LVS+Heartbeat 高可用集羣方案操做記錄

 

以前分別介紹了LVS基礎知識Heartbeat基礎知識, 今天這裏簡單說下LVS+Heartbeat實現高可用web集羣方案的操做說明.html

Heartbeat 項目是 Linux-HA 工程的一個組成部分,它實現了一個高可用集羣系統。心跳服務和集羣通訊是高可用集羣的兩個關鍵組件,在 Heartbeat 項目裏,由 heartbeat 模塊實現了這兩個功能。node

Heartbeat的高可用集羣採用的通訊方式是udp協議和串口通訊,並且heartbeat插件技術實現了集羣間的串口、多播、廣播和組播通訊。它實現了HA 功能中的核心功能——心跳,將Heartbeat軟件同時安裝在兩臺服務器上,用於監視系統的狀態,協調主從服務器的工做,維護系統的可用性。它能偵測服務器應用級系統軟件、硬件發生的故障,及時地進行錯誤隔絕、恢復;經過系統監控、服務監控、IP自動遷移等技術實如今整個應用中無單點故障,簡單、經濟地確保重要的服務持續高可用性。   Heartbeat採用虛擬IP地址映射技術實現主從服務器的切換對客戶端透明的功能。可是單一的heartbeat是沒法提供健壯的服務的,因此這裏結合使用lvs進行負載均衡。linux

LVS是Linux Virtual Server的簡寫, 意即Linux虛擬服務器,是一個虛擬的服務器集羣系統。說到lvs就得提到ipvs (ipvsadm命令),ipvs 是 lvs集羣系統的核心軟件,它的主要做用是安裝在 Load Balancer 上,把發往 Virtual IP 的請求轉發到 Real Server 上。nginx

ldirectord是配合lvs做爲一種健康檢測機制,要不負載均衡器在節點掛掉後依然沒有檢測的功能。web

案例架構草圖以下:算法

1) 基本環境準備 (centos6.9系統)shell

172.16.60.206(eth0)    HA主節點(ha-master)       heartbeat, ipvsadm, ldirectord
172.16.60.207(eth0)    HA備節點(ha-slave)        heartbeat, ipvsadm, ldirectord
172.16.60.111          VIP地址
172.16.60.204(eth0)    後端節點1(rs-204)         nginx, realserver
172.16.60.205(eth0)    後端節點2(rs-205)         nginx, realserver

1) 關閉防火牆和selinux (四臺節點機都操做)
[root@ha-master ~]# /etc/init.d/iptables stop
[root@ha-master ~]# setenforce 0
[root@ha-master ~]# vim /etc/sysconfig/selinux 
SELINUX=disabled

2) 設置主機名和綁定hosts (兩臺HA節點機器都操做)
主節點操做
[root@ha-master ~]# hostname ha-master
[root@ha-master ~]# vim /etc/sysconfig/network
HOSTNAME=ha-master
[root@ha-master ~]# vim /etc/hosts
172.16.60.206 ha-master
172.16.60.207 ha-slave

備節點操做
[root@ha-slave ~]# hostname ha-slave
[root@ha-slave ~]# vim /etc/sysconfig/network
HOSTNAME=ha-slave
[root@ha-slave ~]# vim /etc/hosts
172.16.60.206 ha-master
172.16.60.207 ha-slave

3) 設置ip路由轉發功能 (四臺節點機器都設置)
[root@ha-master ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@ha-master ~]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1
[root@ha-master ~]# sysctl -p

2) 安裝配置 Heartbeat  (兩臺HA節點機都操做)vim

1) 首先安裝heartbeat (HA主備兩個節點都要一樣操做)
分別下載epel-release-latest-6.noarch.rpm 和 ldirectord-3.9.5-3.1.x86_64.rpm
下載地址: https://pan.baidu.com/s/1IvCDEFLCBYddalV89YvonQ
提取密碼: gz53
  
[root@ha-master ~]# ll epel-release-latest-6.noarch.rpm
-rw-rw-r-- 1 root root 14540 Nov  5  2012 epel-release-latest-6.noarch.rpm
[root@ha-master ~]# ll ldirectord-3.9.5-3.1.x86_64.rpm
-rw-rw-r-- 1 root root 90140 Dec 24 15:54 ldirectord-3.9.5-3.1.x86_64.rpm
  
[root@ha-master ~]# yum install -y epel-release
[root@ha-master ~]# rpm -ivh epel-release-latest-6.noarch.rpm --force
[root@ha-master ~]# yum install -y heartbeat* libnet
[root@ha-master ~]# yum install -y ldirectord-3.9.5-3.1.x86_64.rpm      #由於依賴比較多, 因此直接採用yum方式安裝
  
2) 配置heartbeat (HA主備兩個節點都要操做)
安裝完heartbeat後系統會生成一個/etc/ha.d/目錄,此目錄用於存放heartbeat的有關配置文件。
Heartbeat自帶配置文件的註釋信息較多,在此手工編寫有關配置文件,heartbeat經常使用配置文件有四個,分別是:
ha.cf:heartbeat主配置文件
ldirectord.cf:資源管理文件
haresources:本地資源文件
authkeys:認證文件
  
[root@ha-master ~]# cd /usr/share/doc/heartbeat-3.0.4/
[root@ha-master heartbeat-3.0.4]# cp authkeys ha.cf haresources /etc/ha.d/
  
[root@ha-master heartbeat-3.0.4]# cd /usr/share/doc/ldirectord-3.9.5
[root@ha-master ldirectord-3.9.5]# cp ldirectord.cf /etc/ha.d/
[root@ha-master ldirectord-3.9.5]# cd /etc/ha.d/
[root@ha-master ha.d]# ll
total 56
-rw-r--r-- 1 root root   645 Dec 24 21:37 authkeys
-rw-r--r-- 1 root root 10502 Dec 24 21:37 ha.cf
-rwxr-xr-x 1 root root   745 Dec  3  2013 harc
-rw-r--r-- 1 root root  5905 Dec 24 21:37 haresources
-rw-r--r-- 1 root root  8301 Dec 24 21:38 ldirectord.cf
drwxr-xr-x 2 root root  4096 Dec 24 21:28 rc.d
-rw-r--r-- 1 root root   692 Dec  3  2013 README.config
drwxr-xr-x 2 root root  4096 Dec 24 21:28 resource.d
-rw-r--r-- 1 root root  2082 Mar 24  2017 shellfuncs
  
