LVS之-LAMP搭建wordpress

偶尔善良 提交于 2020-04-08 12:26:21

author:JevonWei
版权声明:原创作品


LVS搭建wordpress,涉及的知识点有DNS,LAMP,NFS及LVS

  • 网络拓扑图

网络环境

NFS   192.168.198.130
mysql 192.168.198.132
RS1   192.168.198.138
RS2   192.168.198.120
LVS:
    DIP 192.168.198.128
    vip 172.16.253.105
DNS   172.16.252.248
Client 172.16.254.150
RS1,RS2的网关指向192.168.198.128,client的DNS指向DNS服务器172.16.252.248

VS

[root@VS ~]# iptables -F 
添加路由转发选项
[root@VS ~]# vim /etc/sysctl.d/99-sysctl.conf  
    net.ipv4.ip_forward=1
[root@VS ~]# sysctl -p /etc/sysctl.d/99-sysctl.conf \\刷新生效
net.ipv4.ip_forward = 1 
配置LVS的调度算法为rr轮询
[root@VS ~]# yum -y install ipvsadm 
[root@VS ~]# ipvsadm -A -t 172.16.253.105:80 -s rr \\-t指定TCP协议,-s指定调度算法为轮询
[root@VS ~]# ipvsadm -a -t 172.16.253.105:80 -r 192.168.198.138 -m \\添加192.168.198.138 RS1服务器到LVS调度,-m 为nat类型
[root@VS ~]# ipvsadm -a -t 172.16.253.105:80 -r 192.168.198.120 -m 
[root@VS ~]# ipvsadm -Ln \\查看LVS调度信息
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:80 rr
  -> 192.168.198.120:80           Masq    1      0          0         
  -> 192.168.198.138:80           Masq    1      0          0
[root@VS ~]# curl 192.168.198.120
welcome to RS2
[root@VS ~]# curl 192.168.198.138
welcome to RS1

修改LVS的调度模式为wrr
[root@VS ~]# ipvsadm -E -t 172.16.253.105:80 -s wrr
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:80 wrr
  -> 192.168.198.120:80           Masq    1      0          0         
  -> 192.168.198.138:80           Masq    1      0          0
[root@VS ~]# ipvsadm -e -t 172.16.253.105:80 -r 192.168.198.138 -m -w 3 \\修改192.168.198.138 RS1主机的权重为3,-w 指定权重,-m为nat算法,192.168.198.120权重仍为1
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:80 wrr
  -> 192.168.198.120:80           Masq    1      0          0         
  -> 192.168.198.138:80           Masq    3      0          0 
  
脚本实现lvs-wrr的配置
[root@VS ~]# vim lvs_nat.sh       
#! /bin/bash
vip=172.16.253.105:80
rip1=192.168.198.138
rip2=192.168.198.120:8080
sch=wrr
case $1 in
start)
    ipvsadm -A -t $vip -s $sch
    ipvsadm -a -t $vip -r $rip1 -m -w 3
    ipvsadm -a -t $vip -r $rip2 -m -w 1
    ;;
stop)
    ipvsadm -C
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac

RS1

[root@RS1 ~]# iptables -F
[root@RS1 ~]# yum -y install httpd
[root@RS1 ~]# vim /var/www/html/index.html 
    welcome to RS1
[root@RS1 ~]# service httpd start

RS2

[root@RS2 ~]# iptables -F
[root@RS2 ~]# yum -y install httpd
[root@RS2 ~]# vim /var/www/html/index.html 
    welcome to RS2
[root@RS2 ~]# service httpd start

查看LVS的信息

[root@VS ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  172.16.253.105:80                  29      158      139    10710    15609
  -> 192.168.198.120:80                 15       82       69     5554     7923
  -> 192.168.198.138:80                 14       76       70     5156     7686
[root@VS ~]# ipvsadm -Ln --connection \\查看网络连接数
[root@VS ~]# cut -d " " -f1 /var/log/httpd/access_log | sort -nr | uniq -c| sort -n \\查看网络连接

client

访问rr轮询算法
[root@client ~]# for i in {1..10};do curl 172.16.253.105;sleep 1;done 
welcome to RS2
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS2

