实验环境
使用vagrant创建三台VirtualBox虚拟机服务器,删除NAT网卡,配置网络为host-only连接。node1作为DS,node2、node3作为RS,RS上只能配置一个网卡eth0,并且修改/etc/sysconfig/network-scripts/ifcfg-eth0,网关要指向DS的DIP地址。这部分内容可以参考使用Vagrant创建虚拟机中的第六章节。
在node1上添加一个桥接网卡,IP修改为静态ip,172.20.10.8。
节点信息如下:
- DS:node1,VIP=172.20.10.8,DIP=192.168.56.11
- RS:
- node2,RIP=192.168.56.12,GATEWAY=192.168.56.11
- node3,RIP=192.168.56.13,GATEWAY=192.168.56.11
安装过程
安装服务
两个RS上都安装 httpd 服务
$ yum install -y httpd
DS上安装 ipvsadm
$ yum install -y ipvsadm
配置DS
查看VIP地址:
$ ifconfig eth1
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.20.10.8 netmask 255.255.255.0 broadcast 172.20.10.255
inet6 fe80::a00:27ff:feb2:822e prefixlen 64 scopeid 0x20<link>
ether 08:00:27:b2:82:2e txqueuelen 1000 (Ethernet)
RX packets 623 bytes 51088 (49.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 239 bytes 23144 (22.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
开启路由转发功能:
$ echo 1 > /proc/sys/net/ipv4/ip_forward
关闭 icmp 的重定向:
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth2/send_redirects
设置 nat 防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -j MASQUERADE
启动RS上的httpd
chkconfig httpd on
service httpd start
在每个RS节点上的httpd服务的默认路径 /var/www/html/ 下新建一个入口访问页index.html。
ip addr show eth0 |grep '192.168.56.' |awk '{print $2}' >/var/www/html/index.html
检查node2和node3节点的路由表:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 192.168.56.11 0.0.0.0 UG 101 0 0 eth1
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.56.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
在客户端节点,测试两台RS能访问index.html,但是VIP(172.20.10.8)不能访问。
$ curl http://192.168.56.12/
192.168.56.12/24
$ curl http://192.168.56.13/
192.168.56.13/24
$ curl http://172.20.10.8
curl: (7) Failed to connect to 172.20.10.8 port 80: Connection refused
启动DS的ipvsadm并配置
#先清除规则
ipvsadm -C
ipvsadm -A -t 172.20.10.8:80 -s rr
ipvsadm -a -t 172.20.10.8:80 -r 192.168.56.12:80 -m -w 1 #NAT模式
ipvsadm -a -t 172.20.10.8:80 -r 192.168.56.13:80 -m -w 1 #NAT模式
ipvsadm -ln
再测试
在客户端节点上,访问http://172.20.10.8,可以看到内容。或者在终端访问:
$ curl 172.20.10.8
192.168.56.13/24
$ curl 172.20.10.8
192.168.56.12/24
在DS上运行下面命令:
$ ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.20.10.8:80 rr
-> 192.168.56.12:80 Masq 1 0 3
-> 192.168.56.13:80 Masq 1 0 4
$ ipvsadm -lnc
IPVS connection entries
pro expire state source virtual destination
TCP 15:01 ESTABLISHED 172.20.10.2:60449 172.20.10.8:80 192.168.56.12:80
TCP 14:56 ESTABLISHED 172.20.10.2:60450 172.20.10.8:80 192.168.56.13:80
#没有监听80端口
$ netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2385/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2580/master
tcp 0 0 10.0.2.15:22 10.0.2.2:58944 ESTABLISHED 2783/sshd: vagrant
tcp 0 0 10.0.2.15:22 10.0.2.2:59157 ESTABLISHED 3114/sshd: vagrant
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 2385/sshd