Linux system Architecture
A, ha cluster configuration
1. Installing Heartbeat
[[email protected] ~]# vim/etc/hosts//Configure hosts
10.30.4.146 Master
10.30.4.140 slave
[Email protected] ~]# RPM-IVH http://www.lishiming.net/data/attachment/forum/epel-release-6-8_64.noarch.rpm// Installing Epel
[[email protected] ~]# yum install-y heartbeat//Use Epel Source to install heartbeat
2. Configure the primary ha
[Email protected] ~]# cd/usr/share/doc/heartbeat-3.0.4/
[[email protected] heartbeat-3.0.4]# CP Authkeys HA.CF haresources/etc/ha.d///Copy three files to/ETC/HA.D directory
[Email protected] heartbeat-3.0.4]# cd/etc/ha.d/
[[email protected] ha.d]# VIM Authkeys//modified authentication, first file
Auth 3
#1 CRC
#2 SHA1 hi!
3 MD5 hello!
[[email protected] ha.d]# chmod authkeys//Modify Permissions
[[email protected] ha.d]# VIM haresources//modify config file, second file
Master 10.30.4.171/24/eth0:0 Nginx
[[email protected] ha.d]# VIM HA.CF//Modify configuration file, third file
Debugfile/var/log/ha-debug
Logfile/var/log/ha-log
Logfacility local0
KeepAlive 2
Deadtime 30
Warntime 10
Initdead 60
Udpport 694
Ucast eth0 10.30.4.146
Auto_failback on
Node Master
Node slave
Ping 10.30.4.1
Respawn Hacluster/usr/lib/heartbeat/ipfail
[[email protected] ha.d]# SCP authkeys haresources ha.cf slave:/etc/ha.d///Copy to Slave server
[[email protected] ha.d]# Yum install nginx//installation Nginx
3. Configure the HA
[[email protected] ha.d]# VIM HA.CF//Modify configuration file, third file, other without modification
Ucast eth0 10.30.4.41
4. Testing
[[email protected] HA.D] #echo "1111111111111111111master" >/usr/share/nginx/html/index.html//Master configuration
[[email protected] HA.D] #echo "1111111111111111111master" >/usr/share/nginx/html/index.html//From configuration
[[email protected] HA.D] #iptables-A input-p icmp-j DROP//master configuration No ping, from the configuration will start up
[[email protected] HA.D] #iptables-D input-p icmp-j DROP//Master configuration start Ping, from configuration will stop
B, LVS Load balancer, configure NAT
1. Test environment
Three systems, one dir (eth0:10.30.4.149 and eth1:10.30.14.149) two rs1 (eth0:10.30.4.41), RS2 (eh0:10.30.4.141)
2. Installing Ipvsadm
[email protected] ~]# yum install-y ipvsadm//install Ipvsadm
[[email protected] ~]# vi/usr/local/sbin/lvs_nat.sh//Definition Script
#!/bin/bash
# on the director server, turn on the route forwarding feature:
Echo 1 >/proc/sys/net/ipv4/ip_forward
# Turn off ICMP redirection
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth1/send_redirects
# Director Set NAT firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 10.30.4.0/16-j Masquerade
# Director Setup Ipvsadm
Ipvsadm= '/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 10.30.14.149:80-s RR
$IPVSADM-T 10.30.14.149:80-r 10.30.4.41:80-m
$IPVSADM-T 10.30.14.149:80-r 10.30.4.141:80-m
[[email protected] ~]# vi/usr/local/sbin/lvs_nat.sh//Execute script
[[email protected] ~]# IPVSADM-LN//View status
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 10.30.14.149:80 RR
-10.30.4.41:80 MASQ 1 0 0
-10.30.4.141:80 MASQ 1 0 0
3. Configure Rs1,rs2
[[email protected] ~]# Vi/etc/sysconfig/network-scripts/ifcfg-eth0//Modify R1 Gateway
Device=eth0
hwaddr=00:0c:29:9c:bb:82
Type=ethernet
Uuid=c9b4f2a6-95c7-48bd-9cf8-3b837d1b0e2b
Onboot=yes
Nm_controlled=yes
Bootproto=static
ipaddr=10.30.4.41
netmask=255.255.255.0
gateway=10.30.4.149
dns1=10.30.1.11
dns2=10.30.1.12
[[email protected] ~]# Vi/etc/sysconfig/network-scripts/ifcfg-eth0//Modify RS2 Gateway
~device=eth0
hwaddr=00:0c:29:76:5e:66
Type=ethernet
uuid=b8deb548-6365-4e6b-abcc-dd2ae93af559
Onboot=yes
Nm_controlled=yes
Bootproto=static
ipaddr=10.30.4.141
netmask=255.255.255.0
gateway=10.30.4.149
dns1=10.30.1.11
dns2=10.30.1.12
[[email protected] ~]#/etc/init.d/nginx start//Start Nginx
[[email protected] ~]# curl localhost
11111111111111111master
[Email protected] ~]#/etc/init.d/nginx//Start Nginx
[[email protected] ~]# curl localhost
222222222222222222slave
4. Test access to the extranet IP
10.30.14.149
5. Change the weight test
#!/bin/bash
# Enable routing forwarding on the director server
Echo 1 >/proc/sys/net/ipv4/ip_forward
# Turn off ICMP redirection
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth0/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/eth1/send_redirects
