18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群
阿新 • • 發佈:2017-11-15
18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群
- 18.6 負載均衡集群介紹 - 18.7 LVS介紹 - 18.8 LVS調度算法 - 18.9/18.10 LVS NAT模式搭建 - 擴展 - lvs 三種模式詳解 http://www.it165.net/admin/html/201401/2248.html - lvs幾種算法 http://www.aminglinux.com/bbs/thread-7407-1-1.html - 關於arp_ignore和 arp_announcehttp://www.cnblogs.com/lgfeng/archive/2012/10/16/2726308.html - lvs原理相關的 http://blog.csdn.net/pi9nc/article/details/23380589 # 18.6 負載均衡集群介紹 - 主流開源軟件LVS、keepalived、haproxy、nginx等 - 其中LVS屬於4層(網絡OSI 7層模型),nginx屬於7層,haproxy既可以認為是4層,也可以當做7層使用 - keepalived的負載均衡功能其實就是lvs - lvs這種4層的負載均衡是可以分發除80外的其他端口通信的,比如MySQL的,而nginx僅僅支持http,https,mail,haproxy也支持MySQL這種 - 相比較來說,LVS這種4層的更穩定,能承受更多的請求,而nginx這種7層的更加靈活,能實現更多的個性化需求 # 18.7 LVS介紹 - LVS是由國人章文嵩開發,(開源) - 流行度不亞於apache的httpd,基於TCP/IP做的路由和轉發,穩定性和效率很高 - LVS最新版本基於Linux內核2.6,有好多年不更新了 - LVS有三種常見的模式:NAT、DR、IP Tunnel - LVS架構中有一個核心角色叫做分發器(Load balance),它用來分發用戶的請求,還有諸多處理用戶請求的服務器(Real Server,簡稱rs) - LVS NAT模式 - 這種模式借助iptables的nat表來實現 - 用戶的請求到分發器後,通過預設的iptables規則,把請求的數據包轉發到後端的rs上去 - rs需要設定網關為分發器的內網ip - 用戶請求的數據包和返回給用戶的數據包全部經過分發器,所以分發器成為瓶頸 - 在nat模式中,只需要分發器有公網ip即可,所以比較節省公網ip資源 - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171113/211634303.png?imageslim) - 原理圖解釋: - Load Balancer,就是一個分發器;把用戶的請求,分發給後端的Real Server ,Real Server這些服務器接收到請求以後,處理好請求以後,就重新丟回給Load Balancer;最後Load Balancer再返回給用戶;這個模式的弊端,就是請求量、反饋量大的時候,Load Balancer的壓力很大,一般最多支持10來臺服務器,超過10臺的話就會有力不從心;這個結構,只需要有一個公網IP,其他real server服務器全部在內網就可以實現。優點,節省很多的資源 - LVS IP Tunnel模式 - 這種模式,需要有一個公共的IP配置在分發器和所有rs上,我們把它叫做vip - 客戶端請求的目標IP為vip,分發器接收到請求數據包後,會對數據包做一個加工,會把目標IP改為rs的IP,這樣數據包就到了rs上 - rs接收數據包後,會還原原始數據包,這樣目標IP為vip,因為所有rs上配置了這個vip,所以它會認為是它自己 - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171113/211803012.png?imageslim) - 原理圖解釋: - 在load balancer與real server之間建立了虛擬通道 ip tunnel ;實際上是更改了數據包的IP;請求過來通過load balancer,通過在real server上配置的VIP;用戶請求的時候,數據包裏面包好的目的IP,當數據包到達load balancer的時候,load balancer會進行一個數據包目的IP的更改,然後發送到具體的real server上,通過lvs的自己的算法,進行實現到底傳輸到那個real server上;然後real server再解包處理,再通過一個VIP直接返回到用戶,這就省略數據回到load balancer分發器的過程,這樣就load balancer就沒有瓶頸 - LVS DR模式 - 這種模式,也需要有一個公共的IP配置在分發器和所有rs上,也就是vip - 和IP Tunnel不同的是,它會把數據包的MAC地址修改為rs的MAC地址 - rs接收數據包後,會還原原始數據包,這樣目標IP為vip,因為所有rs上配置了這個vip,所以它會認為是它自己 - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171113/211902802.png?imageslim) # 18.8 LVS的調度算法 - 輪詢 Round-Robin 簡稱:rr 最簡單的也是最容易理解 用戶請求過來,均衡的分發到rs上 - 加權輪詢 Weight Round-Robin 簡稱:wrr 帶權重的輪詢,可以對機器單獨設置權重,對高權重的機器發送的請求會多一些 - 最小連接 Least-Connection簡稱: lc 把請求發送到請求數量小的rs上 - 加權最小連接 Weight Least-Connection簡稱: wlc 對請求數量小的rs,加上一個權重,使他優先 - 基於局部性的最小連接 Locality-Based Least Connections簡稱: lblc - 帶復制的基於局部性最小連接 Locality-Based Least Connections with Replication 簡稱: lblcr - 目標地址散列調度 Destination Hashing 簡稱:dh - 源地址散列調度 Source Hashing 簡稱: sh # 18.9 LVS NAT模式搭建(上) - NAT模式搭建 – 準備工作 - 三臺機器 - 分發器,也叫調度器(簡寫為dir) - 內網:202.130,外網:142.147(vmware僅主機模式) - rs1 內網:202.132,設置網關為202.130 - rs2 內網:202.133,設置網關為202.130 - 三臺機器上都執行執行 - systemctl stop firewalld; systemc disable firewalld - systemctl start iptables-services; iptables -F; service iptables save - [ ] 這裏復習下,怎麽更改主機名 hostnamectl set-hostname aming-03 ``` [root@aming-02 ~]# hostnamectl set-hostname aming-03 [root@aming-02 ~]# bash [root@aming-03 ~]# ``` - 分發器 ``` [root@aming-01 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.130 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) RX packets 9208 bytes 6415236 (6.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11214 bytes 937882 (915.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.150 netmask 255.255.255.0 broadcast 192.168.202.255 ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.142.147 netmask 255.255.255.0 broadcast 192.168.142.255 inet6 fe80::20c:29ff:fe2e:28fc prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet) RX packets 474 bytes 43996 (42.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 238 bytes 32037 (31.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 50 bytes 4276 (4.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 50 bytes 4276 (4.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@aming-01 ~]# ``` - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171114/004014772.png?imageslim) - rs1 網關設置192.168.202.130 ``` [root@aming-02 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.132 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::4500:6d42:8612:4e53 prefixlen 64 scopeid 0x20<link> inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link> inet6 fe80::ddac:89a0:52f8:d08d prefixlen 64 scopeid 0x20<link> ether 00:0c:29:58:33:e6 txqueuelen 1000 (Ethernet) RX packets 2300 bytes 188527 (184.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 985 bytes 105210 (102.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.152 netmask 255.255.255.0 broadcast 192.168.202.255 ether 00:0c:29:58:33:e6 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 84 bytes 6884 (6.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 84 bytes 6884 (6.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@aming-02 ~]# ``` - rs2 網關設置192.168.202.130 ``` [root@aming-03 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.133 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::4500:6d42:8612:4e53 prefixlen 64 scopeid 0x20<link> inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:9c:2b:f0 txqueuelen 1000 (Ethernet) RX packets 2019 bytes 173062 (169.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1969 bytes 150115 (146.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.153 netmask 255.255.255.0 broadcast 192.168.202.255 ether 00:0c:29:9c:2b:f0 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 337 bytes 29100 (28.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 337 bytes 29100 (28.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@aming-03 ~]# ``` - 然後3臺機器 都需要關閉下防火墻 - aming-01 ``` [root@aming-01 ~]# iptables -nvL Chain INPUT (policy ACCEPT 1769 packets, 147K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7346 packets, 401K bytes) pkts bytes target prot opt in out source destination [root@aming-01 ~]# ``` - aming-02 ``` [root@aming-02 ~]# systemctl stop firewalld [root@aming-02 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@aming-02 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@aming-02 ~]# ``` - aming-03 ``` [root@aming-03 ~]# systemctl stop firewalld [root@aming-03 ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@aming-03 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@aming-03 ~]# ``` - 按照iptables-services 包 對第三臺機器 ``` [root@aming-03 ~]# cd /etc/yum.repos.d/ [root@aming-03 yum.repos.d]# ls CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo CentOS-CR.repo CentOS-Media.repo epel.repo CentOS-Debuginfo.repo CentOS-Sources.repo epel-testing.repo [root@aming-03 yum.repos.d]# mv epel.repo epel.repo.1 改名是因為epel.repos包是國外的資源,下載速度慢 [root@aming-03 yum.repos.d]# yum lish |grep iptables-service 沒有該命令:lish。請使用 /usr/bin/yum --help [root@aming-03 yum.repos.d]# yum list |grep iptables-service iptables-services.x86_64 1.4.21-18.2.el7_4 updates [root@aming-03 yum.repos.d]# yum install -y iptables-services 已加載插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.163.com * extras: centos.ustc.edu.cn * updates: mirrors.163.com 正在解決依賴關系 --> 正在檢查事務 ---> 軟件包 iptables-services.x86_64.0.1.4.21-18.2.el7_4 將被 安裝 --> 正在處理依賴關系 iptables = 1.4.21-18.2.el7_4,它被軟件包 iptables-services-1.4.21-18.2.el7_4.x86_64 需要 --> 正在檢查事務 ---> 軟件包 iptables.x86_64.0.1.4.21-17.el7 將被 升級 ---> 軟件包 iptables.x86_64.0.1.4.21-18.2.el7_4 將被 更新 --> 解決依賴關系完成 依賴關系解決 ============================================================================================ Package 架構 版本 源 大小 ============================================================================================ 正在安裝: iptables-services x86_64 1.4.21-18.2.el7_4 updates 51 k 為依賴而更新: iptables x86_64 1.4.21-18.2.el7_4 updates 428 k 事務概要 ============================================================================================ 安裝 1 軟件包 升級 ( 1 依賴軟件包) 總下載量:479 k Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/2): iptables-services-1.4.21-18.2.el7_4.x86_64.rpm | 51 kB 00:00:00 (2/2): iptables-1.4.21-18.2.el7_4.x86_64.rpm | 428 kB 00:00:00 -------------------------------------------------------------------------------------------- 總計 520 kB/s | 479 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在更新 : iptables-1.4.21-18.2.el7_4.x86_64 1/3 正在安裝 : iptables-services-1.4.21-18.2.el7_4.x86_64 2/3 清理 : iptables-1.4.21-17.el7.x86_64 3/3 驗證中 : iptables-services-1.4.21-18.2.el7_4.x86_64 1/3 驗證中 : iptables-1.4.21-18.2.el7_4.x86_64 2/3 驗證中 : iptables-1.4.21-17.el7.x86_64 3/3 已安裝: iptables-services.x86_64 0:1.4.21-18.2.el7_4 作為依賴被升級: iptables.x86_64 0:1.4.21-18.2.el7_4 完畢! [root@aming-03 yum.repos.d]# ``` - 對第二臺機器按照iptables-series包 ``` [root@aming-02 ~]# yum install -y iptables-services 已加載插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.btte.net * epel: mirrors.ustc.edu.cn * extras: mirrors.163.com * updates: mirrors.163.com 正在解決依賴關系 --> 正在檢查事務 ---> 軟件包 iptables-services.x86_64.0.1.4.21-18.2.el7_4 將被 安裝 --> 正在處理依賴關系 iptables = 1.4.21-18.2.el7_4,它被軟件包 iptables-services-1.4.21-18.2.el7_4.x86_64 需要 --> 正在檢查事務 ---> 軟件包 iptables.x86_64.0.1.4.21-17.el7 將被 升級 ---> 軟件包 iptables.x86_64.0.1.4.21-18.2.el7_4 將被 更新 --> 解決依賴關系完成 依賴關系解決 ======================================================================================================= Package 架構 版本 源 大小 ======================================================================================================= 正在安裝: iptables-services x86_64 1.4.21-18.2.el7_4 updates 51 k 為依賴而更新: iptables x86_64 1.4.21-18.2.el7_4 updates 428 k 事務概要 ======================================================================================================= 安裝 1 軟件包 升級 ( 1 依賴軟件包) 總下載量:479 k Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/2): iptables-services-1.4.21-18.2.el7_4.x86_64.rpm | 51 kB 00:00:00 (2/2): iptables-1.4.21-18.2.el7_4.x86_64.rpm | 428 kB 00:00:03 ------------------------------------------------------------------------------------------------------- 總計 124 kB/s | 479 kB 00:00:03 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在更新 : iptables-1.4.21-18.2.el7_4.x86_64 1/3 正在安裝 : iptables-services-1.4.21-18.2.el7_4.x86_64 2/3 清理 : iptables-1.4.21-17.el7.x86_64 3/3 驗證中 : iptables-services-1.4.21-18.2.el7_4.x86_64 1/3 驗證中 : iptables-1.4.21-18.2.el7_4.x86_64 2/3 驗證中 : iptables-1.4.21-17.el7.x86_64 3/3 已安裝: iptables-services.x86_64 0:1.4.21-18.2.el7_4 作為依賴被升級: iptables.x86_64 0:1.4.21-18.2.el7_4 完畢! [root@aming-02 ~]# ``` - 對第二臺aming-02 ,先把epel.repo 改名 再重新下載就快了 ``` [root@aming-02 ~]# cd /etc/yum.repos.d/ [root@aming-02 yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel-testing.