LINUIX筆記
2014-03-03
//對等模式,域控
1.samba原理
基于UDP協議端口:137,138
基于tcp協議端口:139,445
2.samba安裝
[root@xiao59 ~]# yum install samba.x86_64 samba-client.x86_64 samba-common.x86_64
3.查看配置文件目錄
[root@s01 ~]# rpm -ql samba-common-3.6.9-151.el6.x86_64
/etc/samba
/etc/samba/lmhosts
/etc/samba/smb.conf ---配置文件
/etc/sysconfig/samba
/lib64/security/pam_smbpass.so
/usr/bin/net
/usr/bin/pdbedit
/usr/bin/profiles
/usr/bin/smbcontrol
/usr/bin/smbcquotas
/usr/bin/smbpasswd
/usr/bin/testparm
4.啟動服務
[root@s01 ~]# rpm -ql samba-3.6.9-151.el6.x86_64
/etc/logrotate.d/samba
/etc/openldap/schema
/etc/openldap/schema/samba.schema
/etc/pam.d/samba
/etc/rc.d/init.d/nmb
/etc/rc.d/init.d/smb
nmb:管理工作群組,netbios name等解析,利用UDP協議(137,138端口)來負責名稱解析的任務
smb:管理主機分享的目錄與打印機等,利用tcp來傳輸共享文件,利用端口tcp協議(139,445端口)
##自動啟動
[root@s01 ~]# chkconfig --level 3 smb on
[root@s01 ~]# chkconfig --level 3 nmb on
5.配置文件
##全局設置
[global]
security=share/user/server/domain
----------------------------------
share:不需要用戶名和密碼
user:需用戶名和密碼
server: 用戶名和密碼在指定的一臺samba上驗證,驗證錯誤,客戶端會用user級別訪問
domain:服務器加入window域環境,驗證工作由windows域控制器負責。
ads:使用ads安全級別加入到windows域環境中,包含有domain級別中的所有功能,并且可以具備域控制器的功能。
-----------------------------------
[share_config]---共享目錄設置
###配置文件
vim /etc/samba/smb.conf
======================================
[global]
##日志文件目錄
log file = /var/log/samba/log.%m
##max 50KB per log file, then rotate
//日志切割大小
max log size = 50
##安全級別share/user
security = user
config file ---定義子配置文件
hosts allow/hosts deny ---允許/拒絕某些主機訪問,寫在[global]里面對全局生效,
---寫在自定義共享目錄,只對單個目錄生效
=========================================
//自定義共享目錄
vim /etc/samba/smb.conf
==============================
##共享目錄名稱//101.10.54.59/public
[public]
##標識
comment = Public Stuff
##服務器端共享目錄的存儲路徑
path = /home/samba
##是否允許命名用戶訪問
public = yes
##是否具有寫入權限
writable = yes
##是否具有打印權限
printable = no
##指定那些用戶或者用戶組
write list = +staff
##共享目錄是否可見(no為隱藏,yes為可見)
browseable= no
##匿名用戶是否可以訪問
guest ok= yes
===============================
//配置文檔幫助
man smb.conf
6.案例一:匿名用戶登錄
vim /etc/samba/smb.conf
======================
[global]
security = share
[public]
comment = public03
path = /pub
public = yes
writable = yes
=======================
##重啟
/etc/init.d/smb restart
##測試
語法:smbclient -L ip_address [-U 用戶帳號]
smbclient -L ip_address:/目錄命令
smbclient -L 127.0.0.1
##訪問方式
\\10.10.54.226\public ---windows
smb://10.10.54.226/public ---linux
7.案例二:認證用戶登錄
##創建系統用戶
useradd wangxq -g public
##創建samba用戶
pdbedit -a -u wang
##修改samba用戶密碼
smbpasswd samba_username
##查看samba用戶:
pdbedit -L
##刪除samba用戶
pdbedit -x samba_username
##修改配置文件
vim /etc/samba/smb.conf
=======================
[global]
security = user
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
=======================
##測試:
smbclient -L //10.10.54.226/public -U wang
##查看samba進程連接
smbstatus [-pS] [-u username]
##測試配置文件
testparm /etc/samba/smb.conf
8.案例三:用戶帳號的映射
##帳號映射配置
vim /etc/samba/smbusers
=======================
wang = ccc ssr
=======================
##配置文件配置
vim /etc/samba/smb.conf
=======================
[global]
security = user
username map = /etc/samba/smbusers
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
==============================
9.案例四:客戶端訪問控制
hosts allow:只允許配置的IP地址/段可以訪問samba服務器端
hosts deny:只拒絕配置的IP地址/段可以訪問samba服務器端
##配置文件配置
vim /etc/samba/smb.conf
=======================
[global]
security = user
hosts allow = 10.10.54.130
[public]
comment = public03
path = /pub
writable = yes
browseable = yes
##允許banqk用戶,public組有寫入權限
write list = +banqk,@public
===============================
10.案例5:隱藏共享
需求:/security目錄值可以boss用戶瀏覽和登錄,/pub目錄只可以@yanfa,boss可以訪問和瀏覽
##需要針對boss用戶單獨創建一個配置文件 smb.conf.boss
cp /etc/samba/smb.conf /etc/samba/smb.conf.boss
##配置文件配置
vim /etc/samba/smb.conf
============================
[global]
security = user
config file = /etc/samba/smb.conf.%U
[tech]
comment = yanfa access
path = /tech
write list = @yanfa,boss
browseable = yes
=============================
vim /etc/samba/smb.conf.boss
=============================
[global]
security = user
[tech]
comment = yanfa access
path = /tech
write list = @yanfa,boss
browseable = yes
[sec]
comment = only boss access
path = /security
write list = boss
writeable = yes
browseable = yes
===============================
##測試
smbclient -L 10.10.54.226 -U boss ---boss用戶
smbclient -L 10.10.54.226 -U wenl ---研發組用戶
________________________________________________________
2014-03-04
NFS:network file system,可以通過網絡,讓不同的機器,不同的操作系統可以共享彼此的文件。
RPC:遠程過程調用
1.安裝nfs,rpc
##centos5.x中portmap就是指centos6.x中的rpcbind
yum install nfs-utils.x86_64 rpcbind.x86_64
2.啟動服務
/etc/init.d/nfs restart
##多人訪問時加鎖(可以不啟動)
/etc/init.d/nfslock restart
##查看日志文件
tail -f /var/log/messages
##查看端口
netstat -ntlp
netstat -nulp
netstat -ntulp |egrep '(nfs|rpc)'/netstat -ntlup |grep -E '(nfs|rpc)'
3.常用命令
##查看RPC注冊情況
rpcinfo -t|-u ip|hostname 程序名稱
-p:針對某個IP或者主機名顯示出所有端口和程序信息。
egg:rpcinfo -p localhost
-t/-u:針對某個主機的某個程序檢查其tcp/udp數據包所在的軟件版本。
##例子:
[root@s01 samba]# rpcinfo -t localhost mountd
program 100005 version 1 ready and waiting
program 100005 version 2 ready and waiting
program 100005 version 3 ready and waiting
[root@s01 samba]# /etc/init.d/rpcbind stop
Stopping rpcbind: [ OK ]
[root@s01 samba]# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
[root@s01 samba]# /etc/init.d/rpcbind stop
Stopping rpcbind: [ OK ]
[root@s01 samba]# rpcinfo -t localhost mountd
rpcinfo: RPC: Port mapper failure - Unable to receive: errno 111 (Connection refused)
program 100005 is not available
4.配置文件語法
vim /etc/exports
===========================
共享目錄 IP地址(段)|主機名(權限)
/tmp 10.10.54.0/24(rw)
===========================
##客戶端查看服務器端共享的目錄數據
[root@tech03 /]# showmount -e 10.10.54.226
Export list for 10.10.54.226:
/tmp 10.10.54.0
5.案例一:NFS基本搭建
1)網絡規劃:
服務器端:10.10.54.59
客戶端:10.10.54.58
2)在服務器端安裝軟件
yum install nfs-utils.x86_64 rpcbind.x86_64
3)配置配置文件
vim /etc/exports
======================
/tmp 10.10.54.0/24(rw)
/ha 10.10.54.58(ro)
=======================
##新建目錄
mkdir /tmp
mkdir /ha
##重啟服務
[root@xiao59 ~]# /etc/init.d/rpcbind restart
[root@xiao59 ~]# /etc/init.d/nfs restart
4)在客戶端安裝軟件
yum install nfs-utils.x86_64 rpcbind.x86_64
##新建目錄
mkdir /mnt/tmp
nkdir /mnt/ha
##啟動RPC服務
[root@xiao58 ~]# /etc/init.d/rpcbind restart
5)查看服務器端可共享的目錄
[root@xiao58 ~]# showmount -e 10.10.54.59
6)客戶端手工掛載
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/tmp /mnt/tmp/
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/ha /mnt/ha
7)測試
/tmp
---------------------------------------------------------
客戶端:
##切換目錄
cd /mnt/tmp
##新建文件
[root@xiao58 tmp]# touch zzz
##查看文件
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 09:28 zzz
服務器端:
[root@xiao59 tmp]# ll /tmp/
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 09:28 zzz
--------------------------------------------------------------
/ha
----------------------------------------------
客戶端:
##切換目錄
cd /mnt/ha
##新建文件
[root@xiao58 ha]# touch aaa
touch: cannot touch `aaa': Read-only file system
----------------------------------------------
6.案例二:創建映射用戶
1)服務器端創建用戶
useradd upload
##查看創建用戶
[root@xiao59 ~]# cat /etc/passwd|grep upload
upload:x:508:508::/home/upload:/bin/bash
##創建目錄
mkdir /home/upload
mkdir /tech
2)服務器端配置配置文件
vim /etc/export
=======================
/home/upload 10.10.54.0/24(rw,async,anonuid=508,anongid=508,all_squash)
/tech 10.10.54.0/24(rw,all_squash)
========================
##重啟服務
[root@xiao59 ~]# /etc/init.d/rpcbind restart
[root@xiao59 ~]# /etc/init.d/nfs restart
3)客戶端
##創建掛載目錄
mkdir -p /mnt/home/upload
mkdir /mnt/tech
##啟動RPC服務
[root@xiao58 ~]# /etc/init.d/rpcbind restart
4)查看服務器端可共享的目錄
[root@xiao58 ~]# showmount -e 10.10.54.59
5)客戶端手工掛載
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/tech /mnt/tech
[root@xiao58 ~]# mount -t nfs 10.10.54.59:/home/upload /mnt/home/upload/
6)測試
/tech
---------------------------------------------------------
客戶端:
##切換目錄
cd /mnt/tech/
##新建文件
[root@xiao58 tech]# touch wang
##error touch: cannot touch `wang': Permission denied
解決方法:服務器端[root@xiao59 ~]# chmod 757 /tech/
##查看文件
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 11:37 wang
服務器端:
[root@xiao59 ~]# ll /tech/
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 4 11:37 wang
--------------------------------------------------------------
/home/upload
----------------------------------------------
客戶端:
##切換目錄
cd /mnt/home/upload/
##新建文件
[root@xiao58 upload]# touch xiao
##查看文件
-rw-r--r-- 1 508 508 0 Mar 4 11:39 xiao --顯示映射為508
服務器端:
[root@xiao59 ~]# ll /home/upload/
-rw-r--r-- 1 upload upload 0 Mar 4 11:39 xiao
----------------------------------------------
7.案例三:NFS固定端口配置
vim /etc/sysconfig/nfs
===========================
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
# Port rquotad should listen on.
RQUOTAD_PORT=875
# Port rpc.statd should listen on.
STATD_PORT=662
===========================
____________________________________________________________________
2014-03-05
world wide web(www):apache,nginx,iis
1.apache安裝
[root@xiao59 ~]# yum install -y httpd.x86_64 httpd-devel.x86_64 httpd-tools.x86_64
##重啟
[root@xiao59 ~]# /etc/init.d/httpd restart
[root@xiao59 ~]# /etc/init.d/named restart
##測試配置文件
[root@s01 ~]# /etc/init.d/httpd configtest
httpd: Could not reliably determine the server's fully qualified domain name, using 10.10.54.226 for ServerName
Syntax OK
##查看配置文件
ll /etc/httpd
conf conf.d logs modules run
##配置文件目錄
/etc/httpd/conf | /etc/httpd/conf.d
##加載模塊的方式
LoadModule proxy_http_module modules/mod_proxy_http.so
##主配置文件
Section 1: Global Environment
Section 2: 'Main' server configuration
Section 3: Virtual Hosts
##配置文件講解
vim /etc/httpd/conf/httpd.conf
------------------------------------------------------------
ServerName www.nclub.com ---用于識別自己的主機名和端口
ServerAdmin root@localhost ---apache返回的錯誤信息中所包含的的管理員郵箱
ServerTokens OS ---默認參數為OS(顯示http版本號和系統類型),參數選項(prod/major/minor/min/os/full),返回apache產品名稱,主板本號,次版本號,操作系統,詳細信息
Listen 80 ---配置監聽端口
DocumentRoot "/var/www/html" ---網站內容根目錄
DirectoryIndex index.php index.htm index.html index.html.var ---默認首頁配置,添加其他類型首頁用空格分開
ServerRoot "/etc/httpd" ---用來設置apache配置文件,日志文件和apache模塊文件的存放目錄
CustomLog logs/access_log combined ---##訪問日志
ErrorLog logs/error_log ---錯誤日志
User apache ---默認用戶
Group apache ---默認用戶組
##主要的虛擬主機參數
NameVirtualHost *:80 --基于域名的虛擬主機,需要開啟此參數
<VirtualHost ip/domain:port>
DocumentRoot /var/www/html
ServerName www.nclub.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log
</VirtualHost>
---------------------------------------------------------------
2.案例一:搭建一個簡單web服務器
3.案例二:基于IP的虛擬主機(必須多個IP)
1)添加IP(重啟后失效)
[root@xiao59 ~]# ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
[root@xiao59 ~]# ifconfig eth0:1 10.10.54.53 netmask 255.255.255.0
2)在DNS中添加A記錄
vim /var/named/named.ssr.com
============================
www.ssr.com IN A 10.10.54.59
hr.ssr.com IN A 10.10.54.52
bbs.ssr.com IN A 10.10.54.53
============================
3)修改配置文件,添加虛擬主機
vim /etc/httpd/conf/httpd.conf
================================
<VirtualHost 10.10.54.59:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost 10.10.54.52:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost 10.10.54.53:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
===================================
4)重啟服務
[root@xiao59 ~]# /etc/init.d/named restart
[root@xiao59 ~]# /etc/init.d/httpd restart
Starting httpd: Warning: DocumentRoot [/var/www/hr] does not exist
