LINUIX笔记
2014-03-03
//对等模式,域控
1.samba原理
基于UDP协议端口:137,138
基于tcp协议端口:139,445
2.samba安装
[root@xiao59 ~]# yum install samba.x86_64 samba-client.x86_64 samba-common.x86_64
3.查看配置文件目录
[root@s01 ~]# rpm -ql samba-common-3.6.9-151.el6.x86_64
/etc/samba
/etc/samba/lmhosts
/etc/samba/smb.conf ---配置文件
/etc/sysconfig/samba
/lib64/security/pam_smbpass.so
/usr/bin/net
/usr/bin/pdbedit
/usr/bin/profiles
/usr/bin/smbcontrol
/usr/bin/smbcquotas
/usr/bin/smbpasswd
/usr/bin/testparm
4.启动服务
[root@s01 ~]# rpm -ql samba-3.6.9-151.el6.x86_64
/etc/logrotate.d/samba
/etc/openldap/schema
/etc/openldap/schema/samba.schema
/etc/pam.d/samba
/etc/rc.d/init.d/nmb
/etc/rc.d/init.d/smb
nmb:管理工作群组,netbios name等解析,利用UDP协议(137,138端口)来负责名称解析的任务
smb:管理主机分享的目录与打印机等,利用tcp来传输共享文件,利用端口tcp协议(139,445端口)
##自动启动
[root@s01 ~]# chkconfig --level 3 smb on
[root@s01 ~]# chkconfig --level 3 nmb on
5.配置文件
##全局设置
[global]
security=share/user/server/domain
----------------------------------
share:不需要用户名和密码
user:需用户名和密码
server: 用户名和密码在指定的一台samba上验证,验证错误,客户端会用user级别访问
domain:服务器加入window域环境,验证工作由windows域控制器负责。
ads:使用ads安全级别加入到windows域环境中,包含有domain级别中的所有功能,并且可以具备域控制器的功能。
-----------------------------------
[share_config]---共享目录设置
###配置文件
vim /etc/samba/smb.conf
======================================
[global]
##日志文件目录
log file = /var/log/samba/log.%m
##max 50KB per log file, then rotate
//日志切割大小
max log size = 50
##安全级别share/user
security = user
config file ---定义子配置文件
hosts allow/hosts deny ---允许/拒绝某些主机访问,写在[global]里面对全局生效,
---写在自定义共享目录,只对单个目录生效
=========================================
//自定义共享目录
vim /etc/samba/smb.conf
==============================
##共享目录名称//101.10.54.59/public
[public]
##标识
comment = Public Stuff
##服务器端共享目录的存储路径
path = /home/samba
##是否允许命名用户访问
public = yes
##是否具有写入权限
writable = yes
##是否具有打印权限
printable = no
##指定那些用户或者用户组
write list = +staff
##共享目录是否可见(no为隐藏,yes为可见)
browseable= no
##匿名用户是否可以访问
guest ok= yes
===============================
//配置文档帮助
man smb.conf
6.案例一:匿名用户登录
vim /etc/samba/smb.conf
======================
[global]
security = share
[public]
comment = public03
path = /pub
public = yes
writable = yes
=======================
##重启
/etc/init.d/smb restart
##测试
语法:smbclient -L ip_address [-U 用户帐号]
smbclient -L ip_address:/目录命令
smbclient -L 127.0.0.1
##访问方式
\\10.10.54.226\public ---windows
smb://10.10.54.226/public ---linux
7.案例二:认证用户登录
##创建系统用户
useradd wangxq -g public
##创建samba用户
pdbedit -a -u wang
##修改samba用户密码
smbpasswd samba_username
##查看samba用户:
pdbedit -L
##删除samba用户
pdbedit -x samba_username
##修改配置文件
vim /etc/samba/smb.conf
=======================
[global]
security = user
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
=======================
##测试:
smbclient -L //10.10.54.226/public -U wang
##查看samba进程连接
smbstatus [-pS] [-u username]
##测试配置文件
testparm /etc/samba/smb.conf
8.案例三:用户帐号的映射
##帐号映射配置
vim /etc/samba/smbusers
=======================
wang = ccc ssr
=======================
##配置文件配置
vim /etc/samba/smb.conf
=======================
[global]
security = user
username map = /etc/samba/smbusers
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
==============================
9.案例四:客户端访问控制
hosts allow:只允许配置的IP地址/段可以访问samba服务器端
hosts deny:只拒绝配置的IP地址/段可以访问samba服务器端
##配置文件配置
vim /etc/samba/smb.conf
=======================
[global]
security = user
hosts allow = 10.10.54.130
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
##允许banqk用户,public组有写入权限
write list = +banqk,@public
===============================
10.案例5:隐藏共享
需求:/security目录值可以boss用户浏览和登录,/pub目录只可以@yanfa,boss可以访问和浏览
##需要针对boss用户单独创建一个配置文件 smb.conf.boss
cp /etc/samba/smb.conf /etc/samba/smb.conf.boss
##配置文件配置
vim /etc/samba/smb.conf
============================
[global]
security = user
config file = /etc/samba/smb.conf.%U
[tech]
comment = yanfa access
path = /tech
write list = @yanfa,boss
browseable = yes
=============================
vim /etc/samba/smb.conf.boss
=============================
[global]
security = user
[tech]
comment = yanfa access
path = /tech
write list = @yanfa,boss
browseable = yes
[sec]
comment = only boss access
path = /security
write list = boss
writeable = yes
browseable = yes
===============================
##测试