# Director Set NAT firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 10.30.4.0/16-j Masquerade
# Director Setup Ipvsadm
Ipvsadm= '/sbin/ipvsadm '
$IPVSADM-C
$IPVSADM-A-T 10.30.14.149:80-s WRR
$IPVSADM-T 10.30.14.149:80-r 10.30.4.41:80-m- W 2
$IPVSADM-T 10.30.14.149:80-r 10.30.4.141:80-m- W 1
C, LVS Load balancer, configure Dr
1. Clear the Rules
[[email protected] ~]# ipvsadm-c//Purge rule
[Email protected] ~]# IPVSADM-LN//view
[[email protected] ~]# iptables-t nat-f//Purge rule
2. Configure the DR
[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//Edit Script
#!/bin/bash
Echo 1 >/proc/sys/net/ipv4/ip_forward
Ipv=/sbin/ipvsadm
vip=10.30.4.180
rs1=10.30.4.41
rs2=10.30.4.141
Ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route add-host $vip Dev eth0:0
$IPV-C
$IPV-A-T $VIP: 80-s RR
$IPV-A-t $vip: 80-r $rs 1:80-g-W 1
$IPV-T $VIP: 80-r $rs 2
[[email protected] ~]# sh/usr/local/sbin/lvs_dr.sh//Execute script
[[email protected] ~]# IPVSADM-LN//Check
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 10.30.4.180:80 RR
-10.30.4.41:80 Route 1 0 0
-10.30.4.141:80 Route 1 0 0
3. Configure Rs1,rs2
[[email protected] ~]# vi/usr/local/sbin/lvs_rs.sh//Configuration Rs1,rs2
#!/bin/bash
vip=10.30.4.180
Ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route Add-host $vip lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
4. Configure Weights
[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//Configuration weights
#!/bin/bash
Echo 1 >/proc/sys/net/ipv4/ip_forward
Ipv=/sbin/ipvsadm
vip=10.30.4.180
rs1=10.30.4.41
rs2=10.30.4.141
Ifconfig eth0:0 Down
Ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
Route add-host $vip Dev eth0:0
$IPV-C
$IPV-A-T $VIP: 80-s RR
$IPV-A-t $vip: 80-r $rs 1:80-g-W 3
$IPV-A-t $vip: 80-r $rs 2:80-g-W 1
5. Testing
[[email protected] ~]# vim/usr/local/sbin/lvs_dr.sh//test with another Linux host
D, Configuration keepalived
1. master Configuration
[Email protected] ~]# vim/etc/keepalived/keepalived.conf
Vrrp_instance Vi_1 {
State MASTER #备用服务器上为BACKUP
Interface eth0
VIRTUAL_ROUTER_ID 51
Priority #备用服务器为90
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
10.30.4.180
}
}
Virtual_server 10.30.4.180 80 {
Delay_loop 6 # (query Realserver status every 10 seconds)
Lb_algo RR # (LVS algorithm)
Lb_kind DR # (Direct Route)
Persistence_timeout 0 # (connection of the same IP is assigned to the same realserver within 60 seconds)
Protocol TCP # (check realserver status with TCP protocol)
Real_server 10.30.4.41 {
Weight 100 # (weight)
Tcp_check {
Connect_timeout 10 # (10 seconds no response exceeded)
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
Real_server 10.30.4.141 80 {
Weight 100
Tcp_check {
Connect_timeout 10
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
[[email protected] ~]# scp/etc/keepalived/keepalived.conf 10.30.4.141:/etc/keepalived/keepalived.conf//Copy to Slave server
2. From the configuration
[Email protected] ~]# vi/etc/keepalived/keepalived.conf
Vrrp_instance Vi_1 {
State BACKUP #备用服务器上为BACKUP
Interface eth0
Priority #备用服务器为90
Advert_int 1
Authentication {
Auth_type PASS
Auth_pass 1111
}
virtual_ipaddress {
10.30.4.180
}
}
Virtual_server 10.30.4.180 80 {
Delay_loop 6 # (query Realserver status every 10 seconds)
Lb_algo RR # (LVS algorithm)
Lb_kind DR # (Direct Route)
Persistence_timeout 0 # (connection of the same IP is assigned to the same realserver within 60 seconds)
Protocol TCP # (check realserver status with TCP protocol)
Real_server 10.30.4.41 {
Weight 100 # (weight)
Tcp_check {
Connect_timeout 10 # (10 seconds no response exceeded)
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
Real_server 10.30.4.141 80 {
Weight 100
Tcp_check {
Connect_timeout 10
Nb_get_retry 3
Delay_before_retry 3
Connect_port 80
}
}
}
[Email protected] ~]# IPVSADM-LN
E. Configure Nginx Load Balancing
1. Configure Nginx
Vim lb.conf//configuration Nginx
Upstream aming {
Server 10.30.4.41:80;
Server 10.30.4.141:80;
}
server {
Listen 80;
server_name www.123.com;
Location/{
Proxy_pass http://aming/;
Proxy_set_header Host $host;
}
}
2. Testing
Curl-xlocalhost:80 www.123.com
3. Set weights
Vim lb.conf//configuration Nginx
Upstream aming {
Server 10.30.4.41:80 weight=2;
Server 10.30.4.141:80 weight=1;
}
server {
Listen 80;
server_name www.123.com;
Location/{
Proxy_pass http://aming/;
Proxy_set_header Host $host;
}
}
Linux system Architecture