节点规划
| 主机 | 角色 | 系统 | 网络 | IP |
|---|---|---|---|---|
| client | client | redhat 9.5 | 仅主机 | 192.168.10.100/24 |
| lvs | lvs | redhat 9.5 | 仅主机 NAT | 192.168.10.128/24 VIP 192.168.72.128/24 DIP |
| nginx | rs1 | redhat 9.5 | NAT | 192.168.72.7/24 |
| nginx | rs2 | redhat 9.5 | NAT | 192.168.72.17/24 |
| nginx | rs3 | redhat9.5 | NAT | 192.168.72.27/24 |
配置rs主机
配置rs1主机
#修改主机名和ip地址
[root@localhost ~]# hostnamectl hostname rs1
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.7/24 ipv4.gateway 192.168.72.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160
#下载配置nginx服务
[root@rs1 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
Last metadata expiration check: 0:02:40 ago on Wed 26 Mar 2025 03:14:02 PM CST.
Dependencies resolved.
======================================================================================
Package Architecture Version Repository Size
======================================================================================
Installing:
nginx x86_64 2:1.20.1-20.el9 AppStream 40 k
Installing dependencies:
nginx-core x86_64 2:1.20.1-20.el9 AppStream 574 k
nginx-filesystem noarch 2:1.20.1-20.el9 AppStream 11 kTransaction Summary
======================================================================================
Install 3 PackagesTotal size: 625 k
Installed size: 1.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch 1/3
Installing : nginx-filesystem-2:1.20.1-20.el9.noarch 1/3
Installing : nginx-core-2:1.20.1-20.el9.x86_64 2/3
Installing : nginx-2:1.20.1-20.el9.x86_64 3/3
Running scriptlet: nginx-2:1.20.1-20.el9.x86_64 3/3
Verifying : nginx-2:1.20.1-20.el9.x86_64 1/3
Verifying : nginx-core-2:1.20.1-20.el9.x86_64 2/3
Verifying : nginx-filesystem-2:1.20.1-20.el9.noarch 3/3
Installed products updated.Installed:
nginx-2:1.20.1-20.el9.x86_64 nginx-core-2:1.20.1-20.el9.x86_64
nginx-filesystem-2:1.20.1-20.el9.noarchComplete!
[root@rs1 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html
[root@rs1 ~]# systemctl start nginx
[root@rs1 ~]# curl localhost
192.168.72.7
配置rs2主机
#修改主机名和ip地址
[root@localhost ~]# hostnamectl hostname rs2
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.17/24 ipv4.gateway 192.168.72.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160#配置nginx服务
[root@rs2 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@rs2 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 37 MB/s | 2.0 MB 00:00
AppStream 60 MB/s | 7.2 MB 00:00
baseOs 18 MB/s | 2.0 MB 00:00
Appstream 55 MB/s | 7.2 MB 00:00
Dependencies resolved.
======================================================================================
Package Architecture Version Repository Size
======================================================================================
Installing:
nginx x86_64 2:1.20.1-20.el9 AppStream 40 k
Installing dependencies:
nginx-core x86_64 2:1.20.1-20.el9 AppStream 574 k
nginx-filesystem noarch 2:1.20.1-20.el9 AppStream 11 kTransaction Summary
======================================================================================
Install 3 PackagesTotal size: 625 k
Installed size: 1.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch 1/3
Installing : nginx-filesystem-2:1.20.1-20.el9.noarch 1/3
Installing : nginx-core-2:1.20.1-20.el9.x86_64 2/3
Installing : nginx-2:1.20.1-20.el9.x86_64 3/3
Running scriptlet: nginx-2:1.20.1-20.el9.x86_64 3/3
Verifying : nginx-2:1.20.1-20.el9.x86_64 1/3
Verifying : nginx-core-2:1.20.1-20.el9.x86_64 2/3
Verifying : nginx-filesystem-2:1.20.1-20.el9.noarch 3/3
Installed products updated.Installed:
nginx-2:1.20.1-20.el9.x86_64 nginx-core-2:1.20.1-20.el9.x86_64
nginx-filesystem-2:1.20.1-20.el9.noarchComplete!
[root@rs2 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html
[root@rs2 ~]# systemctl start nginx
[root@rs2 ~]# curl localhost
192.168.72.17
配置rs3主机
#修改主机名和ip地址
[root@localhost ~]# hostnamectl hostname rs3
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.72.27/24 ipv4.gateway 192.168.72.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160#配置nginx服务
[root@rs3 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
Last metadata expiration check: 0:00:47 ago on Wed 26 Mar 2025 03:43:00 PM CST.
Dependencies resolved.
