wikiv3:balanceamento
Table of Contents
LDAP Load Balancing
# yum install ipvsadm
IP virtual que sera utilizado no cluster LDAP:
# vim /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.0.2.199 BROADCAST=192.0.2.199 NETMASK=255.255.255.255
# ifdown eth1 && ifup eth1
Implementar Load Balancer na porta 389:
# ipvsadm -A -t 192.0.2.199:389 -s rr # ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.110 -g -w 1 # ipvsadm -a -t 192.0.2.199:389 -r 192.0.2.111 -g -w 1
Ative o repasse de pacotes através do arquivo /etc/sysctl.conf
# vim /etc/sysctl.conf [...] net.ipv4.ip_forward = 1 [...]
# sysctl -p
Para monitorar as conexões execute o comando ipvsadm:
# ipvsadm -L -n --stats IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Conns InPkts OutPkts InBytes OutBytes -> RemoteAddress:Port TCP 192.0.2.199:389 0 0 0 0 0 -> 192.0.2.110:389 0 0 0 0 0 -> 192.0.2.111:389 0 0 0 0 0
Para definir esta configuração durante o boot, use o comando ipvsadm-save para salvar as regras em /etc/sysconfig/ipvsadm
# service ipvsadm save ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm: [ OK ]
# cat /etc/sysconfig/ipvsadm -A -t 192.0.2.199:389 -s rr -a -t 192.0.2.199:389 -r 192.0.2.110:389 -g -w 1 -a -t 192.0.2.199:389 -r 192.0.2.111:389 -g -w 1
Configurar servidores LDAP
- Executar nas máquinas LDAP Master 01 e LDAP Master 02
Para começar vamos configurar que o kernel Linux, não deve mais responder a solicitações ARP na rede nos servidores LDAP.
# vim /etc/sysctl.conf [...] net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2
# sysctl -p net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2
O próximo passo é configurar o IP virtual na interface lo:0 no servidores LDAP.
# cat /etc/network/interfaces [...] auto lo:0 iface lo:0 inet static address 192.0.2.199 netmask 255.255.255.255 [...]
Testando o Load Balancer
- O teste será feito no servidor slave Replicações Master-Slave
Vamos editar o arquivo de configuração da replicação Slave alterando o nome do servidor:
# cat repica-slave.ldif dn: olcdatabase={1}hdb,cn=config changetype: modify replace: olcsyncRepl olcsyncrepl: rid=003 provider=ldap://lvs.laboratorio.com.br type=refreshAndPersist interval=00:00:00:10 searchbase=dc=laboratorio,dc=com,dc=br filter="(objectClass=*)" scope=sub attrs="*" schemachecking=off bindmethod=simple starttls=yes tls_cacert=/etc/ldap/tls/cacert.pem binddn=cn=Replicator,dc=laboratorio,dc=com,dc=br credentials=4linux retry="10 +"
# ldapmodify -x -D cn=admin,cn=config -w senha -f repica-slave.ldif modifying entry "olcdatabase={1}hdb,cn=config"
Para testar a Replicação com LVS, pare o servidor e remova a base:
# service slapd stop # rm -rf /var/lib/ldap/*
Reinicie o LDAP do servidor ldapmaster01 e veja que nossa base no slave já está populada:
# service slapd start
# ldapsearch -x -LLL -b dc=laboratorio,dc=com,dc=br -ZZ dn: dc=laboratorio,dc=com,dc=br objectClass: top objectClass: dcObject objectClass: organization o: laboratorio.com.br dc: laboratorio dn: cn=admin,dc=laboratorio,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator dn: o=matriz,dc=laboratorio,dc=com,dc=br o: matriz objectClass: organization objectClass: top dn: o=filial,dc=laboratorio,dc=com,dc=br o: filial objectClass: organization objectClass: top dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: cn=Tim Berners-Lee,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br uid: timb cn: Tim Berners-Lee sn: timb objectClass: inetOrgPerson objectClass: posixAccount loginShell: /bin/bash uidNumber: 1021 gidNumber: 1021 homeDirectory: /home/timb dn: ou=Computadores,o=matriz,dc=laboratorio,dc=com,dc=br ou: Computadores objectClass: organizationalUnit objectClass: top dn: ou=Agendas,o=matriz,dc=laboratorio,dc=com,dc=br ou: Agendas objectClass: organizationalUnit objectClass: top dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br ou: Grupos objectClass: organizationalUnit objectClass: top dn: ou=Computadores,o=filial,dc=laboratorio,dc=com,dc=br ou: Computadores objectClass: organizationalUnit objectClass: top dn: ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br ou: Agendas objectClass: organizationalUnit objectClass: top dn: ou=restrito,ou=Agendas,o=filial,dc=laboratorio,dc=com,dc=br ou: restrito objectClass: organizationalUnit objectClass: top dn: cn=Linus Torvalds da Silva,ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=b r uid: linust sn: linust objectClass: inetOrgPerson objectClass: posixAccount homeDirectory: /home/linust loginShell: /bin/bash uidNumber: 1020 gidNumber: 1020 cn: Linus Torvalds da Silva dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br ou: Grupos objectClass: organizationalUnit objectClass: top dn: cn=Replicator,dc=laboratorio,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: Replicator description: LDAP Replicator
wikiv3/balanceamento.txt · Last modified: by 127.0.0.1