访问wrr权重算法
[root@client ~]# for i in {1..10};do curl 172.16.253.105;sleep 1;done
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1

实现HTTPS加密

将VS服务端同时作为CA服务端,即VS同时作为CA服务端

搭建CA服务端环境

[root@VS ~]# cat /etc/pki/tls/openssl.cnf \\查看证书的相关路径
[root@VS ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024) \\生成私钥文件
Generating RSA private key, 1024 bit long modulus
.............++++++
.........++++++
e is 65537 (0x10001)
[root@VS ~]# cd /etc/pki/CA
[root@VS CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 1024 \\生成自签名证书
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:danran.com
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:ca.danran.com
Email Address []:
[root@VS CA]# touch index.txt
[root@VS CA]# echo 00 > serial

RS1申请CA证书

[root@RS1 ~]# cd /etc/httpd/conf.d/
[root@RS1 conf.d]# (umask 077;openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
........++++++
...........++++++
e is 65537 (0x10001)
[[root@RS1 conf.d]# openssl req -new -key httpd.key -out httpd.csr -days 10
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zhengzhou
Organization Name (eg, company) [Default Company Ltd]:danran.com
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:ca.danran.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@RS1 conf.d]# scp httpd.csr 192.168.198.128:/etc/pki/CA \\证书申请文件发送给CA服务端

CA服务端颁发证书

[root@VS CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
    Serial Number: 1 (0x1)
    Validity
        Not Before: Aug 19 13:00:12 2017 GMT
        Not After : Aug 19 13:00:12 2018 GMT
    Subject:
        countryName               = CN
        stateOrProvinceName       = henan
        organizationName          = danran.com
        organizationalUnitName    = it
        commonName                = ca.danran.com
    X509v3 extensions:
        X509v3 Basic Constraints: 
            CA:FALSE
        Netscape Comment: 
            OpenSSL Generated Certificate
        X509v3 Subject Key Identifier: 
            BB:DC:5C:85:69:2B:0A:41:98:3B:7F:3E:15:69:1D:2B:C3:81:3E:EF
        X509v3 Authority Key Identifier: 
            keyid:91:15:B3:DB:2D:94:91:2E:12:87:26:ED:05:5E:08:78:E0:10:7C:F8

[root@VS CA]# scp certs/httpd.crt 192.168.198.138:/etc/httpd/conf.d \\将证书文件颁发给RS1申请者
[root@VS CA]# scp cacert.pem 192.168.198.138:/etc/httpd/conf.d     \\将CA服务端证书发送给申请者

RS1

[root@RS1 conf.d]# scp cacert.pem httpd.crt httpd.key 192.168.198.120:/etc/httpd/conf.d \\将RS1的证书、私钥及CA证书文件发送给RS2
[root@RS1 ~]# yum -y install mod_ssl
[root@RS1 ~]# vim /etc/httpd/conf.d/ssl.conf  \\修改如下证书私钥、证书文件及CA证书文件的存放路径 
    SSLCertificateFile /etc/httpd/conf.d/httpd.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key
    SSLCACertificateFile /etc/httpd/conf.d/cacert.pem
    
    修改后如下所示
    #   Server Certificate:
    # Point SSLCertificateFile at a PEM encoded certificate.  If
    # the certificate is encrypted, then you will be prompted for a
    # pass phrase.  Note that a kill -HUP will prompt again.  A new
    # certificate can be generated using the genkey(1) command.
    SSLCertificateFile /etc/httpd/conf.d/httpd.crt

    #   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    SSLCACertificateFile /etc/httpd/conf.d/cacert.pem
[root@RS1 conf.d]# service httpd restart

RS2

[root@RS2 ~]# cd /etc/httpd/conf.d/
[root@RS2 conf.d]# ls
cacert.pem  httpd.key       php.conf  welcome.conf
httpd.crt   mod_dnssd.conf  README
[root@RS2 conf.d]# yum -y install mod_ssl \\安装软件包
[root@RS2 conf.d]# vim ssl.conf \\修改如下证书私钥、证书文件及CA证书文件的存放路径 
    SSLCertificateFile /etc/httpd/conf.d/httpd.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key
    SSLCACertificateFile /etc/httpd/conf.d/cacert.pem
    
    修改后如下所示
    #   Server Certificate:
    # Point SSLCertificateFile at a PEM encoded certificate.  If
    # the certificate is encrypted, then you will be prompted for a
    # pass phrase.  Note that a kill -HUP will prompt again.  A new
    # certificate can be generated using the genkey(1) command.
    SSLCertificateFile /etc/httpd/conf.d/httpd.crt

    #   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/httpd/conf.d/httpd.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    SSLCACertificateFile /etc/httpd/conf.d/cacert.pem
[root@RS2 conf.d]# service httpd restart

VS

[root@VS ~]# vim lvs_nat.sh 
#! /bin/bash
vip=172.16.253.105:443
rip1=192.168.198.138
rip2=192.168.198.120
sch=wrr
case $1 in
start)
    ipvsadm -A -t $vip -s $sch
    ipvsadm -a -t $vip -r $rip1 -m -w 3
    ipvsadm -a -t $vip -r $rip2 -m -w 1
    ;;
stop)
    ipvsadm -C
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@VS ~]# bash lvs_nat.sh stop
[root@VS ~]# bash lvs_nat.sh start
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:443 wrr
  -> 192.168.198.120:443          Masq    1      0          0         
  -> 192.168.198.138:443          Masq    3      0          0

client客户端

[root@client ~]# for i in {1..10};do curl -k https://172.16.253.105;done  \\-k跳过证书
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1

LAMP搭建wordpress,并通过NFS共享

搭建DNS服务端

[root@DNS ~]# yum -y install bind
[root@DNS ~]# systemctl restart named
[root@DNS ~]# systemctl enable named 
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@DNS ~]# iptables -F

配置DNS
[root@DNS ~]# vim /etc/named.conf   
    options {
        listen-on port 53 { localhost; };
        allow-query     { any; };
    }
[root@DNS ~]# vim /etc/named.rfc1912.zones 
    zone "danran.com" IN {
        type master;
        file "danran.zone";
        allow-update { none; };
    };
[root@DNS ~]# cd /var/named/
[root@DNS named]# vim danran.zone
    $TTL 1D
    @   IN SOA  dns.danran.com. admin (
                                    0       ; serial
                                    1D      ; refresh
                                    1H      ; retry
                                    1W      ; expire
                                    3H )    ; minimum
            NS      dns.danran.com.
    dns     A       172.16.252.248
    websrv  A       172.16.253.105
    www     CNAME   websrv
[root@DNS named]# systemctl restart named

MYSQL

[root@mysql ~]# yum -y install mariadb-server
[root@mysql ~]# systemctl start mariadb
[root@mysql ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@mysql ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mysql ~]# systemctl stop firewalld
[root@mysql ~]# iptables -F 关闭防火墙

创建数据库账号
[root@mysql ~]# mysql_secure_installation   \\数据库安全初始化
MariaDB [(none)]> create database blogdb; \\创建数据库blogdb表
MariaDB [(none)]> grant all on blogdb.* to wpuser@'192.168.198.%' identified by 'danran';  \\创建wpuser用户,并授予blogdb表的所有权限

