LVS-NAT模式配置
1.准备4台主机
client端:192.168.0.111
DS(调度器):192.168.0.250(VIP)、192.168.147.143(DIP)
RS1:192.168.147.145
RS2:192.168.147.146
关闭防火墙、selinux
2.在ds上配置两块网卡
ip分别为192.168.0.250(负责与外网的client通信)、192.168.147.143(负责与rs通信)。
也可以做的更复杂一些,在client和ds之间、ds和rs之间加路由。这里简单实现。
3.rs网关指向DIP
在rs网卡配置文件中添加GATEWAY=192.168.147.143
或者重新添加路由
[root@rs1 network-scripts]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.147.2 0.0.0.0 UG 100 0 0 ens33 192.168.147.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs1 network-scripts]# route del -net 0.0.0.0 gateway 192.168.147.2 [root@rs1 network-scripts]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.147.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33 [root@rs1 network-scripts]# route add -net 0.0.0.0 gateway 192.168.147.143 [root@rs1 network-scripts]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.147.143 0.0.0.0 UG 0 0 0 ens33 192.168.147.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
4.rs上安装并启动httpd
yum -y install httpd echo rs1 > /var/www/html/index.html echo rs2 > /var/www/html/index.html
systemctl start httpd
curl 192.168.147.145
5.ds修改内核参数,允许进行ip转发
echo 1 > /proc/sys/net/ipv4/ip_forward
或者
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
6.ds安装ipvsadm并添加规则
ipvsadm命令的基本用法
-C 清除表中所有的记录 -A --add-service在服务器列表中新添加一条新的虚拟服务器记录 -t 表示为tcp服务 -u 表示为udp服务 -s --scheduler 使用的调度算法, rr | wrr | lc | wlc | lblb | lblcr | dh | sh | sed | nq 默认调度算法是 wlc ipvsadm -a -t 192.168.3.187:80 -r 192.168.200.10:80 -m -w 1 -a --add-server 在服务器表中添加一条新的真实主机记录 -t --tcp-service 说明虚拟服务器提供tcp服务 -u --udp-service 说明虚拟服务器提供udp服务 -r --real-server 真实服务器地址 -m --masquerading 指定LVS工作模式为NAT模式 -w --weight 真实服务器的权值 -g --gatewaying 指定LVS工作模式为直接路由器模式(也是LVS默认的模式) -i --ipip 指定LVS的工作模式为隧道模式 -p 会话保持时间,定义流量呗转到同一个realserver的会话存留时间
配置规则之前:
[root@ds ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn
配置规则:
[root@ds ~]# ipvsadm -A -t 192.168.0.250:80 -s wrr [root@ds ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.250:80 wrr [root@ds ~]# ipvsadm -a -t 192.168.0.250:80 -r 192.168.147.145:80 -m [root@ds ~]# ipvsadm -a -t 192.168.0.250:80 -r 192.168.147.146:80 -m [root@ds ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.250:80 wrr -> 192.168.147.145:80 Masq 1 0 0 -> 192.168.147.146:80 Masq 1 0 0
7.实验:
[root@client yum.repos.d]# curl 192.168.0.250 rs1 [root@client yum.repos.d]# curl 192.168.0.250 rs2 [root@client yum.repos.d]# curl 192.168.0.250 rs1 [root@client yum.repos.d]# curl 192.168.0.250 rs2
8.保存配置
[root@ds ~]# rpm -ql ipvsadm /etc/sysconfig/ipvsadm-config /usr/lib/systemd/system/ipvsadm.service /usr/sbin/ipvsadm /usr/sbin/ipvsadm-restore /usr/sbin/ipvsadm-save /usr/share/doc/ipvsadm-1.27 /usr/share/doc/ipvsadm-1.27/README /usr/share/man/man8/ipvsadm-restore.8.gz /usr/share/man/man8/ipvsadm-save.8.gz /usr/share/man/man8/ipvsadm.8.gz
看下配置文件:
[root@ds ~]# cat /etc/sysconfig/ipvsadm-config # Unload modules on restart and stop # Value: yes|no, default: yes # This option has to be 'yes' to get to a sane state for a ipvs # restart or stop. Only set to 'no' if there are problems unloading ipvs # modules. IPVS_MODULES_UNLOAD="yes" # Save current ipvs rules on stop. # Value: yes|no, default: no # Saves all ipvs rules to /etc/sysconfig/ipvsadm if ipvsadm gets stopped # (e.g. on system shutdown). IPVS_SAVE_ON_STOP="no" # Save current ipvs rules on restart. # Value: yes|no, default: no # Saves all ipvs rules to /etc/sysconfig/ipvsadm if ipvsadm gets # restarted. IPVS_SAVE_ON_RESTART="no" # Numeric status output # Value: yes|no, default: yes # Print IP addresses and port numbers in numeric format in the status output. IPVS_STATUS_NUMERIC="yes"
Saves all ipvs rules to /etc/sysconfig/ipvsadm if ipvsadm gets stopped
为了防止重启之后ipvsadm规则消失,可以保存在
/etc/sysconfig/ipvsadm
ipvsadm -S > /etc/sysconfig/ipvsadm就可以把配置文件保存在配置文件中
ipvsadm -R < /etc/sysconfig/ipvsadmj就可以从配置文件中恢复到当前配置
但是这样存在一个问题:
[root@ds ~]# ipvsadm -A -t 192.168.0.250:80 -s wrr [root@ds ~]# ipvsadm -a -t 192.168.0.250:80 -r 192.168.147.145 -m [root@ds ~]# ipvsadm -a -t 192.168.0.250:80 -r 192.168.147.146 -m [root@ds ~]# ipvsadm -S > /etc/sysconfig/ipvsadm [root@ds ~]# cat /etc/sysconfig/ipvsadm -A -t localhost:http -s wrr -a -t localhost:http -r localhost:http -m -w 1 -a -t localhost:http -r localhost:http -m -w 1
可以看到,保存后,ip和端口就不是以数字格式显示的了,这样的话,用ipvsadm恢复的时候,就会将localhost变为127.0.0.1,这样就不是VIP了。
所以保存的时候可以加-n选项,以数字形式保存。
[root@ds ~]# ipvsadm -Sn > /etc/sysconfig/ipvsadm [root@ds ~]# cat /etc/sysconfig/ipvsadm -A -t 192.168.0.250:80 -s wrr -a -t 192.168.0.250:80 -r 192.168.147.145:80 -m -w 1 -a -t 192.168.0.250:80 -r 192.168.147.146:80 -m -w 1
另外:
[root@ds ~]# cat /usr/lib/systemd/system/ipvsadm.service [Unit] Description=Initialise the Linux Virtual Server After=syslog.target network.target [Service] Type=oneshot ExecStart=/bin/bash -c "exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm" ExecStop=/bin/bash -c "exec /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm" ExecStop=/sbin/ipvsadm -C RemainAfterExit=yes [Install] WantedBy=multi-user.target
可以看到ipvsadm服务停止时会自动保存,开启服务的时候自动恢复,所以可以把ipvsadm设为开机自启。
浙公网安备 33010602011771号