smbclient -L 10.10.54.226 -U boss ---boss用户
smbclient -L 10.10.54.226 -U wenl ---研发组用户
________________________________________________________
2014-03-04
NFS:network file system,可以通过网络,让不同的机器,不同的操作系统可以共享彼此的文件。
RPC:远程过程调用
1.安装nfs,rpc
##centos5.x中portmap就是指centos6.x中的rpcbind
yum install nfs-utils.x86_64 rpcbind.x86_64
2.启动服务
/etc/init.d/nfs restart
##多人访问时加锁(可以不启动)
/etc/init.d/nfslock restart
##查看日志文件
tail -f /var/log/messages
##查看端口
netstat -ntlp
netstat -nulp
netstat -ntulp |egrep '(nfs|rpc)'/netstat -ntlup |grep -E '(nfs|rpc)'
3.常用命令
##查看RPC注册情况
rpcinfo -t|-u ip|hostname 程序名称
-p:针对某个IP或者主机名显示出所有端口和程序信息。
egg:rpcinfo -p localhost
-t/-u:针对某个主机的某个程序检查其tcp/udp数据包所在的软件版本。
##例子:
[root@s01 samba]# rpcinfo -t localhost mountd
program 100005 version 1 ready and waiting
program 100005 version 2 ready and waiting
program 100005 version 3 ready and waiting
[root@s01 samba]# /etc/init.d/rpcbind stop
Stopping rpcbind: [ OK ]
[root@s01 samba]# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
[root@s01 samba]# /etc/init.d/rpcbind stop
Stopping rpcbind: [ OK ]
[root@s01 samba]# rpcinfo -t localhost mountd
rpcinfo: RPC: Port mapper failure - Unable to receive: errno 111 (Connection refused)
program 100005 is not available
4.配置文件语法
vim /etc/exports
===========================
共享目录 IP地址(段)|主机名(权限)
/tmp 10.10.54.0/24(rw)
===========================
##客户端查看服务器端共享的目录数据
[root@tech03 /]# showmount -e 10.10.54.226
Export list for 10.10.54.226:
/tmp 10.10.54.0
5.案例一:NFS基本搭建
1)网络规划:
服务器端:10.10.54.59
客户端:10.10.54.58
2)在服务器端安装软件
yum install nfs-utils.x86_64 rpcbind.x86_64
3)配置配置文件
vim /etc/exports
======================
/tmp 10.10.54.0/24(rw)
/ha 10.10.54.58(ro)
=======================
##新建目录
mkdir /tmp
mkdir /ha
##重启服务
[root@xiao59 ~]# /etc/init.d/rpcbind restart
[root@xiao59 ~]# /etc/init.d/nfs restart
4)在客户端安装软件
yum install nfs-utils.x86_64 rpcbind.x86_64
##新建目录
mkdir /mnt/tmp
nkdir /mnt/ha
##启动RPC服务
[root@xiao58 ~]# /etc/init.d/rpcbind restart
5)查看服务器端可共享的目录
[root@xiao58 ~]# showmount -e 10.10.54.59
6)客户端手工挂载
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/tmp /mnt/tmp/
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/ha /mnt/ha
7)测试
/tmp
---------------------------------------------------------
客户端:
##切换目录
cd /mnt/tmp
##新建文件
[root@xiao58 tmp]# touch zzz
##查看文件
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 09:28 zzz
服务器端:
[root@xiao59 tmp]# ll /tmp/
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 09:28 zzz
--------------------------------------------------------------
/ha
----------------------------------------------
客户端:
##切换目录
cd /mnt/ha
##新建文件
[root@xiao58 ha]# touch aaa
touch: cannot touch `aaa': Read-only file system
----------------------------------------------
6.案例二:创建映射用户
1)服务器端创建用户
useradd upload
##查看创建用户
[root@xiao59 ~]# cat /etc/passwd|grep upload
upload:x:508:508::/home/upload:/bin/bash
##创建目录
mkdir /home/upload
mkdir /tech
2)服务器端配置配置文件
vim /etc/export
=======================
/home/upload 10.10.54.0/24(rw,async,anonuid=508,anongid=508,all_squash)
/tech 10.10.54.0/24(rw,all_squash)
========================
##重启服务
[root@xiao59 ~]# /etc/init.d/rpcbind restart
[root@xiao59 ~]# /etc/init.d/nfs restart
3)客户端
##创建挂载目录
mkdir -p /mnt/home/upload
mkdir /mnt/tech
##启动RPC服务
[root@xiao58 ~]# /etc/init.d/rpcbind restart
4)查看服务器端可共享的目录
[root@xiao58 ~]# showmount -e 10.10.54.59
5)客户端手工挂载
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/tech /mnt/tech
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/home/upload /mnt/home/upload/
6)测试
/tech
---------------------------------------------------------
客户端:
##切换目录
cd /mnt/tech/
##新建文件
[root@xiao58 tech]# touch wang
##error touch: cannot touch `wang': Permission denied
解决方法:服务器端[root@xiao59 ~]# chmod 757 /tech/
##查看文件
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 11:37 wang
服务器端:
[root@xiao59 ~]# ll /tech/
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 11:37 wang
--------------------------------------------------------------
/home/upload
----------------------------------------------
客户端:
##切换目录
cd /mnt/home/upload/
##新建文件
[root@xiao58 upload]# touch xiao
##查看文件
-rw-r--r-- 1 508 508 0 Mar 4 11:39 xiao --显示映射为508
服务器端:
