环境准备
web1 web2 网关要改成lvs 内网网卡的地址
#(三台虚拟机都需要执行) #临时关闭防火墙 [root@mayongle1 ~]# systemctl stop firewalld.service #关闭开机自启 [root@mayongle1 ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. #临时关闭selinux [root@mayongle1 ~]# setenforce 0 #永久关闭selinux #把/etc/selinux/config文件SELINUX值改成disabled [root@mayongle1 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
web部署
#安装nginx并修改首页 (web1服务器和web2执行) #####虚拟机有网的情况下操作####### #####虚拟机有网的情况下操作####### #####虚拟机有网的情况下操作####### [root@mayongle2 ~]# yum install epel* nginx -y #####虚拟机没网的情况下操作####### #####虚拟机没网的情况下操作####### #####虚拟机没网的情况下操作####### #下载nginx rpm包到电脑 从电脑上传到虚拟机 #nginx rpm包下载地址 http://nginx.org/packages/centos/7/noarch/RPMS/nginx-releasecentos-7-0.el7.ngx.noarch.rpm #下载完成后安装 [root@mayongle1 ~]# rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm 警告:nginx-release-centos-7-0.el7.ngx.noarch.rpm: 头V4 RSA/SHA1 Signature, 密钥 ID 7bd9bf62: NOKEY 准备中... ################################# [100%] 正在升级/安装... 1:nginx-release-centos-7-0.el7.ngx ################################# [100%] #启动nginx并设置开机自启 [root@mayongle2 ~]# systemctl enable nginx.service --now Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. #修改web主页 #yum安装的nginx默认的主页源码在/usr/share/nginx/html文件夹下面 #web1修改主页文件内容 [root@mayongle2 html]# echo 111 > /usr/share/nginx/html/index.html [root@mayongle2 html]# cat /usr/share/nginx/html/index.html 111 [root@mayongle2 html]# systemctl restart ngin #重启nginx #web2修改主页文件内容 [root@mayongle3 ~]# echo 222 > /usr/share/nginx/html/index.html [root@mayongle3 ~]# cat /usr/share/nginx/html/index.html 222 [root@mayongle3 html]# systemctl restart ngin #重启nginx #访问web1 web2 IP地址 #出现下面界面就是成功
LVS调度器部署
#开启内核转发 #/etc/sysctl.conf 文件添加以下内容 net.ipv4.ip_forward = 1 [root@lvs ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.ip_forward = 1 [root@lvs ~]# #重新加载配置文件 [root@lvs ~]# sysctl -p #配置SNAT转发规则 [root@lvs ~]# iptables -F #清楚所有规则 [root@lvs ~]# iptables -t nat -F [root@lvs ~]# iptables -t nat -A POSTROUTING -s 192.168.209.0/24 -o ens33 -j SNAT --to-source 192.168.30.147 #追加规则 # 192.168.209.0/24改成要出去数据的网段 iptables -t nat -A POSTROUTING -s 192.168.209.0/24 -o ens33 -j SNAT --to-source 192.168.30.151 #ens33 改成外网网卡 #192.168.30.147 改成外网IP地址 [root@lvs ~]# iptables -t nat -vnL 查看nat表 Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2 packets, 152 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2 packets, 152 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * ens33 192.168.209.0/24 0.0.0.0/0 to:192.168.30.147 #加载ip_vs模块, [root@mayongle1 ~]# modprobe ip_vs #查看ip_vs版本信息 [root@mayongle1 ~]# cat /proc/net/ip_vs IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn #安装ipvsadm管理工具 [root@mayongle1 ~]# yum -y install ipvsadm #编辑lvs策略 [root@mayongle1 ~]# ipvsadm -C #清楚原本的策略 #添加路由转发 [root@lvs ~]# ipvsadm -A -t 192.168.30.147(这里的IP地址改成你lvs服务器ip地址):80 -s rr #-A 添加虚拟服务器,-t 虚拟ip,-s 算法 [root@lvs ~]# ipvsadm -a -t 192.168.30.147:80 -r 192.168.30.149(这里IP地址改成你 web1IP地址) -m #-a 添加真实服务器,-t 真实ip,-m 表示使用nat模式 #-a 添加真实服务器,-t 真实ip,-m 表示使用nat模式 [root@lvs ~]# ipvsadm -a -t 192.168.30.147:80 -r 192.168.30.148(这里IP地址改成你 web2IP地址) -m [root@lvs ~]# ipvsadm #启动策略 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP lvs:http rr -> 192.168.30.148:http Masq 1 0 0 -> 192.168.30.149:http Masq 1 0 0 [root@lvs ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.30.147:80 rr -> 192.168.30.148:80 Masq 1 0 0 -> 192.168.30.149:80 Masq 1 0 0 [root@lvs ~]# ipvsadm-save > /etc/sysconfig/ipvsadm #保存策略 iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o ens33 -j SNAT --to-source 192.168.30.147 #下面访问测试 看看是否能分发到不同的服务器上面 浏览器打开lvs外网地址如果出现nginx网页内容就是 部署成功了 [root@lvs ~]# curl 192.168.30.147 222 [root@lvs ~]# curl 192.168.30.147 111 [root@lvs ~]# curl 192.168.30.147 222 [root@lvs ~]# curl 192.168.30.147 111 [root@lvs ~]# curl 192.168.30.147