LVS負載均衡實戰演練

srayban ? ? Linux干貨

LVS負載均衡實戰之lvs-nat模型

1.準備好機器,配置好時間同步,配置號網絡,主機名

172.16.251.91 client [橋接] [網關為172.16.251.90]  

#lvs負載均衡兩塊網卡  
172.16.251.90   lvs [網卡1] [橋接]   
192.168.42.150  lvs [網卡2] [VMnet8]  

192.168.42.152  rs1  [網關為192.168.42.150] [VMnet8]  
192.168.42.153  rs2  [網關為192.168.42.150] [VMnet8]

2.在172.16.251.90安裝軟件

(1).安裝ipvsadm組件

yum install ipvsadm -y

(2).啟動網卡間核心轉發功能

sysctl -w net.ipv4.ip_forward=1
cat /proc/sys/net/ipv4/ip_forward

3.在 rs1,rs2上安裝httpd,啟動rs1,rs2的httpd,并測試 curl 127.0.0.1

(1).rs1: 在rs1節點上添加測試頁面:

echo "this is rs1 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs1 ~]# curl 127.0.0.1
this is rs1 test page

(2).rs2: 在rs2節點上添加測試頁面:

echo "this is rs2 test page." >/var/www/html/index.html
systemctl start httpd.service
[root@rs2 ~]# curl 127.0.0.1
this is rs2 test page

4.lvs機器上添加負載均衡集群規則 此次定義DIP是以-s指定為rr算法進行輪詢調度,-m指定模式為lvs-nat

ipvsadm -A -t 172.16.251.90:80 -s rr
ipvsadm -a 172.16.251.90:80 -r 192.168.42.152:80 -m 
ipvsadm -a 172.16.251.90:80 -r 192.168.42.153:80 -m 
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.251.90:80 rr
  -> 192.168.42.152:80            Masq    1      0          0         
  -> 192.168.42.153:80            Masq    1      0          0

5.client端測試

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

可以看出訪問時輪詢訪問的

6.我們換個調度算法看看
此處將上面的lvs-nat的rr的基礎上進行修改 ,改成wrr加權輪詢算法:
將192.168.42.152的權重設為1
將192.168.42.153的權重設為3

ipvsadm -E -t 172.16.251.90:80 -s wrr
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.152:80 -w 1 -m
ipvsadm -e -t 172.16.251.90:80 -r 192.168.42.153:80 -w 3 -m

在進行測試一下

[root@client ~]# for i in {1..10};do curl http://172.16.251.90 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page

可以看出權重為3的訪問次數較多

LVS負載均衡實戰之lvs-dr模型

1.準備好機器,配置好時間同步,配置號網絡,主機名

192.16.251.90 [client][網關172.16.0.1]

#此次lvs一張網卡即可,但需要做一個網卡別名[172.16.50.50]做為vip
172.16.251.91 [lvs]

172.16.251.92 [rs1]
172.16.251.93 [rs2]

2.lvs節點配置vip

ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

[root@lvs ~]# ifconfig ens33:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@lvs ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.251.90  netmask 255.255.0.0  broadcast 172.16.255.255
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)
        RX packets 47889  bytes 43113530 (41.1 MiB)
        RX errors 0  dropped 30  overruns 0  frame 0
        TX packets 15611  bytes 1033180 (1008.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.50.50  netmask 255.255.255.255  broadcast 172.16.50.50
        ether 00:0c:29:bf:24:15  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 174  bytes 15234 (14.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174  bytes 15234 (14.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.在rs1,rs2節點上配置vip

ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up

rs1節點:

[root@rs1 ~]# ifconfig lo:0 172.16.50.50 netmask 255.255.255.255 broadcast 172.16.50.50 up
[root@rs1 ~]# route add -host 172.16.50.50 dev lo:0

#配置rs主機參數
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/ens33/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/ens33/arp_announce
  • [x] rs2節點同上:

4.lvs機器上添加負載均衡集群規則

ipvsadm -A -t 172.16.50.50:80 -s rr
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.92:80 -g
ipvsadm -a -t 172.16.50.50:80 -r 172.16.251.93:80 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 rr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   1      0          0

5.在client上測試

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同樣得到負載均衡的效果

我們再一次調整調度算法,調整權重,改成wrr加權輪詢算法:
將172.16.251.92的權重設為1
將172.16.251.93的權重設為3

ipvsadm -E -t 172.16.50.50:80 -s wrr
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.92:80  -w 1 -g
ipvsadm -e -t 172.16.50.50:80 -r 172.16.251.93:80  -w 3 -g

[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.50.50:80 wrr
  -> 172.16.251.92:80             Route   1      0          0         
  -> 172.16.251.93:80             Route   3      0          0

我們再一次在client上測試

[root@client ~]# for i in {1..10};do curl http://172.16.50.50 ;done
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs2 test page .

