keepalived（nat）+ftp+http

一、 环境要求
需要2台LVS和n(n>=2)台RS
操作系统负载均衡模式VIPNVIP
RHEL7.4NAT193.168.141.30192.168.102.165

LVS1LVS2RS1RS2
ens3:192.168.102.161ens3:192.168.102.162ens3:192.168.102.163ens3:192.168.102.164
ens4:193.168.141.20ens4:193.168.141.27网关：192.168.102.165网关：192.168.102.165
LVS：
安装ipvsadm（LVS管理工具）和keepalived;
RS：
安装httpd和vsftpd
二、LVS上配置
开启路由转发功能：
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
检查：
sysctl -p
net.ipv4.ip_forward = 1
修改配置：vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
??notification_email {
qingean@163.com
??}
??notification_email_from admin@test.com
??smtp_server 127.0.0.1
??smtp_connect_timeout 30
??router_id LVS_MASTER
}

vrrp_instance VI_1 {
???state MASTER
???interface ens4
???virtual_router_id 51
???priority 100
???advert_int 1
???authentication {
???????auth_type PASS
???????auth_pass 1111
???}
???virtual_ipaddress {
???????193.168.141.30 #VIP
???}
}

vrrp_instance LAN_GATEWAY {
???state MASTER
???interface ens3
???virtual_router_id 62
???priority 100
???advert_int 1
???authentication {
???????auth_type PASS
auth_pass 1111
???}
???virtual_ipaddress {
192.168.102.165 #NVIP
???}
}

virtual_server 193.168.141.30 80{
???delay_loop 6
???lb_algo rr
???lb_kind NAT
???persistence_timeout 30#一个用户多少时间内只访问一个RS
???protocol TCP
???real_server 192.168.102.163 80 {
???????weight 3
?????????TCP_CHECK {
???????????????connect_timeout 3
???????????????nb_get_retry 3
???????????????delay_before_retry 3
?????????connect_port 80
?????????}
???}
???real_server 192.168.102.164 80 {
???????weight 3
?????????TCP_CHECK {
???????????????connect_timeout 3
???????????????nb_get_retry 3
???????????????delay_before_retry 3
???????????????connect_port 80
?????????}
???}
}

virtual_server 193.168.141.30 21{
???delay_loop 6
???lb_algo rr
???lb_kind NAT
???persistence_timeout 30
???protocol TCP
???real_server 192.168.102.163 21 {
???????weight 3
?????????TCP_CHECK {
???????????????connect_timeout 3
???????????????nb_get_retry 3
???????????????delay_before_retry 3
???????????????connect_port 21
?????????} ????
???} ????
???real_server 192.168.102.164 21 {
???????weight 3
?????????TCP_CHECK {
???????????????connect_timeout 3
???????????????nb_get_retry 3
???????????????delay_before_retry 3
???????????????connect_port 21
?????????}
???}
}
Firewall配置：
firewall-cmd --permanent --zone=internal --add-interface=ens3
firewall-cmd --permanent --zone=public --add-interface=ens4
查看网卡：firewall-cmd --get-active-zones
internal
?interfaces: ens3
public
?interfaces: ens4
firewall-cmd --permanent --zone=public --add-masquerade
查看：firewall-cmd --zone=public --query-masquerade
yes
firewall-cmd --zone=internal --query-masquerade
no
firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 \
?-i ens3 -o ens4 -j ACCEPT
firewall-cmd --add-rich-rule=‘rule protocol value="vrrp" accept‘ --permanent
firewall-cmd --reload
Firewall开启端口：
firewall-cmd --zone=public --add-port=65400-65420/tcp
firewall-cmd --zone=public --add-port=21/tcp
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --reload
开启keepalived服务：
systemctl start keepalived
三、RS上配置
为所有RS添加网关为192.168.102.165:
vim /etc/sysconfig/network-scripts/ifcfg-ens3
GATEWAY=192.168.102.165
重启：systemctl restart network
http写入测试页：
RS1：echo “RS1″ > /var/www/html/index.html
RS2：echo “RS2″ > /var/www/html/index.html
ftp配置：vim /etc/vsftpd/vsftpd.conf
pasv_enable=YES
pasv_address=193.168.141.30
pasv_min_port=65400
pasv_max_port=65420
listen_port=21
listen=YES
listen_ipv6=NO
Firewall开启端口：
firewall-cmd --zone=public --add-port=65400-65420/tcp
firewall-cmd --zone=public --add-port=21/tcp
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --reload
开启vsftpd和httpd服务：
systemctl start httpd
systemctl start vsftpd
四、测试
客户端防火墙配置：（不配不能用ftp主动模式）
firewall-cmd --add-source=193.168.141.30/32 –permanent
firewall-cmd --add-port=1024-65535/tcp --permanent
http测试：（keepalived配置去除http的persistence_timeout项，则无间隔轮番显示）
浏览器访问http://193.168.141.30#刷新会轮番显示RS1或RS2，轮番显示的时间间隔由persistence_timeout和LVS的超时共同决定。
ftp测试：
ftp 193.168.141.30
Connected to 193.168.141.30.
220 (vsFTPd 3.0.2)
Name (193.168.141.30:gean): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (193,168,141,30,255,140).
150 Here comes the directory listing.
drwxr-xr-x ???2 0 ???????0 ??????????????6 Mar 23 ?2017 pub
226 Directory send OK.
ipvsadm –Lcn查看LVS收到请求的情况。
注：搭建共享存储nfs勿忘：setsebool -P httpd_use_nfs=1 ftpd_use_nfs=1