Lvs+heartbeat Highly available high-performance web site construction

This is our company in the actual production environment used in a set of things, we hope to help (the actual public network IP, I have made the corresponding changes):

Note: Each server needs to have two network cards: eth0 connected to the network of switches, with private network IP, to achieve inter-server internal access; eth1 connect the public network switch for external network access. If you want to save costs can only use a switch, divided into 2 VLANs to connect the intranet and the external network can also, but there is a risk, once the switch problems, intranet and external network can not access, must weigh the gains and losses.

The individual server IP configurations are as follows:

Primary ha eth1:1.1.1.14 eth0:192.168.1.8 (Heartbeat)

From Ha eth1:1.1.1.15 eth0:192.168.1.30 (Heartbeat)

real1:eth1:1.1.1.16 eth0:192.168.1.9

real1:eth1:1.1.1.16 eth0:192.168.1.10

real1:eth1:1.1.1.16 eth0:192.168.1.11

real1:eth1:1.1.1.16 eth0:192.168.1.12

A Configuration of the main ha:

1. The contents of the Hosts file are as follows (if you have your own DNS, you can also use DNS parsing):

127.0.0.1 primary.fantong.com localhost.localdomain localhost
:: 1 localhost6.localdomain6 Localhost6
1.1.1.14 primary.fantong.com
192.168.1.8 primary.fantong.com
1.1.1.15 backup.fantong.com
192.168.1.30 backup.fantong.com

2. Modify host Name: Edit/etc/sysconfig/network

Hostname=primary.fantong.com

3. Modify the hostname with the command:

#hostname primary.fantong.com

4. Installing the Software

Yum-y Install Libnet

Yum-y Install heartbeat-*

Yum-y Install Heartbeat (if the error is not installed once again OK)

Yum-y Install Ipvsadm

If the Redhat system does not have a Yum source, you can refer to one of my blog posts to change some of the Yum settings: http://gehailong.blog.51cto.com/765312/610127

5. After the installation of the software will generate a directory/ETC/HA.D, the directory is stored heartbeat configuration files, authentication files, resource files (scripts, note: In heartbeat, scripts are called resources), etc., these three files are essential, All of the three files in this article were written by me by hand.

1). Heatbeat's main file:/ETC/HA.D/HA.CF/HA.CF

Logfile/var/log/ha-log
Debugfile/var/log/ha-debug
Logfacility local0
KeepAlive 2 #主从切换的保持时间
Deadtime #宣布对方死亡时间
Warntime #警告时间
Udpport 694 #主从之间的通信端口
Ucast eth0 192.168.1.30 #采用单播方式探测心跳, Bcast is the way of broadcasting; the back address is the peer address.
Auto_failback on #自动恢复, that is, if recovery in master-slave failure will take back the main position
Node primary.fantong.com #主节点主机名
Node backup.fantong.com #从节点主机名
Ping 192.168.1.30
Ping_group Lbgroup 1.1.1.14 1.1.1.15
Ping_group Lbgroup 192.168.1.8 192.168.1.30
Respawn hacluster/usr/lib64/heartbeat/ipfail #如果是32位系统, the directory should be/usr/lib/heartbeat/ipfail
Apiauth ipfail gid=haclient uid=hacluster #验证用的用户和组ID (has been built automatically)

2). Resource list/etc/ha.d/haresources followed by the resource name (script), to ensure that the content of the backup is exactly the same.

Primary.fantong.com LVs Ldirectord

3). Verify the file/etc/ha.d/authkeys master-slave authentication Testlab authentication password, to ensure that the contents of the backup with the same, or master-slave verification failure. Note: The file permission must be 600 instead

Auth1
1 SHA1 Testlab

6. When installing the heatbeat-* will install a file called Heartbeat-ldirectord, his role is to manage the back end of the realserver. For example, when a realserver in the backend dies, he automatically removes the resource from the list and adds it automatically when the resource is restored. The configuration file is:/ETC/HA.D/LDIRECTORD.CF, the content is as follows (I wrote it by myself):

# Global directives monitor realserver 
checktimeout=3 #realserver超时时间  
checkinterval=1 #检查的间隔时间  
Fallback=127.0.0.1:80 #如果所有realserver宕机, who will bear  
autoreload=yes 
logfile=/var/log/ Ldirectord.log " 
emailalert=" [email protected] "# Who has problems sending messages to (can define mail groups)  
emailalertfreq=3600 
emailalertstatus=all 
Quiescent=no # If realserver problems, remove   from the resource list immediately;
# Sample for an HTTP virtual service 
virtual=1.1.1.13:80  # ( Note The format of this file, the content below must be at least 4 blank)  
   real=1.1.1.16:80 Gate #gate表示采用的是lvs中DR模式, About the model and working principle of LVS you can find the relevant information to understand.  
     real=1.1.1.17:80 gate 
real=1.1.1.18:80 Gate

REAL=1.1.1.19:80 Gate
FALLBACK=127.0.0.1:80 Gate
Service=http
SCHEDULER=WRR #realserver的调动方法: Weighted rotation
Persistent=5 #客户端连接的持久时间
Protocol=tcp
Checktype=connect
Checkport=80

7. The purpose of this script is to start the resource/etc/init.d/lvs

#!/bin/bash
# Description:start LVS of Directorserver
#Written By:netseek http://www.linuxtone.org gw=192.168.1.254
# website Director VIP.
gw=1.1.1.13 #网关地址千万不要填错了, otherwise your secondary (floating) IP is inaccessible.
web_vip=1.1.1.13
web_rip1=1.1.1.16
web_rip2=1.1.1.17
web_rip3=1.1.1.18

web_rip3=1.1.1.19
. /etc/rc.d/init.d/functions
Logger $ called with $
Case "$" in
Start
# Clear all iptables rules.
/sbin/iptables–f #这个地方要注意一下, if the company has a firewall on the outside end, you can empty the Iptables content (do allow, or stop), the change is commented out, if there is no need to have a firewall, write your own strategy or write scripts.
# Reset iptables counters.
/sbin/iptables–z #同上
# Clear all Ipvsadm rules/services.
/sbin/ipvsadm-c
#set LVS VIP for Dr
/sbin/ipvsadm--set 30 5 60
/sbin/ifconfig eth1:0 $WEB _VIP broadcast $WEB _VIP netmask 255.255.255.255 up
/sbin/route add-host $WEB _vip Dev eth1:0
/sbin/ipvsadm-a-T $WEB _vip:80-s wrr-p 3
/sbin/ipvsadm-a-T $WEB _vip:80-r $WEB _rip1:80-g-W 1
/sbin/ipvsadm-a-T $WEB _vip:80-r $WEB _rip2:80-g-W 1

/sbin/ipvsadm-a-T $WEB _vip:80-r $WEB _rip3:80-g-W 1

/sbin/ipvsadm-a-T $WEB _vip:80-r $WEB _rip4:80-g-W 1

Touch/var/lock/subsys/ipvsadm >/dev/null 2>&1
# set ARP
/sbin/arping-i eth1-c 5-s $WEB _vip $GW >/dev/null 2>&1
;;
Stop
/sbin/ipvsadm-c
/sbin/ipvsadm-z
Ifconfig eth1:0 Down
Route del $WEB _VIP >/dev/null 2>&1
Rm-rf/var/lock/subsys/ipvsadm >/dev/null 2>&1
/sbin/arping-i eth1-c 5-s $WEB _vip $GW
echo "Ipvsadm stoped"
;;
Status
if [!-e/var/lock/subsys/ipvsadm];then
echo "Ipvsadm is stoped"
Exit 1
Else
Ipvsadm-ln
echo "..... ipvsadm is OK."
Fi
;;
*)
echo "Usage: $ {Start|stop|status}"
Exit 1
Esac

Exit 0

8. Take a two-step operation:

chmod 755/etc/init.d/lvs

Ln-s/ETC/INIT.D/LVS/ETC/HA.D/RESOURCE.D #启动ldirectord的时候它会从/ETC/INIT.D and/ETC/HA.D/RESOURCE.D directories to search for resources (scripts).

9. Let the heartbeat boot from the boot.

Chkconfig Heartbeat on

Two. Configuration on backup

1. Install the package with primary

2. Copy all the scripts on the primary to backup, including the Hosts file,/etc/ha.d/* all the contents.

3. Modify the/ETC/HA.D/HA.CF. The contents of other files are consistent with the master.

Ucast eth0 192.168.1.8 #采用单播方式探测心跳, Bcast is the way of broadcasting; the back address is the peer address (the primary IP)
.........

Ping 192.168.1.8

4. Chkconfig Heartbeat on

Three. Configuration of the Realserver

1. Scripting/root/real.sh, the main role is to block ARP, otherwise it will conflict with other Realserver and HA addresses, the script content is as follows:

#/bin/sh 
vip=1.1.1.13 
source/etc/rc.d/init.d/functions 
Case "$" in 
Start )  
echo "Start LVS of Realserver"  
/sbin/ifconfig lo:0 ${VIP} broadcast ${VIP} netmask 255.255.255.255 up  
echo "1" >/PROC/SYS/NET/IPV4/CONF/LO/ARP_IGNORE 
echo "2" >/proc/sys/net/ipv4/conf /lo/arp_announce 
echo "1" >/PROC/SYS/NET/IPV4/CONF/ALL/ARP_IGNORE 
echo "2" >/proc/ sys/net/ipv4/conf/all/arp_announce 
;;  
stop)  
/sbin/ifconfig lo:0 down 
echo "Close LVS of Realserver"  
echo "0" >/ proc/sys/net/ipv4/conf/lo/arp_ignore 
echo "0" >/PROC/SYS/NET/IPV4/CONF/LO/ARP_ANNOUNCE 
echo "0" >/PROC/SYS/NET/IPV4/CONF/ALL/ARP_IGNORE 
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ announce 
;;  
*)  
echo "wrong,please use Start|stop"  
exit 1 
Esac

2. Modify the Script permissions: chmod 755 real.sh

3. Start Script/root/real.sh start

4. Join the Startup item:

Modify/etc/rc.local to write a row at the end

/root/real.sh start

Four Test.

1. Start heartbeat separately on the master and slave. (Note: After Guthrie from)

Service Heartbeat Start

2. Observe the main log file/var/log/ha-log

Seeing the next two lines indicates that the resource has been loaded successfully after it has been started.

3. Observe the/var/log/ha-log from the log file

Lvs+heartbeat Highly available high-performance web site construction