CN101908967A - Configuration method and system of Linux virtual server - Google Patents

Configuration method and system of Linux virtual server Download PDF

Info

Publication number
CN101908967A
CN101908967A CN2009100861141A CN200910086114A CN101908967A CN 101908967 A CN101908967 A CN 101908967A CN 2009100861141 A CN2009100861141 A CN 2009100861141A CN 200910086114 A CN200910086114 A CN 200910086114A CN 101908967 A CN101908967 A CN 101908967A
Authority
CN
China
Prior art keywords
configuration
authentication
server
direct
virtual server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2009100861141A
Other languages
Chinese (zh)
Other versions
CN101908967B (en
Inventor
周文旭
张�诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN200910086114.1A priority Critical patent/CN101908967B/en
Publication of CN101908967A publication Critical patent/CN101908967A/en
Application granted granted Critical
Publication of CN101908967B publication Critical patent/CN101908967B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention relates to configuration method and system of a Linux virtual server, wherein the configuration system of the Linux virtual server comprises an LVS (Linux Virtual Server), a user interface module, an AAA (Authentication Authorization Accounting) client and an instruction translating module, wherein the user interface module is used for transmitting received configuration instruction information to the AAA client and then transmitting successfully authorized configuration instruction information to the instruction translation module when receiving an authorization result returned by the AAA client, wherein the authorization result represents that the configuration instruction information is successfully authorized; the AAA client is used for transmitting the configuration instruction information to an AAA server and then transmitting the authorization result returned by the AAA server to the user interface module; and the instruction translating module is used for translating a successfully authorized configuration instruction into an operation instruction supported by the LVS and executing or notifying the LVS to execute configuration operation corresponding to the operation instruction. The invention improves the convenience for users to maintain network systems containing the LVS.

Description

Linux virtual server collocation method and system
Technical field
The present invention relates to computer networking technology, particularly relate to a kind of Linux virtual server collocation method and system.
Background technology
Linux virtual server (Linux Virtual Server, abbreviation LVS) Clustering is a kind of load balance scheduling solution based on IP layer and content-based request distribution, one group of physical server can be constituted the virtual server cluster system with good scalability (Scalability), reliability (Reliability) and manageability (Manageability).The LVS group system is transparent from architecture, and the end user only feels a virtual server.Local area network (LAN) (local area network is called for short LAN) that can be by at a high speed between the physical server or the wide area network (Wide Area Ne twork is called for short WAN) that is distributed in various places link to each other; Placing the LVS group system is the load dispatch device foremost, and it is responsible for various service requests are distributed to the physical server of back, allows whole cluster show as a virtual server of serving same IP address.
LVS can realize the function of the load balancing network equipment, but the configuring management method of LVS and the general configuration method of the network equipment exist than big-difference, the general configuration method of employing conventional network equipment can't be realized the configuration management of LVS, for example: LVS revises self configuration by the mode of revised file, every modification all is based on one or more configuration files, therefore can't carry out subscriber authorisation at the individual event configuration; When increasing a LVS in the LVS system, need on newly-increased LVS, add existing all user profile.And the network equipment is revised configuration information by order line usually, can carry out subscriber authorisation to the individual event configuration, and the newly-increased network equipment need not to increase user profile etc.
By above-mentioned analysis as can be known, the general configuration method of the collocation method of LVS and the network equipment exists than big-difference, for network operation work has brought inconvenience in the prior art.
Summary of the invention
The invention provides a kind of collocation method and system of Linux virtual server, in order to improve the convenience that the user safeguards the network system that includes the Linux virtual server.
The invention provides a kind of Linux virtual server configuration-system, comprise the Linux virtual server, also comprise: Subscriber Interface Module SIM, authentication and authorization charging client and instruction translation module;
The configuration-direct information that described Subscriber Interface Module SIM is used for receiving sends to described authentication and authorization charging client; Receiving Authorization result that described authentication and authorization charging client returns when representing described configuration-direct information mandate success, sends the successfully configuration-direct information of mandate to described instruction translation module;
Described authentication and authorization charging client is used for the described configuration-direct information that described Subscriber Interface Module SIM sends is sent to authentication and authorization charging server, for described authentication and authorization charging server described configuration-direct information is carried out authorisation process; The Authorization result that described authentication and authorization charging server is returned sends to described Subscriber Interface Module SIM;
Described instruction translation module is used for the configuration-direct that the described success of described Subscriber Interface Module SIM transmission is authorized is translated into the operational order that described Linux virtual server is supported, and carries out or notify described Linux virtual server execution and the corresponding configuration operation of described operational order.
The present invention also provides a kind of Linux virtual server collocation method, comprising:
Receive configuration-direct information;
The configuration-direct information of described reception is sent to authentication and authorization charging server, described configuration-direct information is carried out authorisation process for described authentication and authorization charging server;
The configuration-direct that success is authorized is translated into the operational order that the Linux virtual server is supported, and described Linux virtual server is carried out and the corresponding configuration operation of described operational order.
The present invention can bring the configuration management of Linux virtual server in the management system of standard network device into, adopt the general configuration method of similar standard network device that the Linux virtual server is managed for configuration, thereby improved the user, include the property easy to maintenance of the network system of Linux virtual server as the network management personnel, and improved internet security.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The LVS configuration-system structure chart that Fig. 1 provides for first embodiment of the invention;
The LVS collocation method flow chart that Fig. 2 provides for second embodiment of the invention;
The LVS collocation method Signalling exchange figure that Fig. 3 provides for third embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The LVS configuration-system structure chart that Fig. 1 provides for first embodiment of the invention.As shown in Figure 1, present embodiment LVS configuration-system comprises: LVS11, Subscriber Interface Module SIM 12, authentication and authorization charging (Authentication Authorization Accounting is called for short AAA) client (being AAA client 13) and instruction translation module 14; Subscriber Interface Module SIM 12 is connected with instruction translation module 14 with AAA client 13 respectively, and instruction translation module 14 is connected with LVS11.