Warning: DocumentRoot [/var/www/bbs] does not exist
##解決方法
[root@xiao59 ~]# mkdir -p /var/www/hr
[root@xiao59 ~]# mkdir -p /var/www/bbs
5)創建首頁
[root@xiao59 ~]# mkdir -p /var/www/html/index.html
[root@xiao59 ~]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/hr/index.html
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.html
6)修改服務配置
haha@ha :~$ sudo vim /etc/resolv.conf
==========================
nameserver 10.10.54.59
==========================
[root@xiao59 named]# vim /etc/resolv.conf
==========================
nameserver 10.10.54.59
==========================
7)測試
##分別在瀏覽器中輸入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##測試工具測試
elinks bbs.ssr.com
--------------------------------------------------------------------
方案二:
1)添加IP(重啟后失效)
[root@xiao59 ~]# ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
[root@xiao59 ~]# ifconfig eth0:1 10.10.54.53 netmask 255.255.255.0
2)修改配置文件,添加虛擬主機
vim /etc/httpd/conf/httpd.conf
================================
<VirtualHost 10.10.54.59:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost 10.10.54.52:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost 10.10.54.53:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
===================================
3)重啟服務
[root@xiao59 ~]# /etc/init.d/named restart
[root@xiao59 ~]# /etc/init.d/httpd restart
4)添加解析(UBUNTU)
vim /etc/hosts
===========================
10.10.54.59 www.ssr.com
10.10.54.52 hr.ssr.com
10.10.54.53 bbs.ssr.com
============================
5)創建首頁
[root@xiao59 ~]# mkdir -p /var/www/html/index.html
[root@xiao59 ~]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/hr/index.html
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.html
6)測試
##分別在瀏覽器中輸入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##測試工具測試
elinks bbs.ssr.com
*****************************************************************
4.案例三:基于域名的虛擬主機(可以只用一個IP)
1)在DNS中添加A記錄或CNAME記錄
vim /var/named/named.ssr.com
========================================
www.ssr.com. IN A 10.10.54.59
hr.ssr.com. IN A 10.10.54.59
bbs.ssr.com. IN A 10.10.54.59
========================================
2)修改配置文件,添加虛擬主機
vim /etc/httpd/conf/httpd.conf
===============================
NameVirtualHost *:80 --開啟域名解析開關
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/html
ServerName www.ssr.com
ErrorLog logs/www-error_log
CustomLog logs/www-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin wangxq@ssr.com
DocumentRoot /var/www/bbs
ServerName bbs.ssr.com
ErrorLog logs/bbs-error_log
CustomLog logs/bbs-access_log common
</VirtualHost>
======================================
3)重啟
/etc/init.d/named restart
/etc/init.d/network restart
/etc/init.d/httpd restart
4)測試
##分別在瀏覽器中輸入:
www.ssr.com/hr.ssr.com/bbs.ssr.com
##測試工具測試
elinks bbs.ssr.com
5.測試工具
ab -n 10000 -c 50 http://www.ssr.com/index.html
##文本瀏覽器測試工具
[root@xiao59 ~]# yum install elinks.x86_64
##擴展:
[root@xiao59 ~]# which ab
/usr/bin/ab
[root@xiao59 ~]# rpm -qf /usr/bin/ab
httpd-tools-2.2.15-26.el6.centos.x86_64
//學習一些html基本語法
[root@s01 httpd]# cat /var/www/html/index.html
<html>
<h1 style=color:red align="center"> welcome to ssr!</h1>
</html>
____________________________________________________________
2014-03-06
6.案例四:apache.htaccess訪問
1)創建認證用戶(第一次要加-c)
[root@xiao59 ~]# htpasswd -c /etc/httpd/conf/users xiaoq
2)創建.htaccess文件
[root@xiao59 ~]# vim /var/www/html/.htaccess
=========================
AuthName "htaccess auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/users
Require valid-user
==========================
3)修改配置文件
[root@xiao59 ~]# vim /etc/httpd/conf/httpd.conf
=============================
#add files
<Directory "/var/www/html">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
==============================
4)重啟apache
/etc/init.d/httpd restart
5)測試
打開瀏覽器:www.ssr.com
##注意:nameserver 10.10.54.59
****************************************************
7.案例五:apache ssl
1)安裝mod_ssl
yum install mod_ssl.x86_64
##創建目錄
mkdir .ssl
[root@xiao59 ~]# yum list |grep ssl
openssl.x86_64 ---確保安裝
2)創建CA證書
##創建rsa私用密鑰
cd conf/.ssl
[root@s01 .ssl]# openssl genrsa -des3 -out ca.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
##查看ca.key密鑰內容
[root@xiao59 .ssl]# openssl rsa -noout -text -in ca.key
Enter pass phrase for ca.key:
##利用CA的RSA密鑰創建一個自簽署的CA證書
[root@xiao59 .ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
3).創建服務器證書簽署請求
##創建RSA私鑰
[root@xiao59 .ssl]# openssl genrsa -des3 -out server.key 1024
[root@xiao59 .ssl]# ll
total 12
-r-------- 1 root root 989 3月 6 09:56 ca.crt
-r-------- 1 root root 963 3月 6 09:52 ca.key
-rw-r--r-- 1 root root 963 3月 6 10:00 server.key
##利用server.key產生證書簽署請求CSR
[root@xiao59 .ssl]# openssl req -new -key server.key -out server.csr
##down mod_ssl source code,and tar
wget http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz
##get sign.sh
cp /softs/mod_ssl-2.8.31-1.3.41/pkg.contrib/sign.sh /etc/httpd/conf/.ssl/
##簽署證書
[root@xiao59 .ssl]# ./sign.sh server.csr
[root@xiao59 .ssl]# ls
ca.crt ca.db.index ca.db.serial server.crt server.key
ca.db.certs ca.db.index.attr ca.key server.csr sign.sh
[root@xiao59 .ssl]# rm -f server.csr
##改變文件權限
[root@xiao59 .ssl]# chmod 400 server.crt
4)產生client端的個人證書(可以不做這步)
[root@xiao59 .ssl]# openssl pkcs12 -export -in server.crt -inkey server.key -out client.p12 -name "public"
5).編輯/etc/http/conf.d/ssl.conf
##注釋掉原來httpd.conf中的以下
[root@xiao59 httpd]# vim conf.d/ssl.conf
====================================
LoadModule ssl_module modules/mod_ssl.so ---confirm
Listen 443 ---confirm
<VirtualHost _default_:443>
ServerAdmin wanxq@ssr.com
DocumentRoot /var/www/hr
ServerName hr.ssr.com
ErrorLog logs/hr-error_log
CustomLog logs/hr-access_log common
