LVS配置详解
先布置好网络层
虚拟服务器的IP: 192.168.220.88
两个真实服务器IP地址:
192.168.220.133
192.168.220.134
在LVS服务设备上先配置vip(virtual ip),创建网络子接口
ifconfig eth0:2 192.168.220.88/24 或者 ifconfig eth0:2 192.168.220.88 netmask 255.255.255.0
(如果想删除子接口的话,可以用 ifconfig eth0:2 down)
验证是否成功
此时可以通过ifconfig查看如下:
[root@node01 eth0]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:F5:2B:C8
inet addr:192.168.220.132 Bcast:192.168.220.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fef5:2bc8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5153 errors:0 dropped:0 overruns:0 frame:0
TX packets:757 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:525241 (512.9 KiB) TX bytes:73219 (71.5 KiB)
Interrupt:19 Base address:0x2000
eth0:2 Link encap:Ethernet HWaddr 00:0C:29:F5:2B:C8
inet addr:192.168.220.88 Bcast:192.168.220.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
再真正的服务器上配置隐藏IP(首先需要调整arp协议):
修改协议
cd /proc/sys/net/ipv4/conf/eth0
echo 1 > arp_ignore
cat arp_ignore
echo 2 > arp_announce
cat arp_announce
cd ../all
echo 1 > arp_ignore
cat arp_ignore
echo 2 > arp_announce
cat arp_announce
配置VIP(virtual ip)
ifconfig lo:2 192.168.220.88 netmask 255.255.255.255
搭建Real Server中的服务
yum install -y httpd
service httpd start
#创建一个主页,这里用两台服务器,node02,node03
echo 'from node02' > /var/www/html/index.html
echo 'from node03' > /var/www/html/index.html
#关闭防火墙
centeros 6.x
chkconfig iptables off
service iptables stop
centeros 7.x
systemctl stop firewalld
firewall-cmd --state
systemctl disable firewalld
在LVS服务设备上安装和内核交互的客户端
yum install ipvsadm -y
#先添加进来的数据包的规则
# 凡是访问 192.168.220.88的 80 端口的 tcp 协议,使用轮询策略
ipvsadm -A -t 192.168.220.88:80 -s rr
#查看入口规则
ipvsadm -ln
#指定负载的real server的地址,-g 代表轮询,-w 1 代表权重是1
ipvsadm -a -t 192.168.220.88:80 -r 192.168.220.133 -g -w 1
#这里配置两个Real Server
ipvsadm -a -t 192.168.220.88:80 -r 192.168.220.134 -g -w 1
#查看规则:
[root@node01 eth0]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.220.88:80 rr
-> 192.168.220.133:80 Route 1 0 0
-> 192.168.220.134:80 Route 1 0 0
此时可以访问
http://192.168.220.88/
试试
ipvsadm -lnc 显示的连接状态 解释:
SYN_RECV : lvs只看到了客户端第一次握手的数据包,没有看到后面的。
FIN_WAIT: 连接过,偷窥了
LVS 高可用 HA
#清除lvs之前的设置:
ipvsadm -C
#卸载之前的虚拟网卡
ifconfig eth0:2 down
#安装keepalived
yum install keepalived -y
#修改配置文件
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back
vi /etc/keepalived/keepalived.conf
vrrp : 虚拟路由冗余协议
#修改 virtual_ipaddress 下面的内容为: 192.168.220.88/24 dev eth0 label eth0:2
# state 有 MASTER 和 BACKUP
# 修改 virtual_server后面的ip 为 192.168.220.88 80
# 修改 real_server 后面的ip 为 192.168.220.133 80
###real serve 健康检查
#ssh_get 改为 HTTP_GET
# 增加 status_code 200
# 删除 digest
#启动 keepalived
service keepalived start