heartbeat+ldirectory實現LVS-DR負載均衡器的高可用
本文經過heartbeat+ldirectory實現LVS-DR模型中director的高可用,本文拓撲:node
具體配置以下:
注意:
1,本文再也不寫入LVS-DR模型的搭建過程,詳見個人博客《玩轉LVS之NAT,DR,TUN模型》,直接配置director的高可用
2,dir1.jia.com和dir2.jia.com是兩個director
一,準備工做:
Hearbeat經過主機名來維護節點之間的通訊,故要保證兩個主機的主機名可以被正常解析:
在dir1和dir2上修改hosts文件;
# vim /etc/hosts
添加以下內容:
172.16.30.2 dir1.jia.com dir1
172.16.30.3 dir2.jia.com dir2
配置dir1和dir2雙機互信:
Dir1上操做:
# sed -i 's@\(HOSTNAME=\).*@\1 dir1.jia.com @g' /etc/sysconfig/network
# hostname dir1.jia.com
Dir2上操做:
# sed -i 's@\(HOSTNAME=\).*@\1 dir2.jia.com @g' /etc/sysconfig/network
# hostname dir2.jia.com
設定兩個節點能夠基於密鑰進行ssh通訊,這能夠經過以下的命令實現:
Dir1上操做:
# ssh-keygen -t rsa
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@dir2
Dir2山操做:
# ssh-keygen -t rsa
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@dir1
安裝的軟件包:
安裝:
# yum –y –-nogpgcheck localinstall *.rpm (兩個節點都要安裝)
# cd /usr/share/doc/heartbeat-2.1.4/
# cp ha.cf haresources authkeys /etc/ha.d/ 拷貝配置文件模版到/etc/ha.d下
# cd /etc/ha.d
# vim /etc/ha.d/ha.cf 編輯配置文件
修改以下內容
keepalive 2 //保持時間
deadtime 30 //死亡時間
warntime 10 //警告時間
initdead 120 //啓動時間
udpport 694 //使用udp的端口
bcast eth1 //心跳接口
logfile /var/log/ha-log //日誌文件
auto_failback on //失敗自動退回
node dir1.jia.com //節點對應的主機名,這裏面要寫全部的
node dir2.jia.com
# vim authkeys //編輯認證文件
auth 2
2 sha1 jlasdlfladddd //這個後面的密碼能夠隨意寫,也可使用自動生成隨機數(#dd if=/dev/urandom bs=512 count=1 |md5sum )的方式來生成,可是節點之間是同樣的。由於咱們經過這個認證文件,能夠防止其餘的惡意集羣節點加入咱們的集羣中,要想加入咱們的集羣中必需要提供相同的校驗碼
# chmod 400 authkeys //修改權限,這個是必須的
# vim haresources
添加:
dir1.jia.com ipvsd //指定主節點,VIP和流動資源,這裏面定義的ipvsd是一個腳本,經過這個腳原本實現資源的自動切換
# cd /etc/ha.d/
# scp haresources ha.cf authkeys dir2:/etc/ha.d/
下面是ipvsd腳本
#vim ipvsd
#!/bin/bash
#
# LVS script for VS/DR
#
. /etc/rc.d/init.d/functions
#
VIP=172.16.30.1 //定義一個全局的變量VIP
RIP1=172.16.30.4 //定義RealSever1的ip地址
RIP2=172.16.30.5 // 定義RealSever2的ip地址
PORT=80
#
case "$1" in
start)
/sbin/ifconfig eth0:1 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:1
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 172.16.30.1 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s wlc
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g -w 1
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g -w 1
/bin/touch /var/lock/subsys/ipvsadm &> /dev/null
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
/sbin/ifconfig eth0:1 down
/sbin/route del $VIP
/bin/rm -f /var/lock/subsys/ipvsadm
echo "ipvs is stopped..."
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ]; then
echo "ipvsadm is stopped ..."
else
echo "ipvs is running ..."
ipvsadm -L -n
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
;;
Esac
這個腳本在寫完以後,要賦予執行的權限,而且把他放到/etc/ha.c/resource.d/下
# chmod +x ipvsd
# cp ipvsd /etc/ha.d/resource.d/
同步到dir2上:
# scp /etc/ha.d/resource.d/ipvsd dir2:/etc/ ha.d/resource.d/
如今都配置好了,接下來就是啓動HA的Heartbeat服務了:
# /etc/init.d/heartbeat start
# sh dir2 -- '/etc/init.d/heartbeat start'
測試:
過一下子以後,在dir1上:
# ifconfig
查看eth0:1網卡是否已經自動啓動
在dir1和dir2上分別測試,dir1有配置而dir2上沒有:
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.30.1:80 wlc
-> 172.16.30.5:80 Route 1 0 0
-> 172.16.30.4:80 Route 1 0 0
而後,咱們把dir1設置爲standby節點,即模擬故障:
# cd /usr/lib/heartbeat
# ./hb_standby
再次執行以下命令,dir2上就有配置了,說明資源已經自動從dir1轉移到了dir2上了:
# ipvsadm –Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.30.1:80 wlc
-> 172.16.30.5:80 Route 1 0 0
-> 172.16.30.4:80 Route 1 0 0
而後測試網頁的訪問:
