seesaw v2簡單部署
環境
- realserver centos7 64bit
- realserver application nginx
- seesaw node debian 8.3 64bit
- seesaw01 10.10.11.192
- VIP 10.10.11.223
- client 10.10.17.25
結構
+------------------+
| |
| seesaw01 |
| 10.10.11.0/24 |
+------------------+
| |
eth0 eth1
10.10.11.192 (啓動過程中,這裏有10.10.11.223)
| |
+--------------------------------------------------+
| |
10.10.17.25 10.10.11.37
| |
+--------+ +-----------+
| client | | backend01 |
+--------+ +-----------+
部署
安裝依賴
apt-get install -y selinux-utils setools libnl-3-dev libnl-genl-3-dev ipvsadm
安裝seesaw v2
編譯參考:https://github.com/google/seesaw或我的前一篇博客《Seesaw v2瞭解》
編寫安裝腳本
將編譯完成的二進制文件存放至新建~/bin
目錄,將源碼中的etc
目錄複製到~/bin
目錄下,編寫~/bin/install.sh
:
#!/bin/bash
SEESAW_BIN="/usr/local/seesaw"
SEESAW_ETC="/etc/seesaw"
SEESAW_LOG="/var/log/seesaw"
install -d "${SEESAW_BIN}" "${SEESAW_ETC}" "${SEESAW_LOG}"
install "~/bin/seesaw_cli" /usr/bin/seesaw
for component in {ecu,engine,ha,healthcheck,ncc,watchdog}; do
install "~/bin/seesaw_${component}" "${SEESAW_BIN}"
done
install "etc/init/seesaw_watchdog.conf" "/etc/init"
install "etc/seesaw/watchdog.cfg" "${SEESAW_ETC}"
# Enable CAP_NET_RAW for seesaw binaries that require raw sockets.
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_ha"
/sbin/setcap cap_net_raw+ep "${SEESAW_BIN}/seesaw_healthcheck"
安裝
root@seesaw01:~/bin# chmod +x seesaw_* && chmod +x install.sh
root@seesaw01:~/bin# ./install.sh
配置
/etc/seesaw/seesaw.cfg
配置文件內容:
root@seesaw01:~/bin# vim /etc/seesaw/seesaw.cfg
[cluster]
anycast_enabled = false
name = test
node_ipv4 = 10.10.11.192
# peer_ipv4 第二個seesaw節點ip,本示例中只配置一個seesaw節點
# vip_ipv4 目前還不知道這個vip是幹啥用的,測試中沒用到這個IP地址
vip_ipv4 = 10.10.11.222
[config_server]
primary = https://seesaw01/
[interface]
node = eth0
lb = eth1
修改/etc/hosts
,新增:127.0.0.1 seesaw01
/etc/seesaw/cluster.pb
配置文件內容:
root@seesaw01:~/bin# vim /etc/seesaw/cluster.pb
seesaw_vip: <
fqdn: "seesaw-vip."
ipv4: "10.10.11.222/24"
status: TESTING
>
node: <
fqdn: "seesaw01."
ipv4: "10.10.11.192/24"
status: TESTING
>
vserver: <
name: "test-vserver"
entry_address: <
fqdn: "lb-test.localdomain."
ipv4: "10.10.11.223/24"
status: TESTING
>
rp: "admin@localdomain"
vserver_entry: <
protocol: TCP
port: 80
scheduler: RR
healthcheck: <
type: HTTP
port: 80
mode: DSR
proxy: false
tls_verify: false
>
>
backend: <
host: <
fqdn: "10.10.11.37."
ipv4: "10.10.11.37/24"
status: TESTING
>
weight: 1
>
>
運行
/usr/local/seesaw/seesaw_watchdog -alsologtostderr=true -logtostderr=true
狀態查看
root@seesaw01:~# seesaw
Seesaw CLI - Engine version 2
root@test> ?
config
exit
quit
failover
override
show
root@test> show ?
bgp
backends
destinations
ha
nodes
version
vlans
vservers
warnings
root@test> show nodes
Nodes
[1] seesaw01. enabled
root@test> show vservers
Vserver
Name: test-vserver
Hostname: lb-test.localdomain.
Status: enabled (override state default; config state enabled)
IPv4 Address: 10.10.11.223/24
IPv6 Address: <not configured>
Services:
IPv4 TCP/80 (DSR, rr scheduler)
State: enabled, healthy, active
Watermarks: Low 0.00, High 0.00, Currently 1.00
root@test> show backends
Backend
Hostname: 10.10.11.37.
Destinations:
[ 1] test-vserver/10.10.11.37:80/TCP (enabled, unhealthy, inactive)
root@test>
show backends
查看realserver狀態時發現是unhealthy, inactive
使用ipvsadm模塊查看結果如下:
root@seesaw01:~# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 65536 rr
-> 10.10.11.37:0 Route 1 0 7
# 在client上ping VIP,能通
➜ ~ ping -c 4 10.10.11.223
PING 10.10.11.223 (10.10.11.223): 56 data bytes
64 bytes from 10.10.11.223: icmp_seq=0 ttl=63 time=2.272 ms
64 bytes from 10.10.11.223: icmp_seq=1 ttl=63 time=2.245 ms
64 bytes from 10.10.11.223: icmp_seq=2 ttl=63 time=1.610 ms
64 bytes from 10.10.11.223: icmp_seq=3 ttl=63 time=2.294 ms
--- 10.10.11.223 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.610/2.105/2.294/0.286 ms
瀏覽器打開http://10.10.11.223無法訪問
配置realserver
ssh root@10.10.11.37
[root@localhost ~]# vim ~/lvs_real.sh
#!/bin/bash
# description: Config realserver
#Written by :http://kerry.blog.51cto.com
SNS_VIP=10.10.11.223
/etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP up
/sbin/route add -host $SNS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2">/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $SNS_VIP >/dev/null2>&1
echo "0">/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0">/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0">/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
[root@localhost ~]# chmod +x lvs_real.sh
注意文件中的VIP。
realserver上執行 ./lvs_real.sh start
在seesaw01上再次查看backends
狀態:
root@seesaw01:~# seesaw -c "show backends"
Backend
Hostname: 10.10.11.37.
Destinations:
[ 1] test-vserver/10.10.11.37:80/TCP (enabled, healthy, active)
狀態爲healthy active
ipvsadm狀態也恢復正常了:
root@seesaw01:~# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.11.223:80 rr
-> 10.10.11.37:80 Route 1 0 0
FWM 65536 rr
-> 10.10.11.37:0 Route 1 0 3
瀏覽器也可以訪問http://10.10.11.223了
總結
這個測試只是在局域網中進行簡單的部署,並沒有體現出seesaw多vlan的功能。目前試運行的幾乎與LVS DR模式一致。下一步將結合quagga 進行多vlan特性測試。
可能遇到的坑
/var/log/seesaw/seesaw_ncc.log
F0131 18:57:34.972241 5389 ipvs.go:40] IPVS initialisation failed: failed to resolve family name
未安裝或者未成功加載ipvs內核模塊,解決:
root@seesaw01:~# apt-get install ipvsadm
加載模塊
modprobe ip_vs
modprobe ip_vs_wrr
設置模塊開機自動加載
root@seesaw01:~# echo ip_vs > /etc/modules-load.d/ipvs.conf
root@seesaw01:~# echo ip_vs_wrr > /etc/modules-load.d/ipvs.conf
root@seesaw01:~# systemctl restart systemd-modules-load.service
/var/log/seesaw/seesaw_engine.log
F0131 19:38:11.393617 20543 core.go:274] Failed to initialise LB interface: Failed to initialise sysctls:
優化模塊:
root@seesaw01:~# echo nf_conntrack_ipv4 > /etc/modules-load.d/nf_conntrack.conf
root@seesaw01:~# systemctl restart systemd-modules-load.service
/var/log/seesaw/seesaw_engine.log
F0131 20:03:08.723735 1775 core.go:274] Failed to initialise LB interface: Failed to get dummy interface: no such network interface
或者
F0204 13:14:48.620264 8790 core.go:274] Failed to initialise LB interface: Failed to get dummy interface: route ip+net: no such network interface
解決:
ip link add dummy0 type dummy
或者
ip link add ip+net type dummy