##
系统环境配置
#!/bin/bash case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; esac
环回口配置ip
ifconfig lo:1 192.168.1.189 netmask 255.255.255.255 up
##
配置文件
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server localhost smtp_connect_timeout 30 router_id master } vrrp_script chk_nginx_port { script "killall -0 httpd >/dev/null 2>&1" interval 1 weight -2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 53 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.189/32 } track_script { chk_nginx_port } } virtual_server 192.168.1.189 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 # persistence_timeout 50 protocol TCP real_server 192.168.1.161 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } real_server 192.168.1.185 80 { weight 2 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 80 } } }
##
添加防火墙规则
iptables -A INPUT -s 192.168.1.0/24 -p vrrp -j ACCEPT
##