[root@xiao59 ~]# ll /home/upload/
-rw-r--r-- 1 upload upload 0 Mar 4 11:39 xiao
----------------------------------------------
7.案例三:NFS固定端口配置
vim /etc/sysconfig/nfs
===========================
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
# Port rquotad should listen on.
RQUOTAD_PORT=875
# Port rpc.statd should listen on.
STATD_PORT=662
===========================
____________________________________________________________________
2014-03-05
world wide web(www):apache,nginx,iis
1.apache安装
[root@xiao59 ~]# yum install -y httpd.x86_64 httpd-devel.x86_64 httpd-tools.x86_64
##重启
[root@xiao59 ~]# /etc/init.d/httpd restart
[root@xiao59 ~]# /etc/init.d/named restart
##测试配置文件
[root@s01 ~]# /etc/init.d/httpd configtest
httpd: Could not reliably determine the server's fully qualified domain name, using 10.10.54.226 for ServerName
Syntax OK
##查看配置文件
ll /etc/httpd
conf conf.d logs modules run
##配置文件目录
/etc/httpd/conf | /etc/httpd/conf.d
##加载模块的方式
LoadModule proxy_http_module modules/mod_proxy_http.so
##主配置文件
Section 1: Global Environment
Section 2: 'Main' server configuration
Section 3: Virtual Hosts
##配置文件讲解
vim /etc/httpd/conf/httpd.conf
------------------------------------------------------------
ServerName www.nclub.com ---用于识别自己的主机名和端口
ServerAdmin root@localhost ---apache返回的错误信息中所包含的的管理员邮箱
ServerTokens OS ---默认参数为OS(显示http版本号和系统类型),参数选项(prod/major/minor/min/os/full),返回apache产品名称,主板本号,次版本号,操作系统,详细信息
Listen 80 ---配置监听端口
DocumentRoot "/var/www/html" ---网站内容根目录
DirectoryIndex index.php index.htm index.html index.html.var ---默认首页配置,添加其他类型首页用空格分开
ServerRoot "/etc/httpd" ---用来设置apache配置文件,日志文件和apache模块文件的存放目录
CustomLog logs/access_log combined ---##访问日志
ErrorLog logs/error_log ---错误日志
User apache ---默认用户
Group apache ---默认用户组
##主要的虚拟主机参数
NameVirtualHost *:80 --基于域名的虚拟主机,需要开启此参数
<VirtualHost ip/domain:port>
DocumentRoot /var/www/html
ServerName www.nclub.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log
</VirtualHost>
---------------------------------------------------------------
2.案例一:搭建一个简单web服务器
3.案例二:基于IP的虚拟主机(必须多个IP)
1)添加IP(重启后失效)
[root@xiao59 ~]# ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
[root@xiao59 ~]# ifconfig eth0:1 10.10.54.53 netmask 255.255.255.0
2)在DNS中添加A记录
vim /var/named/named.ssr.com
============================
www.ssr.com IN A 10.10.54.59
hr.ssr.com IN A 10.10.54.52
bbs.ssr.com IN A 10.10.54.53
============================
3)修改配置文件,添加虚拟主机
vim /etc/httpd/conf/httpd.conf
================================
<VirtualHost 10.10.54.59:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost 10.10.54.52:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost 10.10.54.53:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
===================================
4)重启服务
[root@xiao59 ~]# /etc/init.d/named restart
[root@xiao59 ~]# /etc/init.d/httpd restart
Starting httpd: Warning: DocumentRoot [/var/www/hr] does not exist
Warning: DocumentRoot [/var/www/bbs] does not exist
##解决方法
[root@xiao59 ~]# mkdir -p /var/www/hr
[root@xiao59 ~]# mkdir -p /var/www/bbs
5)创建首页
[root@xiao59 ~]# mkdir -p /var/www/html/index.html
[root@xiao59 ~]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/hr/index.html
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.html
6)修改服务配置
haha@ha :~$ sudo vim /etc/resolv.conf
==========================
nameserver 10.10.54.59
==========================
[root@xiao59 named]# vim /etc/resolv.conf
==========================
nameserver 10.10.54.59
==========================
7)测试
##分别在浏览器中输入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##测试工具测试
elinks bbs.ssr.com
--------------------------------------------------------------------
方案二:
1)添加IP(重启后失效)
[root@xiao59 ~]# ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
[root@xiao59 ~]# ifconfig eth0:1 10.10.54.53 netmask 255.255.255.0
2)修改配置文件,添加虚拟主机
vim /etc/httpd/conf/httpd.conf
================================
<VirtualHost 10.10.54.59:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost 10.10.54.52:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost 10.10.54.53:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
===================================
3)重启服务
[root@xiao59 ~]# /etc/init.d/named restart
[root@xiao59 ~]# /etc/init.d/httpd restart
4)添加解析(UBUNTU)
vim /etc/hosts
===========================
10.10.54.59 www.ssr.com
10.10.54.52 hr.ssr.com
10.10.54.53 bbs.ssr.com
============================
5)创建首页
[root@xiao59 ~]# mkdir -p /var/www/html/index.html
[root@xiao59 ~]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/hr/index.html
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.html
6)测试
##分别在浏览器中输入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##测试工具测试
elinks bbs.ssr.com
*****************************************************************
4.案例三:基于域名的虚拟主机(可以只用一个IP)
1)在DNS中添加A记录或CNAME记录
vim /var/named/named.ssr.com
========================================
www.ssr.com. IN A 10.10.54.59
hr.ssr.com. IN A 10.10.54.59
bbs.ssr.com. IN A 10.10.54.59
========================================
2)修改配置文件,添加虚拟主机
vim /etc/httpd/conf/httpd.conf
===============================
NameVirtualHost *:80 --开启域名解析开关
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
======================================
3)重启
/etc/init.d/named restart
/etc/init.d/network restart
/etc/init.d/httpd restart
4)测试
##分别在浏览器中输入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##测试工具测试
elinks bbs.ssr.com
5.测试工具
ab -n 10000 -c 50 http://www.ssr.com/index.html
##文本浏览器测试工具
[root@xiao59 ~]# yum install elinks.x86_64
##扩展:
[root@xiao59 ~]# which ab
/usr/bin/ab
[root@xiao59 ~]# rpm -qf /usr/bin/ab
httpd-tools-2.2.15-26.el6.centos.x86_64
//学习一些html基本语法
[root@s01 httpd]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
____________________________________________________________
2014-03-06
6.案例四:apache.htaccess访问
1)创建认证用户(第一次要加-c)
[root@xiao59 ~]# htpasswd -c /etc/httpd/conf/users xiaoq
2)创建.htaccess文件
[root@xiao59 ~]# vim /var/www/html/.htaccess
=========================
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
==========================
3)修改配置文件
[root@xiao59 ~]# vim /etc/httpd/conf/httpd.conf
=============================
#add files
<Directory "/var/www/html">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
==============================
4)重启apache
/etc/init.d/httpd restart
5)测试
打开浏览器:www.ssr.com
##注意:nameserver 10.10.54.59
****************************************************
7.案例五:apache ssl
1)安装mod_ssl
yum install mod_ssl.x86_64
##创建目录
mkdir .ssl
[root@xiao59 ~]# yum list |grep ssl
openssl.x86_64 ---确保安装
2)创建CA证书
##创建rsa私用密钥
cd conf/.ssl
[root@s01 .ssl]# openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
##查看ca.key密钥内容
[root@xiao59 .ssl]# openssl rsa -noout -text -in ca.key
Enter pass phrase for ca.key:
##利用CA的RSA密钥创建一个自签署的CA证书
[root@xiao59 .ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
3).创建服务器证书签署请求
##创建RSA私钥
[root@xiao59 .ssl]# openssl genrsa -des3 -out server.key 1024
[root@xiao59 .ssl]# ll
total 12
-r-------- 1 root root 989 3月 6 09:56 ca.crt
-r-------- 1 root root 963 3月 6 09:52 ca.key
-rw-r--r-- 1 root root 963 3月 6 10:00 server.key
##利用server.key产生证书签署请求CSR
[root@xiao59 .ssl]# openssl req -new -key server.key -out server.csr
##down mod_ssl source code,and tar
wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz
##get sign.sh
cp /softs/mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh /etc/httpd/conf/.ssl/
##签署证书
[root@xiao59 .ssl]# ./sign.sh server.csr
[root@xiao59 .ssl]# ls
ca.crt ca.db.index ca.db.serial server.crt server.key
ca.db.certs ca.db.index.attr ca.key server.csr sign.sh
[root@xiao59 .ssl]# rm -f server.csr
##改变文件权限
[root@xiao59 .ssl]# chmod 400 server.crt
4)产生client端的个人证书(可以不做这步)
[root@xiao59 .ssl]# openssl pkcs12 -export -in server.crt -inkey server.key -out client.p12 -name "public"
5).编辑/etc/http/conf.d/ssl.conf
##注释掉原来httpd.conf中的以下
[root@xiao59 httpd]# vim conf.d/ssl.conf
====================================
LoadModule ssl_module modules/mod_ssl.so ---confirm
Listen 443 ---confirm
<VirtualHost _default_:443>
ServerAdmin wanxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
SSLCertificateFile /etc/httpd/conf/.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/.ssl/server.key
===================================================
##重启服务
/etc/init.d/httpd restart
-------------------------------下午----------------------
案例六
1.重装mysql
##备份原配置文件
[root@xiao59 softs]# cp /etc/my.cnf /softs/
##安装mysql RPM版本
[root@xiao59 softs]# yum install mysql.x86_64 mysql-devel.x86_64 mysql-server.x86_64
##修改配置文件
[root@xiao59 ~]# vim /etc/my.cnf
================================
[client]
socket = /var/lib/mysql/mysql.sock
[mysqld]
socket = /var/lib/mysql/mysql.sock
datadir = /data/mysql
==============================
##创建数据库目录
[root@xiao59 ~]# mkdir /data/mysql
[root@xiao59 ~]# chown mysql.mysql /data/mysql -R
##查看mysql路径
[root@xiao59 ~]# which mysql
/usr/bin/mysql
##添加mysql路径
[root@xiao59 ~]# vim /etc/profile.d/myfile.sh
=======================
PATH=${PATH}:/usr/bin
=====================
#导入变量
[root@xiao59 ~]# source /etc/profile
##重启
[root@xiao59 ~]# /etc/init.d/mysqld restart
2.安装PHP
yum install php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-mysql.x86_64 php-pear.noarch
##创建首页
[root@xiao59 ~]# mkdir /var/www/bbs
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.php
##创建测试代码
[root@xiao59 ~]# vim /var/www/bbs/index.php
==================
<?php
phpinfo();
?>
==================
##添加配置
DirectoryIndex index.php
##下载解压工具并解压
[root@xiao59 softs]# yum install unzip.x86_64
[root@xiao59 softs]# mv Discuz_X3.0_SC_UTF8.zip /var/www/bbs/
[root@xiao59 softs]# cd /var/www/bbs/
[root@xiao59 bbs]# unzip Discuz_X3.0_SC_UTF8.zip
[root@xiao59 bbs]# /etc/init.d/httpd restart
##在浏览器中输入
bbs.ssr.com --显示PHP Version 5.3.3页面
bbs.ssr.com/upload --显示安装向导页面
##同意后出现目录、文件权限错误
[root@xiao59 bbs]# chown apache.apache /var/www/ -R
然后下一步。
==============================================
数据库服务器:10.10.54.59
数据库名:ultrax
数据库用户名:xiaoq
数据库密码:322815
数据表前缀:pre_ --同一数据库运行多个论坛时,请修改前缀
系统信箱 Email:admin@admin.com --用于发送程序错误报告
管理员账号:admin
管理员密码:
重复密码:
管理员 Email:wangxq@ssr.com
===========================================
##记得在mysql中创建用户
mysql> grant all on *.* to 'xiaoq'@'10.10.54.%' identified by '322815';
mysql> flush privileges;
______________________________________________________________________
2014-03-10
Nginx
1.下载wget http://nginx.org/download/nginx-1.4.5.tar.gz
2.编译
1)解压
[root@CentOS001 softs]# tar xvf nginx-1.4.5.tar.gz
2)编译参数解析
[root@CentOS001 nginx-1.4.5]# ./configure --help
===========================================================
--prefix=PATH set installation prefix
--user=USER set non-privileged user for worker processes
--group=GROUP set non-privileged group for worker processes
##开启HTTP SSL模块,使nginx可以支持HTTP请求,这个模块需要已经安装OPENSSL
--with-http_ssl_module enable ngx_http_ssl_module
##支持监控
--with-http_stub_status_module enable ngx_http_stub_status_module