3) 配置heartbeat的主配置文件ha.cf  (HA主備節點配置同樣)
[root@ha-master ha.d]# pwd
/etc/ha.d
[root@ha-master ha.d]# cp ha.cf ha.cf.bak
[root@ha-master ha.d]# > ha.cf
[root@ha-master ha.d]# vim ha.cf
debugfile /var/log/ha-debug
logfile /var/log/ha-log         #日誌存放位置
#crm yes                            #是否開啓集羣資源管理功能
logfacility        local0         #記錄日誌等級
keepalive 2                         #心跳的時間間隔,默認時間單位爲秒
deadtime 5                         #超出該時間間隔未收到對方節點的心跳,則認爲對方已經死亡。
warntime 3                         #超出該時間間隔未收到對方節點的心跳,則發出警告並記錄到日誌中,但此時不會切換
initdead 10          #在某些系統上,系統啓動或重啓以後須要通過一段時間網絡才能正常工做,該選項用於解決這種狀況產生的時間間隔。取值至少爲deadtime的兩倍。
udpport  694        #設置廣播通訊使用的端口,694爲默認使用的端口號。
bcast        eth0               # Linux指定心跳使用以太網廣播方式,並在eth0上進行廣播。"#"後的要徹底刪除,要否則要出錯。
ucast eth0 172.16.60.207       #採用網卡eth0的UDP多播來組織心跳,後面跟的IP地址應該爲雙機中對方的IP地址!!!!!
auto_failback on            #在該選項設爲on的狀況下,一旦主節點恢復運行,則自動獲取資源並取代備用節點。off主節點恢復後變爲備用節點,備用爲主節點!!!!!
#stonith_host *     baytech 10.0.0.3 mylogin mysecretpassword
#stonith_host ken3  rps10 /dev/ttyS1 kathy 0
#stonith_host kathy rps10 /dev/ttyS1 ken3 0
#watchdog /dev/watchdog         
node   ha-master           #主機節點名,可經過"uname -n"查看,默認爲主節點!!!!!
node   ha-slave              #備用機節點名,默認爲次節點,要注意順序!!!!
#ping 172.16.60.207         # 選擇ping節點,選擇固定路由做爲節點。ping節點僅用來測試網絡鏈接。通常選擇這行ping測試就行, 下面一行註釋掉.
ping_group group1 172.16.60.204 172.16.60.205     #這個地址並非雙機中的兩個節點地址,而是僅僅用來測試網絡的連通性. 當這兩個IP 都不能ping通時,對方即開始接管資源。
respawn root /usr/lib64/heartbeat/ipfail                    #選配項。其中rootr表示啓動ipfail進程的身份。要確保/usr/lib64/heartbeat/ipfail這個路徑正確(能夠用find命令搜索出來), 不然heartbeat啓動失敗
apiauth ipfail gid=root uid=root

============================舒適提示================================
HA備節點的ha.cf文件只須要將上面配置中的ucast一行內容改成"ucast eth0 172.16.60.206" 便可, 其餘配置內容和上面HA主節點的ha.cf徹底同樣!

4) 配置heartbeat的認證文件authkeys (HA主備節點配置必須一致)
[root@ha-master ~]# cd /etc/ha.d/
[root@ha-master ha.d]# cp authkeys authkeys.bak
[root@ha-master ha.d]# >authkeys
auth 3                                                      #auth後面指定的數字,下一行必須做爲關鍵字再次出現! 一共有"1", "2","3" 三行, 這裏選擇"3"關鍵字, 選擇"1"和"2"關鍵字也行, HA主備節點必須一致!
#1 crc
#2 sha1 HI!
3 md5 Hello!
  
必須將該文件受權爲600
[root@ha-master ha.d]# chmod 600 authkeys
[root@ha-master ha.d]# ll authkeys
-rw------- 1 root root 20 Dec 25 00:16 authkeys

5) 修改heartbeat的資源文件haresources (HA主備節點配置必須徹底一致)
[root@ha-slave ha.d]# cp haresources haresources.bak
[root@ha-slave ha.d]# >haresources
[root@ha-slave ha.d]# vim haresources          # 在文件結尾添加下面一行內容. 因爲該文件默認全是註釋,能夠先清空該文件, 而後添加下面這一行內容
ha-master IPaddr::172.16.60.111 ipvsadm ldirectord      

配置說明:
上面設置ha-maser爲主節點, 集羣VIP爲172.16.60.111, ipvsadm ldirectord爲所指定須要監視的應用服務.
這樣啓動heartbeat服務的時候, 會自動啓動ipvsadm和ldirectord服務.
ipvsadm服務的配置文件爲/etc/sysconfig/ipvsadm, 後面會配置這個.
ldirectord 服務的配置文件爲/etc/ha.d/ldirectord.cf, 後面會配置這個

6) 配置heartbeat的監控文件ldirectord.cf (HA主備節點配置必須徹底一致)
ldirectord,用於監控在lvs集羣的真實服務。ldirectord是和heartbeat相結合的一個服務,能夠做爲heartbeat的一個啓動服務。
Ldirectord 的做用是監測 Real Server,當 Real Server失效時,把它從 Load Balancer列表中刪除,恢復時從新添加。 
將ldrectord的配置文件複製到/etc/ha.d下,由於默認沒有放到這個路徑下, 而且在ldirectord.cf文件中要配置"quiescent=no" 。
 
