现场环境:
操作系统版本:redhat6.5 内核:2.6.32
一、编译内核,安装 FullNat
1. 环境准备
- 下载lvs-fullnat包
github.com/alibaba/LVS 版本:V2
- 关闭 selinux 与 iptables
getenforce
setenforce 0
# 如果返回为Disabled,则表示关闭,无需处理。如果没有关闭则
vi /etc/sysconfig/selinux
SELINUX=disabled
# 重启服务器
reboot
# 关闭防火墙
service iptables status
service iptables stop
chkconfig iptables off
- 安装依赖包
yum install -y xmlto gcc* rpm-build patchutils elfutils-libelf-devel zlib-devel perl-ExtUtils-Embed.x86_64 lrzsz rng-tools openssl-devel popt-devel hmaccalc python-devel redhat-rpm-config binutils-devel libnl* libporpt* popt-static
- 安装编译内核时所需要的包
查看是否安装如下 rpm:
rpm -qa|grep asciidoc
rpm -qa|grep slang-devel
rpm -qa|grep newt-devel
没有,则需要去 rpm 网站下载:
pkgs.org/
crpm.cn/
下载好后,进行安装:
rpm -ivh asciidoc-8.4.5-4.1.el6.noarch.rpm 或 yum -y install asciidoc
rpm -ivh slang-devel-2.2.1-1.el6.x86_64.rpm 或者 yum -y install slang-devel
rpm -ivh newt-devel-0.52.11-3.el6.x86_64.rpm 或者 yum -y install newt-devel
- 安装 7zip
rpm -ivh p7zip-16.02-10.el6.x86_64.rpm
- 解压 LVS-lvs_v2.zip
7za x LVS-lvs_v2.zip
- 软连接至 linux 编译目录
mv /opt/soft/LVS-lvs_v2 /opt/LVS_FULLNAT
ln -sv /opt/LVS_FULLNAT/kernel/ /usr/src/linux
2. 系统调优
内核优化
vi /etc/sysctl.conf
# 允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 500000
# 开启路由转发功能
net.ipv4.ip_forward = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
# 修改文件描述符
fs.nr_open = 5242880
fs.file-max = 4194304
使得配置生效:
sysctl -p
句柄数优化
vi /etc/security/limits.d/90-nproc.conf
文件末尾添加:
* soft nofile 655350 #表示任何一个用户可以打开的最大的文件描述符数量
* hard nofile 655350
* soft nproc 655350 #表示任何一个用户可以打开的最大的进程数
* hard nproc 655350
- 编译安装
# 进入 kernel 目录:
cd /opt/LVS_FULLNAT/kernel
# 修改 Makefile 中以下字段值,把内核的名称做下标记
EXTRAVERSION = .FNAT.shanks.e27.x86_64
# 编译模块,根据cpu数量调整-J参数,持续约20分钟
make -j4
# 安装模块
make modules_install
# 安装内核及配置文件等
make install
# 编译安装过程中可能会报错如下
sh /opt/soft/LVS-lvs_v2/kernel/arch/x86/boot/install.sh 2.6.32.FNAT.shanks.e27.x86_64 arch/x86/boot/bzImage \ System.map "/boot"
ERROR: modinfo: could not find module xen_procfs
ERROR: modinfo: could not find module xen_scsifront
ERROR: modinfo: could not find module xen_hcall
ERROR: modinfo: could not find module xen_balloon
# 解决方法
cd /lib/modules/2.6.32.FNAT.shanks.e27.x86_64/kernel/drivers/xen/
cp /lib/modules/2.6.32-431.el6.x86_64/updates/pvdriver/xen-procfs/xen-procfs.ko ./
cp /lib/modules/2.6.32-358.el6.x86_64/updates/pvdriver/xen-procfs/xen-procfs.ko ./
cp /lib/modules/2.6.32-431.el6.x86_64/updates/pvdriver/xen-scsi/xen-scsifront.ko ./
cp /lib/modules/2.6.32-358.el6.x86_64/updates/pvdriver/xen-scsi/xen-scsifront.ko ./
cp /lib/modules/2.6.32-431.el6.x86_64/updates/pvdriver/xen-hcall/xen-hcall.ko ./
cp /lib/modules/2.6.32-358.el6.x86_64/updates/pvdriver/xen-hcall/xen-hcall.ko ./
cp /lib/modules/2.6.32-431.el6.x86_64/updates/pvdriver/xen-balloon/xen-balloon.ko ./
cp /lib/modules/2.6.32-358.el6.x86_64/updates/pvdriver/xen-balloon/xen-balloon.ko ./
- 更改启动项
vi /boot/grub/grub.conf
# 更改为 default 为 0 表示先启动
# 引导文件中有两个引导启动段,一个是原本内核的linux,一个是新编译的内核,新编译的内核在上面,所以把default的值设为0,即表示使用新的内核引导系统了。
- 重启验证
# 重启前
uname -a
Linux VM000001670 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
# 重启后
uname -a
Linux VM000001670 2.6.32.FNAT.shanks.e27.x86_64 #1 SMP Wed Mar 10 03:41:18 CST 2021 x86_64 x86_64 x86_64 GNU/Linux
- 加载 ip_vs 模块
# lsmod |grep ip_vs
ip_vs 35009 0
如果没有显示,则说明没有加载,执行命令 modprobe ip_vs 就可以把ip_vs模块加载到内核
# modprobe ip_vs 然后再查看就有了。
7.支持UDP
echo "0" > /proc/sys/net/ipv4/vs/defence_udp_drop
二. keepalived 编译安装
# 安装依赖包:
yum -y install popt-devel libnl-devel
# 编译 keepalived:
cd /opt/LVS_FULLNAT/tools/keepalived
./configure
make && make install
# 创建软链接:
ln -s /usr/local/sbin/keepalived /usr/sbin/
#复制基本配置
mkdir /etc/keepalived/ -p
cp -a bin/genhash /usr/local/bin/
cp -a bin/keepalived /sbin/
cp -a keepalived/etc/init.d/keepalived.init /etc/init.d/keepalived
cp -a keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
cp -a keepalived/etc/init.d/keepalived.sysconfig /etc/sysconfig/keepalived
# 设置开机自启
chkconfig --add keepalived
# 启动验证
service keepalived start
三 ipvsadm 编译安装
# 进入编译内核目录
cd /opt/LVS_FULLNAT/tools/ipvsadm
# 执行编译
make && make install
