18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群
阿新 • • 發佈:2017-11-15
18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群
- 18.6 負載均衡集群介紹
- 18.7 LVS介紹
- 18.8 LVS調度算法
- 18.9/18.10 LVS NAT模式搭建
- 擴展
- lvs 三種模式詳解 http://www.it165.net/admin/html/201401/2248.html
- lvs幾種算法 http://www.aminglinux.com/bbs/thread-7407-1-1.html
- 關於arp_ignore和 arp_announcehttp://www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html
- lvs原理相關的 http://blog.csdn.net/pi9nc/article/details/23380589
# 18.6 負載均衡集群介紹
- 主流開源軟件LVS、keepalived、haproxy、nginx等
- 其中LVS屬於4層(網絡OSI 7層模型),nginx屬於7層,haproxy既可以認為是4層,也可以當做7層使用
- keepalived的負載均衡功能其實就是lvs
- lvs這種4層的負載均衡是可以分發除80外的其他端口通信的,比如MySQL的,而nginx僅僅支持http,https,mail,haproxy也支持MySQL這種
- 相比較來說,LVS這種4層的更穩定,能承受更多的請求,而nginx這種7層的更加靈活,能實現更多的個性化需求
# 18.7 LVS介紹
- LVS是由國人章文嵩開發,(開源)
- 流行度不亞於apache的httpd,基於TCP/IP做的路由和轉發,穩定性和效率很高
- LVS最新版本基於Linux內核2.6,有好多年不更新了
- LVS有三種常見的模式:NAT、DR、IP Tunnel
- LVS架構中有一個核心角色叫做分發器(Load balance),它用來分發用戶的請求,還有諸多處理用戶請求的服務器(Real Server,簡稱rs)
- LVS NAT模式
- 這種模式借助iptables的nat表來實現
- 用戶的請求到分發器後,通過預設的iptables規則,把請求的數據包轉發到後端的rs上去
- rs需要設定網關為分發器的內網ip
- 用戶請求的數據包和返回給用戶的數據包全部經過分發器,所以分發器成為瓶頸
- 在nat模式中,只需要分發器有公網ip即可,所以比較節省公網ip資源
- 
- 原理圖解釋:
- Load Balancer,就是一個分發器;把用戶的請求,分發給後端的Real Server ,Real Server這些服務器接收到請求以後,處理好請求以後,就重新丟回給Load Balancer;最後Load Balancer再返回給用戶;這個模式的弊端,就是請求量、反饋量大的時候,Load Balancer的壓力很大,一般最多支持10來臺服務器,超過10臺的話就會有力不從心;這個結構,只需要有一個公網IP,其他real server服務器全部在內網就可以實現。優點,節省很多的資源
- LVS IP Tunnel模式
- 這種模式,需要有一個公共的IP配置在分發器和所有rs上,我們把它叫做vip
- 客戶端請求的目標IP為vip,分發器接收到請求數據包後,會對數據包做一個加工,會把目標IP改為rs的IP,這樣數據包就到了rs上
- rs接收數據包後,會還原原始數據包,這樣目標IP為vip,因為所有rs上配置了這個vip,所以它會認為是它自己
- 
- 原理圖解釋:
- 在load balancer與real server之間建立了虛擬通道 ip tunnel ;實際上是更改了數據包的IP;請求過來通過load balancer,通過在real server上配置的VIP;用戶請求的時候,數據包裏面包好的目的IP,當數據包到達load balancer的時候,load balancer會進行一個數據包目的IP的更改,然後發送到具體的real server上,通過lvs的自己的算法,進行實現到底傳輸到那個real server上;然後real server再解包處理,再通過一個VIP直接返回到用戶,這就省略數據回到load balancer分發器的過程,這樣就load balancer就沒有瓶頸
- LVS DR模式
- 這種模式,也需要有一個公共的IP配置在分發器和所有rs上,也就是vip
- 和IP Tunnel不同的是,它會把數據包的MAC地址修改為rs的MAC地址
- rs接收數據包後,會還原原始數據包,這樣目標IP為vip,因為所有rs上配置了這個vip,所以它會認為是它自己
- 
# 18.8 LVS的調度算法
- 輪詢 Round-Robin 簡稱:rr 最簡單的也是最容易理解
用戶請求過來,均衡的分發到rs上
- 加權輪詢 Weight Round-Robin 簡稱:wrr
帶權重的輪詢,可以對機器單獨設置權重,對高權重的機器發送的請求會多一些
- 最小連接 Least-Connection簡稱: lc
把請求發送到請求數量小的rs上
- 加權最小連接 Weight Least-Connection簡稱: wlc
對請求數量小的rs,加上一個權重,使他優先
- 基於局部性的最小連接 Locality-Based Least Connections簡稱: lblc
- 帶復制的基於局部性最小連接 Locality-Based Least Connections with Replication 簡稱: lblcr
- 目標地址散列調度 Destination Hashing 簡稱:dh
- 源地址散列調度 Source Hashing 簡稱: sh
# 18.9 LVS NAT模式搭建(上)
- NAT模式搭建 – 準備工作
- 三臺機器
- 分發器,也叫調度器(簡寫為dir)
- 內網:202.130,外網:142.147(vmware僅主機模式)
- rs1
內網:202.132,設置網關為202.130
- rs2
內網:202.133,設置網關為202.130
- 三臺機器上都執行執行
- systemctl stop firewalld; systemc disable firewalld
- systemctl start iptables-services; iptables -F; service iptables save
- [ ] 這裏復習下,怎麽更改主機名 hostnamectl set-hostname aming-03
```
[root@aming-02 ~]# hostnamectl set-hostname aming-03
[root@aming-02 ~]# bash
[root@aming-03 ~]#
```
- 分發器
```
[root@aming-01 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.130 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
RX packets 9208 bytes 6415236 (6.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11214 bytes 937882 (915.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.150 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.142.147 netmask 255.255.255.0 broadcast 192.168.142.255
inet6 fe80::20c:29ff:fe2e:28fc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet)
RX packets 474 bytes 43996 (42.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 238 bytes 32037 (31.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 50 bytes 4276 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50 bytes 4276 (4.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@aming-01 ~]#
```
- 
- rs1 網關設置192.168.202.130
```
[root@aming-02 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.132 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::4500:6d42:8612:4e53 prefixlen 64 scopeid 0x20<link>
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
inet6 fe80::ddac:89a0:52f8:d08d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:58:33:e6 txqueuelen 1000 (Ethernet)
RX packets 2300 bytes 188527 (184.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 985 bytes 105210 (102.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.152 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:58:33:e6 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 84 bytes 6884 (6.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 84 bytes 6884 (6.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@aming-02 ~]#
```
- rs2 網關設置192.168.202.130
```
[root@aming-03 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.133 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::4500:6d42:8612:4e53 prefixlen 64 scopeid 0x20<link>
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:9c:2b:f0 txqueuelen 1000 (Ethernet)
RX packets 2019 bytes 173062 (169.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1969 bytes 150115 (146.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.153 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:9c:2b:f0 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 337 bytes 29100 (28.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 337 bytes 29100 (28.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@aming-03 ~]#
```
- 然後3臺機器 都需要關閉下防火墻
- aming-01
```
[root@aming-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 1769 packets, 147K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7346 packets, 401K bytes)
pkts bytes target prot opt in out source destination
[root@aming-01 ~]#
```
- aming-02
```
[root@aming-02 ~]# systemctl stop firewalld
[root@aming-02 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@aming-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@aming-02 ~]#
```
- aming-03
```
[root@aming-03 ~]# systemctl stop firewalld
[root@aming-03 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@aming-03 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@aming-03 ~]#
```
- 按照iptables-services 包 對第三臺機器
```
[root@aming-03 ~]# cd /etc/yum.repos.d/
[root@aming-03 yum.repos.d]# ls
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo epel.repo
CentOS-Debuginfo.repo CentOS-Sources.repo epel-testing.repo
[root@aming-03 yum.repos.d]# mv epel.repo epel.repo.1
改名是因為epel.repos包是國外的資源,下載速度慢
[root@aming-03 yum.repos.d]# yum lish |grep iptables-service
沒有該命令:lish。請使用 /usr/bin/yum --help
[root@aming-03 yum.repos.d]# yum list |grep iptables-service
iptables-services.x86_64 1.4.21-18.2.el7_4 updates
[root@aming-03 yum.repos.d]# yum install -y iptables-services
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: centos.ustc.edu.cn