[root@ha-master ha.d]# cp ldirectord.cf ldirectord.cf.bak
[root@ha-master ha.d]# vim ldirectord.cf
checktimeout=3      #斷定realserver出錯時間
checkinterval=1      #指定ldirectord在兩次檢查之間的間隔時間,即主從切換的時間間隔
autoreload=yes       #是否自動重載配置文件
logfile="/var/log/ldirectord.log"     #指定ldirectord的日誌文件路徑
#logfile="local0"
#emailalert="root@30920.cn" 
#emailalertfreq=3600
#emailalertstatus=all
quiescent=no        #若是一個realserver節點在checktimeout設置的時間週期內沒響應,將會被踢除,中斷現有客戶端的鏈接。 設置爲yes, 則出問題的realserver節點不會被踢出, 只是新的鏈接不能到達。

virtual=172.16.60.111:80     #指定虛擬IP,注意在virtual這行後面的行必須縮進一個tab字符進行標記!! 不然極有可能由於格式配置不正確而致使ldirectord啓動失敗
        real=172.16.60.204:80 gate   #gate爲lvs的DR模式,ipip表示TUNL模式,masq表示NAT模式
        real=172.16.60.205:80 gate   #當全部RS機器不能訪問的時候WEB重寫向地址; 即表示realserver所有失敗,vip指向本機80端口
        fallback=127.0.0.1:80 gate     #指定服務類型,這裏對HTTP進行負載均衡
        service=http         #指定服務類型,這裏對HTTP進行負載均衡
        scheduler=wlc      #指定調度算法,這裏的算法必定要和lvs腳本(/etc/sysconfig/ipvsadm)的算法同樣
        persistent=600     #持久連接:表示600s以內同一個客戶端ip將訪問同一臺realserver. 除非這個realserver出現故障,纔會將請求轉發到另外一個realserver
        #netmask=255.255.255.255
        protocol=tcp          # 指定協議
        checktype=negotiate   #指定檢查類型爲協商 (或者執行檢查類型爲negotiate, 表示經過交互來判斷服務是否正常)
        checkport=80        # 監控的端口
        request="lvs_testpage.html"   #請求監控地址, 這個文件必定要放到後端realserver監控端口的根目錄下, 即放到兩臺realserver的nginx根目錄下  
        receive="Test HA Page"      #指定請求和應答字符串,也就是上面lvs_testpage.html的內容
        #virtualhost=www.x.y.z       #虛擬服務器的名稱可任意指定

============================舒適提示======================================
配置如上,經過virtual來定義vip,接下來是定義real service的節點,fallback是當全部real掛掉後,訪問請求到本機的80端口上去,通常這個頁面顯示服務器正在維護等界面。
service表示;調度的服務,scheduler是調度算法,protocol是定義協議,checktype是檢查類型爲協商,checkport就是檢查的端口,也就是健康檢查。
 
上面在/etc/ha.d/ldirectord.cf文件裏定義了一個80端口的代理轉發, 若是還有其餘端口, 好比3306,
 則只須要在下面再添加一個"virtual=172.16.60.111:3306 ...."相似上面的配置便可! 配置案例在備份的ldirectord.cf.bak文件裏有.

ldirectord.cf文件的配置, 最好按照這個文件裏的配置範例去修改, 不要所有清空後自行添加, 不然容易由於配置格式問題致使ldirectord服務啓動失敗!

使用status查看ldirectord服務, 只要不出現報錯信息, 就說明ldirectord.cf文件配置沒有問題了!
[root@ha-master ha.d]# /etc/init.d/ldirectord status

3) 安裝配置 LVS  (兩臺HA節點機操做一致)後端

1) 安裝lvs依賴
[root@ha-master ~]# yum install -y libnl* popt*
  
查看是否加載lvs模塊
[root@ha-master ~]# modprobe -l |grep ipvs
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko
  
2) 下載並安裝LVS
[root@ha-master ~]# cd /usr/local/src/
[root@ha-master src]# unlink /usr/src/linux
[root@ha-master src]# ln -s /usr/src/kernels/2.6.32-431.5.1.el6.x86_64/ /usr/src/linux
[root@ha-master src]# wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
[root@ha-master src]# tar -zvxf ipvsadm-1.26.tar.gz
[root@ha-master src]# cd ipvsadm-1.26
[root@ha-master ipvsadm-1.26]# make && make install
  
LVS安裝完成,查看當前LVS集羣
[root@ha-master ipvsadm-1.26]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

3) 添加lvs的管理腳本(ipvsadm)
ipvsadm服務的配置文件是/etc/sysconfig/ipvsadm
[root@ha-master ha.d]# vim /etc/sysconfig/ipvsadm
#!/bin/bash 
# description: start LVS of DirectorServer 
#Written by :NetSeek http://www.linuxtone.org 
GW=172.16.60.1                                   #這個是VIP所在網段的網段地址
  
# website director vip. 
WEB_VIP=172.16.60.111   
WEB_RIP1=172.16.60.204 
WEB_RIP2=172.16.60.205 
 
  
. /etc/rc.d/init.d/functions 
  
logger $0 called with $1 
  
case "$1" in 
  
start) 
        # Clear all iptables rules. 
         /sbin/iptables -F 
        # Reset iptables counters. 
         /sbin/iptables -Z 
         # Clear all ipvsadm rules/services. 
         /sbin/ipvsadm -C 
  
 #set lvs vip for dr 
        /sbin/ipvsadm --set 30 5 60 
        /sbin/ifconfig eth0:0 $WEB_VIP broadcast $WEB_VIP netmask 255.255.255.255 up 
        /sbin/route add -host $WEB_VIP dev eth0:0 
                /sbin/ipvsadm -A -t $WEB_VIP:80 -s wlc -p 600 
                /sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP1:80 -g
                /sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP2:80 -g 

        touch /var/lock/subsys/ipvsadm >/dev/null 2>&1 
         
        # set Arp 
                /sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW >/dev/null 2>&1   
       ;; 
stop) 
        /sbin/ipvsadm -C 
        /sbin/ipvsadm -Z 
        ifconfig eth0:0 down 
        route del $WEB_VIP  >/dev/null 2>&1 
        rm -rf /var/lock/subsys/ipvsadm >/dev/null 2>&1 
                /sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW 
        echo "ipvsadm stoped" 
       ;; 
  
status) 
  
        if [ ! -e /var/lock/subsys/ipvsadm ];then 
                echo "ipvsadm is stoped" 
                exit 1 
        else 
                ipvsadm -ln 
                echo "..........ipvsadm is OK." 
        fi 
      ;; 
  
