线上服务器清理的差不多了,准备做一下服务器分层架构,就是将LNMP环境分离开,用到了LB集群,先来点理论吧。
负载均衡LB集群主要关注的是并发处理能力,常用的有:LVS、nginx、haproxy。
LVS是基于四层的负载均衡,不支持复杂特性的负载均衡,转发效率比7层略高
nginx、haproxy都是七层的负载均衡,可以根据特性进行负载均衡,比较灵活。
这里主要说说LVS的原理与配置方法,
LVS原理其实就是利用iptables的INPUT链,侦听在INPUT链,拦截访问集群服务的数据包,将进入数据包的包头进行更改,不同类型更改包头的方式也不一样,转发给后端的RS,最后RS处理请求后在转发给用户。
LVS:linux virtual server,lvs与iptable不能同时使用
LVS类型:
NAT: 地址转换 跟DNAT原理相同,多目标
DR: 直接路由
TUN: 隧道
LVS的调度方法:
有10种,分别如下:
固定调度,也叫静态调度,有四种:
rr: 轮叫,轮询
wrr: Weight, 加权
sh: source hash, 源地址hash
dh:目标地址hash
动态调度方法,有六种:
lc: 最少连接
active*256+inactive
谁的小,挑谁
wlc: 加权最少连接
(active*256+inactive)/weight
sed: 最短期望延迟
(active+1)*256/weight
nq: never queue
LBLC: 基于本地的最少连接
LBLCR: 基于本地的带复制功能的最少连接
默认的调度方法是wlc
好了,具体LVS工作流程可以Google,有非常详细的文档,选用最常用的DR模式配置,简单的架构图如下:案例用于BBS论坛
Director配置脚本如下:
#!/bin/bash
#
# LVS script for VS/DR
# chkconfig: - 90 10
. /etc/rc.d/init.d/functions
#
VIP=192.168.8.230
DIP=192.168.8.226
RIP1=192.168.8.224
RIP2=192.168.8.225
PORT=80
RSWEIGHT1=2
RSWEIGHT2=5
#
case "$1" in
start)
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:0
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all iptables rules.
/sbin/iptables -F
# Reset iptables counters.
/sbin/iptables -Z
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 192.168.8.230 port 80
# In this recipe, we will use the round_robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s wlc
# Now direct packets for this VIP to
# The real server IP(RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g -w $RSWEIGHT1
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g -w $RSWEIGHT2
/bin/touch /var/lock/subsys/ipvsadm &> /dev/null
;;
stop)
# Stop forwarding Packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
/sbin/route del $VIP
/sbin/ifconfig eth0:0 down
/bin/rm -f /var/lock/subsys/ipvsadm
echo "ipvs is stopped..."
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ];then
echo "ipvsadm is stooppd ..."
else
echo "ipvsadm is running ...."
ipvsadm -L -n
fi
;;
*)
echo "Usage: $0 {start|stop|status]"
;;
esac
后端RS的配置脚本如下:
#!/bin/bash
#
# Scrip to start LVS DR real server.
# chkconfig: - 90 10
# description: LVS DR real server
. /etc/rc.d/init.d/functions
VIP=192.168.8.230
host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback devuce(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig "lo:0" | grep -i $VIP`
isrothere=`netstat -rn | grep -i "lo" | grep -i $VIP`
if [ ! "$islothere" -o ! "$isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
分别启动Director和RS上面的ipvsadm服务,然后需要写LVS的后端健康监测脚本,在Director上面运行脚本如下:
#!/bin/bash
# Userd by LVS service Status Check.
VIP=192.168.8.230
CPORT=80
FAIL_BACK=127.0.0.1
RS=("192.168.8.224" "192.168.8.225")
declare -a RSSTATUS
RW=("2" "1")
RPORT=80
TYPE=g
CHKLOOP=3
LOG=/var/log/ipvsmonitor.log
addrs(){
ipvsadm -a -t $VIP:$CPORT -r $1:$RPORT -$TYPE -w $2
[ $? -eq 0 ] && return 0 || return 1
}
delrs(){
ipvsadm -d -t $VIP:$CPORT -r $1:$RPORT
[ $? -eq 0 ] && return 0 || return 1
}
checkrs(){
local I=1
while [ $I -le $CHKLOOP ]; do
if curl --connect-timeout 1 http://$1 &> /dev/null; then
return 0
fi
let I++
done
return 1
}
initstatus(){
local I
local COUNT=0;
for I in ${RS[*]}; do
if ipvsadm -L -n | grep "$I:$RPORT" &> /dev/null ; then
RSSTATUS[$COUNT]=1
else
RSSTATUS[$COUNT]=0
fi
let COUNT++
done
}
initstatus
while :; do
let COUNT=0
for I in ${RS[*]}; do
if checkrs $I; then
if [ ${RSSTATUS[$COUNT]} -eq 0 ]; then
addrs $I ${RW[$COUNT]}
[ $? -eq 0 ] && RSSTATUS[$COUNT]=1 && echo "`date +‘%F %H:%M:%S‘`, $I is back." >> $LOG
fi
else
if [ ${RSSTATUS[$COUNT]} -eq 1 ]; then
delrs $I
[ $? -eq 0 ] && RSSTATUS[$COUNT]=0 && echo "`date +‘%F %H:%M:%S‘`, $I is gone." >> $LOG
fi
fi
let COUNT++
done
sleep 5
done
这样LVS基本就配置完成了,BBS存在用户session的问题,虽然有很多种解决方法,这里如果只用lvs来解决的话,就要用到LVS的持久连接了,配置如下:
ipvsadm -E -t 192.168.8.230:80 -s wlc -p 3600
这样用户访问后端一台RS在3600s内都只会访问这一台RS,可以发现这样做会破坏LB的效果,不过可以解决用户session的问题。
简单说说rsync+inotify的配置方法,用于同步BBS的网页文件
rsync就不多说了,在每台RS上面安装rsync然后配置rsync,并开启rsync服务,Director上安装inotify后,侦听脚本如下:
#!/bin/bash
# lixiang by created, 2014/12/31
# used rsync web data
src=/home/www/
des1=web
des2=web
host1=192.168.8.224
host2=192.168.8.225
user1=root
user2=root
/usr/local/bin/inotifywait -mrq --timefmt ‘%d/%m/%y %H:%M‘ --format ‘%T %w%f‘ -emodify,delete,create,attrib $src | while read file
do
/usr/bin/rsync -avrP --delete --ignore-errors --progress $src [email protected]$host1::$des1
/usr/bin/rsync -avrP --delete --ignore-errors --progress $src [email protected]$host2::$des2
echo "${file} was rsynced" >> /var/log/rsync.log 2>&1
done
写了个monitor脚本,监控inotify进程,写在crontab中5分钟运行一次,如下:
#!/bin/bash # used by monitor inotify Process. ps -lef |pgrep inotify &> /dev/null if [ $? -eq 0 ]; then echo "inotify is running...." else /bin/sh /root/inotify.sh &> /dev/null & echo "inotify already running..." fi
NFS配置就不多说了,注意Director上面要关闭iptables,后端RS挂载用户上传目录即可,记得要写入fstab中。
共享mysql将BBS应用的mysql指向一台mysql服务器即可
双线的配置方法:
目前很多服务器都是双线的,为了更好的提供用户体验,对应lvs的配置也很简单,只需要配置2个实例即可:联通配置一个VIP、电信配置一个VIP,对应用2个RS状态健康监测脚本。
这样简单的LB集群就搭建完毕了,其实还存在一个问题:Director存在单点问题,下次在补充。。