Goals: 1. use the ldirectord tool to back up two ctor nodes; 2. when a RealServer or its web service fails, director can automatically isolate it, and automatically re-launch the RealServer web service when it is restored. it is expected that the time will be controlled within 5 seconds (this...
Goals:
1. use the ldirectord tool to back up two ctor nodes;
2. when a RealServer or its web service fails, Director can automatically isolate it and re-launch it when RealServer's web service recovers; it is expected that the time should be controlled within 5 seconds (this process is implemented through scripts)
Prerequisites:
VIP 172.16.4.1
Master 172.16.4.10
Backup 172.16.4.20
Trans1 192.168.4.10
Trans2 192.168.4.20
Realserver1 172.16.4.11
Realserver2 172.16.4.22
(This experiment is based on the virtual machine environment. trans1 and trans2 are used to send heartbeat information to ctor. Here we put it in vmnet5 in the same region)
Prepare the environment:
1. configure on two ctor (the following operations must be configured on both nodes ):
# Vim/etc/sysconfig/network
The host name is node1.a.com.
# Vim/etc/hosts
172.16.4.10 node1.a.com node1
172.16.4.20 node2.a.com node2
To facilitate two ctor ers to pass heartbeat information and configure password-less communication:
# Ssh-keygen-t rsa
# Ssh-copy-id-I/. ssh/id_rsa.pub root@node2.a.com
2. install the test service httpd on realservers:
# Yum install httpd
To facilitate the test, set two pages:
# Echo "I'm realserver1, welcome to">/var/www/html/index.html
# Echo "I'm realserver2, welcome to">/var/www/html/index.html
# Echo "OK>/var/www/html/.test.html
# Echo "OK">/var/www/html/.test.html
# Service httpd restart
# Elinks http: // 172.16.4.22 -- dump // test whether the webpage is properly displayed
I'm realserver2, welcome to // indicates that the service is normal
1. install the ipvadm software package on director:
# Rpm-ivh ipvsadm. i386
Install the heartbeat package:
Heartbeat-2.1.4-9.el5.i386.rpm
Heartbeat-devel-2.1.4-9.el5.i386.rpm
Heartbeat-gui-2.1.4-9.el5.i386.rpm
Heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
Heartbeat-pils-2.1.4-10.el5.i386.rpm
Heartbeat-stonith-2.1.4-10.el5.i386.rpm
Libnet-1.1.4-3.el5.i386.rpm
Perl-MailTools-1.77-1.el5.noarch.rpm
These software packages must be downloaded from the Internet.
Local installation package:
# Yum localinstall -- nogpgcheck heartbeat-2.1.4-9.el5.i386.rpm
# Yum localinstall -- nogpgcheck heartbeat-devel-2.1.4-9.el5.i386.rpm
# Yum localinstall -- nogpgcheck heartbeat-gui-2.1.4-9.el5.i386.rpm
# Yum localinstall -- nogpgcheck heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
# Yum localinstall -- nogpgcheck heartbeat-pils-2.1.4-10.el5.i386.rpm
# Yum localinstall -- nogpgcheck heartbeat-stonith-2.1.4-10.el5.i386.rpm
# Yum localinstall -- nogpgcheck libnet-1.1.4-3.el5.i386.rpm
# Yum localinstall -- nogpgcheck perl-MailTools-1.77-1.el5.noarch.rpm
II. configuration files
# Cp/usr/share/doc/heartbeat-2.1.4/{authkeys, ha. cf, haresources}/etc/ha. d/
# Cp/usr/share/doc/heartbeat-ldirectord-2.1.4/ldirectord. cf/etc/ha. d/
1. configure the authkeys file
# Cd/etc/ha. d/
# Vim authkeys
Auth 2
2 sha1 kfjhkjdfhladfh // The string following sha1 is random (you can enter it as needed)
# Chmod 400 authkeys // change the attribute of this file to 400 or 600. otherwise, heartbeat cannot be started.
2. configure the ha. cf file
# Vim ha. cf
Storage location of debugfile/var/log/ha-debug // debug log files
Logfile/var/log/ha-log // location where logs generated during startup and running are stored (this function is very important)
Logfacility local0 // Facility to use for syslog ()/logger
Keepalive 2 // specifies the heartbeat interval to send a broadcast on eth1 every 2 seconds.
Deadtime 30 // specifies that if the slave node does not receive the heartbeat signal from the master node within 30, it takes over the service resources of the master node immediately.
Warntime 10 // specifies the heartbeat delay time to 10 seconds. When the backup node cannot receive the heartbeat signal of the master node within 10 seconds, a warning log is written to the log, but the service is not switched.
Initdead 120 // On some systems, after the system is started or restarted, it takes some time for the network to work normally. this option is used to solve the time interval generated in this case. The value must be at least twice the value of deadtime.
Udpport 694 // open the firewall Port 694
Ucast eth1 192.168.4.20 // address of the peer heartbeat interface
Bcast eth1 // Nic that broadcasts heartbeat information
Auto_failback on // Default settings
Node node1.a.com // Configure the director master node, which is consistent with uname-n.
Node node2.a.com // Configure the director backup node
3. configure the director script
# Vim/etc/init. d/ipvs
#! /Bin/bash
#
# LVS script for VS/DR
#
./Etc/rc. d/init. d/functions
VIP = 172.16.4.1
RIP1 = 192.168.0.50
RIP2 = 192.168.0.60
PORT = 80
Case "$1" in
Start)
Echo "start LVS"
/Sbin/ifconfig eth0: 1 $ VIP broadcast $ VIP netmask 255.255.255.255 up
/Sbin/route add-host $ VIP dev eth0: 1
Echo 1>/proc/sys/net/ipv4/ip_forward
/Sbin/iptables-F
/Sbin/iptables-Z
/Sbin/ipvsadm-C
/Sbin/ipvsadm-A-t $ VIP: 80-s wlc
/Sbin/ipvsadm-a-t $ VIP: 80-r $ RIP1-g-w 1
/Sbin/ipvsadm-a-t $ VIP: 80-r $ RIP2-g-w 2
/Bin/touch/var/lock/subsys/ipvsadm &>/dev/null
;;
Stop)
Echo "close LVS Director"
Echo 0>/proc/sys/net/ipv4/ip_forward
/Sbin/ipvsadm-C
/Sbin/ifconfig eth0: 1 down
/Sbin/route del $ VIP
/Bin/rm-f/var/lock/subsys/ipvsadm
Echo "s S is stopped ..."
;;
Status)
If [! -E/var/lock/subsys/ipvsadm]; then
Echo "ipvsadm is stopped ..."
Else
Echo "s S is running ..."
Ipvsadm-L-n
Fi
;;
*)
Echo "Usage: $0 {start | stop | status }"
;;
Esac
# Chmod + x/etc/init. d/ipvs
4. configure the realservers script (run this script to quickly configure realservers)
# Vim/etc/init. d/realserver. sh
#! /Bin/bash
#
./Etc/rc. d/init. d/functions
VIP = 172.16.4.1
Host = '/bin/hostname'
Case "$1" in
Start)
Echo "Start LVS-DR real server on this machine ."
/Sbin/ifconfig lo down
/Sbin/ifconfig lo up
Echo 1>/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo 2>/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1>/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2>/proc/sys/net/ipv4/conf/all/arp_announce
Sysctl-p
/Sbin/ifconfig lo: 0 $ VIP broadcast $ VIP netmask 255.255.255.255 up
/Sbin/route add-host $ VIP dev lo: 0
;;
Stop)
Echo "Stop LVS-DR real server loopback device (s )."
/Sbin/ifconfig lo: 0 down
Echo 0>/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo 0>/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 0>/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 0>/proc/sys/net/ipv4/conf/all/arp_announce
;;
Status)
Echo "Status of LVS-DR real server ."
Islothere = '/sbin/ifconfig lo: 0 | grep $ VIP'
Isrothere = 'netstat-rn | grep "lo: 0" | grep $ VIP'
If [! "$ Islothere"-o! "Isrothere"]; then
Echo "LVS-DR real server Stopped ."
Else
Echo "LVS-DR real server Running ."
Fi
;;
*)
Echo "$0: Usage: $0 {start | status | stop }"
Exit 1
;;
Esac
# Chmod + x/etc/init. d/realserver. sh
5. configure the heartbeat file
# Vim/etc/ha. d/haresources
Node1.a.com 172.16.4.1 ipvs ldirectord
Note: node1.a.com is the computer name of the master node, 172.16.4.1 is the VIP address, ipvs and ldirectord are two scripts, and ipvs can implement basic settings of the lvs-DR model and set the corresponding ipvsadm rules; ldirectord is a startup script installed by a software tool to monitor the status of realservers. Herartbeat searches for programs by default in the path of/etc/rc. d/init. d/and/etc/ha. d. heartbeat monitors the heartbeat information of the two nodes in real time. when the master node is down or the backup node is down, the other node is immediately enabled.
6. modify the ldirectord. cf file.
# Vim/etc/ha. d/ldirectord. cf
Checktimeout = 3 // detection timeout
Checkinterval = 1 // check interval
Autoreload = yes // whether to reload the client. here we choose to reload
Logfile = "/var/log/ldirectord. log" // log path
Logfile = "local0"
Quiescent = no
Virtual = 172.16.4.1: 80 // specify the VIP address and listen to port 80
Real = 172.16.4.11: 80 gate // Set the realserverIP address and route mode
Real = 172.16.4.22: 80 gate
Fallback = 127.0.0.1: 80 gate
Service = http // the service we tested here is http
Request = ".test.html" // This file must exist in the web page directory of realserver and can be accessed normally. ipvs uses it to determine whether the client is alive.
Receive = "OK" // Set the file content of the test webpage
Scheduler = wlc // Set the algorithm to wlc.
Protocol = tcp // based on the tcp protocol
Checktype = negotiate // method used by the ldirectord process to monitor Realserver
Checkport = 80 // Check Port
7. copy the preceding configuration file to the backup ctor node.
# Scp/etc/ha. d/{authkeys, ha. cf, haresources} node2:/etc/ha. d/
Note that the listening address of the three files except ha. cf needs to be changed to ucast eth1 192.168.4.10, and other files do not need to be changed.
# Scp/etc/init. d/ipvs node2:/etc/init. d/
8. copy the realservers script to another server.
# Scp/etc/init. d/realserver. sh 172.16.4.22:/etc/init. d/
9. start the service.
#/Etc/init. d/heartbeat start
# Ssh node2 -- '/etc/init. d/heartbeat start' // start heartbeat of another node through ssh
#/Etc/init. d/ldirectord start
# Ssh node2 -- '/etc/init. d/ldirectord start'
#/Etc/init. d/ipvs start
#/Etc/init. d/realserver. sh start
10. test the service.
Enter http: // 172.16.4.1 in the browser
The following page is displayed:
Monitoring script:
# Vim/etc/init. d/. watch. sh
#! /Bin/bash
#
Declare-a RIP = (172.16.4.11 172.16.4.22)
SERVICE = '-t 172.16.4.1: 80'
MAILBOX = root@a.com
WEIGHT = 2
MONITOR (){
MON = 'elinks -- dump http: // $1/.test.html | tr 'A-Z' 'a-Z' | grep "OK" | awk '{print $1 }''
If ["$ MON" = 'OK']; then
Ipvsadm-Ln | grep $1>/dev/null | ipvsadm-a $ SERVICE-r $1-g-w $ WEIGHT
Else
Sleep 2
If ["$ MON" = 'OK']; then
Export SADM-Ln | grep $1>/dev/null & export SADM-d $ SERVICE-r $1
Echo "The realserver $1 has been down." & mail-s "$1 down." $ MAILBOX
Fi
Fi
}
While true; do
Let N = 0
For I in $ {RIP [$ N]}; do
MONITOR $ I
Let N ++
Done
Sleep 3
Done
# Chmod + x/etc/init. d/. watch. sh
Add it to the startup service queue:
# Vim/etc/init. d/monitor
#! /Bin/bash
#
Case "$1" in
Start)
Echo "start monitor ......."
/Etc/init. d/. watch. sh &
;;
Stop)
Echo "stop monitor ....."
Killall. watch. sh
;;
Esac
# Chmod + x! $
# Service monitor start
# Chkconfig -- add monitor
Ps: 1. when I debug director, when one node goes down, the other node cannot obtain information, and the time between the two hosts cannot be synchronized;
2. because you have installed a Chinese language pack, you cannot use the heartbeat graphical tool through ssh. if you want to use a graphical interface configuration, you are advised to install the corresponding language pack; however, you can also use the # hb_gui & configuration in the graphical interface of the virtual machine;
3. after simulating a realservers failure, the monitoring function of the node cannot be enabled. I will write a monitoring script here. if you are interested, try it.
Author: "Long Marks"