keepalived（nat）+ftp+http

一、 環境要求
需要2台LVS和n(n>=2)台RS
操作系統 負載均衡模式 VIP NVIP
RHEL7.4 NAT 193.168.141.30 192.168.102.165

LVS1 LVS2 RS1 RS2
ens3:192.168.102.161 ens3:192.168.102.162 ens3:192.168.102.163 ens3:192.168.102.164
ens4:193.168.141.20 ens4:193.168.141.27 網關：192.168.102.165 網關：192.168.102.165
LVS：
安裝ipvsadm（LVS管理工具）和keepalived;
RS：
安裝httpd和vsftpd
二、 LVS上配置
開啟路由轉發功能：
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
檢查：
sysctl -p
net.ipv4.ip_forward = 1
修改配置：vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_MASTER
}

vrrp_instance VI_1 {
state MASTER
interface ens4
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
193.168.141.30 #VIP
}
}

vrrp_instance LAN_GATEWAY {
state MASTER
interface ens3
virtual_router_id 62
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.102.165 #NVIP
}
}

virtual_server 193.168.141.30 80{
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 30#一個用戶多少時間內只訪問一個RS
protocol TCP
real_server 192.168.102.163 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.102.164 80 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}

virtual_server 193.168.141.30 21{
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 30
protocol TCP
real_server 192.168.102.163 21 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
real_server 192.168.102.164 21 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 21
}
}
}
Firewall配置：
firewall-cmd --permanent --zone=internal --add-interface=ens3
firewall-cmd --permanent --zone=public --add-interface=ens4
查看網卡：firewall-cmd --get-active-zones
internal
interfaces: ens3
public
interfaces: ens4
firewall-cmd --permanent --zone=public --add-masquerade
查看：firewall-cmd --zone=public --query-masquerade
yes
firewall-cmd --zone=internal --query-masquerade
no
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 \
-i ens3 -o ens4 -j ACCEPT
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
firewall-cmd --reload
Firewall開啟埠：
firewall-cmd --zone=public --add-port=65400-65420/tcp
firewall-cmd --zone=public --add-port=21/tcp
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --reload
開啟keepalived服務：
systemctl start keepalived
三、 RS上配置
為所有RS添加網關為192.168.102.165:
vim /etc/sysconfig/network-scripts/ifcfg-ens3
GATEWAY=192.168.102.165
重啟：systemctl restart network
http寫入測試頁：
RS1：echo “RS1″ > /var/www/html/index.html
RS2：echo “RS2″ > /var/www/html/index.html
ftp配置：vim /etc/vsftpd/vsftpd.conf
pasv_enable=YES
pasv_address=193.168.141.30
pasv_min_port=65400
pasv_max_port=65420
listen_port=21
listen=YES
listen_ipv6=NO
Firewall開啟埠：
firewall-cmd --zone=public --add-port=65400-65420/tcp
firewall-cmd --zone=public --add-port=21/tcp
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --reload
開啟vsftpd和httpd服務：
systemctl start httpd
systemctl start vsftpd
四、 測試
客戶端防火牆配置：（不配不能用ftp主動模式）
firewall-cmd --add-source=193.168.141.30/32 –permanent
firewall-cmd --add-port=1024-65535/tcp --permanent
http測試：（keepalived配置去除http的persistence_timeout項，則無間隔輪番顯示）
瀏覽器訪問http://193.168.141.30#刷新會輪番顯示RS1或RS2，輪番顯示的時間間隔由persistence_timeout和LVS的超時共同決定。
ftp測試：
ftp 193.168.141.30
Connected to 193.168.141.30.
220 (vsFTPd 3.0.2)
Name (193.168.141.30:gean): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (193,168,141,30,255,140).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Mar 23 2017 pub
226 Directory send OK.
ipvsadm –Lcn查看LVS收到請求的情況。
註：搭建共用存儲nfs勿忘：setsebool -P httpd_use_nfs=1 ftpd_use_nfs=1