■Wheezy/SqueezeでKeepalived+LVS(IPVS)構成(NAT)にする。
Wheezy/Squeezeにkeepalivedを導入、VRRPで仮想IPにアクセス。
http://d.hatena.ne.jp/labunix/20130618
IPVSのみでWebサーバをラウンドロビン構成にする。
http://labunix.hateblo.jp/entry/20130619/1371652385
■以下を確認。
$ sudo sysctl -p
net.ipv4.ip_forward = 1
■サンプルとコメントを参考に記述。
$ lv -s /usr/share/doc/keepalived/keepalived.conf.SYNOPSIS.gz | wc -l
407
■途中、「lvs_」と「lb_」で差が出るが、サンプルファイルのオプション名とした。
$ lv -s /usr/share/doc/keepalived/keepalived.conf.SYNOPSIS.gz | grep lvs
lvs_sync_daemon_interface <STRING>
lvs_sched rr|wrr|lc|wlc|lblc|sh|dh
lvs_method NAT|DR|TUN
$ grep lb_ /usr/share/doc/keepalived/samples/keepalived.conf.vrrp.lvs_syncd
lb_algo rr
lb_kind NAT
■上記の通り、keepalivedの設定ファイルでIPVSも設定できるが、
便宜上、「keepalived用」と「IPVS用」にファイルを分けた。
「keepalived用」には送信元メールと優先度以外に、
MASTER/BACKUPの本質的な違いは無い。
$ sudo diff keepalived.conf /etc/keepalived/keepalived.conf
7c7
< notification_email_from vrrp100@vmdebian1.test.local
---
> notification_email_from vrrp200@vmdebian1.test.local
21c21
< priority 100
---
> priority 200
44c44
< priority 200
---
> priority 100
■keepalived用の設定
$ cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@vmdebian1.test.local
}
notification_email_from vrrp200@vmdebian1.test.local
smtp_server 192.168.164.11
smtp_connect_timeout 30
enable_traps
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 52
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.164.16
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 53
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.164.17
}
}
include /etc/keepalived/with_lvs.conf
■IPVS用の設定
※ここは2台とも同じでもよいし、IPの順序を反転してもよい。
$ cat /etc/keepalived/with_lvs.conf
virtual_server_group HTTP52 {
192.168.164.16 80
}
virtual_server_group HTTP53 {
192.168.164.17 80
}
virtual_server group HTTP52 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 192.168.164.1 80
real_server 192.168.164.10 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /check.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.11 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_timeout 3
}
}
}
virtual_server group HTTP53 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 192.168.164.1 80
real_server 192.168.164.11 80 {
weight 1
inhibit_on_failure
HTTP_GET {
url {
path /check.html
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.10 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_timeout 3
}
}
}
■コンテンツの確認
面倒なので、両方のVIPをワンライナーで交互にチェックします。
$ while true ;do \
echo -n "$n,";echo "$n" | awk '{print "w3m -dump -no-proxy http://192.168.164."($n%2)+16}' | `xargs` | head -1; \
let n++; \
sleep 1; \
done
,vmdebian1
1,vmdebian1
2,vmdebian2
3,vmdebian2
4,vmdebian1
5,vmdebian1
6,vmdebian2
7,vmdebian2
8,vmdebian1
9,vmdebian1
10,vmdebian2
^C
■apache2のログの抑制
$ sudo cp /var/www/index.html /var/www/check.html
$ grep nolog /etc/apache2/sites-available/default || \
sudo sed -i s/"CustomLog.*"/'SetEnvIf Request_URI "check.html" nolog'"\n\t& "'env=!nolog'/ \
/etc/apache2/sites-available/default
$ sudo /etc/init.d/apache2 restart
[ ok ] Restarting web server: apache2 ... waiting .
■おおよそ順序よく分散されていることがわかる。
$ sudo ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.164.16:80 3 15 15 1506 2170
-> 192.168.164.10:80 1 5 5 502 722
-> 192.168.164.11:80 2 10 10 1004 1448
TCP 192.168.164.17:80 2 10 10 1004 1446
-> 192.168.164.10:80 1 5 5 502 722
-> 192.168.164.11:80 1 5 5 502 724
$ sudo ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes
-> RemoteAddress:Port
TCP 192.168.164.16:80 2 10 10 1004 1446
-> 192.168.164.10:80 1 5 5 502 722
-> 192.168.164.11:80 1 5 5 502 724
TCP 192.168.164.17:80 3 15 15 1506 2168
-> 192.168.164.10:80 2 10 10 1004 1444
-> 192.168.164.11:80 1 5 5 502 724