LVS11 adopts IP load-balancing technique and content-based request distribution technology to realize load balancing.Need to prove that among the present invention, the concrete structure of LVS is unrestricted, as: LVS11 can comprise load dispatch device (load balancer), server pools (server pool) and share storage (shared storage) district.The load dispatch device is the front-end processor of whole cluster to the outside, and responsible request with the user sends on one group of physical server to be carried out, and the user thinks that then service is from an IP address (can be referred to as virtual ip address).Server pools is one group of physical server of really carrying out user's request.Shared memory provides a shared memory block for server pools, thereby makes server pools have identical content, and identical service can be provided.In LVS, the load dispatch device is balancedly transferred to user's request on the different physical servers and is carried out, and masks the fault of server automatically, thereby one group of physical server is constituted high performance, a high available virtual server.The structure of whole LVS is transparent for the user.
The configuration-direct information that Subscriber Interface Module SIM 12 is used for receiving sends to AAA client 13; Receiving Authorization result that AAA client 13 returns when representing configuration-direct information mandate (Authorization) success, sends the successfully configuration-direct information of mandate to instruction translation module 14.
AAA client 13 is connected with the aaa server 15 of system outside, is used for the configuration-direct information that Subscriber Interface Module SIM 12 sends is sent to aaa server 15, for aaa server 15 servers configuration-direct information is carried out authorisation process; The Authorization result that aaa server 15 is returned sends to Subscriber Interface Module SIM 12.
Instruction translation module 14 is used for the configuration-direct of successful mandates that Subscriber Interface Module SIM 12 is sent and translates into the operational order that LVS11 supports, and carries out or notice LVS11 execution and this operational order are operated accordingly.
On the basis of technique scheme,, also can expand the function of Subscriber Interface Module SIM 12 and AAA client 13 in order further to introduce user authentication mechanism at the LVS configuration-system:
The subscriber identity information that Subscriber Interface Module SIM 12 also is used for receiving sends to AAA client 13; When the Authorization result that receives is represented subscriber identity information authentication (Authentication) success, send the configuration-direct information that sends with the corresponding user of the subscriber identity information of success identity to AAA client 13.
AAA client 13 is used for the subscriber identity information that Subscriber Interface Module SIM 12 sends is sent to aaa server 15, authenticates for 15 pairs of subscriber identity informations of aaa server.
Analysis by technique scheme as seen, Subscriber Interface Module SIM 12 provides and the mutual interface of LVS configuration-system for the user, the user can import the configuration-direct that is used to dispose LVS by Subscriber Interface Module SIM 12; Further, Subscriber Interface Module SIM 12 also can be used as the inlet that the user is carried out authentication processing, mandate and charging, and Subscriber Interface Module SIM 12 has only the configuration-direct information that the corresponding user of the subscriber identity information of success identity is imported to carry out subsequent treatment; And configuration-direct mandate success, Subscriber Interface Module SIM 12 just can send to instruction translation module 14 with the configuration-direct that success is authorized, and make it to carry out instruction translation and carry out the corresponding configuration operation.
In order to realize that the user of LVS login is controlled, and/or the configuration-direct of user's input is carried out fine granularity ground authorize, LVS can be brought in the network equipment user unified management system.Present embodiment is by setting up the AAA client in the LVS configuration-system, make that the LVS configuration-system can be mutual with aaa server by the AAA client, to finish processing such as mandate to the configuration-direct information of the authentication processing of user's identity information and/or user's input.
In the technique scheme, instruction translation module 14 can further comprise: memory cell 141 and translation unit 142 and dispensing unit 143.
Memory cell 141 is used to store the mapping relations between the operational order that legal configuration-direct and LVS support.
Translation unit 142 is used for the mapping relations according to memory cell 141 storages, and with the configuration-direct that success is authorized, promptly legal configuration-direct is translated into the corresponding operational order that LVS supports.Translation unit 142 can be inquired about the mapping relations of memory cell 141 storages after receiving the configuration-direct of successfully authorizing, obtain this configuration-direct instruction corresponding, i.e. action.
Dispensing unit 143 can be used for LVS11 is carried out and the corresponding configuration operation of last operational order, and perhaps, dispensing unit 143 can be used for operational order is sent to LVS11, carries out with aforesaid operations for LVS11 and instructs corresponding configuration operation.
Present embodiment is by providing the user interface of similar network equipment by introducing Subscriber Interface Module SIM in the LVS configuration-system, provide the aaa protocol support by introducing the AAA client for authenticating user identification and/or configuration-direct authorisation process, and the configuration-direct of authorizing according to success by introducing instruction translation module carries out corresponding configuration operation or notifies LVS to carry out corresponding configuration operation LVS, therefore, present embodiment can be brought the configuration management of LVS in the management system of standard network device into, adopt the general configuration method of similar standard network device that LVS is managed for configuration, thereby improved the user, include the property easy to maintenance of the network system of LVS as the network management personnel, and improved internet security.
The LVS collocation method flow chart that Fig. 2 provides for second embodiment of the invention.As shown in Figure 2, present embodiment LVS collocation method comprises:
Step 21, reception configuration-direct information.
Step 22, configuration-direct information is sent to aaa server, configuration-direct information is carried out authorisation process for aaa server.
Step 23, the configuration-direct of will success authorizing are translated into the operational order that LVS supports, and LVS are carried out and the corresponding configuration operation of operational order.
The subject of implementation of present embodiment can be and is used for configuration-system that LVS is managed for configuration, its main purpose is that existing LVS " encapsulation " is become standard network device, LVS after feasible " encapsulation " has the interface with user interactions, support aaa protocol, and provide interpretative function between the operational order that configuration-direct that the user imports and LVS support, thereby improved the user, include the property easy to maintenance of the network system of LVS as the network management personnel, and improved internet security.
Illustrate: the demons of supposing to be integrated with among the LVS user's attitude, as: the Keepalived program, this program is used to improve the robustness of LVS, provide the health examination of each physical server in the server pools that LVS comprises, and the load balance scheduler that comprises for LVS provides and combats a natural disaster fault tolerance etc.The configuration information of Keepalived program is kept in the configuration file, as: the configuration information of Keepalived program is kept in the configuration file "/etc/keepalived/keepalived.conf ", the configuration information that configuration file is preserved can comprise: the time interval information of health examination, the required parameter of VRRP priority supervisor self-operating, the LVS parameters such as address that also can comprise in addition, physical server among the LVS of Virtual Service address, Virtual Service correspondence.
The inventor finds in realizing process of the present invention, the configuring management method that prior art is integrated with the LVS of Keepalived program comprises that the user logins LVS, operation Keepalived program, use editing machine to revise configuration file "/etc/keepalived/keepalived.conf ", preserve amended configuration file afterwards and indicate the keepalived program to reload amended configuration file.This shows, prior art is based on the manual modification that configuration file carries out for the modification of LVS configuration parameter, can't authorize the individual event configuration, also can't realize retouching operation based on user's configuration-direct, exist than big-difference with the general configuration method of the existing standard network equipment, give the user, carry out network operation as the network management personnel and bring big inconvenience.Because the method that provides based on present embodiment disposes LVS, the configuration management of LVS can be brought in the management system of standard network device, adopt the general configuration method of similar standard network device that LVS is managed for configuration, thereby can realize the individual event configuration is authorized; When increasing LVS newly in the network system, also need not to increase user profile on the newly-increased LVS, but can realize that by the user profile on the aaa server user operates, thereby improved the convenience of the network capacity extension, below with reference to Fig. 3 the collocation method of the LVS that is integrated with the Keepalived program is elaborated.
The LVS collocation method Signalling exchange figure that Fig. 3 provides for third embodiment of the invention.Present embodiment LVS configuration-system can be referring to system shown in Figure 1.As shown in Figure 3, present embodiment LVS collocation method comprises:
Step 31, client send login (Login) request to Subscriber Interface Module SIM, carry subscriber identity information in this logging request.
The user can use client, be connected to configuration-system as the client of following safety shell protocol (ssh) or TCP/IP terminal emulation protocol (telnet) on the communication mode to LVS, Subscriber Interface Module SIM to the LVS configuration-system sends logging request, carry subscriber identity information in this logging request, this subscriber identity information can comprise username and password etc.
Step 32, Subscriber Interface Module SIM send logging request to the AAA client, carry subscriber identity information in this logging request.
Subscriber Interface Module SIM is after the logging request that receives the client transmission, obtain the subscriber identity information in this logging request, subscriber identity information is carried at sends to the AAA client in the logging request, be used for asking the AAA client that the subscriber identity information of this logging request is carried out authentication processing.
Step 33, AAA client send authentication (Authentication) request to aaa server, comprise subscriber identity information in this authentication request.
The AAA client is resolved the logging request that receives, obtain the subscriber identity information that carries in this logging request, and the subscriber identity information that obtains is packaged into follows the authentication request that AAA realizes agreement, as follow terminal access controller access control system (Terminal Access Controller Access-Control System Plus, abbreviation TACACS+) authentication request of agreement, authentication request is sent to aaa server, be used for asking aaa server that the subscriber identity information that this authentication request comprises is carried out authentication processing.
Step 34, aaa server carry out authentication processing to the subscriber identity information that comprises in the authentication request, and authentication result are sent to the AAA client.
Store validated user information on the aaa server in advance.When aaa server receives the authentication request of AAA client transmission, validated user identity information according to storage in advance carries out authentication processing to the user identity that comprises in the authentication request, as username and password being carried out the validity authentication, and authentication result is packaged into follows the packet that AAA realizes agreement, as the packet of following the TACACS+ agreement sends to the AAA client.When if authentication result shows this subscriber identity information authentication success, aaa server can comprise to the authentication result that the AAA client sends: login successful announcement information, or the authority information that the user had etc.When if authentication result shows this subscriber identity information authentification failure, aaa server can comprise to the authentication result that the AAA client sends: the announcement information of login failure etc.
Step 35, AAA client receive the authentication result that aaa server sends, and will receive authentication result and send to Subscriber Interface Module SIM; This authentication result is carried in the login return messages and sends to Subscriber Interface Module SIM.
The AAA client is resolved the packet of following AAA realization agreement that aaa server sends, and obtains the authentication result that this packet comprises, and authentication result is sent to Subscriber Interface Module SIM.
Step 36, Subscriber Interface Module SIM send and authentication result corresponding prompt information to client, and this authentication result corresponding prompt information is carried in the login return messages and sends to client.
When if authentication result shows the subscriber identity information authentification failure, Subscriber Interface Module SIM can be " login failure " to the information that client sends; Under this situation, the Subscriber Interface Module SIM refusal provides service to this user, process ends.
When if authentication result shows the subscriber identity information authentication success, Subscriber Interface Module SIM can be " logining successfully " to the information that client sends; Under this situation, Subscriber Interface Module SIM is waited for the configuration-direct information of user based on the client input, execution in step 37.
Step 37, client send instruction (Command) to Subscriber Interface Module SIM and carry out request, and this instruction is carried out request and comprised that the user wishes the configuration-direct information of carrying out.
The user can wish self that the configuration-direct information of carrying out is encapsulated in instruction and carries out in the request, and should instruct the request of execution to send to Subscriber Interface Module SIM by client.
Step 38, Subscriber Interface Module SIM send the authorization by instruction request to the AAA client, and the user wishes the configuration-direct information carried out in this authorization by instruction request.
Subscriber Interface Module SIM is after request is carried out in the instruction that receives the client transmission, obtain the configuration-direct information in this instruction execution request, configuration-direct information is carried at sends to the AAA client in the authorization by instruction request, be used for asking the AAA client that the configuration-direct information of this authorization by instruction request is carried out authorisation process.
Step 39, AAA client send authorization by instruction (Authorization) request to aaa server, comprise in this authorization by instruction request that the user wishes the configuration-direct information of carrying out.
The AAA client is resolved the authorization by instruction request that receives, obtain the configuration-direct information of carrying in this authorization by instruction request, and the configuration-direct information that obtains is packaged into the authorization by instruction request that AAA realizes agreement of following, as follow the authorization by instruction request of TACACS+ agreement, the authorization by instruction request is sent to aaa server, be used for asking aaa server that the configuration-direct information that this authorization by instruction request comprises is carried out authorisation process.
Step 310, aaa server carry out authorisation process to the configuration-direct information that comprises in the authorization by instruction request, and Authorization result are sent to the AAA client; This Authorization result is carried in and sends to the AAA client in the authorization by instruction return messages.
Store the valid instruction information that the Keepalived program is supported on the aaa server in advance.When aaa server receives the authorization by instruction request of AAA client transmission, valid instruction information according to storage is in advance carried out authorisation process to the configuration-direct information that comprises in the authorization by instruction request, and Authorization result is packaged into follows the packet that AAA realizes agreement, as the packet of following the TACACS+ agreement sends to the AAA client.If when Authorization result showed this configuration-direct information mandate success, aaa server can comprise to the Authorization result that the AAA client sends: the announcement information of authorization by instruction success etc.When if Authorization result shows this configuration-direct information authorization failure, aaa server can comprise to the Authorization result that the AAA client sends: the announcement information of authorization by instruction failure etc.
Step 311, AAA client receive the Authorization result that aaa server sends, and will receive Authorization result and send to Subscriber Interface Module SIM; Authorization result is carried in and sends to user's receiver module in the authorization by instruction return messages.
The AAA client is resolved the packet of following AAA realization agreement that aaa server sends, and obtains the Authorization result that this packet comprises, and Authorization result is sent to Subscriber Interface Module SIM.
Step 312, Subscriber Interface Module SIM receive Authorization result, carry out respective handling according to Authorization result; For example: if authentication result shows when the mandate of configuration-direct information is successful that Subscriber Interface Module SIM sends to instruct to resolve to carry out to the instruction translation module and asks, this instruction is resolved in the execution request and is comprised the configuration-direct information of successfully authorizing, execution in step 313; When if authentication result shows configuration-direct information authorization failure, Subscriber Interface Module SIM generates and authorization failure information corresponding prompt information, send to client and this instruction of refusal execution, afterwards, Subscriber Interface Module SIM can wait for that the user imports next bar configuration-direct.When Subscriber Interface Module SIM receives the new configuration-direct of user's input, can be to this new configuration-direct repeated execution of steps 37~step 312 (Fig. 3 is not shown).
The request of execution is resolved in the instruction that step 313, instruction translation module parses Subscriber Interface Module SIM send, if resolve successfully, can obtain configuration-direct information, and the configuration-direct that parsing obtains translated into the operation instruction information that LVS supports, send fill order to LVS, be used to indicate LVS to carry out and the operational order corresponding action execution in step 314.If the failure of instruction translation module parses then sends the announcement information of resolving failure to Subscriber Interface Module SIM, will resolve the result notification of failure by Subscriber Interface Module SIM and give user's (Fig. 3 is not shown).
Step 314, LVS carry out and the operational order corresponding action that receives, and execution result is sent to the instruction translation module.
Can store the mapping relations between the operational order that legal configuration-direct and Keepalived program support on the instruction translation module in advance, according to these mapping relations, configuration-direct with the success mandate, be that valid instruction is translated into corresponding operational order, and LVS is carried out and the corresponding configuration operation of operational order.
Illustrate one: the configuration-direct that the instruction translation module receives is " deletion Virtual Service XXX instruction ", the instruction translation module is then according to the mapping relations of storing in advance, this configuration-direct is translated into corresponding operational order, as " in the deletion Keepalived application configuration file about Virtual Service XXX one section content ", the operational order after the translation is sent to LVS.LVS calls Keepalived application configuration file according to this operational order, and deletes in this configuration file the corresponding contents about Virtual Service XXX.Behind the corresponding contents about Virtual Service XXX in the LVS deletion Keepalived application configuration file, the execution result that deletion is finished sends to the instruction translation module.
Illustrate two: the mapping relations example between the operational order that legal configuration-direct of storing on the instruction translation module and LVS support can be as shown in table 1:
Mapping relations example between legal configuration-direct of table 1 and the operational order
The valid instruction title Function Parameter Operational order (action)
Rename Name(X,Y) X=A,Y=B X is revised as Y
In the table 1, suppose a certain validated user input through the aaa server success identity and the valid instruction of successfully authorizing through aaa server be the instruction that renames " Name (X; Y) ", X is used for representing the current title of a certain physical server of LVS, is " A " as current title X; Instruction " Name (X, the Y) " instruction corresponding that renames is " X is revised as Y ", and being about to the name modifications that current name is called the physical server of X is Y, is " B " as the title Y after the change.
The configuration-direct that the instruction translation module receives is " renaming ", the instruction translation module is then according to the mapping relations shown in the table 1, this configuration-direct is translated into the corresponding operating instruction that LVS supports, as " the title X of a certain physical server is revised as Y ", operational order after the translation sent to LVS instruct corresponding configuration operation so that LVS carries out with this aforesaid operations, perhaps, the instruction translation module can be carried out with aforesaid operations LVS and instruct corresponding configuration operation.
But owing on the configuration information record profile of LVS, therefore, can make amendment to the LVS configuration information by LVS self or by the instruction translation module.Revise the situation of configuration information for LVS self, LVS can call Keepalived application configuration file according to this operational order, and revises in this configuration file the title about this physical server.After the title of respective physical server, the execution result of finishing renaming sends to the instruction translation module in the LVS change Keepalived application configuration file.For the situation that the instruction translation module is made amendment to the LVS configuration information, be equivalent to instruction translation module accesses LVS, and call the Keepalived application configuration file on the LVS, change in this configuration file title about this physical server.
Step 315, instruction translation module send to Subscriber Interface Module SIM with execution result, and this execution result is carried in the instruction parsing execution return messages and sends to Subscriber Interface Module SIM.
Step 316, Subscriber Interface Module SIM feed back to client with the execution result that receives with readable form.
By above-mentioned analysis as can be known, present embodiment can adopt the collocation method that is similar to standard network device, is managed for configuration for the LVS that is integrated with the Keepalived program, has following advantage:
(1) unified interface shape:, help reducing the cost that the network management personnel carries out network operation with the user interface of the consistent form of standard network device;
(2) user management easily: introduce aaa authentication mechanism, need not every station server and all set up the user, only need create the user and get final product in the aaa server side;
(3) shirtsleeve operation: based on the configuration of instruction realization LVS, reduce the complexity of configuration operation, and the misoperation probability;
(4) introduced the licensing scheme that instructs: introduce aaa authentication, other is authorized to realize the user instruction level, helps improving the fail safe of operation;
(5) Fu Wu flexibility: through " encapsulation " to LVS, improved the flexibility of service routine, though present embodiment is the collocation method of example explanation LVS with the integrated Keepalived program of LVS, but it will be appreciated by those skilled in the art that, technical solution of the present invention also is applicable to the LVS that is integrated with other service routines, at this moment, only need the mapping relations between the operational order that the legal configuration-direct stored on the corresponding modify instruction translation module and new service routine support get final product, implementation is very flexible and transparent fully to the user.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, and module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the device among the embodiment can be described according to embodiment and be distributed in the device of embodiment, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that previous embodiment is put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of embodiment of the invention technical scheme.

Claims (7)

1. a Linux virtual server configuration-system comprises the Linux virtual server, it is characterized in that, also comprises: Subscriber Interface Module SIM, authentication and authorization charging client and instruction translation module;
The configuration-direct information that described Subscriber Interface Module SIM is used for receiving sends to described authentication and authorization charging client; Receiving Authorization result that described authentication and authorization charging client returns when representing described configuration-direct information mandate success, sends the successfully configuration-direct information of mandate to described instruction translation module;
Described authentication and authorization charging client is used for the described configuration-direct information that described Subscriber Interface Module SIM sends is sent to authentication and authorization charging server, for described authentication and authorization charging server described configuration-direct information is carried out authorisation process; The Authorization result that described authentication and authorization charging server is returned sends to described Subscriber Interface Module SIM;
Described instruction translation module is used for the configuration-direct that the described success of described Subscriber Interface Module SIM transmission is authorized is translated into the operational order that described Linux virtual server is supported, and carries out or notify described Linux virtual server execution and the corresponding configuration operation of described operational order.
2. Linux virtual server configuration-system according to claim 1 is characterized in that,
The subscriber identity information that described Subscriber Interface Module SIM also is used for receiving sends to described authentication and authorization charging client; When the authentication result that receives is represented the subscriber identity information authentication success of described reception, send the configuration-direct information of described reception to described authentication and authorization charging client;
Described authentication and authorization charging client is used for the described subscriber identity information that described Subscriber Interface Module SIM sends is sent to authentication and authorization charging server, for described authentication and authorization charging server described subscriber identity information is carried out authentication processing.
3. Linux virtual server configuration-system according to claim 1 is characterized in that, described instruction translation module comprises:
Memory cell is used to store the mapping relations between the operational order that legal configuration-direct and described Linux virtual server support;
Translation unit is used for the described mapping relations according to described cell stores, and the configuration-direct that success is authorized is translated into corresponding described operational order;
Dispensing unit, be used for described Linux virtual server is carried out and the corresponding configuration operation of described operational order, perhaps, be used for described operational order is sent to described Linux virtual server, carry out and the corresponding configuration operation of described operational order for described Linux virtual server.
4. a Linux virtual server collocation method is characterized in that, comprising:
Receive configuration-direct information;
The configuration-direct information of described reception is sent to authentication and authorization charging server, described configuration-direct information is carried out authorisation process for described authentication and authorization charging server;
The configuration-direct that success is authorized is translated into the operational order that the Linux virtual server is supported, and described Li nux virtual server is carried out and the corresponding configuration operation of described operational order.
5. Linux virtual server collocation method according to claim 4 is characterized in that, the configuration-direct information of described reception is sent to before the authentication and authorization charging server, also comprises:
Receive subscriber identity information;
The subscriber identity information of described reception is sent to authentication and authorization charging server, described subscriber identity information is carried out authentication processing for described authentication and authorization charging server.
6. Linux virtual server collocation method according to claim 5 is characterized in that, the configuration-direct information of described reception is sent to authentication and authorization charging server, comprising:
When the subscriber identity information success identity of described reception, the configuration-direct information of described reception is sent to authentication and authorization charging server.
7. Linux virtual server collocation method according to claim 4 is characterized in that, the described configuration-direct that success is authorized is translated into the operational order that described Linux virtual server is supported, comprising:
According to the mapping relations between the operational order of configuration-direct of setting up in advance and the support of described Linux virtual server, the configuration-direct that described success is authorized is translated into corresponding described operational order.
CN200910086114.1A 2009-06-02 2009-06-02 Configuration method and system of Linux virtual server Active CN101908967B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910086114.1A CN101908967B (en) 2009-06-02 2009-06-02 Configuration method and system of Linux virtual server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910086114.1A CN101908967B (en) 2009-06-02 2009-06-02 Configuration method and system of Linux virtual server

Publications (2)

Publication Number Publication Date
CN101908967A true CN101908967A (en) 2010-12-08
CN101908967B CN101908967B (en) 2014-02-19

Family

ID=43264294

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910086114.1A Active CN101908967B (en) 2009-06-02 2009-06-02 Configuration method and system of Linux virtual server

Country Status (1)

Country Link
CN (1) CN101908967B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916841A (en) * 2012-10-30 2013-02-06 北京奇虎科技有限公司 Operation system and operation management system of virtual server
CN102932178A (en) * 2012-10-30 2013-02-13 北京奇虎科技有限公司 Method for realizing LVS (Linux virtual server) automatic operation and maintenance and operation and maintenance management equipment
CN102970375A (en) * 2012-12-05 2013-03-13 曙光信息产业(北京)有限公司 Cluster configuration method and device
CN104660570A (en) * 2013-11-22 2015-05-27 华耀(中国)科技有限公司 Extensible AAA communication system and method
TWI715047B (en) * 2019-05-22 2021-01-01 華南商業銀行股份有限公司 Inspection and correction system of server's configuration and method of inspecting and correcting server's configuration
TWI746361B (en) * 2019-05-22 2021-11-11 華南商業銀行股份有限公司 Inspection and correction system of server's configuration based on hash algorithm and method thereof
TWI752813B (en) * 2019-05-22 2022-01-11 華南商業銀行股份有限公司 Inspection and correction system of server's configuration based on touch operation and method thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100505633C (en) * 2003-05-28 2009-06-24 东华大学 Wideband network access intelligent control system and method
CN1298145C (en) * 2003-12-24 2007-01-31 中兴通讯股份有限公司 Control device and method for realizing broad band connecting server multiple business united interface
CN100573456C (en) * 2007-12-10 2009-12-23 华中科技大学 A kind of paralleling multi-processor virtual machine system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916841A (en) * 2012-10-30 2013-02-06 北京奇虎科技有限公司 Operation system and operation management system of virtual server
CN102932178A (en) * 2012-10-30 2013-02-13 北京奇虎科技有限公司 Method for realizing LVS (Linux virtual server) automatic operation and maintenance and operation and maintenance management equipment
CN102916841B (en) * 2012-10-30 2015-07-22 北京奇虎科技有限公司 Operation system and operation management system of virtual server
CN104993950A (en) * 2012-10-30 2015-10-21 北京奇虎科技有限公司 Virtual server operation method and operation management system
CN102932178B (en) * 2012-10-30 2016-07-13 北京奇虎科技有限公司 A kind of method realizing LVS automatization O&M and a kind of operation management equipment
CN104993950B (en) * 2012-10-30 2019-03-05 北京奇虎科技有限公司 Virtual server O&M method and operation management system
CN102970375A (en) * 2012-12-05 2013-03-13 曙光信息产业(北京)有限公司 Cluster configuration method and device
CN104660570A (en) * 2013-11-22 2015-05-27 华耀(中国)科技有限公司 Extensible AAA communication system and method
TWI715047B (en) * 2019-05-22 2021-01-01 華南商業銀行股份有限公司 Inspection and correction system of server's configuration and method of inspecting and correcting server's configuration
TWI746361B (en) * 2019-05-22 2021-11-11 華南商業銀行股份有限公司 Inspection and correction system of server's configuration based on hash algorithm and method thereof
TWI752813B (en) * 2019-05-22 2022-01-11 華南商業銀行股份有限公司 Inspection and correction system of server's configuration based on touch operation and method thereof

Also Published As

Publication number Publication date
CN101908967B (en) 2014-02-19

Similar Documents

Publication Publication Date Title
CN103384237B (en) Method for sharing IaaS cloud account, shared platform and network device
US11283805B2 (en) Cloud device account configuration method, apparatus and system, and data processing method
CN101908967B (en) Configuration method and system of Linux virtual server
US20170264610A1 (en) Data processing method and apparatus based on mobile application entrance and system
CN111147453A (en) System login method and integrated login system
CN104243154A (en) Server user authority centralized control system and server use authority centralized control method
US20140129833A1 (en) Management of secure data in cloud-based network
EP2706700A1 (en) Computer account management system and implementation method thereof
EP3316544A1 (en) Token generation and authentication method, and authentication server
CN110401655A (en) Access control right management system based on user and role
CN106713406A (en) Method and system for accessing to slice network
CN102710419B (en) User authentication method and device
CN108092945B (en) Method and device for determining access authority and terminal
CN106844111B (en) Access method of cloud storage network file system
CN110049048B (en) Data access method, equipment and readable medium for government affair public service
CN101764808B (en) Authentication processing method and system for automatic login as well as server
CN110830574B (en) Method for realizing intranet load balance based on docker container
CN106559389A (en) A kind of Service Source issue, call method, device, system and cloud service platform
CN101378329B (en) Distributed business operation support system and method for implementing distributed business
CN113132402A (en) Single sign-on method and system
CN106899564A (en) A kind of login method and device
US10743247B2 (en) Network access control method, apparatus, and device
CN105100068A (en) System and method for realizing single sign-on
CN105872077A (en) Cross-system file sharing method based on SMB protocol
CN113765963A (en) Data processing method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant