LVS+Heartbeat 高可用集群方案操作记录
Posted jians
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LVS+Heartbeat 高可用集群方案操作记录相关的知识,希望对你有一定的参考价值。
Heartbeat 项目是 Linux-HA 工程的一个组成部分,它实现了一个高可用集群系统。心跳服务和集群通信是高可用集群的两个关键组件,在 Heartbeat 项目里,由 heartbeat 模块实现了这两个功能。
Heartbeat的高可用集群采用的通信方式是udp协议和串口通信,而且heartbeat插件技术实现了集群间的串口、多播、广播和组播通信。它实现了HA 功能中的核心功能——心跳,将Heartbeat软件同时安装在两台服务器上,用于监视系统的状态,协调主从服务器的工作,维护系统的可用性。它能侦测服务器应用级系统软件、硬件发生的故障,及时地进行错误隔绝、恢复;通过系统监控、服务监控、IP自动迁移等技术实现在整个应用中无单点故障,简单、经济地确保重要的服务持续高可用性。 Heartbeat采用虚拟IP地址映射技术实现主从服务器的切换对客户端透明的功能。但是单一的heartbeat是无法提供健壮的服务的,所以这里结合使用lvs进行负载均衡。
LVS是Linux Virtual Server的简写, 意即Linux虚拟服务器,是一个虚拟的服务器集群系统。说到lvs就得提到ipvs (ipvsadm命令),ipvs 是 lvs集群系统的核心软件,它的主要作用是安装在 Load Balancer 上,把发往 Virtual IP 的请求转发到 Real Server 上。
ldirectord是配合lvs作为一种健康检测机制,要不负载均衡器在节点挂掉后依然没有检测的功能。
案例架构草图如下:
1) 基本环境准备 (centos6.9系统)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
172.16.60.206(eth0) HA主节点(ha-master) heartbeat, ipvsadm, ldirectord 172.16.60.207(eth0) HA备节点(ha-slave) heartbeat, ipvsadm, ldirectord 172.16.60.111 VIP地址 172.16.60.204(eth0) 后端节点1(rs-204) nginx, realserver 172.16.60.205(eth0) 后端节点2(rs-205) nginx, realserver 1) 关闭防火墙和selinux (四台节点机都操作) [root@ha-master ~] # /etc/init.d/iptables stop [root@ha-master ~] # setenforce 0 [root@ha-master ~] # vim /etc/sysconfig/selinux SELINUX=disabled 2) 设置主机名和绑定hosts (两台HA节点机器都操作) 主节点操作 [root@ha-master ~] # hostname ha-master [root@ha-master ~] # vim /etc/sysconfig/network HOSTNAME=ha-master [root@ha-master ~] # vim /etc/hosts 172.16.60.206 ha-master 172.16.60.207 ha-slave 备节点操作 [root@ha-slave ~] # hostname ha-slave [root@ha-slave ~] # vim /etc/sysconfig/network HOSTNAME=ha-slave [root@ha-slave ~] # vim /etc/hosts 172.16.60.206 ha-master 172.16.60.207 ha-slave 3) 设置ip路由转发功能 (四台节点机器都设置) [root@ha-master ~] # echo 1 > /proc/sys/net/ipv4/ip_forward [root@ha-master ~] # vim /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@ha-master ~] # sysctl -p |
2) 安装配置 Heartbeat (两台HA节点机都操作)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
1) 首先安装heartbeat (HA主备两个节点都要同样操作) 分别下载epel-release-latest-6.noarch.rpm 和 ldirectord-3.9.5-3.1.x86_64.rpm 下载地址: https: //pan .baidu.com /s/1IvCDEFLCBYddalV89YvonQ 提取密码: gz53 [root@ha-master ~] # ll epel-release-latest-6.noarch.rpm -rw-rw-r-- 1 root root 14540 Nov 5 2012 epel-release-latest-6.noarch.rpm [root@ha-master ~] # ll ldirectord-3.9.5-3.1.x86_64.rpm -rw-rw-r-- 1 root root 90140 Dec 24 15:54 ldirectord-3.9.5-3.1.x86_64.rpm [root@ha-master ~] # yum install -y epel-release [root@ha-master ~] # rpm -ivh epel-release-latest-6.noarch.rpm --force [root@ha-master ~] # yum install -y heartbeat* libnet [root@ha-master ~] # yum install -y ldirectord-3.9.5-3.1.x86_64.rpm #因为依赖比较多, 所以直接采用yum方式安装 2) 配置heartbeat (HA主备两个节点都要操作) 安装完heartbeat后系统会生成一个 /etc/ha .d/目录,此目录用于存放heartbeat的有关配置文件。 Heartbeat自带配置文件的注释信息较多,在此手工编写有关配置文件,heartbeat常用配置文件有四个,分别是: ha.cf:heartbeat主配置文件 ldirectord.cf:资源管理文件 haresources:本地资源文件 authkeys:认证文件 [root@ha-master ~] # cd /usr/share/doc/heartbeat-3.0.4/ [root@ha-master heartbeat-3.0.4] # cp authkeys ha.cf haresources /etc/ha.d/ [root@ha-master heartbeat-3.0.4] # cd /usr/share/doc/ldirectord-3.9.5 [root@ha-master ldirectord-3.9.5] # cp ldirectord.cf /etc/ha.d/ [root@ha-master ldirectord-3.9.5] # cd /etc/ha.d/ [root@ha-master ha.d] # ll total 56 -rw-r--r-- 1 root root 645 Dec 24 21:37 authkeys -rw-r--r-- 1 root root 10502 Dec 24 21:37 ha.cf -rwxr-xr-x 1 root root 745 Dec 3 2013 harc -rw-r--r-- 1 root root 5905 Dec 24 21:37 haresources -rw-r--r-- 1 root root 8301 Dec 24 21:38 ldirectord.cf drwxr-xr-x 2 root root 4096 Dec 24 21:28 rc.d -rw-r--r-- 1 root root 692 Dec 3 2013 README.config drwxr-xr-x 2 root root 4096 Dec 24 21:28 resource.d -rw-r--r-- 1 root root 2082 Mar 24 2017 shellfuncs 3) 配置heartbeat的主配置文件ha.cf (HA主备节点配置一样) [root@ha-master ha.d] # pwd /etc/ha .d [root@ha-master ha.d] # cp ha.cf ha.cf.bak [root@ha-master ha.d] # > ha.cf [root@ha-master ha.d] # vim ha.cf debugfile /var/log/ha-debug logfile /var/log/ha-log #日志存放位置 #crm yes #是否开启集群资源管理功能 logfacility local0 #记录日志等级 keepalive 2 #心跳的时间间隔,默认时间单位为秒 deadtime 5 #超出该时间间隔未收到对方节点的心跳,则认为对方已经死亡。 warntime 3 #超出该时间间隔未收到对方节点的心跳,则发出警告并记录到日志中,但此时不会切换 initdead 10 #在某些系统上,系统启动或重启之后需要经过一段时间网络才能正常工作,该选项用于解决这种情况产生的时间间隔。取值至少为deadtime的两倍。 udpport 694 #设置广播通信使用的端口,694为默认使用的端口号。 bcast eth0 # Linux指定心跳使用以太网广播方式,并在eth0上进行广播。"#"后的要完全删除,要不然要出错。 ucast eth0 172.16.60.207 #采用网卡eth0的UDP多播来组织心跳,后面跟的IP地址应该为双机中对方的IP地址!!!!! auto_failback on #在该选项设为on的情况下,一旦主节点恢复运行,则自动获取资源并取代备用节点。off主节点恢复后变为备用节点,备用为主节点!!!!! #stonith_host * baytech 10.0.0.3 mylogin mysecretpassword #stonith_host ken3 rps10 /dev/ttyS1 kathy 0 #stonith_host kathy rps10 /dev/ttyS1 ken3 0 #watchdog /dev/watchdog node ha-master #主机节点名,可通过"uname -n"查看,默认为主节点!!!!! node ha-slave #备用机节点名,默认为次节点,要注意顺序!!!! #ping 172.16.60.207 # 选择ping节点,选择固定路由作为节点。ping节点仅用来测试网络连接。一般选择这行ping测试就行, 下面一行注释掉. ping_group group1 172.16.60.204 172.16.60.205 #这个地址并不是双机中的两个节点地址,而是仅仅用来测试网络的连通性. 当这两个IP 都不能ping通时,对方即开始接管资源。 respawn root /usr/lib64/heartbeat/ipfail #选配项。其中rootr表示启动ipfail进程的身份。要确保/usr/lib64/heartbeat/ipfail这个路径正确(可以用find命令搜索出来), 否则heartbeat启动失败 apiauth ipfail gid=root uid=root ============================温馨提示================================ HA备节点的ha.cf文件只需要将上面配置中的ucast一行内容改为 "ucast eth0 172.16.60.206" 即可, 其他配置内容和上面HA主节点的ha.cf完全一样! 4) 配置heartbeat的认证文件authkeys (HA主备节点配置必须一致) [root@ha-master ~] # cd /etc/ha.d/ [root@ha-master ha.d] # cp authkeys authkeys.bak [root@ha-master ha.d] # >authkeys auth 3 #auth后面指定的数字,下一行必须作为关键字再次出现! 一共有"1", "2","3" 三行, 这里选择"3"关键字, 选择"1"和"2"关键字也行, HA主备节点必须一致! #1 crc #2 sha1 HI! 3 md5 Hello! 必须将该文件授权为600 [root@ha-master ha.d] # chmod 600 authkeys [root@ha-master ha.d] # ll authkeys -rw------- 1 root root 20 Dec 25 00:16 authkeys 5) 修改heartbeat的资源文件haresources (HA主备节点配置必须完全一致) [root@ha-slave ha.d] # cp haresources haresources.bak [root@ha-slave ha.d] # >haresources [root@ha-slave ha.d] # vim haresources # 在文件结尾添加下面一行内容. 由于该文件默认全是注释,可以先清空该文件, 然后添加下面这一行内容 ha-master IPaddr::172.16.60.111 ipvsadm ldirectord 配置说明: 上面设置ha-maser为主节点, 集群VIP为172.16.60.111, ipvsadm ldirectord为所指定需要监视的应用服务. 这样启动heartbeat服务的时候, 会自动启动ipvsadm和ldirectord服务. ipvsadm服务的配置文件为 /etc/sysconfig/ipvsadm , 后面会配置这个. ldirectord 服务的配置文件为 /etc/ha .d /ldirectord .cf, 后面会配置这个 6) 配置heartbeat的监控文件ldirectord.cf (HA主备节点配置必须完全一致) ldirectord,用于监控在lvs集群的真实服务。ldirectord是和heartbeat相结合的一个服务,可以作为heartbeat的一个启动服务。 Ldirectord 的作用是监测 Real Server,当 Real Server失效时,把它从 Load Balancer列表中删除,恢复时重新添加。 将ldrectord的配置文件复制到 /etc/ha .d下,因为默认没有放到这个路径下, 并且在ldirectord.cf文件中要配置 "quiescent=no" 。 [root@ha-master ha.d] # cp ldirectord.cf ldirectord.cf.bak [root@ha-master ha.d] # vim ldirectord.cf checktimeout=3 #判定realserver出错时间 checkinterval=1 #指定ldirectord在两次检查之间的间隔时间,即主从切换的时间间隔 autoreload= yes #是否自动重载配置文件 logfile= "/var/log/ldirectord.log" #指定ldirectord的日志文件路径 #logfile="local0" #emailalert="root@30920.cn" #emailalertfreq=3600 #emailalertstatus=all quiescent=no #如果一个realserver节点在checktimeout设置的时间周期内没响应,将会被踢除,中断现有客户端的连接。 设置为yes, 则出问题的realserver节点不会被踢出, 只是新的连接不能到达。 virtual=172.16.60.111:80 #指定虚拟IP,注意在virtual这行后面的行必须缩进一个tab字符进行标记!! 否则极有可能因为格式配置不正确而导致ldirectord启动失败 real=172.16.60.204:80 gate #gate为lvs的DR模式,ipip表示TUNL模式,masq表示NAT模式 real=172.16.60.205:80 gate #当所有RS机器不能访问的时候WEB重写向地址; 即表示realserver全部失败,vip指向本机80端口 fallback=127.0.0.1:80 gate #指定服务类型,这里对HTTP进行负载均衡 service=http #指定服务类型,这里对HTTP进行负载均衡 scheduler=wlc #指定调度算法,这里的算法一定要和lvs脚本(/etc/sysconfig/ipvsadm)的算法一样 persistent=600 #持久链接:表示600s之内同一个客户端ip将访问同一台realserver. 除非这个realserver出现故障,才会将请求转发到另一个realserver #netmask=255.255.255.255 protocol=tcp # 指定协议 checktype=negotiate #指定检查类型为协商 (或者执行检查类型为negotiate, 表示通过交互来判断服务是否正常) checkport=80 # 监控的端口 receive= "Test HA Page" #指定请求和应答字符串,也就是上面lvs_testpage.html的内容 #virtualhost=www.x.y.z #虚拟服务器的名称可任意指定 ============================温馨提示====================================== 配置如上,通过virtual来定义vip,接下来是定义real service的节点,fallback是当所有real挂掉后,访问请求到本机的80端口上去,一般这个页面显示服务器正在维护等界面。 service表示;调度的服务,scheduler是调度算法,protocol是定义协议,checktype是检查类型为协商,checkport就是检查的端口,也就是健康检查。 上面在 /etc/ha .d /ldirectord .cf文件里定义了一个80端口的代理转发, 如果还有其他端口, 比如3306, 则只需要在下面再添加一个 "virtual=172.16.60.111:3306 ...." 类似上面的配置即可! 配置案例在备份的ldirectord.cf.bak文件里有. ldirectord.cf文件的配置, 最好按照这个文件里的配置范例去修改, 不要全部清空后自行添加, 否则容易因为配置格式问题导致ldirectord服务启动失败! 使用status查看ldirectord服务, 只要不出现报错信息, 就说明ldirectord.cf文件配置没有问题了! [root@ha-master ha.d] # /etc/init.d/ldirectord status |