##支持压缩
--with-http_gzip_static_module enable ngx_http_gzip_static_module
##nginx和paython的结合
--http-uwsgi-temp-path=PATH set path to store http uwsg temporary files
##开启select模式,默认的安装方式
--with-select_module enable select module
===============================================================
3)编译三部曲
[root@CentOS001 nginx-1.4.5]# ./configure --prefix=/usr/local/nginx --user=apache --group=apache --with-http_stub_status_module \
--with-http_gzip_static_module --with-http_ssl_module
make
make install
3.用法
1)启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
显示如下错误:
/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
解决方法:
##源代码编译pcre
##创建软连接
1.1)查找:whereis libpcre.so.1
libpcre.so: /lib/libpcre.so.0 /lib64/libpcre.so.0 /usr/local/lib/libpcre.so.1 /usr/local/lib/libpcre.so
1.2)ls -lh /usr/local/lib/libpcre.so.1
1.3)
ln /usr/local/lib/libpcre.so.1.2.0 /lib/libpcre.so.1
ln -s /usr/local/lib/libpcre.so.1.2.0 /lib64/libpcre.so.1
##动态加载:ldconfig
2)查看端口
netstat -ntlp |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3233/nginx
3)关闭
[root@s01 logs]# cat /usr/local/nginx/logs/nginx.pid | xargs kill -TERM
4)重启
[root@s01 logs]# cat /usr/local/nginx/logs/nginx.pid | xargs kill -HUP
HUP 重启
5)其他参数
TEAM,INT 快速停止
USR1 重新打开日志,用于日志切割
USR2 平滑升级可执行程序
QUIT 从容关闭
WINCH 从容关闭工作进程
4.基于IP的虚拟主机
1)编辑配置文件
vim /usr/local/nginx/conf/nginx.conf
=================================
user apache apache;
worker_processes 2;
error_log logs/error.log;
pid logs/nginx.pid;
##去掉注释
access_log logs/access.log;
server {
listen 10.10.54.52:80;
server_name 10.10.54.52;
root /var/www/html;
access_log logs/www.access.log;
charset utf-8;
location / {
root /var/www/html;
index index.html index.htm;
}
}
======================================
2)添加IP
ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
3)添加DNS记录
vim /var/named/named.ssr.com
====================================
www.ssr.com IN A 10.10.54.52
=====================================
##重启:/etc/init.d/named restart
4)测试配置文件
[root@s01 html]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
##浏览器输入:
www.ssr.com或10.10.54.52
5.基于域名的虚拟主机
1)配置文件
vim /usr/local/nginx/conf/nginx.conf
=================================
user apache apache;
error_log logs/error.log;
pid logs/nginx.pid;
##去掉注释
access_log logs/access.log;
server {
listen 80;
server_name www.ssr.com;
root /var/www/html;
access_log logs/www.access.log;
charset utf-8;
location / {
root /var/www/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name hr.ssr.com;
root /var/www/hr;
access_log logs/hr.access.log;
charset utf-8;
location / {
root /var/www/hr;
index index.html index.htm;
}
}
======================================
2)配值DNS
vim /var/named/named.ssr.com
=================================================
$TTL 86400
@ IN SOA ssr.com. root (2014010802 1H 15M 1W 1D)
@ IN NS ssr.com.
ssr.com. IN A 10.10.54.54
hr.ssr.com. IN A 10.10.54.54
www.ssr.com. IN A 10.10.54.54
===================================================
##重启:/etc/init.d/named restart
3)建立测试文件
mkdir -p /var/www/hr
vim /var/www/hr/index.html
========================
<html>
<h1 style=color:red align="center"> welcome to hr!</h>
</html
========================
##更改目录所有者
chown apache.apache /var/www/hr/ -R
4)测试配置文件
[root@CentOS001 www]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
##浏览器输入:
www.ssr.com && hr.ssr.com
6.解决NGINX语法无法高亮显示
1)下载http://www.vim.org/scripts/download_script.php?src_id=14376
2)mkdir -p ~/.vim/syntax
3)mv nginx.vim ~/.vim/syntax/
4)vim ~/.vim/filetype.vim
========================================
au BufRead,BufNewFile /usr/local/nginx/conf/* set ft=nginx
(提醒这里的分隔只有一个空格)
=======================================
7.nginix配置文件格式
====================
user apache apache;
worker_processes 2; CPU核-1
..........
event{
##linux推荐使用的网络I/O模型
use epol1;
}
http{
..........
upstream{}
server{}
}
=====================
8.tomacat
Tomcat的安装分为两个步骤:安装JDK;安装Tomcat。
JDK(JavaDevelopmentKit)是SunMicrosystems针对Java开发员的产品。自从Java推出以来,
JDK已经成为使用最广泛的JavaSDK。JDK 是整个Java的核心,包括了Java运行环境,Java
工具和Java基础的类库。所以要想运行jsp的程序必须要有JDK的支持,理所当然安装Tomcat
的前提是安装好JDK。
1)安装JDK
rpm -ivh jdk-7u51-linux-x64.rpm
2)解压
tar xvf apache-tomcat-7.0.52.tar.gz
##移动文件
[root@CentOS001 softs]# mv apache-tomcat-7.0.52 /usr/local/tomcat
3)给tomcat添加JAVA主目录
[root@CentOS001 softs]# vim /usr/local/tomcat/bin/catalina.sh --96行
==============================
JAVA_HOME=/usr/java/jdk1.7.0_51
CATALINA_HOME=/usr/local/tomcat
==============================
4)做自启动脚本
[root@s01 bin]# cp catalina.sh /etc/init.d/tomcat
[root@s01 bin]# chmod +x /etc/init.d/tomcat
[root@s01 bin]# chkconfig --add tomcat
ERROR:service tomcat does not support chkconfig
解决方法:vim /etc/init.d/tomcat
=============================
#!/bin/sh
#chkconfig:2345 64 27 --添加两行
#description:tomcat server init script
=============================
再次添加:chkconfig --add tomcat
5)tomcat配置用户管理
[root@s01 conf]# pwd
/usr/local/tomcat/conf
[root@s01 conf]# ls
Catalina catalina.properties logging.properties tomcat-users.xml
catalina.policy context.xml server.xml web.xml
[root@s01 conf]# vim tomcat-users.xml
=====================================
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="tomcat" password="tomcat" roles="admin-gui,manager-gui"/>
==========================================
/etc/init.d/tomcat start/stop
9.nginx负载均衡(202正常状态码)
1)常用命令
##查看编译参数
/usr/local/nginx/sbin/nginx -V
##查看版本
/usr/local/nginx/sbin/nginx -v
2)下载查看端口工具
yum install lsof.x86_64
lsof -i:8010
