1、源码编译安装LNMP架构环境;
2、编写一个脚本完成以下功能:
(1)、一键搭建LNMP源码编译环境;
(2)、可通过在脚本后面跟上一些参数来自定义安装目录等其他选项。
#!/bin/bashread -p 'Please enter the installation path:' dataPathread -p 'Please enter your package path:' packagePathinstallPath=$packagePath/lamp-serverserverCount=(apr apr-util httpd mysql php xcache)log=$installPath/install.logmysqlData=/mydata/datamkdir $installPath &> /dev/nullserviceUnpack(){ tar -xjf $1 -C $installPath &>> $log && echo "Unpack the $1 success" || echo "Unpack the $1 failed" }serviceInstall(){ if [ $1 == 'apr' -a ! -e $dataPath/$1 ] then echo "Began to extract the $1 installation" cd $installPath/$1* sed -i "s/\(\> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" elif [ $1 == 'apr-util' -a ! -e $dataPath/$1 ] then echo "Began to extract the $1 installation" cd $installPath/$1* ./configure --prefix=$dataPath/$1 --with-apr=$dataPath/apr &>> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" elif [ $1 == 'httpd' -a ! -e $dataPath/$1 ] then echo "Began to extract the $1 installation" cd $installPath/$1* ./configure --prefix=$dataPath/$1 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=$dataPath/apr --with-apr-util=$dataPath/apr-util --enable-modules=most --enable-mpms-shared=all &>> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" elif [ $1 == 'mysql' -a ! -e $dataPath/$1 ] then echo "Began to extract the $1 installation" cd $installPath/$1* cmake . -DCMAKE_INSTALL_PREFIX=$dataPath/mysql -DMYSQL_DATADIR=/mydata/data -DWITH_INNOBASE_STORAGE_ENGINE=1 -DMYSQL_UNIX_ADDR==$dataPath/mysql/mysql.sock -DMYSQL_USER=mysql -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci &>> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" elif [ $1 == 'php' -a ! -e $dataPath/$1 ] then echo "Began to extract the $1 installation" cd $installPath/$1* ./configure --prefix=$dataPath/php --with-mysql=$dataPath/mysql --with-openssl --with-mysqli=$dataPath/mysql/bin/mysql_config --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-apxs2=$dataPath/httpd/bin/apxs --with-mcrypt --with-bz2 --enable-maintainer-zts &>> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" elif [ $1 == 'xcache' -a ! -e $dataPath/php/lib/php/extensions/no-debug-zts-20100525/xcache.so ] then echo "Began to extract the $1 installation" cd $installPath/$1* $dataPath/php/bin/phpize &>> $log ./configure --enable-xcache --with-php-config=$dataPath/php/bin/php-config &>> $log make &>> $log && make install &>> $log && echo "$1 installed successfully" || echo "$1 installed failed" fi}serviceDrop(){ cd $dataPath rm -rf $1 && echo "Delete the $1 service success" || echo "Delete the $1 service failed" }serviceConfig(){ if [ $1 == 'httpd' ] then cd $dataPath/httpd sed -i 's/DirectoryIndex.*index.html/DirectoryIndex index.php index.html/g' conf/httpd.conf && sed -i '381,382cAddType application/x-httpd-php \.php\nAddType application/x-httpd-php-source .phps' conf/httpd.conf && echo "$1 configuration success" || echo "$1 configuration failed" elif [ $1 == 'xcache' ] then cd $installPath/php* cp -a php.ini-production $dataPath/php/lib/php.ini cd $installPath/xcache* cp -a xcache.ini $dataPath/php/lib cd $dataPath/php sed -i '380aextension_dir = /usr/local/php/lib/php/extensions/no-debug-zts-20100525\nextension = xcache.so' lib/php.ini && echo "$1 configuration success" || echo "$1 configuration failed" echo ' ' > $dataPath/httpd/htdocs/index.php elif [ $1 == 'mysql' ] then mkdir -p /mydata/data &>> $log groupadd -r mysql &>> $log useradd -g mysql -r -s /sbin/nologin -M -d /mydata/data mysql &>> $log chown -R mysql:mysql /mydata/data &>> $log chown -R mysql:mysql /usr/local/mysql &>> $log cd $dataPath/mysql ./scripts/mysql_install_db --basedir=$dataPath/mysql/ --datadir=$mysqlData --user=mysql &>> $log && echo "$1 configuration success" || echo "$1 configuration failed" ln -sv $dataPath/mysql/include /usr/include/mysql echo "$dataPath/mysql/lib" > /etc/ld.so.conf.d/mysql.conf ldconfig fi}while truedoread -p "Please enter the | config | unpack | install | drop | quit | to complete the configuration: " metcase $met inunpack) echo `date '+%F %T'` echo 'Began to unzip the installation services' for i in $packagePath/* do serviceUnpack $i done echo -e '\n\n' ;;install) yum groupinstall 'Development tools' 'Desktop Platform Development' -y &>> $log yum install pcre-devel openssl-devel cmake ncurses-devel bzip2-devel libmcrypt-devel libxml2-devel libmcrypt-devel -y &>> $log echo `date '+%F %T'` for i in ${serverCount[@]} do serviceInstall $i done echo -e '\n\n' ;;drop) $dataPath/mysql/support-files/mysql.server stop &>> $log && echo "mysql stop successfully" || echo "mysql stop failed" $dataPath/httpd/bin/apachectl stop &>> $log && echo "mysql stop successfully" || echo "mysql stop failed" groupdel mysql &>> $log userdel -r mysql &>> $log echo `date '+%F %T'` for i in ${serverCount[@]} do serviceDrop $i done echo -e '\n\n' rm -f $log;;config) echo `date '+%F %T'` for i in ${serverCount[@]} do serviceConfig $i done echo -e '\n\n' $dataPath/mysql/support-files/mysql.server restart &>> $log && echo "mysql start successfully" || echo "mysql start failed" $dataPath/httpd/bin/apachectl restart &>> $log && echo "mysql start successfully" || echo "mysql start failed";;quit) exit 0;;esacdone测试[root@localhost ~]# ./test.sh Please enter the installation path:/usr/localPlease enter your package path:/optPlease enter the | config | unpack | install | drop | quit | to complete the configuration: unpack2017-02-28 10:45:10Began to unzip the installation servicesUnpack the /opt/apr-1.5.0.tar.bz2 successUnpack the /opt/apr-util-1.5.3.tar.bz2 successUnpack the /opt/httpd-2.4.9.tar.bz2 successUnpack the /opt/lamp-server failedUnpack the /opt/mysql-5.5.33.tar.bz2 successUnpack the /opt/php-5.4.26.tar.bz2 successUnpack the /opt/xcache-3.1.0.tar.bz2 successPlease enter the | config | unpack | install | drop | quit | to complete the configuration: install2017-02-28 10:47:30Began to extract the apr installationapr installed successfullyBegan to extract the apr-util installationapr-util installed successfullyBegan to extract the httpd installationhttpd installed successfullyBegan to extract the mysql installationmysql installed successfullyBegan to extract the php installationphp installed successfullyBegan to extract the xcache installationxcache installed successfullyPlease enter the | config | unpack | install | drop | quit | to complete the configuration: config2017-02-28 11:00:44httpd configuration successmysql configuration successxcache configuration successmysql start successfullyhttpd start successfully[root@localhost ~]# curl -I 172.20.100.101HTTP/1.1 200 OKDate: Tue, 28 Feb 2017 03:05:11 GMTServer: Apache/2.4.9 (Unix) PHP/5.4.26X-Powered-By: PHP/5.4.26Content-Type: text/htmlPlease enter the | config | unpack | install | drop | quit | to complete the configuration: dropmysql stop successfullyhttpd stop successfully2017-02-28 11:14:52Delete the apr service successDelete the apr-util service successDelete the httpd service successDelete the mysql service successDelete the php service successDelete the xcache service success
3、结合图形描述LVS的工作原理;
上图所示,ipvs工作于内核空间的INPUT链上,当收到用户请求某集群服务时,经过PREROUTING链,经检查本机路由表,送往INPUT链;在进入netfilter的INPUT链时,ipvs强行将请求报文通过ipvsadm定义的集群服务策略的路径改为FORWORD链,将报文转发至后端真实提供服务的主机。
一、LVS介绍一般来说,LVS采用三层结构:负载调度器、服务器池、共享存储。工作在TCP/IP协议的四层,其转发是依赖于四层协议的特征进行转发的,由于其转发要依赖于协议的特征进行转发,因此需要在内核的TCP/IP协议栈进行过滤筛选,可想而知,这就需要在内核的模块来完成,而这样的过滤转发规则又是由管理员进行定义的,所以,LVS就是两段式的架构设计,在内核空间中工作的是”ipvs“,而在用户空间中工作的,用来定义集群服务规则的是”ipvsadm“。这就很容易想到iptables而LVS正好工作在iptables的input链上。二、LVS的组成ipvsadm:用于管理集群服务的命令行工具,工作于Linux系统中的用户空间。ipvs:为lvs提供服务的内核模块,工作于内核空间 (相对于是框架,通过ipvsadm添加规则,来实现ipvs功能)。 注:在linux内核2.4.23之前的内核中模块默认是不存在的,需要自己手动打补丁,然后把此模块编译进内核才可以使用此功能。三、LVS集群类型中的术语VIP:Director用来向客户端提供服务的IP地址,也是DNS解析的IP RIP:集群节点(后台真正提供服务的服务器)所使用的IP地址 DIP:Director用来和RIP进行交互的IP地址 CIP:公网IP,客户端使用的IP四、lvs集群的类型lvs-nat:网络地址转换 NetworkAddress Translation,修改请求报文的目标IP lvs-dr:直接路由 Direct Routing,操纵封装新的MAC地址; lvs-tun:IP隧道 IP Tunneling,在原请求IP报文之外新加一个IP首部; lvs-fullnat:修改请求报文的源和目标IP;1.lvs-nat多目标IP的DNAT,通过将请求报文中的目标地址和目标端口修改为某挑出的RS的RIP和PORT实现转发; (1)RIP和DIP必须在同一个IP网络,且应该使用私网地址;RS的网关要指向DIP; (2)请求报文和响应报文都必须经由Director转发;Director易于成为系统瓶颈; (3)支持端口映射,可修改请求报文的目标PORT; (4)vs必须是Linux系统,rs可以是任意系统;2.lvs-dr通过为请求报文重新封装一个MAC首部进行转发,源MAC是DIP所在的接口的MAC,目标MAC是某挑选出的RS的RIP所在接口的MAC地址;源IP/PORT,以及目标IP/PORT均保持不变; Director和各RS都得配置使用VIP; (1) 确保前端路由器将目标IP为VIP的请求报文发往Director: (a) 在前端网关做静态绑定; (b) 在RS上使用arptables; (c) 在RS上修改内核参数以限制arp通告及应答级别; arp_announce arp_ignore (2) RS的RIP可以使用私网地址,也可以是公网地址;RIP与DIP在同一IP网络;RIP的网关不能指向DIP,以确保响应报文不会经由Director; (3) RS跟Director要在同一个物理网络; (4) 请求报文要经由Director,但响应不能经由Director,而是由RS直接发往Client; (5) 不支持端口映射;3.lvs-tun转发方式:不修改请求报文的IP首部(源IP为CIP,目标IP为VIP),而在原IP报文之外再封装一个IP首部(源IP是DIP,目标IP是RIP),将报文发往挑选出的目标RS; (1) DIP, VIP, RIP都应该是公网地址; (2) RS的网关不能,也不可能指向DIP; (3) 请求报文要经由Director,但响应不能经由Director; (4) 不支持端口映射; (5) RS的OS得支持隧道功能;4.lvs-fullnat通过同时修改请求报文的源IP地址和目标IP地址进行转发; CIP –> DIP VIP –> RIP (1) VIP是公网地址,RIP和DIP是私网地址,且通常不在同一IP网络;因此,RIP的网关一般不会指向DIP; (2) RS收到的请求报文源地址是DIP,因此,只需响应给DIP;但Director还要将其发往Client; (3) 请求和响应报文都经由Director; (4) 支持端口映射;注意:此类型默认不支持;五、lvs调度算法静态方法:仅根据算法本身进行调度;(1) RR:roundrobin,轮询; 轮询调度算法的原理是每一次把来自用户的请求轮流分配给内部中的服务器,从1开始,直到N(内部服务器个数),然后重新开始循环。算法的优点是其简洁性,它无需记录当前所有连接的状态,所以它是一种无状态调度。缺点:是不考虑每台服务器的处理能力。 (2) WRR:Weighted RR,加权轮询; 由于每台服务器的配置、安装的业务应用等不同,其处理能力会不一样。所以,我们根据服务器的不同处理能力,给每个服务器分配不同的权值,使其能够接受相应权值数的服务请求。 (3) SH:Source Hashing; 实现session sticy,源IP地址hash;将来自于同一个IP地址的请求始终发往第一次挑中的RS,从而实现会话绑定; 简单的说就是有将同一客户端的请求发给同一个real server,源地址散列调度算法正好与目标地址散列调度算法相反,它根据请求的源IP地址,作为散列键(Hash Key)从静态分配的散列表找出对应的服务器,若该服务器是可用的并且没有超负荷,将请求发送到该服务器,否则返回空。它采用的散列函数与目标地址散列调度算法的相同。它的算法流程与目标地址散列调度算法的基本相似,除了将请求的目标IP地址换成请求的源IP地址。 (4) DH:Destination Hashing; 目标地址哈希,将发往同一个目标地址的请求始终转发至第一次挑中的RS; 将同样的请求发送给同一个server,一般用户于缓存服务器说,简单的说,LB集群后面又加了一层,在LB与real server之间加了一层缓存服务器,当一个客户端请求一个页面时,LB发给cache1,当第二个客户端请求同样的页面时,LB还是发给cache1,这就是我们所说的,将同样的请求发给同一个server,来提高缓存的命中率。目标地址散列调度算法也是针对目标IP地址的负载均衡,它是一种静态映射算法,通过一个散列(Hash)函数将一个目标IP地址映射到一台服务器。目标地址散列调度算法先根据请求的目标IP地址,作为散列键(Hash Key)从静态分配的散列表找出对应的服务器,若该服务器是可用的且未超载,将请求发送到该服务器,否则返回空。动态方法:主要根据每RS当前的负载状态及调度算法进行调度;(1) LC:leash-connection 最少连接 最少连接调度算法是把新的连接请求分配到当前连接数最小的服务器,最小连接调度是一种动态调度短算法,它通过服务器当前所活跃的连接数来估计服务器的负载均衡,调度器需要记录各个服务器已建立连接的数目,当一个请求被调度到某台服务器,其连接数加1,当连接中止或超时,其连接数减一,在系统实现时,我们也引入当服务器的权值为0时,表示该服务器不可用而不被调度。此算法忽略了服务器的性能问题,有的服务器性能好,有的服务器性能差,通过加权重来区分性能,所以有了下面算法wlc。 简单算法:active*256+inactive (谁的小,挑谁)(2) WLC:加权最少连接 加权最小连接调度算法是最小连接调度的超集,各个服务器用相应的权值表示其处理性能。服务器的缺省权值为1,系统管理员可以动态地设置服务器的权限,加权最小连接调度在调度新连接时尽可能使服务器的已建立连接数和其权值成比例。由于服务器的性能不同,我们给性能相对好的服务器,加大权重,即会接收到更多的请求。简单算法:(active*256+inactive)/weight(谁的小,挑谁)(3) SED:Shortest Expection Delay,最少期望延迟 不考虑非活动连接,谁的权重大,我们优先选择权重大的服务器来接收请求,但会出现问题,就是权重比较大的服务器会很忙,但权重相对较小的服务器很闲,甚至会接收不到请求,所以便有了下面的算法nq。基于wlc算法,简单算法:(active+1)*256/weight (谁的小选谁)(4) nq:never queue 永不排队 在上面我们说明了,由于某台服务器的权重较小,比较空闲,甚至接收不到请求,而权重大的服务器会很忙,所此算法是sed改进,就是说不管你的权重多大都会被分配到请求。简单说,无需队列,如果有台real server的连接数为0就直接分配过去,不需要在进行sed运算。(5) LBLC:Locality-Based LC,基于局部性的最少连接 基于局部性的最少连接算法是针对请求报文的目标IP地址的负载均衡调度,主要用于Cache集群系统,因为Cache集群中客户请求报文的目标IP地址是变化的,这里假设任何后端服务器都可以处理任何请求,算法的设计目标在服务器的负载基本平衡的情况下,将相同的目标IP地址的请求调度到同一个台服务器,来提高服务器的访问局部性和主存Cache命中率,从而调整整个集群系统的处理能力。(6) LBLCR:LBLC with Replication,基于局部性的带复制功能的最少连接 基于局部性的带复制功能的最少连接调度算法也是针对目标IP地址的负载均衡,该算法根据请求的目标IP地址找出该目标IP地址对应的服务器组,按“最小连接”原则从服务器组中选出一台服务器,若服务器没有超载,将请求发送到该服务器;若服务器超载,则按“最小连接”原则从这个集群中选出一台服务器,将该服务器加入到服务器组中,将请求发送到该服务器。同时,当该服务器组有一段时间没有被修改,将最忙的服务器从服务器组中删除,以降低复制的程度。
4、阐述varnish的功能及其应用场景,并通过实际的应用案例来描述配置、测试、调试过程。
5、搭建一套LVS-DR模型的高性能集群,并用Keepalived实现nginx与lvs的高可用集群,同时实现以下功能:
(1)、wordpress程序通过nfs共享给各个realserver;
(2)、后端realserver中的nginx和php分离
VIP: 172.20.100.111DIP: 172.20.100.101 172.20.100.102RIP: 172.20.100.150 172.20.100.151一、安装KEEPALIVED和IPVSADMyum install ipvsadm keepalived -y二、配置keepalved(2台Director server 上配置)#master-172.20.100.101# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL}vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111test } virtual_ipaddress { 172.20.100.111 }}virtual_server 172.20.100.111 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 172.20.100.150 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.20.100.151 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } }}#BACKUP-172.20.100.102# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL}vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111test } virtual_ipaddress { 172.20.100.111 }}virtual_server 172.20.100.111 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 172.20.100.150 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.20.100.151 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } }} 三、配置nginx、php(2台 RealServer 上配置)#安装服务# yum install nginx php php-fpm mysql-server mysql-devel php-mysql -y#配置nginx# vim /etc/nginx/fastcgi_paramsfastcgi_param GATEWAY_INTERFACE CGI/1.1;fastcgi_param SERVER_SOFTWARE nginx;fastcgi_param QUERY_STRING $query_string;fastcgi_param REQUEST_METHOD $request_method;fastcgi_param CONTENT_TYPE $content_type;fastcgi_param CONTENT_LENGTH $content_length;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param SCRIPT_NAME $fastcgi_script_name;fastcgi_param REQUEST_URI $request_uri;fastcgi_param DOCUMENT_URI $document_uri;fastcgi_param DOCUMENT_ROOT $document_root;fastcgi_param SERVER_PROTOCOL $server_protocol;fastcgi_param REMOTE_ADDR $remote_addr;fastcgi_param REMOTE_PORT $remote_port;fastcgi_param SERVER_ADDR $server_addr;fastcgi_param SERVER_PORT $server_port;fastcgi_param SERVER_NAME $server_name;# vim /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { }location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; }}# vim /usr/share/nginx/html/index.php #启动# service php-fpm start正在启动 php-fpm: [确定]# service nginx restart正在启动 nginx: [确定]#测试# netstat -tnlp| egrep 'nginx|php-fpm'tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2101/nginx tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2118/php-fpm # curl -I 127.0.0.1/index.phpHTTP/1.1 200 OKServer: nginx/1.10.2Date: Fri, 03 Mar 2017 09:22:59 GMTContent-Type: text/htmlConnection: keep-aliveX-Powered-By: PHP/5.3.3#安装NFS并挂载(172.20.100.101配置)# yum -y install nfs-utils rpcbind# mkdir /web/wordpress# vim /etc/exports /web/wordpress (rw,no_root_squash,no_all_squash,sync)# service rpcbind start# service nfs start#解压wordpress 到NFS目录# mkdir /web# tar -xzvf /opt/wordpress-4.7.2-zh_CN.tar.gz -C /web/#添加mysql数据库访问权限mysql> grant all privileges on *.* to root@'%' identified by 'root' with grant option;#客户端配置(2台 RealServer 上执行)#挂载# mount -t nfs 172.20.100.101:/web/wordpress/ /web/#修改nginx配置# vim /etc/nginx/conf.d/default.conf ## The default server#server { listen 80 default_server; listen [::]:80 default_server; server_name _; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; root /web/; index index.html index.php;location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; } }#重载并测试# nginx -s reload