实现目标:
1,借助ldirectord工具实现两台director节点备份;
2,当某RealServer或其web服务出现故障时,Director能自动将其隔离,并在RealServer的web服务恢复时自动将其重新上线;期望将时间控制在5秒钟之内(此过程通过脚本实现)
前提:
VIP 172.16.4.1
Master 172.16.4.10
Backup 172.16.4.20
Trans1 192.168.4.10
Trans2 192.168.4.20
Realserver1 172.16.4.11
Realserver2 172.16.4.22
(此实验是基于虚拟机环境实现,其中trans1,和trans2是用于director相互传递心跳信息,这里我们将其放在同一区域vmnet5中)
准备环境:
1,在两个director上配置(以下操作在两台节点上均需要配置):
#vim /etc/sysconfig/network
主机名为node1.a.com
#vim /etc/hosts
172.16.4.10 node1.a.com node1
172.16.4.20 node2.a.com node2
方便两个director传递心跳信息,配置无密码通信:
#ssh-keygen -t rsa
#ssh-copy-id -i/ .ssh/id_rsa.pub root@node2.a.com
2,在realservers上安装测试服务httpd:
#yum install httpd
为了方便测试设置两个页面:
- #echo "<h1>I&#39;m realserver1,welcome toh1>" > /var/www/html/index.html
- #echo "<h1>I&#39;m realserver2,welcome toh1>" > /var/www/html/index.html
- #echo "<h1>okh1> > /var/www/html/.test.html
- #echo "<h1>okh1>" > /var/www/html/.test.html
- # service httpd restart
- # elinks http://172.16.4.22 --dump //测试网页是否正常显示
- I&#39;m realserver2,welcome to //说明服务正常
一、在director上安装ipvadm的软件包&#xff1a;
#rpm -ivh ipvsadm.i386
安装heartbeat软件包&#xff1a;
heartbeat-2.1.4-9.el5.i386.rpm
heartbeat-devel-2.1.4-9.el5.i386.rpm
heartbeat-gui-2.1.4-9.el5.i386.rpm
heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
heartbeat-pils-2.1.4-10.el5.i386.rpm
heartbeat-stonith-2.1.4-10.el5.i386.rpm
libnet-1.1.4-3.el5.i386.rpm
perl-MailTools-1.77-1.el5.noarch.rpm
这些软件包需从网上下载
本地安装软件包&#xff1a;
- #yum localinstall --nogpgcheck heartbeat-2.1.4-9.el5.i386.rpm
- #yum localinstall --nogpgcheck heartbeat-devel-2.1.4-9.el5.i386.rpm
- #yum localinstall --nogpgcheck heartbeat-gui-2.1.4-9.el5.i386.rpm
- #yum localinstall --nogpgcheck heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
- #yum localinstall --nogpgcheck heartbeat-pils-2.1.4-10.el5.i386.rpm
- #yum localinstall --nogpgcheck heartbeat-stonith-2.1.4-10.el5.i386.rpm
- #yum localinstall --nogpgcheck libnet-1.1.4-3.el5.i386.rpm
- #yum localinstall --nogpgcheck perl-MailTools-1.77-1.el5.noarch.rpm
二、配置相关文件
# cp /usr/share/doc/heartbeat-2.1.4/{authkeys, ha.cf, haresources} /etc/ha.d/
#cp /usr/share/doc/heartbeat-ldirectord-2.1.4/ldirectord.cf /etc/ha.d/
1,配置authkeys文件
#cd /etc/ha.d/
#vim authkeys
auth 2
2 sha1 kfjhkjdfhladfh //sha1后面的字符串是随机的(可以随便输入)
#chmod 400 authkeys //此处改变此文件的属性为400或600&#xff0c;不然无法启动heartbeat
2&#xff0c;配置ha.cf文件
#vim ha.cf
- debugfile /var/log/ha-debug //调试日志的文件存放位置
- logfile /var/log/ha-log //启动及运行时产生的日志存放的位置&#xff08;此功能非常重要&#xff09;
- logfacility local0 // Facility to use for syslog()/logger
- keepalive 2 //指定心跳间隔时间即每隔2秒钟在eth1上发送一次广播
- deadtime 30 //指定若备用节点在30内没有收到主节点的心跳信号&#xff0c;则立即接管主节点的服务资源
- warntime 10 //指定心跳延迟的时间为10秒。当10秒钟内备份节点不能接收到主节点的心跳信号时&#xff0c;就会往日志中写入一个警告日志&#xff0c;但此时不会切换服务
- initdead 120 //在某些系统上&#xff0c;系统启动或重启之后需要经过一段时间网络才能正常工作&#xff0c;该选项用于解决这种情况产生的时间间隔。取值至少为deadtime的两倍
- udpport 694 //开放防火墙694端口
- ucast eth1 192.168.4.20 //检测对端心跳接口的地址
- bcast eth1 //广播心跳信息的网卡
- auto_failback on //默认设置
- node node1.a.com //配置director主节点&#xff0c;且与uname -n保持一致
- node node2.a.com //配置director备份节点
3&#xff0c;配置director脚本
#vim /etc/init.d/ipvs
- #!/bin/bash
- #
- # LVS script for VS/DR
- #
- . /etc/rc.d/init.d/functions
- VIP&#61;172.16.4.1
- RIP1&#61;192.168.0.50
- RIP2&#61;192.168.0.60
- PORT&#61;80
- case "$1" in
- start)
- echo " start LVS "
- /sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
- /sbin/route add -host $VIP dev eth0:1
- echo 1 > /proc/sys/net/ipv4/ip_forward
- /sbin/iptables -F
- /sbin/iptables -Z
- /sbin/ipvsadm -C
- /sbin/ipvsadm -A -t $VIP:80 -s wlc
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g -w 1
- /sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g -w 2
- /bin/touch /var/lock/subsys/ipvsadm &> /dev/null
- ;;
- stop)
- echo "close LVS Director"
- echo 0 > /proc/sys/net/ipv4/ip_forward
- /sbin/ipvsadm -C
- /sbin/ifconfig eth0:1 down
- /sbin/route del $VIP
- /bin/rm -f /var/lock/subsys/ipvsadm
- echo "ipvs is stopped..."
- ;;
- status)
- if [ ! -e /var/lock/subsys/ipvsadm ]; then
- echo "ipvsadm is stopped ..."
- else
- echo "ipvs is running ..."
- ipvsadm -L -n
- fi
- ;;
- *)
- echo "Usage: $0 {start|stop|status}"
- ;;
- esac
#chmod &#43;x /etc/init.d/ipvs
4,配置realservers的脚本&#xff08;运行此脚本能够实现快速配置realservers&#xff09;
#vim /etc/init.d/realserver.sh
- #!/bin/bash
- #
- . /etc/rc.d/init.d/functions
- VIP&#61;172.16.4.1
- host&#61;&#96;/bin/hostname&#96;
- case "$1" in
- start)
- echo "Start LVS-DR real server on this machine."
- /sbin/ifconfig lo down
- /sbin/ifconfig lo up
- echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
- echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
- sysctl –p
- /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
- /sbin/route add -host $VIP dev lo:0
- ;;
- stop)
- echo "Stop LVS-DR real server loopback device(s)."
- /sbin/ifconfig lo:0 down
- echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
- echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
- echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
- echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
- ;;
- status)
- echo "Status of LVS-DR real server."
- islothere&#61;&#96;/sbin/ifconfig lo:0 | grep $VIP&#96;
- isrothere&#61;&#96;netstat -rn | grep "lo:0" | grep $VIP&#96;
- if [ ! "$islothere" -o ! "isrothere" ];then
- echo "LVS-DR real server Stopped."
- else
- echo "LVS-DR real server Running."
- fi
- ;;
- *)
- echo "$0: Usage: $0 {start|status|stop}"
- exit 1
- ;;
- esac
#chmod &#43;x /etc/init.d/realserver.sh
5,配置heartbeat文件
#vim /etc/ha.d/haresources
node1.a.com 172.16.4.1 ipvs ldirectord
注&#xff1a;node1.a.com是主节点的计算机名&#xff0c;172.16.4.1是VIP地址&#xff0c;ipvs和ldirectord是两个脚本&#xff0c;ipvs能够实现lvs—DR模型的基本设置&#xff0c;并设置相应的ipvsadm规则&#xff1b;ldirectord是一个软件工具安装的启动脚本&#xff0c;能够实现监控realservers的状态&#xff1b;Herartbeat默认寻找程序的路径为 &#xff1a;/etc/rc.d/init.d/ 和/etc/ha.d&#xff0c;heartbeat会实时监控两个节点的心跳信息&#xff0c;当主节点宕机或备份节点宕机时&#xff0c;会立即启用另一节点。
6,修改ldirectord.cf文件
#vim /etc/ha.d/ldirectord.cf
- checktimeout&#61;3 //检测超时时间
- checkinterval&#61;1 //检测间隔时间
- autoreload&#61;yes //是否重新载入客户机&#xff0c;这里我们选择重新载入
- logfile&#61;"/var/log/ldirectord.log" //日志路径
- logfile&#61;"local0"
- quiescent&#61;no
- virtual&#61;172.16.4.1:80 //指定VIP地址&#xff0c;并监听80端口
- real&#61;172.16.4.11:80 gate //设置realserverIP地址和并设置为路由模式
- real&#61;172.16.4.22:80 gate
- fallback&#61;127.0.0.1:80 gate
- service&#61;http //我们这里测试的服务是http
- request&#61;".test.html" //这个文件一定要在realserver的web网页目录中存在&#xff0c;并且能够正常访问的&#xff0c;ipvs通过它来判断客户端是否存活
- receive&#61;"ok" //设置测试网页的文件内容
- scheduler&#61;wlc //设定算法为wlc
- protocol&#61;tcp //基于tcp协议
- checktype&#61;negotiate // ldirectord进程用于监控Realserver的方法
- checkport&#61;80 //检查的端口
7&#xff0c;将以上的配置文件拷贝给备份director节点上
#scp /etc/ha.d/{authkeys,ha.cf,haresources} node2:/etc/ha.d/
注意这三个文件除ha.cf中的监听地址需要改为 ucast eth1 192.168.4.10&#xff0c;其他的文件不需要改变。
#scp /etc/init.d/ipvs node2:/etc/init.d/
8,将realservers脚本拷贝给另一台服务器
#scp /etc/init.d/realserver.sh 172.16.4.22:/etc/init.d/
9&#xff0c;启动服务
- # /etc/init.d/heartbeat start
- # ssh node2 -- &#39;/etc/init.d/heartbeat start&#39; //通过ssh启动另一台节点的heartbeat
- # /etc/init.d/ldirectord start
- # ssh node2 -- &#39;/etc/init.d/ldirectord start&#39;
- #/etc/init.d/ipvs start
- #/etc/init.d/realserver.sh start
10&#xff0c;测试服务
在浏览器中输入http://172.16.4.1
出现页面如下&#xff1a;
监控脚本&#xff1a;
#vim /etc/init.d/.watch.sh
- #!/bin/bash
- #
- declare -a RIP&#61;(172.16.4.11 172.16.4.22)
- SERVICE&#61;&#39;-t 172.16.4.1:80&#39;
- MAILBOX&#61;root&#64;a.com
- WEIGHT&#61;2
- MONITOR() {
- MON&#61;&#96;elinks --dump http://$1/.test.html |tr &#39;a-z&#39; &#39;A-Z&#39; |grep "OK" |awk &#39;{print $1}&#39;&#96;
- if [ "$MON" &#61; &#39;OK&#39; ];then
- ipvsadm -Ln | grep $1 > /dev/null || ipvsadm -a $SERVICE -r $1 -g -w $WEIGHT
- else
- sleep 2
- if [ "$MON" &#61; &#39;OK&#39; ]; then
- ipvsadm -Ln | grep $1 > /dev/null && ipvsadm -d $SERVICE -r $1
- echo "The realserver $1 has been down." && mail -s "$1 down." $MAILBOX
- fi
- fi
- }
- while true ;do
- let N&#61;0
- for I in ${RIP[$N]};do
- MONITOR $I
- let N&#43;&#43;
- done
- sleep 3
- done
#chmod &#43;x /etc/init.d/.watch.sh
将其加入到启动服务队列&#xff1a;
#vim /etc/init.d/monitor
- #!/bin/bash
- #
- case "$1" in
- start)
- echo "start monitor......."
- /etc/init.d/.watch.sh &
- ;;
- stop)
- echo "stop monitor....."
- killall .watch.sh
- ;;
- esac
#chmod &#43;x !$
#service monitor start
#chkconfig --add monitor
Ps:1&#xff0c;笔者在调试director时&#xff0c;出现了当一个节点宕掉后&#xff0c;另一节点无法获得信息&#xff0c;最后发现两主机间的时间不能同步&#xff1b;
2&#xff0c;由于自己安装的是中文语言包&#xff0c;无法通过ssh使用图形界面heartbeat图形工具&#xff0c;建议如果有想采用图形化界面配置的话&#xff0c;最好选择安装相应的语言包&#xff1b;但同时你也可以进入虚拟机内的图形界面使用#hb_gui &进行配置&#xff1b;
3&#xff0c;在模拟一个realservers宕掉后&#xff0c;节点的监控作用无法启用&#xff0c;笔者这里自己编写一个监控脚本&#xff0c;有兴趣的可以尝试。
参考文档&#xff1a;http://deanlinux.blog.51cto.com/2671049/662220
http://gsliuyang.blog.51cto.com/286500/223912/