1、前言
在学习了Lvs集群的相关知识后,尝试在部署lvs集群并提供两个不同的虚拟服务分别对应访问wordpress和phpMyadmin应用。
2、部署准备
部署拓扑图
部署使用5个centos 7 的虚拟主机分别作为Router、Director、RS1、RS2及提供相关应用的server。 按照拓扑规划部署相关的应用服务,实现mnp应用服务器能够提供mysql、php-fpm、nfs等应用服务给RS1、RS2使用;RS1,RS2分别利用nginx部署wordpress和phpMyadmin;在Director上启用lvs虚拟服务,分别分别负载wordpress和phpmyadmin到两台RS上;Router模拟网关,提供SNAT服务,并将内网的lvs虚拟服务DNAT映射到外网。基础的网络搭建如拓扑所示,本文不再列出。
另在配置前需要注意各服务器的时间是否同步,如时区不一致,可能会导致应用服务运行异常:
#更改时区命令
[root@director ~]# tzselect
......
You can make this change permanent for yourself by appending the line
TZ='Asia/Shanghai'; export TZ
to the file '.profile' in your home directory; then log out and log in again.
Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
Asia/Shanghai
#然后TZ='Asia/Shanghai'; export TZ添加到/etc/profile文件中,然后重新登录登出即可
#向网络ntp服务器同步时间
[root@director ~]# ntpdate ntp1.aliyun.com
3、配置router
配置提供内网的SNAT上网:
#清楚防火墙策略
[root@router ~]# iptables -F
#配置SNAT规则
[root@router ~]# iptables -t nat -I POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source 192.168.0.81
#开启路由转发功能
[root@router ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
配置DNAT将外网访问192.168.0.81的80、8080 端口映射到内网的Lvs虚拟服务:
[root@router ~]# iptables -t nat -I PREROUTING -d 192.168.0.81 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.10:80
[root@router ~]# iptables -t nat -I PREROUTING -d 192.168.0.81 -p tcp --dport 8080 -j DNAT --to-destination 10.10.10.10:8080
4、配置mpn server
关闭mpn server的firewalld和和设置selinux为permissive:
[root@mpn ~]# systemctl stop firewalld
[root@mpn ~]# setenforce 0
- 搭建mysql
安装mariadb-server:
[root@mpn ~]# yum install -y mariadb-server
......
作为依赖被升级:
mariadb-libs.x86_64 1:5.5.56-2.el7
完毕!
编辑/etc/my.cnf配置文件:
[root@mpn ~]# vim /etc/my.cnf
skip-name-resolve=ON
innodb-file-per-table=ON
启动mariadb server并对配置mysql root 的密码:
[root@mpn ~]# systemctl start mariadb
[root@mpn ~]# mysql_secure_installation
......
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
.....
Thanks for using MariaDB
授权wordpress用户:
[root@mpn ~]# mysql -uroot -p123456
MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> grant all on wordpress.* to 'wordpress'@'10.10.10.%' identified by 'magedeu';
Query OK, 0 rows affected (0.04 sec)
- 搭建php-fpm
安装php程序包:
[root@mpn ~]# yum install epel-release -y
[root@mpn ~]# yum install php-fpm php-mysql php-mcrypt php-mbstring -y
编辑/etc/php-fpm.d/www.conf :
[root@mpn ~]# vim /etc/php-fpm.d/www.conf
#找到相应的参数并修改为如下配置
listen = 0.0.0.0:9000
listen.allowed_clients = 10.10.10.11 10.10.10.12
pm.status_path = /status
ping.path = /ping
php_value[session.save_path] = /var/lib/php/session
创建会话目录:
[root@mpn ~]# mkdir -pv /var/lib/php/session
mkdir: 已创建目录 "/var/lib/php/session"
[root@mpn ~]# chown apache:apache /var/lib/php/session
启动php-fpm服务:
[root@mpn ~]# systemctl start php-fpm
- 搭建nfs服务
安装nfs服务:
[root@mpn ~]# yum install -y nfs-utils
创建nfs共享目录:
[root@mpn ~]# mkdir -pv /data/nginx/html
mkdir: 已创建目录 "/data"
mkdir: 已创建目录 "/data/nginx"
mkdir: 已创建目录 "/data/nginx/html"
上传并解压缩wordpress和phpMyadmin到共享目录:
[root@mpn ~]# ll /data/nginx/html/
总用量 8
drwxr-xr-x. 9 root root 4096 3月 29 2017 phpMyAdmin-4.0.10.20-all-languages
drwxr-xr-x. 5 root root 4096 2月 8 12:53 wordpress
创建对应的软连接:
[root@mpn html]# ln -sv phpMyAdmin-4.0.10.20-all-languages/ pma
"pma" -> "phpMyAdmin-4.0.10.20-all-languages/"
[root@mpn html]# ln -sv wordpress/ blog
"blog" -> "wordpress/"
编辑/etc/exports:
[root@mpn ~]# vim /etc/exports
/data 10.10.10.*(ro,sync,root_squash)
分别启动rpcbind和nfs-server服务:
[root@mpn ~]# systemctl start rpcbind
[root@mpn ~]# systemctl start nfs-server
5、搭建配置RS1、2
创建目录/data:
[root@RS1 ~]# mkdir /data
挂载mpn的nfs共享目录到/data:
[root@RS1 ~]# mount -t nfs 10.10.10.13:/data /data
#若挂载报错说没有mount.nfs程序,需要按照nfs-utils
[root@RS1 ~]# yum install -y nfs-utils
安装nginx程序:
[root@RS1 ~]# yum install -y nginx
修改/etc/nginx/nginx.conf文件和编辑生成/etc/nginx/conf.d/services.conf:
[root@RS1 ~]# vim /etc/nginx/nginx.conf
#在server配置段中将这下面两行注释掉;
# listen 80 default_server;
# listen [::]:80 default_server;
[root@RS1 ~]# vim /etc/nginx/conf.d/services.conf
server {
listen 80;
server_name www.ilinux.io;
index index.html index.php;
location / {
root /data/nginx/html;
}
location ~* \.php$ {
fastcgi_pass 10.10.10.13:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /data/nginx/html/$fastcgi_script_name;
}
}
关闭firewalld,设置selinux为permissive:
[root@RS1 ~]# systemctl stop firewalld
[root@RS1 ~]# setenforce 0
启动nginx服务:
[root@RS1 ~]# systemctl start nginx
随后创建lvs-dr配置脚本,内容如下:
#!/bin/bash
#
vip=10.10.10.10.
