1. 說明
1.1 概述
- 本文檔用于搭建 高可用的負載均衡
- 使用 Nginx 實現(xiàn)負載均衡
- 使用 Keepalived 實現(xiàn)高可用
1.2 系統(tǒng)說明
- 配置環(huán)境:
角色: IP 主機名 操作系統(tǒng) 軟件版本
VIP 192.168.10.5
Master 192.168.10.11 node10011 CentOS7 Nginx-1.12 + Keepalived
Backup 192.168.10.12 node10012 CentOS7 Nginx-1.12 + Keepalived
1.3 項目架構
K9JAZX9J$G@6{~PAJYRXEP6.png
2. 基礎配置
- master 和 backup 都需要配置
2.1 防火墻, selinux 配置
# systemctl stop firewalld
# systemctl disabled firewalld
# setenforce 0
# sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
2.2 配置IP, 主機名
- Master
[root@localhost ~]# ip address show | grep -E 'ens3.$'
inet 192.168.20.11/24 brd 192.168.20.255 scope global noprefixroute ens34
inet 192.168.10.11/24 brd 192.168.10.255 scope global noprefixroute ens33
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
nameserver 223.6.6.6
[root@localhost ~]#
+ 主機名: ` hostnamectl set-hostname 'node10011'`
- Backup
[root@localhost ~]# ip addr show | grep -E 'ens3.$'
inet 192.168.20.12/24 brd 192.168.20.255 scope global noprefixroute ens34
inet 192.168.10.12/24 brd 192.168.10.255 scope global noprefixroute ens33
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.5.5.5
nameserver 223.6.6.6
[root@localhost ~]#
- 主機名:
*hostnamectl set-hostname node10012
2.3 安裝部分基礎程序
yum -y install ntpdate rdate openssl glibc libgcrypt gcc gcc-clib bzip wget sysstat vim lrzsz
2.4 設置時間
-
修改時區(qū)
timedatectl set-timezone Asia/Shanghai
-
同步時間
ntpdate time1.aliyun.com
設置到 crontab 定時同步時間
cat <<-EOF >> /var/spool/cron/root
MAILTO=""
*/10 * * * * /usr/sbin/ntpdate time1.aliyun.com || /usr/sbin/ntpdate time2.aliyun.com
EOF
2.5 添加普通用戶
-
創(chuàng)建用戶
useradd fangfcecho '111' | passwd --stdin fangfcmkdir -m 700 /home/fangfc/.ssh
配置用戶密鑰
cat <<-EOF >> /home/fangfc/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx8Vj385RGc691Ay6Xaf2w6A4dG1qxRq4bip/IneS7UbLraK5xrrOwKD/z1RIQJZta6FOGWt/ml0fwSi28F/MR2iY8iedJGjaHYhgR0ppUyE9vhIRg4gTQ8MaRHM4P2PAwQQKSFE0b2vvxx9EzCithllsNPeX88r3nSPgjUmpJ3qzSyZaYqOrm6XQTZMwE5ccj1Hxdmdw6ta38j6EOdow2ju0IB74MXULSBxkFFk4meDpoZief30UMCQoCk5eOP9vT/AUD+VQxWQWiIaqthDltmNxX/U1d7/7+4wxN502rI1ktmoPHiYydMRXebEZZopyhJf0Q3C7WG6YxXovYL5q1 OpenSSH-rsa-import-111718
EOF
- 密鑰權限
chmod 600 /home/fangfc/.ssh/authorized_keyschown -R fangfc:fangfc /home/fangfc/.ssh/
2.6 配置 sshd
禁用密碼登陸
sed -i '/^PasswordAuth/s/yes/no/p' /etc/ssh/sshd_config禁止root 登陸
sed -i '/#PermitRootLogin/s/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config禁用GSSAPI
sed -i '/^GSSAPIAuth/s/yes/no/' /etc/ssh/sshd_config不使用DNS 反解
grep -q 'UseDNS no' /etc/ssh/sshd_config || echo "UseDNS no" >>/etc/ssh/sshd_config重啟服務
systemctl restart sshd
2.7 配置內核必要參數(shù)
- 設置最大文件打開數(shù)量
cat <<-EOF >> /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
EOF
ulimit -n 65535
- 修改history 記錄條數(shù)
sed -i '/^HISTSIZE=1000$/s/1000/10000/' /etc/profile
END