SSLCertificateFile /etc/httpd/conf/.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/.ssl/server.key
===================================================
##重啟服務
/etc/init.d/httpd restart
-------------------------------下午----------------------
案例六
1.重裝mysql
##備份原配置文件
[root@xiao59 softs]# cp /etc/my.cnf /softs/
##安裝mysql RPM版本
[root@xiao59 softs]# yum install mysql.x86_64 mysql-devel.x86_64 mysql-server.x86_64
##修改配置文件
[root@xiao59 ~]# vim /etc/my.cnf
================================
[client]
socket = /var/lib/mysql/mysql.sock
[mysqld]
socket = /var/lib/mysql/mysql.sock
datadir = /data/mysql
==============================
##創建數據庫目錄
[root@xiao59 ~]# mkdir /data/mysql
[root@xiao59 ~]# chown mysql.mysql /data/mysql -R
##查看mysql路徑
[root@xiao59 ~]# which mysql
/usr/bin/mysql
##添加mysql路徑
[root@xiao59 ~]# vim /etc/profile.d/myfile.sh
=======================
PATH=${PATH}:/usr/bin
=====================
#導入變量
[root@xiao59 ~]# source /etc/profile
##重啟
[root@xiao59 ~]# /etc/init.d/mysqld restart
2.安裝PHP
yum install php.x86_64 php-cli.x86_64 php-common.x86_64 php-gd.x86_64 php-mysql.x86_64 php-pear.noarch
##創建首頁
[root@xiao59 ~]# mkdir /var/www/bbs
[root@xiao59 ~]# cp /var/www/html/index.html /var/www/bbs/index.php
##創建測試代碼
[root@xiao59 ~]# vim /var/www/bbs/index.php
==================
<?php
phpinfo();
?>
==================
##添加配置
DirectoryIndex index.php
##下載解壓工具并解壓
[root@xiao59 softs]# yum install unzip.x86_64
[root@xiao59 softs]# mv Discuz_X3.0_SC_UTF8.zip /var/www/bbs/
[root@xiao59 softs]# cd /var/www/bbs/
[root@xiao59 bbs]# unzip Discuz_X3.0_SC_UTF8.zip
[root@xiao59 bbs]# /etc/init.d/httpd restart
##在瀏覽器中輸入
bbs.ssr.com --顯示PHP Version 5.3.3頁面
bbs.ssr.com/upload --顯示安裝向導頁面
##同意后出現目錄、文件權限錯誤
[root@xiao59 bbs]# chown apache.apache /var/www/ -R
然后下一步。
==============================================
數據庫服務器:10.10.54.59
數據庫名:ultrax
數據庫用戶名:xiaoq
數據庫密碼:322815
數據表前綴:pre_ --同一數據庫運行多個論壇時,請修改前綴
系統信箱 Email:admin@admin.com --用于發送程序錯誤報告
管理員賬號:admin
管理員密碼:
重復密碼:
管理員 Email:wangxq@ssr.com
===========================================
##記得在mysql中創建用戶
mysql> grant all on *.* to 'xiaoq'@'10.10.54.%' identified by '322815';
mysql> flush privileges;
______________________________________________________________________
2014-03-10
Nginx
1.下載wget http://nginx.org/download/nginx-1.4.5.tar.gz
2.編譯
1)解壓
[root@CentOS001 softs]# tar xvf nginx-1.4.5.tar.gz
2)編譯參數解析
[root@CentOS001 nginx-1.4.5]# ./configure --help
===========================================================
--prefix=PATH set installation prefix
--user=USER set non-privileged user for worker processes
--group=GROUP set non-privileged group for worker processes
##開啟HTTP SSL模塊,使nginx可以支持HTTP請求,這個模塊需要已經安裝OPENSSL
--with-http_ssl_module enable ngx_http_ssl_module
##支持監控
--with-http_stub_status_module enable ngx_http_stub_status_module
##支持壓縮
--with-http_gzip_static_module enable ngx_http_gzip_static_module
##nginx和paython的結合
--http-uwsgi-temp-path=PATH set path to store http uwsg temporary files
##開啟select模式,默認的安裝方式
--with-select_module enable select module
===============================================================
3)編譯三部曲
[root@CentOS001 nginx-1.4.5]# ./configure --prefix=/usr/local/nginx --user=apache --group=apache --with-http_stub_status_module \
--with-http_gzip_static_module --with-http_ssl_module
make
make install
3.用法
1)啟動
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
顯示如下錯誤:
/usr/local/nginx/sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
解決方法:
##源代碼編譯pcre
##創建軟連接
1.1)查找:whereis libpcre.so.1
libpcre.so: /lib/libpcre.so.0 /lib64/libpcre.so.0 /usr/local/lib/libpcre.so.1 /usr/local/lib/libpcre.so
1.2)ls -lh /usr/local/lib/libpcre.so.1
1.3)
ln /usr/local/lib/libpcre.so.1.2.0 /lib/libpcre.so.1
ln -s /usr/local/lib/libpcre.so.1.2.0 /lib64/libpcre.so.1
##動態加載:ldconfig
2)查看端口
netstat -ntlp |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3233/nginx
3)關閉
[root@s01 logs]# cat /usr/local/nginx/logs/nginx.pid | xargs kill -TERM
4)重啟
[root@s01 logs]# cat /usr/local/nginx/logs/nginx.pid | xargs kill -HUP
HUP 重啟
5)其他參數
TEAM,INT 快速停止
USR1 重新打開日志,用于日志切割
USR2 平滑升級可執行程序
QUIT 從容關閉
WINCH 從容關閉工作進程
4.基于IP的虛擬主機
1)編輯配置文件
vim /usr/local/nginx/conf/nginx.conf
=================================
user apache apache;
worker_processes 2;
error_log logs/error.log;
pid logs/nginx.pid;
##去掉注釋
access_log logs/access.log;
server {
listen 10.10.54.52:80;
server_name 10.10.54.52;
root /var/www/html;
access_log logs/www.access.log;
charset utf-8;
location / {
root /var/www/html;
index index.html index.htm;
}
}
======================================
2)添加IP
ifconfig eth0:0 10.10.54.52 netmask 255.255.255.0
3)添加DNS記錄
vim /var/named/named.ssr.com
====================================
www.ssr.com IN A 10.10.54.52
=====================================
##重啟:/etc/init.d/named restart
4)測試配置文件
[root@s01 html]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
##瀏覽器輸入:
www.ssr.com或10.10.54.52
5.基于域名的虛擬主機
1)配置文件
vim /usr/local/nginx/conf/nginx.conf
=================================
user apache apache;
error_log logs/error.log;
pid logs/nginx.pid;
##去掉注釋
access_log logs/access.log;
server {
listen 80;
server_name www.ssr.com;
root /var/www/html;
access_log logs/www.access.log;
charset utf-8;
location / {
root /var/www/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name hr.ssr.com;
root /var/www/hr;
access_log logs/hr.access.log;
charset utf-8;
location / {
root /var/www/hr;
index index.html index.htm;
}
}
======================================
2)配值DNS
vim /var/named/named.ssr.com
=================================================
$TTL 86400
@ IN SOA ssr.com. root (2014010802 1H 15M 1W 1D)
@ IN NS ssr.com.