mask='255.255.255.255'
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 $vip netmask $mask broadcast $vip up
route add -host $vip dev lo:0
;;
stop)
ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
执行脚本:
[root@RS1 ~]# bash -x rs.sh start
+ vip=10.10.10.10
+ mask=255.255.255.255
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
+ ifconfig lo:0 10.10.10.10 netmask 255.255.255.255 broadcast 10.10.10.10 up
+ route add -host 10.10.10.10 dev lo:0
6、配置director
安装ipvsadm命令工具:
[root@director ~]# yum install -y ipvsadm
创建lvs-dr配置脚本:
[root@director ~]# vim director.sh
#!/bin/bash
#
vip='10.10.10.10.'
iface='ens33:0'
mask='255.255.255.255'
port='80'
rs1='10.10.10.11'
rs2='10.10.10.12'
scheduler='rr'
type='-g'
case $1 in
start)
ifconfig $iface $vip netmask $mask broadcast $vip up
iptables -F
ipvsadm -A -t ${vip}:${port} -s $scheduler
ipvsadm -a -t ${vip}:${port} -r ${rs1} $type -w 1
ipvsadm -a -t ${vip}:${port} -r ${rs2} $type -w 1
;;
stop)
ipvsadm -C
ifconfig $iface down
;;
*)
echo "Usage $(basename $0) start|stop"
exit 1
;;
esac
执行脚本:
[root@director ~]# bash -x director.sh start
+ vip=10.10.10.10
+ iface=ens33:0
+ mask=255.255.255.255
+ port=80
+ rs1=10.10.10.11
+ rs2=10.10.10.12
+ scheduler=rr
+ type=-g
+ case $1 in
+ ifconfig ens33:0 10.10.10.10 netmask 255.255.255.255 broadcast 10.10.10.10 up
+ iptables -F
+ ipvsadm -A -t 10.10.10.10:80 -s rr
+ ipvsadm -a -t 10.10.10.10:80 -r 10.10.10.11 -g -w 1
+ ipvsadm -a -t 10.10.10.10:80 -r 10.10.10.12 -g -w 1
关闭firewalld:
[root@director ~]# systemctl stop firewalld
7、测试访问
通过外网访问192.168.0.81来访问相关应用:
测试访问页面1
测试访问页面之wordpress初始化页面
测试访问之完成初始化的wordpress
pma的登录页面
pma的访问页面
在RS2上停用nginx服务,测试访问效果:
在client上测试访问:
[root@client ~]# for i in {1..10};do curl http://192.168.0.81/index.html;done<h1>This is RS Server</h1>
curl: (7) Failed connect to 192.168.0.81:80; Connection refused
<h1>This is RS Server</h1>
curl: (7) Failed connect to 192.168.0.81:80; Connection refused
<h1>This is RS Server</h1>
curl: (7) Failed connect to 192.168.0.81:80; Connection refused
<h1>This is RS Server</h1>
curl: (7) Failed connect to 192.168.0.81:80; Connection refused
<h1>This is RS Server</h1>
curl: (7) Failed connect to 192.168.0.81:80; Connection refused
如上述结果,负载到正常运行的RS上的请求依旧能正常访问,但是负载到异常的服务器上的连接会请求失败。为了让director能够检测后端提供的应用服务是否存活,并根据其存活的状态自动增减ipvsadm的RS服务器,可在director上安装ldirectord来实现此需求。具体配置如下:
在director上安装ldirectord
[root@director ~]# yum install ldirectord-3.9.5-3.1.x86_64.rpm
复制示例配置文件到指定目录:
[root@director ~]# cp /usr/share/doc/ldirectord-3.9.5/ldirectord.cf /etc/ha.d/
编辑/etc/ha.d/ldirectord-cf文件:
[root@director ~]# vim /etc/ha.d/ldirectord.cf
virtual=10.10.10.10:80
real=10.10.10.11:80 gate
real=10.10.10.12:80 gate
fallback=127.0.0.1:80 gate #可在director配置一个提示页面作为维护页面提示
service=http
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
request="index.html"
启动ldirectord服务:
[root@director ~]# systemctl status ldirectord
此时在R1或RS2上停用nginx服务,director会自动检测其对应的应用服务是否存活,如果检测失败,则删除在ipvsadm中的real server条目;当检测恢复成功时,ldirectord会将对应的real server自动增加到ipvsadmn条目中。
网友评论