|
|
一、基础环境
两台IBM x3650M3,操作系统CentOS5.9 x64 ,连接一台IBM DS3400存储,系统底层采用GFS文件系统实现文件共享,数据库是另一套独立的oracle rac集群,本架构无需考虑数据库的问题。
GFS文件系统及相关配置见上一文IBM x3650M3+GFS+IPMI fence生产环境配置一例。本文是在上一文的基础上进行延伸。 两台服务器主机名分别为node01,node02,因为应用架构相关简单,而且服务器资源有限,通过两台服务器实现双机互备模式高可用性架构。本文出自:http://koumm.blog.运维网.com/
IBM x3650M3+GFS+IPMI fence生产环境配置一例
http://koumm.blog.运维网.com/703525/1544971
架构图如下:
1. 网络环境及IP地址准备, CentOS5.9 x64
1) 节点1主机名: node01
说明:IBM服务器需要将专用IMM2口或标注有SYSTEM MGMT网口接入交换机, 与本地IP地址同段。
ipmi: 10.10.10.85/24
eth1: 192.168.233.83/24
eth1:0 10.10.10.87/24
2) 节点2主机名: node02
ipmi: 10.10.10.86/24
eth1: 192.168.233.84/24
eth1:0 10.10.10.88/24
3) node01, node02 hosts文件配置
# cat /etc/hosts
192.168.233.83 node01
192.168.233.84 node02
192.168.233.90 vip
10.10.10.85 node01_ipmi
10.10.10.86 node02_ipmi
二、双机Keepalived配置
实现一个VIP出现,出例采用VIP地址是192.168.233.90。
1.安装keepalived软件
说明:keepalive-1.2.12经过安装没有问题。
(1) 下载软件包并在node01,node02两个节点上安装
wget http://www.keepalived.org/software/keepalived-1.2.12.tar.gz
tar zxvf keepalived-1.2.12.tar.gz
cd keepalived-1.2.12
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
mkdir /etc/keepalived2. 创建keepalived配置文件
1) 在node01 节点一上配置文件
修改配置文件, 绑定的网卡是eth1
说明: 从机就是优先级与本机IP不一样外,其它都是一样。
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xxx@126.com
}
notification_email_from service@abc.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
mcast_src_ip 192.168.233.83
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 876543
}
virtual_ipaddress {
192.168.233.90
}
}2) 在node02节点二上配置文件
# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xxx@126.com
}
notification_email_from service@abc.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
mcast_src_ip 192.168.233.84
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 876543
}
virtual_ipaddress {
192.168.233.90
}
}3 .在node01,node02两节点上启动与创建keepalived服务
1) 启动服务并加为开机启动:
service keepalived start
chkconfig --add keepalived
chkconfig keepalived on2) 测试并观察VIP漂移情况
(1) VIP地址观察
主机: 观察VIP地址如下:
[root@node01 /]# service keepalived start
Starting keepalived: [ OK ][root@node01 /]# ip a
1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: mtu 1500 qdisc noop qlen 1000
link/ether e4:1f:13:65:0e:a0 brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether e4:1f:13:65:0e:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.233.83/24 brd 192.168.230.255 scope global eth1
inet 10.10.10.87/24 brd 10.10.10.255 scope global eth1:0
inet 192.168.233.85/32 scope global eth1
4: usb0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether e6:1f:13:57:0e:a3 brd ff:ff:ff:ff:ff:ff
[root@node01 /]# 注:可以关闭keepalived服务,通过cat /var/log/messages观察VIP移动情况。
三、HAproxy反向代理配置
node01, node02配置操作
1. 添加非本机IP邦定支持
# vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
# sysctl –p2. 安装haproxy软件
# tar zxvf haproxy-1.4.25.tar.gz
# cd haproxy-1.4.25
# make TARGET=linux26 PREFIX=/usr/local/haproxy
# make install PREFIX=/usr/local/haproxy
# cd /usr/local/haproxy
# mkdir conf3. 安装socat工具
# wget http://www.dest-unreach.org/socat/download/socat-2.0.0-b5.tar.gz
# tar zxvf socat-2.0.0-b5.tar.gz
# ./configure --disable-fips
# make && make install4. 创建配置文件
1)node01上创建配置文件
# vi /usr/local/haproxy/conf/haproxy.cfg
global
log 127.0.0.1 local0
maxconn 65535
chroot /usr/local/haproxy
uid 99
gid 99
stats socket /usr/local/haproxy/HaproxSocket level admin
daemon
nbproc 1
pidfile /usr/local/haproxy/haproxy.pid
#debug
defaults
log 127.0.0.1 local3
mode http
option httplog
option httpclose
option dontlognull
option forwardfor
option redispatch
retries 2
maxconn 2000
balance source
#balance roundrobin
stats uri /haproxy-stats
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen web_proxy 0.0.0.0:80
mode http
option httpchk GET /test.html HTTP/1.0\r\nHost:192.168.233.90
server node01 192.168.233.83:8000 weight 3 check inter 2000 rise 2 fall 1
server node02 192.168.233.84:8000 weight 3 backup check inter 2000 rise 2 fall 1
listen stats_auth 0.0.0.0:91
mode http
stats enable
stats uri /admin
stats realm "Admin console"
stats auth admin:123456
stats hide-version
stats refresh 10s
stats admin if TRUE2)node02上创建配置文件
# vi /usr/local/haproxy/conf/haproxy.cfg
global
log 127.0.0.1 local0
maxconn 65535
chroot /usr/local/haproxy
uid 99
gid 99