ssr.com. IN A 10.10.54.54
hr.ssr.com. IN A 10.10.54.54
www.ssr.com. IN A 10.10.54.54
===================================================
##重啟:/etc/init.d/named restart
3)建立測試文件
mkdir -p /var/www/hr
vim /var/www/hr/index.html
========================
<html>
<h1 style=color:red align="center"> welcome to hr!</h>
</html
========================
##更改目錄所有者
chown apache.apache /var/www/hr/ -R
4)測試配置文件
[root@CentOS001 www]# /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
##瀏覽器輸入:
www.ssr.com && hr.ssr.com
6.解決NGINX語法無法高亮顯示
1)下載http://www.vim.org/scripts/download_script.php?src_id=14376
2)mkdir -p ~/.vim/syntax
3)mv nginx.vim ~/.vim/syntax/
4)vim ~/.vim/filetype.vim
========================================
au BufRead,BufNewFile /usr/local/nginx/conf/* set ft=nginx
(提醒這里的分隔只有一個空格)
=======================================
7.nginix配置文件格式
====================
user apache apache;
worker_processes 2; CPU核-1
..........
event{
##linux推薦使用的網絡I/O模型
use epol1;
}
http{
..........
upstream{}
server{}
}
=====================
8.tomacat
Tomcat的安裝分為兩個步驟:安裝JDK;安裝Tomcat。
JDK(JavaDevelopmentKit)是SunMicrosystems針對Java開發員的產品。自從Java推出以來,
JDK已經成為使用最廣泛的JavaSDK。JDK 是整個Java的核心,包括了Java運行環境,Java
工具和Java基礎的類庫。所以要想運行jsp的程序必須要有JDK的支持,理所當然安裝Tomcat
的前提是安裝好JDK。
1)安裝JDK
rpm -ivh jdk-7u51-linux-x64.rpm
2)解壓
tar xvf apache-tomcat-7.0.52.tar.gz
##移動文件
[root@CentOS001 softs]# mv apache-tomcat-7.0.52 /usr/local/tomcat
3)給tomcat添加JAVA主目錄
[root@CentOS001 softs]# vim /usr/local/tomcat/bin/catalina.sh --96行
==============================
JAVA_HOME=/usr/java/jdk1.7.0_51
CATALINA_HOME=/usr/local/tomcat
==============================
4)做自啟動腳本
[root@s01 bin]# cp catalina.sh /etc/init.d/tomcat
[root@s01 bin]# chmod +x /etc/init.d/tomcat
[root@s01 bin]# chkconfig --add tomcat
ERROR:service tomcat does not support chkconfig
解決方法:vim /etc/init.d/tomcat
=============================
#!/bin/sh
#chkconfig:2345 64 27 --添加兩行
#description:tomcat server init script
=============================
再次添加:chkconfig --add tomcat
5)tomcat配置用戶管理
[root@s01 conf]# pwd
/usr/local/tomcat/conf
[root@s01 conf]# ls
Catalina catalina.properties logging.properties tomcat-users.xml
catalina.policy context.xml server.xml web.xml
[root@s01 conf]# vim tomcat-users.xml
=====================================
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="tomcat" password="tomcat" roles="admin-gui,manager-gui"/>
==========================================
/etc/init.d/tomcat start/stop
9.nginx負載均衡(202正常狀態碼)
1)常用命令
##查看編譯參數
/usr/local/nginx/sbin/nginx -V
##查看版本
/usr/local/nginx/sbin/nginx -v
2)下載查看端口工具
yum install lsof.x86_64
lsof -i:8010
3)配置文件
mkdir -p /usr/local/nginx/conf/virtual
vim /usr/local/nginx/conf/nginx.conf
===================================
user apache apache;
worker_processes 2;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
include virtual/www.ssr.com.conf;
}
===================================================
vim /usr/local/nginx/conf/virtual/www.ssr.com.conf
====================================================
upstream www_ssr_com {
server 10.10.54.54:10080 max_fails=3 weight=1 fail_timeout=60s;
server 10.10.54.59:8090 max_fails=3 weight=2 fail_timeout=60s;
}
server {
listen 80;
server_name www.ssr.com;
charset utf-8;
access_log logs/www.access.log main;
index index.html;
location /upload {
autoindex on;
}
location /download {
rewrite ^/download$ /upload last;
}
location / {
proxy_pass http://www_ssr_com;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
__________________________________________________________________________
2014-03-11
1.優化linux內核參數
vim /etc/sysctl.conf
vim /etc/security/limits.conf
awstat分析日志
2.修改版本號
##方法1
vim /usr/local/nginx/conf/nginx.conf
===============================
添加server_tokens=off
==============================
##方法2
vim /softs/lnmp/nginx-1.4.5/src/core/nginx.h
============================================
#define NGINX_VERSION "14"
#define NGINX_VER "apache/" NGINX_VERSION
=============================================
3.取消debug模式
[root@s01 nginx-1.4.6]# pwd
/softs/lnmp/nginx-1.4.6
[root@s01 nginx-1.4.6]# vim auto/cc/gcc
========================
# debug
#CFLAGS="$CFLAGS -g"
========================
4.取消IP地址訪問
==================
server {
server_name _;
return 404;
}
==================
5.nginx升級
1).查看編譯參數
./nginx -V
2).備份nginx
[root@s01 local]# mv nginx/ nginx_old
[root@s01 local]# ps -ef|grep nginx
root 9816 1 0 08:37 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
apache 9825 9816 0 08:37 ? 00:00:00 nginx: worker process
apache 9826 9816 0 08:37 ? 00:00:00 nginx: worker process
root 9981 1036 0 10:13 pts/1 00:00:00 grep nginx
3).重新編譯
4).還原配置文件和日志
5).驗證配置文件
/usr/local/nginx/sbin/nginx -t
6.切換nginx
———————————————————————————————————————————————————————————
2014-03-13
linux virtual server(lvs)----章文嵩開發
MFS ----分布式文件系統
1.LVS集群采用IP負載均衡技術和基于內容請求分發技術。調度器具有很好的吞吐率,將請求均衡地轉移到不同的服務器上執行,且調度器自動屏蔽掉服務器的故障,從而將一組服務器構成一個高性能的、高可用的虛擬服務器。
2.三個主要組成部分:
負載調度器(load balancer),它是整個集群對外面的前端機,負責將客戶的請求發送到一組服務器上執行,而客戶認為服務是來自一個IP地址上的。它可以是用IP負載均衡技術的負載調度器,也可以是基于內容請求分發的負載調度器,還可以是兩者的結合。
服務器池(server pool),是一組真正執行客戶請求的服務器,執行的服務有WEB、MAIL、FTP和DNS等。
后端存儲(backend storage),它為服務器池提供一個共享的存儲區,這樣很容易使得服務器池擁有相同的內容,提供相同的服務。
3.負載均衡方式:
1)NAT:需要修改/etc/sysctl.conf的forward,不需要啟動realserver腳本
2)TUN:返回給用戶的IP為VIP,需要啟動realserver腳本
3)DR:返回給用戶的IP為VIP,需要啟動realserver腳本,無隧道開銷
理論上性能:DR>TUN>NAT
4.負載調度算法
1)輪叫調度(Round-Robin):以輪叫的方式依次將請求調度不同的服務器,即每次調度執行i = (i + 1) mod n,并選出第i臺服務器。算法的優點是其簡潔性,它無需記錄當前所有連接的狀態,所以它是一種無狀態調度。
##平均對待每一臺real server,而不管服務器上的實際負載均衡狀況和連接狀態。
2)加權輪叫調度(Weighted Round-Robin)
##根據real server的不同處理能力來調度請求,可以對每臺real server 設置不同的調度權值
3)最小連接調度(Least-Connection):把新的連接請求分配到當前連接數最小的服務器。最小連接調度是一種動態調度算法,它通過服 務器當前所活躍的連接數來估計服務器的負載情況。調度器需要記錄各個服務器已建立連接的數目,當一個請求被調度到某臺服務器,其連接數加1;當連接中止或 超時,其連接數減一。
##動態地將網路請求調度到已建立的連接數最少的服務器上。如果集群系統的real server具有相近的性能,可以較好的均衡負載。
4)加權最小連接調度(Weighted Least-Connection):最小連接調度的超集,各個服務器用相應的權值表示其處理性能。服務器的缺省權值為1,系統管理員可以動態地設置服務 器的權值。加權最小連接調度在調度新連接時盡可能使服務器的已建立連接數和其權值成比例。
##每個服務器節點可以用相應的權值來表示處理能力,而系統管理源可以動態的設置相應的權值,默認值為1.加權最小連接調度在分配新連接請求時盡可能使服務節點的已建立連接數和其權值成正比。
5)基于局部性的最少鏈接(Locality-Based Least Connections):針對請求報文的目標IP地址的負載均衡調度,目前主要用于Cache集群系統,因為在Cache集群中客戶請求報文的目標IP 地址是變化的。這里假設任何后端服務器都可以處理任一請求,算法的設計目標是在服務器的負載基本平衡情況下,將相同目標IP地址的請求調度到同一臺服務 器,來提高各臺服務器的訪問局部性和主存Cache命中率,從而整個集群系統的處理能力。
6)帶復制的基于局部性最少鏈接(Locality-Based Least Connections with Replication):也是針對目標IP地址的負載均衡,目前主要用于Cache集群系統。它與LBLC算法的不同之處是它要維護從一個目標IP地址 到一組服務器的映射,而LBLC算法維護從一個目標IP地址到一臺服務器的映射。
7)目標地址散列調度(Destination Hashing):針對目標IP地址的負載均衡,但它是一種靜態映射算法,通過一個散列(Hash)函數將一個目標IP地址映射到一臺服務器。
8)源地址散列調度(Source Hashing):正好與目標地址散列調度算法相反,它根據請求的源IP地址,作為散列鍵(Hash Key)從靜態分配的散列表找出對應的服務器,若該服務器是可用的且未超載,將請求發送到該服務器,否則返回空。它采用的散列函數與目標地址散列調度算法 的相同。
9)最短預期延時調度(Shortest Expected Delay)
10)不排隊調度(Never Queue Scheduling)
5.下載軟件
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
6.編譯ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安裝依賴包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要額外新加張盤
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##記得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
7.確認lvs模塊
[root@tech2 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
8.編譯keepalive安裝
1)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
2)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
3)編譯
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安裝
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
4)修改配置文件路徑
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
5)查看配置文件目錄
[root@CentOS001 keepalived]# pwd
/etc/keepalived
[root@CentOS001 keepalived]# ls --keepalived軟件不對keepalived語法進行檢查,在編譯前需要備份
keepalived.conf samples
6)配置文件組成
global_defs
vrrp_instance
virtual_server
##################案例1:LVS的DR模式 ######################
1.網絡架構
hostname:CentOS001
DIRECT SERVER:10.10.54.54
vip:10.10.54.53
real server:10.10.54.56(80/3306)
real server:10.10.54.58(80/3306)
2.配置兩臺real server
//在real server(56,58)上啟動
[root@xiao56 ~]# cat /etc/init.d/realserver
============================================
#!/bin/bash
#description:start realserver
#script_name:realserver_config
VIP=10.10.54.53
source /etc/init.d/functions
case "$1" in
start)
echo "start LVS of realserver."
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
=================================================
[root@xiao56 ~]# chmod +x /etc/init.d/realserver
[root@xiao56 ~]# /etc/init.d/realserver start
########
arp_ignore:
0---為默認值,回應任何網絡接口上對任何本地IP地址的ARP查詢請求
1---只回答目標IP地址是來訪問網路接口本地地址的ARP查詢請求
arp_announce:對網路接口上,本地IP地址發出的ARP請求,作出相應級別的限制:確定不同程度的限制,宣布對來自本地源IP地址發出ARP請求的接口。
0---為默認值,在任意網絡接口上的任何本地地址。
2---對查詢目標使用最適當的本地地址。
3.配置direct server(54)
//在direct server上編譯ipvsadm,keepalived軟件包
##下載
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
##編譯ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安裝依賴包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要額外新加張盤
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##記得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
3)確認lvs模塊
[root@tech2 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
4)編譯keepalive安裝
1)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
2)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
5)編譯
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安裝
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
6)修改配置文件路徑
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
7)備份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
8)創建VIP
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
===========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
==========================
[root@CentOS001 ~]# /etc/init.d/network restart
9)配置配置文件
[root@CentOS001 keepalived]# cat keepalived.conf
============================================
! Configuration File for keepalived
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server mail.ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER1 ---表示運行keepalived服務器的一個標識,發郵件時顯示在郵件主題中的信息
}
vrrp_instance VI_2 { --vrrp實例
state MASTER --主用MASTER標識,從用BACKUP標識
interface eth0
virtual_router_id 51 --虛擬路由標識,是一個數字,同一個VRRP實例使用唯一的標識
---即同一個vrrp_instance下,MASTER和BACKUP必須一致
priority 100 --優先級,從的優先級要低于主的,用于主從模式,BACKUP的要低于100
advert_int 1 --master和backup檢查的時間間隔
authentication {
auth_type PASS --認證的類型:PASS和AH
auth_pass 1111
}
virtual_ipaddress { --虛擬IP,通信中會轉移,不發送ARP廣播
10.10.54.53/24 dev eth0 label eth0:1 --對外提供服務的IP
}
}
virtual_server 10.10.54.53 80 {
delay_loop 6 --設置運行情況檢查時間,單位為S
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50 --會話保持時間,單位為S,同一臺機器只能開啟一個,否則用telnet測試會顯示不完全
protocol TCP
##HTTP balance
real_server 10.10.54.56 80 {
weight 1 --權重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3 --失敗重試的次數
delay_before_retry 3 --重試的時間間隔,,單位為S
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.10.54.53 3306 {
delay_loop 6 --設置運行情況檢查時間,單位為S
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50 --會話保持時間,單位為S
protocol TCP
##mysql balance
real_server 10.10.54.56 3306 {
weight 1 --權重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3 --失敗重試的次數
delay_before_retry 3 --重試的時間間隔,,單位為S
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
================================================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
注:一個virtual_server內的端口號必須一致,否則會出現連接不上。
4.測試
telnet 10.10.54.53 80/3306
解析:退出重新連接會漂移到另一臺realserver上,測試mysql時要啟動服務,并授予權限。
##查看連接數
[root@CentOS001 keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 1 1
-> 10.10.54.58:3306 Route 1 0 3
擴展:
NGINX-->七層
LVS是四層負載均衡
按照OSI模型,IP協議映射到3層網絡層協議,TCP和UDP協議映射到4層傳輸層協議。
要實現一套負載均衡系統,必須基于OSI模型4層以上。以一個例子來做說明原因:假設我們要設計一套支持HTTP,以輪詢為分發策略的負載均衡系 統,后端有兩臺Real Server。如果我們的負載均衡系統是基于3層(網絡層),要發起HTTP請求,首先需要進行TCP三次握手以建立可靠的傳輸連接。三次握手會發出若干 個數據包,由于基于3層的負載均衡器沒有能力知道這些數據包是為了建立連接,只能將數據包以輪詢的方式,分別發送到Real Server A和Real Server B。這樣TCP的三次握手根本就無法成功。
負載均衡系統必須建立在面對網絡連接的基礎上,而不是面對數據包的基礎上。這套系統需要能夠理解傳輸層網絡連接,保證一次連接之內的所有數據包都轉發到同一后端真實服務器上去。OSI模型4層(傳輸層)才能提供可靠的數據傳輸服務,因此它必須基于OSI模型4層之上。
##################案例二:LVS(MASTER-BACKUP-DR)###################
1.網絡架構
hostname:CentOS001
DIRECT SERVER:10.10.54.54
vip:10.10.54.53
hostname:xiao59
DIRECT BACKUP:10.10.54.59
vip:10.10.54.53
real server:10.10.54.56(80,3306)
real server:10.10.54.58(80,3306)
2.創建VIP
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
=========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=============================
[root@CentOS001 ~]# /etc/init.d/network restart
3.配置兩臺real server
//在real server(56,58)上啟動
[root@xiao56 ~]# vim /etc/init.d/realserver
============================================
#!/bin/bash
#description:start realserver
#script_name:realserver_config
VIP=10.10.54.53
source /etc/init.d/functions
case "$1" in
start)
echo "start LVS of realserver."
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
=================================================
[root@xiao56 ~]# chmod +x /etc/init.d/realserver
[root@xiao56 ~]# /etc/init.d/realserver start
########
arp_ignore:
0---為默認值,回應任何網絡接口上對任何本地IP地址的ARP查詢請求
1---只回答目標IP地址是來訪問網路接口本地地址的ARP查詢請求
arp_announce:對網路接口上,本地IP地址發出的ARP請求,作出相應級別的限制:確定不同程度的限制,宣布對來自本地源IP地址發出ARP請求的接口。
0---為默認值,在任意網絡接口上的任何本地地址。
2---對查詢目標使用最適當的本地地址。
4.在MASTER DIRECTOR SERVER上編譯ipvsadm,keepalived
##下載
wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
##編譯ipvsadm
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
1)安裝依賴包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
## popt-static.x86_64需要額外新加張盤
[root@CentOS001 ~]# vim /etc/yum.repos.d/CentOS-ftp.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##記得yum clean all
2)[root@CentOS001 ipvsadm-1.26]# make && make install
3)確認lvs模塊
[root@CentOS001 ipvsadm-1.26]# modprobe -l|grep ipvs
=========================================
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
======================================
4)編譯keepalive安裝
aa)[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
bb)vim INSTALL
In order to compile Keepalived needs the following libraries :
===========================
* OpenSSL, <www.openssl.org>
* popt
=============================
5)編譯
aa)./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
Keepalived configuration
------------------------
Keepalived version : 1.2.9
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -Wl,-z,relro -Wl,-z,now -L/usr/lib64 -lnetsnmpagent -lnetsnmphelpers -lnetsnmpmibs -lnetsnmp -Wl,-E -Wl,-rpath,/usr/lib64/perl5/CORE -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : Yes
SHA1 support : No
Use Debug flags : No
-------------------------------
##安裝依賴軟件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
bb)make && make install
6)修改配置文件路徑
[root@CentOS001 sbin]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 bin]# cp /usr/local/keepalived/bin/genhash /bin/
7)備份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
5.在BACKUP DIRECTOR SERVER上編譯ipvsadm,keepalived
//編譯ipvsadm
1)解壓
[root@xiao59 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@xiao59 softs]# cd ipvsadm-1.26
2)安裝依賴包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
3)重新配置yum源
popt-static.x86_64需要額外新加張盤
[root@xiao59 ~]# vim /etc/yum.repos.d/centos.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##記得yum clean all
重新安裝軟件
4)[root@xiao59 ipvsadm-1.26]# make && make install
//編譯keepalived
1)解壓
[root@xiao59 softs]# tar xvf keepalived-1.2.9.tar.gz
[root@xiao59 softs]# cd keepalived-1.2.9
