Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to build Lvs+heartbeat High availability and High performance web site

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to build Lvs+heartbeat high-availability high-performance web site", the content is easy to understand, well-organized, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to build Lvs+heartbeat high-availability high-performance web site" this article.

Note: each server needs to have two network cards: eth0 is connected to the switch of the internal network, and private network ip is used to achieve internal access between servers; eth2 is connected to the public network switch for external network access. If you want to save costs, you can use only one switch and divide two vlan to connect the internal network and the external network respectively, but this is risky. If there is a problem with the switch, both the internal network and the external network cannot be accessed, so you must weigh the gains and losses.

Each server ip is configured as follows:

Master ha eth2:1.1.1.14 eth0:192.168.1.8 (heartbeat)

From ha eth2:1.1.1.15 eth0:192.168.1.30 (heartbeat)

Real1:eth2:1.1.1.16 eth0:192.168.1.9

Real1:eth2:1.1.1.16 eth0:192.168.1.10

Real1:eth2:1.1.1.16 eth0:192.168.1.11

Real1:eth2:1.1.1.16 eth0:192.168.1.12

1. Configuration of the main ha:

1. The contents of the hosts file are as follows (if you have your own DNS, you can also parse it with DNS):

127.0.0.1 primary.fantong.com localhost.localdomain localhost

:: 1 localhost6.localdomain6 localhost6

1.1.1.14 primary.fantong.com

192.168.1.8 primary.fantong.com

1.1.1.15 backup.fantong.com

192.168.1.30 backup.fantong.com

two。 Modify hostname: edit / etc/sysconfig/network

HOSTNAME=primary.fantong.com

3. Modify the hostname with the command:

# hostname primary.fantong.com

4. Install softwar

Yum-y install libnet

Yum-y install heartbeat-*

Yum-y install heartbeat (if you report an error, install it again and ok)

Yum-y install ipvsadm

If the redhat system does not have a yum source, you can refer to one of my blog posts to change some of the settings of yum: http://gehailong.blog.51cto.com/765312/610127

5. After the software installation is completed, it will generate a directory / etc/ha.d, which stores heartbeat configuration files, verification files, resource files (scripts, note: in heartbeat, scripts are all called resources), etc., these three files are essential, and I wrote all three files by hand in this article.

1)。 The master file of Heatbeat: / etc/ha.d/ha.cf/ha.cf

Logfile / var/log/ha-log

Debugfile / var/log/ha-debug

Logfacility local0

Keepalive 2 # hold time of master-slave handover

Deadtime 30 # announces the other party's time of death

Warntime 10 # warning time

Udpport 694 # Communication Port between Master and Slave

Ucast eth0 192.168.1.30 # uses unicast to detect heartbeat, bcast is broadcast; the following address is the peer address

Auto_failback on # automatic recovery, that is, if the master recovers from the failure, he will regain his position.

Node primary.fantong.com # Host Node Hostname

Node backup.fantong.com # Slave node hostname

Ping 192.168.1.30

Ping_group lbgroup 1.1.1.14 1.1.1.15

Ping_group lbgroup 192.168.1.8 192.168.1.30

Respawn hacluster / usr/lib64/heartbeat/ipfail # if it is a 32-bit system, the directory should be / usr/lib/heartbeat/ipfail

Apiauth ipfail gid=haclient uid=hacluster # user and group ID for authentication (has been built automatically)

2)。 The resource list / etc/ha.d/haresources is followed by the resource name (script), which is exactly the same as the content of backup.

Primary.fantong.com lvs ldirectord

3)。 Verify file / etc/ha.d/authkeys Master-Slave verify testlab authentication password, make sure it is consistent with the contents of backup, otherwise master-slave verification fails. Note: change to the file permission must be 600

Auth2

1 sha1 testlab

6. A file called heartbeat-ldirectord is installed when heatbeat-* is installed, and its role is to manage the back-end realserver. For example, if a realserver on the backend dies, he will automatically delete the resource from the list and add it automatically when the resource is restored. The configuration file is: / etc/ha.d/ldirectord.cf, which is as follows (I wrote it by hand):

# Global Directives Monitoring realserver

Checktimeout=3 # realserver timeout

Interval between checkinterval=1 # checks

Fallback=127.0.0.1:80 # if all realserver goes down, who will bear it?

Autoreload=yes

Logfile= "/ var/log/ldirectord.log"

Emailalert= "ftyw@fantong.com" # to whom to email if there is a problem (you can define mail groups)

Emailalertfreq=3600

Emailalertstatus=all

Quiescent=no # if there is a problem with realserver, delete it from the resource list immediately

# Sample for an http virtual service

Virtual=1.1.1.13:80 # (note the format of this file, the following contents must be at least 4 spaces blank)

Real=1.1.1.16:80 gate # gate indicates that it uses the DR mode in lvs. You can look up the relevant information about the mode and working principle of lvs.

Real=1.1.1.17:80 gate

Real=1.1.1.18:80 gate

Real=1.1.1.19:80 gate

Fallback=127.0.0.1:80 gate

Service=http

Transfer method of scheduler=wrr # realserver: weighted rotation training

Persistent=5 # duration of client connection

Protocol=tcp

Checktype=connect

Checkport=80

7. The purpose of this script is to start the resource / etc/init.d/lvs

#! / bin/bash

# description: start LVS of DirectorServer

# Written by: NetSeek http://www.linuxtone.org GW=192.168.1.254

# website director vip.

Don't fill in the GW=1.1.1.13 # gateway address incorrectly, or your secondary (floating) ip is inaccessible.

WEB_VIP=1.1.1.13

WEB_RIP1=1.1.1.16

WEB_RIP2=1.1.1.17

WEB_RIP3=1.1.1.18

WEB_RIP3=1.1.1.19

. / etc/rc.d/init.d/functions

Logger $0 called with $1

Case "$1" in

Start)

# Clear all iptables rules.

/ sbin/iptables-F # should note that if the outermost end of the company has a firewall, you can clear the iptables content (allow or stop) and comment out the line change; if not, you need to have a firewall and write your own policies or scripts.

# Reset iptables counters.

/ sbin/iptables-Z # ditto

# Clear all ipvsadm rules/services.

/ sbin/ipvsadm-C

# set lvs vip for dr

/ sbin/ipvsadm-- set 30 5 60

/ sbin/ifconfig eth2:0 $WEB_VIP broadcast $WEB_VIP netmask 255.255.255.255 up

/ sbin/route add-host $WEB_VIP dev eth2:0

/ sbin/ipvsadm-A-t $WEB_VIP:80-s wrr-p 3

/ sbin/ipvsadm-a-t $WEB_VIP:80-r $WEB_RIP1:80-g-w 1

/ sbin/ipvsadm-a-t $WEB_VIP:80-r $WEB_RIP2:80-g-w 1

/ sbin/ipvsadm-a-t $WEB_VIP:80-r $WEB_RIP3:80-g-w 1

/ sbin/ipvsadm-a-t $WEB_VIP:80-r $WEB_RIP4:80-g-w 1

Touch / var/lock/subsys/ipvsadm > / dev/null 2 > & 1

# set Arp

/ sbin/arping-I eth2-c 5-s $WEB_VIP $GW > / dev/null 2 > & 1

Stop)

/ sbin/ipvsadm-C

/ sbin/ipvsadm-Z

Ifconfig eth2:0 down

Route del $WEB_VIP > / dev/null 2 > & 1

Rm-rf / var/lock/subsys/ipvsadm > / dev/null 2 > & 1

/ sbin/arping-I eth2-c 5-s $WEB_VIP $GW

Echo "ipvsadm stoped"

Status)

If [!-e / var/lock/subsys/ipvsadm]; then

Echo "ipvsadm is stoped"

Exit 1

Else

Ipvsadm-ln

Echo ".ipvsadm is OK."

Fi

*)

Echo "Usage: $0 {start | stop | status}"

Exit 1

Esac

Exit 0

8. Do two steps:

Chmod 755 / etc/init.d/lvs

When ln-s / etc/init.d/lvs / etc/ha.d/resource.d # starts ldirectord, it searches for resources (scripts) from the / etc/init.d and / etc/ha.d/resource.d directories.

9. Let the heartbeat boot itself.

Chkconfig heartbeat on

two。 Configuration above backup

1. Install the software package, same as primary

two。 Copy all the scripts on primary to backup, including all the contents of the hosts file, / etc/ha.d/*.

3. Modify / etc/ha.d/ha.cf. The contents of other documents are consistent with those of the main document.

Ucast eth0 192.168.1.8 # detects heartbeat by unicast, bcast is broadcast, followed by peer address (primary ip)

.

Ping 192.168.1.8

4. Chkconfig heartbeat on

three。 Configuration of realserver

1. Write a script / root/real.sh, which is mainly used to block arp, otherwise it will conflict with other realserver and ha addresses. The script content is as follows:

# / bin/sh

VIP=1.1.1.13

Source / etc/rc.d/init.d/functions

Case "$1" in

Start)

Echo "start LVS of RealServer"

/ sbin/ifconfig lo:0 ${VIP} broadcast ${VIP} netmask 255.255.255.255 up

Echo "1" > / proc/sys/net/ipv4/conf/lo/arp_ignore

Echo "2" > / proc/sys/net/ipv4/conf/lo/arp_announce

Echo "1" > / proc/sys/net/ipv4/conf/all/arp_ignore

Echo "2" > / proc/sys/net/ipv4/conf/all/arp_announce

Stop)

/ sbin/ifconfig lo:0 down

Echo "Close LVS of RealServer"

Echo "0" > / proc/sys/net/ipv4/conf/lo/arp_ignore

Echo "0" > / proc/sys/net/ipv4/conf/lo/arp_announce

Echo "0" > / proc/sys/net/ipv4/conf/all/arp_ignore

Echo "0" > / proc/sys/net/ipv4/conf/all/arp_announce

*)

Echo "wrong,please use start | stop"

Exit 1

Esac

two。 Modify the script permissions: chmod 755 real.sh

3. Startup script / root/real.sh start

4. Add startup item:

Modify / etc/rc.local to write a line at the end

/ root/real.sh start

Four. Test.

1. Start heartbeat on the master and slave respectively. (note: master first and then slave)

Service heartbeat start

two。 Observe the main log file / var/log/ha-log

Seeing the next two lines indicates that the startup is complete and the resource is loaded successfully.

3. Observe from the log file / var/log/ha-log

Seeing the last line indicates that the boot was successful and that it does not start the resource.

The above is all the content of the article "how to build a Lvs+heartbeat high-availability and high-performance web site". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report