一、规划
lvs01
eth0:192.168.240.134
eth1:192.168.253.130
rs01
eth0:192.168.253.128
gateway:192.168.253.130
rs02
eth0:192.168.253.129
gateway:192.168.253.130
192.168.240.0网段供外网访问,使用NAT
192.168.253.0网段为内网段,使用hostonly
vip(外网):192.168.240.144
dip(内网):192.168.253.131
二、负载均衡器安装配置
1、查看ipvs相关信息:
[[email protected]
network-scripts]# grep -i ‘vs‘ /boot/config-2.6.32-358.el6.x86_64
CONFIG_GENERIC_TIME_VSYSCALL=y
# CONFIG_X86_VSMP is
not set
CONFIG_HIBERNATION_NVS=y
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG
is not set
CONFIG_IP_VS_TAB_BITS=12
# IPVS transport
protocol load balancing support
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
# IPVS scheduler 【支持10种算法】
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
# IPVS application
helper
CONFIG_IP_VS_FTP=m
CONFIG_OPENVSWITCH=m
CONFIG_MTD_BLKDEVS=m
CONFIG_SCSI_MVSAS=m
#
CONFIG_SCSI_MVSAS_DEBUG is not set
CONFIG_VMWARE_PVSCSI=m
CONFIG_MOUSE_VSXXXAA=m
CONFIG_MAX_RAW_DEVS=8192
CONFIG_USB_SEVSEG=m
CONFIG_USB_VST=m
2、安装命令行工具
[[email protected]
~]# yum install ipvsadm -y
[[email protected]
~]# lsmod |grep ip_vs
没有安装输出,需要加载模块
[[email protected]
~]# modprobe ip_vs
[[email protected]
~]# lsmod |grep ip_vs
ip_vs 115643 0
libcrc32c 1246 1 ip_vs
ipv6 321422 142
ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
3、开启路由转发功能
[[email protected]
~]# vim /proc/sys/net/ipv4/ip_forward
或者
[[email protected] ~]# vim
/etc/sysctl.conf
将net.ipv4.ip_forward
= 0 --> 改成 1
启用:
[[email protected] ~]#
sysctl -p
net.ipv4.ip_forward
= 1
net.ipv4.conf.default.rp_filter
= 1
net.ipv4.conf.default.accept_source_route
= 0
kernel.sysrq = 0
kernel.core_uses_pid
= 1
net.ipv4.tcp_syncookies
= 1
error:
"net.bridge.bridge-nf-call-ip6tables" is an unknown key
error:
"net.bridge.bridge-nf-call-iptables" is an unknown key
error:
"net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb =
65536
kernel.msgmax =
65536
kernel.shmmax =
68719476736
kernel.shmall =
4294967296
4、将两台RS服务器网关设置为LVS的内网口地址
5、配置NTP,使各个服务器时间进行同步
5.1、搭建NTP服务
可参考:http://zyan.cc/post/281/
服务器端需要安装:
[[email protected] ~]# yum
install ntp
允许任何IP的客户机都可以进行时间同步将“restrict default kod nomodify notrap nopeer noquery”这行修改成:
restrict
default nomodify
[[email protected] ~]# vim
/etc/ntp.conf
# For more
information about this file, see the man pages
# ntp.conf(5),
ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile
/var/lib/ntp/drift
# Permit time
synchronization with our time source, but do not
# permit the source
to query or modify the service on this system.
restrict
default nomodify
restrict -6 default
kod nomodify notrap nopeer noquery
# Permit all access
over the loopback interface. This could
# be tightened as
well, but to do so would effect some of
# the administrative
functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local
network are less restricted.
#restrict
192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers
from the pool.ntp.org project.
# Please consider
joining the pool (http://www.pool.ntp.org/join.html).
server
0.rhel.pool.ntp.org iburst
server
1.rhel.pool.ntp.org iburst
server
2.rhel.pool.ntp.org iburst
PS : 以上配置需要联网才能同步,另外,我们可以设置成:若无法通过网络同步时间,则使用本地时间进行同步
则需要将以下代码添加到配置文件
server
127.0.0.1
fudge
127.0.0.1 stratum 5
5.2、客户端时间同步
手动同步:
[[email protected] ~]#
ntpdate 192.168.253.130
10 Sep 20:01:42
ntpdate[2352]: step time server 192.168.253.130 offset -28800.064241 sec
[[email protected] ~]#
ntpdate 192.168.253.130
10 Sep 20:01:36
ntpdate[2388]: adjust time server 192.168.253.130 offset 0.000067 sec
PS:手动同步时,可能会出现
[[email protected]
~]# ntpdate 192.168.253.130
11 Sep
03:30:35 ntpdate[2314]: no server suitable for synchronization found
可能是由于ntp服务器防火墙没有关闭,或者ntp服务器还未与ntp server同步时间。
设置计划任务:
[[email protected] cron.d]#
vim /etc/crontab
20 * * * *
/usr/sbin/ntpdate 192.168.253.130
每20分钟同步一次
6、提供页面
分别在RS上安装测试环境(httpd) 并创建两个不同页面,以示区分
以其中一台为例:
先关闭防火墙:
[[email protected] ~]#
service iptables stop
iptables: Flushing
firewall rules:
[ OK ]
iptables: Setting
chains to policy ACCEPT: filter
[ OK ]
iptables: Unloading
modules:
[ OK ]
[[email protected] ~]#
chkconfig iptables off
[[email protected] ~]# yum
install httpd
[[email protected] ~]# echo
"RS1:192.168.253.129" > /var/www/html/index.html
[[email protected] ~]#
service httpd start
测试:
7、配置LVS调度器
配置外网口vip:
[[email protected] ~]#
ifconfig eth0:0 192.168.240.144 netmask 255.255.255.0 up
[[email protected]
~]# ipvsadm -A -t 192.168.240.144:80 -s rr
| --add-service -A add virtual service with options |
添加虚拟服务选项 |
| --tcp-service -t service-address service-address is host[:port] | 指定tcp服务地址、端口 |
| [-s scheduler] |
指定算法 |
[[email protected] ~]#
ipvsadm -a -t 192.168.240.144:80 -r 192.168.253.128 -m
[[email protected] ~]#
ipvsadm -a -t 192.168.240.144:80 -r 192.168.253.129 -m
|
--add-server -a add real server with options |
添加真是服务器选项 |
| --tcp-service -t service-address service-address is host[:port] | 添加tcp服务地址、端口 |
| --real-server -r server-address server-address is host (and port) | 添加真是服务器地址(端口) |
|
--masquerading -m masquerading (NAT) |
NAT伪装 |
增加真实服务器,以NAT方式,增加指向至各真实服务器(RS)
最好写成脚本,以保证每次重启后都能自动运行
8、测试
[[email protected] ~]#
ipvsadm
IP Virtual Server
version 1.2.1 (size=4096)
Prot
LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.240.144:http rr
-> 192.168.253.128:http Masq
1 0 7
-> 192.168.253.129:http Masq
1 0 7
