Kini lati ṣe ti agbara olupin kan ko ba to lati ṣe ilana gbogbo awọn ibeere, ati pe olupese sọfitiwia ko pese iwọntunwọnsi fifuye? Awọn aṣayan pupọ lo wa, lati rira iwọntunwọnsi fifuye lati fi opin si nọmba awọn ibeere. Eyi ti o tọ gbọdọ jẹ ipinnu nipasẹ ipo naa, ni akiyesi awọn ipo ti o wa tẹlẹ. Ninu nkan yii a yoo sọ fun ọ kini o le ṣe ti isuna rẹ ba ni opin ati pe o ni olupin ọfẹ kan.

Gẹgẹbi eto eyiti o jẹ dandan lati dinku fifuye lori ọkan ninu awọn olupin naa, a yan DLP (eto idena jijo alaye) lati InfoWatch. Ẹya kan ti imuse ni gbigbe iṣẹ iwọntunwọnsi lori ọkan ninu awọn olupin “ija” naa.

Ọkan ninu awọn iṣoro ti a koju ni ailagbara lati lo Orisun NAT (SNAT). Kini idi ti eyi ṣe nilo ati bi a ṣe yanju iṣoro naa, a yoo ṣe alaye siwaju sii.

Nitorinaa, ni ibẹrẹ aworan atọka ọgbọn ti eto ti o wa tẹlẹ dabi eyi:

Ijabọ ICAP, SMTP, awọn iṣẹlẹ lati awọn kọnputa olumulo ni a ṣe ilana lori olupin Atẹle Ijabọ (TM). Ni akoko kanna, olupin data ni irọrun farada ẹru naa lẹhin ṣiṣe awọn iṣẹlẹ lori TM, ṣugbọn ẹru lori TM funrararẹ wuwo. Eyi han gbangba lati ifarahan ti isinyi ifiranṣẹ lori olupin Atẹle Ẹrọ (DM), ati lati Sipiyu ati fifuye iranti lori TM.

Ni wiwo akọkọ, ti a ba ṣafikun olupin TM miiran si ero yii, lẹhinna boya ICAP tabi DM le yipada si rẹ, ṣugbọn a pinnu lati ma lo ọna yii, nitori a dinku ifarada aṣiṣe.

Apejuwe ti ojutu

Ninu ilana wiwa fun ojutu to dara, a yanju lori sọfitiwia ọfẹ itoju pelu LVS. Nitori keepalive yanju iṣoro ti ṣiṣẹda iṣupọ ikuna ati pe o tun le ṣakoso iwọntunwọnsi LVS.

Ohun ti a fẹ lati ṣaṣeyọri (dinku fifuye lori TM ati ṣetọju ipele ifarada aṣiṣe lọwọlọwọ) yẹ ki o ti ṣiṣẹ ni ibamu si ero atẹle:

Nigbati o ba ṣayẹwo iṣẹ ṣiṣe, o wa ni pe apejọ aṣa RedHat ti a fi sori ẹrọ lori olupin ko ṣe atilẹyin SNAT. Ninu ọran wa, a gbero lati lo SNAT lati rii daju pe awọn apo-iwe ti nwọle ati awọn idahun si wọn ni a firanṣẹ lati adiresi IP kanna, bibẹẹkọ a yoo gba aworan atẹle:

Eyi ko ṣe itẹwọgba. Fun apẹẹrẹ, olupin aṣoju, ti o ti fi awọn apo-iwe ranṣẹ si adiresi IP Foju (VIP), yoo reti esi lati VIP, ṣugbọn ninu idi eyi o yoo wa lati IP2 fun awọn akoko ti a firanṣẹ si afẹyinti. A rii ojutu kan: o jẹ dandan lati ṣẹda tabili afisona miiran lori afẹyinti ati so awọn olupin TM meji pọ pẹlu nẹtiwọọki lọtọ, bi a ṣe han ni isalẹ:

Eto

A yoo ṣe ilana kan ti awọn olupin meji pẹlu ICAP, SMTP, awọn iṣẹ TCP 9100 ati iwọntunwọnsi fifuye ti a fi sori ọkan ninu wọn.

A ni awọn olupin RHEL6 meji, lati eyiti awọn ibi ipamọ boṣewa ati diẹ ninu awọn idii ti yọkuro.

Awọn iṣẹ ti a nilo lati dọgbadọgba:

• ICAP - tcp 1344;

SMTP – tcp 25.

Iṣẹ gbigbe ijabọ lati DM – tcp 9100.

Ni akọkọ, a nilo lati gbero nẹtiwọki.

Adirẹsi IP foju (VIP):

• IP: 10.20.20.105.