登录测试
[root@mysql ~]# mysql -uwpuser -h192.168.198.132 -p

添加防火墙,仅允许RS1和RS2及自己本身连接数据库
[root@mysql ~]# iptables -A INPUT -s 192.168.198.138 -p tcp --dport 3306 -j ACCEPT
[root@mysql ~]# iptables -A INPUT -s 192.168.198.120 -p tcp --dport 3306 -j ACCEPT  
[root@mysql ~]# iptables -A INPUT -s 192.168.198.1 -p tcp --dport 3306 -j ACCEPT   
[root@mysql ~]# iptables -A INPUT -j REJECT

NFS

[root@NFS app]# setenforce 0
[root@NFS ~]# iptables -F
[root@mysql ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@mysql ~]# systemctl stop firewalld
[root@NFS ~]# rpm -q nfs-utils
nfs-utils-1.3.0-0.33.el7.x86_64

将wordpress上传到服务器,并配置wordpress
[root@NFS app]# tar xvf wordpress-4.8-zh_CN.tar.gz \\解压wordpress
[root@NFS app]# mv wordpress blog
[root@NFS app]# cd blog/
[root@NFS blog]# cp wp-config-sample.php wp-config.php        
[root@NFS blog]# vim wp-config.php
    // ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
    /** WordPress数据库的名称 */
    define('DB_NAME', 'blogdb');

    /** MySQL数据库用户名 */
    define('DB_USER', 'wpuser');

    /** MySQL数据库密码 */
    define('DB_PASSWORD', 'danran');

    /** MySQL主机 */
    define('DB_HOST', '192.168.198.132');

创建与RS1和RS2主机上相同UID的apache用户
    [root@NFS blog]# useradd -u 48 -r -s /sbin/nologin apache    \\RS1和RS2的apache用户UID为48

修改blog目录的属组,从而使apache用户对blog有读写权限
[root@NFS app]# chown -R apache.apache blog/
[root@NFS app]# ll -d blog/
drwxr-xr-x. 5 apache apache 4096 Aug 20 13:03 blog/

配置NFS
[root@NFS app]# vim /etc/exports
    /app/blog  192.168.198.0/24(rw,all_squash,anonuid=48,anongid=48) \\all_squash为压缩所有用户名,anonuid意为压缩为UID为48的用户,anongid组压缩为GID为48的组
[root@NFS app]# systemctl restart nfs-server

RS1挂载NFS共享目录

[root@RS1 html]# setenforce 0
[root@RS1 ~]# cd /var/www/html/
[root@RS1 html]# mkdir blog
[root@RS1 html]# chmod o+w blog/   
[root@RS1 html]# vim /etc/fstab 
    192.168.198.130:/app/blog       /var/www/html/blog      nfs     defaults 0 0
[root@RS1 html]# yum -y install nfs-utils \\使RS1支持NFS格式的文件
[root@RS1 html]# mount -a
[root@RS1 html]# df | grep /blog
192.168.198.130:/app/blog   30705024   62208  30642816   1% /var/www/html/blog

RS2挂载NFS共享目录

[root@RS2 html]# setenforce 0
[root@RS2 ~]# cd /var/www/html/
[root@RS2 html]# mkdir blog
[root@RS2 html]# chmod o+w blog/   
[root@RS2 html]# vim /etc/fstab 
    192.168.198.130:/app/blog       /var/www/html/blog      nfs     defaults 0 0
[root@RS2 html]# yum -y install nfs-utils \\使RS1支持NFS格式的文件
[root@RS2 html]# mount -a
[root@RS2 html]# df | grep /blog
192.168.198.130:/app/blog   30705024   62208  30642816   1% /var/www/html/blog

RS1安装PHP

[root@RS1 html]# yum -y install php php-mysql
[root@RS1 html]# service httpd restart

RS2安装PHP

[root@RS2 html]# yum -y install php php-mysql
[root@RS2 html]# service httpd restart