3) 安装配置 LVS (两台HA节点机操作一致)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
1) 安装lvs依赖 [root@ha-master ~] # yum install -y libnl* popt* 查看是否加载lvs模块 [root@ha-master ~] # modprobe -l |grep ipvs kernel /net/netfilter/ipvs/ip_vs .ko kernel /net/netfilter/ipvs/ip_vs_rr .ko kernel /net/netfilter/ipvs/ip_vs_wrr .ko kernel /net/netfilter/ipvs/ip_vs_lc .ko kernel /net/netfilter/ipvs/ip_vs_wlc .ko kernel /net/netfilter/ipvs/ip_vs_lblc .ko kernel /net/netfilter/ipvs/ip_vs_lblcr .ko kernel /net/netfilter/ipvs/ip_vs_dh .ko kernel /net/netfilter/ipvs/ip_vs_sh .ko kernel /net/netfilter/ipvs/ip_vs_sed .ko kernel /net/netfilter/ipvs/ip_vs_nq .ko kernel /net/netfilter/ipvs/ip_vs_ftp .ko kernel /net/netfilter/ipvs/ip_vs_pe_sip .ko 2) 下载并安装LVS [root@ha-master ~] # cd /usr/local/src/ [root@ha-master src] # unlink /usr/src/linux [root@ha-master src] # ln -s /usr/src/kernels/2.6.32-431.5.1.el6.x86_64/ /usr/src/linux [root@ha-master src] # wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz [root@ha-master src] # tar -zvxf ipvsadm-1.26.tar.gz [root@ha-master src] # cd ipvsadm-1.26 [root@ha-master ipvsadm-1.26] # make && make install LVS安装完成,查看当前LVS集群 [root@ha-master ipvsadm-1.26] # ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn 3) 添加lvs的管理脚本(ipvsadm) ipvsadm服务的配置文件是 /etc/sysconfig/ipvsadm [root@ha-master ha.d] # vim /etc/sysconfig/ipvsadm #!/bin/bash # description: start LVS of DirectorServer #Written by :NetSeek http://www.linuxtone.org GW=172.16.60.1 #这个是VIP所在网段的网段地址 # website director vip. WEB_VIP=172.16.60.111 WEB_RIP1=172.16.60.204 WEB_RIP2=172.16.60.205 . /etc/rc .d /init .d /functions logger $0 called with $1 case "$1" in start) # Clear all iptables rules. /sbin/iptables -F # Reset iptables counters. /sbin/iptables -Z # Clear all ipvsadm rules/services. /sbin/ipvsadm -C #set lvs vip for dr /sbin/ipvsadm -- set 30 5 60 /sbin/ifconfig eth0:0 $WEB_VIP broadcast $WEB_VIP netmask 255.255.255.255 up /sbin/route add -host $WEB_VIP dev eth0:0 /sbin/ipvsadm -A -t $WEB_VIP:80 -s wlc -p 600 /sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP1:80 -g /sbin/ipvsadm -a -t $WEB_VIP:80 -r $WEB_RIP2:80 -g touch /var/lock/subsys/ipvsadm > /dev/null 2>&1 # set Arp /sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW > /dev/null 2>&1 ;; stop) /sbin/ipvsadm -C /sbin/ipvsadm -Z ifconfig eth0:0 down route del $WEB_VIP > /dev/null 2>&1 rm -rf /var/lock/subsys/ipvsadm > /dev/null 2>&1 /sbin/arping -I eth0 -c 5 -s $WEB_VIP $GW echo "ipvsadm stoped" ;; status) if [ ! -e /var/lock/subsys/ipvsadm ]; then echo "ipvsadm is stoped" exit 1 else ipvsadm - ln echo "..........ipvsadm is OK." fi ;; *) echo "Usage: $0 {start|stop|status}" exit 1 esac exit 0 ===============温馨提示================= 上面配置中的 "-p 600" 的意思是会话保持时间为600秒,这个应该和ldirectord.cf文件配置一致 (还有lvs策略也要一致, 如这里的lwc) 授权脚本执行权限 [root@ha-master ha.d] # chmod 755 /etc/sysconfig/ipvsadm |
4) realserver 节点配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
1) 在realserver节点上编写LVS启动脚本 (两个realserver节点操作完全一致) [root@rs-204 ~] # vim /etc/init.d/realserver #!/bin/sh VIP=172.16.60.111 . /etc/rc .d /init .d /functions case "$1" in # 禁用本地的ARP请求、绑定本地回环地址 start) /sbin/ifconfig lo down /sbin/ifconfig lo up echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce /sbin/sysctl -p > /dev/null 2>&1 /sbin/ifconfig lo:0 $VIP netmask 255.255.255.255 up /sbin/route add -host $VIP dev lo:0 echo "LVS-DR real server starts successfully.
