Ldirectord
史经业
lvs提供负载均衡的功能,但是后端服务器在发生宕机时,lvs不会停止对宕机的服务器调度,会继续将请求调度到故障的服务器上。
ldirectord就是解决这一问题,它定义了每多长时间去检测real-server是否存活,如果发生宕机的时候,是否删除对应的ipvsadm策略。以及使用自己的web服务来响应用户的请求。
安装
安装地址:http://rpm.pbone.net/index.php3/stat/4/idpl/54404991/dir/centos_other/com/ldirectord-4.1.1-3.40.el7.noarch.rpm.html
帮助文档:http://rpm.pbone.net/index.php3/stat/45/idpl/31373184/numer/8/nazwa/ldirectord
配置文件
安装包之后是没有配置文件的,需要将ldirectord.cf复制到/etc/ha.d下
[root@lvs ~]# cp /usr/share/doc/ldirectord-4.1.1/ldirectord.cf /etc/ha.d/
11 # Global Directives
12 checktimeout=3 多长时间视为失败
13 checkinterval=1 多长时间检查一次
14 #fallback=127.0.0.1:80 后端都有问题时,本地的httpd服务启用
15 #fallback6=[::1]:80
16 autoreload=yes 是否随时读取配置文件,启动服务之后,只要保存文件就自动读取
17 #logfile="/var/log/ldirectord.log" 是否启用日志文件
18 #logfile="local0"
19 #emailalert="admin@x.y.z"
20 #emailalertfreq=3600
21 #emailalertstatus=all
22 quiescent=no real server发生down时,no为删除策略,yes是权重设为0
24 # Sample for an http virtual service
25 virtual=192.168.6.240:80 vs服务器地址和端口
26 servicename=Web Site
27 comment=Test load balanced web site
28 real=192.168.6.2:80 gate real-server地址
29 real=192.168.6.3:80 gate
30 real=192.168.6.6:80 gate
31 fallback=127.0.0.1:80 gate
32 service=http 访问协议
33 scheduler=rr 调度方法
34 #persistent=600 持久连接时长
35 #netmask=255.255.255.255
36 protocol=tcp 连接请求协议
37 checktype=negotiate 默认即可
38 checkport=80 检查端口
39 request="index.html" 请求哪个页面
40 receive="Test Page" 有什么提示视为成功访问
41 virtualhost=www.x.y.z
简单配置一个文件
[root@lvs ~]# cat /etc/ha.d/ldirectord.cf
# Global Directives
checktimeout=3
checkinterval=1
fallback=127.0.0.1:80
#fallback6=[::1]:80
autoreload=yes
logfile="/var/log/ldirectord.log"
#logfile="local0"
#emailalert="admin@x.y.z"
#emailalertfreq=3600
#emailalertstatus=all
quiescent=no
# Sample for an http virtual service
virtual=192.168.192.132:80
real=172.16.0.101:80 gate
real=172.16.0.102:80 gate
service=http
scheduler=rr
#persistent=600
#netmask=255.255.255.255
protocol=tcp
checktype=negotiate
checkport=80
request="index.html"
receive="httpd"
启动服务
[root@lvs ~]# systemctl start ldirectord.service
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.192.132:80 rr
-> 172.16.0.101:80 Route 1 0 0
-> 172.16.0.102:80 Route 1 0 0
测试访问
[root@client ~]# curl http://192.168.192.132
httpd1
[root@client ~]# curl http://192.168.192.132
httpd2
[root@client ~]# curl http://192.168.192.132
httpd1
[root@client ~]# curl http://192.168.192.132
httpd2
down掉httpd1
[root@httpd1 ~]# systemctl stop httpd
LVS会删除httpd1的策略
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.192.132:80 rr
-> 172.16.0.102:80 Route 1 0 17
重新上线httpd1
[root@httpd1 ~]# systemctl start httpd
LVS策略恢复
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.192.132:80 rr
-> 172.16.0.101:80 Route 1 0 8
-> 172.16.0.102:80 Route 1 0 17
down掉httpd1和httpd2
[root@httpd1 ~]# systemctl stop httpd
[root@httpd2 ~]# systemctl stop httpd
再次访问
[root@client ~]# curl http://192.168.192.132
sorry server
LVS策略会变成直接调度在127.0.0.1:80上
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.192.132:80 rr
-> 127.0.0.1:80 Route 1 0 3
使用防火墙标记来定义策略
防火墙标记可以将不同的应用服务根据报文的请求而使用同一个集群服务调度,以前没有使用防火墙标记的时候,ipvsadm需要写入多个策略。
在lvs主机上设置防火墙策略
[root@lvs ~]# iptables -t mangle -A PREROUTING -d 192.168.192.132 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 10
# 表示将到达132地址的80和443端口的报文全部打上标记,标记号是10
lvs主机上定义策略,使用-f
[root@lvs ~]# ipvsadm -A -f 10 -s rr
[root@lvs ~]# ipvsadm -a -f 10 -r 172.16.0.101 -g
[root@lvs ~]# ipvsadm -a -f 10 -r 172.16.0.102 -g
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 10 rr
-> 172.16.0.101:0 Route 1 0 0
-> 172.16.0.102:0 Route 1 0 0
测试访问
[root@client ~]# curl http://192.168.192.132;curl -k https://192.168.192.132
httpd1
httpd2
[root@client ~]# curl http://192.168.192.132;curl -k https://192.168.192.132
httpd1
httpd2
使用ldirectord实现防火墙标记
[root@lvs ~]# cat /etc/ha.d/ldirectord.cf
# Global Directives
checktimeout=3
checkinterval=1
fallback=127.0.0.1:80
#fallback6=[::1]:80
autoreload=yes
logfile="/var/log/ldirectord.log"
#logfile="local0"
#emailalert="admin@x.y.z"
#emailalertfreq=3600
#emailalertstatus=all
quiescent=no
virtual=10
real=172.16.0.101 gate
real=172.16.0.102 gate
service=http
scheduler=rr
persistent=600 开了一个持久连接
protocol=fwm
checktype=negotiate
checkport=80
request="index.html"
receive="httpd"
查看lvs策略
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 10 rr persistent 600
-> 172.16.0.101:0 Route 1 0 0
-> 172.16.0.102:0 Route 1 0 0
测试访问
[root@client ~]# curl http://192.168.192.132;curl -k https://192.168.192.132
httpd2
httpd2
#因为持久连接的结果,所以全部调度到httpd2上
down掉httpd2
[root@httpd2 ~]# systemctl stop httpd
查看调度情况
[root@client ~]# curl http://192.168.192.132;curl -k https://192.168.192.132
httpd1
httpd1
类似资料: