Linux负载均衡(LB)集群
2013-10-15
实验拓扑图
实验环境:
pip :172.16.7.55
sip :172.16.7.56
VIP:172.16.7.59
rip1:172.16.7.53
rip2:172.16.7.54
存储:172.16.7.51
客户端:172.16.7.58
一、存储:
# tgtadm --lld iscsi --mode target --op show
Target 1: iqn.2013-10.com.uplooking.storage:s10g
System information:
Driver: iscsi
State: ready
I_T nexus information:
I_T nexus: 1
Initiator: iqn.1994-05.com.redhat:bd36fb2ee871
Connection: 0
IP Address: 172.16.7.53
LUN information:
LUN: 0
Type: controller
SCSI ID: IET00010000
SCSI SN: beaf10
Size: 0 MB
Online: Yes
Removable media: No
Backing store type: rdwr
Backing store path: None
LUN: 1
Type: disk
SCSI ID: IET00010001
SCSI SN: beaf11
Size: 10010 MB
Online: Yes
Removable media: No
Backing store type: rdwr
Backing store path: /dev/sda7
Account information:
ACL information:
ALL
二、搭建LB集群
---pip/sip---
#yum install piranha -y
#yum install elinks -y
#elinks --dump http://172.16.7.53
#echo $0?
0
#elinks --dump http://172.16.7.54
#echo $0?
0//鉴定服务是否正常开启
#vi /etc/sysctl.conf//打开路由转发功能
net.ipv4.ip_forward=1
#sysctl -p
---pip---
#piranha-passwd
New Password:
Verify:
Adding password for user piranha
# /etc/init.d/piranha-gui start
Starting piranha-gui:[OK]
#firefox http://172.16.7.55:3636
图1
图2
图3
图4
图5
图6
图7
图8
图9
图10
确定配置文件已经生成,开启pulse服务,查看状态,将配置文件拷贝给sip:
#less /etc/sysconfig/ha/lvs.cf
#/etc/init.d/pulse start
#ipvsadm -L -n
#cp /etc/sysconfig/ha/lvs.cf sip:/etc/sysconfig/ha
-----------rip1/rip2-------------------
#pwd
/bin
#vi realip-arptables.sh
----------------------------
#!/bin/bash
VIP=172.16.7.59
RIP=172.16.7.53//在rip2上RIP=172.16.7.54
arptables -F
arptables -A IN -d $VIP -j DROP
arptables -A OUT -s $VIP -j mangle --mangle-ip-s $RIP
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:1
#sysctl -p
#end
----------------------------
#chmod +x realip-arptables.sh
#./realip-arptables.sh
---pip/sip---
#ipvsadm -L -n
三、创建https证书,实现https方式访问:
# openssl genrsa 1024 > web.key
Generating RSA private key, 1024 bit long modulus
....................++++++
............................................++++++
e is 65537 (0x10001)
# opebssl req -new -key web.key -days 365 -out
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:liaoning
Locality Name (eg, city) [Newbury]:shenyang
Organization Name (eg, company) [My Company Ltd]:uplooking
Organizational Unit Name (eg, section) []:student
Common Name (eg, your name or your server's hostname) []:node1.uplooking.com
Email Address []:[email protected]
# openssl ca -in web.csr -out web.crt
Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key ../../CA/private/cakey.pem
8338:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('../../CA/private/cakey.pem','r')
8338:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
# vim /etc/pki/tls/openssl.cnf
45 dir= /etc/pki/CA
# openssl ca -in web.csr -out web.crt
Using configuration from /etc/pki/tls/openssl.cnf
Error opening CA private key /etc/pki/CA/private/cakey.pem
8432:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/CA/private/cakey.pem','r')
8432:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
# openssl genrsa 1024 > /etc/pki/CA/private/cakey.pem
Generating RSA private key, 1024 bit long modulus
.............++++++
.....++++++
e is 65537 (0x10001)
# openssl ca -in web.csr -out web.crt
Error opening CA certificate /etc/pki/CA/cacert.pem
8540:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/CA/cacert.pem','r')
8540:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load certificate
# openssl req -new -key /etc/pki/CA/private/cakey.pem -days 3650 -x509 -out /etc/pki/CA/cacert.pem
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:liaoning
Locality Name (eg, city) [Newbury]:shenyang
Organization Name (eg, company) [My Company Ltd]:uplooking
Organizational Unit Name (eg, section) []:student
Common Name (eg, your name or your server's hostname) []:node1.uplooking.com
Email Address []:[email protected]
# openssl ca -in web.csr -out web.crtUsing configuration from /etc/pki/tls/openssl.cnf
I am unable to access the /etc/pki/CA/newcerts directory
/etc/pki/CA/newcerts: No such file or directory
# mkdir /etc/pki/CA/newcerts
# openssl ca -in web.csr -out web.crt
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/index.txt: No such file or directory
unable to open '/etc/pki/CA/index.txt'
8719:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/CA/index.txt','r')
8719:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
# touch /etc/pki/CA/index.txt
# openssl ca -in web.csr -out web.crt
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/serial: No such file or directory
error while loading serial number
8756:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/pki/CA/serial','r')
8756:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
# echo 00 > /etc/pki/CA/serial
# openssl ca -in web.csr -out web.crt
----------->y----------->y
# yum install mod_ssl -y
112 SSLCertificateFile /etc/pki/tls/certs/web.crt
119 SSLCertificateKeyFile /etc/pki/tls/private/web.key
# cp web.csr /etc/pki/tls/certs/
# cp web.key /etc/pki/tls/private/
service httpd start
netstat -antup | grep :443
四、在Realserver端测试,查看dr模式的负载均衡是否生效:
#yum install mod_ssl -y
#vim /etc/httpd/conf.d/ssl.conf
# ./realip-arptables.sh
# ifconfig
# yum install iscsi-initiator-utils -y
# service iscsi start
# iscsiadm -m discovery -t st -p 172.16.7.51
# iscsiadm -m discovery -t st -p 172.16.7.51 -l
# fdisk -l
看到加入到系统内一块磁盘
格式化并挂载到/var/www/html/目录下
# parprobe /dev/sda
# mount /dev/sda /var/www/html
写入内容通过https://172.16.7.59并刷新查看到,至此实验成功。
总结:由我组成员热心参与,主动讨论,通力合作成功完成本次集群综合实验,通过实验我们知道了集群、存储、服务的综合应用,对于https服务有了更深理解,同时认识到了团队协作意识的重要性。至于在实验中的疏忽之处,我们将会继续改进。谢谢!