Zoyenera kuchita ngati mphamvu ya seva imodzi sikwanira kukonza zopempha zonse, ndipo wopanga mapulogalamu sapereka kusanja kwa katundu? Pali zosankha zambiri, kuyambira pogula chosungira katundu mpaka kuchepetsa kuchuluka kwa zopempha. Zomwe zili zolondola ziyenera kutsimikiziridwa ndi zomwe zikuchitika, poganizira zomwe zilipo. M'nkhaniyi tikuuzani zomwe mungachite ngati bajeti yanu ili yochepa ndipo muli ndi seva yaulere.
Monga dongosolo lomwe linali loyenera kuchepetsa katundu pa imodzi mwa maseva, tinasankha DLP (dongosolo loletsa kutulutsa chidziwitso) kuchokera ku InfoWatch. Mbali ya kukhazikitsidwa inali kuyika kwa ntchito ya balancer pa imodzi mwa ma seva "kumenyana".
Limodzi mwamavuto omwe tidakumana nawo ndikulephera kugwiritsa ntchito Source NAT (SNAT). Chifukwa chiyani izi zinali zofunika komanso momwe vutoli linathetsedwa, tidzalongosola mowonjezereka.
Kotero, poyamba chithunzi chomveka cha dongosolo lomwe linalipo linkawoneka motere:
Magalimoto a ICAP, SMTP, zochitika kuchokera pamakompyuta ogwiritsa ntchito zidakonzedwa pa seva ya Traffic Monitor (TM). Panthawi imodzimodziyo, seva yachinsinsi inatha kuthana ndi katunduyo mosavuta pambuyo pokonza zochitika pa TM, koma katundu pa TM mwiniyo anali wolemetsa. Izi zinali zoonekeratu pakuwonekera kwa mzere wa mauthenga pa seva ya Chipangizo (DM), komanso kuchokera ku CPU ndi kukumbukira kukumbukira pa TM.
Poyang'ana koyamba, ngati tiwonjezera seva ina ya TM ku chiwembu ichi, ndiye kuti ICAP kapena DM ingasinthidwe kwa izo, koma tinaganiza kuti tisagwiritse ntchito njirayi, popeza kulekerera zolakwika kunachepetsedwa.
Kufotokozera yankho
Pofufuza njira yoyenera, tinakhazikika pa mapulogalamu ogawidwa mwaufulu pamodzi ndi . Chifukwa keepalived imathetsa vuto lopanga gulu la failover ndipo imathanso kuyang'anira LVS balancer.
Zomwe timafuna kuti tikwaniritse (kuchepetsa katundu pa TM ndikukhalabe ndi vuto lololera) zikanayenera kugwira ntchito molingana ndi dongosolo ili:
Poyang'ana magwiridwe antchito, zidapezeka kuti msonkhano wa RedHat womwe umayikidwa pa ma seva sugwirizana ndi SNAT. Kwa ife, tidakonzekera kugwiritsa ntchito SNAT kuwonetsetsa kuti mapaketi omwe akubwera ndi mayankho amatumizidwa kuchokera ku adilesi yomweyo ya IP, apo ayi titha kupeza chithunzichi:
Izi ndizosavomerezeka. Mwachitsanzo, seva ya proxy, itatumiza mapaketi ku adilesi ya Virtual IP (VIP), idzayembekeza kuyankha kuchokera ku VIP, koma pakadali pano idzachokera ku IP2 kwa magawo omwe amatumizidwa ku zosunga zobwezeretsera. Yankho linapezedwa: kunali koyenera kupanga tebulo lina lolowera pa zosunga zobwezeretsera ndikulumikiza ma seva awiri a TM ndi netiweki yosiyana, monga tawonera pansipa:
Makhalidwe
Tidzakhazikitsa dongosolo la ma seva awiri omwe ali ndi ntchito za ICAP, SMTP, TCP 9100 ndi chojambulira chotsitsa chomwe chimayikidwa pa imodzi mwazo.
Tili ndi ma seva awiri a RHEL6, pomwe nkhokwe zokhazikika ndi phukusi zina zachotsedwa.
Services zomwe tiyenera kusanja:
β’ ICAP - tcp 1344;
β’ SMTP β tcp 25.
Ntchito yotumizira magalimoto kuchokera ku DM - tcp 9100.