*) 
        echo "Usage: $0 {start|stop|status}" 
        exit 1 
esac 
  
exit 0


===============舒適提示=================
上面配置中的"-p 600"的意思是會話保持時間爲600秒,這個應該和ldirectord.cf文件配置一致 (還有lvs策略也要一致, 如這裏的lwc)

受權腳本執行權限
[root@ha-master ha.d]# chmod 755 /etc/sysconfig/ipvsadm

4) realserver 節點配置centos

1) 在realserver節點上編寫LVS啓動腳本 (兩個realserver節點操做徹底一致)
[root@rs-204 ~]# vim /etc/init.d/realserver
#!/bin/sh
VIP=172.16.60.111     
. /etc/rc.d/init.d/functions
      
case "$1" in
# 禁用本地的ARP請求、綁定本地迴環地址
start)
    /sbin/ifconfig lo down
    /sbin/ifconfig lo up
    echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
    /sbin/sysctl -p >/dev/null 2>&1
    /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up   
    /sbin/route add -host $VIP dev lo:0
    echo "LVS-DR real server starts successfully.\n"
    ;;
stop)
    /sbin/ifconfig lo:0 down
    /sbin/route del $VIP >/dev/null 2>&1
    echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "LVS-DR real server stopped.\n"
    ;;
status)
    isLoOn=`/sbin/ifconfig lo:0 | grep "$VIP"`
    isRoOn=`/bin/netstat -rn | grep "$VIP"`
    if [ "$isLoON" == "" -a "$isRoOn" == "" ]; then
        echo "LVS-DR real server has run yet."
    else
        echo "LVS-DR real server is running."
    fi
    exit 3
    ;;
*)
    echo "Usage: $0 {start|stop|status}"
    exit 1
esac
exit 0
  
  
啓動兩臺realserver節點的realserver腳本
[root@rs-204 ~]# chmod 755 /etc/init.d/realserver
[root@rs-204 ~]# ll /etc/init.d/realserver
-rwxr-xr-x 1 root root 1278 Dec 24 13:40 /etc/init.d/realserver
  
[root@rs-204 ~]# /etc/init.d/realserver start
LVS-DR real server starts successfully.\n
  
設置開機啓動
[root@rs-204 ~]# echo "/etc/init.d/realserver" >> /etc/rc.local
  
查看, 發現兩臺realserver節點上的lo:0上已經配置了vip地址
[root@rs-204 ~]# ifconfig
...........
lo:0      Link encap:Local Loopback
          inet addr:172.16.60.111  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
  
  
2) 接着部署兩臺realserver的web測試環境  (兩個realserver節點安裝操做一致)
採用yum方式安裝nginx (先安裝nginx的yum源)
[root@rs-204 ~]# rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
[root@rs-204 ~]# yum install nginx
  
realserver01的nginx配置
[root@rs-204 ~]# cd /etc/nginx/conf.d/
[root@rs-204 conf.d]# cat default.conf
[root@rs-204 conf.d]# >/usr/share/nginx/html/index.html
[root@rs-204 conf.d]# vim /usr/share/nginx/html/index.html
this is test page of realserver01:172.16.60.204
  
[root@rs-204 conf.d]# vim /usr/share/nginx/html/lvs_testpage.html
Test HA Page
  
[root@rs-204 conf.d]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]
[root@rs-204 conf.d]# lsof -i:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   31944  root    6u  IPv4  91208      0t0  TCP *:http (LISTEN)
nginx   31945 nginx    6u  IPv4  91208      0t0  TCP *:http (LISTEN)
  
realserver02的nginx配置
[root@rs-205 src]# cd /etc/nginx/conf.d/
[root@rs-205 conf.d]# cat default.conf
[root@rs-205 conf.d]# >/usr/share/nginx/html/index.html
[root@rs-205 conf.d]# vim /usr/share/nginx/html/index.html
this is test page of realserver02:172.16.60.205

[root@rs-205 conf.d]# vim /usr/share/nginx/html/lvs_testpage.html
Test HA Page
  
[root@rs-205 conf.d]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]
[root@rs-205 conf.d]# lsof -i:80
COMMAND   PID  USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
nginx   20839  root    6u  IPv4 289527645      0t0  TCP *:http (LISTEN)
nginx   20840 nginx    6u  IPv4 289527645      0t0  TCP *:http (LISTEN)
  
最後分別訪問realserver01和realserver02節點的nginx,:
訪問http://172.16.60.204/, 訪問結果爲"this is test page of realserver01:172.16.60.204"
訪問http://172.16.60.204/lvs_testpage.html, 訪問結果爲"Test HA Page"

訪問http://172.16.60.205/, 訪問結果爲"this is test page of realserver02:172.16.60.205"
訪問http://172.16.60.205/lvs_testpage.html, 訪問結果爲"Test HA Page"

5) 配置兩臺HA節點上轉發到自身80端口的頁面內容 (兩臺HA節點操做一致)

因爲在ldirectord.cf文件中配置了"fallback=127.0.0.1:80 gate", 即當後端realserver都發生故障時, 客戶端的訪問請求將轉發到LVS的HA節點自身的80端口上

[root@ha-master ~]# rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
[root@ha-master ~]# yum install nginx
  
realserver01的nginx配置
[root@ha-master ~]# cd /etc/nginx/conf.d/
[root@ha-master conf.d]# cat default.conf
[root@ha-master conf.d]# >/usr/share/nginx/html/index.html
[root@ha-master conf.d]# vim /usr/share/nginx/html/index.html
Sorry, the access is in maintenance for the time being. Please wait a moment.

[root@ha-master conf.d]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]
[root@ha-master conf.d]# lsof -i:80
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   31944  root    6u  IPv4  91208      0t0  TCP *:http (LISTEN)
nginx   31945 nginx    6u  IPv4  91208      0t0  TCP *:http (LISTEN)

訪問http://172.16.60.206/  或者 http://172.16.60.207
訪問結果爲"Sorry, the access is in maintenance for the time being. Please wait a moment."