VS使用sh调度算法

[root@VS ~]# vim lvs_nat.sh
#! /bin/bash
vip=172.16.253.105:80
rip1=192.168.198.138
rip2=192.168.198.120:8080
sch=sh
case $1 in
start)
    ipvsadm -A -t $vip -s $sch
    ipvsadm -a -t $vip -r $rip1 -m -w 3
    ipvsadm -a -t $vip -r $rip2 -m -w 1
    ;;
stop)
    ipvsadm -C
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@VS ~]# bash lvs_nat.sh stop
[root@VS ~]# bash lvs_nat.sh start

client

修改DNS
[root@client ~]# vim /etc/resolv.conf
    # Generated by NetworkManager
    search danran.com
    nameserver 172.16.252.248
[root@client ~]# for i in {1..10};do curl -k https://172.16.253.105;done        welcome to RS1
welcome to RS1
welcome to RS2
[root@client ~]# for i in {1..10};do curl -k https://www.danran.com;done        
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS2

客户端图形化或浏览器
firefox www.danran.com/blog \\安装wordpress

实现一个LVS调用一组不同服务

即一个LVS同时调用http和https两种不同的服务

VS

搭建https的LVS_nat

[root@VS ~]# vim lvs_nat.sh 
#! /bin/bash
vip=172.16.253.105:443
rip1=192.168.198.138
rip2=192.168.198.120
sch=wrr
case $1 in
start)
    ipvsadm -A -t $vip -s $sch
    ipvsadm -a -t $vip -r $rip1 -m -w 3
    ipvsadm -a -t $vip -r $rip2 -m -w 1
    ;;
stop)
    ipvsadm -C
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@VS ~]# bash lvs_nat.sh stop
[root@VS ~]# bash lvs_nat.sh start
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:443 wrr
  -> 192.168.198.120:443          Masq    1      0          0         
  -> 192.168.198.138:443          Masq    3      0          0
[root@VS ~]# bash lvs_nat.sh start  

搭建http的LVS_nat

[root@VS ~]# vim lvs_nat2.sh 
#! /bin/bash
vip=172.16.253.105:80
rip1=192.168.198.138
rip2=192.168.198.120:8080
sch=wrr
case $1 in
start)
    ipvsadm -A -t $vip -s $sch
    ipvsadm -a -t $vip -r $rip1 -m -w 3
    ipvsadm -a -t $vip -r $rip2 -m -w 1
    ;;
stop)
    ipvsadm -C
    ;;
*)
    echo "Usage:$(basename $0) start|stop"
    exit 1
    ;;
esac
[root@VS ~]# bash lvs_nat.sh stop
[root@VS ~]# bash lvs_nat.sh start
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.253.105:443 wrr
  -> 192.168.198.120:443          Masq    1      0          0         
  -> 192.168.198.138:443          Masq    3      0          0
[root@VS ~]# bash lvs_nat2.sh start

[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  TCP  172.16.253.105:80 wrr
  -> 192.168.198.120:8080         Masq    1      0          0         
  -> 192.168.198.138:80           Masq    3      0          0         
  TCP  172.16.253.105:443 wrr
  -> 192.168.198.120:443          Masq    1      0          0         
  -> 192.168.198.138:443          Masq    3      0          0    

client

[root@client ~]# for i in {1..10};do curl -k https://172.16.253.105;done 
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS2
[root@client ~]# for i in {1..10};do curl -k http://172.16.253.105;done  
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1
welcome to RS1
welcome to RS1
welcome to RS2
welcome to RS1

ipvsadm策略的保存

[root@VS ~]# ipvsadm-save > lvs
[root@VS ~]# ipvsadm -C
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
[root@VS ~]# ipvsadm-restore < lvs
[root@VS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  185.53.178.7:443 sh
  -> 192.168.198.120:443          Masq    1      0          0         
  -> 192.168.198.138:443          Masq    2      0          0   

将ipvsadm保存在/etc/sysconfig/ipvsadm文件中,将会开机自启动  
[root@VS ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!