创建负载均衡服务器lb01:
# optimization by onekey
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash
useradd oldboy
\cp /etc/sudoers /etc/sudoers.bak
echo "oldboy ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
tail -l /etc/sudoers
visudo -c
echo ‘export TMOUT=1800‘ >> /etc/profile
echo ‘export HISTSIZE=5‘ >> /etc/profile
echo ‘export HISTFILESIZE=5‘ >> /etc/profile
. /etc/profile
echo ‘* - nofile 65535‘ >> /etc/security/limits.conf
echo ">/etc/udev/rules.d/70-persistent-net.rules" >>/etc/rc.local
#about selinux
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdv_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
#set ip and hosts for lb01
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.5
NETSK=255.255.255.0
GATEWAY=10.0.0.2
nameserver=202.96.128.86
EOF
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=172.16.1.5
NETSK=255.255.255.0
EOF
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
HOSTNAME=lb01
EOF
hostname lb01
cat >/etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web02
172.16.1.8 web01
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.51 db01
172.16.1.61 m01
EOF
#/etc/init.d/network reload
#make some dir
mkdir -p /server/scripts /server/tools /application
reboot
====================================================================================================
#yum repo and epel
yum -y install wget
\cp /etc/yum.repos.d/CentOS-Base.repo{,.backup}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum clean all
yum makecache
#setup some tools and develpment
yum -y install lrzsz nmap tree dos2unix nc wget
yum groupinstall -y "Base" "Compatibility libraries" "Debugging Tools" "Development tools"
#set ntp cron
echo ‘#time sync by NTP Server at 20170608‘ >>/var/spool/cron/root
echo ‘*/5 * * * * /usr/sbin/ntpdate 172.16.1.61 >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l
#tar configs for every server rsync to backup
#install rsync
yum -y install rsync
#create passwordfile
echo "oldboy" >/etc/rsync.password
chmod 600 /etc/rsync.password
cat >/server/scripts/bak.sh <<EOF
#!/bin/sh
##create by 20has at 2017-5-18
IP=\$(ifconfig eth1|awk -F "[ :]+" ‘NR==2{print \$4}‘)
TIME=\$(date +%F)
mkdir -p /backup/\$IP
cd / && \
tar -zcf /backup/\$IP/\$TIME.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables
md5sum /backup/\$IP/\$TIME.tar.gz >/backup/\$IP/flag.log
rsync -az /backup/ rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
#del
find /backup -type f -name "*.tar.gz" -mtime +7 |xargs rm -f
EOF
#add cron to rsync backup
echo ‘#add cron to rsync backup at 20170608‘ >>/var/spool/cron/root
echo ‘00 00 * * * /bin/sh /server/scripts/bak.sh &>/dev/null‘ >>/var/spool/cron/root
crontab -l
#setup nginx
yum -y install gcc gcc-c++ ncurses-devel perl openssl openssl-devel pcre pcre-devel
cd /server/tools
tar -zxf nginx-1.6.3.tar.gz
cd nginx-1.6.3
useradd www -u888 -s /sbin/nologin -M
./configure --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --prefix=/application/nginx-1.6.3/
make
make install
ln -s /application/nginx-1.6.3/ /application/nginx
#config nginx
cd /application/nginx/conf
#egrep -v "#|^$" nginx.conf.default >nginx.conf
cat >nginx.conf <<EOF
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
ip_hash;
server 10.0.0.7 weight=1;
server 10.0.0.8 weight=1;
}
server {
listen 80;
server_name www.etiantian.org etiantian.org;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
location / {
root html;
index index.html index.htm;
proxy_pass http://www_server_pools;
}
}
}
EOF
../sbin/nginx -t
../sbin/nginx
#../sbin/nginx -s reload
lsof -i :80
#test lb01
#for n in `seq 10`;do curl 172.16.1.5;sleep 1;done
#setup keepalive
yum -y install keepalived
cat >/etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
notification_email {
a@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
EOF
/etc/init.d/keepalived start
/etc/init.d/keepalived restart
echo "/etc/init.d/keepalived start" >>/etc/rc.local
sleep 2
ip addr |grep 10.0.0.3
1.1 负载均衡产品介绍
开源集群软件:Nginx(七层负载均衡),LVS(纯四层负载均衡),Haproxy(七层和四层负载均衡),Keepalived(轻量),Heartbeat(控制VIP和资源) 商业集群硬件:F5,Netscaler。Radware,A10等,工作模式相当于haproxy的工作模式
当企业业务重要,技术力量薄弱,并且希望出钱购买产品及获取更好的服务时,可以选择硬件负载均衡产品,如F5,Netscaler,Radware等;
对于门户网站来说,大多会并用软件及硬件产品来分担单一产品的风险;
中小型互联网企业,由于起步阶段无利润可赚或者利润很低,会希望通过使用开源免费的方案来解决问题;
商业的负载均衡产品成本高,性能高,更稳定,缺点是不能是二次开发,开源的负载均衡软件对运维人员的能力要求较高,如果运维及开发能力强,那么开源软件的负载均衡是不错的选择,目前的互联网行业更偏向使用开源的负载均衡软件。
1.2 如何选择开源集群软件产品
中小企业互联网公司网站并发访问和总访问量不是很大的情况下,建议首选Nginx负载均衡,理由是Nginx负载均衡配置简单,使用方便,安全稳定,社区活跃,使用的人逐渐增多,曾流行趋势,另外一个实现负载均衡的类似产品为haproxy。 如果要考虑Nginx负载均衡的高可用功能,建议首选keepalived软件,理由是安装、配置简单、使用方便、安全稳定,和keepalived服务类似的高可用软件还有heartbeat
如果是大型企业互联网公司,负载均衡产品可以使用LVS+keepalived在前端做四层转发(一般是主备或主主,如果需要扩展可以使用DNS或前端使用OSPF),后端使用Nginx或Haproxy做7层转发(可以扩展到百台),再后面是应用服务器
如果是数据库和存储服务的复杂均和高可用,建议选择LVS+heartbeat,LVS支持tcp转发且dr模式效率很高,heartbeat可以配合drbd,不但可以进行VIP的切换,还可以支持块设备级别的数据同步(drbd),以及资源服务的管理。
1.4 反向代理与负载均衡
Nginx仅仅是作为Nginx Proxy反向代理使用的,因为这个反向代理功能表现的效果是负载均衡集群的效果
负载均衡是对请求数据包的转发(也可能会改写)、传递,其中LVS的DR模式明显特征是从负载均衡下面的节点服务器来看,接收到的请求还是来自访问负载均衡器的客户端的真实用户
反向代理接收访问用户的请求后,会代理用户重新发起请求代理下的节点服务器,最后把数据返回给客户端用户,在节点服务器看来,访问的节点服务器的客户端用户就是反向代理服务器了,而非真实的网站访问用户
摘取自:https://www.liuliya.com/archive/694.html
原文地址:http://20has.blog.51cto.com/7080856/1954083