一、安裝lamp
1、安裝httpd(172.16.23.211)
[root@cs1 ~]# yum install -y httpd
2、安裝php(172.16.23.211)
[root@cs1 ~]# yum install -y php
3、安裝php-mysql(172.16.23.211)
[root@cs1 ~]# yum install -y php-mysql
4、安裝mariadb(172.16.23.211 CentOS7)
[root@cs1 ~]# yum install -y mariadb-server
5、配置MPM模型
這裏我啓用的是event模型
[root@cs1 ~]# cd /etc/httpd/conf.modules.d/ [root@cs1 conf.modules.d]# vim 00-mpm.conf #註釋掉prefork,開起event #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule mpm_event_module modules/mod_mpm_event.so
MPM:多路處理模塊
prefork:是多進程模型,每個進程響應一個請求;
worker:是多進程多線程模型,一個主進程生成多個子進程,每個子進程負責生個多個線程,每個線程響應一個請求;
event:事件驅動模型,每個線程響應n個請求;
6、配置fast-cgi模塊
查看模塊是否存在,注意我安裝的是httpd2.4
[root@cs1 conf.modules.d]# vim /etc/httpd/conf.modules.d/00-proxy.conf LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
查看模塊是否加載
[root@cs1 conf]# vim /etc/httpd/conf/httpd.conf Include conf.modules.d/*.conf
7、修改httpd配置文件
[root@cs1 conf]# vim /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd" #服務器根目錄位置配置文件中沒有使用絕對路徑的地方,都認爲是在該目錄下
Listen 80 #監聽在80端口
Include conf.modules.d/*.conf #加載/etc/httd/conf.modules.d/下的.conf文件,所有的模塊都在其中
User apache #訪問httpd是進程使用的用戶和組
Group apache
ServerAdmin root@localhost #管理員郵箱
ServerName cs1.xinfeng.com:80 #主機名
<Directory /> #限制用戶的目錄訪問權限
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html" #url對應的根目錄,這裏cs1.xinfeng.com對應的就是這個目錄
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted #all granted表示可無條件訪問該目錄
</Directory>
<Directory "/var/www/html"> #用於設定在該目錄中哪些特性可用。默認這裏有個Indexes選項,作用是當瀏覽器訪問該目錄如果該目錄下沒有默認網頁(如index.html),那麼此時就會返回該目錄下的文件名列表,所以建議取消掉
Options none
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module> #對指定的模塊進行處理,
DirectoryIndex index.php index.html
</IfModule>
<Files ".ht*"> #任意目錄下,文件名符合.ht*的文件都會被禁止訪問。
Require all denied
</Files>
ErrorLog "logs/error_log" #錯誤日誌所在位置/etc/httpd/logs/error_log
LogLevel warn #錯誤日誌級別
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined #訪問日誌的格式和紀錄位置
</IfModule>
<IfModule alias_module> #ScriptAlias會將URL路徑映射到指定目錄,並且讓該目錄具有CGI腳本執行權限(因此CGI腳本都可放置在該目錄下)。
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin"> #用於設定在該目錄中哪些特性可用
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module> #關於mime模塊的設置
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php #讓apache能識別php格式的頁面
AddType application/x-httpd-php-source .phps
</IfModule>
AddDefaultCharset UTF-8 #支持的編碼格式爲UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on #允許Apache使用系統核心支持的sendfile來傳送文件給客戶端
ProxyRequests Off #關閉正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1 #把以.php結尾的文件請求發送到php-fpm進程
IncludeOptional conf.d/*.conf #在/etc/httpd/conf.d目錄下以.conf結尾的配置文件也會被讀取
[root@cs1 ~]# httpd -t #檢查語法
[root@cs1 conf.modules.d]# vim /var/www/html/index.php #創建一個php文件
<?php
phpinfo();
?>
[root@cs1 conf.modules.d]# systemctl start httpd8、安裝配置php-fpm
[root@cs1 ~]# yum install php-fpm -y [root@cs1 ~]# vim /etc/php-fpm.d/www.conf listen = 127.0.0.1:9000 #確保監聽在9000端口 listen.allowed_clients = 127.0.0.1 [root@cs1 ~]# systemctl start php-fpm [root@cs1 conf.modules.d]# getenforce #確保selinux關閉 Disabled [root@cs1 conf.modules.d]# iptables -F #清空防火牆規則 [root@cs1 conf.modules.d]# iptables -L
9、安裝配置phpMyAdmin
[root@cs1 ~]# yum install -y phpMyAdmin [root@cs1 ~]# yum install php-mbstring -y [root@cs1 libraries]# vim /usr/share/phpMyAdmin/libraries/config.default.php #編輯配置文件 $cfg['PmaAbsoluteUri'] = 'http://172.16.23.211/phpMyAdmin/'; #這裏要填入phpMyAdmin所在的路徑,這裏也可以寫成'http://cs1.xinfeng.com/phpMyAdmin/' [root@cs1 html]# vim /etc/httpd/conf.d/phpMyAdmin.conf #修改一下幾行 <Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> # Require ip 127.0.0.1 # Require ip ::1 Require all granted <Directory /usr/share/phpMyAdmin/setup/> <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> # Require ip 127.0.0.1 # Require ip ::1 Require all granted [root@cs1 ~]# vim /etc/phpMyAdmin/config.inc.php $cfg['blowfish_secret'] = '1342758687478692'; #這裏必須要給一個隨機數 [root@cs1 html]# ln -s /usr/share/phpMyAdmin /var/www/html/ #這是將phpMyAdmin鏈接至httpd的根目錄 [root@cs1 ~]# systemctl restart php-fpm [root@cs1 ~]# systemctl restart httpd
進入http://172.16.23.211/phpMyAdmin/ 測試能不能打開
進入http://172.16.23.211/index.php 測試能不能打開
10、配置mysql
[root@cs1 ~]# systemctl start mariadb [root@cs1 ~]# mysql MariaDB [(none)]> create database php; 創建一個叫php的數據庫 Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | php | | test | +--------------------+ MariaDB [(none)]> grant all privileges on php.* to xxoo@'%' identified by '123'; #創建一個xxoo用戶密碼爲123,授權給php庫,授權範圍爲全網 Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> grant all privileges on php.* to xxoo@localhost identified by '123'; #授權範圍本地 Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; #刷新權限 Query OK, 0 rows affected (0.00 sec)
11、重啓httpd,php-fpm,mariadb進入phpMyadmin測試
[root@cs1 ~]# service php-fpm restart [root@cs1 ~]# service httpd restart [root@cs1 ~]# service mariadb restart
二、基於lamp安裝wordpress
1、安裝httpd(172.16.23.213)
[root@cs2 ~]# yum install httpd -y
2、安裝php(172.16.23.213)
[root@cs2 ~]# yum install php -y
3、安裝php-mysql(172.16.23.213)
[root@cs1 ~]# yum install -y php-mysql
4、安裝mariadb(172.16.23.213 CentOS7)
[root@cs1 ~]# yum install -y mariadb-server
5、安裝php-fpm
[root@cs1 ~]# yum install php-fpm -y
6、安裝phpMyAdmin
[root@cs1 ~]# yum install -y phpMyAdmin [root@cs1 ~]# yum install php-mbstring -y
7、配置和上面的lamp相同,不創建index.php
8、下載安裝配置wordpress
[root@cs2 ~]# wget
[root@cs2 ~]# tar xvf latest.tar.gz
[root@cs2 ~]# ls
anaconda-ks.cfg latest.tar.gz wordpress
[root@cs2 ~]# chown root:root /root/wordpress #改權限
[root@cs2 ~]# chown root:root /root/wordpress/*
[root@cs2 html]# cp -a /root/wordpress/* /var/www/html/ #將所有文件都複製到documentroot下
[root@cs2 html]# vim wp-config-sample.php #修改配置文件
#我直接使用了php數據庫,你也可以根據需要自己創建
define('DB_NAME', 'php');
#數據庫用戶名xxoo
define('DB_USER', 'xxoo');
#數據庫密碼123
define('DB_PASSWORD', '123');
#數據庫位置,這裏我安裝的是本地,也可以指向其他有數據庫的地址
define('DB_HOST', '127.0.0.1');
[root@cs2 html]# cp wp-config-sample.php wp-config.php
[root@cs2 html]# service httpd restart
[root@cs2 html]# service php-fpm restart9、安裝wordpress
在phpmyadmin中給wordpress創建一個數據庫,這裏我創建的數據庫是之前在mysql中創建的php,並且授權給了用戶xxoo的
三、基於lamp安裝DiscuzX
1、安裝httpd(172.16.23.215)
[root@cs2 ~]# yum install httpd -y
2、安裝php(172.16.23.215)
[root@cs2 ~]# yum install php -y
3、安裝php-mysql(172.16.23.215)
[root@cs1 ~]# yum install -y php-mysql
4、安裝mariadb(172.16.23.215 CentOS7)
[root@cs1 ~]# yum install -y mariadb-server
5、安裝php-fpm
[root@cs1 ~]# yum install php-fpm -y
6、安裝phpMyAdmin
[root@cs1 ~]# yum install -y phpMyAdmin [root@cs1 ~]# yum install php-mbstring -y
7、配置方法和lamp一樣,不創建index.php
8、下載解壓配置DiscuzX
[root@cs3 ~]# wget [root@cs3 ~]# ls anaconda-ks.cfg Discuz_X3.2_SC_UTF8.zip [root@cs3 ~]# mkdir Discuz [root@cs3 ~]# unzip -d /root/Discuz/ Discuz_X3.2_SC_UTF8.zip [root@cs3 ~]# cp -a /root/Discuz/* /var/www/html/ [root@cs3 html]# chmod -R 777 /var/www/html/upload/*
9、進入首頁進行配置,注意url
這裏因爲後續我要用lvs做負載均衡,所以需要把documentroot改一下
[root@cs3 html]# vim /etc/httpd/conf/httpd.conf DocumentRoot "/var/www/html/upload" <Directory "/var/www/html/upload"> ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/upload/$1 [root@cs3 html]# httpd -t Syntax OK [root@cs3 html]# rm phpmyadmin [root@cs3 html]# ln -s /usr/share/phpMyAdmin/ /var/www/html/upload/phpmyadmin [root@cs3 html]# service httpd restart [root@cs3 html]# service php-fpm restart [root@cs3 html]# service mariadb restart
改了之後的效果
四、keepalive實現lvs-dr
1、配置phpinfp(192.168.1.107)
#讓服務器忽略來自客戶端計算機的ARP廣播請求,防止服務器回答來自客戶端查找VIP的ARP廣播 #接口可根據實際情況來定義,我這裏用的本地迴環接口 [root@cs1 ~]# vim set.sh #!/bin/bash case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; stop) echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce ;; esac [root@cs1 ~]# bash set.sh start #將腳本傳給另外wordpress和Discuz [root@cs1 ~]# scp set.sh 192.168.1.114:/root/ [root@cs1 ~]# scp set.sh 192.168.1.113:/root/ #修改lo接口的ip地址爲VIP [root@cs1 ~]# ifconfig lo:0 192.168.1.33/32 broadcast 192.168.1.33 up #添加路由規則 [root@cs1 ~]# route add -host 192.168.1.33 dev lo:0
2、配置wordpress(192.168.1.114)
[root@cs2 ~]# bash set.sh start #修改lo接口的ip地址爲VIP [root@cs2 ~]# ifconfig lo:0 192.168.1.33/32 broadcast 192.168.1.33 up #添加路由規則 [root@cs2 ~]# route add -host 192.168.1.33 dev lo:0
3、配置Discuz(192.168.1.113)
[root@cs3 ~]# bash set.sh start #修改lo接口的ip地址爲VIP [root@cs3 ~]# ifconfig lo:0 192.168.1.33/32 broadcast 192.168.1.33 up #添加路由規則 [root@cs3 ~]# route add -host 192.168.1.33 dev lo:0
4、配置director1(192.168.1.112)
#安裝ipvsadm工具
[root@lvs1 ~]# yum install -y ipvsadm
#安裝配置keepalived
[root@lvs1 ~]# yum install keepalived
[root@lvs1 ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #修改郵箱地址
}
notification_email_from admin@localhost
smtp_server 127.0.0.1 #修改smtp地址
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER #設爲主服務器
interface eth0 #端口爲et0
virtual_router_id 51 #虛擬路由id爲51
priority 100 #優先級爲100
advert_int 1
authentication {
auth_type PASS
auth_pass 68978103 #給以個隨機數
}
virtual_ipaddress {
192.168.1.33/32 #VIP地址
}
}
virtual_server 192.168.1.33 80 { #定義VIP
delay_loop 6
lb_algo rr #lvs算法爲rr
lb_kind DR #lvs模式爲DR
nat_mask 255.255.255.255 #子網掩碼
protocol TCP
real_server 192.168.1.107 80 { #phpinfo的地址
weight 1 #權重爲1
TCP_CHECK { #使用HTTP方式測試
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80 #檢測80端口
}
}
real_server 192.168.1.114 80 { #wordpress的地址
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.113 80 { #discuz的地址
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#將編輯好的keepalived.conf傳給lvs2(192.168.1.111)
[root@lvs1 ~]# scp /etc/keepalived/keepalived.conf 192.168.1.111:/etc/keepalived/
#啓動keepalived
[root@lvs1 ~]# service keepalived start5、配置director2(192.168.1.111)
#安裝keepalived
[root@lvs2 ~]# yum install keepalived
#編輯剛纔從director1傳來的配置文件中的2項即可
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #這裏改爲BACKUP
interface eth0
virtual_router_id 51
priority 99 #這裏將優先級改爲99
#啓動keepalived
[root@lvs2 ~]# service keepalived start6、使用tcpdump抓包查看
#使用tcpdump抓包查看是否成功 [root@lvs1 ~]# tcpdump -i eth0 -nn host 192.168.1.111 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:57:17.255964 ARP, Request who-has 192.168.1.111 tell 192.168.1.113, length 46 05:57:17.255975 ARP, Reply 192.168.1.111 is-at 00:0c:29:63:cc:d8, length 46 05:57:18.243218 IP 192.168.1.111.38941 > 192.168.1.113.80: Flags [S], seq 468244056, win 14600, options [mss 1460,sackOK,TS val 17008837 ecr 0,nop,wscale 5], length 0 05:57:18.243230 IP 192.168.1.113.80 > 192.168.1.111.38941: Flags [S.], seq 137965257, ack 468244057, win 28960, options [mss 1460,sackOK,TS val 45829659 ecr 17008837,nop,wscale 6], length 0 05:57:18.243417 IP 192.168.1.111.38941 > 192.168.1.113.80: Flags [.], ack 1, win 457, options [nop,nop,TS val 17008838 ecr 45829659], length 0 05:57:18.243503 IP 192.168.1.111.38941 > 192.168.1.113.80: Flags [R.], seq 1, ack 1, win 457, options [nop,nop,TS val 17008838 ecr 45829659], length 0 05:57:20.563328 IP 192.168.1.111.44763 > 192.168.1.107.80: Flags [S], seq 1861279836, win 14600, options [mss 1460,sackOK,TS val 17011157 ecr 0,nop,wscale 5], length 0 05:57:20.563338 IP 192.168.1.107.80 > 192.168.1.111.44763: Flags [S.], seq 1361632953, ack 1861279837, win 28960, options [mss 1460,sackOK,TS val 45255624 ecr 17011157,nop,wscale 6], length 0 05:57:20.563500 IP 192.168.1.111.44763 > 192.168.1.107.80: Flags [.], ack 1, win 457, options [nop,nop,TS val 17011158 ecr 45255624], length 0 05:57:20.563504 IP 192.168.1.111.44763 > 192.168.1.107.80: Flags [R.], seq 1, ack 1, win 457, options [nop,nop,TS val 17011158 ecr 45255624], length 0 05:57:20.917067 IP 192.168.1.111.57732 > 192.168.1.114.80: Flags [S], seq 950098347, win 14600, options [mss 1460,sackOK,TS val 17011511 ecr 0,nop,wscale 5], length 0 05:57:20.917506 IP 192.168.1.114.80 > 192.168.1.111.57732: Flags [S.], seq 145530752, ack 950098348, win 28960, options [mss 1460,sackOK,TS val 45926618 ecr 17011511,nop,wscale 6], length 0 05:57:20.918642 IP 192.168.1.111.57732 > 192.168.1.114.80: Flags [.], ack 1, win 457, options [nop,nop,TS val 17011512 ecr 45926618], length 0 05:57:20.918650 IP 192.168.1.111.57732 > 192.168.1.114.80: Flags [R.], seq 1, ack 1, win 457, options [nop,nop,TS val 17011513 ecr 45926618], length 0 #查看ip是否配置成功 [root@lvs1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:52:50:3e brd ff:ff:ff:ff:ff:ff inet 192.168.1.112/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.33/32 scope global eth0 inet6 fe80::20c:29ff:fe52:503e/64 scope link valid_lft forever preferred_lft forever #用ipvsadm查看規則是否添加成功 [root@lvs1 ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.1.33:80 rr -> 192.168.1.107:80 Route 1 0 0 -> 192.168.1.113:80 Route 1 0 0 -> 192.168.1.114:80 Route 1 0 0 #我停掉192.168.1.112這臺lvs1的keepalived服務實驗一下 [root@lvs1 ~]# service keepalived stop #進入192.168.1.111查看 [root@lvs2 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:63:cc:d8 brd ff:ff:ff:ff:ff:ff inet 192.168.1.111/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.33/32 scope global eth0 inet6 fe80::20c:29ff:fe63:ccd8/64 scope link valid_lft forever preferred_lft forever You have new mail in /var/spool/mail/root #可以看到地址成功切換出去了
7、分別停到phpinfo、wordpress、discuz的httpd服務測試一下
停掉192.168.1.107和192.168.1.113的httpd
停掉192.168.1.114和192.168.1.113的httpd
停掉192.168.1.107和192.168.1.114的httpd
測試成功
五、keepalive實現lvs-nat
1、配置phpinfo(172.16.23.211)
#配置網關 [root@cs1 ~]# route add default gw 172.16.23.10 [root@cs1 ~]# bash set.sh start
2、配置wordpress(172.16.23.213)
#配置網關 [root@cs2 ~]# route add default gw 172.16.23.10 [root@cs2 ~]# bash set.sh start
3、配置discuz(172.16.23.215)
#配置網關 [root@cs3 ~]# route add default gw 172.16.23.10 [root@cs3 ~]# bash set.sh start
4、配置director1(172.16.25.24)
#打開路由轉發
[root@lvs1 ~]# echo "1">/proc/sys/net/ipv4/ip_forward
[root@lvs1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@lvs1 ~]# sysctl -p
#開起第二個網卡
[root@lvs1 ~]#ifconfig eth1 up
#配置keepalived
[root@lvs1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from admin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
}
vrrp_sync_group VG_1 { #注意這裏將DIP的別名和VIP定義爲一個組,這樣才能使兩個地址同進退
group {
VI_1
VI_2
}
}
vrrp_instance VI_1 { #這裏定義VIP
state MASTER
interface eth1
virtual_router_id 53
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 68978103
}
virtual_ipaddress {
172.16.23.33
}
}
vrrp_instance VI_2 { #這裏定義DIP別名
state MASTER
interface eth0
virtual_router_id 63
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 68978103
}
virtual_ipaddress {
172.16.23.10
}
}
virtual_server 172.16.23.33 80 {
delay_loop 6
lb_algo wrr
lb_kind NAT
nat_mask 255.255.255.255
protocol TCP
real_server 172.16.23.211 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.23.213 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.23.215 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#啓動keepadlived
[root@lvs1 ~]# service keepalived start5、配置director2(172.16.25.83)
[root@lvs2 ~]# echo "1">/proc/sys/net/ipv4/ip_forward
[root@lvs2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@lvs2 ~]# sysctl -p
[root@lvs2 ~]#ifconfig eth2 up
[root@lvs2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from admin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_2
}
vrrp_sync_group VG_1 {
group {
VI_1
VI_2
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth2
virtual_router_id 53
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 68978103
