拓扑
1、基本配置
根据拓扑配置IP
2、调度器配置
-安装ipvsadm,并启用ip_vs模块
[root@localhost~]#yum-yinstallipvsadm [root@localhost~]#modprobeip_vs [root@localhost~]#echo"modproceip_vs">>/etc/rc.local
-修改内核参数
[root@localhost~]#sysctl�Cp net.ipv4.conf.all.send_redirects=0 net.ipv4.conf.default.send_redirects=0 net.ipv4.conf.eth0.send_redirects=0
-安装keepalived,并修改配置文件
--安装
[root@localhost~]#cd/usr/src/ [root@localhostsrc]#tarzxfkeepalived-1.2.13.tar.gz [root@localhostsrc]#cdkeepalived-1.2.13 [root@localhostkeepalived-1.2.13]#./configure--prefix=/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/&&make&&makeinstall
global_defs{
notification_email{
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_fromAlexandre.Cassen@firewall.loc
smtp_server192.168.200.1
smtp_connect_timeout30
router_idLVS_DEVEL_1#调度器名称
}
vrrp_instanceVI_1{#热备组1
stateMASTER#热备状态
interfaceeth0
virtual_router_id51
priority100#优先级
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
virtual_ipaddress{
192.168.1.11#群集VIP地址
}
}
vrrp_instanceVI_2{#热备组2
stateBACKUP
interfaceeth0
virtual_router_id52
priority90
advert_int1
authentication{
auth_typePASS
auth_pass1111
}
virtual_ipaddress{
192.168.1.22
}
}
irtual_server192.168.1.1180{#虚拟服务器地址(VIP),端口’
delay_loop6#健康检查时间间隔(s)
lb_algorr#调度算法-轮询
lb_kindDR#集群工作模式
!persistence_timeout50#连接保持时间(s),去掉!启用
protocolTCP#应用服务采用的是TCP协议
real_server192.168.1.280{#第一个web节点的地址,端口
weight1#节点的权重
TCP_CHECK{#健康检查方式
connect_timeout3#连接超时
nb_get_retry3#重试次数
delay_before_retry3#重试间隔
}
}
real_server192.168.1.380{#第二个web节点的地址,端口
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
}
}
}
virtual_server192.168.1.2280{
delay_loop6
lb_algorr
lb_kindDR
!persistence_timeout50
protocolTCP
real_server192.168.1.280{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
}
}
real_server192.168.1.380{
weight1
TCP_CHECK{
connect_timeout3
nb_get_retry3
delay_before_retry3
}
}
}
--重启服务
servicekeepalivedrestart
--同理配置另一调度器
3、节点服务器配置
-修改内核参数
[root@localhostnetwork-scripts]#sysctl�Cp net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.lo.arp_ignore=1 net.ipv4.conf.default.arp_announce=2 net.ipv4.conf.lo.arp_announce=2
-配置lo:0,lo:1虚接口
[root@localhost~]#cat/etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 ONBOOT=yes IPADDR=192.168.1.11 NETMASK=255.255.255.255 [root@localhost~]#cat/etc/sysconfig/network-scripts/ifcfg-lo:1 DEVICE=lo:1 ONBOOT=yes IPADDR=192.168.1.22 NETMASK=255.255.255.255
-添加本地路由
[root@localhost~]#routeadd-host192.168.1.11devlo:0 [root@localhost~]#routeadd-host192.168.1.22devlo:1 [root@localhost~]#echo"routeadd-host192.168.1.11devlo:0">>/etc/rc.local [root@localhost~]#echo"routeadd-host192.168.1.22devlo:1">>/etc/rc.local
-启动web服务
4、NFS配置
[root@localhost~]#cat/etc/exports /var/www/html192.168.2.0/24(rw,sync,no_root_squash) [root@localhost~]#servicerpcbindrestart 停止rpcbind:[确定] 正在启动rpcbind:[确定] [root@localhost~]#servicenfsrestart 关闭NFS守护进程:[失败] 关闭NFSmountd:[失败] 关闭NFSquotas:[失败] ShuttingdownRPCidmapd:[失败] 启动NFS服务:[确定] 关掉NFS配额:[确定] 启动NFSmountd:[确定] 启动NFS守护进程:[确定] 正在启动RPCidmapd:[确定] [root@localhost~]#showmount-e192.168.2.1 Exportlistfor192.168.2.1: /var/www/html192.168.2.0/24 [root@localhost~]#mount192.168.2.1:/var/www/html//var/www/html/
5、内部服务器发布―NAT
服务配置防火墙代替路由器测试
Eth0配置两个ip
[root@localhostnetwork-scripts]#catifcfg-eth0 DEVICE=eth0 HWADDR=00:0C:29:D5:AD:1B TYPE=Ethernet UUID=d3db1bd9-b0f5-4cc2-a5bb-3f0c28430ee0 ONBOOT=yes IPADDR0=200.0.0.11 NETMASK=255.255.255.0 IPADDR1=200.0.0.22 NETMASK=255.255.255.0
--NAT
[root@localhost~]#iptables-tnat-APREROUTING-ieth0-d200.0.0.11-ptcp--dport80-jDNAT--to192.168.1.11 [root@localhost~]#iptables-tnat-APREROUTING-ieth0-d200.0.0.22-ptcp--dport80-jDNAT--to192.168.1.22
附:DNS配置
[root@j1~]#cat/var/named/abc.com $TTL1D @INSOA@rname.invalid.( 0;serial 1D;refresh 1H;retry 1W;expire 3H);minimum innsdns dnsina200.0.0.2 wwwina200.0.0.11 ina200.0.0.22
--启动nfs前
--启动nfs后
--调度器1
--调度器2