Olupin TM6_1:

• Ita IP: 10.20.20.101;

• Ti abẹnu IP: 192.168.1.101.

Olupin TM6_2:

• Ita IP: 10.20.20.102;

• Ti abẹnu IP: 192.168.1.102.

Lẹhinna a jẹki ifiranšẹ IP siwaju lori awọn olupin TM meji. Bii o ṣe le ṣe eyi ni a ṣalaye lori RedHat nibi.

A pinnu eyi ti awọn olupin ti a yoo ni ni akọkọ ati eyi ti yoo jẹ afẹyinti. Jẹ ki oluwa jẹ TM6_1, afẹyinti jẹ TM6_2.

Lori afẹyinti a ṣẹda tabili ipa ọna iwọntunwọnsi tuntun ati awọn ofin ipa-ọna:

[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancer

Awọn aṣẹ ti o wa loke n ṣiṣẹ titi ti eto yoo fi tun bẹrẹ. Lati rii daju pe awọn ipa-ọna ti wa ni ipamọ lẹhin atunbere, o le tẹ wọn sii /etc/rc.d/rc.local, ṣugbọn dara julọ nipasẹ faili eto /etc/sysconfig/network-scripts/route-eth1 (akiyesi: orisirisi sintasi ti lo nibi).

Fi sori ẹrọ ni ipamọ lori awọn olupin TM mejeeji. A lo rpmfind.net gẹgẹbi orisun pinpin:

[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpm

Ni awọn eto ipamọ, a yan ọkan ninu awọn olupin naa gẹgẹbi oluwa, ekeji bi afẹyinti. Lẹhinna a ṣeto VIP ati awọn iṣẹ fun iwọntunwọnsi fifuye. Faili eto maa n wa nibi: /etc/keepalived/keepalived.conf.

Eto fun olupin TM1

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state MASTER 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 151 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

virtual_server 10.20.20.105 1344 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 25 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 9100 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

Eto fun olupin TM2

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state BACKUP 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 100 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

A fi LVS sori titunto si, eyi ti yoo dọgbadọgba awọn ijabọ. Ko ṣe oye lati fi sori ẹrọ iwọntunwọnsi fun olupin keji, nitori ninu iṣeto ni a ni awọn olupin meji nikan.

[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpm

Oniwontunwonsi yoo jẹ iṣakoso nipasẹ keepalive, eyiti a ti tunto tẹlẹ.

Lati pari aworan naa, jẹ ki a ṣafikun keepalive si autostart lori awọn olupin mejeeji:

[root@tm6_1 ~]#chkconfig keepalived on

ipari

Ṣiṣayẹwo awọn abajade

Jẹ ki a ṣiṣẹ keepalive lori awọn olupin mejeeji:

service keepalived start

Ṣiṣayẹwo wiwa ti adirẹsi foju VRRP kan

Jẹ ki a rii daju pe VIP wa lori oluwa:

Ati pe ko si VIP lori afẹyinti:

Lilo aṣẹ ping, a yoo ṣayẹwo wiwa ti VIP:

Bayi o le ku titunto si ati ṣiṣe awọn aṣẹ lẹẹkansi ping.

Abajade yẹ ki o wa kanna, ati lori afẹyinti a yoo rii VIP:

Ṣiṣayẹwo iwọntunwọnsi iṣẹ

Jẹ ki a mu SMTP fun apẹẹrẹ. Jẹ ki a ṣe ifilọlẹ awọn asopọ meji si 10.20.20.105 ni nigbakannaa:

telnet 10.20.20.105 25

Lori oluwa a yẹ ki o rii pe awọn asopọ mejeeji ṣiṣẹ ati ti sopọ si awọn olupin oriṣiriṣi:

[root@tm6_1 ~]#watch ipvsadm –Ln

Nitorinaa, a ti ṣe imuse iṣeto ifarada-aṣiṣe ti awọn iṣẹ TM nipa fifi iwọntunwọnsi sori ọkan ninu awọn olupin TM. Fun eto wa, eyi dinku fifuye lori TM nipasẹ idaji, eyiti o jẹ ki o ṣee ṣe lati yanju iṣoro ti aini ti iwọn petele nipa lilo eto naa.

Ni ọpọlọpọ awọn igba miiran, ojutu yii ni a ṣe ni kiakia ati laisi awọn idiyele afikun, ṣugbọn nigbami awọn nọmba kan ti awọn idiwọn ati awọn iṣoro ni iṣeto ni, fun apẹẹrẹ, nigbati o ba ṣe iwọntunwọnsi ijabọ UDP.

orisun: www.habr.com