zoukankan      html  css  js  c++  java

  • LVS的NAT和DR模式下http负载均衡

    环境说明:

    主机名IP职责
    localhost DIP:192.168.44.128   VIP:192.168.163.250 调度器
    node2 192.168.44.129 服务器(RS)
    node3 192.168.44.130 服务器(RS)

    LVS的NAT模式实现http负载均衡

    (NAT模式调度器上要保证有两个不同类型的网卡,且RS的网关要指向LVS的DIP)

    //配置作为调度器的localhost
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.128/24 brd 192.168.44.255 scope global dynamic noprefixroute eth0
       valid_lft 954sec preferred_lft 954sec
    inet6 fe80::3abf:3271:9b0e:fc06/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:15 brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.129/24 brd 192.168.163.255 scope global dynamic noprefixroute eth1
       valid_lft 954sec preferred_lft 954sec
    inet6 fe80::4801:eaae:c044:e6a4/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

//配置调度器的dip
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth0"
UUID="0a3ca56e-efb2-4610-9095-1b1942f240c0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.44.128
NETMASK=255.255.255.0

//配置DR的vip(此时实验环境并不需要配置网关)
[root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens160 /etc/sysconfig/network-scripts/ifcfg-ens161
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens161
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR=192.168.163.250
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# ifdown ens161;ifup ens161
[root@localhost ~]# yum -y install ipvsadm


//配置作为RS的node2
[root@node2 ~]# systemctl stop firewalld
[root@node2 ~]# setenforce 0
[root@node2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
UUID="c54bed09-7878-4374-b05f-d1e60c00f45a"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.129
NETMASK=255.255.255.0
GATEWAY=192.168.44.128
DNS1=114.114.114.114
[root@node2 ~]# systemctl restart NetworkManager
[root@node2 ~]# ifdown ens160;ifup ens160
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# systemctl start httpd

//配置作为RS的node3
[root@node3 ~]# systemctl stop firewalld
[root@node3 ~]# setenforce 0
[root@node3 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
UUID="6e78e498-f57d-41f9-bc2e-2de83d77b4ec"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.130
NETMASK=255.255.255.0
GATEWAY=192.168.44.128
DNS1=114.114.114.114
[root@node3 ~]# systemctl restart NetworkManager
[root@node3 ~]# ifdown ens160;ifup ens160
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# systemctl start httpd


//在调度器上开启IP转发功能
[root@localhost ~]# vim /etc/sysctl.conf

//在文件最后面加入下面这行
net.ipv4.ip_forward = 1

[root@localhost ~]# sysctl -p
//在调度器上添加并保存规则
[root@localhost ~]# ipvsadm -A -t 192.168.163.250:80 -s rr
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.250:80 rr
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:80 -r 192.168.44.129:80 -m
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:80 -r 192.168.44.130:80 -m
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@localhost ~]# systemctl enable ipvsadm
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.250:80 rr
  -> 192.168.44.129:80            Masq    1      1          0         
  -> 192.168.44.130:80            Masq    1      0          1 


//验证,为了实验效果故意使两个服务器的网页不一样
[root@node2 ~]# echo 'RS1' > /var/www/html/index.html
[root@node3 ~]# echo 'RS2' > /var/www/html/index.html
[root@localhost ~]# curl http://192.168.163.250
RS1
[root@localhost ~]# curl http://192.168.163.250
RS2

    LVS的NAT模式实现https负载均衡

    //在调度器上生成一对密钥
[root@localhost ~]# mkdir -p /etc/pki/CA/private
[root@localhost ~]# yum -y install expect
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)

[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout

////生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:csl
Organizational Unit Name (eg, section) []:csl
Common Name (eg, your name or your server's hostname) []:csl
Email Address []:1@2.com

//在node2上配置
[root@node2 ~]# yum -y install mod_ssl
[root@node2 ~]# mkdir /etc/httpd/ssl
[root@node2 ~]# cd /etc/httpd/ssl
[root@node2 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)

//在node2上生成证书签署请求(要和之前DR上生成的证书填的内容一样)
[root@node2 ssl]# openssl req -new -key httpd.key -days 1024 -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:csl
Organizational Unit Name (eg, section) []:csl
Common Name (eg, your name or your server's hostname) []:csl
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node2 ssl]# ls
httpd.csr  httpd.key

//把证书签署请求文件发送给CA
[root@node2 ssl]# scp httpd.csr root@192.168.44.128:/root

//DR签署证书并发给客户端
[root@localhost ~]# mkdir /etc/pki/CA/newcerts
[root@localhost ~]# touch /etc/pki/CA/index.txt
[root@localhost ~]# echo "01" > /etc/pki/CA/serial
[root@localhost ~]# openssl ca -in /root/httpd.csr -out httpd.crt -days 1024

[root@localhost ~]# ls
anaconda-ks.cfg  httpd.crt  httpd.csr

//调度器把签署好的证书httpd.crt和服务端的证书cacert.pem发给客户端
[root@localhost ~]# scp httpd.crt root@192.168.44.129:/etc/httpd/ssl
[root@localhost ~]# scp /etc/pki/CA/cacert.pem root@192.168.44.129:/etc/httpd/ssl

//配置https
[root@node3 ~]# yum -y install mod_ssl
[root@node3 ~]# mkdir /etc/httpd/ssl 
[root@node2 ssl]# scp cacert.pem httpd.crt httpd.key root@192.168.44.130:/etc/httpd/ssl