3)配置文件
mkdir -p /usr/local/nginx/conf/virtual
vim /usr/local/nginx/conf/nginx.conf
===================================
user apache apache;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
include virtual/www.ssr.com.conf;
}
===================================================
vim /usr/local/nginx/conf/virtual/www.ssr.com.conf
====================================================
upstream www_ssr_com {
server 10.10.54.54:10080 max_fails=3 weight=1 fail_timeout=60s;
server 10.10.54.59:8090 max_fails=3 weight=2 fail_timeout=60s;
}
server {
listen 80;
server_name www.ssr.com;
charset utf-8;
access_log logs/www.access.log main;
index index.html;
location /upload {
autoindex on;
}
location /download {
rewrite ^/download$ /upload last;
}
location / {
proxy_pass http://www_ssr_com;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
__________________________________________________________________________
2014-03-11
1.优化linux内核参数
vim /etc/sysctl.conf
vim /etc/security/limits.conf
awstat分析日志
2.修改版本号
##方法1
vim /usr/local/nginx/conf/nginx.conf
===============================
添加server_tokens=off
==============================
##方法2
vim /softs/lnmp/nginx-1.4.5/src/core/nginx.h
============================================
#define NGINX_VERSION "14"
#define NGINX_VER "apache/" NGINX_VERSION
=============================================
3.取消debug模式
[root@s01 nginx-1.4.6]# pwd
/softs/lnmp/nginx-1.4.6
[root@s01 nginx-1.4.6]# vim auto/cc/gcc
========================
# debug
#CFLAGS="$CFLAGS -g"
========================
4.取消IP地址访问
==================
server {
server_name _;
return 404;
}
==================
5.nginx升级
1).查看编译参数
./nginx -V
2).备份nginx
[root@s01 local]# mv nginx/ nginx_old
[root@s01 local]# ps -ef|grep nginx
root 9816 1 0 08:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
apache 9825 9816 0 08:37 ? 00:00:00 nginx: worker process
apache 9826 9816 0 08:37 ? 00:00:00 nginx: worker process
root 9981 1036 0 10:13 pts/1 00:00:00 grep nginx
3).重新编译
4).还原配置文件和日志
5).验证配置文件
/usr/local/nginx/sbin/nginx -t
6.切换nginx
———————————————————————————————————————————————————————————
2014-03-13
linux virtual server(lvs)----章文嵩开发
MFS ----分布式文件系统
1.LVS集群采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。
2.三个主要组成部分:
负载调度器(load balancer),它是整个集群对外面的前端机,负责将客户的请求发送到一组服务器上执行,而客户认为服务是来自一个IP地址上的。它可以是用IP负载均衡技术的负载调度器,也可以是基于内容请求分发的负载调度器,还可以是两者的结合。
服务器池(server pool),是一组真正执行客户请求的服务器,执行的服务有WEB、MAIL、FTP和DNS等。
后端存储(backend storage),它为服务器池提供一个共享的存储区,这样很容易使得服务器池拥有相同的内容,提供相同的服务。
3.负载均衡方式:
1)NAT:需要修改/etc/sysctl.conf的forward,不需要启动realserver脚本
2)TUN:返回给用户的IP为VIP,需要启动realserver脚本
3)DR:返回给用户的IP为VIP,需要启动realserver脚本,无隧道开销
理论上性能:DR>TUN>NAT
4.负载调度算法
1)轮叫调度(Round-Robin):以轮叫的方式依次将请求调度不同的服务器,即每次调度执行i = (i + 1) mod n,并选出第i台服务器。算法的优点是其简洁性,它无需记录当前所有连接的状态,所以它是一种无状态调度。
##平均对待每一台real server,而不管服务器上的实际负载均衡状况和连接状态。
2)加权轮叫调度(Weighted Round-Robin)
##根据real server的不同处理能力来调度请求,可以对每台real server 设置不同的调度权值
3)最小连接调度(Least-Connection):把新的连接请求分配到当前连接数最小的服务器。最小连接调度是一种动态调度算法,它通过服 务器当前所活跃的连接数来估计服务器的负载情况。调度器需要记录各个服务器已建立连接的数目,当一个请求被调度到某台服务器,其连接数加1;当连接中止或 超时,其连接数减一。
##动态地将网路请求调度到已建立的连接数最少的服务器上。如果集群系统的real server具有相近的性能,可以较好的均衡负载。
4)加权最小连接调度(Weighted Least-Connection):最小连接调度的超集,各个服务器用相应的权值表示其处理性能。服务器的缺省权值为1,系统管理员可以动态地设置服务 器的权值。加权最小连接调度在调度新连接时尽可能使服务器的已建立连接数和其权值成比例。
##每个服务器节点可以用相应的权值来表示处理能力,而系统管理源可以动态的设置相应的权值,默认值为1.加权最小连接调度在分配新连接请求时尽可能使服务节点的已建立连接数和其权值成正比。
5)基于局部性的最少链接(Locality-Based Least Connections):针对请求报文的目标IP地址的负载均衡调度,目前主要用于Cache集群系统,因为在Cache集群中客户请求报文的目标IP 地址是变化的。这里假设任何后端服务器都可以处理任一请求,算法的设计目标是在服务器的负载基本平衡情况下,将相同目标IP地址的请求调度到同一台服务 器,来提高各台服务器的访问局部性和主存Cache命中率,从而整个集群系统的处理能力。
6)带复制的基于局部性最少链接(Locality-Based Least Connections with Replication):也是针对目标IP地址的负载均衡,目前主要用于Cache集群系统。它与LBLC算法的不同之处是它要维护从一个目标IP地址 到一组服务器的映射,而LBLC算法维护从一个目标IP地址到一台服务器的映射。
7)目标地址散列调度(Destination Hashing):针对目标IP地址的负载均衡,但它是一种静态映射算法,通过一个散列(Hash)函数将一个目标IP地址映射到一台服务器。
8)源地址散列调度(Source Hashing):正好与目标地址散列调度算法相反,它根据请求的源IP地址,作为散列键(Hash Key)从静态分配的散列表找出对应的服务器,若该服务器是可用的且未超载,将请求发送到该服务器,否则返回空。它采用的散列函数与目标地址散列调度算法 的相同。
9)最短预期延时调度(Shortest Expected Delay)
10)不排队调度(Never Queue Scheduling)
5.下载软件
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
6.编译ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安装依赖包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要额外新加张盘
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##记得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
7.确认lvs模块
[root@tech2 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
8.编译keepalive安装
1)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
2)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
3)编译
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安装
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
4)修改配置文件路径
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
5)查看配置文件目录
[root@CentOS001 keepalived]# pwd
/etc/keepalived
[root@CentOS001 keepalived]# ls --keepalived软件不对keepalived语法进行检查,在编译前需要备份
keepalived.conf samples
6)配置文件组成
global_defs
vrrp_instance
virtual_server
##################案例1:LVS的DR模式 ######################
1.网络架构
hostname:CentOS001
DIRECT SERVER:10.10.54.54
vip:10.10.54.53
real server:10.10.54.56(80/3306)
real server:10.10.54.58(80/3306)
2.配置两台real server
//在real server(56,58)上启动
[root@xiao56 ~]# cat /etc/init.d/realserver
============================================
#!/bin/bash
#description:start realserver
#script_name:realserver_config
VIP=10.10.54.53
source /etc/init.d/functions
case "$1" in
start)
echo "start LVS of realserver."
