zoukankan      html  css  js  c++  java

  • LVS的NAT和DR模式下http负载均衡

    环境说明:

    主机名IP职责
    localhost DIP:192.168.44.128   VIP:192.168.163.250 调度器
    node2 192.168.44.129 服务器(RS)
    node3 192.168.44.130 服务器(RS)

    LVS的NAT模式实现http负载均衡

    (NAT模式调度器上要保证有两个不同类型的网卡,且RS的网关要指向LVS的DIP)

    //配置作为调度器的localhost
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.128/24 brd 192.168.44.255 scope global dynamic noprefixroute eth0
       valid_lft 954sec preferred_lft 954sec
    inet6 fe80::3abf:3271:9b0e:fc06/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:15 brd ff:ff:ff:ff:ff:ff
    inet 192.168.163.129/24 brd 192.168.163.255 scope global dynamic noprefixroute eth1
       valid_lft 954sec preferred_lft 954sec
    inet6 fe80::4801:eaae:c044:e6a4/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

//配置调度器的dip
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth0"
UUID="0a3ca56e-efb2-4610-9095-1b1942f240c0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.44.128
NETMASK=255.255.255.0

//配置DR的vip(此时实验环境并不需要配置网关)
[root@localhost ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens160 /etc/sysconfig/network-scripts/ifcfg-ens161
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens161
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR=192.168.163.250
NETMASK=255.255.255.0
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# ifdown ens161;ifup ens161
[root@localhost ~]# yum -y install ipvsadm


//配置作为RS的node2
[root@node2 ~]# systemctl stop firewalld
[root@node2 ~]# setenforce 0
[root@node2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
UUID="c54bed09-7878-4374-b05f-d1e60c00f45a"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.129
NETMASK=255.255.255.0
GATEWAY=192.168.44.128
DNS1=114.114.114.114
[root@node2 ~]# systemctl restart NetworkManager
[root@node2 ~]# ifdown ens160;ifup ens160
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# systemctl start httpd

//配置作为RS的node3
[root@node3 ~]# systemctl stop firewalld
[root@node3 ~]# setenforce 0
[root@node3 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
UUID="6e78e498-f57d-41f9-bc2e-2de83d77b4ec"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.130
NETMASK=255.255.255.0
GATEWAY=192.168.44.128
DNS1=114.114.114.114
[root@node3 ~]# systemctl restart NetworkManager
[root@node3 ~]# ifdown ens160;ifup ens160
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# systemctl start httpd


//在调度器上开启IP转发功能
[root@localhost ~]# vim /etc/sysctl.conf

//在文件最后面加入下面这行
net.ipv4.ip_forward = 1

[root@localhost ~]# sysctl -p
//在调度器上添加并保存规则
[root@localhost ~]# ipvsadm -A -t 192.168.163.250:80 -s rr
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.250:80 rr
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:80 -r 192.168.44.129:80 -m
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:80 -r 192.168.44.130:80 -m
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@localhost ~]# systemctl enable ipvsadm
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.163.250:80 rr
  -> 192.168.44.129:80            Masq    1      1          0         
  -> 192.168.44.130:80            Masq    1      0          1 


//验证,为了实验效果故意使两个服务器的网页不一样
[root@node2 ~]# echo 'RS1' > /var/www/html/index.html
[root@node3 ~]# echo 'RS2' > /var/www/html/index.html
[root@localhost ~]# curl http://192.168.163.250
RS1
[root@localhost ~]# curl http://192.168.163.250
RS2

    LVS的NAT模式实现https负载均衡

    //在调度器上生成一对密钥
[root@localhost ~]# mkdir -p /etc/pki/CA/private
[root@localhost ~]# yum -y install expect
[root@localhost ~]# cd /etc/pki/CA/
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)

[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout

////生成自签署证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:csl
Organizational Unit Name (eg, section) []:csl
Common Name (eg, your name or your server's hostname) []:csl
Email Address []:1@2.com

//在node2上配置
[root@node2 ~]# yum -y install mod_ssl
[root@node2 ~]# mkdir /etc/httpd/ssl
[root@node2 ~]# cd /etc/httpd/ssl
[root@node2 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)

//在node2上生成证书签署请求(要和之前DR上生成的证书填的内容一样)
[root@node2 ssl]# openssl req -new -key httpd.key -days 1024 -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:csl
Organizational Unit Name (eg, section) []:csl
Common Name (eg, your name or your server's hostname) []:csl
Email Address []:1@2.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@node2 ssl]# ls
httpd.csr  httpd.key

//把证书签署请求文件发送给CA
[root@node2 ssl]# scp httpd.csr root@192.168.44.128:/root

//DR签署证书并发给客户端
[root@localhost ~]# mkdir /etc/pki/CA/newcerts
[root@localhost ~]# touch /etc/pki/CA/index.txt
[root@localhost ~]# echo "01" > /etc/pki/CA/serial
[root@localhost ~]# openssl ca -in /root/httpd.csr -out httpd.crt -days 1024

[root@localhost ~]# ls
anaconda-ks.cfg  httpd.crt  httpd.csr

//调度器把签署好的证书httpd.crt和服务端的证书cacert.pem发给客户端
[root@localhost ~]# scp httpd.crt root@192.168.44.129:/etc/httpd/ssl
[root@localhost ~]# scp /etc/pki/CA/cacert.pem root@192.168.44.129:/etc/httpd/ssl

//配置https
[root@node3 ~]# yum -y install mod_ssl
[root@node3 ~]# mkdir /etc/httpd/ssl 
[root@node2 ssl]# scp cacert.pem httpd.crt httpd.key root@192.168.44.130:/etc/httpd/ssl


//在node3上查看
[root@node3 ~]# ls /etc/httpd/ssl/
cacert.pem  httpd.crt  httpd.key

//在node2上修改https配置文件
[root@node2 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

SSLCACertificateFile /etc/httpd/ssl/cacert.pem

//重启服务
[root@node2 ~]# systemctl restart httpd

//在node3上修改https配置文件
[root@node3 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/ssl/httpd.crt

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

SSLCACertificateFile /etc/httpd/ssl/cacert.pem

//重启服务
[root@node3 ~]# systemctl restart httpd

//在DR上配置规则并保存     
[root@localhost ~]# ipvsadm -A -t 192.168.163.250:443 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:443 -r 192.168.44.129 -m
[root@localhost ~]# ipvsadm -a -t 192.168.163.250:443 -r 192.168.44.130 -m
[root@localhost ~]# ipvsadm -S > /etc/sysconfig/ipvsadm

//测试
[root@localhost ~]# curl -k https://192.168.163.250
RS1
[root@localhost ~]# curl -k https://192.168.163.250
RS2

    LVS的DR模式实现http负载均衡

    环境说明

    主机名IP职责
    localhost DIP:192.168.44.128   VIP:192.168.44.250 调度器
    node2 192.168.44.129    VIP:192.168.44.250 服务器(RS)
    node3 192.168.44.130    VIP:192.168.44.250 服务器(RS)

    		 
    //配置作为调度器的localhost
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# ip a
..
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:b5:30:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.128/24 brd 192.168.44.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feb5:300b/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="eth0"
UUID="0a3ca56e-efb2-4610-9095-1b1942f240c0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.44.128
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ip addr add 192.168.44.250/24 dev eth0
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.128
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# ipvsadm -A -t 192.168.44.250:80 -s rr
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:80 -r 192.168.44.129:80 -g
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:80 -r 192.168.44.130:80 -g
[root@localhost ~]# systemctl enable ipvsadm
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.44.250:80 rr
  -> 192.168.44.129:80            Route   1      0          0         
  -> 192.168.44.130:80            Route   1      0          0

//配置作为RS的node2
[root@node2 ~]# systemctl stop firewalld
[root@node2 ~]# setenforce 0
[root@node2 ~]# ip a
..
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:a5:b0:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.129/24 brd 192.168.44.255 scope global dynamic noprefixroute ens160
       valid_lft 890sec preferred_lft 890sec
    inet6 fe80::384c:3bc6:9a9f:58ce/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@node2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.129
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@node2 ~]# systemctl restart NetworkManager
[root@node2 ~]# ifdown ens160;ifup ens160
[root@node2 ~]# vim /etc/sysctl.conf
//在文件最下方加入两行
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node2 ~]# sysctl -p
[root@node2 ~]# ip addr add 192.168.44.250/24 dev ens160
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.129
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@node2 ~]# yum -y install httpd
[root@node2 ~]# systemctl start httpd


//配置作为RS的node3
[root@node3 ~]# systemctl stop firewalld
[root@node3 ~]# setenforce 0
[root@node3 ~]# ip a
..
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:73:b3:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.44.130/24 brd 192.168.44.255 scope global dynamic noprefixroute ens160
       valid_lft 1399sec preferred_lft 1399sec
    inet6 fe80::757b:3307:cfa2:f23f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@node3 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE="Ethernet"
BOOTPROTO=none
NAME="ens160"
DEVICE="ens160"
ONBOOT="yes"
IPADDR=192.168.44.130
NETMASK=255.255.255.0
GATEWAY=192.168.44.2
DNS1=114.114.114.114
[root@node3 ~]# systemctl restart NetworkManager
[root@node3 ~]# ifdown ens160;ifup ens160
[root@node3 ~]# vim /etc/sysctl.conf
//在文件最下方加入两行
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node3 ~]# sysctl -p
[root@node3 ~]# ip addr add 192.168.44.250/24 dev ens160
[root@localhost ~]# ls /etc/sysconfig/network-scripts/
ifcfg-ens160
[root@localhost ~]# vim /etc/sysconfig/network-scripts/route-ens160
192.168.44.250/32 via 192.168.44.130
[root@localhost ~]# systemctl restart NetworkManager
[root@localhost ~]# ifdown ens160;ifup ens160
[root@localhost ~]# yum -y install net-tools
[root@node3 ~]# yum -y install httpd
[root@node3 ~]# systemctl start httpd


//验证,为了实验效果故意使两个服务器的网页不一样
[root@node2 ~]# echo 'RS1' > /var/www/html/index.html
[root@node3 ~]# echo 'RS2' > /var/www/html/index.html
[root@localhost ~]# curl http://192.168.44.250
RS1
[root@localhost ~]# curl http://192.168.44.250
RS2

     LVS的DR模式实现https负载均衡

    //在两个RS上安装mod_ssl
[root@node2 ~]# yum -y install mod_ssl
[root@node3 ~]# yum -y install mod_ssl

//这里就不做证书,使用默认的证书,重启服务查看443是否启动
[root@node2 ~]# systemctl restart httpd
[root@node3 ~]# systemctl restart httpd

//查看443端口是否启动
[root@node2 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

[root@node3 ~]# ss -antl
State       Recv-Q      Send-Q           Local Address:Port             Peer Address:Port 
LISTEN      0           128                    0.0.0.0:22                    0.0.0.0:*   
LISTEN      0           128                          *:80                          *:*   
LISTEN      0           128                       [::]:22                       [::]:*   
LISTEN      0           128                          *:443                         *:*  

//在调度器上配置
[root@localhost ~]# ipvsadm -C
[root@localhost ~]# ipvsadm -A -t 192.168.44.250:443 -s wrr
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:443 -r 192.168.44.129 -g
[root@localhost ~]# ipvsadm -a -t 192.168.44.250:443 -r 192.168.44.130 -g
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.44.250:443 wrr
  -> 192.168.44.129:443            Route   1      0          0         
  -> 192.168.44.130:443            Route   1      0          0 
  
[root@localhost ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm


//测试
[root@localhost ~]# curl -k https://192.168.44.250
RS1 
[root@localhost ~]# curl -k https://192.168.44.250
RS2
  • 相关阅读:
    什么是ORM
    ORM优缺点
    Azure 中快速搭建 FTPS 服务
    连接到 Azure 上的 SQL Server 虚拟机(经典部署)
    在 Azure 虚拟机中配置 Always On 可用性组(经典)
    SQL Server 2014 虚拟机的自动备份 (Resource Manager)
    Azure 虚拟机上的 SQL Server 常见问题
    排查在 Azure 中新建 Windows 虚拟机时遇到的经典部署问题
    上传通用化 VHD 并使用它在 Azure 中创建新 VM
    排查在 Azure 中新建 Windows VM 时遇到的部署问题
  • 原文地址:https://www.cnblogs.com/chensongling/p/14736037.html
Copyright © 2011-2022 走看看