一、简介
1、理论已经在上一篇博客简述,不了解得可以看看
https://www.cnblogs.com/zhangxingeng/p/10497279.html
2、LVS-NAT优缺点复习
关于这种模式
1、RIP和DIP一般处于同一私有网段中。但并非必须,RS的网关要指向DIP,这样能保证将响应数据交给Director
2、支持端口映射,可修改请求报文的目标端口;
3、VS/NAT模式的最大缺点使Director负责所有进出数据:不仅处理客户端发起的请求,还负责将响应传输给客户端。而响应数据一般比请求数据大得多,调度器Director容易出现瓶颈。(也就是像7层负载的处理方式一样,但却没有7层负载那么多功能)
4、vs必须使linux系统,RS可以是任何系统
缺点:在整个过程中,所有输入输出的流量都要经过LVS调度器,调度器网络I/O压力就会非常大,因此很容易称为瓶颈,特别使对请求流量很小,而响应流量很大的web类应用来说更为如此;
优点:NAT模式配置管理简单,由于使用了NAT技术,LVS调度器及应用服务器可以在不同网段中,网络架构灵活,应用服务器只需要进行简单的网络设定即可加入集群。
3、实验拓扑
说明:虚拟机做实验有关网段的设计,Director调度器需要配置两块网卡,我们CIP和VIP可以用NAT模式,DIP、RS、NFS可以用仅主机模式。
二、开始部署
1、网络配置
添加网卡后别忘了点击设备状态“已连接”
1 [root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37 2 TYPE=\"Ethernet\" 3 BOOTPROTO=\"static\" 4 DEFROUTE=\"yes\" 5 IPV4_FAILURE_FATAL=\"no\" 6 IPV6INIT=\"yes\" 7 IPV6_AUTOCONF=\"yes\" 8 IPV6_DEFROUTE=\"yes\" 9 IPV6_FAILURE_FATAL=\"no\" 10 IPV6_ADDR_GEN_MODE=\"stable-privacy\" 11 NAME=\"ens37\" 12 UUID=\"4f788070-131a-4f10-85a8-179b4f14gg48\" 13 DEVICE=\"ens37\" 14 ONBOOT=\"yes\" 15 DNS1=192.168.13.2 16 IPADDR=192.168.13.11 17 #PREFIX=24 18 GATEWAY=192.168.13.2 19 IPV6_PEERDNS=yes 20 IPV6_PEERROUTES=yes 21 ~ 22 [root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 23 TYPE=\"Ethernet\" 24 BOOTPROTO=\"static\" 25 DEFROUTE=\"yes\" 26 IPV4_FAILURE_FATAL=\"no\" 27 IPV6INIT=\"yes\" 28 IPV6_AUTOCONF=\"yes\" 29 IPV6_DEFROUTE=\"yes\" 30 IPV6_FAILURE_FATAL=\"no\" 31 IPV6_ADDR_GEN_MODE=\"stable-privacy\" 32 NAME=\"ens33\" 33 UUID=\"4f788080-131a-4f10-85a8-179b4f14ab48\" 34 DEVICE=\"ens33\" 35 ONBOOT=\"yes\" 36 DNS1=192.168.216.2 37 IPADDR=192.168.216.51 38 PREFIX=24 39 GATEWAY=192.168.216.2 40 IPV6_PEERDNS=yes 41 IPV6_PEERROUTES=yes
#在添加一块网卡后,没有网卡设置,请按照自己得ip自行配制即可
42 [root@web1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
43 TYPE=\"Ethernet\"
44 BOOTPROTO=\"static\"
45 DEFROUTE=\"yes\"
46 IPV4_FAILURE_FATAL=\"no\"
47 IPV6INIT=\"yes\"
48 IPV6_AUTOCONF=\"yes\"
49 IPV6_DEFROUTE=\"yes\"
50 IPV6_FAILURE_FATAL=\"no\"
51 IPV6_ADDR_GEN_MODE=\"stable-privacy\"
52 NAME=\"ens37\"
53 UUID=\"4f788070-131a-4f10-85a8-179b4f14gg48\"
54 DEVICE=\"ens37\"
55 ONBOOT=\"yes\"
56 DNS1=192.168.13.2
57 IPADDR=192.168.13.11
58 #PREFIX=24
59 GATEWAY=192.168.13.2
60 IPV6_PEERDNS=yes
61 IPV6_PEERROUTES=yes
2、关闭防火墙及selinux
1 systemctl stop firewalld 2 3 systemctl disable firewalld 4 5 sed -i \'/SELINUX/s/enforcing/disabled/\' /etc/selinux/config
3、安装软件
1 51上安装ipvsadm 2 yum install ipvsadm -y 3 12、13安装httpd 4 yum install httpd -y 5 14上安装nfs,rpcbind 6 yum install nfs-utils rpcbind -y
4、配置web2、web3的网关改为192.168.13.11
1 web2 2 3 echo \"welcom to web2\" >/var/www/html/index.html 4 5 web3 6 echo \"welcom to web3\" >/var/www/html/index.html 7 两台同时配置网关
响应报文的目标地址是CIP,所以RS网关需要执行Director的DIP
8 route add default gw 192.168.13.11 9 systemctl restart httpd 10 systemctl enable httpd 11
5、配置director调度器
1 2 3 4 5 开启转发功能
director接收到CIP的数据包,需要转发给RS处理,接着VIP收到数据需要转发DIP,所以需要开启转发功能 6 7 echo 1 > /proc/sys/net/ipv4/ip_forward 8 9 配置负载调度器SNAT转发规则 10 ipvsadm -A -t 192.168.216.51:80 -s rr 11 ipvsadm -a -t 192.168.216.51:80 -r 192.168.13.12:80 -m -w 1 12 ipvsadm -a -t 192.168.216.51:80 -r 192.168.13.13:80 -m -w 1 13 检查规则 14 ipvsadm -Ln 15 16 17 18 [root@web1 ~]# ipvsadm -Ln 19 IP Virtual Server version 1.2.1 (size=4096) 20 Prot LocalAddress:Port Scheduler Flags 21 -> RemoteAddress:Port Forward Weight ActiveConn InActConn 22 TCP 192.168.216.51:80 rr 23 -> 192.168.13.12:80 Masq 1 0 0 24 -> 192.168.13.13:80 Masq 1 0 0 25 [root@web1 ~]#
6、测试功能
director调度器上基本测试
ping两台RS,并访问web
1 [root@web1 ~]# ping 192.168.13.12 2 PING 192.168.13.12 (192.168.13.12) 56(84) bytes of data. 3 64 bytes from 192.168.13.12: icmp_seq=1 ttl=64 time=0.683 ms 4 64 bytes from 192.168.13.12: icmp_seq=2 ttl=64 time=2.15 ms 5 ^C 6 --- 192.168.13.12 ping statistics --- 7 2 packets transmitted, 2 received, 0% packet loss, time 1001ms 8 rtt min/avg/max/mdev = 0.683/1.418/2.153/0.735 ms 9 [root@web1 ~]# ping 192.168.13.13 10 PING 192.168.13.13 (192.168.13.13) 56(84) bytes of data. 11 64 bytes from 192.168.13.13: icmp_seq=1 ttl=64 time=0.654 ms 12 64 bytes from 192.168.13.13: icmp_seq=2 ttl=64 time=0.589 ms 13 ^C 14 --- 192.168.13.13 ping statistics --- 15 2 packets transmitted, 2 received, 0% packet loss, time 1000ms 16 rtt min/avg/max/mdev = 0.589/0.621/0.654/0.040 ms 17 [root@web1 ~]# curl 192.168.13.12 18 welcom to web2 19 [root@web1 ~]# curl 192.168.13.13 20 welcom to web3
21 [root@web1 ~]#
client上访问192.168.216.51
1 [root@web5 ~]# curl 192.168.216.51 2 welcom to web3 3 [root@web5 ~]# curl 192.168.216.51 4 welcom to web2 5 [root@web5 ~]# curl 192.168.216.51 6 welcom to web3 7 [root@web5 ~]# curl 192.168.216.51 8 welcom to web2
7、配置后端共享存储NFS
前面已经安装了程序包这里只需要配置
1 #设置共享目录,权限 2 [root@web4 cdrom]# mkdir -p /data/www/ 3 [root@web4 cdrom]# vim /etc/exports 4 /data/www 192.168.13.0/24(ro,sync,no_root_squash) 5 #设置index.html文件 6 [root@web4 cdrom]# cd /data/www/ 7 [root@web4 www]# echo \"this is www data\" index.html 8 #启动并开机自启 9 [root@web4 cdrom]# systemctl start rpcbind 10 [root@web4 cdrom]# systemctl start nfs 11 [root@web4 cdrom]# systemctl enable rpcbind 12 [root@web4 cdrom]# systemctl enable nfs 13 #查看可挂载目录,13网段其他机器也可以使用测试 14 [root@web4 www]# showmount -e 192.168.13.14 15 Export list for 192.168.13.14: 16 /data/www 192.168.13.0/24
测试
web2、web3执行挂载
1 [root@web2 yum.repos.d]# showmount -e 192.168.13.14 2 Export list for 192.168.13.14: 3 /data/www 192.168.13.0/24 4 [root@web2 yum.repos.d]# mount 192.168.13.14:/data/www /var/www/html
client测试
1 root@web5 ~]# curl 192.168.216.51 2 this is www data 3 [root@web5 ~]# curl 192.168.216.51 4 this is www data 5 [root@web5 ~]# curl 192.168.216.51 6 this is www data 7 [root@web5 ~]# curl 192.168.216.51 8 this is www data 9 [root@web5 ~]# curl 192.168.216.51 10 this is www data 11 [root@web5 ~]# curl 192.168.216.51 12 this is www data
调度器上可以看到统计信息及连接条目
1 [root@web1 ~]# ipvsadm -ln --stats #统计信息 2 IP Virtual Server version 1.2.1 (size=4096) 3 Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes 4 -> RemoteAddress:Port 5 TCP 192.168.216.51:80 55 327 212 21634 25072 6 -> 192.168.13.12:80 27 162 108 10746 12751 7 -> 192.168.13.13:80 28 165 104 10888 12321 8 [root@web1 ~]# ipvsadm -lnc #连接条目 9 IPVS connection entries 10 pro expire state source virtual destination 11 TCP 01:53 TIME_WAIT 192.168.216.55:56712 192.168.216.51:80 192.168.13.12:80 12 TCP 01:56 TIME_WAIT 192.168.216.55:56724 192.168.216.51:80 192.168.13.12:80 13 TCP 01:56 TIME_WAIT 192.168.216.55:56716 192.168.216.51:80 192.168.13.12:80 14 TCP 01:56 TIME_WAIT 192.168.216.55:56718 192.168.216.51:80 192.168.13.13:80 15 TCP 01:56 TIME_WAIT 192.168.216.55:56722 192.168.216.51:80 192.168.13.13:80 16 TCP 01:56 TIME_WAIT 192.168.216.55:56720 192.168.216.51:80 192.168.13.12:80 17 TCP 01:55 TIME_WAIT 192.168.216.55:56714 192.168.216.51:80 192.168.13.13:80 18 [root@web1 ~]#