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo [root@aming-02 yum.repos.d]# mv epel.repo epel.repo.1 ``` - 查看哪個包 都安裝了哪些文件 ``` [root@aming-02 yum.repos.d]# systemctl start iptables-services Failed to start iptables-services.service: Unit not found. [root@aming-02 yum.repos.d]# rpm -ql iptables-services /etc/sysconfig/ip6tables /etc/sysconfig/iptables /usr/lib/systemd/system/ip6tables.service /usr/lib/systemd/system/iptables.service /usr/libexec/initscripts/legacy-actions/ip6tables /usr/libexec/initscripts/legacy-actions/ip6tables/panic /usr/libexec/initscripts/legacy-actions/ip6tables/save /usr/libexec/initscripts/legacy-actions/iptables /usr/libexec/initscripts/legacy-actions/iptables/panic /usr/libexec/initscripts/legacy-actions/iptables/save /usr/libexec/iptables /usr/libexec/iptables/ip6tables.init /usr/libexec/iptables/iptables.init [root@aming-02 yum.repos.d]# ``` - 開啟iptables服務 啟動服務 systemctl start iptables - 設置開機啟動 systemctl enable iptables ``` [root@aming-02 yum.repos.d]# systemctl start iptables [root@aming-02 yum.repos.d]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@aming-02 yum.repos.d]# ``` - 第三臺也是 ``` [root@aming-03 yum.repos.d]# systemctl start iptables [root@aming-03 yum.repos.d]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@aming-03 yum.repos.d]# ``` - 查看表,是否使用了netfilter服務了 ``` [root@aming-03 yum.repos.d]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 65 5144 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 48 packets, 4984 bytes) pkts bytes target prot opt in out source destination [root@aming-03 yum.repos.d]# ``` - 清空表的規則,以便後續實驗 ``` [root@aming-03 yum.repos.d]# iptables -F [root@aming-03 yum.repos.d]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 確定 ] [root@aming-03 yum.repos.d]# ``` - 以上步驟需要檢查另外兩臺 rs 機器是否開啟firewalld 服務,如果開啟切換為netfilter服務 - 對第二臺 aming-02 這樣做 ``` [root@aming-02 yum.repos.d]# cd [root@aming-02 ~]# iptables -F [root@aming-02 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 確定 ] [root@aming-02 ~]# ``` - 把三臺機器額 selinux 都關閉,臨時關閉 setenforce 0 永久關閉 vi /etc/selinux/config,把裏面的SELINUX=disabled - 設置網關,必須把rs1 rs2 設置為分發器的ip地址192.168.202.130,設置好後 這倆臺機器局不能訪問外網了 - rs1 aming-02 ``` [root@aming-01 ~]# systemctl stop firewalld [root@aming-01 ~]# systemctl disable firewalld [root@aming-02 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 [root@aming-02 ~]# systemctl restart network.service [root@aming-02 ~]# ``` - rs2 aming-03 ``` [root@aming-03 yum.repos.d]# vi /etc/sysconfig/network-scripts/ifcfg-ens33 [root@aming-03 yum.repos.d]# systemctl restart network.service [root@aming-03 yum.repos.d]# ``` - 看下第一臺分發器上 ,防火墻都關閉了 ``` [root@aming-01 ~]# iptables -nvL Chain INPUT (policy ACCEPT 1923 packets, 159K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6713 packets, 387K bytes) pkts bytes target prot opt in out source destination [root@aming-01 ~]# getenforce Permissive [root@aming-01 ~]# ``` - 準備工作就到這裏了 # 18.10 LVS NAT模式搭建(下) - 在dir上安裝ipvsadm 在分發器dir上,安裝ipvsadm ,這個是實現 lvs 的一個重要的工具,缺少這個工具,將沒有辦法實現 lvs 的功能 - yum install -y ipvsdam - 因為epel.repo的包是國外資源,所以需要改個名字,再去yum 下載包 ``` [root@aming-01 ~]# cd /etc/yum.repos.d [root@aming-01 yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel-testing.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo epel.repo [root@aming-01 yum.repos.d]# mv epel.repo epel.repo.1 [root@aming-01 yum.repos.d]# yum install -y ipvsadm 已加載插件:fastestmirror Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 正在解決依賴關系 --> 正在檢查事務 ---> 軟件包 ipvsadm.x86_64.0.1.27-7.el7 將被 安裝 --> 解決依賴關系完成 依賴關系解決 ====================================================================================================================== Package 架構 版本 源 大小 ====================================================================================================================== 正在安裝: ipvsadm x86_64 1.27-7.el7 base 45 k 事務概要 ====================================================================================================================== 安裝 1 軟件包 總下載量:45 k 安裝大小:75 k Downloading packages: ipvsadm-1.27-7.el7.x86_64.rpm | 45 kB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在安裝 : ipvsadm-1.27-7.el7.x86_64 1/1 驗證中 : ipvsadm-1.27-7.el7.x86_64 1/1 已安裝: ipvsadm.x86_64 0:1.27-7.el7 完畢! [root@aming-01 yum.repos.d]# ``` - 在dir上編寫腳本,vim /usr/local/sbin/lvs_nat.sh//內容如下 - 編寫一個腳本,用腳本進行維護會比較方便,不用一條命令一條命令的進行操作 ``` [root@aming-01 yum.repos.d]# vi /usr/local/sbin/lvs_nat.sh #! /bin/bash # director 服務器上開啟路由轉發功能 echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects # 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37 echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects # director 設置nat防火墻 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE # director設置ipvsadm IPVSADM=‘/usr/sbin/ipvsadm‘ $IPVSADM -C $IPVSADM -A -t 192.168.142.147:80 -s lc -p 3 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1 ~ ~ ~ :wq [root@aming-01 yum.repos.d]# vi /usr/local/sbin/lvs_nat.sh [root@aming-01 yum.repos.d]# ``` - 可以執行下,沒有輸出,就是沒有錯誤,一般有錯誤信息會直接報錯出來 ``` [root@aming-01 yum.repos.d]# sh /usr/local/sbin/lvs_nat.sh [root@aming-01 yum.repos.d]# ``` - 兩臺rs上都安裝nginx - 設置兩臺rs的主頁,做一個區分,也就是說直接curl兩臺rs的ip時,得到不同的結果 - 瀏覽器裏訪問192.168.142.147,多訪問幾次看結果差異 - 先去第二臺機器上看下有沒有啟動nginx 服務 ``` [root@aming-02 ~]# ps aux |grep nginx root 4280 0.0 0.0 112680 980 pts/0 S+ 20:49 0:00 grep --color=auto nginx [root@aming-02 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 911/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1659/master tcp6 0 0 :::3306 :::* LISTEN 1294/mysqld tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 911/sshd tcp6 0 0 ::1:25 :::* LISTEN 1659/master [root@aming-02 ~]# systemctl start nginx [root@aming-02 ~]# !ps ps aux |grep nginx root 4295 0.0 0.2 122792 2080 ? Ss 20:49 0:00 nginx: master process /usr/sbin/ngin nginx 4296 0.0 0.3 123224 3124 ? S 20:49 0:00 nginx: worker process root 4298 0.0 0.0 112680 980 pts/0 S+ 20:49 0:00 grep --color=auto nginx [root@aming-02 ~]# curl localhost backup backup. [root@aming-02 ~]# [root@aming-02 ~]# vi /usr/share/nginx/index.html [root@aming-02 ~]# vi /usr/share/nginx/html/index.html aming02. ~ ~ ~ ~ :wq [root@aming-02 ~]# vi /usr/share/nginx/html/index.html [root@aming-02 ~]# [root@aming-02 ~]# curl localhost aming02. [root@aming-02 ~]# ``` - 第三臺也是這樣配置,開啟nginx服務 ``` [root@aming-03 yum.repos.d]# systemctl start nginx [root@aming-03 yum.repos.d]# vi /usr/share/nginx/html/index.html aming03. ~ ~ ~ ~ :wq [root@aming-03 yum.repos.d]# vi /usr/share/nginx/html/index.html [root@aming-03 yum.repos.d]# curl localhost aming03. [root@aming-03 yum.repos.d]# ``` - 我們現在可以做測試了,直接用windows 瀏覽器去訪問192.168.142.147 - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171114/211736692.png?imageslim) - 那我們把那個3秒取消掉,再看效果 - 把 $IPVSADM -A -t 192.168.142.147:80 -s lc -p 0 ,3 改為0 ``` [root@aming-01 yum.repos.d]# !vi vi /usr/local/sbin/lvs_nat.sh #! /bin/bash # director 服務器上開啟路由轉發功能 echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects # 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37 echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects # director 設置nat防火墻 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE # director設置ipvsadm IPVSADM=‘/usr/sbin/ipvsadm‘ $IPVSADM -C $IPVSADM -A -t 192.168.142.147:80 -s lc -p 0 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1 ~ :wq [root@aming-01 yum.repos.d]# sh /usr/local/sbin/lvs_nat.sh invalid timeout value `0‘ specified Memory allocation problem Memory allocation problem [root@aming-01 yum.repos.d]# ``` - 報錯了,因為我們有些操作是重復的 ``` [root@aming-01 yum.repos.d]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 3 packets, 480 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 1 packets, 328 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1 packets, 328 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1 packets, 328 bytes) pkts bytes target prot opt in out source destination 2 152 MASQUERADE all -- * * 192.168.202.0/24 0.0.0.0/0 [root@aming-01 yum.repos.d]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@aming-01 yum.repos.d]# ``` - 說明剛剛我們執行的腳本沒有成功 ``` [root@aming-01 ~]# !sh sh /usr/local/sbin/lvs_nat.sh invalid timeout value `0‘ specified Memory allocation problem Memory allocation problem [root@aming-01 ~]# ``` - invalid timeout value `0‘ specified 不能設置為0 ,那把-p去掉 ``` [root@aming-01 ~]# !vi vi /usr/local/sbin/lvs_nat.sh #! /bin/bash # director 服務器上開啟路由轉發功能 echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects # 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37 echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects # director 設置nat防火墻 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE # director設置ipvsadm IPVSADM=‘/usr/sbin/ipvsadm‘ $IPVSADM -C $IPVSADM -A -t 192.168.142.147:80 -s lc $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1 ~ :wq [root@aming-01 ~]# !sh sh /usr/local/sbin/lvs_nat.sh [root@aming-01 ~]# ``` - 再來看看,ipvsadm -ln 出來了數據 ``` [root@aming-01 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.142.147:80 lc -> 192.168.202.132:80 Masq 1 0 0 -> 192.168.202.133:80 Masq 1 0 0 [root@aming-01 ~]# [root@aming-01 ~]# [root@aming-01 ~]# ``` - 再換成 $IPVSADM -A -t 192.168.142.147:80 -s rr,之前是lc ``` [root@aming-01 ~]# vi /usr/local/sbin/lvs_nat.sh #! /bin/bash # director 服務器上開啟路由轉發功能 echo 1 > /proc/sys/net/ipv4/ip_forward # 關閉icmp的重定向 echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects # 註意區分網卡名字,阿銘的兩個網卡分別為ens33和ens37 echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects # director 設置nat防火墻 iptables -t nat -F iptables -t nat -X iptables -t nat -A POSTROUTING -s 192.168.202.0/24 -j MASQUERADE # director設置ipvsadm IPVSADM=‘/usr/sbin/ipvsadm‘ $IPVSADM -C $IPVSADM -A -t 192.168.142.147:80 -s rr $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.132:80 -m -w 1 $IPVSADM -a -t 192.168.142.147:80 -r 192.168.202.133:80 -m -w 1 ~ :wq ``` - 再來重新執行下 ``` [root@aming-01 ~]# vi /usr/local/sbin/lvs_nat.sh [root@aming-01 ~]# !sh sh /usr/local/sbin/lvs_nat.sh [root@aming-01 ~]# ``` - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171114/212713940.png?imageslim) - 用curl來測測,訪問外網,我們設置的 192.168.142.147 ,還是很均衡的,一下aming02 一下aming03 ``` [root@aming-01 ~]# curl 192.168.142.147 aming02. [root@aming-01 ~]# curl 192.168.142.147 aming03. [root@aming-01 ~]# curl 192.168.142.147 aming02. [root@aming-01 ~]# curl 192.168.142.147 aming03. [root@aming-01 ~]# curl 192.168.142.147 aming02. [root@aming-01 ~]# curl 192.168.142.147 aming03. [root@aming-01 ~]# ```
18.1 集群介紹 18.2 keepalived介紹 18.3/18.4/18.5 用keepalived配置高可用集群