2)安裝依賴軟件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
3)編譯
aa)[root@xiao59 keepalived-1.2.9]# ./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
bb)[root@xiao59 keepalived-1.2.9]# make && make install
4)修改配置文件路徑
[root@xiao59 ~]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@xiao59 ~]# cp /usr/local/keepalived/bin/genhash /bin/
5)備份配置文件
[root@xiao59 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
6.配置MASTER DIRECTOR SERVER并測試通過
[root@CentOS001 ~]# vim /etc/keepalived/keepalived.conf
=====================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
}
##http balance
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0 --注釋掉方便測試
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##mysql balance
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
===========================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
##測試
telnet 10.10.54.53 80/3306
##查看連接數
[root@CentOS001 keepalived]# ipvsadm -ln
7.復制MASTER DIRECTOR SERVER配置文件到BACKUP DIRECTOR SERVER
1)傳送文件
[root@CentOS001 ~]# scp /etc/keepalived/keepalived.conf root@10.10.54.59:/etc/keepalived/keepalived.conf
2)修改配置文件
[root@xiao59 ~]# vim /etc/keepalived/keepalived.conf
=============================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_SLAVE --修改為SLAVE
}
vrrp_instance VI_1 {
state BACKUP ---主用MASTER標識,從用BACKUP標識
interface eth0
virtual_router_id 51
priority 80 ------用于主從模式,BACKUP需小于100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
}
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 10.10.54.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 10.10.54.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 10.10.54.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
====================================
[root@xiao59 ~]# /etc/init.d/keepalived restart
6.測試LVS高可用
(1)停止MASTER
[root@CentOS001 ~]# /etc/init.d/keepalived stop
//UBUNTU上
telnet 10.10.54.53 3306
在BACKUP上面查看54.53(vip)是否漂移過來
[root@xiao59 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 0
-> 10.10.54.58:3306 Route 1 1 0
(2)開啟MASTER
[root@CentOS001 ~]# /etc/init.d/keepalived restart
//UBUNTU上
telnet 10.10.54.53 3306
在MASTER上查看54.53(vip)是否漂移過來
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 0
-> 10.10.54.58:3306 Route 1 1 0
在BACKUP上查看是否還存在54.53(vip)
[root@xiao59 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 10.10.54.56:80 Route 1 0 0
-> 10.10.54.58:80 Route 1 0 0
TCP 10.10.54.53:3306 rr
-> 10.10.54.56:3306 Route 1 0 1
-> 10.10.54.58:3306 Route 1 0 0
注:ipvsadm -ln也可用ip add list代替
###################案例3:LVS(MASTER---NAT)#####################
1.網絡架構
##以下配置在同一臺機器上,gateway:10.10.54.254
hostname:CentOS001
DIRECT SERVER:
10.10.54.54(eth0)
vip1:10.10.54.53(eth0:1)
192.168.1.54(eth1)
vip2:192.168.1.53(eth1:1)
##以下不同的realserver的gateway:192.168.1.53
real server:192.168.1.56(80,3306) ----eth0
real server:192.168.1.58(3306,80) ----eth0
2.開啟內核轉發
[root@CentOS001 ~]# vim /etc/sysctl.conf
=============================
net.ipv4.ip_forward = 1
============================
3.搭建網絡
1)創建VIP1
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
=========================
DEVICE=eth0:1
ONBOOT=no
BOOTPROTO=static
IPADDR=10.10.54.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=============================
2)創建網卡eht1
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
=================================
DEVICE=eth1
ONBOOT=no
BOOTPROTO=static
IPADDR=192.168.1.54
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
================================
3)創建VIP2
[root@CentOS001 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1:1
===================================
DEVICE=eth1:1
ONBOOT=no
BOOTPROTO=static
IPADDR=192.168.1.53
NETMASK=255.255.255.0
GATEWAY=10.10.54.254
=====================================
[root@CentOS001 ~]# /etc/init.d/network restart
[root@CentOS001 ~]# ifup eth1
4.在MASTER(54.54)上安裝ipvsadm,keepalived
//編譯ipvsadm
1)解壓
[root@CentOS001 softs]# tar xvf ipvsadm-1.26.tar.gz
[root@CentOS001 softs]# cd ipvsadm-1.26
2)安裝依賴包
yum -y install wget libnl* popt* gcc.x86_64 gcc-c++.x86_64 gcc-objc++.x86_64 kernel-devel.x86_64 make popt-static.x86_64
3)重新配置yum源
popt-static.x86_64需要額外新加張盤
[root@CentOS001 ~]# vim /etc/yum.repos.d/centos.repo
=============================================
[Packages]
name=Packages
baseurl=ftp://10.201.1.221/Packages
gpgcheck=0
enabled=1
[Packages2]
name=Packages2
baseurl=ftp://10.201.1.221/Packages2
gpgcheck=0
enabled=1
==============================================
##記得yum clean all
重新安裝軟件
4)[root@CentOS001 ipvsadm-1.26]# make && make install
//編譯keepalived
1)解壓
[root@CentOS001 softs]# tar xvf keepalived-1.2.9.tar.gz
[root@CentOS001 softs]# cd keepalived-1.2.9
2)安裝依賴軟件
yum install -y net-snmp.x86_64 net-snmp-devel.x86_64
3)編譯
aa)[root@CentOS001 keepalived-1.2.9]# ./configure --prefix=/usr/local/keepalived --enable-snmp --sysconfdir=/etc/
bb)[root@CentOS001 keepalived-1.2.9]# make && make install
4)修改配置文件路徑
[root@CentOS001 ~]# cp /usr/local/keepalived/sbin/keepalived /sbin/
[root@CentOS001 ~]# cp /usr/local/keepalived/bin/genhash /bin/
5)備份配置文件
[root@CentOS001 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
5.在MASTER上修改keepalived.conf文件
[root@CentOS001 ~]# vim /etc/keepalived/keepalived.conf
================================================
global_defs {
notification_email {
wangxq@ssr.com
}
notification_email_from wangxq@ssr.com
smtp_server wangxq@ssr.com
smtp_connect_timeout 30
router_id LVS_MASTER2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 80
}
virtual_ipaddress {
10.10.54.53/24 dev eth0 label eth0:1
}
virtual_ipaddress {
192.168.1.53/24 dev eth1 label eht1:1
}
}
##http balance
virtual_server 10.10.54.53 80 {
delay_loop 6
lb_algo rr
lb_kind NAT --注意修改模式
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.1.56 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.58 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
##mysql balance
virtual_server 10.10.54.53 3306 {
delay_loop 6
lb_algo rr
lb_kind NAT --注意修改模式
# nat_mask 255.255.255.0
# persistence_timeout 50
protocol TCP
real_server 192.168.1.56 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.1.58 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
====================================
[root@CentOS001 ~]# /etc/init.d/keepalived restart
6.測試(退出重新連接,會漂移到不同的real server上)
1)UBUNTU:telnet 10.10.54.53 80
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 1 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.58:3306 Masq 1 0 0
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 1 0
-> 192.168.1.58:80 Masq 1 0 1
TCP 10.10.54.53:3306 rr
-> 192.168.1.58:3306 Masq 1 0 0
2)UBUNTU:telnet 10.10.54.53 3306(需要real server啟動mysql)
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 0 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.56:3306 Masq 1 0 0
-> 192.168.1.58:3306 Masq 1 1 0
[root@CentOS001 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.54.53:80 rr
-> 192.168.1.56:80 Masq 1 0 0
-> 192.168.1.58:80 Masq 1 0 0
TCP 10.10.54.53:3306 rr
-> 192.168.1.56:3306 Masq 1 1 0
-> 192.168.1.58:3306 Masq 1 0 1