LVS负载均衡实战演练

LVS负载均衡实战之lvs-nat模型

1.准备好机器,配置好时间同步,配置号网络,主机名

172.16.251.91 client [桥接] [网关为172.16.251.90]  

#lvs负载均衡两块网卡  
172.16.251.90   lvs [网卡1] [桥接]   
192.168.42.150  lvs [网卡2] [VMnet8]  

192.168.42.152  rs1  [网关为192.168.42.150] [VMnet8]  
192.168.42.153  rs2  [网关为192.168.42.150] [VMnet8]

2.在172.16.251.90安装软件

(1).安装ipvsadm组件

yum install ipvsadm -y

(2).启动网卡间核心转发功能

sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

3.在 rs1,rs2上安装httpd,启动rs1,rs2的httpd,并测试 curl 127.0.0.1

(1).rs1: 在rs1节点上添加测试页面:

echo "this is rs1 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs1 ~]# curl 127.0.0.1
this is rs1 test page

(2).rs2: 在rs2节点上添加测试页面:

echo "this is rs2 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs2 ~]# curl 127.0.0.1
this is rs2 test page

4.lvs机器上添加负载均衡集群规则 此次定义DIP是以-s指定为rr算法进行轮询调度,-m指定模式为lvs-nat

ipvsadm -A -t 172.16.251.90:80 -s rr
ipvsadm -a 172.16.251.90:80 -r 192.168.42.152:80 -m 
ipvsadm -a 172.16.251.90:80 -r 192.168.42.153:80 -m 
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.251.90:80 rr
  -> 192.168.42.152:80            Masq    1      0          0         
  -> 192.168.42.153:80            Masq    1      0          0

5.client端测试

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

可以看出访问时轮询访问的

6.我们换个调度算法看看
此处将上面的lvs-nat的rr的基础上进行修改 ,改成wrr加权轮询算法:
将192.168.42.152的权重设为1
将192.168.42.153的权重设为3

ipvsadm -E -t 172.16.251.90:80 -s wrr
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.152:80 -w 1 -m
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.153:80 -w 3 -m

在进行测试一下

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page

可以看出权重为3的访问次数较多

LVS负载均衡实战之lvs-dr模型

1.准备好机器,配置好时间同步,配置号网络,主机名

192.16.251.90 [client][网关172.16.0.1]

#此次lvs一张网卡即可,但需要做一个网卡别名[172.16.50.50]做为vip
172.16.251.91 [lvs]

172.16.251.92 [rs1]
172.16.251.93 [rs2]

2.lvs节点配置vip

ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

[root@lvs ~]# ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.251.90  netmask 255.255.0.0  broadcast 172.16.255.255
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)
        RX packets 47889  bytes 43113530 (41.1 MiB)
        RX errors 0  dropped 30  overruns 0  frame 0
        TX packets 15611  bytes 1033180 (1008.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.50.50  netmask 255.255.255.255  broadcast 172.16.50.50
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 174  bytes 15234 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174  bytes 15234 (14.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.在rs1,rs2节点上配置vip

ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

rs1节点:

[root@rs1 ~]# ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@rs1 ~]# route add -host 172.16.50.50 dev lo:0

#配置rs主机参数
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
  • [x] rs2节点同上:

4.lvs机器上添加负载均衡集群规则

ipvsadm -A -t 172.16.50.50:80 -s rr
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.92:80 -g
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.93:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 rr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   1      0          0

5.在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样得到负载均衡的效果

我们再一次调整调度算法,调整权重,改成wrr加权轮询算法:
将172.16.251.92的权重设为1
将172.16.251.93的权重设为3

ipvsadm -E -t 172.16.50.50:80 -s wrr
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.92:80  -w 1 -g
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.93:80  -w 3 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 wrr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   3      0          0

我们再一次在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .

同样权重为3的访问次数较高

LVS负载均衡实战之HTTP,HTTPS统一调度

此次试验我们在之前的试验lvs-dr模型进行改造一下 我们弄一个http虚拟主机,然后全站https,我们希望 lvs在进行负载均衡的时候,访问http和https站点,可以统一负载,该怎么做呢

我们可以利用fwm通过防火墙标记来定义lvs

1.在lvs机器上生成ca证书
(1) 生成私钥:

~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

(2) 生成自签证书:

~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新证书签署请求;
-x509:生成自签格式证书,专用于创建私有CA时;
-key:生成请求时用到的私有文件路径;
-out:生成的请求文件路径;如果自签操作将直接生成签署过的证书;
-days:证书的有效时长,单位是day;

(3) 为CA提供所需的目录及文件;

~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(4) 输入的选项如下:

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:

2.生成httpd签署证书 (也是在lvs节点上) (1) 用到证书的主机生成私钥;

mkdir -p /etc/httpd/ssl 
cd  /etc/httpd/ssl
(umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)

(2) 生成证书签署请求

openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365

(3) 签署证书;

openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/httpd/ssl/httpd.crt  -days  365

(4)将httpd.key httpd.crt 发送到rs1,rs2主机上

scp httpd.key httpd.crt root@172.16.251.92:/etc/httpd/conf.d/
 scp httpd.key httpd.crt root@172.16.251.93:/etc/httpd/conf.d/

3.在rs1,rs2主机上操作
(1)安装ssl模块

yum install mod_ssl openssl -y

(2)配置ssl.conf

DocumentRoot "/var/www/html"
ServerName www.test.com
SSLCertificateFile /etc/httpd/conf.d/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

(3)重启httpd

systemctl restart httpd

4.在lvs机器上测试一下

修改域名解析 172.16.251.92 www.test.com

[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs1 test page
[root@lvs ssl]# curl http://www.test.com
this is rs1 test page

修改域名解析 172.16.251.93 www.test.com

[root@lvs ssl]# curl http://www.test.com
this is rs2 test page .
[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs2 test page .

5.将http,https绑定统一调度

iptables -F
iptables -t mangle -A PREROUTING -d 172.16.50.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 99
iptables -vnL
ipvsadm -C
ipvsadm -A -f 99 -s rr 
ipvsadm -a -f 99 -r 172.16.251.92 -g
ipvsadm -a -f 99 -r 172.16.251.93 -g
ipvsadm -Ln

6.将ca证书发送到client进行测试

#在lvs节点上操作
scp cacert.pem  root@172.16.251.91:/tmp

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样我们修改调度算法,调整权重,改成wrr加权轮询算法:

#lvs节点上操作
ipvsadm -E -f 99 -s wrr 
ipvsadm -e -f 99 -r 172.16.251.92 -w 3 -g
ipvsadm -e -f 99 -r 172.16.251.93 -w 1 -g
ipvsadm -Ln

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page

同样权重为3的访问次数较高

原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/78372

(0)
sraybansrayban
上一篇 2017-06-20
下一篇 2017-06-22

相关推荐

  • N25-第7周博客作业

    N25-第7周博客作业 1、创建一个10G分区,并格式为ext4文件系统;        (1) 要求其block大小为2048, 预留空间百分比为2,   卷标为MYDATA, 默认挂载属性包含acl;        (2)   挂载至/data/mydat…

    Linux干货 2017-01-21
  • Linux基础知识(五)

    1、显示当前系统上root、fedora或user1用户的默认shell [root@server01 ~]# cat /etc/passwd | grep –color=auto -E "^root|fedora|user1" | cut -d : -f 1,7 2、找出/etc/rc.d/init.d/functions文…

    Linux干货 2016-10-25
  • LNMP内网部署wiki

    需求:内部人员经常到查阅资料,考虑在内网搭建wiki站点。 实验拓扑: 实验环境:        Nginx,PHP:192.168.198.160,10.0.0.07        MySQL:10.0.0.8 软件包:  &n…

    Linux干货 2015-10-15
  • 任务计划配置

        任务计划:         linux任务计划,周期任务执行         未来的某个时间点执行一次任务:at,batch:系统自行选择空闲时间去执行此处指定的任务 &n…

    Linux干货 2016-09-12
  • 系统基础之用户,组管理作业题

    、创建testuser uid 1234,主组:bin,辅助组:root,ftp,shell:/bin/csh home:/testdir/testuser 1 2 3 [root@wen-7 ~]# useradd -u 1234 -g bin -G root,ftp&nbsp…

    Linux干货 2016-08-04
  • ![](http://i1.pixiv.net/img-original/img/2016/08/09/20/23/25/58345400_p0.jpg) ![](http://i1.pixiv.net/img-original/img/2016/08/09/20/23/25/58345400_p0.jpg)

    Linux干货 2016-12-26