stats socket /usr/local/haproxy/HaproxSocket level admin
daemon
nbproc 1
pidfile /usr/local/haproxy/haproxy.pid
#debug
defaults
log 127.0.0.1 local3
mode http
option httplog
option httpclose
option dontlognull
option forwardfor
option redispatch
retries 2
maxconn 2000
balance source
#balance roundrobin
stats uri /haproxy-stats
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen web_proxy 0.0.0.0:80
mode http
option httpchk GET /test.html HTTP/1.0\r\nHost:192.168.233.90
server node01 192.168.233.83:8000 weight 3 backup check inter 2000 rise 2 fall 1
server node02 192.168.233.84:8000 weight 3 check inter 2000 rise 2 fall 1
listen stats_auth 0.0.0.0:91
mode http
stats enable
stats uri /admin
stats realm "Admin_console"
stats auth admin:123456
stats hide-version
stats refresh 10s
stats admin if TRUE 说明:两节点互为主备模式,均优化将本机的节点应用做为主节点,也可以为负载均衡模式。
5. node01,node02上配置HAproxy日志文件
1) Haproxy日志配置
# vi /etc/syslog.conf
local3.* /var/log/haproxy.log
local0.* /var/log/haproxy.log
*.info;mail.none;authpriv.none;cron.none;local3.none /var/log/messages 说明: 第三行是去掉在/var/log/message再记录haproxy.log日志的功能的。
# vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r -m 0" 直接手动执行
service syslog restart
touch /var/log/haproxy.log
chown nobody:nobody /var/log/haproxy.log
注:99默认是nobody用户
chmod u+x /var/log/haproxy.log2) haproxy日志切割
# vi /root/system/cut_log.sh
#!/bin/bash
# author: koumm
# desc:
# date: 2014-08-28
# version: v1.0
# modify:
# cut haproxy log
if [ -e /var/log/haproxy.log ]; then
mv /var/log/haproxy.log /var/log/haproxy.log.bak
fi
if [ -e /var/log/haproxy.log.bak ]; then
logrotate -f /etc/logrotate.conf
chown nobody:nobody /var/log/haproxy.log
chmod +x /var/log/haproxy.log
fi
sleep 1
if [ -e /var/log/haproxy.log ]; then
rm -rf /var/log/haproxy.log.bak
fi 注:root权限执行脚本。
# crontab -e
59 23 * * * su - root -c '/root/system/cut_log.sh'
6. 配置HAproxy启动服务
# vi /etc/init.d/haproxy
#!/bin/sh
# chkconfig: 345 85 15
# description: HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments.
# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 0
fi
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/local/haproxy/conf/haproxy.cfg ] || exit 1
RETVAL=0
start() {
/usr/local/haproxy/sbin/haproxy -c -q -f /usr/local/haproxy/conf/haproxy.cfg
if [ $? -ne 0 ]; then
echo "Errors found in configuration file."
return 1
fi
echo -n "Starting HAproxy: "
daemon /usr/local/haproxy/sbin/haproxy -D -f /usr/local/haproxy/conf/haproxy.cfg -p /var/run/haproxy.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/haproxy
return $RETVAL
}
stop() {
echo -n "Shutting down HAproxy: "
killproc haproxy -USR1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/haproxy
[ $RETVAL -eq 0 ] && rm -f /var/run/haproxy.pid
return $RETVAL
}
restart() {
/usr/local/haproxy/sbin/haproxy -c -q -f /usr/local/haproxy/conf/haproxy.cfg
if [ $? -ne 0 ]; then
echo "Errors found in configuration file, check it with 'haproxy check'."
return 1
fi
stop
start
}
check() {
/usr/local/haproxy/sbin/haproxy -c -q -V -f /usr/local/haproxy/conf/haproxy.cfg
}
rhstatus() {
status haproxy
}
condrestart() {
[ -e /var/lock/subsys/haproxy ] && restart || :
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
check)
check
;;
*)
echo $"Usage: haproxy {start|stop|restart|reload|condrestart|status|check}"
RETVAL=1
esac
exit $RETVAL(2) node01,node02上创建service服务
chmod +x /etc/init.d/haproxy
chkconfig --add haproxy
chkconfig haproxy on
service haproxy start(3) 测试监控
http://192.168.233.85:91/admin
http://192.168.233.83:91/admin
http://192.168.233.84:91/admin
因为没有应用,代理会出现503报错。
四、Jboss-EAP-4.3集群配置
配置要点:
1)Jboss及java基础环境配置略, Jboss会话复制是本例的重点。
2)Jboss及应用程序代码部署在GFS集群文件系统目录上,两节点能够访问同一个内容。
3)延伸可以部署监控脚本监控jboss应用,如果进程死掉或无法访问,重启应用,本文略过该内容。
1. 添加JBoss会话复制功能
在应用程序中配置会话复制
# vi /cluster/zhzxxt/deploy/app.war/WEB-INF/web.xml
直接在下加入一行
2. 修改集群标识
1)修改集群标识
# vi /cluster/jboss4/server/node01/deploy/jboss-web-cluster.sar/META-INF/jboss-service.xml
# vi /cluster/jboss4/server/node02/deploy/jboss-web-cluster.sar/META-INF/jboss-service.xml
Tomcat-APP-Cluster
2)采用TCP方式实现会话复制通讯,注释掉原UDP多播配置文件, 因多播绑定端口到本机最后一个IP地址上,会造成多网段两台服务器绑定IP网段不一样,复制进程无法通讯,改为TCP模式问题解决。 |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-12-29 10:15:58
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