常見負載均衡器禁(啟)用成員匯總
常見負載均衡器禁(啟)用成員匯總
在我們日常運維工作中,經常會碰到負載均衡器後端應用代碼更新、臨時剔除後端伺服器、排查一主機應用故障等,往往我們會選擇比較粗魯的做法,直接停止或重啟應用服務,讓負載均衡器探測服務不可用將其剔除。這樣帶來的壞處是用戶與伺服器已經建立的連接會被中止,開發人員無法對已經停止服務的主機進行調試。現介紹一種較為溫柔的做法,即通過禁用/啟用成員的方式來達到目的。本文針對目前最為流行的負載均衡器逐一進行介紹。包括LVS、Haproxy、F5在命令行模式下的實現(方便與其它管理平台對接,實現自動化維護)。當然,Haproxy與F5都提供了人性化管理界面,不過只依賴手工來進行操作。
一、LVS負載均衡器
原理
使用LVS自帶的管理工具來實現。
環境說明
Disable VIP:192.168.100.11:80
Disable REAL SERVER:192.168.100.78
實施步驟
1、初始狀態
# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.11:80 rr persistent 60
-> 192.168.100.74:80 Route 3 462 464
-> 192.168.100.75:80 Route 3 420 440
-> 192.168.100.76:80 Route 3 431 400
-> 192.168.100.77:80 Route 3 430 432
-> 192.168.100.78:80 Route 3 435 4382、禁用成員
# ipvsadm -d -t 192.168.100.11:80 -r 192.168.100.78
3、當前狀態
# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.11:80 rr persistent 60
-> 192.168.100.74:80 Route 3 462 464
-> 192.168.100.75:80 Route 3 420 440
-> 192.168.100.76:80 Route 3 431 400
-> 192.168.100.77:80 Route 3 430 4324、啟用成員
#ipvsadm -a -t 192.168.100.11:80 -r 192.168.100.78
5、當前狀態
# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.11:80 rr persistent 60
-> 192.168.100.74:80 Route 3 462 464
-> 192.168.100.75:80 Route 3 420 440
-> 192.168.100.76:80 Route 3 431 400
-> 192.168.100.77:80 Route 3 430 432
-> 192.168.100.78:80 Route 3 435 438二、Haproxy負載均衡器
原理
使用Haproxy的socket admin通道來實現。
環境說明
Disable backend:test.tianya.cn
Disable REAL SERVER:192.168.100.78
實施步驟
1、修改haproxy.cfg配置
#vi /usr/local/haproxy/etc/haproxy.cfg
在global域添加socket admin支持並重啟Haproxy服務global
... ...
stats socket /usr/local/haproxy/HaproxySocket level admin
... ...
#service haproxy restart2、安裝socat(在任意的兩個socket管道之間建立一個通道,在該通道中交換兩端的數據。)
wget http://www.dest-unreach.org/socat/download/socat-2.0.0-b3.tar.gz
./configure --disable-fips
make;make install
註:disable OpenSSL FIPS support "--disable-fips",在沒有安裝fips包的情況下make時會提示:
FIPSLD_CC=gcc fipsld -O -D_GNU_SOURCE -Wall -Wno-parentheses -DHAVE_CONFIG_H -I. -I. -c -o socat.o socat.c
/bin/sh: fipsld: command not found
make: *** Error 127
3、禁用成員#echo "disable server test.tianya.cn/192.168.100.78" | socat stdio /usr/local/haproxy/HaproxySocket
4、啟用成員#echo "enable server test.tianya.cn/192.168.100.78" | socat stdio /usr/local/haproxy/HaproxySocket
三、F5-LTM負載均衡器
原理
使用F5-iControl開發包Pycontrol對F5設備進行管理。
環境說明
Disable POOL:test.tianya.cn
Disable SERVER:192.168.100.42:80 192.168.100.43:80 192.168.100.44:80
實施步驟
1、部署運行環境#mkdir -p /home/install;cd /home/install安裝python環境(略),要求py2.5或以上。
1.1、安裝SUDS模塊#wget https://fedorahosted.org/release ... n-suds-0.3.8.tar.gz
#tar xvfz python-suds-0.3.8.tar.gz
#cd python-suds-0.3.8
#python setup.py install1.2、安裝PYCONTROL模塊#wget http://trungale.net/pycontrol.tar.gz
#tar xvfz pycontrol.tar.gz
#cd trunk
#python setup.py install1.3、校驗安裝結果
#python>>> import suds
>>> import pycontrol.pycontrol as pc
>>> suds.__version__
'0.4'
>>> suds.__build__
'GA R699-20100913'
>>> pc.__version__
'2.0.1'
>>> pc.__build__
'r83'
>>>2、編寫LB_member.py代碼# -*- coding: utf-8 -*-
"""
----------------------------------------------------------------------------
Disable/Enable F5-LTM POOL member
Name: LB_member.py
Author: Liu tian si
Email: liutiansi@gamil.com
Created: 2011/05/08
Version: 1.0
Blog: http://blog.liuts.com
Copyright: (c) 2011
----------------------------------------------------------------------------