}
virtual_ipaddress {
172.16.23.33
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 63
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 68978103
}
virtual_ipaddress {
172.16.23.10
}
}
virtual_server 172.16.23.33 80 {
delay_loop 6
lb_algo wrr
lb_kind NAT
nat_mask 255.255.255.255
protocol TCP
real_server 172.16.23.211 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.23.213 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 172.16.23.215 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
#啓動keepalived
[root@lvs2 ~]# service keepalived start6、查看是否配置成功
[root@lvs2 ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.23.33:80 wrr -> 172.16.23.211:80 Masq 1 0 0 -> 172.16.23.213:80 Masq 1 0 0 -> 172.16.23.215:80 Masq 1 0 0 [root@lvs1 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:52:50:3e brd ff:ff:ff:ff:ff:ff inet 172.16.25.24/16 brd 172.16.255.255 scope global eth0 inet 172.16.23.33/32 scope global eth0 inet6 fe80::20c:29ff:fe52:503e/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:52:50:48 brd ff:ff:ff:ff:ff:ff inet 172.16.23.10/32 scope global eth1 inet6 fe80::20c:29ff:fe52:5048/64 scope link valid_lft forever preferred_lft forever [root@lvs2 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:63:cc:d8 brd ff:ff:ff:ff:ff:ff inet 172.16.25.83/16 brd 172.16.255.255 scope global eth0 inet 172.16.23.33/32 scope global eth0 inet6 fe80::20c:29ff:fe63:ccd8/64 scope link valid_lft forever preferred_lft forever 3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:63:cc:e2 brd ff:ff:ff:ff:ff:ff inet 172.16.23.10/32 scope global eth2 inet6 fe80::20c:29ff:fe63:cce2/64 scope link valid_lft forever preferred_lft forever #可以看到已經可以自由轉換了
六、keepalive實現lvs-tun
lvs-tun特點:
不修改請求報文的ip首部,而是通過在原有的ip首部(cip<-->vip)之外,再封裝一個ip首部(dip<-->rip)
(1) RIP, DIP, VIP全得是公網地址
(2) RS的網關的不能指向DIP
(3) 請求報文必須經由director調度,但響應報文必須不能經由director
(4) 不支持端口映射
(5) RS的OS必須支持隧道功能
七、keepalive實現lvs-fullnat
lvs-fullnat特點:
director通過同時修改請求報文的目標地址和源地址進行轉發
(1) VIP是公網地址;RIP和DIP是私網地址,二者無須在同一網絡中
(2) RS接收到的請求報文的源地址爲DIP,因此要響應給DIP
(3) 請求報文和響應報文都必須經由Director
(4) 支持端口映射機制
(5) RS可以使用任意OS
八、lvs調度算法
lvs調度算法分爲兩類,一類爲靜態算法,一類爲動態算法。
靜態算法:根據算法本身進行調度
RR:輪詢
WRR:加權的輪詢
SH:實現session保持的機制;將來自於同一個IP的請求始終調度至同一RS
DH:將對同一個目標的請求始終發往同一個RS
動態算法:根據算法及各RS的當前負載狀態進行調度
LC:最少連接數,那臺連接數最少就調度哪臺
WLC:加權最少連接數
SED:最短期望延遲
NQ:SED算法的改進;
LBLC:動態的DH算法;
LBLCR:帶複製功能的LBLC算法;
九、tcpdump的使用
tcpdump是一款抓包工具,用來監聽指定網絡接口的數據包流向
直接使用tcpdump會監聽第一個網絡接口的數據流向
選項:
-nn:直接以IP和端口號顯示,而非主機名與服務名稱
-i :後面接要監聽的網絡端口,例如eth0,lo等
-w :將監聽的數據包結果儲存下來,後面文件名
-c :監聽的數據包數量,如果不接這個參數,tcpdump會持續不斷的監聽,直到輸入ctrl+c爲止
-A :數據包的內容以ASCII碼顯示,通常用來捉取網頁數據包
-e :用mac地址來顯示數據包
-q :僅列出較爲簡短的數據包結果,每一行的內容比較精簡
-X :可以列出十六進制以及ASCII碼的數據包內容,對於監聽數據包內容很有用
-r :將之前存好的數據包文件讀出來
關鍵字:
第一種是要監聽的目標類型的關鍵字,主要包括host,net,port,如果不指定默認是host
第二種是確定傳輸方向的關鍵字,主要包括src(來源),dst(目標)
第三種是協議的關鍵字,主要包括fddi,ip,arp,rarp,tcp,udp
其他重要的關鍵字:gateway, broadcast,less, greater,
三種邏輯運算:
非:可以用not也可以用 !
與:可以用and也可以用&&
或:用or
#tcpdump -i eth0 -nn host 192.168.1.111 分析之前使用的這個命令 監聽主機192.168.1.111的th0網卡所流過的所有數據包,顯示數據包的ip和端口