6) 啓動heartbeat服務 (兩個HA節點都要操做)

啓動heartbeat服務的時候, 就會自帶啓動ipvsadm 和 ldirectord, 由於在/etc/ha.d/haresources文件裏配置了!
須要知道的是: 只有當前提供lvs轉發服務(即擁有VIP資源)的一方 才能在啓動heartbeat的時候, 自帶啓動ipvsadm 和 ldirectord! 

1) 先啓動HA主節點的heartbeat
[root@ha-master ~]# /etc/init.d/heartbeat start
Starting High-Availability services: INFO:  Resource is stopped
Done.

[root@ha-master ~]# ps -ef|grep heartbeat
root     20886     1  0 15:41 ?        00:00:00 heartbeat: master control process
root     20891 20886  0 15:41 ?        00:00:00 heartbeat: FIFO reader        
root     20892 20886  0 15:41 ?        00:00:00 heartbeat: write: bcast eth0  
root     20893 20886  0 15:41 ?        00:00:00 heartbeat: read: bcast eth0   
root     20894 20886  0 15:41 ?        00:00:00 heartbeat: write: ucast eth0  
root     20895 20886  0 15:41 ?        00:00:00 heartbeat: read: ucast eth0   
root     20896 20886  0 15:41 ?        00:00:00 heartbeat: write: ping_group group1
root     20897 20886  0 15:41 ?        00:00:00 heartbeat: read: ping_group group1
root     20917 20886  0 15:41 ?        00:00:00 /usr/lib64/heartbeat/ipfail
root     20938 17616  0 15:41 pts/0    00:00:00 grep heartbeat

heartbeat服務端口默認是694. 
[root@ha-master ~]# lsof -i:694
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
heartbeat 20892 root    7u  IPv4  42238      0t0  UDP *:ha-cluster 
heartbeat 20893 root    7u  IPv4  42238      0t0  UDP *:ha-cluster 
heartbeat 20894 root    7u  IPv4  42244      0t0  UDP *:ha-cluster 
heartbeat 20895 root    7u  IPv4  42244      0t0  UDP *:ha-cluster 

發現ldirectord服務被自帶啓動了, 說明master節點是當前提供lvs轉發服務的一方 
[root@ha-master ~]# ps -ef|grep ldirectord
root     21336     1  0 15:41 ?        00:00:00 /usr/bin/perl -w /usr/sbin/ldirectord start
root     21365 17616  0 15:42 pts/0    00:00:00 grep ldirectord

[root@ha-master ~]# /etc/init.d/ldirectord status
ldirectord for /etc/ha.d/ldirectord.cf is running with pid: 21336

查看master節點,發現master節點當前佔有vip資源  (首次啓動heartbeat服務後, 須要稍微等待一段時間, vip資源纔會出來. 後續再重啓或切換時, vip資源就會迅速出現了)
[root@ha-master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.206/24 brd 172.16.60.255 scope global eth0
    inet 172.16.60.111/24 brd 172.16.60.255 scope global secondary eth0
    inet6 fe80::250:56ff:feac:509b/64 scope link 
       valid_lft forever preferred_lft forever

master節點當前提供了lvs轉發功能, 能夠查看到轉發效果
[root@ha-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.204:80             Route   1      0          0         
  -> 172.16.60.205:80             Route   1      0          0  

查看master節點的heartbeat日誌
[root@ha-master ~]# tail -f /var/log/ha-log 
ip-request-resp(default)[21041]:        2018/12/25_15:41:48 received ip-request-resp IPaddr::172.16.60.111 OK yes
ResourceManager(default)[21064]:        2018/12/25_15:41:48 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21092]: 2018/12/25_15:41:48 INFO:  Resource is stopped
ResourceManager(default)[21064]:        2018/12/25_15:41:48 info: Running /etc/ha.d/resource.d/IPaddr 172.16.60.111 start
IPaddr(IPaddr_172.16.60.111)[21188]:    2018/12/25_15:41:48 INFO: Adding inet address 172.16.60.111/24 with broadcast address 172.16.60.255 to device eth0
IPaddr(IPaddr_172.16.60.111)[21188]:    2018/12/25_15:41:48 INFO: Bringing device eth0 up
IPaddr(IPaddr_172.16.60.111)[21188]:    2018/12/25_15:41:48 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172.16.60.111 eth0 172.16.60.111 auto not_used not_used
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21174]: 2018/12/25_15:41:48 INFO:  Success
ResourceManager(default)[21064]:        2018/12/25_15:41:48 info: Running /etc/init.d/ipvsadm  start
ResourceManager(default)[21064]:        2018/12/25_15:41:48 info: Running /etc/init.d/ldirectord  start

2) 接着啓動HA備份節點的heartbeat
[root@ha-slave ha.d]# /etc/init.d/heartbeat start
Starting High-Availability services: INFO:  Resource is stopped
Done.

[root@ha-slave ha.d]# ps -ef|grep heartbeat
root     21703     1  0 15:41 ?        00:00:00 heartbeat: master control process
root     21708 21703  0 15:41 ?        00:00:00 heartbeat: FIFO reader        
root     21709 21703  0 15:41 ?        00:00:00 heartbeat: write: bcast eth0  
root     21710 21703  0 15:41 ?        00:00:00 heartbeat: read: bcast eth0   
root     21711 21703  0 15:41 ?        00:00:00 heartbeat: write: ucast eth0  
root     21712 21703  0 15:41 ?        00:00:00 heartbeat: read: ucast eth0   
root     21713 21703  0 15:41 ?        00:00:00 heartbeat: write: ping_group group1
root     21714 21703  0 15:41 ?        00:00:00 heartbeat: read: ping_group group1
root     21734 21703  0 15:41 ?        00:00:00 /usr/lib64/heartbeat/ipfail
root     21769 19163  0 15:42 pts/0    00:00:00 grep heartbeat

