目录
部署NAT模式集群案例
实验环境
主机名 | ip | vip | 角色 | 网卡模式 |
---|---|---|---|---|
lvs.sons1.org | 192.168.0.100 | 172.25.254.100 | 调度器(VS) | eth0:nat eth1:仅主机 |
webserver1.sons1.org | 192.168.0.10,GW 192.168.0.100 | null | 真实服务器(RS) | eth0:仅主机 |
webserver2.sons1.org | 192.168.0.20,GW 192.168.0.100 | null | 真实服务器(RS) | eth0:仅主机 |
思维导图
配置lvs
添加网卡改为仅主机模式
[root@lvs system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=172.25.254.100/24,172.25.254.2
method=manual
[root@lvs system-connections]# cat eth0.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
address1=192.168.0.100/24
method=manual
打开内核路由功能
[root@lvs system-connections]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@lvs system-connections]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@lvs system-connections]# sysctl -p
net.ipv4.ip_forward = 1
配置webserver1
改为仅主机模式
[root@webserver1 system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=192.168.0.10/24,192.168.0.100
method=manual
dns=114.114.114.114;
[root@webserver1 ~]# dnf install httpd -y
[root@webserver1 ~]# systemctl enable --now httpd
[root@webserver1 ~]# echo webserver1 - 192.168.0.10 > /var/www/html/index.html
[root@webserver1 ~]# curl 192.168.0.10
webserver1 - 192.168.0.10
配置webserver2
改为仅主机模式
[root@webserver2 system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=192.168.0.20/24,192.168.0.100
method=manual
dns=114.114.114.114;
[root@webserver2 ~]# dnf install httpd -y
[root@webserver1 ~]# systemctl enable --now httpd
[root@webserver2 ~]# echo webserver2 - 192.168.0.20 > /var/www/html/index.html
[root@webserver2 ~]# curl 192.168.0.20
webserver1 - 192.168.0.20
在lvs上测试
[root@lvs ~]# curl 192.168.0.10
webserver1 - 192.168.0.10
[root@lvs ~]# curl 192.168.0.20
webserver2 - 192.168.0.20
安装Ipvsadm
[root@lvs ~]# dnf install ipvsadm -y ipvsadm 是用于管理 Linux 虚拟服务器(LVS)的命令行工具
[root@lvs ~]# ipvsadm -A -t 172.25.254.100:80 -s rr
[root@lvs ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.10:80 -m
[root@lvs ~]# ipvsadm -a -t 172.25.254.100:80 -r 192.168.0.20:80 -m
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 rr
-> 192.168.0.10:80 Masq 1 0 0
-> 192.168.0.20:80
[root@lvs ~]# ipvsadm-save > /etc/sysconfig/ipvsadm-config #保存规则
[root@lvs ~]# systemctl enable --now ipvsadm.service #开机启动
[Administrator.WIN ~]# for i in {1..10}
> do
> curl 172.25.254.100
> done
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
部署DR模式集群案例
实验环境
主机名 | ip | vip | 角色 | 网卡 |
---|---|---|---|---|
client.sons1.org | 172.25.254.200,GW172.25.254.100 | 测试主机 | eth0:nat | |
toute.sons1.org | eth0:172.25.254.100,eth1:192.168.0.100 | 路由器 | eth0:nat eth1:仅主机 | |
lvs.sons1.org | 192.168.0.50,GW 192.168.0.100 | 192.168.0.200 /32 | 调度器 | eth1:仅主机 |
webserver1.sons1.org | 192.168.0.10,GW192.168.0.100 | 192.168.0.200 /32 | webserver1 | eth0:仅主机 |
webserver2.sons1.org | 192.168.0.20,GW192.168.0.100 | 192.168.0.200 /32 | webserver2 | eth0:仅主机 |
思维导图
配置client
[root@client system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=172.25.254.200/24,172.25.254.100
method=manual
配置route
添加网络适配器选择仅主机
sysctl -a 命令会显示系统中所有的内核参数及其当前的值,输出结果为 net.ipv4.ip_forward = 1 ,这表示系统的 IP 转发功能已启用。如果结果为 net.ipv4.ip_forward = 0 ,则表示 IP 转发功能被禁用
[root@route system-connections]# cat eth0.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
address1=172.25.254.100/24
method=manual
[root@route system-connections]# cat eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
address1=192.168.0.100/24
method=manual
打开内核路由功能
[root@lvs system-connections]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@lvs system-connections]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
[root@lvs system-connections]# sysctl -p
net.ipv4.ip_forward = 1
[root@lvs system-connections]# echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
[root@lvs system-connections]# sysctl -p 刷新生效
配置lvs
删掉原先的net模式的eth0的ip
[root@lvs ~]# nmcli connection delete eth0
修改仅主机的eth1的ip
[root@lvs system-connections]# cat eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
address1=192.168.0.50/24,192.168.0.100
method=manual
添加vip192.168.0.200/32回环接口
[root@lvs ~]# ip a a 192.168.0.200/32 dev lo
dnf install ipvsadm -y
ipvsadm -A -t 192.168.0.200:80 -s wrr #添加调度策略
ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.10:80 -g -w 1
ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20:80 -g -w 1
ipvsadm -Ln #查看策略
ipvsadm-save > /etc/sysconfig/ipvsadm-config #保存规则
systemctl enable --now ipvsadm.service #开机启动
配置webserver1
限制响应级别:
arp_ignore 0:默认值,表示可使用本地任意接口上配置的任意地址进行响应 1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应。
限制通告级别:
arp_announce 0:默认值,把本机所有接口的所有信息向每个接口的网络进行通告 1:尽量避免将接口信息向非直接连接网络进行通告 2:必须避免将接口信息向非本网络进行通告。
修改IP网关
[root@server1 system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=192.168.0.10/24,192.168.0.100
method=manual
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
ip a a 192.168.0.200/32 dev lo #添加vip192.168.0.200/32回环接口
配置webserver2
[root@server2 system-connections]# cat eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0
[ipv4]
address1=192.168.0.20/24,192.168.0.100
method=manual
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
ip a a 192.168.0.200/32 dev lo #添加vip192.168.0.200/32回环接口
测试
for i in {1..10};do curl 192.168.0.200;done
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20
webserver1 - 192.168.0.10
防火墙标签解决轮询错误
RS安装mod ssl模块 让rs支持https
分别在webserver1和webserver2上 安装mod_ssl,并重启httpd。
dnf install mod_ssl -y
systemctl restart httpd #重启httpd让他生效
LVS主机中为端口做标记
iptables -t mangle -A PREROUTING -d 192.168.0.200 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 66
ipvsadm -A -f 66 -s rr
ipvsadm -a -f 66 -r 192.168.0.10 -g
ipvsadm -a -f 66 -r 192.168.0.20 -g
测试
[root@client ~]# curl 192.168.0.200;curl -k https://192.168.0.200
webserver1 - 192.168.0.10
webserver2 - 192.168.0.20