"""
import sys
import time
import string
import pycontrol.pycontrol as pc
"""
----------------------------------------------------------------------------
F5-LTM Disable/Enable Pool member Class
----------------------------------------------------------------------------
__init__() -Initialization F5-BIG object
set_pool_member() -Initialization pool and member object
member_factory() -Create a pool member object (Common.IPPortDefinition)
session_state_factory() -Create a session state object (LocalLB.PoolMember.MemberSessionState)
disable_member() -Disable menber methods
enable_member() -Enable menber methods
----------------------------------------------------------------------------
"""
class F5_LB_menber():
def __init__(self,_hostname,_username,_password):
self.b = pc.BIGIP(
hostname = _hostname,
username = _username,
password = _password,
fromurl = True,
wsdls = ['LocalLB.PoolMember'])
self.sstate_seq = self.b.LocalLB.PoolMember.typefactory.create('LocalLB.PoolMember.MemberSessionStateSequence')
def set_pool_member(self,pool,members):
self.POOL=pool
self.members=members
self.sstate_seq.item = self.session_state_factory()
def member_factory(self, member):
ip,port = member.split(':')
pmem = self.b.LocalLB.PoolMember.typefactory.create('Common.IPPortDefinition')
pmem.address = ip
pmem.port = int(port)
return pmem
def session_state_factory(self):
session_states = []
for x in self.members:
sstate = self.b.LocalLB.PoolMember.typefactory.create('LocalLB.PoolMember.MemberSessionState')
sstate.member = self.member_factory(x)
session_states.append(sstate)
return session_states
def disable_member(self):
for x in self.sstate_seq.item:
x.session_state = 'STATE_DISABLED'
try:
self.b.LocalLB.PoolMember.set_session_enabled_state(pool_names =
, session_states = )
except Exception, e:
print e
def enable_member(self):
for x in self.sstate_seq.item:
x.session_state = 'STATE_ENABLED'
try:
self.b.LocalLB.PoolMember.set_session_enabled_state(pool_names = ,
session_states = )
except Exception, e:
print e
if __name__ == "__main__":
if len(sys.argv) < 4:
print "Usage %s POOL MEMBER:port[,member1:80,member2:80,member3:80] enable|disable" % sys.argv
print "Examples: python LB_member.py app.domain.com 192.168.0.10:80,192.168.0.11:80,192.168.0.12:80 disable"
sys.exit()
#F5 administrator info
hostname="192.168.100.2"
username="adminuser"
password="adminpass"
App=F5_LB_menber(hostname,username,password)
#init F5 pool and member
CommandParameters = sys.argv
pool=CommandParameters
members=string.split(CommandParameters,',')
App.set_pool_member(pool,members)
if CommandParameters=="enable":
App.enable_member()
elif CommandParameters=="disable":
App.disable_member()
else:
print "opt parameters error!"
sys.exit()3、源碼分析:
3.1、創建一個池成員對象,將用戶傳入的成員列錶轉成規範的pool成員,見member_factory()方法;
3.2、創建一個會話狀態對象,追加成員對象到會話狀態當中,見session_state_factory()方法;
3.3、創建一個隊列,將會話狀態對象添加到隊列子項中,同時修改所處狀態,見__init__()、set_pool_member()、disable_member()/enable_member()方法。
4、禁用成員
#python LB_member.py test.tianya.cn 192.168.100.42:80,192.168.100.43:80,192.168.100.44:80 disable
5、啟用成員
#python LB_member.py test.tianya.cn 192.168.100.42:80,192.168.100.43:80,192.168.100.44:80 enable
參考文章
http://devcentral.f5.com/wiki/default.aspx/iControl.CodeShare
《解決方案》
感謝分享!
《解決方案》
我原來一直以為只有LVS。。。
《解決方案》
Apache和Nginx通過配置也可以實現負載均衡啊