[root@ha-slave ha.d]# lsof -i:694
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
heartbeat 21709 root    7u  IPv4 105186      0t0  UDP *:ha-cluster 
heartbeat 21710 root    7u  IPv4 105186      0t0  UDP *:ha-cluster 
heartbeat 21711 root    7u  IPv4 105192      0t0  UDP *:ha-cluster 
heartbeat 21712 root    7u  IPv4 105192      0t0  UDP *:ha-cluster 

發現ldirectord服務沒有被heartbeat自帶啓動 (由於當前備份節點沒有提供lvs轉發功能, 即沒有接管vip資源)
[root@ha-slave ha.d]# /etc/init.d/ldirectord status
ldirectord is stopped for /etc/ha.d/ldirectord.cf

[root@ha-slave ha.d]# ps -ef|grep ldirectord       
root     21822 19163  0 15:55 pts/0    00:00:00 grep ldirectord

發現ipvsadm服務也沒有被heartbeat自帶啓動  (由於當前備份節點沒有提供lvs轉發功能, 即沒有接管vip資源)
[root@ha-slave ha.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.207/24 brd 172.16.60.255 scope global eth0
    inet6 fe80::250:56ff:feac:5b5/64 scope link 
       valid_lft forever preferred_lft forever
[root@ha-slave ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

查看HA備份節點的heartbeat日誌
[root@ha-slave ha.d]# tail -f /var/log/ha-log   
Dec 25 15:41:37 ha-slave heartbeat: [21734]: info: Starting "/usr/lib64/heartbeat/ipfail" as uid 0  gid 0 (pid 21734)
Dec 25 15:41:38 ha-slave heartbeat: [21703]: info: Status update for node ha-master: status active
harc(default)[21737]:   2018/12/25_15:41:38 info: Running /etc/ha.d//rc.d/status status
Dec 25 15:41:42 ha-slave ipfail: [21734]: info: Status update: Node ha-master now has status active
Dec 25 15:41:44 ha-slave ipfail: [21734]: info: Asking other side for ping node count.
Dec 25 15:41:47 ha-slave ipfail: [21734]: info: No giveup timer to abort.
Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: remote resource transition completed.
Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: remote resource transition completed.
Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: Initial resource acquisition complete (T_RESOURCES(us))
Dec 25 15:41:48 ha-slave heartbeat: [21754]: info: No local resources [/usr/share/heartbeat/Resourc

訪問使用vip地址訪問, 即:
訪問http://172.16.60.111/, 結果爲"this is test page of realserver01:172.16.60.204" 或者 "this is test page of realserver02:172.16.60.205"
訪問http://172.16.60.111/lvs_testpage.html, 結果爲"Test HA Page"

舒適提示: 
下面是兩個經常使用的ipvsadm 關於查看lvs狀態的命令
======================================
查看lvs的鏈接狀態命令
[root@ha-master ~]# ipvsadm  -l  --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port               Conns   InPkts  OutPkts  InBytes OutBytes
  -> RemoteAddress:Port
TCP  172.16.60.111:http                0        0        0        0        0
  -> 172.16.60.204:http                0        0        0        0        0
  -> 172.16.60.205:http                0        0        0        0        0

說明:
Conns    (connections scheduled)  已經轉發過的鏈接數
InPkts   (incoming packets)       入包個數
OutPkts  (outgoing packets)       出包個數
InBytes  (incoming bytes)         入流量(字節)  
OutBytes (outgoing bytes)         出流量(字節)

======================================
查看lvs的速率
[root@ha-master ~]# ipvsadm   -l  --rate
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port                 CPS    InPPS   OutPPS    InBPS   OutBPS
  -> RemoteAddress:Port
TCP  172.16.60.111:http                0        0        0        0        0
  -> 172.16.60.204:http                0        0        0        0        0
  -> 172.16.60.205:http                0        0        0        0        0

說明:
CPS      (current connection rate)   每秒鏈接數
InPPS    (current in packet rate)    每秒的入包個數
OutPPS   (current out packet rate)   每秒的出包個數
InBPS    (current in byte rate)      每秒入流量(字節)
OutBPS   (current out byte rate)     每秒入流量(字節)

======================================
上面的兩臺HA節點均只有一個網卡設備eth0,  若是有兩塊網卡, 好比還有一個eth1, 則能夠將這個eth1做爲heartbeat交叉線直連的設備, 
即HA主備兩臺機器之間使用一根串口直連線纜eth1進行鏈接.
好比:
HA主節點   172.16.60.206(eth0), 10.0.11.21(eth1, heartbeat交叉線直連)
HA備節點   172.16.60.207(eth0), 10.0.11.22(eth1, heartbeat交叉線直連)

這樣比起只有一個eth0, 只須要在ha.cf文件中多加下面一行 (其餘的操做配置都不用變!)
ping_group group1 10.0.11.21 10.0.11.22       //多加這一行
ping_group group1 172.16.60.204 172.16.60.205

7) 故障轉移切換測試

1) 先關閉HA主節點的heartbeat
[root@ha-master ~]# /etc/init.d/heartbeat stop
Stopping High-Availability services: Done.

[root@ha-master ~]# ps -ef|grep heartbeat
root     21625 17616  0 16:03 pts/0    00:00:00 grep heartbeat

發現關閉heartbeat服務後, 主節點的ipvsadm 和 ldirectord都會被自帶關閉, VIP資源也被轉移走了, 即當前master節點不提供lvs轉發服務
[root@ha-master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.206/24 brd 172.16.60.255 scope global eth0
    inet6 fe80::250:56ff:feac:509b/64 scope link 
       valid_lft forever preferred_lft forever

[root@ha-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

[root@ha-master ~]# ps -ef|grep ldirectord
root     21630 17616  0 16:03 pts/0    00:00:00 grep ldirectord

查看此時HA主節點的heartbeat日誌
[root@ha-master ~]# tail -1000 /var/log/ha-log
........
Dec 25 16:02:38 ha-master heartbeat: [20886]: info: Heartbeat shutdown in progress. (20886)
Dec 25 16:02:38 ha-master heartbeat: [21454]: info: Giving up all HA resources.
ResourceManager(default)[21467]:        2018/12/25_16:02:38 info: Releasing resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord
ResourceManager(default)[21467]:        2018/12/25_16:02:38 info: Running /etc/init.d/ldirectord  stop
ResourceManager(default)[21467]:        2018/12/25_16:02:38 info: Running /etc/init.d/ipvsadm  stop
ResourceManager(default)[21467]:        2018/12/25_16:02:38 info: Running /etc/ha.d/resource.d/IPaddr 172.16.60.111 stop
IPaddr(IPaddr_172.16.60.111)[21563]:    2018/12/25_16:02:38 INFO: IP status = ok, IP_CIP=
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21549]: 2018/12/25_16:02:38 INFO:  Success

接着查看HA備份節點的狀況, 發現VIP已將已經切換到備份節點這邊了, 說明當前備份節點提供lvs轉發服務, 則備份節點的ipvsadm 和 ldirectord也被自帶啓動了
[root@ha-slave ha.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.207/24 brd 172.16.60.255 scope global eth0
    inet 172.16.60.111/24 brd 172.16.60.255 scope global secondary eth0
    inet6 fe80::250:56ff:feac:5b5/64 scope link 
       valid_lft forever preferred_lft forever

[root@ha-slave ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.204:80             Route   1      0          0         
  -> 172.16.60.205:80             Route   1      0          0  

[root@ha-slave ha.d]# ps -ef|grep ldirectord
root     22203     1  0 16:02 ?        00:00:01 /usr/bin/perl -w /usr/sbin/ldirectord start
root     22261 19163  0 16:07 pts/0    00:00:00 grep ldirectord

查看此時HA備份節點的heartbeat日誌
[root@ha-slave ha.d]# tail -1000 /var/log/ha-log 
...........
harc(default)[21887]:   2018/12/25_16:02:39 info: Running /etc/ha.d//rc.d/status status
mach_down(default)[21904]:      2018/12/25_16:02:39 info: Taking over resource group IPaddr::172.16.60.111
ResourceManager(default)[21931]:        2018/12/25_16:02:39 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21959]: 2018/12/25_16:02:39 INFO:  Resource is stopped
ResourceManager(default)[21931]:        2018/12/25_16:02:39 info: Running /etc/ha.d/resource.d/IPaddr 172.16.60.111 start
IPaddr(IPaddr_172.16.60.111)[22055]:    2018/12/25_16:02:39 INFO: Adding inet address 172.16.60.111/24 with broadcast address 172.16.60.255 to device eth0
IPaddr(IPaddr_172.16.60.111)[22055]:    2018/12/25_16:02:39 INFO: Bringing device eth0 up
IPaddr(IPaddr_172.16.60.111)[22055]:    2018/12/25_16:02:39 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172.16.60.111 eth0 172.16.60.111 auto not_used not_used
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[22041]: 2018/12/25_16:02:39 INFO:  Success
ResourceManager(default)[21931]:        2018/12/25_16:02:39 info: Running /etc/init.d/ipvsadm  start
ResourceManager(default)[21931]:        2018/12/25_16:02:39 info: Running /etc/init.d/ldirectord  start
mach_down(default)[21904]:      2018/12/25_16:02:39 info: /usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired
mach_down(default)[21904]:      2018/12/25_16:02:39 info: mach_down takeover complete for node ha-master.

2) 而後在從新啓動HA主節點的heartbeat服務
因爲在ha.cf文件中配置了"auto_failback on "參數, 因此當主節點恢復後, 會將VIP資源自動搶佔回來並替換備份節點從新接管lvs轉發服務.
主節點的heartbeat恢復後, ipvsadm 和 ldirectord也會被從新啓動

[root@ha-master ~]# /etc/init.d/heartbeat start
Starting High-Availability services: INFO:  Resource is stopped
Done.

[root@ha-master ~]# ps -ef|grep heartbeat
root     21778     1  0 16:12 ?        00:00:00 heartbeat: master control process
root     21783 21778  0 16:12 ?        00:00:00 heartbeat: FIFO reader        
root     21784 21778  0 16:12 ?        00:00:00 heartbeat: write: bcast eth0  
root     21785 21778  0 16:12 ?        00:00:00 heartbeat: read: bcast eth0   
root     21786 21778  0 16:12 ?        00:00:00 heartbeat: write: ucast eth0  
root     21787 21778  0 16:12 ?        00:00:00 heartbeat: read: ucast eth0   
root     21788 21778  0 16:12 ?        00:00:00 heartbeat: write: ping_group group1
root     21789 21778  0 16:12 ?        00:00:00 heartbeat: read: ping_group group1
root     21809 21778  0 16:12 ?        00:00:00 /usr/lib64/heartbeat/ipfail
root     21812 21778  0 16:12 ?        00:00:00 heartbeat: master control process
root     21825 21812  0 16:12 ?        00:00:00 /bin/sh /usr/share/heartbeat/ResourceManager takegroup IPaddr::172.16.60.111 ipvsadm ldirectord
root     21949 21935  0 16:12 ?        00:00:00 /bin/sh /usr/lib/ocf/resource.d//heartbeat/IPaddr start
root     21956 17616  0 16:12 pts/0    00:00:00 grep heartbeat

[root@ha-master ~]# lsof -i:694
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
heartbeat 21784 root    7u  IPv4  46306      0t0  UDP *:ha-cluster 
heartbeat 21785 root    7u  IPv4  46306      0t0  UDP *:ha-cluster 
heartbeat 21786 root    7u  IPv4  46312      0t0  UDP *:ha-cluster 
heartbeat 21787 root    7u  IPv4  46312      0t0  UDP *:ha-cluster 

[root@ha-master ~]# ps -ef|grep ldirectord     
root     22099     1  1 16:12 ?        00:00:00 /usr/bin/perl -w /usr/sbin/ldirectord start
root     22130 17616  0 16:12 pts/0    00:00:00 grep ldirectord

[root@ha-master ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.206/24 brd 172.16.60.255 scope global eth0
    inet 172.16.60.111/24 brd 172.16.60.255 scope global secondary eth0
    inet6 fe80::250:56ff:feac:509b/64 scope link 
       valid_lft forever preferred_lft forever

