Ноябрь 6th, 2013 
Evgeniy Kamenev Установка и настройка Keepalived на Centos
VIP-adress – 192.168.1.126
Server1 centos641.kama.dnsalias.com
Server2 centos642.kama.dnsalias.com
1.Установка необходимого ПО
yum install keepalived
yum install ipvsadm
2.Добавление алиаса на lo
nano /etc/sysconfig/network-scripts/ifcfg-lo:0
DEVICE=lo
IPADDR= 192.168.1.126
NETMASK=255.255.255.255
#NETWORK=192.168.1.0
#BROADCAST=192.168.1.255
ONBOOT=yes
NAME=loopback
/etc/init.d/network restart
Проверяем наличие адреса на интерфейсе lo
[root@centos641 sites]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 192.168.1.126/32 brd 192.168.1.126 scope global lo
inet6 ::1/128 scope host
3.Настройка iptables
centos641
iptables -t mangle -N IPVS
iptables -t mangle -I PREROUTING -j IPVS
iptables -t mangle -I IPVS -m mac —mac-source 00:0c:29:ce:94:76 -j RETURN
iptables -S -t mangle
iptables -t mangle -A IPVS -d 192.168.1.126/32 -i eth0 -p tcp -m tcp —dport 80 -j MARK —set-xmark 0x1/0xffffffff
iptables -S -t mangle
/etc/init.d/iptables save
00:0c:29:ce:94:76 – это mac-adress eth0 на Centos642
смотрим через ip link
centos642
iptables -t mangle -S
iptables -t mangle -N IPVS
iptables -t mangle -I PREROUTING -j IPVS
iptables -t mangle -I IPVS -m mac —mac-source 00:0c:29:d4:9c:c6 -j RETURN
iptables -t mangle
iptables -t mangle -S
iptables -t mangle -A IPVS -d 192.168.1.126/32 -i eth0 -p tcp -m tcp —dport 80 -j MARK —set-xmark 0x1/0xffffffff
/etc/init.d/iptables save
3. Настройка keepalived
Конфиг MASTER
nano /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@kama.dnsalias.com
}
notification_email_from keepalived@centos641.kama.dnsalias.com
smtp_server localhost
smtp_connect_timeout 30
router_id centos641.kama.dnsalias.com
}
vrrp_instance VRRP_EXT {
state MASTER
interface eth0
lvs_sync_daemon_interface eth0
virtual_router_id 126
priority 100
smtp_alert
advert_int 1
authentication {
auth_type PASS
auth_pass ahk7sae7aigah3Oe9oochae7ohsoo5
}
nopreempt
virtual_ipaddress {
192.168.1.126/32
}
}
virtual_server fwmark 1 {
delay_loop 5
lb_algo wrr
lb_kind DR
protocol TCP
virtualhost ya.ru
real_server 192.168.1.38 80 {
weight 100
inhibit_on_failure
HTTP_GET {
url {
path /lbtest.html
# digest f0045264179f8f7f96478f5d33f6dc24
status_code 200
}
connect_port 80
connect_timeout 4
nb_get_retry 5
delay_before_retry 2
}
}
real_server 192.168.1.39 80 {
weight 100
inhibit_on_failure
HTTP_GET {
url {
path /lbtest.html
# digest f0045264179f8f7f96478f5d33f6dc24
status_code 200
}
connect_port 80
connect_timeout 4
nb_get_retry 5
delay_before_retry 2
}
}
}
Конфиг SLAVE от MASTER отличается 4 параметрами
notification_email_from keepalived@centos642.kama.dnsalias.com
router_id centos642.kama.dnsalias.com
state SLAVE
priority 50
Запускаем keepalived
/etc/init.d/keepalived
логии смотрим в /var/log/messages
Проверяем наличие VIP-адреса на master на интерфейсе eth0
[root@centos641 sites]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 192.168.1.126/32 brd 192.168.1.126 scope global lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:d4:9c:c6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.38/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.126/32 scope global eth0
inet6 fe80::20c:29ff:fed4:9cc6/64 scope link
valid_lft forever preferred_lft forever
Трафик мониторим через tcpdump
tcpdump -n -t -v -i eth0 host 224.0.0.18
Смотрим статистику
ipvsadm -L -n
ipvsadm -L -n -c
Опубликовано в рубрике 
Метки: