LVS負載均衡實戰演練

srayban ? ? Linux干貨

LVS負載均衡實戰之lvs-nat模型

1.準備好機器,配置好時間同步,配置號網絡,主機名

172.16.251.91 client [橋接] [網關為172.16.251.90]  

#lvs負載均衡兩塊網卡  
172.16.251.90   lvs [網卡1] [橋接]   
192.168.42.150  lvs [網卡2] [VMnet8]  

192.168.42.152  rs1  [網關為192.168.42.150] [VMnet8]  
192.168.42.153  rs2  [網關為192.168.42.150] [VMnet8]

2.在172.16.251.90安裝軟件

(1).安裝ipvsadm組件

yum install ipvsadm -y

(2).啟動網卡間核心轉發功能

sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

3.在 rs1,rs2上安裝httpd,啟動rs1,rs2的httpd,并測試 curl 127.0.0.1

(1).rs1: 在rs1節點上添加測試頁面:

echo "this is rs1 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs1 ~]# curl 127.0.0.1
this is rs1 test page

(2).rs2: 在rs2節點上添加測試頁面:

echo "this is rs2 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs2 ~]# curl 127.0.0.1
this is rs2 test page

4.lvs機器上添加負載均衡集群規則 此次定義DIP是以-s指定為rr算法進行輪詢調度,-m指定模式為lvs-nat

ipvsadm -A -t 172.16.251.90:80 -s rr
ipvsadm -a 172.16.251.90:80 -r 192.168.42.152:80 -m 
ipvsadm -a 172.16.251.90:80 -r 192.168.42.153:80 -m 
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.251.90:80 rr
  -> 192.168.42.152:80            Masq    1      0          0         
  -> 192.168.42.153:80            Masq    1      0          0

5.client端測試

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

可以看出訪問時輪詢訪問的

6.我們換個調度算法看看
此處將上面的lvs-nat的rr的基礎上進行修改 ,改成wrr加權輪詢算法:
將192.168.42.152的權重設為1
將192.168.42.153的權重設為3

ipvsadm -E -t 172.16.251.90:80 -s wrr
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.152:80 -w 1 -m
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.153:80 -w 3 -m

在進行測試一下

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page

可以看出權重為3的訪問次數較多

LVS負載均衡實戰之lvs-dr模型

1.準備好機器,配置好時間同步,配置號網絡,主機名

192.16.251.90 [client][網關172.16.0.1]

#此次lvs一張網卡即可,但需要做一個網卡別名[172.16.50.50]做為vip
172.16.251.91 [lvs]

172.16.251.92 [rs1]
172.16.251.93 [rs2]

2.lvs節點配置vip

ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

[root@lvs ~]# ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.251.90  netmask 255.255.0.0  broadcast 172.16.255.255
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)
        RX packets 47889  bytes 43113530 (41.1 MiB)
        RX errors 0  dropped 30  overruns 0  frame 0
        TX packets 15611  bytes 1033180 (1008.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.50.50  netmask 255.255.255.255  broadcast 172.16.50.50
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 174  bytes 15234 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174  bytes 15234 (14.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.在rs1,rs2節點上配置vip

ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

rs1節點:

[root@rs1 ~]# ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@rs1 ~]# route add -host 172.16.50.50 dev lo:0

#配置rs主機參數
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
  • [x] rs2節點同上:

4.lvs機器上添加負載均衡集群規則

ipvsadm -A -t 172.16.50.50:80 -s rr
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.92:80 -g
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.93:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 rr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   1      0          0

5.在client上測試

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同樣得到負載均衡的效果

我們再一次調整調度算法,調整權重,改成wrr加權輪詢算法:
將172.16.251.92的權重設為1
將172.16.251.93的權重設為3

ipvsadm -E -t 172.16.50.50:80 -s wrr
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.92:80  -w 1 -g
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.93:80  -w 3 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 wrr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   3      0          0

我們再一次在client上測試

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .

同樣權重為3的訪問次數較高

LVS負載均衡實戰之HTTP,HTTPS統一調度

此次試驗我們在之前的試驗lvs-dr模型進行改造一下 我們弄一個http虛擬主機,然后全站https,我們希望 lvs在進行負載均衡的時候,訪問http和https站點,可以統一負載,該怎么做呢

我們可以利用fwm通過防火墻標記來定義lvs

1.在lvs機器上生成ca證書
(1) 生成私鑰:

~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

(2) 生成自簽證書:

~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新證書簽署請求;
-x509:生成自簽格式證書,專用于創建私有CA時;
-key:生成請求時用到的私有文件路徑;
-out:生成的請求文件路徑;如果自簽操作將直接生成簽署過的證書;
-days:證書的有效時長,單位是day;

(3) 為CA提供所需的目錄及文件;

~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(4) 輸入的選項如下:

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:

2.生成httpd簽署證書 (也是在lvs節點上) (1) 用到證書的主機生成私鑰;

mkdir -p /etc/httpd/ssl 
cd  /etc/httpd/ssl
(umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)

(2) 生成證書簽署請求

openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365

(3) 簽署證書;

openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/httpd/ssl/httpd.crt  -days  365

(4)將httpd.key httpd.crt 發送到rs1,rs2主機上

scp httpd.key httpd.crt root@172.16.251.92:/etc/httpd/conf.d/
 scp httpd.key httpd.crt root@172.16.251.93:/etc/httpd/conf.d/

3.在rs1,rs2主機上操作
(1)安裝ssl模塊

yum install mod_ssl openssl -y

(2)配置ssl.conf

DocumentRoot "/var/www/html"
ServerName www.test.com
SSLCertificateFile /etc/httpd/conf.d/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

(3)重啟httpd

systemctl restart httpd

4.在lvs機器上測試一下

修改域名解析 172.16.251.92 www.test.com

[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs1 test page
[root@lvs ssl]# curl http://www.test.com
this is rs1 test page

修改域名解析 172.16.251.93 www.test.com

[root@lvs ssl]# curl http://www.test.com
this is rs2 test page .
[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs2 test page .

5.將http,https綁定統一調度

iptables -F
iptables -t mangle -A PREROUTING -d 172.16.50.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 99
iptables -vnL
ipvsadm -C
ipvsadm -A -f 99 -s rr 
ipvsadm -a -f 99 -r 172.16.251.92 -g
ipvsadm -a -f 99 -r 172.16.251.93 -g
ipvsadm -Ln

6.將ca證書發送到client進行測試

#在lvs節點上操作
scp cacert.pem  root@172.16.251.91:/tmp

#在client節點上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同樣我們修改調度算法,調整權重,改成wrr加權輪詢算法:

#lvs節點上操作
ipvsadm -E -f 99 -s wrr 
ipvsadm -e -f 99 -r 172.16.251.92 -w 3 -g
ipvsadm -e -f 99 -r 172.16.251.93 -w 1 -g
ipvsadm -Ln

#在client節點上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page

同樣權重為3的訪問次數較高

原創文章,作者:srayban,如若轉載,請注明出處:http://www.www58058.com/78372

(0)
sraybansrayban
上一篇 2017-06-20
下一篇 2017-06-22

相關推薦

  • LAMP

    備注:本次安裝是采用的系統自帶的yum源進行安裝的 第一步:安裝Apache 1:安裝apache,命令如下: yum install?-y httpd   2:修改httpd.conf,修改ServerName的域名,具體步驟如下: 使用vi編輯器打開apache配置文件,命令如下: vi /etc/httpd/conf/httpd.conf 按…

    Linux干貨 2017-10-09

  • 0805文本處理工具

    文本處理工具 查看文本文件     文件內容:less和cat            文件截?。篽ead和tail       &…

    Linux干貨 2016-08-07

  • 基于nginx實現7層http的負載均衡

    一、實驗環境實驗環境為三臺服務器:1. nginx負載均衡器1. 內網ip:192.168.11.1002. 外網ip:172.16.251.892. 提供網頁服務的RS-1服務器:192.168.11.2013. 提供網頁服務的RS-2服務器:192.168.11.2024. 拓撲如下:二、實驗配置后臺服務器配置:1. 后臺提供網頁服務的兩臺服務器配置:y…

    Linux干貨 2017-06-29

  • 文件的從屬權限和特殊權限

    基礎權限   rwx     經過今天的洗禮,了解了文件的權限位(rwx),而權限對于目錄和文件有著不同的意義     使用ls -l 命令后可以看到     -rw-r–r–. 1 root root 1…

    Linux干貨 2016-08-04

  • 第七周作業

    查看作業內容請移步此鏈接:http://www.cnblogs.com/wangenzhi/p/6403568.html

    Linux干貨 2017-02-15

  • systemd

    systemd 啟動流程:POST -> BIOS -> MBR bootloader -> kernel 臨時根 -> 根文件系統 -> init init 能夠管理、控制init進程的模塊,就是init系統 能夠讓系統在用戶預定義的級別下運行 設備管理器: sysvinit : CentOS 5 第一個廣泛應用的init系統…

    Linux干貨 2017-05-21
欧美性久久久久