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
=================================================
[root@xiao56 ~]# chmod +x /etc/init.d/realserver
[root@xiao56 ~]# /etc/init.d/realserver start
########
arp_ignore:
0---为默认值,回应任何网络接口上对任何本地IP地址的ARP查询请求
1---只回答目标IP地址是来访问网路接口本地地址的ARP查询请求
arp_announce:对网路接口上,本地IP地址发出的ARP请求,作出相应级别的限制:确定不同程度的限制,宣布对来自本地源IP地址发出ARP请求的接口。
0---为默认值,在任意网络接口上的任何本地地址。
2---对查询目标使用最适当的本地地址。
3.配置direct server(54)
//在direct server上编译ipvsadm,keepalived软件包
##下载
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
##编译ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安装依赖包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要额外新加张盘
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##记得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
3)确认lvs模块
[root@tech2 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
4)编译keepalive安装
1)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
2)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
5)编译
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安装
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
6)修改配置文件路径
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
7)备份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
8)创建VIP
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
===========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
==========================
[root@CentOS001 ~]# /etc/init.d/network restart
9)配置配置文件
[root@CentOS001 keepalived]# cat keepalived.conf
============================================
! Configuration File for keepalived
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server mail.ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER1 ---表示运行keepalived服务器的一个标识,发邮件时显示在邮件主题中的信息
}
vrrp_instance VI_2 { --vrrp实例
state MASTER --主用MASTER标识,从用BACKUP标识
interface eth0
virtual_router_id 51 --虚拟路由标识,是一个数字,同一个VRRP实例使用唯一的标识
---即同一个vrrp_instance下,MASTER和BACKUP必须一致
priority 100 --优先级,从的优先级要低于主的,用于主从模式,BACKUP的要低于100
advert_int 1 --master和backup检查的时间间隔
authentication {
auth_type PASS --认证的类型:PASS和AH
auth_pass 1111
}
virtual_ipaddress { --虚拟IP,通信中会转移,不发送ARP广播
10.10.54.53/24 dev eth0 label eth0:1 --对外提供服务的IP
}
}
virtual_server 10.10.54.53 80 {
delay_loop 6 --设置运行情况检查时间,单位为S
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50 --会话保持时间,单位为S,同一台机器只能开启一个,否则用telnet测试会显示不完全
protocol TCP
##HTTP balance
real_server 10.10.54.56 80 {
weight 1 --权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3 --失败重试的次数
delay_before_retry 3 --重试的时间间隔,,单位为S
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.10.54.53 3306 {
delay_loop 6 --设置运行情况检查时间,单位为S
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50 --会话保持时间,单位为S
protocol TCP
##mysql balance
real_server 10.10.54.56 3306 {
weight 1 --权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3 --失败重试的次数
delay_before_retry 3 --重试的时间间隔,,单位为S
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
================================================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
注:一个virtual_server内的端口号必须一致,否则会出现连接不上。
4.测试
telnet 10.10.54.53 80/3306
解析:退出重新连接会漂移到另一台realserver上,测试mysql时要启动服务,并授予权限。
##查看连接数
[root@CentOS001 keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 1 1
-> 10.10.54.58:3306 Route 1 0 3
扩展:
NGINX-->七层
LVS是四层负载均衡
按照OSI模型,IP协议映射到3层网络层协议,TCP和UDP协议映射到4层传输层协议。
要实现一套负载均衡系统,必须基于OSI模型4层以上。以一个例子来做说明原因:假设我们要设计一套支持HTTP,以轮询为分发策略的负载均衡系 统,后端有两台Real Server。如果我们的负载均衡系统是基于3层(网络层),要发起HTTP请求,首先需要进行TCP三次握手以建立可靠的传输连接。三次握手会发出若干 个数据包,由于基于3层的负载均衡器没有能力知道这些数据包是为了建立连接,只能将数据包以轮询的方式,分别发送到Real Server A和Real Server B。这样TCP的三次握手根本就无法成功。
负载均衡系统必须建立在面对网络连接的基础上,而不是面对数据包的基础上。这套系统需要能够理解传输层网络连接,保证一次连接之内的所有数据包都转发到同一后端真实服务器上去。OSI模型4层(传输层)才能提供可靠的数据传输服务,因此它必须基于OSI模型4层之上。
##################案例二:LVS(MASTER-BACKUP-DR)###################
1.网络架构
hostname:CentOS001
DIRECT SERVER:10.10.54.54
vip:10.10.54.53
hostname:xiao59
DIRECT BACKUP:10.10.54.59
vip:10.10.54.53
real server:10.10.54.56(80,3306)
real server:10.10.54.58(80,3306)
2.创建VIP
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
=========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=============================
[root@CentOS001 ~]# /etc/init.d/network restart
3.配置两台real server
//在real server(56,58)上启动
[root@xiao56 ~]# vim /etc/init.d/realserver
============================================
#!/bin/bash
#description:start realserver
#script_name:realserver_config
VIP=10.10.54.53
source /etc/init.d/functions
case "$1" in
start)
echo "start LVS of realserver."
