运维进行时

       在我们日常运维工作中，经常会碰到负载均衡器后端应用代码更新、临时剔除后端服务器、排查一主机应用故障等，往往我们会选择比较粗鲁的做法，直接停止或重启应用服务，让负载均衡器探测服务不可用将其剔除。这样带来的坏处是用户与服务器已经建立的连接会被中止，开发人员无法对已经停止服务的主机进行调试。现介绍一种较为温柔的做法，即通过禁用/启用成员的方式来达到目的。本文针对目前最为流行的负载均衡器逐一进行介绍。包括LVS、Haproxy、F5在命令行模式下的实现(方便与其它管理平台对接，实现自动化维护)。当然，Haproxy与F5都提供了人性化管理界面，不过只依赖手工来进行操作。

一、LVS负载均衡器
原理
使用LVS自带的管理工具来实现。

环境说明
Disable VIP:192.168.100.11:80
Disable REAL SERVER:192.168.100.78

实施步骤
1、初始状态
[devuser@lvsserver ~]# ipvsadm -Ln

2、禁用成员
[devuser@lvsserver ~]# ipvsadm -d -t 192.168.100.11:80 -r 192.168.100.78

3、当前状态
[devuser@lvsserver ~]# ipvsadm -Ln

4、启用成员
[devuser@lvsserver ~]#ipvsadm -a -t 192.168.100.11:80 -r 192.168.100.78

5、当前状态
[devuser@lvsserver ~]# ipvsadm -Ln


二、Haproxy负载均衡器
原理
使用Haproxy的socket admin通道来实现。

环境说明
Disable backend:test.tianya.cn
Disable REAL SERVER:192.168.100.78

实施步骤
1、修改haproxy.cfg配置
#vi /usr/local/haproxy/etc/haproxy.cfg
在global域添加socket admin支持并重启Haproxy服务
#service haproxy restart

2、安装socat(在任意的两个socket管道之间建立一个通道，在该通道中交换两端的数据。)

注：disable OpenSSL FIPS support  "--disable-fips"，在没有安装fips包的情况下make时会提示：


3、禁用成员
#echo "disable server test.tianya.cn/192.168.100.78" | socat stdio /usr/local/haproxy/HaproxySocket


4、启用成员
#echo "enable server test.tianya.cn/192.168.100.78" | socat stdio /usr/local/haproxy/HaproxySocket


三、F5-LTM负载均衡器
原理
使用F5-iControl开发包Pycontrol对F5设备进行管理。

环境说明
Disable POOL:test.tianya.cn
Disable SERVER:192.168.100.42:80 192.168.100.43:80 192.168.100.44:80

实施步骤
1、部署运行环境
#mkdir -p /home/install;cd /home/install
安装python环境(略)，要求py2.5或以上。
1.1、安装SUDS模块

1.2、安装PYCONTROL模块

1.3、校验安装结果
#python
>>> import suds >>> import pycontrol.pycontrol as pc >>> suds.__version__ '0.4' >>> suds.__build__ 'GA R699-20100913' >>> pc.__version__ '2.0.1' >>> pc.__build__ 'r83' >>>
2、编写LB_member.py代码
# -*- coding: utf-8 -*- """ ---------------------------------------------------------------------------- Disable/Enable F5-LTM POOL member Name:        LB_member.py Author:      Liu tian si Email:       liutiansi@gamil.com Created:     2011/05/08 Version:     1.0 Blog:        http://blog.liuts.com Copyright:   (c) 2011 ---------------------------------------------------------------------------- """ import sys import time import string import pycontrol.pycontrol as pc """ ---------------------------------------------------------------------------- F5-LTM Disable/Enable Pool member Class ---------------------------------------------------------------------------- __init__() -Initialization F5-BIG object set_pool_member() -Initialization pool and member object member_factory() -Create a pool member object (Common.IPPortDefinition) session_state_factory() -Create a session state object (LocalLB.PoolMember.MemberSessionState) disable_member() -Disable menber methods enable_member() -Enable menber methods ---------------------------------------------------------------------------- """ class F5_LB_menber():     def __init__(self,_hostname,_username,_password):         self.b = pc.BIGIP(         hostname = _hostname,         username = _username,         password = _password,         fromurl = True,         wsdls = ['LocalLB.PoolMember'])         self.sstate_seq = self.b.LocalLB.PoolMember.typefactory.create('LocalLB.PoolMember.MemberSessionStateSequence')              def set_pool_member(self,pool,members):         self.POOL=pool         self.members=members         self.sstate_seq.item = self.session_state_factory()     def member_factory(self, member):         ip,port = member.split(':')         pmem = self.b.LocalLB.PoolMember.typefactory.create('Common.IPPortDefinition')         pmem.address = ip         pmem.port = int(port)         return pmem     def session_state_factory(self):         session_states = []         for x in self.members:             sstate = self.b.LocalLB.PoolMember.typefactory.create('LocalLB.PoolMember.MemberSessionState')             sstate.member = self.member_factory(x)             session_states.append(sstate)         return session_states     def disable_member(self):         for x in self.sstate_seq.item:             x.session_state = 'STATE_DISABLED'         try:             self.b.LocalLB.PoolMember.set_session_enabled_state(pool_names =                 [self.POOL], session_states = [self.sstate_seq])              except Exception, e:             print e     def enable_member(self):         for x in self.sstate_seq.item:             x.session_state = 'STATE_ENABLED'         try:             self.b.LocalLB.PoolMember.set_session_enabled_state(pool_names = [self.POOL],                 session_states = [self.sstate_seq])         except Exception, e:             print e if __name__ == "__main__":     if len(sys.argv) < 4:         print "Usage %s POOL MEMBER:port[,member1:80,member2:80,member3:80] enable|disable" % sys.argv[0]         print "Examples: python LB_member.py app.domain.com 192.168.0.10:80,192.168.0.11:80,192.168.0.12:80 disable"         sys.exit()     #F5 administrator info     hostname="192.168.100.2"     username="adminuser"     password="adminpass"     App=F5_LB_menber(hostname,username,password)          #init F5 pool and member     CommandParameters = sys.argv[1:]     pool=CommandParameters[0]     members=string.split(CommandParameters[1],',')          App.set_pool_member(pool,members)     if CommandParameters[2]=="enable":         App.enable_member()     elif CommandParameters[2]=="disable":         App.disable_member()     else:         print "opt parameters error!"         sys.exit()

3、源码分析：
3.1、创建一个池成员对象，将用户传入的成员列表转成规范的pool成员，见member_factory()方法;
3.2、创建一个会话状态对象，追加成员对象到会话状态当中，见session_state_factory()方法;
3.3、创建一个队列，将会话状态对象添加到队列子项中，同时修改所处状态，见__init__()、set_pool_member()、disable_member()/enable_member()方法。

4、禁用成员
#python LB_member.py test.tianya.cn 192.168.100.42:80,192.168.100.43:80,192.168.100.44:80 disable


5、启用成员
#python LB_member.py test.tianya.cn 192.168.100.42:80,192.168.100.43:80,192.168.100.44:80 enable


如大家有什么疑问或感兴趣的话题可以通过weibo与我交流：http://t.qq.com/yorkoliu

参考文章
http://devcentral.f5.com/wiki/default.aspx/iControl.CodeShare