//在node3上查看
[root@node3 ~]# ls /etc/httpd/ssl/
cacert.pem  httpd.crt  httpd.key

//在node2上修改https配置文件
[root@node2 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

SSLCACertificateFile /etc/httpd/ssl/cacert.pem

//重启服务
[root@node2 ~]# systemctl restart httpd

//在node3上修改https配置文件
[root@node3 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

SSLCACertificateFile /etc/httpd/ssl/cacert.pem

//重启服务
[root@node3 ~]# systemctl restart httpd

//在DR上配置规则并保存     
[root@localhost ~]# ipvsadm -A -t 192.168.163.250:443 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:443 -r 192.168.44.129 -m
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:443 -r 192.168.44.130 -m
[root@localhost ~]# ipvsadm -S > /etc/sysconfig/ipvsadm

//测试
[root@localhost ~]# curl -k https://192.168.163.250
RS1
[root@localhost ~]# curl -k https://192.168.163.250
RS2

    LVS的DR模式实现http负载均衡

    环境说明

    主机名IP职责
    localhost DIP:192.168.44.128   VIP:192.168.44.250 调度器
    node2 192.168.44.129    VIP:192.168.44.250 服务器(RS)
    node3 192.168.44.130    VIP:192.168.44.250 服务器(RS)

    		 
    //配置作为调度器的localhost
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# ip a
..
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.128/24 brd 192.168.44.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb5:300b/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="eth0"
UUID="0a3ca56e-efb2-4610-9095-1b1942f240c0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.44.128
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ip addr add 192.168.44.250/24 dev eth0
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.128
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# ipvsadm -A -t 192.168.44.250:80 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:80 -r 192.168.44.129:80 -g
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:80 -r 192.168.44.130:80 -g
[root@localhost ~]# systemctl enable ipvsadm
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.44.250:80 rr
  -> 192.168.44.129:80            Route   1      0          0         
  -> 192.168.44.130:80            Route   1      0          0

//配置作为RS的node2
[root@node2 ~]# systemctl stop firewalld
[root@node2 ~]# setenforce 0
[root@node2 ~]# ip a
..
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a5:b0:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.129/24 brd 192.168.44.255 scope global dynamic noprefixroute ens160
       valid_lft 890sec preferred_lft 890sec
    inet6 fe80::384c:3bc6:9a9f:58ce/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@node2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.129
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@node2 ~]# systemctl restart NetworkManager
[root@node2 ~]# ifdown ens160;ifup ens160
[root@node2 ~]# vim /etc/sysctl.conf
//在文件最下方加入两行
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node2 ~]# sysctl -p
[root@node2 ~]# ip addr add 192.168.44.250/24 dev ens160
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.129
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# systemctl start httpd


//配置作为RS的node3
[root@node3 ~]# systemctl stop firewalld
[root@node3 ~]# setenforce 0
[root@node3 ~]# ip a
..
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:73:b3:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.130/24 brd 192.168.44.255 scope global dynamic noprefixroute ens160
       valid_lft 1399sec preferred_lft 1399sec
    inet6 fe80::757b:3307:cfa2:f23f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@node3 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.130
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@node3 ~]# systemctl restart NetworkManager
[root@node3 ~]# ifdown ens160;ifup ens160
[root@node3 ~]# vim /etc/sysctl.conf
//在文件最下方加入两行
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node3 ~]# sysctl -p
[root@node3 ~]# ip addr add 192.168.44.250/24 dev ens160
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.130
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# systemctl start httpd


//验证,为了实验效果故意使两个服务器的网页不一样
[root@node2 ~]# echo 'RS1' > /var/www/html/index.html
[root@node3 ~]# echo 'RS2' > /var/www/html/index.html
[root@localhost ~]# curl http://192.168.44.250
RS1
[root@localhost ~]# curl http://192.168.44.250
RS2

     LVS的DR模式实现https负载均衡

    //在两个RS上安装mod_ssl
[root@node2 ~]# yum -y install mod_ssl
[root@node3 ~]# yum -y install mod_ssl

//这里就不做证书,使用默认的证书,重启服务查看443是否启动
[root@node2 ~]# systemctl restart httpd
[root@node3 ~]# systemctl restart httpd

//查看443端口是否启动
[root@node2 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

[root@node3 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

//在调度器上配置
[root@localhost ~]# ipvsadm -C
[root@localhost ~]# ipvsadm -A -t 192.168.44.250:443 -s wrr
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:443 -r 192.168.44.129 -g
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:443 -r 192.168.44.130 -g
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.44.250:443 wrr
  -> 192.168.44.129:443            Route   1      0          0         
  -> 192.168.44.130:443            Route   1      0          0 
  
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm


//测试
[root@localhost ~]# curl -k https://192.168.44.250
RS1 
[root@localhost ~]# curl -k https://192.168.44.250
RS2
  • 相关阅读:
    产品微谈
    SVN回滚机制
    super究竟是个啥?
    PM12条
    CocoaPods初体验
    UIView局部点击
    Memory cycles about Block
    About "self"
    openfire学习(一)
    WPF菜单和布局(2)
  • 原文地址:https://www.cnblogs.com/chensongling/p/14736037.html
Copyright © 2011-2022 走看看