积累经验
2014年(55)
分类: 系统运维
2014-01-22 23:49:02
CDN(Content Delivery Network)介绍
CDN的全称是内容分发网络(Content Delivery Network),其设计目的是通过在现有的Internet中增加一层新的网络架构,将网站的内容发布到最接近用户的网络“边缘”,使用户可以就近取得所需的内容,提高用户访问网站的响应速度。 CDN有别于镜像,因为它比镜像更智能,或者可以做这样一个比喻:CDN=更智能的镜像+缓存+流量导流。因而,CDN可以明显提高Internet网络中信息流动的效率。从技术上全面解决由于网络带宽小、用户访问量大、网点分布不均等问题,提高用户访问网站的响应速度。
2台客户端60-dx 53-wt,1台dns-master80|dx.squid|web 1台dns-slave81|wt.squid
实现功能:客户端访问(论坛),先通过dns解析,得到ip后,通过squid代理服务器,访问
IP60为dx 192.168.0.80 (nslookup解析)'
IP53为wt 192.168.0.81
iptables –F
setenforce 0
2台客户端指向/etc/resolv.conf指向dns192.168.0.80 192.168.0.81
dns-master 装包,配置文件(view),创建zone文件
yum install bind bind-chroot –y
master修改配置文件:vim /etc/named.conf
#添加view(dx,wt,other)
#match-clients(匹配客户端IP,216/217/218为slave绑定了3个虚拟IP)
view "dx" {
match-clients { 192.168.0.60; 192.168.0.216; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type master;
file "dx.abc.com.zone";
};
};
view "wt" {
match-clients { 192.168.0.53; 192.168.0.217; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type master;
file "wt.abc.com.zone";
};
};
view "other" {
match-clients { any; 192.168.0.218; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type master;
file "other.abc.com.zone";
};
};
建立zone文件
dx.abc.com.zone
wt.abc.com.zone
other.abc.com.zone
[root@desktop80 ~]# cat /var/named/dx.abc.com.zone
$TTL 1D @ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.0.80
www A 192.168.0.80 //dx.squid IP
[root@desktop80 ~]# cat /var/named/wt.abc.com.zone
$TTL 1D @ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.0.80
www A 192.168.0.81 //wt.squid IP
[root@desktop80 ~]# cat /var/named/other.abc.com.zone
$TTL 1D @ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.0.80
www A 192.168.0.80 //dx.squid IP
slave修改配置文件
#transfer-source slave自动同步zone文件,slave(ifconfig需绑定3个虚拟ip)
#match-chients 匹配客户端IP
[root@desktop81 ~]# ifconfig eth0:0 192.168.0.216
[root@desktop81 ~]# ifconfig eth0:1 192.168.0.217
[root@desktop81 ~]# ifconfig eth0:2 192.168.0.218
view "dx" {
transfer-source 192.168.0.216;
match-clients { 192.168.0.60; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type slave;
masters { 192.168.0.80; };
file "slaves/dx.abc.com.zone";
};
};
view "wt" {
transfer-source 192.168.0.217;
match-clients { 192.168.0.53; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type slave;
masters { 192.168.0.80; };
file "slaves/wt.abc.com.zone";
};
};
view "other" {
transfer-source 192.168.0.217;
match-clients { any; };
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
zone "abc.com"
{
type slave;
masters { 192.168.0.80; };
file "slaves/other.abc.com.zone";
};
};
测试:
[root@desktop53 ~]# nslookup
Server: 192.168.0.80
Address: 192.168.0.80#53
Name:
Address: 192.168.0.81
[root@desktop60 ~]# nslookup
Server: 192.168.0.80
Address: 192.168.0.80#53
Name:
Address: 192.168.0.80
测试:Master named服务stop
[root@desktop60 ~]# nslookup
Server: 192.168.0.81
Address: 192.168.0.81#53
Name:
Address: 192.168.0.80
[root@desktop53 ~]# nslookup
Server: 192.168.0.81
Address: 192.168.0.81#53
Name:
Address: 192.168.0.81
主从复制的dns view成功
Rsync 同步acl文件
rsync
rsync 使用自身的rsync算法
主要是传送2个文件的异动部份,而非每次都整份传送
因此速度相当地快。
它具备以下特性:
1. 能更新整个目录和树和文件系统
2. 有选择性的保持符号链链、硬链接、文件属于、权限、设备以及时间等
3. 对于安装来说,无任何特殊权限要求
4. 对于多个文件来说,内部流水线减少文件等待的延时
5. 能用 rsh、ssh 或直接端口做为传输入端口
6. 支持匿名 rsync 同步文件,是理想的镜像工具;
在不同主机之间的进行备份,是必须架设 rsync 服务器。
Rsync服务器会使用xinetd服务方式开启873端口监听
等待Rsync客户端连接。Rsync客户端发起连接后,
Rsync服务器会检查Rsync客户端提交Rsync服务器内建的户名和密码是否正确,
如果通过认证检测,则开始文件传输,
传输的过程是按要求先比对文件的大小、属性、权限、MD5值等信息,
如果两端文件信息不一致,则按要求同步文件的区别块。
1.安装设置rsync
rhel 中rsync使用xinetd控制服务 所以必须安装xinetd
yum install rsync* xinetd* -y
Rsync服务端需要打开rsync deamon和启动xinetd服务
Rsync客户端安装rsync就可以。
chkconfig xinetd on
chkconfig rsync on
2.设置Rsync 服务端
Rsync 服务端需要设置如下四项:
1). 规划建立备份目录
2). 设置开启rsync deamon的xinetd服务(/etc/xinetd.d/rsync)
3). 创建和设置rsync deamon的配置文件(/etc/rsyncd.conf)
4). 设置rsync内建用户和密码
首先确定备份目录,我们使用/var/named/chroot/etc/acl目录作为备份根目录。
然后我们设置rsync deamon的xinetd服务,因为之前我们使用Rsync服务器搭建
chkconfig命令已经打开了xinetd和rsync的启动项
所以这里我们只是验证服务配置文件是否正确配置
vim /etc/xinetd.d/rsync
disabled no //打开rsync
创建rsync服务配置文件
#vi /etc/rsyncd.conf
uid = named
gid = named
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
motd file = /etc/rsyncd.motd //欢迎信息文件,需创建
hosts allow = 192.168.0.81 192.168.0.0/24 //slaveIP+0网段
auth users = namedrsync //认证用户
secrets file = /etc/rsyncd.secrets //密码文件,需创建
[acl]
path = /var/named/chroot/etc/acl //同步文件目录
comment = acl
read only = true
list = false
创建欢迎文件,密码文件
cat > /etc/rsyncd.motd << ENDF
welecom
cat > /etc/rsyncd.secrets << ENDF
namedrsync:uplooking
权限600
[root@desktop80 ~]# chmod 600 /etc/rsyncd.*
Master在/var/named/chroot/etc/acl下创建dx.acl wt.acl
[root@desktop80 ~]# mkdir /var/named/chroot/etc/acl
[root@desktop80 ~]# cd /var/named/chroot/etc/acl
[root@desktop80 acl]# vim dx.acl
acl "dxip" {
192.168.0.60/32;
};
[root@desktop80 acl]# vim wt.acl
acl "wtip" {
192.168.0.53/32;
};
修改named配置文件,在viwe之前添加
include "/etc/acl/dx.acl";
include "/etc/acl/wt.acl";
view "dx" {
# match-clients { 192.168.0.60; 192.168.0.216; };
match-clients { dxip; 192.168.0.216; };
view "wt" {
# match-clients { 192.168.0.53; 192.168.0.217; };
match-clients { wtip; 192.168.0.217; };
客户端
安装yum install rsync –y
创建密码文件(写密码就可以)
vim /root/secrets
uplooking
chmod 600 /root/secrets
slave 创建目录同步master alc文件,/var/named/chroot/etc/acl,
[root@desktop81 ~]# mkdir /var/named/chroot/etc/acl
修改named配置文件
[root@desktop81 ~]# vim /etc/named.conf
include "/etc/acl/dx.acl";
include "/etc/acl/wt.acl";
view "dx" {
transfer-source 192.168.0.216;
match-clients { dxip; };
view "wt" {
transfer-source 192.168.0.217;
match-clients { wtip; };
[root@desktop81 ~]# rsync -Rav --delete --password-file=/root/secrets namedrsync@192.168.0.80::acl /var/named/chroot/etc/acl
(出现以下内容说明同步成功,注意iptables selinux)可以crontab -e 加入计划任务周期性的同步acl
welecom
receiving incremental file list
./
dx.acl
wt.acl
sent 100 bytes received 290 bytes 780.00 bytes/sec
total size is 68 speedup is 0.17
-----------------------------------------------------------------------------------------
squid 代理服务器
提高访问速度、过滤内容、隐藏真实IP
反向代理
先设置81wt.squid,然后通过wt.client访问
[root@desktop81 slaves]# yum install squid -y
修改配置文件
[root@desktop81 slaves]# vim /etc/squid/squid.conf
#http_access deny all //注释该行
#http_port 3128 //注释该行
http_port 80 vhost vport //监听80
55 http_access allow localnet
56 http_access allow localhost
56行下插入
cache_peer 192.168.0.80 parent 80 0 no-query originserver weight=1 name=a //从80上取数据
cache_peer_domain a //定义a 解析
cache_peer_access a allow all //允许a
启服务wt.client访问测试
[root@desktop81 slaves]#service httpd stop
[root@desktop81 slaves]# chkconfig httpd off
[root@desktop81 slaves]# chkconfig squid on
[root@desktop81 slaves]# service squid start
squid反向代理客户端网页中无需设置代理及hosts。通过dns解析,直接访问,以下步骤跳过。
客户端/etc/resolv.conf中如果有多台server需注意/etc/resolv.conf server前后顺续把80放前面
Vim /etc/hosts
192.168.0.80
53wt.client网页代理设置192.168.0.81:80然后访问,
80dx.squid同样设置,squid配置文件端口改为3128,80被http占用。dx.client网页代理设置192.168.0.80:80
