1. 配置调度器的网卡
[root@lb ~]# cd /etc/sysconfig/network-scripts/
[root@lb network-scripts]# ls
ifcfg-ens160
[root@lb network-scripts]# vim ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR0=192.168.50.138
NETMASK0=255.255.255.0
GATEWAY0=192.168.50.2
IPADDR1=192.168.50.250
NETMASK1=255.255.255.0
重启
[root@lb network-scripts]# systemctl restart NetworkManager
[root@lb network-scripts]# cd
[root@lb ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:a4:62:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.50.138/24 brd 192.168.50.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet 192.168.50.250/24 brd 192.168.50.255 scope global secondary noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fea4:626b/64 scope link
valid_lft forever preferred_lft forever
往配置文件添加内容,开启转换功能
[root@lb ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf 往配置文件里添加这行
[root@lb ~]# sysctl -p 读取此行
net.ipv4.ip_forward = 1
2. 配置RS1和RS2的IP地址
[root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.50.132
NETMASK=255.255.255.0
GATEWAY=192.168.50.138 指向lb的IP
[root@RS1 ~]# systemctl restart NetworkManager
[root@RS1 ~]# ifdown ens160;ifup ens160
Connection 'ens160' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@RS1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:1b:cb:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.132/24 brd 192.168.50.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1b:cb85/64 scope link
valid_lft forever preferred_lft forever
查看路由是否指向了lb的网关
[root@RS1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.50.138 0.0.0.0 UG 100 0 0 ens160
192.168.50.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
配置RS2网卡
[root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.50.131
NETMASK=255.255.255.0
GATEWAY=192.168.50.138 指向lb的IP
重启
[root@RS2 ~]# systemctl restart NetworkManager
[root@RS2 ~]# ifdown ens160;ifup ens160
Error: '/etc/sysconfig/network-scripts/ifcfg-ens160' is not an active connection.
Error: no active connection provided.
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@RS2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:16:36:de brd ff:ff:ff:ff:ff:ff
inet 192.168.50.131/24 brd 192.168.50.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe16:36de/64 scope link
valid_lft forever preferred_lft forever
查看路由是否指向了lb的IP
[root@RS2 yum.repos.d]# yum -y install net-tools
[root@RS2 yum.repos.d]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.50.138 0.0.0.0 UG 100 0 0 ens160
192.168.50.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
3. 生成证书
地址
[root@RS1 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
[root@RS2 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:443 *:*
- 此时可以访问网页
![在这里插入图片描述](https://img-blog.csdnimg.cn/20201115101210949.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3lpX3FpbmdqdW4=,size_16,color_FFFFFF,t_70#pic_center)
![在这里插入图片描述](https://img-blog.csdnimg.cn/20201115101222988.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3lpX3FpbmdqdW4=,size_16,color_FFFFFF,t_70#pic_center)
4. 添加规则
[root@lb ~]# yum -y install ipvsadm
[root@lb ~]# ipvsadm -A -t 192.168.50.250:443 -s rr
[root@lb ~]# ipvsadm -a -t 192.168.50.250:443 -r 192.168.50.132:443 -m
[root@lb ~]# ipvsadm -a -t 192.168.50.250:443 -r 192.168.50.131:443 -m
5. 验证是否可以访问网页
[root@lb ~]# curl -k https://192.168.50.250
RS1
[root@lb ~]# curl -k https://192.168.50.250
RS2
[root@lb ~]# curl -k https://192.168.50.250
RS1
[root@lb ~]# curl -k https://192.168.50.250
RS2