Chii chaunofanira kuita kana simba reimwe sevha risina kukwana kugadzirisa zvikumbiro zvose, uye mugadziri wepurogiramu haapi kuenzanisa kwekutakura? Pane zvakawanda zvingasarudzwa, kubva pakutenga chinoyeresa chinorema kusvika pakudzikamisa nhamba yezvikumbiro. Ndeipi yakarurama inofanira kugadziriswa nemamiriro ezvinhu, tichifunga nezvemamiriro ezvinhu aripo. Muchikamu chino tichakuudza zvaunogona kuita kana bhajeti yako ishoma uye uine sevha yemahara.
Sehurongwa hwaidiwa kudzikisira mutoro pane imwe yemaseva, takasarudza DLP (ruzivo rwekudzivirira hurongwa hwekudzivirira) kubva kuInfoWatch. Chinhu chekushandiswa kwaive kuiswa kweiyo balancer basa pane imwe ye "kurwa" maseva.
Rimwe rematambudziko atakasangana nawo raive rekutadza kushandisa Source NAT (SNAT). Sei izvi zvaidiwa uye kuti dambudziko rakagadziriswa sei, tichatsanangura mberi.
Saka, pekutanga dhayagiramu inonzwisisika yeiyo yaivepo system yakaita seizvi:
ICAP traffic, SMTP, zviitiko kubva kumakomputa emushandisi zvakagadziriswa paTraffic Monitor (TM) server. Panguva imwecheteyo, sevha yedatabase yakabata nyore nemutoro mushure mekugadzirisa zviitiko paTM, asi mutoro paTM pachawo wairema. Izvi zvaionekwa kubva pakuonekwa kwemutsara wemeseji paDevice Monitor (DM) server, pamwe neCPU uye memory load paTM.
Pakutanga kuona, kana tikawedzera imwe TM sevha kuchirongwa ichi, ipapo ICAP kana DM inogona kuchinjwa kwairi, asi takasarudza kusashandisa nzira iyi, sezvo kushivirira kukanganisa kwakaderedzwa.
Tsanangudzo yemhinduro
Mukuita kutsvaga mhinduro yakakodzera, takagara pane software yakagoverwa zvakasununguka pamwe chete . Nekuti keepalived inogadzirisa dambudziko rekugadzira failover cluster uye inogona zvakare kubata iyo LVS balancer.
Zvataida kuzadzisa (kuderedza mutoro paTM uye kuchengetedza ikozvino nhanho yekushivirira kukanganisa) yaifanira kunge yakashanda zvinoenderana nechirongwa chinotevera:
Paunenge uchitarisa kushanda, zvakazoitika kuti tsika yeRedHat gungano yakaiswa pamaseva haitsigire SNAT. Kwatiri isu, takaronga kushandisa SNAT kuona kuti mapaketi anouya uye mhinduro kwavari anotumirwa kubva kune imwecheteyo IP kero, zvikasadaro taizowana unotevera mufananidzo:
Izvi hazvitenderwi. Semuenzaniso, sevha yeproxy, yatumira mapaketi kuVirtual IP (VIP) kero, inotarisira mhinduro kubva kuVIP, asi munyaya iyi inobva ku IP2 yezvikamu zvakatumirwa kune backup. Mhinduro yakawanikwa: zvaive zvakafanira kugadzira imwe tafura yenzira pane backup uye kubatanidza maviri maseva eTM netiweki yakaparadzana, sezvakaratidzwa pazasi:
Zvirongwa
Isu tichashandisa chirongwa chemaseva maviri ane ICAP, SMTP, TCP 9100 masevhisi uye inoremedza balancer yakaiswa pane imwe yacho.
Tine maseva maviri eRHEL6, kubva kune akajairwa marekodhi uye mamwe mapakeji akabviswa.
Masevhisi atinoda kuenzanisa:
β’ ICAP - tcp 1344;
β’ SMTP β tcp 25.
Traffic transmission service kubva kuDM - tcp 9100.
Kutanga, tinoda kuronga network.
Virtual IP kero (VIP):
β’ IP: 10.20.20.105.
Sevha TM6_1:
β’ Kunze IP: 10.20.20.101;
β’ Yemukati IP: 192.168.1.101.
Sevha TM6_2:
β’ Kunze IP: 10.20.20.102;
β’ Yemukati IP: 192.168.1.102.
Ipapo tinogonesa IP kutumira pane maviri TM maseva. Maitiro ekuita izvi anotsanangurwa paRedHat .
Isu tinosarudza kuti ndeipi yemaseva atichava nayo ndiyo huru uye ndeipi ichave iyo yekuchengetedza. Regai master ive TM6_1, backup iite TM6_2.
Pa backup tinogadzira tafura nyowani yekuenzanisa uye routing mitemo:
[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancerMirairo iri pamusoro inoshanda kusvika sisitimu yatangwazve. Kuti uve nechokwadi chekuti nzira dzakachengetedzwa mushure mekutangwazve, unogona kupinda mairi /etc/rc.d/rc.local, asi zviri nani kuburikidza nefaira rekugadzirisa /etc/sysconfig/network-scripts/route-eth1 (chinyorwa: syntax yakasiyana inoshandiswa pano).
Isa yakachengetedzwa pane ese TM maseva. Isu takashandisa rpmfind.net senzvimbo yekugovera:
[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpmMune zvigadziriso zvakachengetwa, tinopa imwe yemaseva satenzi, imwe se backup. Ipapo isu tinoisa VIP nemasevhisi ekuyeresa mutoro. Iyo faira yekuseta kazhinji inowanikwa pano: /etc/keepalived/keepalived.conf.
Zvirongwa zveTM1 Server
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state MASTER
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 151
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}
virtual_server 10.20.20.105 1344 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 1344 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 1344
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 25 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 25 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 25
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.20.20.105 9100 {
delay_loop 6
lb_algo wrr
lb_kind NAT
protocol TCP
real_server 192.168.1.101 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.1.102 9100 {
weight 1
TCP_CHECK {
connect_timeout 3
connect_port 9100
nb_get_retry 3
delay_before_retry 3
}
}
}Zvirongwa zveTM2 Server
vrrp_sync_group VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass example
}
virtual_ipaddress {
10.20.20.105
}
}Isu tinoisa LVS pane tenzi, iyo inoenzanisa traffic. Izvo hazvina musoro kuisa balancer kune yechipiri server, sezvo isu tine maviri chete maseva mukugadzirisa.
[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpmIyo balancer ichave inotungamirwa ne keepalived, yatakatogadzira.
Kupedzisa mufananidzo, ngatiwedzerei kuchengetedza kune autostart pamaseva ese ari maviri:
[root@tm6_1 ~]#chkconfig keepalived onmhedziso
Kuongorora zvabuda
Ngatimhanyei tirambe tichirarama pamaseva ese ari maviri:
service keepalived startKutarisa kuwanikwa kweVRRP chaiyo kero
Ngative nechokwadi chekuti VIP iri pa master:
Uye hapana VIP pane backup:
Tichishandisa ping command, isu tichatarisa kuwanikwa kweVIP:
Iye zvino unogona kuvhara master uye womhanya murairo zvakare ping.
Mhedzisiro yacho inofanirwa kuramba yakafanana, uye pa backup tinoona VIP:
Kuongorora kuenzanirana kwebasa
Ngatitorei SMTP semuenzaniso. Ngatitangei maviri ekubatanidza ku10.20.20.105 panguva imwe chete:
telnet 10.20.20.105 25Pane tenzi isu tinofanira kuona kuti zvese zvinongedzo zvinoshanda uye zvakabatana kune akasiyana maseva:
[root@tm6_1 ~]#watch ipvsadm βLn
Nekudaro, isu takaita yekukanganisa-kushivirira gadziriso yeTM masevhisi nekuisa balancer pane imwe yemaseva eTM. Kune yedu sisitimu, izvi zvakaderedza mutoro paTM nehafu, izvo zvakaita kuti zvikwanise kugadzirisa dambudziko rekushaikwa kwekuyera kuyera uchishandisa sisitimu.
Muzviitiko zvakawanda, mhinduro iyi inoshandiswa nokukurumidza uye pasina mari yekuwedzera, asi dzimwe nguva pane zvisingakwanisi uye zvinetso mukugadzirisa, somuenzaniso, pakuyera UDP traffic.
Source: www.habr.com