* updates: mirrors.163.com
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 iptables-services.x86_64.0.1.4.21-18.2.el7_4 將被 安裝
--> 正在處理依賴關系 iptables = 1.4.21-18.2.el7_4,它被軟件包 iptables-services-1.4.21-18.2.el7_4.x86_64 需要
--> 正在檢查事務
---> 軟件包 iptables.x86_64.0.1.4.21-17.el7 將被 升級
---> 軟件包 iptables.x86_64.0.1.4.21-18.2.el7_4 將被 更新
--> 解決依賴關系完成
依賴關系解決
============================================================================================
Package 架構 版本 源 大小
============================================================================================
正在安裝:
iptables-services x86_64 1.4.21-18.2.el7_4 updates 51 k
為依賴而更新:
iptables x86_64 1.4.21-18.2.el7_4 updates 428 k
事務概要
============================================================================================
安裝 1 軟件包
升級 ( 1 依賴軟件包)
總下載量:479 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): iptables-services-1.4.21-18.2.el7_4.x86_64.rpm | 51 kB 00:00:00
(2/2): iptables-1.4.21-18.2.el7_4.x86_64.rpm | 428 kB 00:00:00
--------------------------------------------------------------------------------------------
總計 520 kB/s | 479 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : iptables-1.4.21-18.2.el7_4.x86_64 1/3
正在安裝 : iptables-services-1.4.21-18.2.el7_4.x86_64 2/3
清理 : iptables-1.4.21-17.el7.x86_64 3/3
驗證中 : iptables-services-1.4.21-18.2.el7_4.x86_64 1/3
驗證中 : iptables-1.4.21-18.2.el7_4.x86_64 2/3
驗證中 : iptables-1.4.21-17.el7.x86_64 3/3
已安裝:
iptables-services.x86_64 0:1.4.21-18.2.el7_4
作為依賴被升級:
iptables.x86_64 0:1.4.21-18.2.el7_4
完畢!
[root@aming-03 yum.repos.d]#
```
- 對第二臺機器按照iptables-series包
```
[root@aming-02 ~]# yum install -y iptables-services
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* epel: mirrors.ustc.edu.cn
* extras: mirrors.163.com
* updates: mirrors.163.com
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 iptables-services.x86_64.0.1.4.21-18.2.el7_4 將被 安裝
--> 正在處理依賴關系 iptables = 1.4.21-18.2.el7_4,它被軟件包 iptables-services-1.4.21-18.2.el7_4.x86_64 需要
--> 正在檢查事務
---> 軟件包 iptables.x86_64.0.1.4.21-17.el7 將被 升級
---> 軟件包 iptables.x86_64.0.1.4.21-18.2.el7_4 將被 更新
--> 解決依賴關系完成
依賴關系解決
=======================================================================================================
Package 架構 版本 源 大小
=======================================================================================================
正在安裝:
iptables-services x86_64 1.4.21-18.2.el7_4 updates 51 k
為依賴而更新:
iptables x86_64 1.4.21-18.2.el7_4 updates 428 k
事務概要
=======================================================================================================
安裝 1 軟件包
升級 ( 1 依賴軟件包)
總下載量:479 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): iptables-services-1.4.21-18.2.el7_4.x86_64.rpm | 51 kB 00:00:00
(2/2): iptables-1.4.21-18.2.el7_4.x86_64.rpm | 428 kB 00:00:03
-------------------------------------------------------------------------------------------------------
總計 124 kB/s | 479 kB 00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : iptables-1.4.21-18.2.el7_4.x86_64 1/3
正在安裝 : iptables-services-1.4.21-18.2.el7_4.x86_64 2/3
清理 : iptables-1.4.21-17.el7.x86_64 3/3
驗證中 : iptables-services-1.4.21-18.2.el7_4.x86_64 1/3
驗證中 : iptables-1.4.21-18.2.el7_4.x86_64 2/3
驗證中 : iptables-1.4.21-17.el7.x86_64 3/3
已安裝:
iptables-services.x86_64 0:1.4.21-18.2.el7_4
作為依賴被升級:
iptables.x86_64 0:1.4.21-18.2.el7_4
完畢!
[root@aming-02 ~]#
```
- 對第二臺aming-02 ,先把epel.repo 改名 再重新下載就快了
```
[root@aming-02 ~]# cd /etc/yum.repos.d/
[root@aming-02 yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel-testing.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo
[root@aming-02 yum.repos.d]# mv epel.repo epel.repo.1
```
- 查看哪個包 都安裝了哪些文件
```
[root@aming-02 yum.repos.d]# systemctl start iptables-services
Failed to start iptables-services.service: Unit not found.
[root@aming-02 yum.repos.d]# rpm -ql iptables-services
/etc/sysconfig/ip6tables
/etc/sysconfig/iptables
/usr/lib/systemd/system/ip6tables.service
/usr/lib/systemd/system/iptables.service
/usr/libexec/initscripts/legacy-actions/ip6tables
/usr/libexec/initscripts/legacy-actions/ip6tables/panic
/usr/libexec/initscripts/legacy-actions/ip6tables/save
/usr/libexec/initscripts/legacy-actions/iptables
/usr/libexec/initscripts/legacy-actions/iptables/panic
/usr/libexec/initscripts/legacy-actions/iptables/save
/usr/libexec/iptables
/usr/libexec/iptables/ip6tables.init
/usr/libexec/iptables/iptables.init
[root@aming-02 yum.repos.d]#
```
- 開啟iptables服務 啟動服務 systemctl start iptables
- 設置開機啟動 systemctl enable iptables
```
[root@aming-02 yum.repos.d]# systemctl start iptables
[root@aming-02 yum.repos.d]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@aming-02 yum.repos.d]#
```
- 第三臺也是
```
[root@aming-03 yum.repos.d]# systemctl start iptables
[root@aming-03 yum.repos.d]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@aming-03 yum.repos.d]#
```
- 查看表,是否使用了netfilter服務了
```
[root@aming-03 yum.repos.d]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
65 5144 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 48 packets, 4984 bytes)
pkts bytes target prot opt in out source destination
[root@aming-03 yum.repos.d]#
```
- 清空表的規則,以便後續實驗
```
[root@aming-03 yum.repos.d]# iptables -F
[root@aming-03 yum.repos.d]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 確定 ]
[root@aming-03 yum.repos.d]#
```
- 以上步驟需要檢查另外兩臺 rs 機器是否開啟firewalld 服務,如果開啟切換為netfilter服務
- 對第二臺 aming-02 這樣做
```
[root@aming-02 yum.repos.d]# cd
[root@aming-02 ~]# iptables -F
[root@aming-02 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 確定 ]
[root@aming-02 ~]#
```
- 把三臺機器額 selinux 都關閉,臨時關閉 setenforce 0 永久關閉 vi /etc/selinux/config,把裏面的SELINUX=disabled
- 設置網關,必須把rs1 rs2 設置為分發器的ip地址192.168.202.130,設置好後 這倆臺機器局不能訪問外網了
- rs1 aming-02
```
[root@aming-01 ~]# systemctl stop firewalld
[root@aming-01 ~]# systemctl disable firewalld
[root@aming-02 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
[root@aming-02 ~]# systemctl restart network.service
[root@aming-02 ~]#
```
- rs2 aming-03
```
[root@aming-03 yum.repos.d]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
[root@aming-03 yum.repos.d]# systemctl restart network.service
[root@aming-03 yum.repos.d]#
```
- 看下第一臺分發器上 ,防火墻都關閉了
```
[root@aming-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 1923 packets, 159K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6713 packets, 387K bytes)
pkts bytes target prot opt in out source destination
[root@aming-01 ~]# getenforce
Permissive
[root@aming-01 ~]#
```
- 準備工作就到這裏了
# 18.10 LVS NAT模式搭建(下)
- 在dir上安裝ipvsadm 在分發器dir上,安裝ipvsadm ,這個是實現 lvs 的一個重要的工具,缺少這個工具,將沒有辦法實現 lvs 的功能
- yum install -y ipvsdam
- 因為epel.repo的包是國外資源,所以需要改個名字,再去yum 下載包
```
[root@aming-01 ~]# cd /etc/yum.repos.d
[root@aming-01 yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel-testing.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo
[root@aming-01 yum.repos.d]# mv epel.repo epel.repo.1
[root@aming-01 yum.repos.d]# yum install -y ipvsadm
已加載插件:fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 ipvsadm.x86_64.0.1.27-7.el7 將被 安裝
--> 解決依賴關系完成
依賴關系解決
======================================================================================================================
Package 架構 版本 源 大小
======================================================================================================================
正在安裝:
ipvsadm x86_64 1.27-7.el7 base 45 k
事務概要
======================================================================================================================
安裝 1 軟件包
總下載量:45 k
安裝大小:75 k
Downloading packages:
ipvsadm-1.27-7.el7.x86_64.rpm | 45 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : ipvsadm-1.27-7.el7.x86_64 1/1
驗證中 : ipvsadm-1.27-7.el7.x86_64 1/1
已安裝:
ipvsadm.x86_64 0:1.27-7.el7
完畢!
[root@aming-01 yum.repos.d]#
```
- 在dir上編寫腳本,vim /usr/local/sbin/lvs_nat.sh//內容如下
- 編寫一個腳本,用腳本進行維護會比較方便,不用一條命令一條命令的進行操作
```
[root@aming-01 yum.repos.d]# vi /usr/local/sbin/lvs_nat.sh
#! /bin/bash
# director 服務器上開啟路由轉發功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 關閉icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 設置nat防火墻
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE
# director設置ipvsadm
IPVSADM=‘/usr/sbin/ipvsadm‘
$IPVSADM -C
$IPVSADM -A -t 192.168.142.147:80 -s lc -p 3
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1
~
~
~
:wq
[root@aming-01 yum.repos.d]# vi /usr/local/sbin/lvs_nat.sh
[root@aming-01 yum.repos.d]#
```
- 可以執行下,沒有輸出,就是沒有錯誤,一般有錯誤信息會直接報錯出來
```
[root@aming-01 yum.repos.d]# sh /usr/local/sbin/lvs_nat.sh
[root@aming-01 yum.repos.d]#
```
- 兩臺rs上都安裝nginx
- 設置兩臺rs的主頁,做一個區分,也就是說直接curl兩臺rs的ip時,得到不同的結果
- 瀏覽器裏訪問192.168.142.147,多訪問幾次看結果差異
- 先去第二臺機器上看下有沒有啟動nginx 服務
```
[root@aming-02 ~]# ps aux |grep nginx
root 4280 0.0 0.0 112680 980 pts/0 S+ 20:49 0:00 grep --color=auto nginx
[root@aming-02 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 911/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1659/master
tcp6 0 0 :::3306 :::* LISTEN 1294/mysqld
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 911/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1659/master
[root@aming-02 ~]# systemctl start nginx
[root@aming-02 ~]# !ps
ps aux |grep nginx
root 4295 0.0 0.2 122792 2080 ? Ss 20:49 0:00 nginx: master process /usr/sbin/ngin
nginx 4296 0.0 0.3 123224 3124 ? S 20:49 0:00 nginx: worker process
root 4298 0.0 0.0 112680 980 pts/0 S+ 20:49 0:00 grep --color=auto nginx
[root@aming-02 ~]# curl localhost
backup backup.
[root@aming-02 ~]#
[root@aming-02 ~]# vi /usr/share/nginx/index.html
[root@aming-02 ~]# vi /usr/share/nginx/html/index.html
aming02.
~
~
~
~
:wq
[root@aming-02 ~]# vi /usr/share/nginx/html/index.html
[root@aming-02 ~]#
[root@aming-02 ~]# curl localhost
aming02.
[root@aming-02 ~]#
```
- 第三臺也是這樣配置,開啟nginx服務
```
[root@aming-03 yum.repos.d]# systemctl start nginx
[root@aming-03 yum.repos.d]# vi /usr/share/nginx/html/index.html
aming03.
~
~
~
~
:wq
[root@aming-03 yum.repos.d]# vi /usr/share/nginx/html/index.html
[root@aming-03 yum.repos.d]# curl localhost
aming03.
[root@aming-03 yum.repos.d]#
```
- 我們現在可以做測試了,直接用windows 瀏覽器去訪問192.168.142.147
- 
- 那我們把那個3秒取消掉,再看效果
- 把 $IPVSADM -A -t 192.168.142.147:80 -s lc -p 0 ,3 改為0
```
[root@aming-01 yum.repos.d]# !vi
vi /usr/local/sbin/lvs_nat.sh
#! /bin/bash
# director 服務器上開啟路由轉發功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 關閉icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 設置nat防火墻
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE
# director設置ipvsadm
IPVSADM=‘/usr/sbin/ipvsadm‘
$IPVSADM -C
$IPVSADM -A -t 192.168.142.147:80 -s lc -p 0
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1
~
:wq
[root@aming-01 yum.repos.d]# sh /usr/local/sbin/lvs_nat.sh
invalid timeout value `0‘ specified
Memory allocation problem
Memory allocation problem
[root@aming-01 yum.repos.d]#
```
- 報錯了,因為我們有些操作是重復的
```
[root@aming-01 yum.repos.d]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 3 packets, 480 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1 packets, 328 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 328 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 328 bytes)
pkts bytes target prot opt in out source destination
2 152 MASQUERADE all -- * * 192.168.202.0/24 0.0.0.0/0
[root@aming-01 yum.repos.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@aming-01 yum.repos.d]#
```
- 說明剛剛我們執行的腳本沒有成功
```
[root@aming-01 ~]# !sh
sh /usr/local/sbin/lvs_nat.sh
invalid timeout value `0‘ specified
Memory allocation problem
Memory allocation problem
[root@aming-01 ~]#
```
- invalid timeout value `0‘ specified 不能設置為0 ,那把-p去掉
```
[root@aming-01 ~]# !vi
vi /usr/local/sbin/lvs_nat.sh
#! /bin/bash
# director 服務器上開啟路由轉發功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 關閉icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 設置nat防火墻
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE
# director設置ipvsadm
IPVSADM=‘/usr/sbin/ipvsadm‘
$IPVSADM -C
$IPVSADM -A -t 192.168.142.147:80 -s lc
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1
~
:wq
[root@aming-01 ~]# !sh
sh /usr/local/sbin/lvs_nat.sh
[root@aming-01 ~]#
```
- 再來看看,ipvsadm -ln 出來了數據
```
[root@aming-01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.142.147:80 lc
-> 192.168.202.132:80 Masq 1 0 0
-> 192.168.202.133:80 Masq 1 0 0
[root@aming-01 ~]#
[root@aming-01 ~]#
[root@aming-01 ~]#
```
- 再換成 $IPVSADM -A -t 192.168.142.147:80 -s rr,之前是lc
```
[root@aming-01 ~]# vi /usr/local/sbin/lvs_nat.sh
#! /bin/bash
# director 服務器上開啟路由轉發功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 關閉icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 設置nat防火墻
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE
# director設置ipvsadm
IPVSADM=‘/usr/sbin/ipvsadm‘
$IPVSADM -C
$IPVSADM -A -t 192.168.142.147:80 -s rr
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1
$IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1
~
:wq
```
- 再來重新執行下
```
[root@aming-01 ~]# vi /usr/local/sbin/lvs_nat.sh
[root@aming-01 ~]# !sh
sh /usr/local/sbin/lvs_nat.sh
[root@aming-01 ~]#
```
- 
- 用curl來測測,訪問外網,我們設置的 192.168.142.147 ,還是很均衡的,一下aming02 一下aming03
```
[root@aming-01 ~]# curl 192.168.142.147
aming02.
[root@aming-01 ~]# curl 192.168.142.147
aming03.
[root@aming-01 ~]# curl 192.168.142.147
aming02.
[root@aming-01 ~]# curl 192.168.142.147
aming03.
[root@aming-01 ~]# curl 192.168.142.147
aming02.
[root@aming-01 ~]# curl 192.168.142.147
aming03.
[root@aming-01 ~]#
```18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群