ipvsadm组件定义规则的格式:
1.定义集群服务格式:
(1).添加集群服务:
ipvsadm -A|E -t|u|f service-address [-s scheduler]
[-p [timeout]] [-M netmask]
-A: 表示添加一个新的集群服务
-E: 编辑一个集群服务
-t: 表示tcp协议
-u: 表示udp协议
-f: 表示firewall-Mark,防火墙标记
service-address: 集群服务的IP地址,即VIP
-s 指定调度算法
-p 持久连接时长,如#ipvsadm -Lcn ,查看持久连接状态
-M 定义掩码
ipvsadm -D -t|u|f service-address 删除一个集群服务
ipvsadm -C 清空所有的规则
ipvsadm -R 重新载入规则
ipvsadm -S [-n] 保存规则
2.向集群服务添加RealServer规则:
(1).添加RealServer规则
ipvsadm -a|e -t|u|f service-address -r server-address
[-g|i|m] [-w weight]
-a 添加一个新的realserver规则
-e 编辑realserver规则
-t tcp协议
-u udp协议
-f firewall-Mark,防火墙标记
service-address realserver的IP地址
-g 表示定八义为LVS-DR模型
-i 表示定义为LVS-TUN模型
-m 表示定义为LVS-NAT模型
-w 定义权重,后面跟具体的权值
ipvsadm -d -t|u|f service-address -r server-address --删除一个realserver
ipvsadm -L|l [options] --查看定义的规则
如:#ipvsadm -L -n
ipvsadm -Z [-t|u|f service-address] --清空计数器
| 主机 | ip地址 | 安装 | 环境 |
| DR | 192.168.170.132 | ipvsadm | centos8 |
| RS1 | 192.168.170.133 | httpd | centos8 |
| RS2 | 192.168.170.134 | httpd | centos8 |
//安装httpd服务 [root@RS1 ~]# yum install httpd -y [root@RS2 ~]# yum install -y httpd //关闭防火墙和selinux [root@RS1 ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@RS1 ~]# vim /etc/selinux/config [root@RS1 ~]# setenforce 0 [root@RS2 ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@RS2 ~]# setenforce 0 [root@RS2 ~]# vim /etc/selinux/config [root@DR ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@DR ~]# setenforce 0 [root@DR ~]# vi /etc/selinux/config 写一个访问的网页,用来测试,真实情况不需要。 [root@RS1 ~]# vim /var/www/html/index.html [root@RS2 ~]# vim /var/www/html/index.html //启动服务 [root@RS1 ~]# systemctl restart httpd [root@RS1 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:* [root@RS2 ~]# systemctl start httpd s[root@RS2 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:80 *:* LISTEN 0 128 [::]:22 [::]:*
nat模式,需要dr主机有两张网卡
//开启ip转发功能 [root@DR ~]# vim /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@DR ~]# sysctl -p net.ipv4.ip_forward = 1 //配置dip [root@DR network-scripts]# vim ifcfg-ens160 TYPE="Ethernet" BOOTPROTO=static NAME="ens160" DEVICE="ens160" ONBOOT="yes" IPADDR=192.168.170.132 NETMASK=255.255.255.0 //配置vip [root@DR network-scripts]# cp ifcfg-ens160 ifcfg-ens192 [root@DR network-scripts]# vim ifcfg-ens192 TYPE="Ethernet" BOOTPROTO=static NAME="ens192" DEVICE="ens192" ONBOOT="yes" IPADDR=192.168.109.250 NETMASK=255.255.255.0 //在RS1上指定网关为dip [root@RS1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" NAME="ens160" DEVICE="ens160" ONBOOT="yes" GATEWAY=192.168.170.132 IPADDR=192.168.170.133 NETMASK=255.255.255.0 DNS1=114.114.114.114 //重启网卡 [root@RS1 ~]# systemctl restart NetworkManager [root@RS1 ~]# ifdown ens160;ifup ens160 Connection ‘ens160‘ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) //RS2网关也指定dip [root@RS2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" NAME="ens160" DEVICE="ens160" ONBOOT="yes" GATEWAY=192.168.170.132 IPADDR=192.168.170.134 NETMASK=255.255.255.0 DNS1=144.144.144.144 //重启网卡 [root@RS2 ~]# systemctl restart NetworkManager [root@RS2 ~]# ifdown ens160;ifup ens160 Connection ‘ens160‘ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) //在dr上添加并保存规则 [root@DR ~]# ipvsadm -A -t 192.168.109.250:80 -s rr [root@DR ~]# ipvsadm -a -t 192.168.109.250:80 -r 192.168.170.133:80 -m [root@DR ~]# ipvsadm -a -t 192.168.109.250:80 -r 192.168.170.134:80 -m [root@DR ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.109.250:80 rr -> 192.168.170.133:80 Masq 1 0 0 -> 192.168.170.134:80 Masq 1 0 0 [root@DR ~]# ipvsadm -S > /etc/sysconfig/ipvsadm
............
原文:https://www.cnblogs.com/meijianbiao/p/14736440.html