自己捯饬的模型图
-
NAT模型图
注意事项:RealServer需要把网关指向Director,并且Director要打开转发功能命令如下:
echo "1" > /proc/sys/net/ipv4/ip_foreward
-
DR模型图
注意事项:需要在RealServer配置如下信息:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0
Lvs DR 模型搭建,后端Apache使用共享NFS
环境:
-
搭建NFS共享存储服务,ip
NIP:192.168.220.18
-
搭建Keepalived,ip
DIP1:192.168.220.28
DIP2:192.168.220.24
VIP:192.168.220.5
-
搭建RealServer,ip
RIP1:192.168.220.25
RIP2:192.168.220.26
-
Client Test Host
IP:192.168.11.30
ps:自己三层交换做Vlan
一、NFS搭建步骤
1、查看R1/R2用于跑httpd服务的User
[root@Real-Server-Two ~]# ps -ef |grep httpd | head -2 root 3318 1 0 14:44 ?00:00:01 /usr/sbin/httpd -DFOREGROUND apache 3319 3318 0 14:44 ?00:00:00 /usr/sbin/httpd -DFOREGROUND #发现apache [root@Real-Server-Two ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache) [root@Real-Serve-One ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache)
2、在NFS-Server上面创建用于共享的文件,并且创建apapche用户UID为48
[root@NFS-Server ~]# clear [root@NFS-Server ~]# mkdir -p /data/site/www.sunshineboy.com [root@NFS-Server ~]# useradd -M -r -s /sbin/nologin -u 48 apache [root@NFS-Server ~]# id apache uid=48(apache) gid=48(apache) groups=48(apache)
3、设定/data/site/www.sunshineboy.com用户与用户组
[root@NFS-Server ~]# chown apache.apache /data/site/www.sunshineboy.com [root@NFS-Server ~]# ls -l /data/site/ total 0 drwxr-xr-x 2 apache apache 39 Oct 24 12:22 www.sunshineboy.com
4、安装nfs-utils组件,与启动服务
yum install -y nfs-utlis [root@NFS-Server ~]# systemctl start rpcbind [root@NFS-Server ~]# systemctl start nfs.service [root@NFS-Server ~]# ps -ef | grep nfs root 3400 2 0 11:30 ?00:00:00 [nfsd4] root 3401 2 0 11:30 ?00:00:00 [nfsd4_callbacks] root 3407 2 0 11:30 ?00:00:00 [nfsd] root 3408 2 0 11:30 ?00:00:00 [nfsd] root 3409 2 0 11:30 ?00:00:00 [nfsd] root 3410 2 0 11:30 ?00:00:00 [nfsd] root 3411 2 0 11:30 ?00:00:00 [nfsd] root 3412 2 0 11:30 ?00:00:00 [nfsd] root 3413 2 0 11:30 ?00:00:00 [nfsd] root 3414 2 0 11:30 ?00:00:00 [nfsd] root 3859 2471 0 15:48 pts/100:00:00 grep --color=auto nfs
5、NFS配置文件设定及exportfst
[root@NFS-Server ~]# cat /etc/exports /data/site/www.sunshineboy.com 192.168.220.0/24(rw,root_squash) [root@NFS-Server ~]# exportfs /data/site/www.sunshineboy.com 192.168.220.0/24
6、清空iptables及关闭SELinux
[root@NFS-Server ~]# iptables -F [root@NFS-Server ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@NFS-Server ~]# cat /etc/selinux/config | grep disabled # disabled - No SELinux policy is loaded. SELINUX=disabled [root@NFS-Server ~]# getenforce Disabled
二、Keepalived搭建步骤
1、安装keepalived程序
[root@Director-One ~]# yum install -y keepalived #DIP1安装 [root@Director-Two ~]# yum install -y keepalived #DIP2安装
2、keepalived的D1/D2配置
– Director1配置
[root@Director-One keepalived]# cat keepalived.conf #查看D1配置
!Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-One keepalived]# systemctl start keepalived #DIP1启动服务
[root@Director-One keepalived]# ip add sh | grep "192.168.220." #查看,220.5地址有了
inet 192.168.220.24/27 brd 192.168.220.31 scope global dynamic eno16777728
inet 192.168.220.5/32 scope global eno16777728
– Director2配置
[root@Director-Two keepalived]# cat keepalived.conf #查D2看配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-Two keepalived]# ip add sh | grep "192.168.220"
inet 192.168.220.28/27 brd 192.168.220.31 scope global dynamic eno16777728
3、安装ipvsadm查看Lvs调度是否如我们所设定那样
[root@Director-Two keepalived]# yum install ipvsadm -y #在D2安装ipvsadm [root@Director-One keepalived]# yum install ipvsadm -y #在D1安航ipvsadm [root@Director-One keepalived]# ipvsadm -Ln #在D1查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0 [root@Director-Two keepalived]# ipvsadm -Ln #在D2查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0
三、RealServer步骤搭建
1、编写设定VIP及内核功能参数脚本
[root@Real-Server-Two ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Server-Two ~]# chmod +x skp.sh #赋予执行权限 [root@Real-Serve-One ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Serve-One ~]# chmod +x skp.sh #赋予执行权限 #!/bin/bash # vip=192.168.220.5 case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0 ;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 del $vip ;; esac
2、在RealServer1/RealServer2Z执行该脚本
[root@Real-Serve-One ~]# sh skp.sh start #执行脚本 [root@Real-Serve-One ~]# ip add sh | grep "192.168.220" #查看是否成功 inet 192.168.220.5/32 brd 192.168.220.5 scope global lo:0 inet 192.168.220.25/27 brd 192.168.220.31 scope global dynamic eno16777728 [root@Real-Server-Two ~]# sh skp.sh start #执行脚本 [root@Real-Server-Two ~]# ip add sh | grep "192.168.220." #查看是否成功 inet 192.168.220.5/32 brd 192.168.220.5 scope global lo:0 inet 192.168.220.26/27 brd 192.168.220.31 scope global dynamic eno16777728
测试:
[root@R2 ~]# ip add sh | grep "192.168.11." #查看IP地址是否是11.30 inet 192.168.11.17/32 brd 192.168.11.17 scope global lo:0 inet 192.168.11.30/24 brd 192.168.11.255 scope global eno16780032 [root@R2 ~]# curl http://192.168.220.5/index.html #测试25 <h1>Test files 25.</h1> [root@R2 ~]# curl http://192.168.220.5/index.html #测试26 <h1>Test files 26.</h1> [root@R2 ~]# curl http://192.168.220.5/index.html <h1>Test files 25.</h1> [root@R2 ~]# curl http://192.168.220.5/index.html <h1>Test files 26.</h1> [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.html #这个页面是NFS共享存储 <h1>Tset</h1> [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.html <h1>Tset</h1> [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.html <h1>Tset</h1> [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "One" #特意把hostname改为不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Serve-One 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr> 100 421770 421770 0 758k 0 --:--:-- --:--:-- --:--:-- 762k [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "Two" #特意把hostname改为不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Server-Two 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr> 100 421790 421790 0 1084k 0 --:--:-- --:--:-- --:--:-- 1113k
测试静态动态页面分离
依然使用11.30 IP Client Test
– nginx RealServer2配置
server {
listen 80;
server_name localhost;
location / {
root /var/www/html;
index index.html index.htm;
}
location ~ .*\.php$ {
proxy_pass http://192.168.220.25;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
– nginx RealServer1配置
server {
listen 80;
server_name www.855.com;
location / {
root /var/www/html;
index index.html index.htm;
}
location ~ .*\.php$ {
root /var/www/html/www.sunshineboy.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
– 访问测试
[root@R2 conf]# curl http://192.168.220.25/index.php | grep -o "Two\|One" #访问25,发现One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491640 491640 0 1121k 0 --:--:-- --:--:-- --:--:-- 1143k [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" #访问192.168.220.5,也是One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1328k 0 --:--:-- --:--:-- --:--:-- 1333k [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1091k 0 --:--:-- --:--:-- --:--:-- 1116k [root@R2 conf]# curl http://192.168.220.26/index.php | grep -o "Two\|One" #还是One,证明代理成功,动态静态分开了 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 492440 492440 0 1297k 0 --:--:-- --:--:-- --:--:-- 1335k
原创文章,作者:N24-SunshineBoy,如若转载,请注明出处:http://www.178linux.com/54263
评论列表(1条)
内容格式把握得很好,原理部分可以加入一些自己的理解,加油!