器配置
-修改内核参数
[root@localhostnetwork-scripts]#sysctl�Cp net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.lo.arp_ignore=1 net.ipv4.conf.default.arp_announce=2 net.ipv4.conf.lo.arp_announce=2
-配置lo:0,lo:1虚接口
[root@localhost~]#cat/etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 ONBOOT=yes IPADDR=192.168.1.11 NETMASK=255.255.255.255 [root@localhost~]#cat/etc/sysconfig/network-scripts/ifcfg-lo:1 DEVICE=lo:1 ONBOOT=yes IPADDR=192.168.1.22 NETMASK=255.255.255.255
-添加本地路由
[root@localhost~]#routeadd-host192.168.1.11devlo:0 [root@localhost~]#routeadd-host192.168.1.22devlo:1 [root@localhost~]#echo"routeadd-host192.168.1.11devlo:0">>/etc/rc.local [root@localhost~]#echo"routeadd-host192.168.1.22devlo:1">>/etc/rc.local
-启动web服务
4、NFS配置
[root@localhost~]#cat/etc/exports /var/www/html192.168.2.0/24(rw,sync,no_root_squash) [root@localhost~]#servicerpcbindrestart 停止rpcbind:[确定] 正在启动rpcbind:[确定] [root@localhost~]#servicenfsrestart 关闭NFS守护进程:[失败] 关闭NFSmountd:[失败] 关闭NFSquotas:[失败] ShuttingdownRPCidmapd:[失败] 启动NFS服务:[确定] 关掉NFS配额:[确定] 启动NFSmountd:[确定] 启动NFS守护进程:[确定] 正在启动RPCidmapd:[确定] [root@localhost~]#showmount-e192.168.2.1 Exportlistfor192.168.2.1: /var/www/html192.168.2.0/24 [root@localhost~]#mount192.168.2.1:/var/www/html//var/www/html/
5、内部服务器发布―NAT
服务配置防火墙代替路由器测试
Eth0配置两个ip
[root@localhostnetwork-scripts]#catifcfg-eth0 DEVICE=eth0 HWADDR=00:0C:29:D5:AD:1B TYPE=Ethernet UUID=d3db1bd9-b0f5-4cc2-a5bb-3f0c28430ee0 ONBOOT=yes IPADDR0=200.0.0.11 NETMASK=255.255.255.0 IPADDR1=200.0.0.22 NETMASK=255.255.255.0
--NAT
[root@localhost~]#iptables-tnat-APREROUTING-ieth0-d200.0.0.11-ptcp--dport80-jDNAT--to192.168.1.11 [root@localhost~]#iptables-tnat-APREROUTING-ieth0-d200.0.0.22-ptcp--dport80-jDNAT--to192.168.1.22
附:DNS配置
[root@j1~]#cat/var/named/abc.com $TTL1D @INSOA@rname.invalid.( 0;serial 1D;refresh 1H;retry 1W;expire 3H);minimum innsdns dnsina200.0.0.2 wwwina200.0.0.11 ina200.0.0.22
--启动nfs前
--启动nfs后
--调度器1
--调度器2