LVS负载均衡实战演练

LVS负载均衡实战之lvs-nat模型

1.准备好机器,配置好时间同步,配置号网络,主机名

172.16.251.91 client [桥接] [网关为172.16.251.90]  

#lvs负载均衡两块网卡  
172.16.251.90   lvs [网卡1] [桥接]   
192.168.42.150  lvs [网卡2] [VMnet8]  

192.168.42.152  rs1  [网关为192.168.42.150] [VMnet8]  
192.168.42.153  rs2  [网关为192.168.42.150] [VMnet8]

2.在172.16.251.90安装软件

(1).安装ipvsadm组件

yum install ipvsadm -y

(2).启动网卡间核心转发功能

sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

3.在 rs1,rs2上安装httpd,启动rs1,rs2的httpd,并测试 curl 127.0.0.1

(1).rs1: 在rs1节点上添加测试页面:

echo "this is rs1 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs1 ~]# curl 127.0.0.1
this is rs1 test page

(2).rs2: 在rs2节点上添加测试页面:

echo "this is rs2 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs2 ~]# curl 127.0.0.1
this is rs2 test page

4.lvs机器上添加负载均衡集群规则 此次定义DIP是以-s指定为rr算法进行轮询调度,-m指定模式为lvs-nat

ipvsadm -A -t 172.16.251.90:80 -s rr
ipvsadm -a 172.16.251.90:80 -r 192.168.42.152:80 -m 
ipvsadm -a 172.16.251.90:80 -r 192.168.42.153:80 -m 
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.251.90:80 rr
  -> 192.168.42.152:80            Masq    1      0          0         
  -> 192.168.42.153:80            Masq    1      0          0

5.client端测试

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

可以看出访问时轮询访问的

6.我们换个调度算法看看
此处将上面的lvs-nat的rr的基础上进行修改 ,改成wrr加权轮询算法:
将192.168.42.152的权重设为1
将192.168.42.153的权重设为3

ipvsadm -E -t 172.16.251.90:80 -s wrr
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.152:80 -w 1 -m
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.153:80 -w 3 -m

在进行测试一下

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page

可以看出权重为3的访问次数较多

LVS负载均衡实战之lvs-dr模型

1.准备好机器,配置好时间同步,配置号网络,主机名

192.16.251.90 [client][网关172.16.0.1]

#此次lvs一张网卡即可,但需要做一个网卡别名[172.16.50.50]做为vip
172.16.251.91 [lvs]

172.16.251.92 [rs1]
172.16.251.93 [rs2]

2.lvs节点配置vip

ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

[root@lvs ~]# ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.251.90  netmask 255.255.0.0  broadcast 172.16.255.255
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)
        RX packets 47889  bytes 43113530 (41.1 MiB)
        RX errors 0  dropped 30  overruns 0  frame 0
        TX packets 15611  bytes 1033180 (1008.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.50.50  netmask 255.255.255.255  broadcast 172.16.50.50
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 174  bytes 15234 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174  bytes 15234 (14.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.在rs1,rs2节点上配置vip

ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

rs1节点:

[root@rs1 ~]# ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@rs1 ~]# route add -host 172.16.50.50 dev lo:0

#配置rs主机参数
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
  • [x] rs2节点同上:

4.lvs机器上添加负载均衡集群规则

ipvsadm -A -t 172.16.50.50:80 -s rr
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.92:80 -g
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.93:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 rr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   1      0          0

5.在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样得到负载均衡的效果

我们再一次调整调度算法,调整权重,改成wrr加权轮询算法:
将172.16.251.92的权重设为1
将172.16.251.93的权重设为3

ipvsadm -E -t 172.16.50.50:80 -s wrr
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.92:80  -w 1 -g
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.93:80  -w 3 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 wrr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   3      0          0

我们再一次在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .

同样权重为3的访问次数较高

LVS负载均衡实战之HTTP,HTTPS统一调度

此次试验我们在之前的试验lvs-dr模型进行改造一下 我们弄一个http虚拟主机,然后全站https,我们希望 lvs在进行负载均衡的时候,访问http和https站点,可以统一负载,该怎么做呢

我们可以利用fwm通过防火墙标记来定义lvs

1.在lvs机器上生成ca证书
(1) 生成私钥:

~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

(2) 生成自签证书:

~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新证书签署请求;
-x509:生成自签格式证书,专用于创建私有CA时;
-key:生成请求时用到的私有文件路径;
-out:生成的请求文件路径;如果自签操作将直接生成签署过的证书;
-days:证书的有效时长,单位是day;

(3) 为CA提供所需的目录及文件;

~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(4) 输入的选项如下:

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:

2.生成httpd签署证书 (也是在lvs节点上) (1) 用到证书的主机生成私钥;

mkdir -p /etc/httpd/ssl 
cd  /etc/httpd/ssl
(umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)

(2) 生成证书签署请求

openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365

(3) 签署证书;

openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/httpd/ssl/httpd.crt  -days  365

(4)将httpd.key httpd.crt 发送到rs1,rs2主机上

scp httpd.key httpd.crt root@172.16.251.92:/etc/httpd/conf.d/
 scp httpd.key httpd.crt root@172.16.251.93:/etc/httpd/conf.d/

3.在rs1,rs2主机上操作
(1)安装ssl模块

yum install mod_ssl openssl -y

(2)配置ssl.conf

DocumentRoot "/var/www/html"
ServerName www.test.com
SSLCertificateFile /etc/httpd/conf.d/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

(3)重启httpd

systemctl restart httpd

4.在lvs机器上测试一下

修改域名解析 172.16.251.92 www.test.com

[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs1 test page
[root@lvs ssl]# curl http://www.test.com
this is rs1 test page

修改域名解析 172.16.251.93 www.test.com

[root@lvs ssl]# curl http://www.test.com
this is rs2 test page .
[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs2 test page .

5.将http,https绑定统一调度

iptables -F
iptables -t mangle -A PREROUTING -d 172.16.50.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 99
iptables -vnL
ipvsadm -C
ipvsadm -A -f 99 -s rr 
ipvsadm -a -f 99 -r 172.16.251.92 -g
ipvsadm -a -f 99 -r 172.16.251.93 -g
ipvsadm -Ln

6.将ca证书发送到client进行测试

#在lvs节点上操作
scp cacert.pem  root@172.16.251.91:/tmp

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样我们修改调度算法,调整权重,改成wrr加权轮询算法:

#lvs节点上操作
ipvsadm -E -f 99 -s wrr 
ipvsadm -e -f 99 -r 172.16.251.92 -w 3 -g
ipvsadm -e -f 99 -r 172.16.251.93 -w 1 -g
ipvsadm -Ln

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page

同样权重为3的访问次数较高

原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/78372

(0)
sraybansrayban
上一篇 2017-06-20
下一篇 2017-06-22

相关推荐

  • shell基础if与case

    1.read   使用read来把输入值分配给一个或多个shell变量;   -p 指定要显示的提示;例如 read -p "SHURU" num   -t TIMEOUT   read 从标准输入中读取值,给每个单词分配一个变量,所有剩余单词都被分配给最后一个变量 2.流程控制   过程…

    Linux干货 2016-08-18
  • systemd

    1、systemd (1)CentOS 7 使用systemd替换了SysV。Systemd目的是要取代一直在使用的init系统,兼容SysV和LSB的启动脚本,负责在系统启动或运行时,激活系统资源、服务器进程和其它进程。 (2)systemd的新特性: 系统引导是实现服务并行启动 按需启动守护进程 自动化管理各服务间的依赖关系 同时采用sockets式与D…

    Linux干货 2016-09-21
  • N25-第16周博客作业

    1、源码编译安装LNMP架构环境;     安装nginx:      1)安装依赖包 ]# yum groupinstall “Development Tools” “Development Libraries” -y ]# yum install wget openssl-devel ncurses-de…

    2017-05-21
  • 第五周作业

    1、显示当前系统上root、fedora或user1用户的默认shell; 答:#egrp ‘^(root|fedora|user1)’ /etc/passwd | cut -f1,7 -d: 2、找出/etc/rc.d/init.d/functions文件中某单词后面跟一组小括号的行,形如:hello(); 答:#egrp -o &…

    Linux干货 2017-02-25
  • 命令别名以及元数据。

    命令别名alias: 命令别名:     获取所有可用别名的定义;         ~]# alias         定义别名:  &nb…

    Linux干货 2016-11-05
  • Homework Week-2 Linux文件管理

    1、Linux上的文件管理命令都有哪些,其常用的使用方法及其相关示例演示。 文件管理工具:cp, mv, rm         cp命令:copy  源文件  目标文件                单源复制:cp [O…

    Linux干货 2016-08-22