Lvs+keepalived+httpd+NFS搭建高可用
自己捯飭的模型圖
NAT模型圖
注意事項:RealServer需要把網關指向Director,並且Director要打開轉發功能命令如下:
echo "1" > /proc/sys/net/ipv4/ip_foreward
DR模型圖
注意事項:需要在RealServer配置如下信息:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0
Lvs DR 模型搭建,後端Apache使用共享NFS
環境:
搭建NFS共享存儲服務,ip
NIP:192.168.220.18
搭建Keepalived,ip
DIP1:192.168.220.28
DIP2:192.168.220.24
VIP:192.168.220.5
搭建RealServer,ip
RIP1:192.168.220.25
RIP2:192.168.220.26
Client Test Host
IP:192.168.11.30
ps:自己三層交換做Vlan
一、NFS搭建步驟
1、查看R1/R2用於跑httpd服務的User
[root@Real-Server-Two ~]# ps -ef |grep httpd | head -2 root 3318 1 0 14:44 ?00:00:01 /usr/sbin/httpd -DFOREGROUND apache 3319 3318 0 14:44 ?00:00:00 /usr/sbin/httpd -DFOREGROUND #發現apache [root@Real-Server-Two ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache) [root@Real-Serve-One ~]# id apache #查看apache的UID uid=48(apache) gid=48(apache) groups=48(apache)
2、在NFS-Server上面創建用於共享的文件,並且創建apapche用戶UID爲48
[root@NFS-Server ~]# clear[root@NFS-Server ~]# mkdir -p /data/site/ [root@NFS-Server ~]# useradd -M -r -s /sbin/nologin -u 48 apache [root@NFS-Server ~]# id apache uid=48(apache) gid=48(apache) groups=48(apache)
3、設定/data/site/www.sunshineboy.com用戶與用戶組
[root@NFS-Server ~]# chown apache.apache /data/site/ [root@NFS-Server ~]# ls -l /data/site/ total 0drwxr-xr-x 2 apache apache 39 Oct 24 12:22 www.sunshineboy.com
4、安裝nfs-utils組件,與啓動服務
yum install -y nfs-utlis [root@NFS-Server ~]# systemctl start rpcbind [root@NFS-Server ~]# systemctl start nfs.service [root@NFS-Server ~]# ps -ef | grep nfsroot 3400 2 0 11:30 ?00:00:00 [nfsd4] root 3401 2 0 11:30 ?00:00:00 [nfsd4_callbacks] root 3407 2 0 11:30 ?00:00:00 [nfsd] root 3408 2 0 11:30 ?00:00:00 [nfsd] root 3409 2 0 11:30 ?00:00:00 [nfsd] root 3410 2 0 11:30 ?00:00:00 [nfsd] root 3411 2 0 11:30 ?00:00:00 [nfsd] root 3412 2 0 11:30 ?00:00:00 [nfsd] root 3413 2 0 11:30 ?00:00:00 [nfsd] root 3414 2 0 11:30 ?00:00:00 [nfsd] root 3859 2471 0 15:48 pts/100:00:00 grep --color=auto nfs
5、NFS配置文件設定及exportfst
[root@NFS-Server ~]# cat /etc/exports/data/site/www.sunshineboy.com 192.168.220.0/24(rw,root_squash) [root@NFS-Server ~]# exportfs /data/site/www.sunshineboy.com 192.168.220.0/24
6、清空iptables及關閉SELinux
[root@NFS-Server ~]# iptables -F [root@NFS-Server ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@NFS-Server ~]# cat /etc/selinux/config | grep disabled # disabled - No SELinux policy is loaded.SELINUX=disabled [root@NFS-Server ~]# getenforce Disabled
二、Keepalived搭建步驟
1、安裝keepalived程序
[root@Director-One ~]# yum install -y keepalived #DIP1安裝 [root@Director-Two ~]# yum install -y keepalived #DIP2安裝
2、keepalived的D1/D2配置
Director1配置
[root@Director-One keepalived]# cat keepalived.conf #查看D1配置
!Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-One keepalived]# systemctl start keepalived #DIP1啓動服務
[root@Director-One keepalived]# ip add sh | grep "192.168.220." #查看,220.5地址有了
inet 192.168.220.24/27 brd 192.168.220.31 scope global dynamic eno16777728
inet 192.168.220.5/32 scope global eno16777728Director2配置
[root@Director-Two keepalived]# cat keepalived.conf #查D2看配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.220.5
}
}
virtual_server 192.168.220.5 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.220.25 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.220.26 80 {
weight 1
HTTP_GET {
url {
path /
status_cde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@Director-Two keepalived]# ip add sh | grep "192.168.220"
inet 192.168.220.28/27 brd 192.168.220.31 scope global dynamic eno167777283、安裝ipvsadm查看Lvs調度是否如我們所設定那樣
