部署DR模式集群

news2024/11/24 8:35:26

一、配置实验环境

每台主机的防火墙和SELinux都要关掉

systemctl stop firewalld

setenforce 0

1、client(eth0为nat模式)

配置好网卡IP和网关IP，然后重启网卡

nmcli connection reload

nmcli connection up eth0

[root@client ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
method=manual
address1=172.25.254.200/24,172.25.254.100
dns=114.114.114.114
[root@client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.254.100 0.0.0.0 UG 100 0 0 eth0
172.25.254.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

2、route(eth0为nat模式和eth1为仅主机模式)

配置好网卡IP，然后重启网卡

nmcli connection reload

nmcli connection up eth0

nmcli connection up eth1

[root@route ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
method=manual
address1=172.25.254.100/24
[root@route ~]# cat /etc/NetworkManager/system-connections/eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1

[ipv4]
method=manual
address1=192.168.0.100/24

3、lvs（eth1为仅主机模式）

配置好网卡IP和网关以及环路IP，然后重启网卡

nmcli connection reload

nmcli connection up eth1

[root@lvs ~]# ip a a 192.168.0.200/32 dev lo

[root@lvs ~]# cat /etc/NetworkManager/system-connections/eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1

[ipv4]
method=manual
address1=192.168.0.50/24,192.168.0.100
[root@lvs ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth1

4、webserver1(eth0为仅主机模式)

配置好网卡IP和网关以及环路IP，然后重启网卡

nmcli connection reload

nmcli connection up eth0

[root@lvs ~]# ip a a 192.168.0.200/32 dev lo

[root@webserver1 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
method=manual
address1=192.168.0.10/24,192.168.0.100
[root@webserver1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

5、webserver2(eth0为仅主机模式)

配置好网卡IP和网关以及环路IP，然后重启网卡

nmcli connection reload

nmcli connection up eth0

[root@lvs ~]# ip a a 192.168.0.200/32 dev lo

[root@webserver2 ~]# cat /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
method=manual
address1=192.168.0.20/24,192.168.0.100
[root@webserver2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.100 0.0.0.0 UG 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

二、解决vip响应问题

DR模型中各主机上均需要配置VIP，解决地址冲突的方式有三种：

(1)在前端网关做静态绑定

(2)在各RS使用arptables

(3)在各RS修改内核参数，来限制arp响应和通告的级别

限制响应级别:arp_ignore

0:默认值，表示可使用本地任意接口上配置的任意地址进行响应
1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时，才给予响应

限制通告级别:arp_announce

0:默认值，把本机所有接口的所有信息向每个接口的网络进行通告
1:尽量避免将接口信息向非直接连接网络进行通告 2:必须避免将接口信息向非本网络进行通告

webserver1：

[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

[root@webserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

[root@webserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

webserver2:

[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore

[root@webserver2 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

[root@webserver2 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

三、配置策略

lvs:

[root@lvs ~]# ipvsadm -A -t 192.168.0.200:80 -s wrr

[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.10:80 -g -w 1

[root@lvs ~]# ipvsadm -a -t 192.168.0.200:80 -r 192.168.0.20:80 -g -w 2