Lvs-nat implements php applications based on nfs

Lvs-nat: php applications based on nfs Lvs-nat are multi-target DNAT, that is, multi-target address translation; modify the target address and PORT address in the request message to the RIP and PORT of the selected RS for forwarding;

Lvs-nat request processing and its features:

1. when the client sends a request, the front-end host accepts the request. in this case, the source IP address is CIP, and the target IP address is VIP.

2. when the client request message passes through the PREROUTING to the INPUT chain of the local machine, if this request is found to be a cluster service, then the request is directly sent to POSTROUTING; then, select the backend host to provide the service, and then send the request message to the backend host. in this case, when the source IP address is CIP, the target IP address is RIP1 (note: DIP gateway must point to RIP1)

3. RIP1 accepts the request, processes the request, adds a layer of IP daemon to the constructed response message, and then sends the response message to the front-end host. at this time, the source IP address is RIP1, CIP when the target IP address is used (note: Whoever responds to the first request and the RIP gateway directs to the DIP to send packets)

4. after the VIP receives the packet, it sends the response packet to the client. the source IP address is VIP, and the target IP address is CIP.

Backend hosts are actually providing services, but people think that front-end hosts are used to provide services. Therefore, backend hosts form a perfect address disguise. they have high security to prevent cyberattacks; however, all responses must pass through the front-end host throughout the process. when there are a large number of user requests, the performance of the front-end host is a bottleneck!

Nfs: Network flile system, Network file system, listening on port 2049 of tcp protocol; main function is to achieve file sharing storage;

Prepare the environment:

VM 1: Nic 1: 172.18.42.122; Nic. 0.1.100; as front-end host

Virtual machine. 0.1.99; as the backend host

VM. 0.1.200; used as nfs file shared storage

Install ipvsadm on VM 1

[Root @ localhost ~] # Yum install ipvsadm-y [root @ localhost ~] # Ipvsadm-Ln # view the rule's first-off information IP Virtual Server version 1.2.1 (size = 4096) Prot LocalAddress: Port Scheduler Flags-> RemoteAddress: Port Forward Weight ActiveConn InActConn

Then define the rule

[Root @ localhost ~] # Ipvsadm-A-t 172.18.42.122: 80-s rr # Add A cluster rule [root @ localhost ~] # Ipvsadm-a-t 172.18.42.122: 80-r 10.0.1.99-m-w 1 # add RS rules to the specified cluster [root @ localhost ~] # Curl http: // 172.18.42.122 # check whether the rule is defined successfully 10.0.1.99 Web Server RS1

Start the nfs service on virtual machine 3;

[Root @ localhost ~] # Vim/etc/exports/lweim 10.0.1.99 (rw) # add this line [root @ localhost ~] # Exportfs-r # reload files

View In Virtual Machine 2 by using the showmount command

[Root @ localhost ~] # Showmount-e 10.0.1.200 # check whether Export list for 10.0.1.200:/lweim 10.0.1.99 [root @ localhost ~] is shared # Mount-t nfs 10.0.1.200:/lweim/var/www/html/# mount the specified directory to virtual machine 2 [root @ localhost ~] # Mount # check whether 10.0.1.200:/lweim on/var/www/html type nfs is mounted (rw, vers = 4, addr = 10.0.1.200, clientaddr = 10.0.1.99)

Change the permission and owner of the shared directory on virtual 3

[Root @ localhost ~] # Chown-R apache: apache/lweim/* # Change the owner of all file groups in the shared directory to apache [root @ localhost ~] # Ll/lweim/wtc/# check whether the total 24-rw-rw-r is changed -- 1 apache 451 Nov 29 2014 AUTHORS-rwxrwxr-x 1 apache 3757 Nov 29 2014 LICENSE-rw-r -- r -- 1 apache 5796 Nov 29 2014 profile_run.htm-rw-rw-r -- 1 apache 516 Nov 29 2014 readme.txt drwxrwxr-x 14 apache 4096 Nov 29 2014 upload [root @ localhost ~] # Setfacl-m u: apache: rwx/lweim/wtc/* # change its permissions [root @ localhost ~] # Ll/lweim/wtc/total 24-rw-rwxr -- + 1 apache 451 Nov 29 2014 AUTHORS-rwxrwxr-x + 1 apache 3757 Nov 29 2014 LICENSE-rw-rwxr -- + 1 apache apache 5796 Nov 29 2014 profile_run.htm-rw-rwxr -- + 1 apache 516 Nov 29 2014 readme.txt drwxrwxr-x + 14 apache 4096 Nov 29 2014 upload

Install lamp and php-xml on virtual 2 (the phpwind extension can; otherwise, the installation may fail)

[Root @ localhost ~] # Yum install httpd php-mysql-server-y # installation program

[Root @ localhost ~] # Service httpd start # start the httpd service

Access php programs on Web services

Start the mysql program in virtual machine 2 and authorize

[Root @ localhost ~] # Service mysqld start # start mysql> grant all on lweim. * to lweim @ '2017. 0.0.1 'identified by 'lweim '; # create a local authorized user "lweim" Query OK, 0 rows affected (0.00 sec) mysql> create database lweim; # create database "lweim" Query OK, 1 row affected (0.00 sec) mysql> flush privileges; # Update database Query OK, 0 rows affected (0.00 sec)

Install phpwind and log on

Problem summary:

(1) it is important to change the owner group and permissions of nfs shared directories, and to have users with the same UID on the client and server;

(2) when setting management server rules for front-end hosts, pay attention to whether to access Web services based on VIP or DIP;