[root@ha-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.204:80             Route   1      0          0         
  -> 172.16.60.205:80             Route   1      1          0 

查看此時HA主節點的heartbeat日誌
[root@ha-master ~]# tail -1000 /var/log/ha-log 
........
ResourceManager(default)[21825]:        2018/12/25_16:12:12 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21853]: 2018/12/25_16:12:13 INFO:  Resource is stopped
ResourceManager(default)[21825]:        2018/12/25_16:12:13 info: Running /etc/ha.d/resource.d/IPaddr 172.16.60.111 start
IPaddr(IPaddr_172.16.60.111)[21949]:    2018/12/25_16:12:13 INFO: Adding inet address 172.16.60.111/24 with broadcast address 172.16.60.255 to device eth0
IPaddr(IPaddr_172.16.60.111)[21949]:    2018/12/25_16:12:13 INFO: Bringing device eth0 up
IPaddr(IPaddr_172.16.60.111)[21949]:    2018/12/25_16:12:13 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172.16.60.111 eth0 172.16.60.111 auto not_used not_used
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[21935]: 2018/12/25_16:12:13 INFO:  Success
ResourceManager(default)[21825]:        2018/12/25_16:12:13 info: Running /etc/init.d/ipvsadm  start
ResourceManager(default)[21825]:        2018/12/25_16:12:13 info: Running /etc/init.d/ldirectord  start

再觀察此時HA備份節點的狀況, 發現VIP資源在主節點的heartbeat恢復後就被主節點搶佔回去了, 即此時備份節點沒有vip資源, 也就不提供lvs轉發服務了,
則備份節點的ipvsadm 和 ldirectord服務也會被關閉
[root@ha-slave ha.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.60.207/24 brd 172.16.60.255 scope global eth0
    inet6 fe80::250:56ff:feac:5b5/64 scope link 
       valid_lft forever preferred_lft forever

[root@ha-slave ha.d]# ps -ef|grep ldirectord     
root     22516 19163  0 16:14 pts/0    00:00:00 grep ldirectord

[root@ha-slave ha.d]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

查看此時HA備份節點的heartbeat日誌
[root@ha-slave ha.d]# tail -1000 /var/log/ha-log 
.......
ResourceManager(default)[22342]:        2018/12/25_16:12:12 info: Releasing resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord
ResourceManager(default)[22342]:        2018/12/25_16:12:12 info: Running /etc/init.d/ldirectord  stop
ResourceManager(default)[22342]:        2018/12/25_16:12:12 info: Running /etc/init.d/ipvsadm  stop
ResourceManager(default)[22342]:        2018/12/25_16:12:12 info: Running /etc/ha.d/resource.d/IPaddr 172.16.60.111 stop
IPaddr(IPaddr_172.16.60.111)[22438]:    2018/12/25_16:12:12 INFO: IP status = ok, IP_CIP=
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_172.16.60.111)[22424]: 2018/12/25_16:12:12 INFO:  Success
Dec 25 16:12:12 ha-slave heartbeat: [22329]: info: foreign HA resource release completed (standby).

在上面HA主備節點故障切換的過程當中, 客戶端訪問http://172.16.60.111/都是不受影響的, 即對客戶端訪問來講是無感知的故障切換, 實現了lvs代理層的高可用!

3) 前後關閉兩臺realserver節點中的nginx, 而後觀察lvs的轉發狀況
[root@ha-master ~]# ipvsadm -Ln                
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.204:80             Route   1      0          0         
  -> 172.16.60.205:80             Route   1      0          2   

先關閉rs-204的nginx服務
[root@rs-204 ~]# /etc/init.d/nginx stop 
Stopping nginx:                                            [  OK  ]
[root@rs-204 ~]# lsof -i:80
[root@rs-204 ~]#

rs-205的nginx保留
[root@rs-205 ~]# ps -ef|grep nginx
root      5211     1  0 15:45 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     5212  5211  0 15:45 ?        00:00:00 nginx: worker process                   
root      5313  4852  0 16:19 pts/0    00:00:00 grep nginx

查看lvs轉發狀況
[root@ha-master ~]# ipvsadm -Ln                
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.205:80             Route   1      0          2         

這時候訪問http://172.16.60.111, 結果是"this is test page of realserver02:172.16.60.205"

接着啓動rs-204的nginx, 關閉rs-205的nginx
[root@rs-204 ~]# /etc/init.d/nginx start
Starting nginx:                                            [  OK  ]
[root@rs-204 ~]# lsof -i:80             
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   4883  root    6u  IPv4 143621      0t0  TCP *:http (LISTEN)
nginx   4884 nginx    6u  IPv4 143621      0t0  TCP *:http (LISTEN)

關閉rs-205的nginx
[root@rs-205 ~]# /etc/init.d/nginx stop
Stopping nginx:                                            [  OK  ]
[root@rs-205 ~]# lsof -i:80
[root@rs-205 ~]# 

查看lvs轉發狀況
[root@ha-master ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 172.16.60.204:80             Route   1      0          0  

這時候訪問http://172.16.60.111, 結果是"this is test page of realserver01:172.16.60.204"

而後把rs-204 和 rs-205兩個節點的nginx都關閉
[root@rs-204 ~]# /etc/init.d/nginx stop 
Stopping nginx:                                            [  OK  ]
[root@rs-205 ~]# /etc/init.d/nginx stop 
Stopping nginx:                                            [  OK  ]

查看lvs轉發狀況
[root@ha-master ~]# ipvsadm -Ln                
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.60.111:80 wlc persistent 600
  -> 127.0.0.1:80                 Local   1      0          0   

這時候訪問http://172.16.60.111, 結果是"Sorry, the access is in maintenance for the time being. Please wait a moment."

上面可知, 在realserver節點發生故障後, 會從lvs集羣中踢出來, 待realserver節點恢復後會再次從新加入到lvs集羣中
這是由於在ldirectord.cf文件中配置了"quiescent=no "參數 , 這樣就實現了代理節點的高可用! 
相關文章
相關標籤/搜索