NAT模型图
注意事项:RealServer需要把网关指向Director,并且Director要打开转发功能命令如下:
echo "1" > /proc/sys/net/ipv4/ip_foreward
DR模型图
注意事项:需要在RealServer配置如下信息:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0
环境:
搭建NFS共享存储服务,ip
NIP:192.168.220.18
搭建Keepalived,ip
DIP1:192.168.220.28
DIP2:192.168.220.24
VIP:192.168.220.5
搭建RealServer,ip
RIP1:192.168.220.25
RIP2:192.168.220.26
Client Test Host
IP:192.168.11.30
ps:自己三层交换做Vlan
一、NFS搭建步骤
1、查看R1/R2用于跑httpd服务的User
[root@Real-Server-Two ~]# ps -ef |grep httpd | head -2 root 3318 1 0 14:44 ?00:00:01 /usr/sbin/httpd -DFOREGROUND apache 3319 3318 0 14:44 ?00:00:00 /usr/sbin/httpd -DFOREGROUND #发现apache [root@Real-Server-Two ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache) [root@Real-Serve-One ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache)
2、在NFS-Server上面创建用于共享的文件,并且创建apapche用户UID为48
[root@NFS-Server ~]# clear[root@NFS-Server ~]# mkdir -p /data/site/ [root@NFS-Server ~]# useradd -M -r -s /sbin/nologin -u 48 apache [root@NFS-Server ~]# id apache uid=48(apache) gid=48(apache) groups=48(apache)
3、设定/data/site/www.sunshineboy.com用户与用户组
[root@NFS-Server ~]# chown apache.apache /data/site/ [root@NFS-Server ~]# ls -l /data/site/ total 0drwxr-xr-x 2 apache apache 39 Oct 24 12:22 www.sunshineboy.com
4、安装nfs-utils组件,与启动服务
yum install -y nfs-utlis [root@NFS-Server ~]# systemctl start rpcbind [root@NFS-Server ~]# systemctl start nfs.service [root@NFS-Server ~]# ps -ef | grep nfsroot 3400 2 0 11:30 ?00:00:00 [nfsd4] root 3401 2 0 11:30 ?00:00:00 [nfsd4_callbacks] root 3407 2 0 11:30 ?00:00:00 [nfsd] root 3408 2 0 11:30 ?00:00:00 [nfsd] root 3409 2 0 11:30 ?00:00:00 [nfsd] root 3410 2 0 11:30 ?00:00:00 [nfsd] root 3411 2 0 11:30 ?00:00:00 [nfsd] root 3412 2 0 11:30 ?00:00:00 [nfsd] root 3413 2 0 11:30 ?00:00:00 [nfsd] root 3414 2 0 11:30 ?00:00:00 [nfsd] root 3859 2471 0 15:48 pts/100:00:00 grep --color=auto nfs
5、NFS配置文件设定及exportfst
[root@NFS-Server ~]# cat /etc/exports/data/site/www.sunshineboy.com 192.168.220.0/24(rw,root_squash) [root@NFS-Server ~]# exportfs /data/site/www.sunshineboy.com 192.168.220.0/24
6、清空iptables及关闭SELinux
[root@NFS-Server ~]# iptables -F [root@NFS-Server ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@NFS-Server ~]# cat /etc/selinux/config | grep disabled # disabled - No SELinux policy is loaded.SELINUX=disabled [root@NFS-Server ~]# getenforce Disabled
二、Keepalived搭建步骤
1、安装keepalived程序
[root@Director-One ~]# yum install -y keepalived #DIP1安装 [root@Director-Two ~]# yum install -y keepalived #DIP2安装
2、keepalived的D1/D2配置
Director1配置
[root@Director-One keepalived]# cat keepalived.conf #查看D1配置 !Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from sunshineboy@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_mcast_group4 224.0.100.18 } vrrp_instance VI_1 { state MASTER interface eno16777728 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.220.5 } } virtual_server 192.168.220.5 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 192.168.220.25 80 { weight 1 HTTP_GET { url { path / status_cde 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.220.26 80 { weight 1 HTTP_GET { url { path / status_cde 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@Director-One keepalived]# systemctl start keepalived #DIP1启动服务 [root@Director-One keepalived]# ip add sh | grep "192.168.220." #查看,220.5地址有了 inet 192.168.220.24/27 brd 192.168.220.31 scope global dynamic eno16777728 inet 192.168.220.5/32 scope global eno16777728
Director2配置
[root@Director-Two keepalived]# cat keepalived.conf #查D2看配置 ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from sunshineboy@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_mcast_group4 224.0.100.18 } vrrp_instance VI_1 { state BACKUP interface eno16777728 virtual_router_id 51 priority 98 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.220.5 } } virtual_server 192.168.220.5 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP real_server 192.168.220.25 80 { weight 1 HTTP_GET { url { path / status_cde 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.220.26 80 { weight 1 HTTP_GET { url { path / status_cde 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@Director-Two keepalived]# ip add sh | grep "192.168.220" inet 192.168.220.28/27 brd 192.168.220.31 scope global dynamic eno16777728
3、安装ipvsadm查看Lvs调度是否如我们所设定那样
[root@Director-Two keepalived]# yum install ipvsadm -y #在D2安装ipvsadm [root@Director-One keepalived]# yum install ipvsadm -y #在D1安航ipvsadm [root@Director-One keepalived]# ipvsadm -Ln #在D1查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0 [root@Director-Two keepalived]# ipvsadm -Ln #在D2查看Lvs规则 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0
三、RealServer步骤搭建
1、编写设定VIP及内核功能参数脚本
[root@Real-Server-Two ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Server-Two ~]# chmod +x skp.sh #赋予执行权限 [root@Real-Serve-One ~]# vim skp.sh #在R2上编辑skp.sh脚本添加下面内容 [root@Real-Serve-One ~]# chmod +x skp.sh #赋予执行权限 #!/bin/bash#vip=192.168.220.5case $1 instart) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 del $vip ;; esac
2、在RealServer1/RealServer2Z执行该脚本
[root@Real-Serve-One ~]# sh skp.sh start #执行脚本 [root@Real-Serve-One ~]# ip add sh | grep "192.168.220" #查看是否成功 inet 192scope global lo:0inet 192.168.220.25/27 brd 192.168.220.31 scope global dynamic eno16777728 [root@Real-Server-Two ~]# sh skp.sh start #执行脚本 [root@Real-Server-Two ~]# ip add sh | grep "192.168.220." #查看是否成功inet 192.168.220.5/32 brd 192.168.220.5 scope global lo:0inet 192.168.220.26/27 brd 192.168.220.31 scope global dynamic eno16777728
测试:
[root@R2 ~]# ip add sh | grep "192.168.11." #查看IP地址是否是11.30 inet 192.168.11.17/32 brd 192.168.11.17 scope global lo:0inet 192.168.11.30/24 brd 192.168.11.255 scope global eno16780032 [root@R2 ~]# curl <h1>Test files 25.</h1> [root@R2 ~]# curl <h1>Test files 26.</h1> [root@R2 ~]# curl <h1>Test files 25.</h1> [root@R2 ~]# curl <h1>Test files 26.</h1> [root@R2 ~]# curl [root@R2 ~]# curl [root@R2 ~]# curl [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "One" #特意把hostname改为不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Serve-One 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr>100 421770 421770 0 758k 0 --:--:-- --:--:-- --:--:-- 762k [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "Two" #特意把hostname改为不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Server-Two 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr>100 421790 421790 0 1084k 0 --:--:-- --:--:-- --:--:-- 1113k
测试静态动态页面分离
依然使用11.30 IP Client Test
nginx RealServer2配置
server { listen 80; server_name localhost; location / { root /var/www/html; index index.html index.htm; } location ~ .*\.php$ { proxy_pass http://192.168.220.25; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } - nginx RealServer1配置 - server { listen 80; server_name www.855.com; location / { root /var/www/html; index index.html index.htm; } location ~ .*\.php$ { root /var/www/html/www.sunshineboy.com; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
访问测试
[root@R2 conf]# curl http://192.168.220.25/index.php | grep -o "Two\|One" #访问25,发现One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" #访问192.168.220.5,也是One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1328k 0 --:--:-- --:--:-- --:--:-- 1333k [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1091k 0 --:--:-- --:--:-- --:--:-- 1116k [root@R2 conf]# curl http://192.168.220.26/index.php | grep -o "Two\|One" #还是One,证明代理成功,动态静态分开了 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 492440 492440 0 1297k 0 --:--:-- --:--:-- --:--:-- 1335k
本文出自 “SunshineBoySZF” 博客,请务必保留此出处http://sunshineboyszf.blog.51cto.com/12087328/1865265
原文:http://sunshineboyszf.blog.51cto.com/12087328/1865265