ipvsadm
ipvsadm命令是lvs集群在应用层的管理工具,我们可以通过此ipvsadm来管理lvs的配置,其实现了集群服务管理:增、删、改,集群服务的RS管理:增、删、改以及查看集群状态。
管理集群服务:增、改、删;
增(A)、改(E):
ipvsadm -A|E -t|u|f service-address [-s scheduler] [-p [timeout]]
删:
ipvsadm -D -t|u|f service-address
-t|u|f service-address:
-t: TCP协议的端口,VIP:TCP_PORT,如 -t 172.16.10.6:80
-u: UDP协议的端口,VIP:UDP_PORT
-f:firewall MARK,是一个数字,通过iptables可以定义firewall MARK
[-s scheduler]:指定集群的调度算法,默认为wlc
管理集群上的RS:增、改、删;
增(a)、改(e):
ipvsadm -a|e -t|u|f service-address -r server-address [-g|i|m] [-w weight]
删:
ipvsadm -d -t|u|f service-address -r server-address
-r server-address:rip[:port],指明RS的IP地址
lvs类型:
-g: gateway, dr类型
-i: ipip, tun类型
-m: masquerade, nat类型
-w weight:权重
查看集群的状态信息:
ipvsadm -L|l [options]
options:
-c, --connection:显示当前的LVS连接
--timeout:列出超时
--daemon:
--stats:状态信息
--rate:传输速率
--persistent-conn:坚持连接
--sor:把列表排序。
--nosort:不排序
-n, --numeric:输出IP地址和端口的数字形式
规则的保存和重载:
保存和重载: ipvsadm -S = ipvsadm-save ipvsadm -R = ipvsadm-restore 清空定义的所有内容: ipvsadm -C 将所有数据相关的计数器清零: ipvsadm -Z [-t|u|f service-address]
lvs-nat集群的实现
简易流程图:
配置RS1:
[root@RS1 ~]# yum -y install httpd #安装Apache
[root@RS1 ~]# systemctl stop firewalld.service #关闭防火墙
[root@RS1 ~]# ifconfig eno16777736 172.16.0.10/24 up #配置网卡
[root@RS1 ~]# route add default gw 172.16.0.254 #配置路由
[root@RS1 ~]# vim /etc/httpd/conf/httpd.conf #设置httpd
Listen 8080
ServerName localhost
[root@RS1 ~]# vim /var/www/html/index.html
<h1> RS1 172.16.0.10 <h1>
[root@RS1 ~]# systemctl start httpd #启用httpd
[root@RS1 ~]# ss -tan
LISTEN 0 128 :::8080 :::*
RS2的配置参考RS1。
配置DR:
[root@DR ~]# yum -y install ipvsadm #安装ipvsadm工具
[root@DR ~]# ifconfig eno16777736 10.0.0.1/24 up #配置vip
[root@DR ~]# ifconfig eno16777736:0 172.16.0.254/24 up #配置dip
[root@DR ~]# sysctl -a | grep ip_forward #确保核心转发功能已开启
net.ipv4.ip_forward = 1
[root@DR ~]# ipvsadm -A -t 10.0.0.1:80 -s rr #配置lvs集群规则
[root@DR ~]# ipvsadm -a -t 10.0.0.1:80 -r 172.16.0.10:8080 -m
[root@DR ~]# ipvsadm -a -t 10.0.0.1:80 -r 172.16.0.11:8080 -m
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.1:80 rr
-> 172.16.0.10:8080 Masq 1 0 0
-> 172.16.0.11:8080 Masq 1 0 0
客户端测试:
# 调度算法使用rr,轮询方式,故调用RS时 比例为1:1
[root@client ~]# for i in {1..20}; do curl http://10.0.0.1; done
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
<h1> RS1 172.16.0.10 </h1>
<h1> RS2 172.16.0.11 </h1>
lvs-dr集群的实现
简易流程图:
配置RS1:
[root@RS1 ~]# ifconfig eno16777736 10.0.0.11/24 up #配置网卡
[root@RS1 ~]# ifconfig lo:0 10.0.0.1 netmask 255.255.255.255 broadcast 10.0.0.1 up
[root@RS1 ~]# route add -host 10.0.0.1 dev lo:0 #配置路由
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore #设置arp响应
[root@RS1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@RS1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@RS1 ~]# vim /etc/httpd/conf/httpd.conf #设置httpd
Listen 80
[root@RS1 ~]# vim /var/www/html/index.html
<h1> RS1 10.0.0.11<h1>
[root@RS1 ~]# systemctl start httpd #启用httpd
[root@RS1 ~]# ss -tan
LISTEN 0 128 :::8080 :::*
RS2的配置参考RS1。
配置DR:
[root@DR ~]# ifconfig eno16777736 10.0.0.2/24 up #配置dip [root@DR ~]# ifconfig eno16777736:0 10.0.0.1 netmask 255.255.255.255 broadcast 10.0.0.1 up #配置vip [root@DR ~]# ipvsadm -A -t 10.0.0.1:80 -s wrr #配置lvs集群规则 [root@DR ~]# ipvsadm -a -t 10.0.0.1:80 -r 10.0.0.11 -g -w 1 [root@DR ~]# ipvsadm -a -t 10.0.0.1:80 -r 10.0.0.12 -g -w 2 [root@DR ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.0.0.1:80 wrr -> 10.0.0.11:80 Route 1 0 0 -> 10.0.0.12:80 Route 2 0 0
客户端测试:
# 调度算法使用wrr,比重为1:2 [root@client ~]# for i in {1..20}; do curl http://10.0.0.1; done <h1> RS1 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS1 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS1 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS1 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.11 </h1> <h1> RS2 10.0.0.12 </h1> <h1> RS2 10.0.0.12 </h1>
RS1的配置脚本参考:
#!/bin/bash
#
vip=10.0.0.1
rip=10.0.0.11
mask1=255.255.255.255
mask2=255.255.255.0
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig eno16777736 $rip netmask $mask2 up
ifconfig lo:0 $vip netmask $mask1 broadcast $vip up
route add -host $vip dev lo:0
;;
stop)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
DR的配置脚本参考:
#!/bin/bash
#
vip=10.0.0.1
mask1=255.255.255.255
dip=10.0.0.2
mask2=255.255.255.0
port=80
rs1=10.0.0.11
rs2=10.0.0.12
scheduler='wrr'
type='-g'
case $1 in
start)
ifconfig eno16777736 $dip netmask $mask2 up
ifconfig eno16777736:0 $vip netmask $mask1 broadcast $vip up
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 2
;;
stop)
ipvsadm -C
ifconfig eno16777736:0 down
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
附:使用 ldirectord 实现对各RS的健康状态做检查,失败时禁用,成功时启用。
DR上安装 ldirectord:
[root@DR ~]# lsb_release -r #centos版本
Release: 7.2.1511
[root@DR ~]# yum localinstall ldirectord-3.9.6-0rc1.1.1.x86_64.rpm #ldirectord版本
[root@DR ~]# cp /usr/share/doc/ldirectord-3.9.6/ldirectord.cf /etc/ha.d/ldirectord.cf #ldirectord默认没有配置文件,直接复制一份
[root@DR ~]# vim /etc/ha.d/ldirectord
checktimeout=3
checkinterval=1
fallback=127.0.0.1:80
autoreload=yes
quiescent=no
virtual=10.0.0.1:80
real=10.0.0.11:80 gate 1
real=10.0.0.12:80 gate 2
fallback=127.0.0.1:80 gate
service=http #指定服务
request="index.html" #指定健康监测的文件
#receive="Test" #指定健康监测响应的内容
scheduler=wrr
checktype=negotiate
checkport=80
[root@DR ~]# ipvsadm -C #清除自己设定的集群
[root@DR ~]# ldirectord start
[root@DR ~]# ipvsadm -ln #启用ldirectord会自行设定集群
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.1:80 wrr
-> 10.0.0.11:80 Route 1 0 0
-> 10.0.0.12:80 Route 2 0 0
客户端测试:
#客户端测试
[root@client ~]# for i in {1..20}; do curl http://10.0.0.1; done
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS1 10.0.0.11 </h1>
#停止RS1的httpd服务
[root@RS1 ~]# systemctl stop httpd.service
#DR的状态
[root@DR ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.1:80 wrr
-> 10.0.0.12:80 Route 2 0 0
#客户端测试
[root@client ~]# for i in {1..20}; do curl http://10.0.0.1; done
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>
<h1> RS2 10.0.0.12 </h1>