实验部署..

实验思路

使用ansible搭建两台LNMP，使用iSCSI服务给两个LNMP创建远程的共享存储空间，之后两台LNMP做rsync+inotifiy远程同步，两个LNMP使用keepalived负载均衡，为了防止负载的单点故障加两个keepalived(主从)，反向代理使用varnish代理，透明代理使用squid代理。

                                           
主机IP：

redis:192.168.1.4
客户端：192.168.2.10
透明代理：192.168.1.1、192.168.2.1
反向代理：192.168.1.10
ansible：192.168.1.100
ISCSI：192.168.1.200
lnmp1：192.168.1.2 漂移IP：192.168.1.250
lnmp2：192.168.1.3 漂移IP：192.168.1.250
负载1：192.168.1.21
负载2：192.168.1.22

使用ansible安装lnmp

搭建ansible

创建目录，将所需软件包拖入创号的文件中

[root@localhost ~]# mkdir /root/app
# 转换格式
[root@localhost ~]# createrepo /root/app

建立yum源，

[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]#  vim ansible.repo
[root@localhost yum.repos.d]# cat ansible.repo
[ansible]
name=ansible
baseurl=file:///root/app
enable=1
gpgcheck=0
[root@localhost yum.repos.d]# yum -y install ansible

在安装好ansible之后，我们使用ssh建立连接，做免密登录

# 生成密钥，回车即可
[root@localhost yum.repos.d]# ssh-keygen

密钥在/root/.ssh/目录下

[root@localhost yum.repos.d]# cd /root/.ssh/
[root@localhost .ssh]# ls
# _rsa为私钥，_rsa.pub为公钥
id_rsa  id_rsa.pub

将公钥传递给指定PC

[root@localhost .ssh]# ssh-copy-id root@192.168.1.2

客户端接收到公钥

[root@localhost ~]# cd /root/.ssh/
[root@localhost .ssh]# ls
authorized_keys

服务器登录客户端，便不需要密码就可登录

# 登录进去后，不执行操作要退出
[root@localhost .ssh]# ssh root@192.168.1.2
Last login: Tue Jul  7 06:19:56 2020
[root@localhost ~]# exit
登出
Connection to 192.168.1.2 closed.

添加主机清单

[root@localhost .ssh]# cd /etc/ansible/
[root@localhost ansible]# vim hosts 

编辑文件

# 在文件最后一行添加内容，这里写入了两个清单，可以写入IP，也可以写入域名
[oneserver]
192.168.1.2
192.168.1.3
192.168.1.4

给客户端搭建Nginx

[root@localhost ~]# yum -y install tree
# 创建nginx安装角色的使用目录
[root@localhost ~]# cd /etc/ansible/roles/
[root@localhost roles]# mkdir nginx
[root@localhost roles]# cd nginx/
[root@localhost nginx]# mkdir files
[root@localhost nginx]# mkdir vars
[root@localhost nginx]# mkdir tasks
[root@localhost nginx]# mkdir templates
[root@localhost nginx]# mkdir handlers
# 复制所需要的普通文件
[root@localhost nginx]# cd files/
[root@localhost files]# cp /root/nginx-1.6.2.tar.gz ./
[root@localhost files]# cp /root/index.html ./
[root@localhost files]# tree
.
├── index.html
└── nginx-1.6.2.tar.gz
# 写入触发器
[root@localhost files]# cd ..
[root@localhost nginx]# cd handlers/
[root@localhost handlers]# vim main.yaml
---
    - name: restart service
      shell: killall -9 nginx && nginx
# 编辑配置文件     
[root@localhost handlers]# cd ../templates/
[root@localhost templates]# cp /usr/local/nginx/conf/nginx.conf ./nginx.conf.j2
[root@localhost templates]# ls
nginx.conf.j2
[root@localhost templates]# vim nginx.conf.j2 
# 修改以下内容，根据所需，自行设置
user  nginx;
worker_processes  1;

#error_log  logs/error.log;
error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;
[root@localhost vars]# cd ../tasks/
[root@localhost tasks]# vim main.yaml
---
    - name: yum install package
      yum: name=pcre-devel,gcc*,zlib,zlib-devel,openssl-devel state=installed
    - name: copy package
      copy: src=nginx-1.6.2.tar.gz dest=/usr/src/nginx-1.6.2.tar.gz
    - name: tar package
      shell: cd /usr/src && tar -zxf nginx-1.6.2.tar.gz
    - name: add user
      user: name=nginx shell=/sbin/nologin
    - name: set package
      shell: cd /usr/src/nginx-1.6.2 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_spdy_module --with-http_stub_status_module --with-pcre && make && make install
    - name: link
      file: src=/usr/local/nginx/sbin/nginx state=link path=/usr/local/sbin/nginx
    - name: copy index.html
      copy: src=index.html dest=/usr/local/nginx/html/index.html
    - name: copy conf
      template: src=nginx.conf.j2 dest=/usr/local/nginx/conf/nginx.conf
      notify: restart service
    - name: start service
      shell: nginx
[root@localhost tasks]# cd ..
[root@localhost nginx]# tree
.
├── files
│?? ├── index.html
│?? └── nginx-1.6.0.tar.gz
├── handlers
│?? └── main.yaml
├── tasks
│?? └── main.yaml
├── templates
│?? └── nginx.conf.j2
└── vars
[root@localhost nginx]# cd ../..
[root@localhost ansible]# vim site.yaml  
# 文件中填入下面内容
---
    - hosts: oneserver
      remote_user: root

      roles:
        - nginx
# 安装     
[root@localhost ansible]# ansible-playbook site.yaml
PLAY [oneserver] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.1.2]
ok: [192.168.1.3]
ok: [192.168.1.4]

TASK [nginx : yum install package] *********************************************
changed: [192.168.1.2]
changed: [192.168.1.3]
changed: [192.168.1.4]

......

PLAY RECAP *********************************************************************
192.168.1.2                : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.3               : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.4                : ok=11   changed=10   unreachable=0    failed=0   

安装MySQL

[root@localhost ansible]# mkdir roles/mysql
[root@localhost ~]# cd /etc/ansible/roles/mysql/
# 创建角色所需目录
[root@localhost mysql]# mkdir files
[root@localhost mysql]# mkdir vars
[root@localhost mysql]# mkdir tasks
[root@localhost mysql]# mkdir templates
[root@localhost mysql]# mkdir handlers
[root@localhost mysql]# cd files/
[root@localhost files]# cp /root/mysql-5.5.22.tar.gz ./
[root@localhost files]# cd ../tasks/
# 这里要用到一个小命令"ignore_errors"异常处理，报错时可以不中断
[root@localhost tasks]# vim main.yaml
---
    - name: yum install package
      yum: name=gcc*，ncurses-devel，bison，cmake state=installed
    - name: copy package
      copy: src=mysql-5.5.22.tar.gz dest=/usr/src/mysql-5.5.22.tar.gz
    - name: tar package
      shell: cd /usr/src && tar -zxf mysql-5.5.22.tar.gz
    - name: set package
      shell: cd /usr/src/mysql-5.5.22 && cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DSYSCONFDIR=/etc/ -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_EXTRA_CHARSETS=all && make && make install
    - name: link
      shell: ln -s /usr/local/mysql/bin/* /usr/local/bin
      ignore_errors : yes
    - name: user
      user: name=mysql shell=/sbin/nologin
    - name: chown
      file: path=/usr/local/mysql  owner=mysqlr group=mysql
      shell: chown -R mysql:mysql /usr/local/mysql
    - name: rm
      shell: rm -rf /etc/my.cnf
    - name: copy
      shell: cp /usr/local/mysql/support-files/my-medium.cnf /etc/my.cnf
    - name: a
      shell: cd /usr/local/mysql/ && scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
    - name: cd
      shell: cd /usr/local/mysql
    - name: echo
      shell: echo "PATH=$PATH:/usr/local/mysql/bin" >> /etc/profilea
    - name: start
      shell: source /etc/profile
    - name: copy
      shell: cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mysqld
    - name: chmod
      shell: chmod +x /etc/rc.d/init.d/mysqld
    - name: chkconfig
      shell: chkconfig --add mysqld
    - name: restart services
      shell: systemctl restart mysqld
[root@localhost mysql]# cd ../..
[root@localhost ansible]# vim site.yaml
# 修改为执行角色为mysql
[root@localhost ansible]# ansible-playbook site.yaml
PLAY [oneserver] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.1.2]
ok: [192.168.1.3]
ok: [192.168.1.4]

TASK [mysql : yum install package] *********************************************
changed: [192.168.1.2]
changed: [192.168.1.3]
changed: [192.168.1.4]

......

PLAY RECAP *********************************************************************
192.168.1.2                : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.3               : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.4                : ok=11   changed=10   unreachable=0    failed=0   

安装PHP

[root@localhost ~]# cd /etc/ansible/roles/
[root@localhost roles]# mkdir php
[root@localhost roles]# cd nginx/
[root@localhost php]# mkdir files
[root@localhost php]# mkdir vars
[root@localhost php]# mkdir tasks
[root@localhost php]# mkdir templates
[root@localhost php]# mkdir handlers
[root@localhost php]# cd files/
[root@localhost files]# cp /root/php-5.3.25.tar.gz ./
[root@localhost files]# cd ../tasks/
[root@localhost tasks]# vim main.yaml
  - name: copy
      copy: src=php-5.3.28.tar.gz dest=/usr/src/php-5.3.28.tar.gz
    - name: tar package
      shell: cd /usr/src && tar -zxf php-5.3.28.tar.gz
    - name: set package
      shell: cd /usr/src/php-5.3.28 && ./configure --prefix=/usr/local/php --with-gd --with-zlib --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-config-file-path=/usr/local/php --enable-fpm --enable-mbstring --with-jpeg-dir=/usr/lib && make && make install
    - name: kaobei
      shell: cp /usr/src/php-5.3.28/php.ini-development /usr/local/php/php.ini
    - name: kb
      template: src=php.ini.j2 dest=/usr/local/php/php.ini
    - name: kb
      shell: cp /usr/src/php-5.3.28/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
    - name: gaiming
      shell: cd /usr/local/php/etc/ && cp php-fpm.conf.default php-fpm.conf
    - name: geiquanxian
      shell: chmod +x /etc/init.d/php-fpm
    - name: q
      shell: chkconfig --add php-fpm
    - naem: kb
      template: src=php-fpm.conf.j2 dest=/usr/local/php/etc/php-fpm.conf
    - name: start service
      shell: systemctl restart php-fpm
[root@localhost php]# cd ../..
[root@localhost ansible]# vim site.yaml
# 修改为执行角色为php
[root@localhost ansible]# ansible-playbook site.yaml
PLAY [oneserver] ***************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.1.2]
ok: [192.168.1.3]
ok: [192.168.1.4]

TASK [php : yum install package] *********************************************
changed: [192.168.1.2]
changed: [192.168.1.3]
changed: [192.168.1.4]

......

PLAY RECAP *********************************************************************
192.168.1.2                : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.3               : ok=11   changed=10   unreachable=0    failed=0   
192.168.1.4                : ok=11   changed=10   unreachable=0    failed=0     

使用iSCSI服务

lnmp安装完成后，安装iSCSI，设置两个lnmp的共享存储空间

制作LVS的共享

服务器上创建逻辑卷

[root@localhost ~]# systemctl enable target
[root@localhost ~]# systemctl start target
[root@localhost ~]# fdisk /dev/sdb
   设备 Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    20973567    10485760   83  Linux
/dev/sdb2        20973568    41943039    10484736   83  Linux

[root@localhost ~]# pvcreate /dev/sdb1 /dev/sdb2
[root@localhost ~]# vgcreate vg /dev/sdb1 /dev/sdb2
[root@localhost ~]# lvcreate -L 1G -n lv /dev/vg

创建共享

# 进入交互界面
[root@localhost ~]#  targetcli
# 创建块设备
/> backstores/block/ create lvm /dev/mapper/vg-lv 
# 创建名称
/> iscsi/ create iqn.2020-07.com.server.www:lvm
# 创建访问时允许访问的名称
/> iscsi/iqn.2020-07.com.server.www:lvm/tpg1/acls create iqn.2020-07.com.client.www:client1
/> iscsi/iqn.2020-07.com.server.www:lvm/tpg1/acls create iqn.2020-07.com.client.www:client2
# 与块设备建立连接
/> iscsi/iqn.2020-07.com.server.www:lvm/tpg1/luns create /backstores/block/lvm 
# 删除原有指定的端口
/> iscsi/iqn.2020-07.com.server.www:lvm//tpg1/portals/ delete 0.0.0.0 3260
# 建立新的监听端口
/> iscsi/iqn.2020-07.com.server.www:lvm/tpg1/portals create 192.168.1.200 3260
/> saveconfig

# ls查看时，会看到刚刚的配置信息
  /> ls
o- / ..................................................................... [...]
  o- backstores .......................................................... [...]
  | o- block .............................................. [Storage Objects: 1]
  | | o- lvm ................. [/dev/mapper/vg-lv (1.0GiB) write-thru activated]
  | |   o- alua ............................................... [ALUA Groups: 1]
  | |     o- default_tg_pt_gp ................... [ALUA state: Active/optimized]
  | o- fileio ............................................. [Storage Objects: 0]
  | o- pscsi .............................................. [Storage Objects: 0]
  | o- ramdisk ............................................ [Storage Objects: 0]
  o- iscsi ........................................................ [Targets: 1]
  | o- iqn.2020-07.com.server.www:lvm ................................ [TPGs: 1]
  |   o- tpg1 ........................................... [no-gen-acls, no-auth]
  |     o- acls ...................................................... [ACLs: 2]
  |     | o- iqn.2020-07.com.client.www:client1 ............... [Mapped LUNs: 1]
  |     | | o- mapped_lun0 ............................... [lun0 block/lvm (rw)]
  |     | o- iqn.2020-07.com.client.www:client2 ............... [Mapped LUNs: 1]
  |     |   o- mapped_lun0 ............................... [lun0 block/lvm (rw)]
  |     o- luns ...................................................... [LUNs: 1]
  |     | o- lun0 ........... [block/lvm (/dev/mapper/vg-lv) (default_tg_pt_gp)]
  |     o- portals ................................................ [Portals: 1]
  |       o- 192.168.1.200:3260 ........................................... [OK]
  o- loopback ..................................................... [Targets: 0]

两台LNMP连接ISCSI

LNMP-1：

# 配置内容
[root@localhost ~]# vim /etc/iscsi/initiatorname.iscsi 
# 加入修改以下内容
InitiatorName=iqn.2020-07.com.client.www:client1
[root@localhost ~]# systemctl start iscsid 
[root@localhost ~]# systemctl enable iscsid 
# 查找存储对外提供的逻辑卷
[root@localhost ~]# iscsiadm -m discovery -p 192.168.1.200:3260 -t sendtargets
192.168.1.200:3260,1 iqn.2020-07.com.client.www：lvm
# 映射逻辑卷到Linux系统中
[root@localhost ~]# iscsiadm -m node -T iqn.2020-07.com.server.www:lvm -l
Logging in to [iface: default, target: iqn.2020-07.com.server.www:lvm, portal: 192.168.1.200,3260] (multiple)
Login to [iface: default, target: iqn.2020-07.com.server.www:lvm, portal: 192.168.1.200,3260] successful.
# 使用fdisk查看
[root@localhost ~]# fdisk -l
# 主机上多了一块sdb硬盘
磁盘 /dev/sdb：1073 MB, 1073741824 字节，2097152 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理)：512 字节 / 512 字节
I/O 大小(最小/最佳)：512 字节 / 4194304 字节

LNMP-2：
操作与1的相同，只有一步不同，其余的操作相同

[root@localhost ~]# vim /etc/iscsi/initiatorname.iscsi 
# 加入修改以下内容
InitiatorName=iqn.2020-07.com.client.www:client2

当在两个LNMP上添加好空间后，可以将

对远程硬盘的使用

挂载共享磁盘

[root@localhost ~]# mkfs.xfs /dev/sdb
meta-data=/dev/sdb               isize=512    agcount=4, agsize=327680 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=1310720, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@localhost ~]# mkdir /kkk
# 永久挂载
[root@localhost ~]# vim /etc/fstab 
# 最后一行加入内容
/dev/sdb        /kkk     xfs     defaults,_netdev 0 0
[root@localhost ~]# mount -a
[root@localhost dev]# df -Th /kkk/
文件系统       类型  容量  已用  可用 已用% 挂载点
/dev/sdb       xfs  1014M   33M  982M    4% /kkk

更改站点根目录，创建共享文件

两台主机操作一样

[root@localhost kkk]# vim /usr/local/nginx/conf/nginx.conf
# 找到并更改以下内容
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            root           /kkk;
            fastcgi_pass   192.168.1.2:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi.conf;
        }

LNMP-1

# 在LNMP-1中创建共享php页面文件
[root@localhost kkk]# ls
index.php
[root@localhost kkk]# cat /kkk/index.php
<?php
        echo "success connect";
?>

LNMP-2

# LNMP-2重新挂载，会得到LNMP-1的php页面文件
[root@localhost ~]# umount /kkk/
[root@localhost ~]# mount -a
[root@localhost ~]# cat /kkk/index.php 
<?php
        echo "success connect";
?>

两台LNMP搭建rsync+inotify

# LNMP-1主机对LNMP-2主机做免密登录
[root@localhost ~]#  ssh-keygen
[root@localhost ~]#  ssh-copy-id root@192.168.1.3
# LNMP-2主机对LNMP-1主机做免密登录
[root@localhost ~]#  ssh-keygen
[root@localhost ~]#  ssh-copy-id root@192.168.1.2

两台LNMP安装都执行以下过程

[root@localhost ~]# tar -zxf inotify-tools-3.14.tar\(1\)\(1\).gz -C /usr/src
[root@localhost ~]# cd /usr/src/inotify-tools-3.14/
[root@localhost inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify && make && make install
[root@localhost inotify-tools-3.14]# ln -s /usr/local/inotify/bin/* /usr/local/bin/

LNMP-1

[root@localhost ~]# mkdir /ftp
# 修改
[root@localhost ~]# vim /etc/rsyncd.conf
port = 873   
address = 192.168.1.2  
uid = root   
gid = root   
use chroot = no    
max connections = 0  
pid file = /var/run/rsyncd.pid   
exclude = lost+found/   
transfer logging = yes   
log file = /var/lib/rsyncd.log    
timeout = 900   
ignore nonreadable = yes  
dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2     

[ftp]     
        path = /ftp  
        comment = ftp  
        read only = no   

[root@localhost ~]# systemctl restart rsyncd
[root@localhost ~]# netstat -anput | grep 873
tcp        0      0 192.168.1.2:873        0.0.0.0:*               LISTEN      92644/rsync

```bash
[root@localhost ~]# vim rsync.sh
#!/bin/bash     
/usr/local/bin/inotifywait -mrq --format %w%f -e create,delete,close_write /ftp | while read file    
do
if [ -f $file ];then
    rsync -a --delete $file root@192.168.1.3:/ftp1
else
    rsync -a --delete /ftp/ root@192.168.1.3:/ftp1
fi
done

[root@localhost /]# chmod +x rsync.sh 
[root@localhost /]# ./rsync.sh &
[1] 92944

LNMP-2

[root@localhost ~]# mkdir /ftp1
# 修改
[root@localhost ~]# vim /etc/rsyncd.conf
port = 873   
address = 192.168.1.3 
uid = root   
gid = root   
use chroot = no    
max connections = 0  
pid file = /var/run/rsyncd.pid   
exclude = lost+found/   
transfer logging = yes   
log file = /var/lib/rsyncd.log    
timeout = 900   
ignore nonreadable = yes  
dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2     

[ftp]     
        path = /ftp1  
        comment = ftp1  
        read only = no   

[root@localhost ~]# systemctl restart rsyncd
[root@localhost ~]# netstat -anput | grep 873
tcp        0      0 192.168.1.3:873        0.0.0.0:*               LISTEN      89486/rsync

```bash
[root@localhost ~]# vim rsync.sh
#!/bin/bash     
/usr/local/bin/inotifywait -mrq --format %w%f -e create,delete,close_write /ftp1 | while read file    
do
if [ -f $file ];then
    rsync -a --delete $file root@192.168.1.2:/ftp
else
    rsync -a --delete /ftp1/ root@192.168.1.2:/ftp
fi
done

[root@localhost /]# chmod +x rsync.sh 
[root@localhost /]# ./rsync.sh &
[1] 89780

验证：

# LNMP-1
[root@localhost ~]# cd /ftp/
[root@localhost ftp]# touch w
# LNMP-2
[root@localhost ftp1]# ls
w

keepalived。

两台服务器写入虚拟IP
两台LNMP执行以下操作

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cp ifcfg-lo ifcfg-lo:0
[root@localhost network-scripts]# vim ifcfg-lo:0
DEVICE=lo:0
IPADDR=192.168.1.250
NETMASK=255.255.255.255
NAME=lo
[root@localhost network-scripts]# systemctl restart network
# 使用路由转发
[root@localhost network-scripts]# vim /etc/sysctl.conf 
[root@localhost network-scripts]# sysctl -p
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
[root@localhost network-scripts]# route add -host 192.168.1.250 dev lo:0

# 加载模块
[root@localhost ~]# modprobe ip_vs
[root@localhost ~]# yum -y install ipvsadm
[root@localhost ~]# yum -y install popt-devel kernel-devel openssl-devel
[root@localhost ~]# tar -zxf keepalived-1.2.13.tar.gz -C /usr/src/
[root@localhost ~]# cd /usr/src/keepalived-1.2.13/
[root@localhost keepalived-1.2.13]# ./configure --prefix=/ --with-kernel-dir=/usr/src/kernel && make && make install
[root@localhost keepalived-1.2.13]# echo $?
0
# 文件备份
[root@localhost keepalived-1.2.13]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.bak
[root@localhost keepalived-1.-2.13]# vim /etc/keepalived/keepalived.conf 
vrrp_instance VI_1 {  
    state MASTER    
    interface ens33  
    virtual_router_id 51  
    priority 100    
    advert_int 1     
    authentication {    
        auth_type PASS   
        auth_pass 1111   
    }
    virtual_ipaddress { 
        192.168.1.250
    }
}
# 删除源文件之下的所有内容，然后重新加入新的配置
virtual_server 192.168.1.250 80 {
    delay_loop 6  
    lb_algo rr     
    lb_kind DR    
    nat_mask 255.255.255.0   
    persistence_timeout 0    
    protocol TCP    
    
    real_server 192.168.1.2 80 {    
        weight 1   
        connect_port 80    
        connect_timeout 3      
        nb_get_retry 3   
        delay_before_retry 3    
    }
    real_server 192.168.1.3 80 {
        weight 1
        connect_port 80
        connect_timeout 3
        nb_get_retry 3
        delay_before_retry 3
    }
}
[root@localhost keepalived-1.2.13]# scp /etc/keepalived/keepalived.conf  root@192.168.1.22:/etc/keepalived/keepalived.conf 

第二台keepalived

[root@localhost keepalived-1.2.13]# vim /etc/keepalived/keepalived.conf 
    state BACKUP  
    interface ens32    
    priority 90    
[root@localhost keepalived-1.2.13]# service keepalived start
Reloading systemd:                                         [  OK  ]
Starting keepalived (via systemctl):                       [  OK  ]
[root@localhost keepalived-1.2.13]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.1.250:80 rr
  -> 192.168.1.2:80               Route   1      0          0         
  -> 192.168.1.3:80               Route   1      0          0         


[root@localhost keepalived-1.2.13]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:37:0a:4e brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.22/24 brd 192.168.1.255 scope global ens33

客户端验证：

[root@localhost ~]# curl 192.168.1.250
kkkkk
[root@localhost ~]# curl 192.168.1.250
aaaaaaaxczxc

把keepalived1上面的网卡down掉    漂移ip就会在从上面
[root@localhost keepalived-1.2.13]# ifconfig ens33 down

透明代理

# 在ens33文件中写入IP
IPADDR0=192.168.1.1
NETMASK0=255.255.255.0
IPADDR1=192.168.2.1
NETMASK1=255.255.255.0
[root@localhost ~]# systemctl restart network

安装squid

[root@localhost ~]# yum -y install gcc*
[root@localhost ~]# tar -zxf squid-3.4.6.tar.gz -C /usr/src/
cd[root@localhost ~]# cd /usr/src/squid-3.4.6/
[root@localhost squid-3.4.6]# ./configure --prefix=/usr/local/squid --sysconfdir=/etc/ --enable-arp-acl --enable-linux-netfilter --enable-linux-tproxy --enable-async-io=100 --enable-err-language="Simplicy-Chinese" --enable-underscore --enable-poll --enable-gnuregex
[root@localhost squid-3.4.6]# make && make install
[root@localhost squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[root@localhost squid-3.4.6]# ln -s /usr/local/squid/bin/* /usr/local/bin/
[root@localhost squid-3.4.6]# useradd -M -s /sbin/nologin squid   
[root@localhost squid-3.4.6]# chown -R squid:squid /usr/local/squid/var/    
[root@localhost squid-3.4.6]# chmod -R 757 /usr/local/squid/var/    

[root@localhost squid-3.4.6]# vim /etc/sysctl.conf     
net.ipv4.ip_forward = 1
[root@localhost squid-3.4.6]# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost squid-3.4.6]# vim /etc/squid.conf
# 修改以下内容
http_access allow all
http_port 192.168.2.1:3128 transparent    
[root@localhost squid-3.4.6]# vim /etc/squid.conf
[root@localhost squid-3.4.6]# squid -z 
[root@localhost squid-3.4.6]# squid  
[root@localhost squid-3.4.6]# netstat -anput | grep squid
tcp        0      0 192.168.2.1:3128        0.0.0.0:*               LISTEN      49828/(squid-1)     
udp        0      0 0.0.0.0:43059           0.0.0.0:*                           49828/(squid-1)     
udp6       0      0 :::39695                :::*                                49828/(squid-1) 
# 端口转发
[root@localhost squid-3.4.6]# iptables -t nat -A PREROUTING -p tcp --dport 80 -s 192.168.2.0/24 -i ens33 -j REDIRECT --to 3128

反向代理

安装

[root@localhost ~]# yum -y install automake autoconf libtool  pkgconfig graphviz ncurses-devel pcre-devel
# 将依赖包拖入虚拟机，然后执行以下命令,安装依赖包
[root@localhost ~]# rpm -ivh jemalloc-devel-5.2.0-1.1.x86_64.rpm --nodeps
[root@localhost ~]# rpm -ivh libedit-devel-3.0-12.20121213cvs.el7.x86_64.rpm --nodeps
[root@localhost ~]# rpm -ivh python-docutils-0.11-0.3.20130715svn7687.el7.noarch.rpm --nodeps
[root@localhost ~]# rpm -ivh python-Sphinx-1.6.5-3.10.1.noarch.rpm --nodeps
[root@localhost ~]# rpm -ivh libedit-3.0-12.20121213cvs.el7.x86_64.rpm --nodeps
[root@localhost ~]# tar -zxf varnish-4.1.11.tgz -C /usr/src/
[root@localhost ~]# cd /usr/src/varnish-4.1.11/
[root@localhost varnish-4.1.11]# ./configure --prefix=/usr/local/varnish && make && make install
[root@localhost varnish-4.1.11]# ln -s /usr/local/varnish/sbin/* /usr/local/sbin/
[root@localhost varnish-4.1.11]# ln -s /usr/local/varnish/bin/* /usr/local/bin/
[root@localhost varnish-4.1.11]# cp /usr/local/varnish/share/doc/varnish/example.vcl /usr/local/varnish/default.vcl

配置反向代理

probe health {
	.url = "/";     
	.timeout = 3s;     
	.interval = 1s;     
	.window = 5;     
	.threshold = 3;     
} 
backend web {        
	.host = "192.168.1.250";       
	.port = "80";     
	.probe =  health;     
} 
sub vcl_recv {    
	set req.backend_hint = web;     
	if(req.http.X-Forwarded-For){      
	set req.http.X-Forwarded-For=req.http.X-Forwarded-For + "," + client.ip;
 }    
	else{
		set req.http.X-Forwarded-For=client.ip;    
}
		
		if(req.method != "GET" && 
		   req.method != "PUT" &&
		   req.method != "POST" &&
		   req.method != "DELETE" &&
		   req.method != "HEAD" 
		   ){
			return(pipe);    
	    }
		if(req.url ~ "\.(html|htm|png|jpg$)"){   
		   return(hash);    
}
		if(req.url ~ "\.php$"){   
		   return(pass);   
}
 		   return(hash);   
}
sub vcl_hash{      
	hash_data(req.url);    
		if(req.http.host){     
			hash_data(req.http.host);      
		} 
		else{    
			hash_data(server.ip);      
 		}
}
sub vcl_pipe{     
	return(pipe);   
}
sub vcl_pass{   
	return(fetch);   
 }
sub vcl_hit{   
	return(deliver);    
}  
sub vcl_miss{    
	return(fetch);    
 }
sub vcl_backend_response{   
	if(bereq.url ~ "\.php$"){   
		set beresp.uncacheable = true;    
			return(deliver);     
   }
	if(bereq.url ~ "\.html$"){     
		set beresp.ttl = 300s;    
    }
			return(deliver);   
} 
sub vcl_deliver{ 
	if(obj.hits >0){    
		set resp.http.X-cache = "hit~~~~";    
   }
    else{
		set resp.http.X-cache = "miss~~~~";   
}   
	return(deliver);   
}    

配置完成后，先使用该主机访问虚拟IP
访问之前，先修改nginx的index.html文件

[root@localhost varnish-4.1.11]# curl 192.168.1.250
aaaaaaaxczxc
[root@localhost varnish-4.1.11]# curl 192.168.1.250
kkkkk

访问成功后，使用客户端访问

[root@zjx-client ~]# curl 192.168.1.10
kkkkk
# 中间访问的时候又缓存，需要等短时间在访问即可
[root@zjx-client ~]# curl 192.168.1.10
aaaaaaaxczxc

创建redis集群

拖入指定包

安装

[root@localhost ~]# tar -zxf redis-4.0.6.tar.gz -C /usr/src/
[root@localhost ~]# mv /usr/src/redis-4.0.6/ /usr/local/redis
[root@localhost ~]# cd /usr/local/redis/
[root@localhost redis]# make && make install
[root@localhost redis]# vim redis.conf 
bind 192.168.2.20   
daemonize yes       
# 启动
[root@localhost redis]# redis-server /usr/local/redis/redis.conf 
# 这样子就成功了
[root@localhost redis]# redis-cli -h 192.168.1.2 -p 6379
192.168.1.2:6379> 

给php打redis让其能够连接redis

[root@localhost ~]# unzip phpredis-master.zip 
[root@localhost ~]# ln -s /usr/local/php/bin/* /usr/local/bin/
[root@localhost ~]# ln -s /usr/local/php/sbin/* /usr/local/sbin/
[root@localhost ~]# yum  -y install autoconf
[root@localhost ~]# cd phpredis-master/
[root@localhost phpredis-master]# phpize
[root@localhost phpredis-master]# ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
[root@localhost phpredis-master]# cd  /usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/
[root@localhost no-debug-non-zts-20090626]# ls
mysqli.so  redis.so

# 安装并编译完成后
[root@localhost no-debug-non-zts-20090626]# vim /usr/local/php/php.ini 
# PHP5.3.28这个版本的大约在986行
extension = redis.so
# 重启服务
[root@localhost no-debug-non-zts-20090626]# systemctl restart php-fpm
# 进去访问后，需要找到redis的模块，这样就可以了
[root@localhost no-debug-non-zts-20090626]# firefox 192.168.2.20/index.php
给mysql中创建数据
[root@localhost ~]# mysql -uroot -p
mysql> create database abc;
mysql> use abc
mysql> create table test(id int,name varchar(10));
mysql> insert into test values(1,"one"),(2,"two"),(3,"three"),(4,"four"),(5,"five");
mysql> select * from test;
mysql> grant all on abc.test to "root"@"192.168.1.2" identified by "123.com";
mysql> flush privileges;
网页：
# 我这里的访问路径在www下
[root@localhost ~]# cd /www
[root@localhost www]# vim index.php 
<?php
$redis=new Redis;
$redis->connect("192.168.1.2",6379) or die ("could not connect");
$query="select * from abc.test limit 5";
for ($key=1;$key<=5;$key++) {
        if (!$redis->get($key)) {
                $conn=mysql_connect("192.168.1.2","root","123.com");
                $result=mysql_query($query);
                while ($row=mysql_fetch_assoc($result)) {
                        $redis->set($row["id"],$row["name"]);
                }
                break;
        }
        else {
                $name="redis";
                $data[$key]=$redis->get($key);
        }
}
echo $name;
echo "<br>";
for ($key=1;$key<=5;$key++) {
        echo "id is $key";
        echo "<br>";
        echo "name is $data[$key]";
        echo "<br>";
}
?>

如果出现其他页面，刷新以下就好，如果是报错，根据报错信息查看