Choyamba, tiyenera kupanga netiweki.
Ma IP adilesi (VIP):
β’ IP: 10.20.20.105.
Seva TM6_1:
β’ IP Yakunja: 10.20.20.101;
β’ IP Yamkati: 192.168.1.101.
Seva TM6_2:
β’ IP Yakunja: 10.20.20.102;
β’ IP Yamkati: 192.168.1.102.
Kenako timathandizira kutumiza kwa IP pa ma seva awiri a TM. Momwe mungachitire izi zikufotokozedwa pa RedHat .
Timasankha kuti ndi ma seva ati omwe tidzakhale nawo omwe ndi yayikulu komanso ndi iti yomwe ikhale yosunga zobwezeretsera. Lolani master kukhala TM6_1, zosunga zobwezeretsera zikhale TM6_2.
Posunga zosunga zobwezeretsera timapanga tebulo latsopano lowongolera ndi malamulo oyendetsera:
[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancerMalamulo omwe ali pamwambawa amagwira ntchito mpaka dongosolo litayambiranso. Kuti muwonetsetse kuti njirazo zimasungidwa mukayambiranso, mutha kuzilowetsamo /etc/rc.d/rc.local, koma bwino kudzera pa fayilo ya zoikamo /etc/sysconfig/network-scripts/route-eth1 (Dziwani: mawu osiyanasiyana amagwiritsidwa ntchito pano).
Ikani kusunga pa ma seva onse a TM. Tidagwiritsa ntchito rpmfind.net ngati gwero logawa:
[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpmM'makonzedwe osungidwa, timagawira seva imodzi ngati master, ina ngati yosunga zobwezeretsera. Kenako timayika VIP ndi ntchito zowongolera katundu. Fayilo yokhazikitsira nthawi zambiri imakhala apa: /etc/keepalived/keepalived.conf.
Zokonda pa Seva ya TM1
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 151
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}
virtual_server 10.20.20.105 1344 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 25 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 9100 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
}Zokonda pa Seva ya TM2
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}Timayika LVS pa mbuye, zomwe zidzayendetsa magalimoto. Palibe zomveka kuyika balancer pa seva yachiwiri, popeza tili ndi ma seva awiri okha mu kasinthidwe.
[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpmBalancer idzayendetsedwa ndi keepalived, yomwe tapanga kale.
Kuti mumalize chithunzichi, tiyeni tiwonjezere kusungitsa kuti tiyambe pa maseva onse awiri:
[root@tm6_1 ~]#chkconfig keepalived onPomaliza
Kuyang'ana zotsatira
Tiyeni tiyendetse ma seva onse awiri:
service keepalived startKuwona kupezeka kwa adilesi yeniyeni ya VRRP
Tiyeni tiwonetsetse kuti VIP ili pa master:
Ndipo palibe VIP pa zosunga zobwezeretsera:
Pogwiritsa ntchito lamulo la ping, tiwona kupezeka kwa VIP:
Tsopano mutha kutseka master ndikuyendetsanso lamulo ping.
Zotsatira zake ziyenera kukhala zofanana, ndipo posunga zosunga zobwezeretsera tiwona VIP:
Kuyang'ana kusanja kwa ntchito
Tiyeni titenge SMTP mwachitsanzo. Tiyeni tiyambitse maulalo awiri ku 10.20.20.105 nthawi imodzi:
telnet 10.20.20.105 25Pa master tiyenera kuwona kuti maulalo onsewa akugwira ntchito komanso olumikizidwa ndi ma seva osiyanasiyana:
[root@tm6_1 ~]#watch ipvsadm βLn
Chifukwa chake, takhazikitsa dongosolo lololera zolakwika la mautumiki a TM mwa kukhazikitsa chowerengera pa imodzi mwama seva a TM. Kwa dongosolo lathu, izi zinachepetsa katundu pa TM ndi theka, zomwe zinapangitsa kuti zitheke kuthetsa vuto la kusowa kopingasa kopingasa pogwiritsa ntchito dongosolo.
Nthawi zambiri, yankho ili likugwiritsidwa ntchito mofulumira komanso popanda ndalama zowonjezera, koma nthawi zina pali zolephera zingapo ndi zovuta pakukonzekera, mwachitsanzo, poyendetsa magalimoto a UDP.
Source: www.habr.com