NAT模型图
注意事项:RealServer需要把网关指向Director,并且Director要打开转发功能命令如下:
echo "1" > /proc/sys/net/ipv4/ip_foreward
DR模型图
注意事项:需要在RealServer配置如下信息:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0
环境:
搭建NFS共享存储服务,ip
NIP:192.168.220.18
搭建Keepalived,ip
DIP1:192.168.220.28
DIP2:192.168.220.24
VIP:192.168.220.5
搭建RealServer,ip
RIP1:192.168.220.25
RIP2:192.168.220.26
Client Test Host
IP:192.168.11.30
ps:自己三层交换做Vlan
一、NFS搭建步骤
1、查看R1/R2用于跑httpd服务的User
[root@Real-Server-Two ~]# ps -ef |grep httpd | head -2 root 3318 1 0 14:44 ?00:00:01 /usr/sbin/httpd -DFOREGROUND apache 3319 3318 0 14:44 ?00:00:00 /usr/sbin/httpd -DFOREGROUND #发现apache [root@Real-Server-Two ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache) [root@Real-Serve-One ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache)
2、在NFS-Server上面创建用于共享的文件,并且创建apapche用户UID为48
[root@NFS-Server ~]# clear[root@NFS-Server ~]# mkdir -p /data/site/ [root@NFS-Server ~]# useradd -M -r -s /sbin/nologin -u 48 apache [root@NFS-Server ~]# id apache uid=48(apache) gid=48(apache) groups=48(apache)
3、设定/data/site/www.sunshineboy.com用户与用户组
[root@NFS-Server ~]# chown apache.apache /data/site/ [root@NFS-Server ~]# ls -l /data/site/ total 0drwxr-xr-x 2 apache apache 39 Oct 24 12:22 www.sunshineboy.com
4、安装nfs-utils组件,与启动服务
yum install -y nfs-utlis [root@NFS-Server ~]# systemctl start rpcbind [root@NFS-Server ~]# systemctl start nfs.service [root@NFS-Server ~]# ps -ef | grep nfsroot 3400 2 0 11:30 ?00:00:00 [nfsd4] root 3401 2 0 11:30 ?00:00:00 [nfsd4_callbacks] root 3407 2 0 11:30 ?00:00:00 [nfsd] root 3408 2 0 11:30 ?00:00:00 [nfsd] root 3409 2 0 11:30 ?00:00:00 [nfsd] root 3410 2 0 11:30 ?00:00:00 [nfsd] root 3411 2 0 11:30 ?00:00:00 [nfsd] root 3412 2 0 11:30 ?00:00:00 [nfsd] root 3413 2 0 11:30 ?00:00:00 [nfsd] root 3414 2 0 11:30 ?00:00:00 [nfsd] root 3859 2471 0 15:48 pts/100:00:00 grep --color=auto nfs
5、NFS配置文件设定及exportfst
[root@NFS-Server ~]# cat /etc/exports/data/site/www.sunshineboy.com 192.168.220.0/24(rw,root_squash) [root@NFS-Server ~]# exportfs /data/site/www.sunshineboy.com 192.168.220.0/24
6、清空iptables及关闭SELinux
[root@NFS-Server ~]# iptables -F [root@NFS-Server ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@NFS-Server ~]# cat /etc/selinux/config | grep disabled # disabled - No SELinux policy is loaded.SELINUX=disabled [root@NFS-Server ~]# getenforce Disabled
二、Keepalived搭建步骤
1、安装keepalived程序
[root@Director-One ~]# yum install -y keepalived #DIP1安装 [root@Director-Two ~]# yum install -y keepalived #DIP2安装
2、keepalived的D1/D2配置
Director1配置
[root@Director-One keepalived]# cat keepalived.conf #查看D1配置
!Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from sunshineboy@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-One keepalived]# systemctl start keepalived #DIP1启动服务
[root@Director-One keepalived]# ip add sh | grep "192.168.220." #查看,220.5地址有了
inet 192.168.220.24/27 brd 192.168.220.31 scope global dynamic eno16777728
inet 192.168.220.5/32 scope global eno16777728Director2配置
[root@Director-Two keepalived]# cat keepalived.conf #查D2看配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from sunshineboy@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-Two keepalived]# ip add sh | grep "192.168.220"
inet 192.168.220.28/27 brd 192.168.220.31 scope global dynamic eno167777283、安装ipvsadm查看Lvs调度是否如我们所设定那样
[root@Director-Two keepalived]# yum install ipvsadm -y #在D2安装ipvsadm [root@Director-One keepalived]# yum install ipvsadm -y #在D1安航ipvsadm [root@Director-One keepalived]# ipvsadm -Ln #在D1查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0 [root@Director-Two keepalived]# ipvsadm -Ln #在D2查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0
三、RealServer步骤搭建
1、编写设定VIP及内核功能参数脚本
[root@Real-Server-Two ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Server-Two ~]# chmod +x skp.sh #赋予执行权限 [root@Real-Serve-One ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Serve-One ~]# chmod +x skp.sh #赋予执行权限 #!/bin/bash#vip=192.168.220.5case $1 instart) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 del $vip ;; esac
2、在RealServer1/RealServer2Z执行该脚本
[root@Real-Serve-One ~]# sh skp.sh start #执行脚本 [root@Real-Serve-One ~]# ip add sh | grep "192.168.220" #查看是否成功 inet 192scope global lo:0inet 192.168.220.25/27 brd 192.168.220.31 scope global dynamic eno16777728 [root@Real-Server-Two ~]# sh skp.sh start #执行脚本 [root@Real-Server-Two ~]# ip add sh | grep "192.168.220." #查看是否成功inet 192.168.220.5/32 brd 192.168.220.5 scope global lo:0inet 192.168.220.26/27 brd 192.168.220.31 scope global dynamic eno16777728
测试:
京公网安备 11010802041100号