2. 科技
    3. lvs-dr集群

    lvs-dr集群

    科技2022-08-28  126

    文章目录

    环境关闭selinux关闭防火墙设置网络建立本地yum源 dr配置拓扑调整网卡设置关闭网卡守护进程转发服务器设置创建网卡子接口优化安装ipvsadm 真实服务器设置安装apache服务拷贝环回接口的子接口 设置arp

    环境

    关闭selinux

    vi etc\selinux\config 修改 SELINUX=diable setenforce 0

    查看

    getenforce Permissive

    关闭防火墙

    systemctl stop firewalld systemctl diable firewalld

    查看

    systemctl status firewalld

    设置网络

    vi /etc/sysconfig/network-scropts/ifcfg-eh0 TYPE=Ethernet HWADDR=00:15:5D:02:02:31 BOOTPROTO=static NAME=eth0 UUID=518efb70-c20d-4701-8fe4-51f90ffe64e8 DEVICE=eth0 ONBOOT=yes IPADDR=192.168.2.11 NETMASK=255.255.255.0 PROXY_METHOD=none BROWSER_ONLY=no PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no systemctl restart network

    建立本地yum源

    把光盘镜像文件加载到cdrom

    [root@localhost /]# mkdir mnt/cdrom [root@localhost ~]# mount -t iso9660 /dev/cdrom /mnt/cdrom mount: /dev/sr0 写保护,将以只读方式挂载 [root@localhost ~]# cd /mnt/cdrom [root@localhost cdrom]# ls CentOS_BuildTag GPL LiveOS RPM-GPG-KEY-CentOS-7 EFI images Packages RPM-GPG-KEY-CentOS-Testing-7 EULA isolinux repodata TRANS.TBL [root@localhost yum.repos.d]# mkdir back [root@localhost yum.repos.d]# mv * back/ [root@localhost yum.repos.d]# cp -a back/CentOS-Media.repo ./

    修改文件

    [root@localhost yum.repos.d]# vi CentOS-Media.repo [c7-media] name=CentOS-$releasever - Media baseurl=file:///mnt/cdrom gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 [root@localhost yum.repos.d]# yum clean all 已加载插件:fastestmirror 正在清理软件源: c7-media

    安装工具

    [root@localhost yum.repos.d]# yum -y install gcc gcc-c++ lrzsz

    dr配置

    拓扑

    调整网卡设置

    使其不主动向外通告,且只响应匹配目标地址的请求 在配置LVS负载均衡架构的时候需要在RealServer上抑制ARP,具体是arp_ignore=1,arp_announce=2 arp_ignore: (回应ARP) 0:回应任何网口上收到的对任何本机IP地址的ARP查询请求(默认) 1:只回应Target IP是接收网口的IP的ARP查询请求 2:只回应Target IP是接收网口的IP的ARP查询请求,且Sender IP必须与该网口属于同一网段 4-7:保留未使用 8:不回应所有的arp查询

    arp_announce: (选择ARP宣告时候使用的Sender IP) 0:使用发送(或转发)的数据包的源IP作为发送ARP请求的Sender IP(默认) ;(可使用ping -I 验证) 1:IP数据包的目的IP属于本地某个接口的网段时,Sender IP则使用IP数据包源IP,不属于则按2处理; 2:忽略数据包的源IP,使用能与目标主机会话的最佳地址来作为发送ARP的Sender IP,优先选择对外接口的主IP;(loopback不是对外接口) 注:ARP表没有网关对应的条目时,在发送IP数据包前会触发 arp_announce; Sender MAC跟系统无关,Sender MAC=源MAC,源MAC由物理地址决定,网络攻击除外。

    关闭网卡守护进程

    关闭三台服务器的NetworkManager

    [root@localhost ~]# systemctl status NetworkManager ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) Active: active (running) since 二 2020-10-06 08:43:24 CST; 1h 6min ago Docs: man:NetworkManager(8) Main PID: 690 (NetworkManager) CGroup: /system.slice/NetworkManager.service └─690 /usr/sbin/NetworkManager --no-daemon

    默认是开启的

    [root@localhost ~]# systemctl stop NetworkManager && systemctl disable NetworkManager Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service. Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.

    转发服务器设置

    创建网卡子接口

    cd /etc/sysconfig/network-scripts/ cp -a ifcfg-eth0 ifcfg-eth0:0 vi !$

    修改配置

    TYPE=Ethernet BOOTPROTO=static NAME=eth0:0 DEVICE=eth0:0 ONBOOT=yes IPADDR=10.10.10.100 NETMASK=255.255.255.0 systemctl restart network

    优化

    [root@localhost sysctl.d]# vi 99-sysctl.conf # 关闭路由转发 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0 [root@localhost sysctl.d]# sysctl -p net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.eth0.send_redirects = 0

    安装ipvsadm

    yum -y install ipvsadm

    真实服务器设置

    两个分别设置

    安装apache服务

    yum -y install httpd* systemctl start httpd && systemctl enable httpd # 服务器RS1 echo " This is server 1 !!!!!" >> /var/www/html/index.html # 服务器RS2 echo " This is server 2 !!!!!" >> /var/www/html/index.html

    拷贝环回接口的子接口

    cp -a ifcfg-lo ifcfg-lo:0

    编辑

    [root@localhost network-scripts]# ifup ifcfg-lo:0

    设置arp

    vi /etc/sysctl.d/99-sysctl.conf # 增加以下内容 # LVS -ARP net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.lo.arp_ignore=1 net.ipv4.conf.lo.arp_announce=2

    使生效

    [root@localhost sysctl.d]# sysctl -p net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2

    添加网关路由

    ip route add 10.10.10.100/32 dev lo:0 echo "ip route add 10.10.10.100/32 dev lo:0" >> /etc/rc.d/rc.local

    转发服务器

    [root@localhost cdrom]# ipvsadm -A -t 10.10.10.100:80 -s rr [root@localhost cdrom]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.12:80 -g [root@localhost cdrom]# ipvsadm -a -t 10.10.10.100:80 -r 10.10.10.13:80 -g [root@localhost cdrom]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.10.100:80 rr -> 10.10.10.12:80 Route 1 0 0 -> 10.10.10.13:80 Route 1 0 0
    Processed: 0.010, SQL: 9