Keepalived (NAT) +ftp+http

Last Update:2018-01-11 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

I. Environmental requirements
Requires 2 LVs and N (n>=2) stations RS
Operating system load Balancing mode VIPNVIP
rhel7.4nat193.168.141.30192.168.102.165

Lvs1lvs2rs1rs2
ens3:192.168.102.161ens3:192.168.102.162ens3:192.168.102.163ens3:192.168.102.164
ens4:193.168.141.20ens4:193.168.141.27 Gateway: 192.168.102.165 Gateway: 192.168.102.165
Lvs:
Install Ipvsadm (LVS management tools) and keepalived;
Rs:
Installing httpd and VSFTPD
Second, the LVS on the configuration
To turn on the route forwarding feature:
Vim/etc/sysctl.conf
Net.ipv4.ip_forward = 1
Check:
Sysctl-p
Net.ipv4.ip_forward = 1
Modify Configuration: vim/etc/keepalived/keepalived.conf
! Configuration File for Keepalived

Global_defs {
Notification_email {
[Email protected]
}
Notification_email_from [email protected]
Smtp_server 127.0.0.1
Smtp_connect_timeout 30
router_id Lvs_master
}

Vrrp_instance Vi_1 {
State MASTER
Interface ENS4
VIRTUAL_ROUTER_ID 51
Priority 100
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
193.168.141.30 #VIP
}
}

Vrrp_instance Lan_gateway {
State MASTER
Interface ENS3
VIRTUAL_ROUTER_ID 62
Priority 100
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
192.168.102.165 #NVIP
}
}

Virtual_server 193.168.141.30 80{
Delay_loop 6
Lb_algo RR
Lb_kind NAT
Persistence_timeout 30# How much time a user accesses only one RS
Protocol TCP
Real_server 192.168.102.163 80 {
Weight 3
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
Real_server 192.168.102.164 80 {
Weight 3
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
}

Virtual_server 193.168.141.30 21{
Delay_loop 6
Lb_algo RR
Lb_kind NAT
Persistence_timeout 30
Protocol TCP
Real_server 192.168.102.163 21 {
Weight 3
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
Connect_port 21
}
}
Real_server 192.168.102.164 21 {
Weight 3
Tcp_check {
Connect_timeout 3
Nb_get_retry 3
Delay_before_retry 3
Connect_port 21
}
}
}
Firewall configuration:
Firewall-cmd--permanent--zone=internal--ADD-INTERFACE=ENS3
Firewall-cmd--permanent--zone=public--ADD-INTERFACE=ENS4
View network card: Firewall-cmd--get-active-zones
Internal
Interfaces:ens3
Public
Interfaces:ens4
Firewall-cmd--permanent--zone=public--add-masquerade
View: Firewall-cmd--zone=public--query-masquerade
Yes
Firewall-cmd--zone=internal--query-masquerade
No
Firewall-cmd--direct--permanent--add-rule IPv4 filter FORWARD 0 \
-I ens3-o ens4-j ACCEPT
Firewall-cmd--add-rich-rule= ' rule protocol value= ' VRRP ' Accept '--permanent
Firewall-cmd--reload
Firewall Open port:
Firewall-cmd--zone=public--add-port=65400-65420/tcp
Firewall-cmd--zone=public--add-port=21/tcp
Firewall-cmd--zone=public--add-port=80/tcp
Firewall-cmd--reload
To open the Keepalived service:
Systemctl Start keepalived
Three, the RS configuration
Add a gateway for all Rs 192.168.102.165:
Vim/etc/sysconfig/network-scripts/ifcfg-ens3
gateway=192.168.102.165
Restart: systemctl Restart Network
HTTP Write test page:
Rs1:echo "Rs1″>/var/www/html/index.html
Rs2:echo "Rs2″>/var/www/html/index.html
FTP configuration: vim/etc/vsftpd/vsftpd.conf
Pasv_enable=yes
pasv_address=193.168.141.30
pasv_min_port=65400
pasv_max_port=65420
Listen_port=21
Listen=yes
Listen_ipv6=no
Firewall Open port:
Firewall-cmd--zone=public--add-port=65400-65420/tcp
Firewall-cmd--zone=public--add-port=21/tcp
Firewall-cmd--zone=public--add-port=80/tcp
Firewall-cmd--reload
Open vsftpd and httpd services:
Systemctl Start httpd
Systemctl Start VSFTPD
Iv. Testing
Client firewall configuration: (not worthy of FTP active mode)
Firewall-cmd--add-source=193.168.141.30/32–permanent
Firewall-cmd--add-port=1024-65535/tcp--permanent
HTTP test: (keepalived configuration to remove HTTP persistence_timeout entries, then no interval turns display)
Browser access http://193.168.141.30# refresh will show RS1 or RS2 in turns, and the time interval shown in the turns is determined by the timeout of Persistence_timeout and LVs.
FTP test:
FTP 193.168.141.30
Connected to 193.168.141.30.
(VsFTPd 3.0.2)
Name (193.168.141.30:gean): FTP
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> Passive
Passive mode on.
Ftp> ls
227 Entering Passive Mode (193,168,141,30,255,140).
Here comes the directory listing.
Drwxr-xr-x 2 0 0 6 Mar
226 Directory send OK.
IPVSADM–LCN View LVS received the request.
Note: Build shared storage NFS do not forget: Setsebool-p Httpd_use_nfs=1 Ftpd_use_nfs=1

Keepalived (NAT) +ftp+http

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Keepalived (NAT) +ftp+http

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support