Category: Life

目的要求:

访问vip时，调度器ipvs可以轮调realserver，实现负载均衡。
keepalived使调度器(ipvs)实现master和backup，如果master挂掉，backup可以补上，保持高可用,keepalived在lvs的作用参考http://www.linuxvirtualserver.org/docs/ha/keepalived.html。

安装要求:

调度器，安装ipvsadm+keepalived
192.168.9.205 lvs+keepalived master
192.168.9.204 lvs+keepalived slave

Realserver安装web服务
192.168.9.203
192.168.9.201

vip
192.168.9.206

所有机器都在一个交换机，并且在一个网段。使用LVS VS/DR模式，即直接路由实现虚拟服务器。

在master和backup上要安装ipvsadm和keepalived

下载软件包

在http://www.linuxvirtualserver.org/ 下载lvs的软件包

在http://www.keepalived.org/ 下载keepalived软件包

先编译安装lvs，再安装keepalived，安装lvs需要内核源码

下载lvs源码的时候，一定要选择你内核版本对应的源码包。

yum install kernel-devel -y
ln -s /usr/src/kernels/2.6.32-358.23.2.el6.x86_64/ /usr/src/linux
wget http://www.linuxvirtualserver.org/software/kernel-2.6/ipvsadm-1.26.tar.gz
tar zxvf ipvsadm-1.26.tar.gz
cd ipvsadm-1.26
make && make install

到这里ipvs调度器已经安装完毕，使用ipvsadm命令查看ipvs的状态

使用lsmod | grep ip_vs可以查看已经加载的模块以及调度算法，如下显示使e用的算法是rr

ip_vs_rr 1420 1 
ip_vs 115643 3 ip_vs_rr
libcrc32c 1246 1 ip_vs
ipv6 321422 16 ip_vs,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6

接下来安装keepalived

wget http://www.keepalived.org/software/keepalived-1.2.9.tar.gz
tar vxzf keepalived-1.2.9.tar.gz
cd keepalived-1.2.9
./configure的时候，检查以下几行
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
代表检测到了lvs，接下来运行make && make install安装即可。

对keepalived目录结构进行调整

mkdir -p /etc/keepalived
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

在安装好lvs和keepalived之后，即修改/etc/keepalived/keepalived.conf配置文件，以下是MASTER的配置

! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.9.206
    }
}

virtual_server 192.168.9.206 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
#    persistence_timeout 5
    protocol TCP

    real_server 192.168.9.203 80 {
        weight 3
        TCP_CHECK {
           connect_timeout 3
           nb_get_retry 3
           delay_before_retry 3
           connect_port 80
        }
    }

    real_server 192.168.9.201 80 {
        weight 3
        TCP_CHECK {
           connect_timeout 3
           nb_get_retry 3
           delay_before_retry 3
           connect_port 80
        }
    }
}

在BACKUP将上面的state MASTER替换为state BACKUP即可

在realserver上的配置:
根据lvs的官方文档，DR模式需要在realserver上添加本地回环的vip，并且是Non-ARP，对外不可见，这样使响应报文的源地址也是vip。参见：http://zh.linuxvirtualserver.org/node/28

为方便使用，创建realserver-vip.sh，添加

#!/bin/bash
#description:start realserver
vip=192.168.9.206
source /etc/rc.d/init.d/functions
case $1 in
start)
        echo "Start Realserver"
        /sbin/ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up
        echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
        echo "Stop Realserver"
        /sbin/ifconfig lo:0 down
        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce
        echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
        echo "Usage: $0 (start | stop)"
exit 1
esac

执行bash realserver-vip.sh start，添加lo:0

使用ip addr list命令可查看当前机器的vip是否生效。

接下来测试，模拟MASTER挂掉和恢复，realserver挂掉及恢复，服务是否高可用运转即可。

ethtool是检测和管理网卡设置的工具

ethtool的实用之处之一是可以查看网线是否插到网卡上

如果有显示信息Link detected: yes，则说明在链路状态，表明插上网线并且在通讯

#ethtool em1

Settings for em1:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: g
Wake-on: d
Link detected: yes

如果显示Link detected: no，表明插上网线但没有链路

#ethtool em2
Settings for em2:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: Unknown!
Duplex: Half
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: g
Wake-on: d
Link detected: no

如果找不到设备，则没有网线插入

#ethtool em3
Settings for em3:
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
No data available

查看 veth　设备对的 peer　另一端

ethtool -S veth1

chattr与lsattr可以修改文件属性，是比chmod, chown的属性更底层的属性。

chattr可以结合 -减  +增  = 指定 属性

查看属性，默认只有一个e属性

#lsattr /etc/hosts
-------------e- /etc/hosts

添加i属性，则这个文件将不能修改，删除，重命名，追加，也不能创建硬链接。root也只能在回收这个属性值之后才能正常使用。

# chattr +i /etc/hosts
# lsattr /etc/hosts
----i--------e- /etc/hosts
rm /etc/hosts会出现Operation not permitted

添加a属性，使文件只能被追加，不能被删除，常用于日志文件，比如说在logrotate的时候对日志文件先-a，然后再+a。如nginx的logrotate

# This configuration is from jpuyy 2013-12-16
 /web/nginx/logs/access.log {
 weekly
 rotate 5
 compress
 sharedscripts
 prerotate
 /usr/bin/chattr -a /web/nginx/logs/access.log
 endscript
 sharedscripts
 postrotate
 /usr/bin/killall -HUP nginx
 /usr/bin/chattr +a /web/nginx/logs/access.log
 endscript
 }

chattr -R 递规更改属性