7.創建負載均衡服務器lb01:
創建負載均衡服務器lb01:
# optimization by onekey
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash
useradd oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
tail -l /etc/sudoers
visudo -c
echo ‘export TMOUT=1800‘ >> /etc/profile
echo ‘export HISTSIZE=5‘ >> /etc/profile
echo ‘export HISTFILESIZE=5‘ >> /etc/profile
. /etc/profile
echo ‘* - nofile 65535‘ >> /etc/security/limits.conf
echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
#about selinux
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdv_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
#set ip and hosts for lb01
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.5
NETSK=255.255.255.0
GATEWAY=10.0.0.2
nameserver=202.96.128.86
EOF
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=172.16.1.5
NETSK=255.255.255.0
EOF
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=lb01
EOF
hostname lb01
cat >/etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web02
172.16.1.8 web01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
#/etc/init.d/network reload
#make some dir
mkdir -p /server/scripts /server/tools /application
reboot
====================================================================================================
#yum repo and epel
yum -y install wget
\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
#setup some tools and develpment
yum -y install lrzsz nmap tree dos2unix nc wget
yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"
#set ntp cron
echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root
echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l
#tar configs for every server rsync to backup
#install rsync
yum -y install rsync
#create passwordfile
echo "oldboy" >/etc/rsync.password
chmod 600 /etc/rsync.password
cat >/server/scripts/bak.sh <<EOF
#!/bin/sh
##create by 20has at 2017-5-18
IP=\$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print \$4}‘)
TIME=\$(date +%F)
mkdir -p /backup/\$IP
cd / && \
tar -zcf /backup/\$IP/\$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables
md5sum /backup/\$IP/\$TIME.tar.gz >/backup/\$IP/flag.log
rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password
#del
find /backup -type f -name "*.tar.gz" -mtime +7 |xargs rm -f
EOF
#add cron to rsync backup
echo ‘#add cron to rsync backup at 20170608‘ >>/var/spool/cron/root
echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root
crontab -l
#setup nginx
yum -y install gcc gcc-c++ ncurses-devel perl openssl openssl-devel pcre pcre-devel
cd /server/tools
tar -zxf nginx-1.6.3.tar.gz
cd nginx-1.6.3
useradd www -u888 -s /sbin/nologin -M
./configure --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --prefix=/application/nginx-1.6.3/
make
make install
ln -s /application/nginx-1.6.3/ /application/nginx
#config nginx
cd /application/nginx/conf
#egrep -v "#|^$" nginx.conf.default >nginx.conf
cat >nginx.conf <<EOF
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
ip_hash;
server 10.0.0.7 weight=1;
server 10.0.0.8 weight=1;
}
server {
listen 80;
server_name www.etiantian.org etiantian.org;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
location / {
root html;
index index.html index.htm;
proxy_pass http://www_server_pools;
}
}
}
EOF
../sbin/nginx -t
../sbin/nginx
#../sbin/nginx -s reload
lsof -i :80
#test lb01
#for n in `seq 10`;do curl 172.16.1.5;sleep 1;done
#setup keepalive
yum -y install keepalived
cat >/etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
EOF
/etc/init.d/keepalived start
/etc/init.d/keepalived restart
echo "/etc/init.d/keepalived start" >>/etc/rc.local
sleep 2
ip addr |grep 10.0.0.3
1.1 負載均衡產品介紹
開源集群軟件:Nginx(七層負載均衡),LVS(純四層負載均衡),Haproxy(七層和四層負載均衡),Keepalived(輕量),Heartbeat(控制VIP和資源) 商業集群硬件:F5,Netscaler。Radware,A10等,工作模式相當於haproxy的工作模式
當企業業務重要,技術力量薄弱,並且希望出錢購買產品及獲取更好的服務時,可以選擇硬件負載均衡產品,如F5,Netscaler,Radware等;
對於門戶網站來說,大多會並用軟件及硬件產品來分擔單一產品的風險;
中小型互聯網企業,由於起步階段無利潤可賺或者利潤很低,會希望通過使用開源免費的方案來解決問題;
商業的負載均衡產品成本高,性能高,更穩定,缺點是不能是二次開發,開源的負載均衡軟件對運維人員的能力要求較高,如果運維及開發能力強,那麽開源軟件的負載均衡是不錯的選擇,目前的互聯網行業更偏向使用開源的負載均衡軟件。
1.2 如何選擇開源集群軟件產品
中小企業互聯網公司網站並發訪問和總訪問量不是很大的情況下,建議首選Nginx負載均衡,理由是Nginx負載均衡配置簡單,使用方便,安全穩定,社區活躍,使用的人逐漸增多,曾流行趨勢,另外一個實現負載均衡的類似產品為haproxy。 如果要考慮Nginx負載均衡的高可用功能,建議首選keepalived軟件,理由是安裝、配置簡單、使用方便、安全穩定,和keepalived服務類似的高可用軟件還有heartbeat
如果是大型企業互聯網公司,負載均衡產品可以使用LVS+keepalived在前端做四層轉發(一般是主備或主主,如果需要擴展可以使用DNS或前端使用OSPF),後端使用Nginx或Haproxy做7層轉發(可以擴展到百臺),再後面是應用服務器
如果是數據庫和存儲服務的復雜均和高可用,建議選擇LVS+heartbeat,LVS支持tcp轉發且dr模式效率很高,heartbeat可以配合drbd,不但可以進行VIP的切換,還可以支持塊設備級別的數據同步(drbd),以及資源服務的管理。
1.4 反向代理與負載均衡
Nginx僅僅是作為Nginx Proxy反向代理使用的,因為這個反向代理功能表現的效果是負載均衡集群的效果
負載均衡是對請求數據包的轉發(也可能會改寫)、傳遞,其中LVS的DR模式明顯特征是從負載均衡下面的節點服務器來看,接收到的請求還是來自訪問負載均衡器的客戶端的真實用戶
反向代理接收訪問用戶的請求後,會代理用戶重新發起請求代理下的節點服務器,最後把數據返回給客戶端用戶,在節點服務器看來,訪問的節點服務器的客戶端用戶就是反向代理服務器了,而非真實的網站訪問用戶
摘取自:https://www.liuliya.com/archive/694.html
7.創建負載均衡服務器lb01: