LVS示例
LVS-NAT模式
[root@web2 ~]# nmcli connection modify eth0 ipv4.method manual ipv4.gateway 192.168.4.4 connection.autoconnect yes
[root@web2 ~]# nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@web1 ~]# yum -y install httpd
[root@web1 ~]# systemctl restart httpd
[root@web1 ~]# echo "192.168.4.2" > /var/www/html/index.html
[root@web1 ~]# curl http://192.168.4.2
192.168.4.2
[root@web1 ~]# nmcli connection modify eth0 ipv4.method manual ipv4.gateway 192.168.4.4 connection.autoconnect yes
[root@web1 ~]# nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@web2 ~]# yum -y install httpd
[root@web2 ~]# systemctl restart httpd
[root@web2 ~]# echo "192.168.4.3" > /var/www/html/index.html
[root@web2 ~]# curl http://192.168.4.3
192.168.4.3
[root@proxy ~]# nmcli connection add type ethernet con-name eth2 ifname eth2
[root@proxy ~]# nmcli connection modify eth2 ipv4.method manual ipv4.addresses 201.1.1.4/24 connection.autoconnect yes
[root@proxy ~]# nmcli connection up eth0
打开路由转发
[root@proxy ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@proxy ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@proxy ~]# sysctl -a | grep ip_forward #若没有,则进行下面操作
[root@proxy ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@proxy ~]# sysctl -p
net.ipv4.ip_forward = 1
配置LVS服务器
[root@proxy ~]# yum -y install ipvsadm
[root@proxy ~]# ipvsadm -A -t 201.1.1.4:80 -s rr #创建虚拟服务器
[root@proxy ~]# ipvsadm -a -t 201.1.1.4:80 -r 192.168.4.2 -m #向虚拟服务器中加入real server
[root@proxy ~]# ipvsadm -a -t 201.1.1.4:80 -r 192.168.4.3 -m
[root@proxy ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 201.1.1.4:80 rr
-> 192.168.4.2:80 Masq 1 0 0
-> 192.168.4.3:80 Masq 1 0 0
[root@proxy ~]# ipvsadm-save -n > /etc/sysconfig/ipvsadm #永久保存规则
测试
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.3
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.2
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.3
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.2
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.3
[root@room9pc01 ~]# curl http://201.1.1.4
192.168.4.2
[root@proxy ~]# ipvsadm -d -t 201.1.1.4:80 -r 192.168.4.3 #删除RIP(real server)
[root@proxy ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 201.1.1.4:80 rr
-> 192.168.4.2:80 Masq 1 0 0
[root@proxy ~]# ipvsadm -d -t 201.1.1.4:80 -r 192.168.4.2
[root@proxy ~]# ipvsadm -D -t 201.1.1.4:80 #删除虚拟服务器
[root@proxy ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
LVS-DR模式
[root@proxy ~]# ifdown eth2 #清除eth2的IP
成功断开设备 'eth2'。
[root@proxy ~]# ipvsadm -D -t 201.1.1.4:80 #删除虚拟服务器
[root@proxy ~]# cd /etc/sysconfig/network-scripts/
[root@proxy network-scripts]# cp ifcfg-eth0{,:0}
[root@proxy network-scripts]# vim ifcfg-eth0:0 #调度器上添加VIP
TYPE=Ethernet BOOTPROTO=none NAME=eth0:0 DEVICE=eth0:0 ONBOOT=yes IPADDR=192.168.4.100 PREFIX=24 [root@proxy network-scripts]# ifup eth0:0
[root@proxy network-scripts]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:fa:e0:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.4/24 brd 192.168.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.4.100/24 brd 192.168.4.255 scope global secondary eth0:0
valid_lft forever preferred_lft forever
inet6 fe80::6b0d:77f:3a92:b7d2/64 scope link
valid_lft forever preferred_lft forever
[root@web2 ~]# cd /etc/sysconfig/network-scripts/ #在real server的lo上配置vip
[root@web2 network-scripts]# cp ifcfg-lo{,:0}
[root@web2 network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0 IPADDR=192.168.4.100 #子网掩码必须是4个255,否则其他主机启动时,都是地址被占用 NETMASK=255.255.255.255 NETWORK=192.168.4.100 BROADCAST=192.168.4.100 ONBOOT=yes NAME=lo:0 [root@web2 network-scripts]# ifup lo:0
[root@web2 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.4.100/32 brd 192.168.4.100 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[root@web1 ~]# cd /etc/sysconfig/network-scripts/ #在real server的lo上配置vip
[root@web1 network-scripts]# cp ifcfg-lo{,:0}
[root@web1 network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0 IPADDR=192.168.4.100 #子网掩码必须是4个255,否则其他主机启动时,都是地址被占用 NETMASK=255.255.255.255 NETWORK=192.168.4.100 BROADCAST=192.168.4.100 ONBOOT=yes NAME=lo:0 [root@web1 network-scripts]# ifup lo:0
[root@web1 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.4.100/32 brd 192.168.4.100 scope global lo:0
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
在real server上修改内核参数,使得客户端发送到VIP的请求只有调度服务器响应,real server(web服务器)不要要响应。
[root@web1 ~]# sysctl -a | grep arp_ig
[root@web1 ~]# sysctl -a | grep arp_ig
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth2.arp_ignore = 0
net.ipv4.conf.eth3.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.virbr0.arp_ignore = 0
net.ipv4.conf.virbr0-nic.arp_ignore = 0
[root@web1 ~]# echo "net.ipv4.conf.all.arp_ignore =1" >> /etc/sysctl.conf
[root@web1 ~]# echo "net.ipv4.conf.lo.arp_ignore = 1" >> /etc/sysctl.conf
[root@web1 ~]# sysctl -a | grep arp_ann
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth2.arp_announce = 0
net.ipv4.conf.eth3.arp_announce = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.virbr0.arp_announce = 0
net.ipv4.conf.virbr0-nic.arp_announce = 0
[root@web1 ~]# echo "net.ipv4.conf.all.arp_announce =2" >> /etc/sysctl.conf
[root@web1 ~]# echo "net.ipv4.conf.lo.arp_announce =2" >> /etc/sysctl.conf
[root@web1 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
[root@web2 ~]# sysctl -a | grep arp_ig
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth1.arp_ignore = 0
net.ipv4.conf.eth2.arp_ignore = 0
net.ipv4.conf.eth3.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.virbr0.arp_ignore = 0
net.ipv4.conf.virbr0-nic.arp_ignore = 0
[root@web2 ~]# echo "net.ipv4.conf.all.arp_ignore = 1" >> /etc/sysctl.conf
[root@web2 ~]# echo "net.ipv4.conf.lo.arp_ignore = 1" >> /etc/sysctl.conf
[root@web2 ~]# sysctl -a | grep arp_ann
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth1.arp_announce = 0
net.ipv4.conf.eth2.arp_announce = 0
net.ipv4.conf.eth3.arp_announce = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.virbr0.arp_announce = 0
net.ipv4.conf.virbr0-nic.arp_announce = 0
[root@web2 ~]# echo "net.ipv4.conf.all.arp_announce = 2" >> /etc/sysctl.conf
[root@web2 ~]# echo "net.ipv4.conf.lo.arp_announce = 2" >> /etc/sysctl.conf
[root@web2 ~]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
创建规则,默认LVS采用DR模式,也可以明确使用-g
[root@proxy ~]# ipvsadm -A -t 192.168.4.100:80 -s lc #lc,最少连接数
[root@proxy ~]# ipvsadm -a -t 192.168.4.100:80 -r 192.168.4.2
[root@proxy ~]# ipvsadm -a -t 192.168.4.100:80 -r 192.168.4.3 -g #-g,DR模式
[root@proxy ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.4.100:80 lc
-> 192.168.4.2:80 Route 1 0 0
-> 192.168.4.3:80 Route 1 0 0
测试
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.3
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.2
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.3
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.2
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.3
[root@room9pc01 ~]# curl http://192.168.4.100
192.168.4.2
[root@room9pc01 ~]# curl http://192.168.4.100
HAproxy
[root@node1 ~]# yum -y install haproxy
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
#把main frontend which proxys to the backends后面的配置全部删除
listen stats
bind 0.0.0.0:1080 # 监控页面的端口号
stats refresh 30s # 页面自动刷新时间是30秒
stats uri /monitor # 页面网址
stats realm HaManager
stats auth admin:admin # 用户名:密码
listen myweb 0.0.0.0:80
cookie SERVERID rewrite
balance roundrobin # 调度算是rr
server web1 192.168.4.2:80 cookie a1i1 check inter 2000 rise 2 fall 5 #每2000ms检查一次服务器,2次成功是好的,5次失败表示故障
server web2 192.168.4.3:80 cookie a1i2 check inter 2000 rise 2 fall 5
[root@node1 ~]# systemctl start haproxy
[root@room9pc01 ~]# curl http://192.168.4.1
192.168.4.2
[root@room9pc01 ~]# curl http://192.168.4.1
192.168.4.3
[root@room9pc01 ~]# curl http://192.168.4.1
192.168.4.2
[root@room9pc01 ~]# curl http://192.168.4.1
192.168.4.3
[root@room9pc01 ~]# curl http://192.168.4.1
192.168.4.2
Keepalived(里面的配置文件包含着LVS)
调度器上不要再手工的为eth0配置VIP了。因为VIP出现在活跃的调度器上,活跃设备由keepalived决定。应该把已经存在的调度器VIP移除。
[root@proxy sysconfig]# ifdown eth0:0
[root@proxy sysconfig]# ip a
lvs规则清掉。因为lvs规则将由keepalived配置文件指定。
[root@proxy ~]# ipvsadm -D -t 192.168.4.100:80
[root@proxy ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@proxy2 ~]# yum -y install ipvsadm #proxy1上已经安装过ipvsadm
[root@proxy2 ~]# yum -y install keepalived
[root@proxy2 ~]# vim /etc/keepalived/keepalived.conf
[root@proxy2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from admin@tedu.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.100/24
}
}
virtual_server 192.168.4.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50 ##50秒访问同一台,快速测试需要注释
protocol TCP
real_server 192.168.4.2 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.4.3 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@proxy2 ~]# systemctl restart keepalived.service
[root@proxy ~]# yum -y install keepalived
[root@proxy ~]# vim /etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost # 收件人 } notification_email_from admin@tedu.cn # 发件人 smtp_server 127.0.0.1 # 邮件服务器地址 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.4.100/24 } } virtual_server 192.168.4.100 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 #50秒访问同一台 protocol TCP real_server 192.168.4.2 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.4.3 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@proxy ~]# systemctl restart keepalived.service
测试高可用和轮询
curl http://192.168.4.100
上面文件修改的示例
# vrrp_strict
vrrp_instance VI_1 {
state MASTER #辅助写BACKUP
interface eth0
virtual_router_id 51 #虚拟路由器ID号
priority 150 #优先级
advert_int 1 # 心跳消息发送间隔
authentication { # 集群成员共享密码
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.4.200 # vip
}
}
Heartbeat:心跳