[root@Director-Two keepalived]# yum install ipvsadm -y #在D2安裝ipvsadm [root@Director-One keepalived]# yum install ipvsadm -y #在D1安航ipvsadm [root@Director-One keepalived]# ipvsadm -Ln #在D1查看Lvs規則 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0 [root@Director-Two keepalived]# ipvsadm -Ln #在D2查看Lvs規則 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.220.5:80 rr -> 192.168.220.25:80Route 1 0 0 -> 192.168.220.26:80Route 1 0 0
三、RealServer步驟搭建
1、編寫設定VIP及內核功能參數腳本
[root@Real-Server-Two ~]# vim skp.sh #在R2上編輯skp.sh腳本添加下面內容 [root@Real-Server-Two ~]# chmod +x skp.sh #賦予執行權限 [root@Real-Serve-One ~]# vim skp.sh #在R2上編輯skp.sh腳本添加下面內容 [root@Real-Serve-One ~]# chmod +x skp.sh #賦予執行權限 #!/bin/bash#vip=192.168.220.5case $1 instart) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 $vip netmask 255.255.255.255 broadcast $vip route add -host $vip dev lo:0;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig lo:0 del $vip ;; esac
2、在RealServer1/RealServer2Z執行該腳本
[root@Real-Serve-One ~]# sh skp.sh start #執行腳本 [root@Real-Serve-One ~]# ip add sh | grep "192.168.220" #查看是否成功 inet 192scope global lo:0inet 192.168.220.25/27 brd 192.168.220.31 scope global dynamic eno16777728 [root@Real-Server-Two ~]# sh skp.sh start #執行腳本 [root@Real-Server-Two ~]# ip add sh | grep "192.168.220." #查看是否成功inet 192.168.220.5/32 brd 192.168.220.5 scope global lo:0inet 192.168.220.26/27 brd 192.168.220.31 scope global dynamic eno16777728
測試:
[root@R2 ~]# ip add sh | grep "192.168.11." #查看IP地址是否是11.30 inet 192.168.11.17/32 brd 192.168.11.17 scope global lo:0inet 192.168.11.30/24 brd 192.168.11.255 scope global eno16780032 [root@R2 ~]# curl http://192.168.220.5 <h1>Test files 25.</h1> [root@R2 ~]# curl http://192.168.220.5 <h1>Test files 26.</h1> [root@R2 ~]# curl http://192.168.220.5 <h1>Test files 25.</h1> [root@R2 ~]# curl http://192.168.220.5 <h1>Test files 26.</h1> [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "One" #特意把hostname改爲不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Serve-One 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr>100 421770 421770 0 758k 0 --:--:-- --:--:-- --:--:-- 762k [root@R2 ~]# curl http://192.168.220.5/www.sunshineboy.com/index.php | grep "Two" #特意把hostname改爲不同 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Real-Server-Two 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td></tr>100 421790 421790 0 1084k 0 --:--:-- --:--:-- --:--:-- 1113k
測試靜態動態頁面分離
依然使用11.30 IP Client Test
nginx RealServer2配置
server {
listen 80;
server_name localhost;
location / {
root /var/www/html;
index index.html index.htm;
}
location ~ .*\.php$ {
proxy_pass http://192.168.220.25;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
- nginx RealServer1配置
-
server {
listen 80;
server_name www.855.com;
location / {
root /var/www/html;
index index.html index.htm;
}
location ~ .*\.php$ {
root /var/www/html/www.sunshineboy.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}訪問測試
[root@R2 conf]# curl http://192.168.220.25/index.php | grep -o "Two\|One" #訪問25,發現One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" #訪問192.168.220.5,也是One % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1328k 0 --:--:-- --:--:-- --:--:-- 1333k [root@R2 conf]# curl http://192.168.220.5/index.php | grep -o "Two\|One" % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 491620 491620 0 1091k 0 --:--:-- --:--:-- --:--:-- 1116k [root@R2 conf]# curl http://192.168.220.26/index.php | grep -o "Two\|One" #還是One,證明代理成功,動態靜態分開了 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0One 100 492440 492440 0 1297k 0 --:--:-- --:--:-- --:--:-- 1335k