Linux system Architecture

Source: Internet
Author: User
Tags dns2 nginx load balancing

Linux system Architecture

A, ha cluster configuration

1. Installing Heartbeat

[[email protected] ~]# vim/etc/hosts//Configure hosts

10.30.4.146 Master

10.30.4.140 slave

[Email protected] ~]# RPM-IVH http://www.lishiming.net/data/attachment/forum/epel-release-6-8_64.noarch.rpm// Installing Epel

[[email protected] ~]# yum install-y heartbeat//Use Epel Source to install heartbeat

2. Configure the primary ha

[Email protected] ~]# cd/usr/share/doc/heartbeat-3.0.4/

[[email protected] heartbeat-3.0.4]# CP Authkeys HA.CF haresources/etc/ha.d///Copy three files to/ETC/HA.D directory

[Email protected] heartbeat-3.0.4]# cd/etc/ha.d/

[[email protected] ha.d]# VIM Authkeys//modified authentication, first file

Auth 3
#1 CRC
#2 SHA1 hi!

3 MD5 hello!

[[email protected] ha.d]# chmod authkeys//Modify Permissions

[[email protected] ha.d]# VIM haresources//modify config file, second file

Master 10.30.4.171/24/eth0:0 Nginx

[[email protected] ha.d]# VIM HA.CF//Modify configuration file, third file

Debugfile/var/log/ha-debug
Logfile/var/log/ha-log
Logfacility local0
KeepAlive 2
Deadtime 30
Warntime 10
Initdead 60
Udpport 694
Ucast eth0 10.30.4.146
Auto_failback on
Node Master

Node slave

Ping 10.30.4.1

Respawn Hacluster/usr/lib/heartbeat/ipfail

[[email protected] ha.d]# SCP authkeys haresources ha.cf slave:/etc/ha.d///Copy to Slave server

[[email protected] ha.d]# Yum install nginx//installation Nginx

3. Configure the HA

[[email protected] ha.d]# VIM HA.CF//Modify configuration file, third file, other without modification

Ucast eth0 10.30.4.41

4. Testing

[[email protected] HA.D] #echo "1111111111111111111master" >/usr/share/nginx/html/index.html//Master configuration

[[email protected] HA.D] #echo "1111111111111111111master" >/usr/share/nginx/html/index.html//From configuration

[[email protected] HA.D] #iptables-A input-p icmp-j DROP//master configuration No ping, from the configuration will start up

[[email protected] HA.D] #iptables-D input-p icmp-j DROP//Master configuration start Ping, from configuration will stop



B, LVS Load balancer, configure NAT

1. Test environment

Three systems, one dir (eth0:10.30.4.149 and eth1:10.30.14.149) two rs1 (eth0:10.30.4.41), RS2 (eh0:10.30.4.141)

2. Installing Ipvsadm

[email protected] ~]# yum install-y ipvsadm//install Ipvsadm

[[email protected] ~]# vi/usr/local/sbin/lvs_nat.sh//Definition Script

#!/bin/bash
# on the director server, turn on the route forwarding feature:
Echo 1 >/proc/sys/net/ipv4/ip_forward
# Turn off ICMP redirection
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth1/send_redirects

# Director Set NAT firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 10.30.4.0/16-j Masquerade
# Director Setup Ipvsadm
Ipvsadm= '/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 10.30.14.149:80-s RR
$IPVSADM-T 10.30.14.149:80-r 10.30.4.41:80-m

$IPVSADM-T 10.30.14.149:80-r 10.30.4.141:80-m

[[email protected] ~]# vi/usr/local/sbin/lvs_nat.sh//Execute script

[[email protected] ~]# IPVSADM-LN//View status

IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 10.30.14.149:80 RR
-10.30.4.41:80 MASQ 1 0 0

-10.30.4.141:80 MASQ 1 0 0

3. Configure Rs1,rs2

[[email protected] ~]# Vi/etc/sysconfig/network-scripts/ifcfg-eth0//Modify R1 Gateway

Device=eth0
hwaddr=00:0c:29:9c:bb:82
Type=ethernet
Uuid=c9b4f2a6-95c7-48bd-9cf8-3b837d1b0e2b
Onboot=yes
Nm_controlled=yes
Bootproto=static
ipaddr=10.30.4.41
netmask=255.255.255.0
gateway=10.30.4.149
dns1=10.30.1.11
dns2=10.30.1.12

[[email protected] ~]# Vi/etc/sysconfig/network-scripts/ifcfg-eth0//Modify RS2 Gateway

~device=eth0

hwaddr=00:0c:29:76:5e:66
Type=ethernet
uuid=b8deb548-6365-4e6b-abcc-dd2ae93af559
Onboot=yes
Nm_controlled=yes
Bootproto=static
ipaddr=10.30.4.141
netmask=255.255.255.0
gateway=10.30.4.149
dns1=10.30.1.11

dns2=10.30.1.12

[[email protected] ~]#/etc/init.d/nginx start//Start Nginx

[[email protected] ~]# curl localhost

11111111111111111master

[Email protected] ~]#/etc/init.d/nginx//Start Nginx

[[email protected] ~]# curl localhost

222222222222222222slave

4. Test access to the extranet IP

10.30.14.149

5. Change the weight test

#!/bin/bash
# Enable routing forwarding on the director server
Echo 1 >/proc/sys/net/ipv4/ip_forward
# Turn off ICMP redirection
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth1/send_redirects

# Director Set NAT firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 10.30.4.0/16-j Masquerade
# Director Setup Ipvsadm
Ipvsadm= '/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 10.30.14.149:80-s WRR
$IPVSADM-T 10.30.14.149:80-r 10.30.4.41:80-m- W 2

$IPVSADM-T 10.30.14.149:80-r 10.30.4.141:80-m- W 1



C, LVS Load balancer, configure Dr

1. Clear the Rules

[[email protected] ~]# ipvsadm-c//Purge rule

[Email protected] ~]# IPVSADM-LN//view

[[email protected] ~]# iptables-t nat-f//Purge rule

2. Configure the DR

[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//Edit Script

#!/bin/bash
Echo 1 >/proc/sys/net/ipv4/ip_forward
Ipv=/sbin/ipvsadm
vip=10.30.4.180
rs1=10.30.4.41
rs2=10.30.4.141
Ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route add-host $vip Dev eth0:0
$IPV-C
$IPV-A-T $VIP: 80-s RR
$IPV-A-t $vip: 80-r $rs 1:80-g-W 1

$IPV-T $VIP: 80-r $rs 2

[[email protected] ~]# sh/usr/local/sbin/lvs_dr.sh//Execute script

[[email protected] ~]# IPVSADM-LN//Check

IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 10.30.4.180:80 RR
-10.30.4.41:80 Route 1 0 0

-10.30.4.141:80 Route 1 0 0

3. Configure Rs1,rs2

[[email protected] ~]# vi/usr/local/sbin/lvs_rs.sh//Configuration Rs1,rs2

#!/bin/bash
vip=10.30.4.180
Ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route Add-host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

4. Configure Weights

[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//Configuration weights
#!/bin/bash
Echo 1 >/proc/sys/net/ipv4/ip_forward
Ipv=/sbin/ipvsadm
vip=10.30.4.180
rs1=10.30.4.41
rs2=10.30.4.141
Ifconfig eth0:0 Down
Ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route add-host $vip Dev eth0:0
$IPV-C
$IPV-A-T $VIP: 80-s RR
$IPV-A-t $vip: 80-r $rs 1:80-g-W 3

$IPV-A-t $vip: 80-r $rs 2:80-g-W 1

5. Testing

[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//test with another Linux host



D, Configuration keepalived

1. master Configuration

[Email protected] ~]# vim/etc/keepalived/keepalived.conf

Vrrp_instance Vi_1 {

State MASTER #备用服务器上为BACKUP

Interface eth0

VIRTUAL_ROUTER_ID 51

Priority #备用服务器为90
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
10.30.4.180
}
}
Virtual_server 10.30.4.180 80 {
Delay_loop 6 # (query Realserver status every 10 seconds)
Lb_algo RR # (LVS algorithm)
Lb_kind DR # (Direct Route)
Persistence_timeout 0 # (connection of the same IP is assigned to the same realserver within 60 seconds)
Protocol TCP # (check realserver status with TCP protocol)

Real_server 10.30.4.41 {
Weight 100 # (weight)
Tcp_check {
Connect_timeout 10 # (10 seconds no response exceeded)
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
Real_server 10.30.4.141 80 {
Weight 100
Tcp_check {
Connect_timeout 10
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}

}

[[email protected] ~]# scp/etc/keepalived/keepalived.conf 10.30.4.141:/etc/keepalived/keepalived.conf//Copy to Slave server

2. From the configuration

[Email protected] ~]# vi/etc/keepalived/keepalived.conf

Vrrp_instance Vi_1 {

State BACKUP #备用服务器上为BACKUP

Interface eth0

Priority #备用服务器为90
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
10.30.4.180
}
}
Virtual_server 10.30.4.180 80 {
Delay_loop 6 # (query Realserver status every 10 seconds)
Lb_algo RR # (LVS algorithm)
Lb_kind DR # (Direct Route)
Persistence_timeout 0 # (connection of the same IP is assigned to the same realserver within 60 seconds)
Protocol TCP # (check realserver status with TCP protocol)

Real_server 10.30.4.41 {
Weight 100 # (weight)
Tcp_check {
Connect_timeout 10 # (10 seconds no response exceeded)
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
Real_server 10.30.4.141 80 {
Weight 100
Tcp_check {
Connect_timeout 10
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}

}

}

[Email protected] ~]# IPVSADM-LN



E. Configure Nginx Load Balancing

1. Configure Nginx

Vim lb.conf//configuration Nginx

Upstream aming {
Server 10.30.4.41:80;
Server 10.30.4.141:80;
}

server {
Listen 80;
server_name www.123.com;
Location/{
Proxy_pass http://aming/;
Proxy_set_header Host $host;
}

}

2. Testing

Curl-xlocalhost:80 www.123.com

3. Set weights

Vim lb.conf//configuration Nginx

Upstream aming {

Server 10.30.4.41:80 weight=2;

Server 10.30.4.141:80 weight=1;

}

server {
Listen 80;
server_name www.123.com;
Location/{
Proxy_pass http://aming/;
Proxy_set_header Host $host;
}

}


Linux system Architecture

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.