CENTOS7 compilation installation LVS mutual preparation (measured notes Centos 7.0 + ipvsadm 1.27 + keepalived 1.2.15)

System hardware: VMware vsphere (cpu:2*4 core, memory 2G, dual NIC)

LVS Server (two units):

System: Centos7.0 64-bit (lvs+keepalived)

lvsmaster:192.168.1.21 (main vip:192.168.1.20, prepare vip:192.168.1.18)

lvsbackup:192.168.1.22 (main vip:192.168.1.18, prepare vip:192.168.1.20)

Nginx Server (three):

System: Centos7.0 64-bit (Nginx service, vip:192.168.1.18)

iis01:192.168.1.31

iis02:192.168.1.32

iis03:192.168.1.33

IIS Server (three):

System: WINDWOS2008R2 64-bit (IIS service, vip:192.168.1.20)

iis01:192.168.1.41

iis02:192.168.1.42

iis03:192.168.1.43

Installation steps:

1. Install Web server (Linxu,nginx, primary NIC Interface name: ens192)

Here to server: Web01,ip address is: 192.168.1.31 description (two other reference here)

1.1 Install the system (assuming that the system is installed and the Nginx service is already available)
[Email protected] ~]# cat/etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

[Email protected] ~]# Uname-rs
Linux 3.10.0-123.20.1.el7.x86_64

Modify Host Name
[Email protected] ~]# Hostnamectl set-hostname web01

[Email protected] ~]# hostname
Web01

[[Email protected] ~]# IP add show ens192

2:ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc MQ State up Qlen 1000
Link/ether 00:50:56:94:02:4a BRD FF:FF:FF:FF:FF:FF
inet 192.168.1.31/24 BRD 192.168.1.255 Scope Global ens192
Valid_lft Forever Preferred_lft Forever
Inet6 FE80::250:56FF:FE94:24A/64 Scope link
Valid_lft Forever Preferred_lft Forever

[Email protected] ~]# Curl http://192.168.1.31

<title>web 10:43:18</title>
<body>
<P>2015-03-17 10:43:18</p>
</body>

1.2 Setting up the server to support VIP access

Method 1: Create the lo:0 file directly and bind the VIP (192.168.1.18)

[Email protected] ~]# vim/etc/sysconfig/network-scripts/ifcfg-lo:0

Open the editor and enter the following:

device=lo:0
ipaddr=192.168.1.18
netmask=255.255.255.255
Onboot=yes
Name=loopback

Save, exit

Restart

[Email protected] ~]# Shutdown-r now

Test whether the VIP is bound

[[Email protected] ~]# IP add show lo:0
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN
Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
inet 127.0.0.1/8 Scope host Lo
Valid_lft Forever Preferred_lft Forever
inet 192.168.1.18/32 BRD 192.168.1.18 Scope Global lo:0
Valid_lft Forever Preferred_lft Forever
INET6:: 1/128 Scope Host
Valid_lft Forever Preferred_lft Forever

Show bindings as inet 192.168.1.18/32 BRD 192.168.1.18 Scope Global lo:0

Resolving ARP Issues

[Email protected] ~]# vim/etc/sysctl.conf

Open the editor and enter the following:

Net.ipv4.conf.lo.arp_ignore = 1
Net.ipv4.conf.lo.arp_announce = 2
Net.ipv4.conf.all.arp_ignore = 1
Net.ipv4.conf.all.arp_announce = 2

Save, exit settings immediate effect [[email protected] ~]# sysctl-f

Setup instructions

#arp_ignore = 1, the system only answers packets with the destination IP as the local IP. That is, do not respond to the broadcast packet.
#arp_announce = 2, the system ignores the source address of the IP packet, and selects the local address based on the target host.

#arp_ignore limit ARP replies. Limit rating:

#0: for ARP requests from other devices, an ARP reply that answers the IP on all other interfaces

#1: for ARP requests from other devices, only the ARP reply of IP on this interface is answered

#arp_announce limit ARP advertisements. Limit rating:

#0: advertises ARP broadcasts on IP on all interfaces on the interface

#1: for ARP requests from other devices, limit broadcast notification responses (not strictly enough) on the interface

#2: advertises only ARP broadcasts on IP on this interface

Method 2: Bind the VIP through the command binding (192.168.1.18)

[Email protected] ~]# vim/usr/local/sbin/lvs_realserver.sh

Open the editor and enter the following:

#!/bin/bash

vip=192.168.1.18

/etc/rc.d/init.d/functions

Case "$" in
Start
Ifconfig lo:0 $VIP netmask 255.255.255.255 broadcast $VIP
/sbin/route add-host $VIP Dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
Sysctl-p >/dev/null 2>&1
echo "Realserver Start OK"
;;
Stop
Ifconfig lo:0 Down
Route del $VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "Realserver stoped"
;;
*)
echo "Usage: $ {start|stop}"
Exit 1
Esac

Exit 0

Save, exit

Run to see if it is in effect, whether the VIP is bound

[[email protected] ~]#/usr/local/sbin/lvs_realserver.sh start

[[Email protected] ~]# IP add show lo:0

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN
Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
inet 127.0.0.1/8 Scope host Lo
Valid_lft Forever Preferred_lft Forever
inet 192.168.1.18/32 BRD 192.168.1.18 Scope Global lo:0
Valid_lft Forever Preferred_lft Forever
INET6:: 1/128 Scope Host
Valid_lft Forever Preferred_lft Forever

Show bindings as inet 192.168.1.18/32 BRD 192.168.1.18 Scope Global lo:0

Set up auto-start

[Email protected] ~]# vim/etc/rc.d/rc.local
Open the editor and add the following:

/usr/local/sbin/lvs_realserver.sh start

Save exit

Set run permissions (otherwise it will not run automatically after startup)

[[Email protected] ~] #chmod 755/etc/rc.d/rc.local

2. Install Web server (WINDOWS2008R2,IIS, primary NIC Interface name: Local connection)

Here to server: Iis01,ip address is: 192.168.1.41 description (two other reference here)

2.1 Installing the system (assuming that the system is already installed and that the IIS service is already available)

IP Address: 192.168.1.41

Subnet Mask: 255.255.255.0

Default gateway: 192.168.1.1

Preferred dns:192.168.1.1

Web content:

<title>iis 10:43:18</title>
<body>
<P>2015-03-17 10:43:18</p>
</body>

2.2 Set up the server, add loopback interface to support VIP access

Open Device Manager-right-click server name-add outdated hardware-open the Hardware Add Wizard

Next-Install the hardware I manually selected from the list (advanced)-next-Open the installed hardware type

Select Network adapter-Next

Vendor selection (Microsoft), network adapter selection (Microsoft Loopback Adapter)-Next-Next

Click Finish

Open a network connection, modify the Microsoft Loopback adapter name as Realserver

Open the Realservertcp/ipv4 property to modify the IP address

IP Address: 192.168.1.20

Subnet Mask: 255.255.255.255

Confirm Exit

Run cmd Open command line Prompt window

Run the following command to modify the NIC interface (that is, the local Area Connection), the loopback interface (that is, the Realserver) connection mode, to resolve the ARP problem (otherwise TCP status will remain in the SYN_RECV state)

netsh interface IPv4 set interface "Local Area Connection" weakhostreceive=enabled

netsh interface IPv4 set interface "Local Area Connection" weakhostsend=enabled

netsh interface IPv4 set interface "Realserver" weakhostreceive=enabled

netsh interface IPv4 set interface "Realserver" weakhostsend=enabled

netsh interface IPv4 set interface "Loopback" weakhostreceive=enabled

netsh interface IPv4 set interface "Loopback" weakhostsend=enabled

3. Installing the LVS server (linxu,ipvsadm,keepalived, primary NIC Interface name: ens160)

Here to server: Lvs_master,ip address is: 192.168.1.21 description (lvs_backup reference here)

3.1. Installing Lvs_master

Installing Centos-7.0-1406-x86_64-dvd.iso

3.2. Update
[[email protected] ~]# Yum update

[Email protected] ~]# cat/etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

[Email protected] ~]# Uname-rs
Linux 3.10.0-123.20.1.el7.x86_64

3.3. Install the Basic Package

[email protected] ~]# Yum install vim wget lsof gcc gcc-c++ bzip2-y

[email protected] ~]# Yum install net-tools bind-utils-y

3.4. Modify Host Name
[Email protected] ~]# Hostnamectl set-hostname lvs_master

[Email Protected]_master ~]# hostname
Lvs_master

3.5. Modify the IP address
[Email protected]_master ~]# vim/etc/sysconfig/network-scripts/ifcfg-ens160

Type= "Ethernet"
bootproto= "Static"
Defroute= "Yes"
Peerdns= "Yes"
Peerroutes= "Yes"
Ipv4_failure_fatal= "No"
ipv6init= "Yes"
ipv6_autoconf= "Yes"
Ipv6_defroute= "Yes"
Ipv6_peerdns= "Yes"
Ipv6_peerroutes= "Yes"
Ipv6_failure_fatal= "No"
Name= "ens160"
onboot= "Yes"
Hwaddr= "00:50:56:94:46:f8"
Ipaddr= "192.168.1.21"
netmask= "255.255.255.0"
Gateway= "192.168.1.1"

Confirm Changes, exit

Lvs_backup Server Modification Instructions:

Hwaddr= "lvs_backup corresponding MAC address"

Ipaddr= "192.168.1.22"

[Ro[email protected]_master ~]# ifconfig ens160
Ens160:flags=4163<up,broadcast,running,multicast> MTU 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
Inet6 fe80::250:56ff:fe94:204c Prefixlen ScopeID 0x20<link>
Ether 00:50:56:94:20:4c Txqueuelen (Ethernet)
RX packets 41559 Bytes 59971168 (57.1 MiB)
RX errors 0 dropped overruns 0 frame 0
TX packets 27992 Bytes 2121802 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3.6. Installing Ipvsadm

[Email protected]_master ~]# Yum Install ipvsadm-y

================================================================================
Package schema version Source size
================================================================================
Installing:
Ipvsadm x86_64 1.27-4.el7 Base K

Transaction summary
================================================================================
Installing the 1 package

[Email protected]_master ~]# Ipvsadm--version
Ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)

[[Email protected]_master ~]# lsmod | grep Ip_vs
Ip_vs 136674 0
Nf_conntrack 101024 9 Ip_vs,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ Ipv4,nf_conntrack_ipv6
LIBCRC32C 12644 2 Xfs,ip_vs

3.7. Installing keepalived

[Email protected]_master src]# Yum Install kernel-devel-y

================================================================================
Package schema version Source size
================================================================================
Installing:
Kernel-devel x86_64 3.10.0-123.20.1.el7 Updates 8.9 M

Transaction summary
================================================================================
Installing the 1 package

[Email protected]_master src]# ls/usr/src/kernels/
3.10.0-123.20.1.el7.x86_64

[Email protected]_master src]# CD/USR/LOCAL/SRC

[Email protected]_master src]# wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz

[Email protected]_master src]# tar zvxf keepalived-1.2.15.tar.gz

[Email protected]_master src]# CD keepalived-1.2.15

[Email protected]_master keepalived-1.2.15]# yum install popt-devel popt-static libnl-devel openssl-devel iptraf-y

[Email protected]_master keepalived-1.2.15]#/configure--sysconfdir=/etc/--sbindir=/usr/sbin/--with-kernel-dir= /usr/src/kernels/3.10.0-123.20.1.el7.x86_64/

keepalived Configuration
------------------------
Keepalived version:1.2.15
compiler:gcc
Compiler Flags:-G-O2-DFALLBACK_LIBNL1
Extra Lib:-LSSL-LCRYPTO-LCRYPT-LNL
Use IPVS Framework:yes
IPVS Sync Daemon Support:yes
IPVS Use Libnl:yes
Fwmark Socket Support:yes
Use VRRP Framework:yes
Use VRRP Vmac:no
SNMP Support:no
SHA1 Support
Use Debug Flags:no

[[Email Protected]_master keepalived-1.2.15]# make && make install

[Email protected]_master keepalived-1.2.15]#/usr/sbin/keepalived--version
Keepalived v1.2.15 (03/06,2015)

[Email protected]_master keepalived-1.2.15]# systemctl status keepalived
Keepalived.service-sysv:start and Stop keepalived
Loaded:loaded (/etc/rc.d/init.d/keepalived)
Active:inactive (Dead)

3.8. Configure Keepalived

[Email protected]_master/]# vim/etc/keepalived/keepalived.conf

Open Edit, modify

! Configuration File for Keepalived
Global_defs {
Notification_email {
[Email protected] #警报接收邮件
}
Notification_email_from [email protected]
Smtp_server 127.0.0.1
Smtp_connect_timeout 30
router_id lvs_master #lvs_backup Change Lvs_master to Lvs_backup

}

Vrrp_instance Vi_iis {
State MASTER #lvs_backup将MASTER改为BACKUP
Interface ens160 #HA监测网络接口
virtual_router_id #主, Standby machine virtual_router_id must be the same, must be the same!
Priority #lvs_backup将120改为80
Advert_int 1 #VRRP multicast broadcast cycle seconds
Authentication {
Auth_type PASS #VRRP认证方式
Auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.20 #LVS虚拟地址
}
}

Virtual_server 192.168.1.20 80 {
Delay_loop 2 #延时等待时间
Lb_algo WRR #轮询算法
Lb_kind DR #传输模式
Persistence_timeout 1 #单一链接重连保持时间
Protocol TCP

Real_server 192.168.1.41 80 {
Weight #权重
Tcp_check {#realserve的状态检测设置部分, Unit is seconds
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}
Real_server 192.168.1.42 80 {
Weight 100
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}

Real_server 192.168.1.43 80 {
Weight 100
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}

}

Vrrp_instance Vi_nginx {
State BACKUP #lvs_backup上将BACKUP改为MASTER
Interface ens160 #HA监测网络接口
virtual_router_id #主, the virtual_router_id must be the same as the standby machine.
Priority #lvs_backup上将80改为120
Advert_int 1 #VRRP multicast broadcast cycle seconds
Authentication {
Auth_type PASS #VRRP认证方式
Auth_pass 1111 #VRRP口令字
}
virtual_ipaddress {
192.168.1.18 #LVS虚拟地址
}
}

Virtual_server 192.168.1.18 80 {
Delay_loop 2 #延时等待时间
Lb_algo WRR #轮询算法
Lb_kind DR #传输模式
Persistence_timeout 1 #单一链接重连保持时间
Protocol TCP

Real_server 192.168.1.31 80 {
Weight #权重
Tcp_check {#realserve的状态检测设置部分, Unit is seconds
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}
Real_server 192.168.1.32 80 {
Weight 100
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}

Real_server 192.168.1.33 80 {
Weight 100
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
}
}

}

3.9 Modifying the System configuration file

[Email protected]_master src]# vim/etc/sysctl.conf

Open Editor, modify

Net.ipv4.ip_forward = 1

#net. Ipv4.conf.default.rp_filter = 1
#net. Ipv4.conf.default.accept_source_route = 0
#ernel. SysRq = 0
#kernel. core_uses_pid = 1

Save, exit

Run in effect

[Email protected]_master src]# sysctl-p

Net.ipv4.ip_forward = 1

3.10.LVS Run test (primary and standby LVS server open three terminals, a total of 6 terminals, each run the following command separately, to monitor the service running status)

One terminal to view log information

[Email protected]_master src]# tail-f/var/log/messages

One terminal view LVs current settings

[[Email Protected]_master src]# Watch Ipvsadm-ln

A terminal to view the forwarding situation

[[Email Protected]_master src]# Watch IPVSADM-LNC

3.11. Set auto-run keepalived
[Email protected]_master/]# vim/etc/rc.d/rc.local

Open the editor and add the following:

Iptables-f

Systemctl Start keepalived

Save, exit

3.12. Restart the keepalived service

[Email protected]_master/]# systemctl Restart keepalived

Information can be reflected in the previous three terminals

3.13. Turn off SELinux

[Email protected]_master ~]# vim/etc/selinux/config

Open the editor and block the following two lines

#SELINUX =enforcing

#SELINUXTYPE =targeted

Add the following line

Selinuxtype=disabled

Save exit

Whether the query is turned off after a restart (showing disabled means close)

[Email protected]_master ~]# Shutdown-r Now

[Email protected]_master ~]# Getenforce

Disabled

CENTOS7 compilation installation LVS mutual preparation (measured notes Centos 7.0 + ipvsadm 1.27 + keepalived 1.2.15)