Third, do the DR Router's Load Balance:
Then I have a bunch of machines today, and the services implemented above are quite important, so only one Director is very dangerous to these important work, in case this Director dead, then my service is not Is it destroyed? So here, "Mon HeartBeat Fake CODA" will be described in the installation and setting of Fake.
1, download the installation file
Caught the following RPM files from http://www.linux-ha.org/download/:
HeartBeat-1.0.3-1.RH.8.0.1.i386.rpm
HeartBeat-1.0.3-1.RH.8.0.1.src.rpm
Heartbeat-ldirectORD-1.0.3-1.RH.8.0.1.i386.rpm
HeartBeat-PILS-1.0.3-1.RH.8.0.1.i386.rpm
HeartBeat-Stonith-1.0.3-1.RH.8.0.1.i386.rpm
Crawl the following RPM files from http://rpmfind.net:
Libnet-1.1.0-1.RH.8.0.um.1.i386.rpm
Perl-Authen-SASL-2.03-1.RH.8.0.UM.1.NOARCH.RPM
Perl-convert-asn1-0.16-2.r.8.0.um.1.noarch.rpm
Perl-IO-Socket-SSL-0.92-1.RH.8.0.UM.1.NOARCH.RPM
Perl-mail-imapclient-2.2.7-1.r.8.0.0.um.1.noarch.rpm
Perl-Net-SSLEAY-1.22-1.RH.8.0.um.1.i386.rpm
Perl-parse-recdescent-1.80-8.Noarch.rpm
Perl-XML-NamespaceSupport-1.08-2.Noarch.rpm
Perl-XML-SAX-0.12-1.RH.8.0.um.1.noarch.rpm
From http://search.cpan.org to capture the following Perl-LDAP files, the latest version is 0.27 version, in fact, it doesn't matter, it can be used.
Perl-ldap-0.25.tar.gz (I used the TAR.GZ file that I used before.
2, start installing in the following order:
# rpm -ivh perl-convert-asni-0.16.2.rh.8.0.um.1.onarch.rpm
# Perl -ivh perl-authen-SASL-2.03-1.RH.8.0.UM.1.NOARCH.RPM
# rpm -ivh perl-net-sSLEAY-1.22-1.RH.8.0.um.1.i386.rpm
# rpm -ivh perl-io-socket-ssl-0.92-1.rh.8.0.um.1.noarch.rpm
# rpm -ivh perl-mail-imapclient-2.2.7-1.rh.8.0.um.1.noarch.rpm
# rpm -ivh perl-parse-recdescent-1.80-8.NOARCH.RPM
# rpm -ivh perl- NamespaceSupport-1.08-2.Noarch.rpm
# rpm -ivh perl- xml-sax-0.12-1.rh.8.0.um.1.noarch.rpm
# rpm -ivh libnet-1.1.0-1.RH.8.0.um.1.i386.rpm
# Gzip -dc perl-ldap-0.25.tar.gz | TAR XVF -
# cd perl-ldap-0.25
# perl makefile
# Make && Make Test && make install # cd ..
The required Perl Module is installed and starts to install the heartbeat's modules.
# rpm -ivh heartbeat-pils-1.0.3-1.RH.8.0.1.i386.rpm
# rpm -ivh heartbeat-stonith-1.0.3-1.RH.8.0.1.i386.rpm
# rpm -ivh heartbeat-1.0.3-1.RH.8.0.1.i386.rpm
Below this module is an RPM that integrates all features, the HeartBeat official website is introduced.
# rpm -ivh --nodeps heartbeat-ldirectORD-1.0.3-1.RH.8.0.1.i386.rpm
From http://www.linux-ha.org/, you can know that Fake has integrated into HeartBeat, so we don't need to install Fake-related programs.
The current Linux-HA can be applied as follows:
o Web Servers
o LVS Director Servers
o Mail Servers
o Database Servers
o FireWalls
o File Servers
o DNS Servers
o DHCP Servers
o Proxy Caching Servers
o ETC.
We focus on the Failover mechanism to do LVS Director Servers, which is to do a Hi (High Availability) architecture. So for the kits of HeartBeat-LDIRECTORD, you are interested in research (http://www.linuxvirtualserver.org/highavailability.html).
LINUX-HA Experiment example:
The system architecture is as shown in the basic setup example graph, just set up Primary Director 10.144.43.187 (Linux187), and Secondary Director is 10.144.43.142 (Linux142), and 10.144.43.175 (the only RealServer, but in fact 10.144.43.142 It is still available on 10.144.43.187. Simply, Director can reserve each other, and when RealServer fails, it will automatically eliminate the data from the Director's Routing Rule in LVS.
1. Finish MON with the HeartBeat Suite installation in Linux142 and Linux187. And add a SHELLScript (/ root / conf / data) that sets the Subinterface to /etc/rc.local.
/ root / conf / data is as follows:
#! / bin / sh
#Tt, read, set LVS-related settings, and play the role of RealServer in LVS
PATH = / bin: / sbin: / usr / bin: / usr / sbin
Export Path
IFCONFIG LO: 0 10.144.43.185 Netmask 255.255.255.255 Broadcast 10.144.43.185
Echo 1> / Proc / Sys / Net / IPv4 / IP_FORWARD
Echo 1> / Proc / Sys / Net / IPv4 / Conf / All / Hidden
Echo 1> / Proc / Sys / Net / IPv4 / Conf / LO / HIDDEN
Route add -host 10.144.43.185 dev LO: 0
/etc/rc.local content is as follows:
#! / bin / sh
#
# This script will be executed * after * all the other init scripts. # You can put your ing itization stuff in here if you do '
# Want to do the full sys v style init stuff.
Touch / Var / Lock / Subsys / Local
# Add substerface
/ root / conf / data
The purpose of this action is to let Linux142, Linux187 add LO: 0 this subinterface when booting, and activate Hidden to avoid ARP issues. Remember CHMOD 755 DATA.
2, in Linux 142 and Linux187, then set the MON basic setting, modify /etc/mon/mon.cf, make it monitoring the NB8048, Linux187, Linux 142. Because the service provided is Port 8080, the name in / etc / services is (Webcache)
#
# Extremely Basic Mon.cf file
#
#
# Global Options
#
Cfbasedir = / etc / mon
pidfile = /VAR/run/mon.pid
StateDir = /VAR/Run/mon/state.d
Logdir = /VAR/Run/mon/log.d
Dtlogfile = /VAR/run/mon/log.d/downtime.log
Alertdir = /usr/lib/mon/alert.d
Mondir = /usr/lib/mon/mon.d
MAXPROCS = 20
Histlength = 100
Randstart = 60S
Authtype = Userfile
Userfile = / etc / mon / userfile
#
# Group definitions (Hostnames or IP Addresses)
#
Hostgroup Server1 10.144.43.175
Hostgroup Server2 10.144.43.142
Hostgroup Server3 10.144.43.187
Watch Server1
Service Webcache
Interval 10s
Monitor http.monitor -p 8080 -t 10
Allow_empty_group
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.175 -W 5 -F DR
Alertevery 1h
Upalert lvs.alert -P tcp -v 10.144.43.185:8080 -r 10.144.43.175
-W 5 -F DR -U 1
Watch Server2
Service Webcache
Interval 10s
Monitor http.monitor -p 8080 -t 10
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.142 -W 5 -F DR
Alertevery 1h
Upalert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.142
-W 5 -F DR -U 1
Watch Server3
Service WebcacheInterval 10S
Monitor http.monitor -p 8080 -t 10
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.187 -W 5 -F DR
Alertevery 1h
Upalert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.187
-W 5 -F DR -U 1
3. Edit Lvs.alert file with the LVS.alert files mentioned in front, put it in /usr/lib/mon/alert.d/. remember
CHMOD 755 LVS.alert
4, set the HeartBeat Kit (High Availability).
4.1, using RPM -Q HeartBeat -d to use three important settings files (ha.cf, authkeys, harnesses), copy to /etc/ha.D directory.
[root @ linux142 conf] # rpm -q heartbeat -d
/usr/share/doc/heartbeat-1.0.3/AUTHKEYS
/usr/share/doc/heartbeat-1.0.3/ha.cf
/usr/share/doc/heartbeat-1.0.3/HARESOURCES
[root @ linux142 conf] #
4.2 Modifying / etc / hosts is as follows:
# Do not remove the following line, or various programs
# That Require Network FunctionAlity Will Fail.
127.0.0.1 Localhost.localdomain Localhost
10.144.43.142 Linux142
10.144.43.187 Linux187
10.144.43.175 NB8048
4.3, modifying /etc/ha.d/AUTHKEYS content as follows:
Auth 1
1 SHA1 DOSS123
Where Doss123 is an important key. then
# chmod 600 authkeys
4.4, modify /etc/ha.d/ha.cf content as follows:
Logfacility local0 # Using syslogd
Keepalive 2 # send a HeartBeat signal every few seconds
DEADTIME 40 # How long does it take? Primary Server DEAD?
InitDead 240
# Hopfudge Maximum Hop Count Minus Number of Nodes in config
NICE_FAILBACK ON
# If the service is transferred to Secondary, don't transfer back to PRIMARY.
Hopfudge 1 #???
UDPPORT 1001 # Which UDP Port is used?
ucast eth0 10.144.43.142
#Primary is given to Secondary with Unicast if you are sent to Primary
Node Linux187 # given nodes in Cluster
Node Linux142 # gives a node in Cluster
4.5, modify /etc/ha.d/hareesources content as follows:
Linux187 10.144.43.185 lvs mon
Here, Linux187 is set in / etc / hosts, otherwise you will not find. And the name must be equal to "uname -n". It is to say that when the HeartBeat is activated, Linux187 is activated when Linux187 is activated, and there will be Linux187 to get the control of LVS VIP. And he will activate the two services, LVS (we have to write Daemon's shell script), and Mon is the good MON Daemon we have set before. 4.6, write /etc/init.d/lvs (activation LVS daemon) The content is as follows:
#! / bin / sh
# /etc/init.d/lvs
# When LVS Server is activated, it is also when the LVS program is activated through the High Availability.
# 1. Cancel the Hidden property of LO
# 2. Put the LO: 0 DOWN, delete LO: 0
# 3. Set related LVS settings files
PATH = / bin: / usr / bin: / sbin: / usr / sbin
Export Path
IPVSADM = / SBIN / IPVSADM
Case "$ 1" in
START)
IF [-x $ ipvsadm]
THEN
# Because we have the substerface of Lo: 0 loopback, you must remove the relevant settings first
Echo 1> / Proc / Sys / Net / IPv4 / IP_FORWARD
Echo 0> / Proc / Sys / Net / IPv4 / Conf / All / Hidden
Echo 0> / proc / sys / net / ipv4 / conf / lo / hidden
Route del -host 10.144.43.185 dev LO: 0
IFConfig Lo: 0 Down
# 建立 Subinterface Eth0: 0
IFCONFIG ETH0: 0 10.144.43.185 Netmask 255.255.255.255 Broadcast 10.144.43.185
# Set the LVS / DR related settings, establish 8080 port service
$ Ipvsadm -a -t 10.144.43.185:8080 -s rr
$ Ipvsadm -a -t 10.144.43.185:8080 -r 10.144.43.175 -w 5 -g
$ Ipvsadm -a -t 10.144.43.185:8080 -r 10.144.43.187 -w 5 -g
$ Ipvsadm -a -t 10.144.43.185:8080 -r 10.144.43.142 -w 5 -g
Fi
;
STOP)
IF [-x $ ipvsadm]
THEN
# ---- Stop LVS Server, but still want to reply to RealServer's identity
$ IPVSADM -C
Echo 1> / Proc / Sys / Net / IPv4 / Conf / All / Hidden
Echo 1> / Proc / Sys / Net / IPv4 / Conf / LO / HIDDEN
IFCONFIG LO: 0 10.144.43.185 Netmask 255.255.255.255 Broadcast 10.144.43.185
Route add -host 10.144.43.185 dev LO: 0
Fi
;
*)
echo "Usage: LVS {Start | STOP}"
EXIT 1
ESAC
EXIT 0
4.7, modify /etc/ha.d/Resource.d/ipaddr this shellscript:
Add the following three lines in Add_Interface () Subroute:
Add_INTERFACE () {
ipaddr = "$ 1" ifinfo = "$ 2"
iFace = "$ 3"
#
# On linux the alias is named ethx: y
# This will remove the "extra" interface data
# Leaving Us with Just Ethx
#
Case $ SSTYPE IN
* BSD)
IfexTra = ""
;
*)
IfeTra = `Echo" $ IFINFO "| CUT -F2-`
;
ESAC
Case $ SSTYPE IN
Sunos)
Case `uname -r` in
5.8)
$ IFCONFIG $ IFACE PLUMB
CMD = "$ IFCONFIG $ IFACE INET $ ipaddr $ ifextra up"
;
*)
CMD = "$ IFCONFIG $ IFACE INET $ ipaddr $ ifextra up"
;
ESAC
;
* BSD)
Cmd = "$ IFCONFIG $ IFACE INET $ ipaddr Netmask 255.255.255.255 alias"
;
*)
CMD = "$ IFCONFIG $ IFACE $ ipaddr $ ifextra
;
ESAC
HA_LOG "Info: $ CMD"
$ Cmd
# Open the hidden property of the substerface so that ARP issues are avoided
Echo 1> / Proc / Sys / Net / IPv4 / Conf / All / Hidden
Echo 1> / Proc / Sys / Net / IPv4 / Conf / LO / HIDDEN
# 加 预 预 到 的 v 的 车
Route Add -host $ ipaddr dev $ iFAce
RC = $?
Case $ RC IN
0)
;
*)
Echo "Error: $ cmd failed."
;
ESAC
RETURN $ RC
}
4.8, to this, the setting of HeartBeat has been completed, remember that the above files are exactly the same on Linux187 and Linux142, then
# setup
Setting the HeartBeat service to activate, then reboot two machines.
5. Use ipvsadm -l checking the Routing Rule of LVS on Linux187, as follows:
[root @ linux187 root] # ipvsadm -l
IP Virtual Server Version 1.0.9 (size = 65536)
Prot Localaddress: Port Scheduler Flags
-> RemoteadDress: Port Forward Weight ActiveConn Inactconn
TCP 10.144.43.185:Webcache RR
-> Linux187: Webcache Local 5 0 0
-> Linux142: Webcache Route 5 0 0
-> NB8048: Webcache Route 5 0 0
Then do some tests, use the Eth0 Down of 187 to see if there is any switch to 142.
6. Set to this seems no problem, but every time the Primary DiretCor device is suddenly broken, then the Primary network is suddenly restored, the LVS Server on the secondary Director is simultaneously activated. Interested person can use # ffconfig eth0 down on Primary Diretcor
Put the Primary's network card down, wait for a minute for a minute, then use
#ifconfig eth0 up
#ROUTE Add -Net 0.0.0.0 GW 10.144.43.254
Then, you will connect to Linux142 and Linux187, enter ipvsadm -l, will find that LVS / Direct Routing on both sides is activated, which is obviously not what we hope.
To solve this problem, you need to use Mon this Dameon to do it.
The idea is as follows:
(1) At this point, it is determined that the network card has failed and cannot be ping. Because even Gateway is dead, the entire network has no effect, activation LVS is useless, so he needs to close him.
(2) If the Gateway suddenly ping is in, it is necessary to give the HeartBeat Service to Restart (/ sbin / service heartbeat start, so after a while, Primary's Director will get the location of LVS Server And the Slave Director will reply to the location of RealServer and Backup Director.
7. In order to solve the troubles of LVS Server simultaneously, we need to add a hostGroup in the MON service, / etc / mon / mon.cf content as follows:
#
# Extremely Basic Mon.cf file
#
#
# Global Options
#
Cfbasedir = / etc / mon
pidfile = /VAR/run/mon.pid
StateDir = /VAR/Run/mon/state.d
Logdir = /VAR/Run/mon/log.d
Dtlogfile = /VAR/run/mon/log.d/downtime.log
Alertdir = /usr/lib/mon/alert.d
Mondir = /usr/lib/mon/mon.d
MAXPROCS = 20
Histlength = 100
Randstart = 60S
Authtype = Userfile
Userfile = / etc / mon / userfile
#
# Group definitions (Hostnames or IP Addresses)
#
Hostgroup Server1 10.144.43.175
Hostgroup Server2 10.144.43.142
Hostgroup Server3 10.144.43.187
# network gateway
Hostgroup Server4 10.144.43.254
Watch Server1
Service Webcache
Interval 5S
Monitor http.monitor -p 8080 -t 10allow_empty_group
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.175 -W 5 -F DR
Alertevery 1h
AlertAfter 6
Upalert lvs.alert -P tcp -v 10.144.43.185:8080 -r 10.144.43.175
-W 5 -F DR -U 1
Watch Server2
Service Webcache
Interval 5S
Monitor http.monitor -p 8080 -t 10
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.142 -W 5 -F DR
AlertAfter 6
Alertevery 1h
Upalert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.142
-W 5 -F DR -U 1
Watch Server3
Service Webcache
Interval 5S
Monitor http.monitor -p 8080 -t 10
Period WD {Sun-Sat}
Alert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.187 -W 5 -F DR
AlertAfter 6
Alertevery 1h
Numalerts 24
Upalert lvs.alert -P TCP -V 10.144.43.185:8080 -R 10.144.43.187
-W 5 -F DR -U 1
Watch Server4
Service ping
Interval 10s
# Which Monitor uses to test
Monitor ping.monitor 10.144.43.254
Period WD {Sun-Sat}
# Each hour is lost a Alert
Alertevery 1h
# Continuous test six failures to throw the first Alert
AlertAfter 6
# Up to 12 Alert
Numalerts 12
# Alert call HeartBeat.alert
Alert Heartbeat.alert
# ualert call HeartBeat.alert -u
Upalert Heartbeat.alert -u
# See / usr / doc for the Original Example ...
8, from above /etc/mon/mon.cf, you can find Script that we have to write when Alert occurs, here I wrote a simple script with Perl (/ usr / lib / mon / alert) .d / heartbeat.alert).
#! / usr / bin / perl
# hartbeat.alert - Linux Virtual Server Alert for Mon
#
# It can be actid by mon to remove a real server when the
# Service is down, or add the server when the service is up
#
Use getopt :: std;
Getopts ("u");
$ service = "/ sbin / service";
$ u = $ OPT_U;
IF ($ OPT_U) {
# Reactivate the HeartBeat service
System ("$ Service Heartbeat Restart");
} else {
# Stop LVS Server
System ("/ etc / init.d / lvs stop");
}
9, test system
Confirm that the settings of Linux187 and Linux 142 are the same as file files, and then reactivate the HeartBeat Service at both sides, and to this Linux-HA system is officially completed, you can do some tests. For example: Unplug the Director's network line for a while, see Secondary has Take over, then plug in, see if PRIMARY has replied to the original Director's identity, you can try to take Primary Reboot, see Secondary will not take Take OVER, then the master, should also be a Secondary DiretCorr in the role. There may be some parameters of parameters, but you can slowly correct it yourself.
