环境
server1:172.25.70.1
server2:172.25.70.2
server3:172.25.70.3
DR管道
###配置yun源
[root@server1 ~]# vim /etc/yum.repos.d/rhel-source.repo
[yum]
name=yum
baseurl=http://172.25.70.250/rhel7.5
gpgcheck=0
enable=1
[HighAvailability]
name=HighAvailability
baseurl=http://172.25.70.250/rhel7.5/addons/HighAvailability
enabled=1
gpgcheck=0
[ResilientStorage]
name=ResilientStorage
baseurl=http://172.25.70.250/rhel7.5/addons/ResilientStorage
enabled=1
gpgcheck=0
[root@server1 ~]# yum clean all
[root@server1 ~]# yum repolist
[root@server1 ~]# scp /etc/yum.repos.d/rhel-source.repo root@172.25.70.2:/etc/yum.repos.d/
[root@server1 ~]# scp /etc/yum.repos.d/rhel-source.repo root@172.25.70.3:/etc/yum.repos.d/
安装ipvsadm
[root@server1 ~]# yum install ipvsadm.x86_64 -y
启动失败,因为缺少目录(此目录由用户建立)
[root@server1 ~]# systemctl start ipvsadm.service
Job for ipvsadm.service failed because the control process exited with error code. See "systemctl status ipvsadm.service" and "journalctl -xe" for details.
[root@server1 ~]# systemctl status ipvsadm.service
[root@server1 ~]# touch /etc/sysconfig/ipvsadm
[root@server1 ~]# systemctl start ipvsadm ###启动成功
[root@server1 ~]# vim /etc/sysconfig/ipvsadm-config ###修改配置文件
IPVS_SAVE_ON_RESTART="yes"
查看策略
[root@server1 ~]# ipvsadm -ln
修改策略
[root@server1 ~]# ipvsadm -A -t 172.25.70.100:80 -s rr ###-t指定vr -s 指定策略
[root@server1 ~]# ipvsadm -a -t 172.25.70.100:80 -r 172.25.70.2:80 -g
[root@server1 ~]# ipvsadm -a -t 172.25.70.100:80 -r 172.25.70.3:80 -g
[root@server1 ~]# ipvsadm -ln ###查看添加是否成功
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.70.100:80 rr
-> 172.25.70.2:80 Route 1 0 0
-> 172.25.70.3:80 Route 1 0 0
查看文件,策略未被保存,重启使策略被写入
[root@server1 ~]# cat /etc/sysconfig/ipvsadm
[root@server1 ~]# systemctl restart ipvsadm.service
[root@server1 ~]# cat /etc/sysconfig/ipvsadm ###再次查看
-A -t 172.25.70.100:80 -s rr
-a -t 172.25.70.100:80 -r 172.25.70.2:80 -g -w 1
-a -t 172.25.70.100:80 -r 172.25.70.3:80 -g -w 1
查看ip,加入VR
[root@server1 ~]# ip a
[root@server1 ~]# ip addr add 172.25.70.100/24 dev eth0
[root@server1 ~]# ip a
server2.3上安装httpd,并配置文件
server2
[root@server2 ~]# rpm -q httpd
package httpd is not installed
[root@server2 ~]# yum install httpd -y
[root@server2 ~]# systemctl start httpd
[root@server2 ~]# vim /var/www/html/index.html
www.westos.com
[root@server2 ~]# systemctl restart httpd
server3
[root@server3 ~]# yum install httpd -y
[root@server3 ~]# systemctl start httpd
[root@server3 ~]# vim /var/www/html/index.html
bbs.westos.com
[root@server2 ~]# systemctl restart httpd
真机测试
[kiosk@localhost rhel6.5]$ curl 172.25.70.100
bbs.westos.com
[kiosk@localhost rhel6.5]$ arp -an | grep 100
[root@localhost rhel6.5]# arp -d 172.25.70.100
[root@localhost rhel6.5]# curl 172.25.70.100
www.westos.com
[root@localhost rhel6.5]# curl 172.25.70.100
bbs.westos.com
server2.3上安装arptables(类似防火墙,防止包倒回到2、3上)
[root@server2 ~]# yum install arptables.x86_64
[root@server2 ~]# arptables -nL
Chain INPUT (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
[root@server2 ~]# arptables -A INPUT -d 172.25.70.100 -j DROP ##设置策略,丢掉100的包
[root@server2 ~]# arptables -A OUTPUT -s 172.25.70.100 -j mangle --mangle-ip-s 172.25.70.2
[root@server2 ~]# arptables -nL ###查看策略是否保存
Chain INPUT (policy ACCEPT)
-j DROP -d 172.25.70.100
Chain OUTPUT (policy ACCEPT)
-j mangle -s 172.25.70.100 --mangle-ip-s 172.25.70.2
Chain FORWARD (policy ACCEPT)
[root@server2 ~]# arptables-save > /etc/sysconfig/arptables ###导出策略进行保存
[root@server2 ~]# systemctl start arptables.service
真机
[root@localhost rhel6.5]# arp -d 172.25.70.100 ###刷新
[root@localhost rhel6.5]# curl 172.25.70.100 ###测试
bbs.westos.com
[root@localhost rhel6.5]# curl 172.25.70.100
www.westos.com
tun管道
在server1,2,3
[root@server1 ~]# modprobe ipip
[root@server1 ~]# ip a
[root@server1 ~]# ip addr del 172.25.70.100 dev eth0
[root@server1 ~]# ip addr add 172.25.70.100/24 dev tunl0
[root@server1 ~]# ip a
[root@server1 ~]# ip link set up tunl0
1
[root@server1 ~]# ipvsadm -C
[root@server1 ~]# ipvsadm -A -t 172.25.70.100:80 -s rr
[root@server1 ~]# ipvsadm -a -t 172.25.70.100:80 -r 172.25.70.2:80 -i
[root@server1 ~]# ipvsadm -a -t 172.25.70.100:80 -r 172.25.70.3:80 -i
[root@server1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.70.100:80 rr
-> 172.25.70.2:80 Tunnel 1 0 0
-> 172.25.70.3:80 Tunnel 1 0 0
2,3
[root@server2 ~]# sysctl -a | grep rp_filter
[root@server2 ~]# sysctl -w net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.all.rp_filter = 0
###以此类推,布尔值全部设为0,免除对实验效果的影响
真测试机进行
[kiosk@localhost rhel6.5]$ curl 172.25.70.100
bbs.westos.com
[kiosk@localhost rhel6.5]$ curl 172.25.70.100
www.westos.com
123
[root@server1 ~]# modprobe -r ipip
23
[root@server2 ~]# sysctl -p
1
[root@server1 ~]# cat /etc/sysconfig/ipvsadm
[root@server1 ~]# yum install ldirectord-3.9.5-3.1.x86_64.rpm
[root@server1 ~]# rpm -qc ldirectord-3.9.5-3.1.x86_64
/etc/logrotate.d/ldirectord
[root@server1 ~]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/
[root@server1 ~]# vim /etc/ha.d/ldirectord.cf
virtual=172.25.70.100:80
real=172.25.70.2:80 gate
real=172.25.70.3:80 gate
fallback=127.0.0.1:80 gate
#receive="Test Page"
#virtualhost=www.x.y.z
[root@server1 ~]# yum install -y httpd
[root@server1 ~]# vim /var/www/html/index.html
[root@server1 ~]# systemctl start httpd
[root@server1 ~]# /etc/init.d/ldirectord start
Starting ldirectord (via systemctl): [ OK ]
[root@server3 ~]# systemctl stop httpd
[root@localhost Desktop]# curl 172.25.70.100
www.westos.com