LVS负载均衡实战演练

LVS负载均衡实战之lvs-nat模型

1.准备好机器,配置好时间同步,配置号网络,主机名

172.16.251.91 client [桥接] [网关为172.16.251.90]  

#lvs负载均衡两块网卡  
172.16.251.90   lvs [网卡1] [桥接]   
192.168.42.150  lvs [网卡2] [VMnet8]  

192.168.42.152  rs1  [网关为192.168.42.150] [VMnet8]  
192.168.42.153  rs2  [网关为192.168.42.150] [VMnet8]

2.在172.16.251.90安装软件

(1).安装ipvsadm组件

yum install ipvsadm -y

(2).启动网卡间核心转发功能

sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

3.在 rs1,rs2上安装httpd,启动rs1,rs2的httpd,并测试 curl 127.0.0.1

(1).rs1: 在rs1节点上添加测试页面:

echo "this is rs1 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs1 ~]# curl 127.0.0.1
this is rs1 test page

(2).rs2: 在rs2节点上添加测试页面:

echo "this is rs2 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs2 ~]# curl 127.0.0.1
this is rs2 test page

4.lvs机器上添加负载均衡集群规则 此次定义DIP是以-s指定为rr算法进行轮询调度,-m指定模式为lvs-nat

ipvsadm -A -t 172.16.251.90:80 -s rr
ipvsadm -a 172.16.251.90:80 -r 192.168.42.152:80 -m 
ipvsadm -a 172.16.251.90:80 -r 192.168.42.153:80 -m 
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.251.90:80 rr
  -> 192.168.42.152:80            Masq    1      0          0         
  -> 192.168.42.153:80            Masq    1      0          0

5.client端测试

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

可以看出访问时轮询访问的

6.我们换个调度算法看看
此处将上面的lvs-nat的rr的基础上进行修改 ,改成wrr加权轮询算法:
将192.168.42.152的权重设为1
将192.168.42.153的权重设为3

ipvsadm -E -t 172.16.251.90:80 -s wrr
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.152:80 -w 1 -m
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.153:80 -w 3 -m

在进行测试一下

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page

可以看出权重为3的访问次数较多

LVS负载均衡实战之lvs-dr模型

1.准备好机器,配置好时间同步,配置号网络,主机名

192.16.251.90 [client][网关172.16.0.1]

#此次lvs一张网卡即可,但需要做一个网卡别名[172.16.50.50]做为vip
172.16.251.91 [lvs]

172.16.251.92 [rs1]
172.16.251.93 [rs2]

2.lvs节点配置vip

ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

[root@lvs ~]# ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.251.90  netmask 255.255.0.0  broadcast 172.16.255.255
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)
        RX packets 47889  bytes 43113530 (41.1 MiB)
        RX errors 0  dropped 30  overruns 0  frame 0
        TX packets 15611  bytes 1033180 (1008.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.50.50  netmask 255.255.255.255  broadcast 172.16.50.50
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 174  bytes 15234 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174  bytes 15234 (14.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.在rs1,rs2节点上配置vip

ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

rs1节点:

[root@rs1 ~]# ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@rs1 ~]# route add -host 172.16.50.50 dev lo:0

#配置rs主机参数
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
  • [x] rs2节点同上:

4.lvs机器上添加负载均衡集群规则

ipvsadm -A -t 172.16.50.50:80 -s rr
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.92:80 -g
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.93:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 rr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   1      0          0

5.在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样得到负载均衡的效果

我们再一次调整调度算法,调整权重,改成wrr加权轮询算法:
将172.16.251.92的权重设为1
将172.16.251.93的权重设为3

ipvsadm -E -t 172.16.50.50:80 -s wrr
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.92:80  -w 1 -g
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.93:80  -w 3 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 wrr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   3      0          0

我们再一次在client上测试

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .

同样权重为3的访问次数较高

LVS负载均衡实战之HTTP,HTTPS统一调度

此次试验我们在之前的试验lvs-dr模型进行改造一下 我们弄一个http虚拟主机,然后全站https,我们希望 lvs在进行负载均衡的时候,访问http和https站点,可以统一负载,该怎么做呢

我们可以利用fwm通过防火墙标记来定义lvs

1.在lvs机器上生成ca证书
(1) 生成私钥:

~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

(2) 生成自签证书:

~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新证书签署请求;
-x509:生成自签格式证书,专用于创建私有CA时;
-key:生成请求时用到的私有文件路径;
-out:生成的请求文件路径;如果自签操作将直接生成签署过的证书;
-days:证书的有效时长,单位是day;

(3) 为CA提供所需的目录及文件;

~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(4) 输入的选项如下:

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:

2.生成httpd签署证书 (也是在lvs节点上) (1) 用到证书的主机生成私钥;

mkdir -p /etc/httpd/ssl 
cd  /etc/httpd/ssl
(umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)

(2) 生成证书签署请求

openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365

(3) 签署证书;

openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/httpd/ssl/httpd.crt  -days  365

(4)将httpd.key httpd.crt 发送到rs1,rs2主机上

scp httpd.key httpd.crt root@172.16.251.92:/etc/httpd/conf.d/
 scp httpd.key httpd.crt root@172.16.251.93:/etc/httpd/conf.d/

3.在rs1,rs2主机上操作
(1)安装ssl模块

yum install mod_ssl openssl -y

(2)配置ssl.conf

DocumentRoot "/var/www/html"
ServerName www.test.com
SSLCertificateFile /etc/httpd/conf.d/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

(3)重启httpd

systemctl restart httpd

4.在lvs机器上测试一下

修改域名解析 172.16.251.92 www.test.com

[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs1 test page
[root@lvs ssl]# curl http://www.test.com
this is rs1 test page

修改域名解析 172.16.251.93 www.test.com

[root@lvs ssl]# curl http://www.test.com
this is rs2 test page .
[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs2 test page .

5.将http,https绑定统一调度

iptables -F
iptables -t mangle -A PREROUTING -d 172.16.50.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 99
iptables -vnL
ipvsadm -C
ipvsadm -A -f 99 -s rr 
ipvsadm -a -f 99 -r 172.16.251.92 -g
ipvsadm -a -f 99 -r 172.16.251.93 -g
ipvsadm -Ln

6.将ca证书发送到client进行测试

#在lvs节点上操作
scp cacert.pem  root@172.16.251.91:/tmp

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同样我们修改调度算法,调整权重,改成wrr加权轮询算法:

#lvs节点上操作
ipvsadm -E -f 99 -s wrr 
ipvsadm -e -f 99 -r 172.16.251.92 -w 3 -g
ipvsadm -e -f 99 -r 172.16.251.93 -w 1 -g
ipvsadm -Ln

#在client节点上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page

同样权重为3的访问次数较高

原创文章,作者:srayban,如若转载,请注明出处:http://www.178linux.com/78372

(0)
sraybansrayban
上一篇 2017-06-20
下一篇 2017-06-22

相关推荐

  • bash循环、函数、数组、内置的字符串处理、变量、trap信号捕捉

    流程控制 过程式编程语言: 顺序执行 如果是命令写错了,可以继续往下执行;但当语法错误时则不会往下继续执行; 选择执行 循环执行 条件选择:if语句 单分支 if 判断条件;then 条件为真的分支代码 fi 双分支 if 判断条件; then 条件为真的分支代码 else 条件为假的分支代码 fi 多分支 if 判断条件1; then 条件为真的分支代码 …

    Linux干货 2017-05-21
  • 从Linux小白到大牛——与狼共舞的日子3

    马哥教育网络班21期+第3周课程练习 1、列出当前系统上所有已经登录的用户的用户名,注意:同一个用户登录多次,则只显示一次即可。 [root@localhost ~]# who root :0   2016-07-23 08:55 (:0) wangsining pts…

    Linux干货 2016-07-26
  • 网络班N22期第五周博客作业

    1、显示当前系统上root、fedora或user1用户的默认shell; [root@bogon ~]# cat /etc/passwd | grep -E "^(root|fedora|user1)\>" | cut -d:&nb…

    Linux干货 2016-09-15
  • DNS 正反向解析 主从配置

    我的环境是     192.168.1.130    主DNS      192.168.1.112    从DNS DNS 的安装包有bind bind-libs bind-utils 安…

    Linux干货 2016-01-05
  • linux用户和组的配置文件

    1./etc/passwd:用户及其属性信息(用户名,密码,uid,gid,gecos注释性描述信息,家目录,登录shell)在/etc/passwd文件中每个用户都有一个对应的记录行,它记录了这个用户的一些基本属性。系统管理员经常会接触到这个文件的修改以完成对用户的管理工作。这个文件对所有用户都是可读的。      …

    2017-07-22
  • DNS 主从协作及配置父子域实验

    实验:DNS主从协作及配置父子域实验 实验拓扑图 实验准备     1、所有主机关闭防火墙和selinux         service iptables stop       …

    Linux干货 2016-08-15