同樣權重為3的訪問次數較高

LVS負載均衡實戰之HTTP,HTTPS統一調度

此次試驗我們在之前的試驗lvs-dr模型進行改造一下 我們弄一個http虛擬主機,然后全站https,我們希望 lvs在進行負載均衡的時候,訪問http和https站點,可以統一負載,該怎么做呢

我們可以利用fwm通過防火墻標記來定義lvs

1.在lvs機器上生成ca證書
(1) 生成私鑰:

~]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

(2) 生成自簽證書:

~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655
-new:生成新證書簽署請求;
-x509:生成自簽格式證書,專用于創建私有CA時;
-key:生成請求時用到的私有文件路徑;
-out:生成的請求文件路徑;如果自簽操作將直接生成簽署過的證書;
-days:證書的有效時長,單位是day;

(3) 為CA提供所需的目錄及文件;

~]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
~]# touch  /etc/pki/CA/{serial,index.txt}
~]# echo  01 > /etc/pki/CA/serial

(4) 輸入的選項如下:

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server's hostname) []:ca.test.com
Email Address []:

2.生成httpd簽署證書 (也是在lvs節點上) (1) 用到證書的主機生成私鑰;

mkdir -p /etc/httpd/ssl 
cd  /etc/httpd/ssl
(umask  077; openssl  genrsa -out  /etc/httpd/ssl/httpd.key  2048)

(2) 生成證書簽署請求

openssl  req  -new  -key  /etc/httpd/ssl/httpd.key  -out /etc/httpd/ssl/httpd.csr  -days  365

(3) 簽署證書;

openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/httpd/ssl/httpd.crt  -days  365

(4)將httpd.key httpd.crt 發送到rs1,rs2主機上

scp httpd.key httpd.crt root@172.16.251.92:/etc/httpd/conf.d/
 scp httpd.key httpd.crt root@172.16.251.93:/etc/httpd/conf.d/

3.在rs1,rs2主機上操作
(1)安裝ssl模塊

yum install mod_ssl openssl -y

(2)配置ssl.conf

DocumentRoot "/var/www/html"
ServerName www.test.com
SSLCertificateFile /etc/httpd/conf.d/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

(3)重啟httpd

systemctl restart httpd

4.在lvs機器上測試一下

修改域名解析 172.16.251.92 www.test.com

[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs1 test page
[root@lvs ssl]# curl http://www.test.com
this is rs1 test page

修改域名解析 172.16.251.93 www.test.com

[root@lvs ssl]# curl http://www.test.com
this is rs2 test page .
[root@lvs ssl]# curl --cacert /etc/pki/CA/cacert.pem  https://www.test.com
this is rs2 test page .

5.將http,https綁定統一調度

iptables -F
iptables -t mangle -A PREROUTING -d 172.16.50.50 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 99
iptables -vnL
ipvsadm -C
ipvsadm -A -f 99 -s rr 
ipvsadm -a -f 99 -r 172.16.251.92 -g
ipvsadm -a -f 99 -r 172.16.251.93 -g
ipvsadm -Ln

6.將ca證書發送到client進行測試

#在lvs節點上操作
scp cacert.pem  root@172.16.251.91:/tmp

#在client節點上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs2 test page .
this is rs1 test page

同樣我們修改調度算法,調整權重,改成wrr加權輪詢算法:

#lvs節點上操作
ipvsadm -E -f 99 -s wrr 
ipvsadm -e -f 99 -r 172.16.251.92 -w 3 -g
ipvsadm -e -f 99 -r 172.16.251.93 -w 1 -g
ipvsadm -Ln

#在client節點上操作
[root@client ~]# for i in {1..10};do curl http://www.test.com ; curl --cacert /tmp/cacert.pem  https://www.test.com  ;done
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page
this is rs2 test page .
this is rs1 test page
this is rs1 test page
this is rs1 test page

同樣權重為3的訪問次數較高

原創文章,作者:srayban,如若轉載,請注明出處:http://www.www58058.com/78372

(0)
sraybansrayban
上一篇 2017-06-20 20:58
下一篇 2017-06-22 11:07

相關推薦

  • 文本處理工具練習及作業

    練習1: 1、找出ifconfig “網卡名” 命令結果中本機的IPv4地址 ifconfig |head -n 2 |tail -n 1|tr -s ” ” : |cut -d: -f4 2、查出分區空間使用率的最大百分比值 df|tr -s ‘ ‘ %|sort -t% -k5 -n|tail -n 1|c…

    2017-07-29

  • hbase安裝配置(整合到hadoop)

    1.  快速單擊安裝 在單機安裝Hbase的方法。會引導你通過shell創建一個表,插入一行,然后刪除它,最后停止Hbase。只要10分鐘就可以完成以下的操作。 1.1下載解壓最新版本 選擇一個 Apache 下載鏡像:http://www.apache.org/dyn/closer.cgi/hbase/,下載 HBase Re…

    Linux干貨 2015-04-13

  • I/O重定向及管道

    一、I/O重定向     程序=指定+數據     讀取數據:input     輸出數據:output     打開的文件都有一個fd:文件描述符     l…

    Linux干貨 2016-08-02

  • N25期—第五周作業

    1、 顯示當前系統上root、fedora或user1用戶的默認shell; grep -E "^(root|fedora|user1):" /etc/passwd | cut -d: -f7 2、找出/etc/rc.d/init.d/functions文件中某單詞后面…

    Linux干貨 2017-01-02

  • CentOS6.9系統上編譯安裝httpd.2.2.32

    本文所做的所有操作是在一部新安裝的CentOS6.9系統上。 1.環境與配置 環境說明:VMware上安裝的CentOS6.9系統,兩張系統盤做成的yum源 配置:編譯生成的所有的文件都存放在/usr/local/httpd22/這個目錄下 2.安裝GCC編譯器 [root@localhost ~]# yum grouplist | grep “Develo…

    2017-04-20

  • Linux系統解壓縮

    Linux系統解壓縮 gzip/gunzip 語法gzip [OPTIONS] + 壓縮之后的路徑 + 要壓縮的文件 -#:壓縮比 (不常用) -d:解壓縮,相當于gunzip -c:將壓縮后的數據輸出至標準輸出 -r:遞歸至目錄中對每個文件進行壓縮 zcat :查看壓縮文件的內容 ——————————————————————————————————————…

    Linux干貨 2017-08-15
欧美性久久久久