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
=================================================
[root@xiao56 ~]# chmod +x /etc/init.d/realserver
[root@xiao56 ~]# /etc/init.d/realserver start
########
arp_ignore:
0---为默认值,回应任何网络接口上对任何本地IP地址的ARP查询请求
1---只回答目标IP地址是来访问网路接口本地地址的ARP查询请求
arp_announce:对网路接口上,本地IP地址发出的ARP请求,作出相应级别的限制:确定不同程度的限制,宣布对来自本地源IP地址发出ARP请求的接口。
0---为默认值,在任意网络接口上的任何本地地址。
2---对查询目标使用最适当的本地地址。
4.在MASTER DIRECTOR SERVER上编译ipvsadm,keepalived
##下载
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
##编译ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安装依赖包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要额外新加张盘
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##记得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
3)确认lvs模块
[root@CentOS001 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
4)编译keepalive安装
aa)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
bb)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
5)编译
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安装依赖软件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
6)修改配置文件路径
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
7)备份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
5.在BACKUP DIRECTOR SERVER上编译ipvsadm,keepalived
//编译ipvsadm
1)解压
[root@xiao59 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@xiao59 softs]# cd ipvsadm-1.26
2)安装依赖包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
3)重新配置yum源
popt-static.x86_64需要额外新加张盘
[root@xiao59 ~]# vim /etc/yum.repos.d/centos.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##记得yum clean all
重新安装软件
4)[root@xiao59 ipvsadm-1.26]# make && make install
//编译keepalived
1)解压
[root@xiao59 softs]# tar xvf keepalived-1.2.9.tar.gz
[root@xiao59 softs]# cd keepalived-1.2.9
2)安装依赖软件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
3)编译
aa)[root@xiao59 keepalived-1.2.9]# ./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
bb)[root@xiao59 keepalived-1.2.9]# make && make install
4)修改配置文件路径
[root@xiao59 ~]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@xiao59 ~]# cp /usr/local/keepalived/bin/genhash /bin/
5)备份配置文件
[root@xiao59 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
6.配置MASTER DIRECTOR SERVER并测试通过
[root@CentOS001 ~]# vim /etc/keepalived/keepalived.conf
=====================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
}
##http balance
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0 --注释掉方便测试
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##mysql balance
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
===========================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
##测试
telnet 10.10.54.53 80/3306
##查看连接数
[root@CentOS001 keepalived]# ipvsadm -ln
7.复制MASTER DIRECTOR SERVER配置文件到BACKUP DIRECTOR SERVER
1)传送文件
[root@CentOS001 ~]# scp /etc/keepalived/keepalived.conf root@10.10.54.59:/etc/keepalived/keepalived.conf
2)修改配置文件
[root@xiao59 ~]# vim /etc/keepalived/keepalived.conf
=============================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_SLAVE --修改为SLAVE
}
vrrp_instance VI_1 {
state BACKUP ---主用MASTER标识,从用BACKUP标识
interface eth0
virtual_router_id 51
priority 80 ------用于主从模式,BACKUP需小于100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
}
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
====================================
[root@xiao59 ~]# /etc/init.d/keepalived restart
6.测试LVS高可用
(1)停止MASTER
[root@CentOS001 ~]# /etc/init.d/keepalived stop
//UBUNTU上
telnet 10.10.54.53 3306
在BACKUP上面查看54.53(vip)是否漂移过来
[root@xiao59 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 0
-> 10.10.54.58:3306 Route 1 1 0
(2)开启MASTER
[root@CentOS001 ~]# /etc/init.d/keepalived restart
//UBUNTU上
telnet 10.10.54.53 3306
在MASTER上查看54.53(vip)是否漂移过来
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 0
-> 10.10.54.58:3306 Route 1 1 0
在BACKUP上查看是否还存在54.53(vip)
[root@xiao59 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 1
-> 10.10.54.58:3306 Route 1 0 0
注:ipvsadm -ln也可用ip add list代替
###################案例3:LVS(MASTER---NAT)#####################
1.网络架构
##以下配置在同一台机器上,gateway:10.10.54.254
hostname:CentOS001
DIRECT SERVER:
10.10.54.54(eth0)
vip1:10.10.54.53(eth0:1)
192.168.1.54(eth1)
vip2:192.168.1.53(eth1:1)
##以下不同的realserver的gateway:192.168.1.53
real server:192.168.1.56(80,3306) ----eth0
real server:192.168.1.58(3306,80) ----eth0
2.开启内核转发
[root@CentOS001 ~]# vim /etc/sysctl.conf
=============================
net.ipv4.ip_forward = 1
============================
3.搭建网络
1)创建VIP1
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
=========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=============================
2)创建网卡eht1
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
=================================
DEVICE=eth1
ONBOOT=no
BOOTPROTO=static
IPADDR=192.168.1.54
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
================================
3)创建VIP2
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1:1
===================================
DEVICE=eth1:1
ONBOOT=no
BOOTPROTO=static
IPADDR=192.168.1.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=====================================
[root@CentOS001 ~]# /etc/init.d/network restart
[root@CentOS001 ~]# ifup eth1
4.在MASTER(54.54)上安装ipvsadm,keepalived
//编译ipvsadm
1)解压
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
2)安装依赖包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
3)重新配置yum源
popt-static.x86_64需要额外新加张盘
[root@CentOS001 ~]# vim /etc/yum.repos.d/centos.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##记得yum clean all
重新安装软件
4)[root@CentOS001 ipvsadm-1.26]# make && make install
//编译keepalived
1)解压
[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
[root@CentOS001 softs]# cd keepalived-1.2.9
2)安装依赖软件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
3)编译
aa)[root@CentOS001 keepalived-1.2.9]# ./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
bb)[root@CentOS001 keepalived-1.2.9]# make && make install
4)修改配置文件路径
[root@CentOS001 ~]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 ~]# cp /usr/local/keepalived/bin/genhash /bin/
5)备份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
5.在MASTER上修改keepalived.conf文件
[root@CentOS001 ~]# vim /etc/keepalived/keepalived.conf
================================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
virtual_ipaddress {
192.168.1.53/24 dev eth1 label eht1:1
}
}
##http balance
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind NAT --注意修改模式
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.1.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##mysql balance
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind NAT --注意修改模式
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.1.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.1.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
====================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
6.测试(退出重新连接,会漂移到不同的real server上)
1)UBUNTU:telnet 10.10.54.53 80
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 1 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.58:3306 Masq 1 0 0
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 1 0
-> 192.168.1.58:80 Masq 1 0 1
TCP 10.10.54.53:3306 rr
-> 192.168.1.58:3306 Masq 1 0 0
2)UBUNTU:telnet 10.10.54.53 3306(需要real server启动mysql)
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 0 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.56:3306 Masq 1 0 0
-> 192.168.1.58:3306 Masq 1 1 0
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 0 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.56:3306 Masq 1 1 0
-> 192.168.1.58:3306 Masq 1 0 1