实验 详解LVS-NAT部署实战
目录
- 一 案例环境
- 二 环境规划
- 三 实验步骤
一 案例环境
LVS调度器作为Web服务器池的网关,LVS两块网卡,分别连接内外网,使用轮询(rr)调度算法
(此次实验只搭建了web服务器1,2)
二 环境规划
1 调度器
对外公网:20.0.0.11 (NAT)
私有网络:192.168.100.11 (VM1)
业务端口号:80
路由转发功能
2 Web1
私有网络:192.168.100.12 (VM1)
网关:192.168.100.11
3 Web2
私有网络:192.168.100.13 (VM1)
网关:192.168.100.11
4 存储服务器
私有网络:192.168.100.14 (VM1)
网关:192.168.100.11
三 实验步骤
调度器
##添加一张网卡##
[root@localhost ~]# nmcli connection
NAME UUID TYPE DEVICE
Wired connection 1 bfc27410-ab83-37ce-a52b-ed5c4e6d0f92 802-3-ethernet ens37
ens33 7f14cbe3-135f-456e-a81e-d552a9c0e172 802-3-ethernet ens33
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens37
[root@localhost network-scripts]# vi ifcfg-ens37
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
UUID=bfc27410-ab83-37ce-a52b-ed5c4e6d0f92
DEVICE=ens37
ONBOOT=yes
IPADDR=192.168.100.11
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# vi ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=7f14cbe3-135f-456e-a81e-d552a9c0e172
DEVICE=ens33
ONBOOT=yes
IPADDR=20.0.0.11
NETMASK=255.255.255.0
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
20.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens37
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# ipvsadm -v
ipvsadm v1.27 2008/5/15 (compiled with popt and IPVS v1.2.1)
[root@localhost ~]# modprobe ip_vs
[root@localhost ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
##创建虚拟服务器(注意:NAT模式要两张网卡,调度器的地址时外网口地址)##
[root@localhost ~]# ipvsadm -A -t 20.0.0.11:80 -s rr
##添加服务器节点##
[root@localhost ~]# ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.12:80 -m
[root@localhost ~]# ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.13:80 -m
##保存LVS策略##
[root@localhost ~]# ipvsadm-save > /opt/ipvsadm
[root@localhost ~]# cat /opt/ipvsadm
-A -t localhost.localdomain:http -s rr
-a -t localhost.localdomain:http -r 192.168.100.12:http -m -w 1
-a -t localhost.localdomain:http -r 192.168.100.13:http -m -w 1
##开启调度服务器路由转发功能##
[root@localhost ~]# vi /etc/sysctl.conf
......
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
说明:
● ipvsadm -A -t 20.0.0.11:80 -s rr
-A:表示添加虚拟服务器
-t:用来指定VIP地址及TCP端口
-s:用来指定负载调度算法——rr(轮询算法),wrr(加权算法),lc(最少轮询),wlc(加权最少轮询)
● ipvsadm -a -t 20.0.0.11:80 -r 192.168.100.12:80 -m
-a:表示添加真实服务器
-t:用来指定VIP地址及TCP端口
-r:用来指定RIP地址及TCP端口
-m:表示使用NAT群集模式(“-g”是DR模式,“-i”是TUN模式)
-m参数后面还可以跟-w的参数,这里没有做的“-w”用来设置权重(权重为0时表示暂停节点)
-d:表示从服务器池中删除某一个节点,执行删除操作时必须指定目标对象,包括节点地址,虚拟地址。
-D:表示删除整个虚拟服务器,使用选项-D时,指定虚拟IP地址即可,无需指定节点
● ipvsadm -L:表示查看节点状态,加个“-n”将以数字形式显示地址,端口信息
存储服务器
##配置IP地址和网关##
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=c97c89fa-33b2-4d71-af32-0fade6d5ecf3
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.14
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.11 0.0.0.0 UG 100 0 0 ens33
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@localhost ~]# rpm -q nfs-utils ##如果没有装,yum -y install nfs-utils
nfs-utils-1.3.0-0.48.el7.x86_64
[root@localhost ~]# rpm -q rpcbind ##如果没有装,yum -y install rpcbind
rpcbind-0.2.0-42.el7.x86_64
[root@localhost ~]# systemctl start nfs
[root@localhost ~]# systemctl start rpcbind
[root@localhost ~]# mkdir /opt/51xit /opt/52xit
[root@localhost ~]# vi /etc/exports
......
/opt/51xit 192.168.100.0/24(rw,sync)
/opt/52xit 192.168.100.0/24(rw,sync)
[root@localhost ~]# systemctl restart nfs
[root@localhost ~]# systemctl restart rpcbind
[root@localhost ~]# systemctl enable nfs
[root@localhost ~]# systemctl enable rpcbind
[root@localhost ~]# echo "this is www.51xit.top" >/opt/51xit/index.html
[root@localhost ~]# echo "this is www.52xit.top" >/opt/52xit/index.html
Web1
##配置IP地址和网关##
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=eeab821b-e659-4875-a833-d83ba79824c5
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.12
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.11 0.0.0.0 UG 100 0 0 ens33
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@localhost ~]# yum -y install nfs-utils ##必须要装nfs-untils否则mount不识别nfs格式,系统最小化安装需要装
[root@localhost ~]# showmount -e 192.168.100.14 ##如果还没发布,请到存储服务器发布下,exportfs -rv
Export list for 192.168.100.14:
/opt/52xit 192.168.100.0/24
/opt/51xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.14:/opt/51xit /var/www/html/
[root@localhost ~]# vi /etc/fstab ##设置开机自动挂载
......
192.168.100.14:/opt/51xit/ /var/www/html/ nfs defaults,_netdev 0 0
[root@localhost ~]# mount -a ##测试格式
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
登录192.168.100.12测试网站是否正常
Web2
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=7df84afb-6c7f-4b38-92f6-621966d3edcd
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.13
NETMASK=255.255.255.0
GATEWAY=192.168.100.11
[root@localhost ~]# systemctl restart network
[root@localhost ~]# yum -y install nfs-utils
[root@localhost ~]# showmount -e 192.168.100.14
Export list for 192.168.100.14:
/opt/52xit 192.168.100.0/24
/opt/51xit 192.168.100.0/24
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# mount 192.168.100.14:/opt/52xit /var/www/html/
[root@localhost ~]# ll /var/www/html/
total 4
-rw-r--r--. 1 root root 22 Sep 21 12:10 index.html
[root@localhost ~]# vi /etc/fstab
......
192.168.100.14:/opt/52xit/ /var/www/html/ nfs defaults,_netdev 0 0
[root@localhost ~]# mount -a
[root@localhost ~]# init 6
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
登录192.168.100.13测试网站是否正常
登录20.0.0.11 测试轮询是否正常