" ;; stop) /sbin/ifconfig lo:0 down /sbin/route del $VIP > /dev/null 2>&1 echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce echo "LVS-DR real server stopped.
" ;; status) isLoOn=` /sbin/ifconfig lo:0 | grep "$VIP" ` isRoOn=` /bin/netstat -rn | grep "$VIP" ` if [ "$isLoON" == "" -a "$isRoOn" == "" ]; then echo "LVS-DR real server has run yet." else echo "LVS-DR real server is running." fi exit 3 ;; *) echo "Usage: $0 {start|stop|status}" exit 1 esac exit 0 启动两台realserver节点的realserver脚本 [root@rs-204 ~] # chmod 755 /etc/init.d/realserver [root@rs-204 ~] # ll /etc/init.d/realserver -rwxr-xr-x 1 root root 1278 Dec 24 13:40 /etc/init .d /realserver [root@rs-204 ~] # /etc/init.d/realserver start LVS-DR real server starts successfully.
设置开机启动 [root@rs-204 ~] # echo "/etc/init.d/realserver" >> /etc/rc.local 查看, 发现两台realserver节点上的lo:0上已经配置了vip地址 [root@rs-204 ~] # ifconfig ........... lo:0 Link encap:Local Loopback inet addr:172.16.60.111 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1 2) 接着部署两台realserver的web测试环境 (两个realserver节点安装操作一致) 采用yum方式安装nginx (先安装nginx的yum源) [root@rs-204 ~] # rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm [root@rs-204 ~] # yum install nginx realserver01的nginx配置 [root@rs-204 ~] # cd /etc/nginx/conf.d/ [root@rs-204 conf.d] # cat default.conf [root@rs-204 conf.d] # >/usr/share/nginx/html/index.html [root@rs-204 conf.d] # vim /usr/share/nginx/html/index.html this is test page of realserver01:172.16.60.204 [root@rs-204 conf.d] # vim /usr/share/nginx/html/lvs_testpage.html Test HA Page [root@rs-204 conf.d] # /etc/init.d/nginx start Starting nginx: [ OK ] [root@rs-204 conf.d] # lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME nginx 31944 root 6u IPv4 91208 0t0 TCP *:http (LISTEN) nginx 31945 nginx 6u IPv4 91208 0t0 TCP *:http (LISTEN) realserver02的nginx配置 [root@rs-205 src] # cd /etc/nginx/conf.d/ [root@rs-205 conf.d] # cat default.conf [root@rs-205 conf.d] # >/usr/share/nginx/html/index.html [root@rs-205 conf.d] # vim /usr/share/nginx/html/index.html this is test page of realserver02:172.16.60.205 [root@rs-205 conf.d] # vim /usr/share/nginx/html/lvs_testpage.html Test HA Page [root@rs-205 conf.d] # /etc/init.d/nginx start Starting nginx: [ OK ] [root@rs-205 conf.d] # lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME nginx 20839 root 6u IPv4 289527645 0t0 TCP *:http (LISTEN) nginx 20840 nginx 6u IPv4 289527645 0t0 TCP *:http (LISTEN) 最后分别访问realserver01和realserver02节点的nginx,: 访问http: //172 .16.60.204/, 访问结果为 "this is test page of realserver01:172.16.60.204" 访问http: //172 .16.60.204 /lvs_testpage .html, 访问结果为 "Test HA Page" 访问http: //172 .16.60.205/, 访问结果为 "this is test page of realserver02:172.16.60.205" 访问http: //172 .16.60.205 /lvs_testpage .html, 访问结果为 "Test HA Page" |
5) 配置两台HA节点上转发到自身80端口的页面内容 (两台HA节点操作一致)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
由于在ldirectord.cf文件中配置了 "fallback=127.0.0.1:80 gate" , 即当后端realserver都发生故障时, 客户端的访问请求将转发到LVS的HA节点自身的80端口上 [root@ha-master ~] # rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm [root@ha-master ~] # yum install nginx realserver01的nginx配置 [root@ha-master ~] # cd /etc/nginx/conf.d/ [root@ha-master conf.d] # cat default.conf [root@ha-master conf.d] # >/usr/share/nginx/html/index.html [root@ha-master conf.d] # vim /usr/share/nginx/html/index.html Sorry, the access is in maintenance for the time being. Please wait a moment. [root@ha-master conf.d] # /etc/init.d/nginx start Starting nginx: [ OK ] [root@ha-master conf.d] # lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME nginx 31944 root 6u IPv4 91208 0t0 TCP *:http (LISTEN) nginx 31945 nginx 6u IPv4 91208 0t0 TCP *:http (LISTEN) 访问http: //172 .16.60.206/ 或者 http: //172 .16.60.207 访问结果为 "Sorry, the access is in maintenance for the time being. Please wait a moment." |
6) 启动heartbeat服务 (两个HA节点都要操作)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
启动heartbeat服务的时候, 就会自带启动ipvsadm 和 ldirectord, 因为在 /etc/ha .d /haresources 文件里配置了! 需要知道的是: 只有当前提供lvs转发服务(即拥有VIP资源)的一方 才能在启动heartbeat的时候, 自带启动ipvsadm 和 ldirectord! 1) 先启动HA主节点的heartbeat [root@ha-master ~] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped Done. [root@ha-master ~] # ps -ef|grep heartbeat root 20886 1 0 15:41 ? 00:00:00 heartbeat: master control process root 20891 20886 0 15:41 ? 00:00:00 heartbeat: FIFO reader root 20892 20886 0 15:41 ? 00:00:00 heartbeat: write: bcast eth0 root 20893 20886 0 15:41 ? 00:00:00 heartbeat: read : bcast eth0 root 20894 20886 0 15:41 ? 00:00:00 heartbeat: write: ucast eth0 root 20895 20886 0 15:41 ? 00:00:00 heartbeat: read : ucast eth0 root 20896 20886 0 15:41 ? 00:00:00 heartbeat: write: ping_group group1 root 20897 20886 0 15:41 ? 00:00:00 heartbeat: read : ping_group group1 root 20917 20886 0 15:41 ? 00:00:00 /usr/lib64/heartbeat/ipfail root 20938 17616 0 15:41 pts /0 00:00:00 grep heartbeat heartbeat服务端口默认是694. [root@ha-master ~] # lsof -i:694 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME heartbeat 20892 root 7u IPv4 42238 0t0 UDP *:ha-cluster heartbeat 20893 root 7u IPv4 42238 0t0 UDP *:ha-cluster heartbeat 20894 root 7u IPv4 42244 0t0 UDP *:ha-cluster heartbeat 20895 root 7u IPv4 42244 0t0 UDP *:ha-cluster 发现ldirectord服务被自带启动了, 说明master节点是当前提供lvs转发服务的一方 [root@ha-master ~] # ps -ef|grep ldirectord root 21336 1 0 15:41 ? 00:00:00 /usr/bin/perl -w /usr/sbin/ldirectord start root 21365 17616 0 15:42 pts /0 00:00:00 grep ldirectord [root@ha-master ~] # /etc/init.d/ldirectord status ldirectord for /etc/ha .d /ldirectord .cf is running with pid: 21336 查看master节点,发现master节点当前占有vip资源 (首次启动heartbeat服务后, 需要稍微等待一段时间, vip资源才会出来. 后续再重启或切换时, vip资源就会迅速出现了) [root@ha-master ~] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff inet 172.16.60.206 /24 brd 172.16.60.255 scope global eth0 inet 172.16.60.111 /24 brd 172.16.60.255 scope global secondary eth0 inet6 fe80::250:56ff:feac:509b /64 scope link valid_lft forever preferred_lft forever master节点当前提供了lvs转发功能, 可以查看到转发效果 [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.204:80 Route 1 0 0 -> 172.16.60.205:80 Route 1 0 0 查看master节点的heartbeat日志 [root@ha-master ~] # tail -f /var/log/ha-log ip-request-resp(default)[21041]: 2018 /12/25_15 :41:48 received ip-request-resp IPaddr::172.16.60.111 OK yes ResourceManager(default)[21064]: 2018 /12/25_15 :41:48 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21092]: 2018 /12/25_15 :41:48 INFO: Resource is stopped ResourceManager(default)[21064]: 2018 /12/25_15 :41:48 info: Running /etc/ha .d /resource .d /IPaddr 172.16.60.111 start IPaddr(IPaddr_172.16.60.111)[21188]: 2018 /12/25_15 :41:48 INFO: Adding inet address 172.16.60.111 /24 with broadcast address 172.16.60.255 to device eth0 IPaddr(IPaddr_172.16.60.111)[21188]: 2018 /12/25_15 :41:48 INFO: Bringing device eth0 up IPaddr(IPaddr_172.16.60.111)[21188]: 2018 /12/25_15 :41:48 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172 .16.60.111 eth0 172.16.60.111 auto not_used not_used /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21174]: 2018 /12/25_15 :41:48 INFO: Success ResourceManager(default)[21064]: 2018 /12/25_15 :41:48 info: Running /etc/init .d /ipvsadm start ResourceManager(default)[21064]: 2018 /12/25_15 :41:48 info: Running /etc/init .d /ldirectord start 2) 接着启动HA备份节点的heartbeat [root@ha-slave ha.d] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped Done. [root@ha-slave ha.d] # ps -ef|grep heartbeat root 21703 1 0 15:41 ? 00:00:00 heartbeat: master control process root 21708 21703 0 15:41 ? 00:00:00 heartbeat: FIFO reader root 21709 21703 0 15:41 ? 00:00:00 heartbeat: write: bcast eth0 root 21710 21703 0 15:41 ? 00:00:00 heartbeat: read : bcast eth0 root 21711 21703 0 15:41 ? 00:00:00 heartbeat: write: ucast eth0 root 21712 21703 0 15:41 ? 00:00:00 heartbeat: read : ucast eth0 root 21713 21703 0 15:41 ? 00:00:00 heartbeat: write: ping_group group1 root 21714 21703 0 15:41 ? 00:00:00 heartbeat: read : ping_group group1 root 21734 21703 0 15:41 ? 00:00:00 /usr/lib64/heartbeat/ipfail root 21769 19163 0 15:42 pts /0 00:00:00 grep heartbeat [root@ha-slave ha.d] # lsof -i:694 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME heartbeat 21709 root 7u IPv4 105186 0t0 UDP *:ha-cluster heartbeat 21710 root 7u IPv4 105186 0t0 UDP *:ha-cluster heartbeat 21711 root 7u IPv4 105192 0t0 UDP *:ha-cluster heartbeat 21712 root 7u IPv4 105192 0t0 UDP *:ha-cluster 发现ldirectord服务没有被heartbeat自带启动 (因为当前备份节点没有提供lvs转发功能, 即没有接管vip资源) [root@ha-slave ha.d] # /etc/init.d/ldirectord status ldirectord is stopped for /etc/ha .d /ldirectord .cf [root@ha-slave ha.d] # ps -ef|grep ldirectord root 21822 19163 0 15:55 pts /0 00:00:00 grep ldirectord 发现ipvsadm服务也没有被heartbeat自带启动 (因为当前备份节点没有提供lvs转发功能, 即没有接管vip资源) [root@ha-slave ha.d] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff inet 172.16.60.207 /24 brd 172.16.60.255 scope global eth0 inet6 fe80::250:56ff:feac:5b5 /64 scope link valid_lft forever preferred_lft forever [root@ha-slave ha.d] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn 查看HA备份节点的heartbeat日志 [root@ha-slave ha.d] # tail -f /var/log/ha-log Dec 25 15:41:37 ha-slave heartbeat: [21734]: info: Starting "/usr/lib64/heartbeat/ipfail" as uid 0 gid 0 (pid 21734) Dec 25 15:41:38 ha-slave heartbeat: [21703]: info: Status update for node ha-master: status active harc(default)[21737]: 2018 /12/25_15 :41:38 info: Running /etc/ha .d //rc .d /status status Dec 25 15:41:42 ha-slave ipfail: [21734]: info: Status update: Node ha-master now has status active Dec 25 15:41:44 ha-slave ipfail: [21734]: info: Asking other side for ping node count. Dec 25 15:41:47 ha-slave ipfail: [21734]: info: No giveup timer to abort. Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: remote resource transition completed. Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: remote resource transition completed. Dec 25 15:41:48 ha-slave heartbeat: [21703]: info: Initial resource acquisition complete (T_RESOURCES(us)) Dec 25 15:41:48 ha-slave heartbeat: [21754]: info: No local resources [ /usr/share/heartbeat/Resourc 访问使用vip地址访问, 即: 访问http: //172 .16.60.111/, 结果为 "this is test page of realserver01:172.16.60.204" 或者 "this is test page of realserver02:172.16.60.205" 访问http: //172 .16.60.111 /lvs_testpage .html, 结果为 "Test HA Page" 温馨提示: 下面是两个常用的ipvsadm 关于查看lvs状态的命令 ====================================== 查看lvs的连接状态命令 [root@ha-master ~] # ipvsadm -l --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 172.16.60.111:http 0 0 0 0 0 -> 172.16.60.204:http 0 0 0 0 0 -> 172.16.60.205:http 0 0 0 0 0 说明: Conns (connections scheduled) 已经转发过的连接数 InPkts (incoming packets) 入包个数 OutPkts (outgoing packets) 出包个数 InBytes (incoming bytes) 入流量(字节) OutBytes (outgoing bytes) 出流量(字节) ====================================== 查看lvs的速率 [root@ha-master ~] # ipvsadm -l --rate IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port CPS InPPS OutPPS InBPS OutBPS -> RemoteAddress:Port TCP 172.16.60.111:http 0 0 0 0 0 -> 172.16.60.204:http 0 0 0 0 0 -> 172.16.60.205:http 0 0 0 0 0 说明: CPS (current connection rate) 每秒连接数 InPPS (current in packet rate) 每秒的入包个数 OutPPS (current out packet rate) 每秒的出包个数 InBPS (current in byte rate) 每秒入流量(字节) OutBPS (current out byte rate) 每秒入流量(字节) ====================================== 上面的两台HA节点均只有一个网卡设备eth0, 如果有两块网卡, 比如还有一个eth1, 则可以将这个eth1作为heartbeat交叉线直连的设备, 即HA主备两台机器之间使用一根串口直连线缆eth1进行连接. 比如: HA主节点 172.16.60.206(eth0), 10.0.11.21(eth1, heartbeat交叉线直连) HA备节点 172.16.60.207(eth0), 10.0.11.22(eth1, heartbeat交叉线直连) 这样比起只有一个eth0, 只需要在ha.cf文件中多加下面一行 (其他的操作配置都不用变!) ping_group group1 10.0.11.21 10.0.11.22 // 多加这一行 ping_group group1 172.16.60.204 172.16.60.205 |
7) 故障转移切换测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
1) 先关闭HA主节点的heartbeat [root@ha-master ~] # /etc/init.d/heartbeat stop Stopping High-Availability services: Done. [root@ha-master ~] # ps -ef|grep heartbeat root 21625 17616 0 16:03 pts /0 00:00:00 grep heartbeat 发现关闭heartbeat服务后, 主节点的ipvsadm 和 ldirectord都会被自带关闭, VIP资源也被转移走了, 即当前master节点不提供lvs转发服务 [root@ha-master ~] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff inet 172.16.60.206 /24 brd 172.16.60.255 scope global eth0 inet6 fe80::250:56ff:feac:509b /64 scope link valid_lft forever preferred_lft forever [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@ha-master ~] # ps -ef|grep ldirectord root 21630 17616 0 16:03 pts /0 00:00:00 grep ldirectord 查看此时HA主节点的heartbeat日志 [root@ha-master ~] # tail -1000 /var/log/ha-log ........ Dec 25 16:02:38 ha-master heartbeat: [20886]: info: Heartbeat shutdown in progress. (20886) Dec 25 16:02:38 ha-master heartbeat: [21454]: info: Giving up all HA resources. ResourceManager(default)[21467]: 2018 /12/25_16 :02:38 info: Releasing resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord ResourceManager(default)[21467]: 2018 /12/25_16 :02:38 info: Running /etc/init .d /ldirectord stop ResourceManager(default)[21467]: 2018 /12/25_16 :02:38 info: Running /etc/init .d /ipvsadm stop ResourceManager(default)[21467]: 2018 /12/25_16 :02:38 info: Running /etc/ha .d /resource .d /IPaddr 172.16.60.111 stop IPaddr(IPaddr_172.16.60.111)[21563]: 2018 /12/25_16 :02:38 INFO: IP status = ok, IP_CIP= /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21549]: 2018 /12/25_16 :02:38 INFO: Success 接着查看HA备份节点的情况, 发现VIP已将已经切换到备份节点这边了, 说明当前备份节点提供lvs转发服务, 则备份节点的ipvsadm 和 ldirectord也被自带启动了 [root@ha-slave ha.d] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff inet 172.16.60.207 /24 brd 172.16.60.255 scope global eth0 inet 172.16.60.111 /24 brd 172.16.60.255 scope global secondary eth0 inet6 fe80::250:56ff:feac:5b5 /64 scope link valid_lft forever preferred_lft forever [root@ha-slave ha.d] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.204:80 Route 1 0 0 -> 172.16.60.205:80 Route 1 0 0 [root@ha-slave ha.d] # ps -ef|grep ldirectord root 22203 1 0 16:02 ? 00:00:01 /usr/bin/perl -w /usr/sbin/ldirectord start root 22261 19163 0 16:07 pts /0 00:00:00 grep ldirectord 查看此时HA备份节点的heartbeat日志 [root@ha-slave ha.d] # tail -1000 /var/log/ha-log ........... harc(default)[21887]: 2018 /12/25_16 :02:39 info: Running /etc/ha .d //rc .d /status status mach_down(default)[21904]: 2018 /12/25_16 :02:39 info: Taking over resource group IPaddr::172.16.60.111 ResourceManager(default)[21931]: 2018 /12/25_16 :02:39 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21959]: 2018 /12/25_16 :02:39 INFO: Resource is stopped ResourceManager(default)[21931]: 2018 /12/25_16 :02:39 info: Running /etc/ha .d /resource .d /IPaddr 172.16.60.111 start IPaddr(IPaddr_172.16.60.111)[22055]: 2018 /12/25_16 :02:39 INFO: Adding inet address 172.16.60.111 /24 with broadcast address 172.16.60.255 to device eth0 IPaddr(IPaddr_172.16.60.111)[22055]: 2018 /12/25_16 :02:39 INFO: Bringing device eth0 up IPaddr(IPaddr_172.16.60.111)[22055]: 2018 /12/25_16 :02:39 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172 .16.60.111 eth0 172.16.60.111 auto not_used not_used /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[22041]: 2018 /12/25_16 :02:39 INFO: Success ResourceManager(default)[21931]: 2018 /12/25_16 :02:39 info: Running /etc/init .d /ipvsadm start ResourceManager(default)[21931]: 2018 /12/25_16 :02:39 info: Running /etc/init .d /ldirectord start mach_down(default)[21904]: 2018 /12/25_16 :02:39 info: /usr/share/heartbeat/mach_down : nice_failback: foreign resources acquired mach_down(default)[21904]: 2018 /12/25_16 :02:39 info: mach_down takeover complete for node ha-master. 2) 然后在重新启动HA主节点的heartbeat服务 由于在ha.cf文件中配置了 "auto_failback on " 参数, 所以当主节点恢复后, 会将VIP资源自动抢占回来并替换备份节点重新接管lvs转发服务. 主节点的heartbeat恢复后, ipvsadm 和 ldirectord也会被重新启动 [root@ha-master ~] # /etc/init.d/heartbeat start Starting High-Availability services: INFO: Resource is stopped Done. [root@ha-master ~] # ps -ef|grep heartbeat root 21778 1 0 16:12 ? 00:00:00 heartbeat: master control process root 21783 21778 0 16:12 ? 00:00:00 heartbeat: FIFO reader root 21784 21778 0 16:12 ? 00:00:00 heartbeat: write: bcast eth0 root 21785 21778 0 16:12 ? 00:00:00 heartbeat: read : bcast eth0 root 21786 21778 0 16:12 ? 00:00:00 heartbeat: write: ucast eth0 root 21787 21778 0 16:12 ? 00:00:00 heartbeat: read : ucast eth0 root 21788 21778 0 16:12 ? 00:00:00 heartbeat: write: ping_group group1 root 21789 21778 0 16:12 ? 00:00:00 heartbeat: read : ping_group group1 root 21809 21778 0 16:12 ? 00:00:00 /usr/lib64/heartbeat/ipfail root 21812 21778 0 16:12 ? 00:00:00 heartbeat: master control process root 21825 21812 0 16:12 ? 00:00:00 /bin/sh /usr/share/heartbeat/ResourceManager takegroup IPaddr::172.16.60.111 ipvsadm ldirectord root 21949 21935 0 16:12 ? 00:00:00 /bin/sh /usr/lib/ocf/resource .d //heartbeat/IPaddr start root 21956 17616 0 16:12 pts /0 00:00:00 grep heartbeat [root@ha-master ~] # lsof -i:694 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME heartbeat 21784 root 7u IPv4 46306 0t0 UDP *:ha-cluster heartbeat 21785 root 7u IPv4 46306 0t0 UDP *:ha-cluster heartbeat 21786 root 7u IPv4 46312 0t0 UDP *:ha-cluster heartbeat 21787 root 7u IPv4 46312 0t0 UDP *:ha-cluster [root@ha-master ~] # ps -ef|grep ldirectord root 22099 1 1 16:12 ? 00:00:00 /usr/bin/perl -w /usr/sbin/ldirectord start root 22130 17616 0 16:12 pts /0 00:00:00 grep ldirectord [root@ha-master ~] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:50:9b brd ff:ff:ff:ff:ff:ff inet 172.16.60.206 /24 brd 172.16.60.255 scope global eth0 inet 172.16.60.111 /24 brd 172.16.60.255 scope global secondary eth0 inet6 fe80::250:56ff:feac:509b /64 scope link valid_lft forever preferred_lft forever [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.204:80 Route 1 0 0 -> 172.16.60.205:80 Route 1 1 0 查看此时HA主节点的heartbeat日志 [root@ha-master ~] # tail -1000 /var/log/ha-log ........ ResourceManager(default)[21825]: 2018 /12/25_16 :12:12 info: Acquiring resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21853]: 2018 /12/25_16 :12:13 INFO: Resource is stopped ResourceManager(default)[21825]: 2018 /12/25_16 :12:13 info: Running /etc/ha .d /resource .d /IPaddr 172.16.60.111 start IPaddr(IPaddr_172.16.60.111)[21949]: 2018 /12/25_16 :12:13 INFO: Adding inet address 172.16.60.111 /24 with broadcast address 172.16.60.255 to device eth0 IPaddr(IPaddr_172.16.60.111)[21949]: 2018 /12/25_16 :12:13 INFO: Bringing device eth0 up IPaddr(IPaddr_172.16.60.111)[21949]: 2018 /12/25_16 :12:13 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-172 .16.60.111 eth0 172.16.60.111 auto not_used not_used /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[21935]: 2018 /12/25_16 :12:13 INFO: Success ResourceManager(default)[21825]: 2018 /12/25_16 :12:13 info: Running /etc/init .d /ipvsadm start ResourceManager(default)[21825]: 2018 /12/25_16 :12:13 info: Running /etc/init .d /ldirectord start 再观察此时HA备份节点的情况, 发现VIP资源在主节点的heartbeat恢复后就被主节点抢占回去了, 即此时备份节点没有vip资源, 也就不提供lvs转发服务了, 则备份节点的ipvsadm 和 ldirectord服务也会被关闭 [root@ha-slave ha.d] # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link /loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1 /8 scope host lo inet6 ::1 /128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link /ether 00:50:56:ac:05:b5 brd ff:ff:ff:ff:ff:ff inet 172.16.60.207 /24 brd 172.16.60.255 scope global eth0 inet6 fe80::250:56ff:feac:5b5 /64 scope link valid_lft forever preferred_lft forever [root@ha-slave ha.d] # ps -ef|grep ldirectord root 22516 19163 0 16:14 pts /0 00:00:00 grep ldirectord [root@ha-slave ha.d] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn 查看此时HA备份节点的heartbeat日志 [root@ha-slave ha.d] # tail -1000 /var/log/ha-log ....... ResourceManager(default)[22342]: 2018 /12/25_16 :12:12 info: Releasing resource group: ha-master IPaddr::172.16.60.111 ipvsadm ldirectord ResourceManager(default)[22342]: 2018 /12/25_16 :12:12 info: Running /etc/init .d /ldirectord stop ResourceManager(default)[22342]: 2018 /12/25_16 :12:12 info: Running /etc/init .d /ipvsadm stop ResourceManager(default)[22342]: 2018 /12/25_16 :12:12 info: Running /etc/ha .d /resource .d /IPaddr 172.16.60.111 stop IPaddr(IPaddr_172.16.60.111)[22438]: 2018 /12/25_16 :12:12 INFO: IP status = ok, IP_CIP= /usr/lib/ocf/resource .d //heartbeat/IPaddr (IPaddr_172.16.60.111)[22424]: 2018 /12/25_16 :12:12 INFO: Success Dec 25 16:12:12 ha-slave heartbeat: [22329]: info: foreign HA resource release completed (standby). 在上面HA主备节点故障切换的过程中, 客户端访问http: //172 .16.60.111/都是不受影响的, 即对客户端访问来说是无感知的故障切换, 实现了lvs代理层的高可用! 3) 先后关闭两台realserver节点中的nginx, 然后观察lvs的转发情况 [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.204:80 Route 1 0 0 -> 172.16.60.205:80 Route 1 0 2 先关闭rs-204的nginx服务 [root@rs-204 ~] # /etc/init.d/nginx stop Stopping nginx: [ OK ] [root@rs-204 ~] # lsof -i:80 [root@rs-204 ~] # rs-205的nginx保留 [root@rs-205 ~] # ps -ef|grep nginx root 5211 1 0 15:45 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx .conf nginx 5212 5211 0 15:45 ? 00:00:00 nginx: worker process root 5313 4852 0 16:19 pts /0 00:00:00 grep nginx 查看lvs转发情况 [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.205:80 Route 1 0 2 这时候访问http: //172 .16.60.111, 结果是 "this is test page of realserver02:172.16.60.205" 接着启动rs-204的nginx, 关闭rs-205的nginx [root@rs-204 ~] # /etc/init.d/nginx start Starting nginx: [ OK ] [root@rs-204 ~] # lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE /OFF NODE NAME nginx 4883 root 6u IPv4 143621 0t0 TCP *:http (LISTEN) nginx 4884 nginx 6u IPv4 143621 0t0 TCP *:http (LISTEN) 关闭rs-205的nginx [root@rs-205 ~] # /etc/init.d/nginx stop Stopping nginx: [ OK ] [root@rs-205 ~] # lsof -i:80 [root@rs-205 ~] # 查看lvs转发情况 [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 172.16.60.204:80 Route 1 0 0 这时候访问http: //172 .16.60.111, 结果是 "this is test page of realserver01:172.16.60.204" 然后把rs-204 和 rs-205两个节点的nginx都关闭 [root@rs-204 ~] # /etc/init.d/nginx stop Stopping nginx: [ OK ] [root@rs-205 ~] # /etc/init.d/nginx stop Stopping nginx: [ OK ] 查看lvs转发情况 [root@ha-master ~] # ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.60.111:80 wlc persistent 600 -> 127.0.0.1:80 Local 1 0 0 这时候访问http: //172 .16.60.111, 结果是 "Sorry, the access is in maintenance for the time being. Please wait a moment." 上面可知, 在realserver节点发生故障后, 会从lvs集群中踢出来, 待realserver节点恢复后会再次重新加入到lvs集群中 这是因为在ldirectord.cf文件中配置了 "quiescent=no " 参数 , 这样就实现了代理节点的高可用! |
以上是关于LVS+Heartbeat 高可用集群方案操作记录的主要内容,如果未能解决你的问题,请参考以下文章
Linux高可用集群方案之配置heartbeat v2基于crm+hb_gui接口,配置高可用httpd,mysql,lvs