0
点赞
收藏
分享

微信扫一扫

[git][remote rejected] ben1 -> ben1 (permission denied)

豆丁趣 2023-07-02 阅读 91
tcp/ipudp负载均衡linux服务器网络

keepalived+ipvs实现udp负载均衡器

场景

实现:keepalied + lvs

1、前置条件:打开net.ipv4.ip_forward和net.ipv4.vs.conntrack

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 | tee /proc/sys/net/ipv4/vs/conntrack

2、使用keepavlied实现一个vip,此处参考之前的博文:【博客565】nginx + keepalived实现高可用反向代理

3、使用lvscare来配置虚拟网卡和iptables规则,实现tcp流量负载均衡

lvscare项目:lvscare

注意:这里实现的是tcp流量负载均衡

lvscare care --vs keepalived-vip:port --rs real-server-ip:port --rs real-server-ip:port --mode link --run-once

lvscare实际做了哪些事:

ip link add lvscare type dummy
ip addr add 169.254.0.1/32 dev lvscare

# enable conntrack for ipvs
echo 1 | tee /proc/sys/net/ipv4/vs/conntrack

iptables -t nat -N VIRTUAL-SERVICES
iptables -t nat -A PREROUTING -m comment --comment "virtual service portals" -j VIRTUAL-SERVICES

iptables -t nat -N VIRTUAL-MARK-MASQ
# create ipset
ipset create VIRTUAL-IP hash:ip,port -exist
iptables -t nat -A VIRTUAL-SERVICES -m comment --comment "virtual service ip + port for masquerade purpose" -m set --match-set VIRTUAL-IP dst,dst -j VIRTUAL-MARK-MASQ
# do mark
iptables -t nat -A VIRTUAL-MARK-MASQ -j MARK --set-xmark 0x2/0x2
# do snat at POSTROUTING
iptables -t nat -N VIRTUAL-POSTROUTING
iptables -t nat -A POSTROUTING -m comment --comment "virtual service postrouting rules" -j VIRTUAL-POSTROUTING
iptables -t nat -A VIRTUAL-POSTROUTING -m mark ! --mark 0x2/0x2 -j RETURN
iptables -t nat -A VIRTUAL-POSTROUTING -m comment --comment "virtual service traffic requiring SNAT" -m mark --mark 0x2 -j MASQUERADE

iptables -t nat -A OUTPUT -m comment --comment "virtual service portals" -j VIRTUAL-SERVICES

lvscare规则剖析:

1、创建dummy网卡处理vip流量
2、对外部以及自己发出的访问vip的流量进行打mark,然后对于打mark的流量进行masq,
   这里匹配的方法是使用了ipset,lvscare会在ipset中加入vip,然后下面用ipset去匹配访问
   vip的流量,进行打mark,对打mark的流量进行masq

4、配置udp流量负载均衡

安装ipvsadm:

yum install ipvsadm -y

配置udp server

ipvsadm -A -u vip:port -s rr
ipvsadm -a -u vip:port -r real-server-1-ip:port -m
ipvsadm -a -u vip:port -r real-server-2-ip:port -m
...

规则持久化:将规则写入ipvsadm的启动加载路径,实现开机自动加载

systemctl enable ipvsadm
ipvsadm-save > /etc/sysconfig/ipvsadm

验证

对vip发起访问,可以看到流量从vip进入后会负载均衡到每个udp real server:

nc -u vip udp-port
举报

相关推荐

【Git】推送Github失败:remote: Permission to xxx/*.git denied to xxx

c语言嵌入式硬件

[git]gitpush提示remote: Permission to xxx.git denied to xxx

git解决方法客户端Html/CSS前端开发

git clone提示Permission denied (publickey)

gitcloneSSHHTTPS没有权限虚拟化云计算

连接GIT报Permission denied (publickey).错误

git

Git报错解决:git@gitee.com: Permission denied (publickey).

git

[Git]解决Permission denied, please try again问题

git上传自动生成Java编程语言

Jenkins构建报错:ERROR: Error fetching remote repo ‘origin‘( Permission denied)

jenkinsjavagit

git error: Unable to append to .git/logs/refs/heads/xxx: Permission denied

git用户组根目录Linux系统/运维

解决github的remote rejected|git存储库的推送保护

githubgit

git push报错:[remote rejected] tisco -> tisco (pre-receive hook declined)

web安全网络安全
0 条评论