LVS 进阶配置
LVS 进阶配置
以下内容的maste为172.16.1.134,RS1为192.168.1.111,RS2为192.168.1.112
使用防火墙标记
- (测试)为RS1和RS2配置HTTPS
[root@master ~]\# cd /etc/pki/CA/[root@master CA]\# lscerts crl newcerts private# 生成私钥[root@master CA]\# (umask 077;openssl genrsa -out private/cakey.pem 2048)Generating RSA private key, 2048 bit long modulus...+++.............................................................................................+++e is 65537 (0x10001)# 生成自签证书[root@master CA]\# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365[root@master CA]\# touch index.txt[root@master CA]\# echo 01 > serial# node01生成私钥[root@node01 ~]\# (umask 077;openssl genrsa -out https.key 2048)Generating RSA private key, 2048 bit long modulus..........................................................................+++..........................................+++e is 65537 (0x10001)# 将私钥发送到CA主机进行签署[root@node01 ~]\# scp https.key root@master:/root[root@master ~]\# openssl req -new -key https.key -out https.csr[root@master ~]\# openssl ca -in https.csr -out https.crt -days 365- 添加防火墙标记
[root@master ~]\# iptables -t mangle -A PREROUTING -d 172.16.1.134 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 2- 添加规则
[root@master ~]\# ipvsadm -C[root@master ~]\# ipvsadm -A -f 2 -s sh[root@master ~]\# ipvsadm -a -f 2 -r 192.168.1.111 -m[root@master ~]\# ipvsadm -a -f 2 -r 192.168.1.112 -m[root@master ~]\# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnFWM 2 sh -> 192.168.1.111:0 Masq 1 0 0 -> 192.168.1.112:0 Masq 1 0 0- 测试
[root@master ~]\# curl https://172.16.1.134 --cacert /etc/pki/CA/cacert.pem<h1>Backend RS2 192.168.1.112</h1>使用ldirectord
- 安装ldirectord
[root@master ~]\# yum install -y http://rpmfind.net/linux/mageia/distrib/4/x86_64/media/core/release/ldirectord-3.9.5-2.mga3.x86_64.rpm- 。。。