DR模型实现HTTP和HTTPS负载均衡集群
环境 | IP | 主机名 |
---|---|---|
DR | 192.168.25.131 192.168.25.250(VIP) | node01-Linux.example.com |
RS1 | 192.168.25.132 192.168.25.250(VIP) | node02-Linux.example.com |
RS2 | 192.168.25.133 192.168.25.250(VIP) | node03-Linux.example.com |
Client | 192.168.25.134 | node04-Linux.example.com |
Client上配置CIP
#配置DR
[root@node01-Linux ~]# ip addr add 192.168.25.250/32 dev lo
#修改网卡内核参数:编辑/etc/sysctl.conf文件,添加如下内容:
[root@node02-linux ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node02-linux ~]# sysctl -p
[root@node03-Linux ~]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
[root@node03-linux ~]# sysctl -p
#配置RSip
[root@node02-linux ~]# ip addr add 192.168.25.250/32 dev lo
[root@node03-Linux ~]# ip addr add 192.168.25.250/32 dev lo
#配置路由信息
[root@node01-Linux ~]# yum install net-tools
[root@node01-Linux ~]# route add -host 192.168.25.250/32 dev lo
[root@node02-Linux ~]# yum install net-tools
[root@node02-linux ~]# route add -host 192.168.25.250/32 dev lo
[root@node03-Linux ~]# yum install net-tools
[root@node03-linux ~]# route add -host 192.168.25.250/32 dev lo
#在director上添加并保存规则:
[root@node01-Linux ~]# yum -y install ipvsadm
[root@node01-Linux ~]# ipvsadm -A -t 192.168.25.250:80 -s wrr
[root@node01-Linux ~]# ipvsadm -a -t 192.168.25.250:80 -r 192.168.25.132:80 -g
[root@node01-Linux ~]# ipvsadm -a -t 192.168.25.250:80 -r 192.168.25.133:80 -g
[root@node01-Linux ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@node01-Linux ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.25.250:80 wrr
-> 192.168.25.132:80 Route 1 0 0
-> 192.168.25.133:80 Route 1 0 0
#RS安装httpd
[root@node02-linux ~]# yum -y install httpd
[root@node02-linux ~]# echo 'rs1' > /var/www/html/index.html
[root@node02-linux ~]# systemctl enable --now httpd
[root@node03-Linux ~]# yum -y install httpd
[root@node03-Linux ~]# echo 'rs1' > /var/www/html/index.html
[root@node03-Linux ~]# systemctl enable --now httpd
#验证
[root@node04-Linux ~]# for i in $(seq 8);do curl 192.168.25.250;done
rs2
rs1
rs2
rs1
rs2
rs1
rs2
rs1
实现HTTPS负载均衡集群
#CA生成一对密钥
[root@node01-Linux ~]# cd /etc/pki/CA
[root@node01-Linux CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
#CA生成自签署证书
[root@node01-Linux CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
[root@node01-Linux CA]# touch index.txt && echo 01 > serial
#客户端(例如httpd服务器)生成密钥
[root@node02-linux ~]# mkdir /etc/httpd/ssl
[root@node02-linux ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
# 客户端生成证书签署请求
[root@node02-linux ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
[root@node02-linux ssl]# scp httpd.csr root@192.168.25.131:/root
[root@node01-Linux ~]# openssl ca -in /root/httpd.csr -out httpd.crt -days 365
#CA签署证书并发给客户端
[root@node01-linux ~]# scp httpd.crt root@192.168.25.132:/etc/httpd/ssl
[root@node01-linux ~]# scp /etc/pki/CA/cacert.pem root@192.168.25.132:/etc/httpd/ssl
[root@node03-linux ~]# mkdir /etc/httpd/ssl
[root@node01-linux ~]# scp httpd.crt root@192.168.25.133:/etc/httpd/ssl
[root@node01-linux ~]# scp /etc/pki/CA/cacert.pem root@192.168.25.133:/etc/httpd/ssl
#配置HTTPS
[root@node02-linux ~]# scp httpd.key root@192.168.25.133:/etc/httpd/ssl
[root@node02-linux ~]# yum -y install mod_ssl
[root@node03-linux ~]# yum -y install mod_ssl
#配置ssl
[root@node02-linux ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/data/www.a.com"
ServerName www.a.com:443
...
SSLCertificateFile /etc/httpd/ssl/httpd.crt
...
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
...
SSLCACertificateFile /etc/httpd/ssl/cacert.pem
RS2同样配置
#DR上配置规则
[root@node01-Linux ~]# ipvsadm -A -t 192.168.25.250:443 -s wrr
[root@node01-Linux ~]# ipvsadm -a -t 192.168.25.250:443 -r 192.168.25.132:80 -g
[root@node01-Linux ~]# ipvsadm -a -t 192.168.25.250:443 -r 192.168.25.133:80 -g
[root@node01-Linux ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
[root@node01-Linux ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.25.250:80 wrr
-> 192.168.25.132:80 Route 1 0 0
-> 192.168.25.133:80 Route 1 0 0
TCP 192.168.25.250:443 wrr
-> 192.168.25.132:443 Route 1 0 0
-> 192.168.25.133:443 Route 1 0 0
#访问
[root@node04-Linux ~]# for i in $(seq 8);do curl -k https://192.168.25.250;done
RS2
RS1
RS2
RS1
RS2
RS1
RS2
RS1