======================================================================================
Package Architecture Version Repository Size
======================================================================================
Installing:
nginx x86_64 2:1.20.1-20.el9 AppStream 40 k
Installing dependencies:
nginx-core x86_64 2:1.20.1-20.el9 AppStream 574 kTransaction Summary
======================================================================================
Install 2 PackagesTotal size: 614 k
Installed size: 1.7 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : nginx-core-2:1.20.1-20.el9.x86_64 1/2
Installing : nginx-2:1.20.1-20.el9.x86_64 2/2
Running scriptlet: nginx-2:1.20.1-20.el9.x86_64 2/2
Verifying : nginx-2:1.20.1-20.el9.x86_64 1/2
Verifying : nginx-core-2:1.20.1-20.el9.x86_64 2/2
Installed products updated.Installed:
nginx-2:1.20.1-20.el9.x86_64 nginx-core-2:1.20.1-20.el9.x86_64Complete!
[root@rs3 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html
[root@rs3 ~]# systemctl start nginx
[root@rs3 ~]# curl localhost
192.168.72.27
配置lvs主机
查看lvs主机的ip
lvs有两个网卡(NAT模式、仅主机模式)和其对应的IP地址
[root@lvs ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:63:c1:b4 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.72.128/24 brd 192.168.72.255 scope global dynamic noprefixroute ens160
valid_lft 1764sec preferred_lft 1764sec
inet6 fe80::20c:29ff:fe63:c1b4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:63:c1:be brd ff:ff:ff:ff:ff:ff
altname enp19s0
inet 192.168.10.128/24 brd 192.168.10.255 scope global dynamic noprefixroute ens224
valid_lft 1764sec preferred_lft 1764sec
inet6 fe80::617f:e95:7591:8f3a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看网络设备连接
[root@lvs ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 746301d5-46f9-3d59-b31f-3b5e73d5fd61 ethernet ens160
Wired connection 1 3cf0c081-6794-4aae-a86f-f3a0b8756302 ethernet ens224
lo 25a8b5c1-e6b3-4476-bc08-63cd9216756f loopback lo
[root@lvs ~]# nmcli c modify 'Wired connection 1' connection.id ens224
[root@lvs ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 746301d5-46f9-3d59-b31f-3b5e73d5fd61 ethernet ens160
ens224 3cf0c081-6794-4aae-a86f-f3a0b8756302 ethernet ens224
lo 25a8b5c1-e6b3-4476-bc08-63cd9216756f loopback lo
下载ipvsadm软件
[root@lvs ~]# dnf install ipvsadm -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
Last metadata expiration check: 21:30:03 ago on Tue 25 Mar 2025 06:28:26 PM CST.
Dependencies resolved.
======================================================================================
Package Architecture Version Repository Size
======================================================================================
Installing:
ipvsadm x86_64 1.31-6.el9 AppStream 54 kTransaction Summary
======================================================================================
Install 1 PackageTotal size: 54 k
Installed size: 89 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ipvsadm-1.31-6.el9.x86_64 1/1
Running scriptlet: ipvsadm-1.31-6.el9.x86_64 1/1
Verifying : ipvsadm-1.31-6.el9.x86_64 1/1
Installed products updated.Installed:
ipvsadm-1.31-6.el9.x86_64Complete!
配置客户端
配置客户端
[root@client ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.10.100/24 ipv4.gateway 192.168.10.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@client ~]# nmcli c up ens160
[root@client ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:6f:b4:0b brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.10.100/24 brd 192.168.10.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe6f:b40b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看客户端网络配置
[root@client ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:6F:B4:0B
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnect>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.10.100/24
IP4.GATEWAY: 192.168.10.2
IP4.ROUTE[1]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.10.2, mt = 100
IP4.DNS[1]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fe6f:b40b/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
功能测试
启动ipvsadm
#把当前 IPVS 的规则保存到
/etc/sysconfig/ipvsadm文件里[root@lvs ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
#启动服务
[root@lvs ~]# systemctl start ipvsadm
测试
在client客户端不能访问vip,所以客户端不能访问rs服务器
[root@client ~]# curl 192.168.10.128
curl: (7) Failed to connect to 192.168.10.128 port 80: No route to host
在lvs上测试访问rs服务器,显然可以访问
[root@lvs ~]# curl 192.168.72.7
192.168.72.7
[root@lvs ~]# curl 192.168.72.17
192.168.72.17
[root@lvs ~]# curl 192.168.72.27
192.168.72.27
规则引用
[root@lvs ~]# ipvsadm -A -t 192.168.10.128:80 -s rr
[root@lvs ~]# ipvsadm -a -t 192.168.10.128:80 -r 192.168.72.7:80 -m -w 2
[root@lvs ~]# ipvsadm -a -t 192.168.10.128:80 -r 192.168.72.17:80 -m -w 2[root@lvs ~]# ipvsadm -a -t 192.168.10.128:80 -r 192.168.72.27:80 -m -w 2
#重启服务器
[root@lvs ~]# systemctl restart ipvsadm
#配置内核参数
[root@lvs ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@lvs ~]# sysctl -p
net.ipv4.ip_forward = 1
客户端测试
[root@client ~]# curl 192.168.10.128
192.168.72.7
[root@client ~]# curl 192.168.10.128
192.168.72.17[root@client ~]# curl 192.168.10.128
192.168.72.27
试验成功!