操作目的
基於heartbeat v2和heartbeat-ldirectord實現LVS(DR)中Director的高可用,基於httpd提供web服務,並通過hb_gui的圖形界面進行;
規劃
準備工作:三臺主機, 分別配置如圖所示的IP 和主機名
注意:1、rs1和rs2提供的不同的頁面,目的是讓效果明顯
2 、VIP,即虛擬地址,不能被其他主機佔用
3、director中的ipvsadm和vip都要確保是關閉的,讓CRM來管理這些資源
一、配置LVS(DR)模型
- rs1
- #setenforce 0 //關閉selinux
- #yum -y install httpd
- # echo "<h1>rs1</h1>" >> /var/www/html/index.html //提供頁面文件
- #service httpd start
- # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
- # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
- # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
- # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
- # ifconfig lo:0 172.16.220.100 broadcast 172.16.220.100 netmask 255.255.255.255 up
- # route add -host 172.16.220.100 dev lo:0
- # elinks -dump http://172.16.220.21 //測試
- rs1
- # elinks -dump http://172.16.220.10
- rs1
- rs2:
- #setenforce 0
- # yum -y install httpd
- # echo "<h1>rs2</h1>" >> /var/www/html/index.html
- #service httpd start
- # echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
- # echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
- # echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
- # echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
- # ifconfig lo:0 172.16.220.100 broadcast 172.16.220.100 netmask 255.255.255.255 up
- # route add -host 172.16.220.100 dev lo:0
- # elinks -dump http://172.16.220.22
- rs2
- # elinks -dump http://172.16.220.100
- rs2
- Directory :node1
- #setenforce 0
- # yum -y install ipvsadm //安裝ipvsam
- # ifconfig eth0:0 172.16.220.100 broadcast 172.16.220.100 netmask 255.255.255.255 up
- # route add -host 172.16.220.100 dev eth0:0
- # echo 1 > /proc/sys/net/ipv4/ip_forward
- # ipvsadm -A -t 172.16.220.100:80 -s r
- # ipvsadm -a -t 172.16.220.100:80 -r 172.16.220.21 -g
- # ipvsadm -a -t 172.16.220.100:80 -r 172.16.220.22 -g
- # ipvsadm -ln
- IP Virtual Server version 1.2.1 (size=4096)
- Prot LocalAddress:Port Scheduler Flags
- -> RemoteAddress:Port Forward Weight ActiveConn InActConn
- TCP 172.16.220.100:80 rr
- -> 172.16.220.22:80 Route 1 0 0
- -> 172.16.220.21:80 Route 1 0 0
- 測試;172.16.220.100 效果是rs1 rs2的輪詢
- 到此,一個LVS的DR模型創建成功了。
二、把Director做成高可用
node1 node2 做成高可用集羣中,如規劃圖所示
1 停止node1的相關資源
- node1:
- #ipvsadm -S > /etc/sysconfig/ipvsadm
- #service ipvsadm restart
- #ipvsadm -ln
- #service ipvsadm stop
- #chkconfig ipvsadm off
- #chkconfig --list ipvsadm
- # ifconfig eth0:0 down
2 把node2做成director
- #setenforce 0
- #yum -y install ipvsadm
- # ifconfig eth0:0 172.16.220.100 broadcast 172.16.220.100 netmask 255.255.255.255 up
- # route add -host 172.16.200.100 dev eth0:0
- # echo 1 > /proc/sys/net/ipv4/ip_forward
- # ipvsadm -A -t 172.16.220.100:80 -s rr
- # ipvsadm -a -t 172.16.220.100:80 -r 172.16.220.21 -g
- # ipvsadm -a -t 172.16.220.100:80 -r 172.16.220.22 -g
- # ipvsadm -ln //查看定義的結果
- IP Virtual Server version 1.2.1 (size=4096)
- Prot LocalAddress:Port Scheduler Flags
- -> RemoteAddress:Port Forward Weight ActiveConn InActConn
- TCP 172.16.220.100:80 rr
- -> 172.16.220.22:80 Route 1 0 0
- -> 172.16.220.21:80 Route 1 0 0
- 測試:瀏覽器輸入172.16.220.100 結果rs1 rs2輪詢,工作正常
3 停止node2的相關資源
- # ipvsadm -S > /etc/sysconfig/ipvsadm
- #service ipvsadm restart
- #ipvsadm -ln
- #service ipvsadm stop
- #chkconfig ipvsadm off
- #chkconfig --list ipvsadm
- # ifconfig eth0:0 down
4 把node1 node2做成集羣
4.1 配置時間同步、ssh 互連
- node1:
- #hwclock -s //與系統時間一致
- #vim /etc/hosts
- 添加
- 172.16.220.11 node1
- 172.16.220.12 node2
- # ssh-keygen -t rsa //交互的方式,Enter即可
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Created directory '/root/.ssh'.
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- 9e:2f:7d:c7:c3:ab:cb:11:da:04:6c:4a:d6:31:29:78 root@node1
- # ssh-copy-id -i .ssh/id_rsa.pub root@node2 //與node2建立通信
- 15
- The authenticity of host 'node2 (172.16.220.12)' can't be established.
- RSA key fingerprint is 16:15:c4:65:45:d7:ea:c2:a7:29:4b:25:d1:ff:72:c8.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added 'node2,172.16.220.12' (RSA) to the list of known hosts.
- root@node2's password:
- Now try logging into the machine, with "ssh 'root@node2'", and check in:
- .ssh/authorized_keys
- to make sure we haven't added extra keys that you weren't expecting.
- #ssh node2 'ifconfig' //測試 ,顯示node2的"ifconfig"的相關內容
- node2:
- #hwclock -s
- #vim /etc/hosts
- 添加
- 172.16.220.11 node1
- 172.16.220.12 node2
- # ssh-keygen -t rsa (交互中的Enter即可)
- # ssh-copy-id -i .ssh/id_rsa.pub root@node1
- #ssh node1 'ifconfig' //測試 即可
4.2 在集羣節點node1 node2上安裝heartbeat
需要的包有
- heartbeat-2.1.4-9.el5.i386.rpm
- heartbeat-pils-2.1.4-10.el5.i386.rpm
- heartbeat-stonith-2.1.4-10.el5.i386.rpm
- libnet-1.1.4-3.el5.i386.rpm
- perl-MailTools-1.77-1.el5.noarch.rpm
- heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
- heartbeat-gui-2.1.4-9.el5.i386.rpm
- node1 node1安裝軟件包:
- # yum -y --nogpgcheck localinstall heartbeat-2.1.4-9.el5.i386.rpm heartbeat-pils-2.1.4-10.el5.i386.rpm heartbeat-stonith-2.1.4-10.el5.i386.rpm libnet-1.1.4-3.el5.i386.rpm perl-MailTools-1.77-1.el5.noarch.rpm heartbeat-ldirectord-2.1.4-9.el5.i386.rpm heartbeat-gui-2.1.4-9.el5.i386.rpm
- node1:(以下的配置都是在node1上完成的,node2不需要再操作)
- #cp /usr/share/doc/heartbeat-2.1.4/ha.cf authkeys haresources /etc/ha.d/
- #cp /usr/share/doc/heartbeat-ldirectord-2.1.4/ldirectord.cf /etc/ha.d/
- #cd /etc/ha.d/
- #chmod 600 authkeys
- #vim authkeys
- auth 1 (dd if=/dev/urandom count=512 bs=1 | md5sum生成的隨機字符串,最後一行)
- 1 md5 7b1b89ead5bcc0265a8d419ef91de7f7
- # vim ha.cf
- 將#bcast eth0 # Linux啓用
改爲 bcast eth0- 將#node ken3
#node kathy
啓用並修改爲:
node node1
node node2- 將#ping 10.10.10.254
啓用,並改爲:
ping 172.16.0.1- compression_threshold 2
compression bz2
並添加;
crm on- #vim haresources
- 添加
- node1 172.16.220.100/16/eth0/172.16.220.255 httpd
- #vim ldirectord.cf
- 內容如下:
- checktimeout=3
- checkinterval=1
- utoreload=yes
- logfile="/var/log/ldirectord.log"
- quiescent=yes
- virtual=172.16.220.100:80
- real=172.16.220.21:80 gate
- real=172.16.220.22:80 gate
- fallback=127.0.0.1:80 gate
- service=http
- request=".test.html"
- receive="OK"
- scheduler=rr
- protocol=tcp
- checktype=negotiate
- checkport=80
- #scp -p authkeys ha.cf haresources ldirectord.cf node2:/etc/ha.d/
- (注意此時在rs1 rs2的上分別配置;echo "<h1>OK</h1>" >> /var/www/html/.test.html)
- #chkconfig ldirectord off
- #passwd hacluster //在此節點上修改hacluster的密碼
- redhat
- #service heartbeat start //啓動本節點服務
- #ssh node2 '/etc/rc.d/init.d/heartbeat start' //啓動node2節點的服務
- #hb_gui & //打開圖像界面配置
1)出現圖形界面 Connection --Login
輸入密碼:redhat,點擊OK即可
進入之後觀察node1 node2都處於running狀態爲正常
2)添加資源
第一個資源:
Resource IP:ldrictord
Type 選中ldirecotd 點擊Add 即可 資源上右擊--Start 發現運行在其中一個節點上
第二個資源:
Resource IP:vip
Type 選中IPaddr
Name 下面給ip一個地址爲 172.16.220.100
Add Parameter 選中lvs_support 併爲true
點擊Add即可 --資源上右擊--Start 運行在其中一個節點上
3)定義資源約束
Colocations--Add New Item 默認點擊OK即可,配置如下
Order---Add New Item 默認點擊OK即可,配置如下
4)啓動資源並測試
配置後的結果如下
在node2上做測試
- #ifconfig
- eth0:0 Link encap:Ethernet HWaddr 00:0C:29:5B:DC:50
- inet addr:172.16.220.100 Bcast:172.16.255.255 Mask:255.255.0.0
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- Interrupt:67 Base address:0x2000
- #ipvsadm -ln
- IP Virtual Server version 1.2.1 (size=4096)
- Prot LocalAddress:Port Scheduler Flags
- -> RemoteAddress:Port Forward Weight ActiveConn InActConn
- TCP 172.16.220.100:80 rr
- -> 172.16.220.21:80 Route 1 0 0
- -> 172.16.220.22:80 Route 1 0 0
最後瀏覽172.16.220.100 效果是rs1 rs2的輪詢