為了讓 WEB APP 不因一台主機當機而影響作業,開始架構二台 JBOSS 主機,並利用 JBOSS plug in 在 Apache 的 mod_cluster-1.2.6 來作 Load Balancer

版本:

JDK:jdk-8u45-linux-x64.rpm

JBOSS EAP 6.4

Apache & mod_cluster 1.2.6.Final : http://downloads.jboss.org/mod_cluster//1.2.6.Final/linux-i686/mod_cluster-1.2.6.Final-src-ssl.tar.gz

環境:

domain Master :192.168.30.100

domain Slave:192.168.30.101

EAPDomainCluster  

一、開始安裝 JDK

Step 01: 移除 OpenJDK

[root@localhost ~]# rpm -qa | grep java
[root@localhost ~]# yum remove java*

 

Step 02:安裝 JDK

[root@localhost tmp]# rpm -ivh jdk-8u45-linux-x64.rpm

[root@bm tmp]# java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)

[root@bm tmp]# javac -version
javac 1.8.0_45

 

Step 03:編輯「/etc/profile」檔案,在最後加入

export JAVA_HOME=/usr/java/jdk1.8.0_45
export JRE_HOME=/usr/java/jdk1.8.0_45/jre
export ANT_HOME=/opt/apache-ant-1.7.0
export JBOSS_HOME=/opt/jboss-eap-6.4
export APACHE_HOME=/opt/jboss/httpd

export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH:$ANT_HOME/bin
export CLASSPATH=$CLASSPATH:.:$JAVA_HOME/lib:$JRE_HOME/lib

 

二、開始安裝 JBoss EAP 6.4

Step 01:上傳 jboss-eap-6.4.0.zip 並解壓於 /opt 下

[root@bm tmp]# unzip jboss-eap-6.4.0.zip
[root@bm tmp]# mv jboss-eap-6.4 /opt

 

Step 02:重開主機,並啟動 JBOSS Domain Mode 作測試( Master 與 Slave 作同樣的動作)

[root@bm tmp]# $JBOSS_HOME/bin/domain.sh

 

三、開始作 Domain Configuration 設定

 ■ Interface config on master(192.168.30.100)

 

Step 01:修改 vi domain/configuration/host.xml
初始值如下:

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
    </interface>
    <interface name="public">
       <inet-address value="${jboss.bind.address:127.0.0.1}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
    </interface>
</interfaces>

變更如下

<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address.management:192.168.30.100}"/>
    </interface>
    <interface name="public">
       <inet-address value="${jboss.bind.address:192.168.30.100}"/>
    </interface>
    <interface name="unsecure">
        <!-- Used for IIOP sockets in the standard configuration.
             To secure JacORB you need to setup SSL -->
        <inet-address value="${jboss.bind.address.unsecure:192.168.30.100}"/>
    </interface>
</interfaces>

 

Step02:建立 Domain Mode 主機間溝通用專用的帳號:domainAdmin,並取得 secret key
增加管理帳號:domainAdmin
密碼:password

[root@localhost bin]# ./add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a):
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : domainAdmin
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password must not be one of the following restricted values {root, admin, administrator}
 - The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password must be different from the username
Password : password
Re-enter Password : password
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
About to add user 'domainMaster' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'domainMaster' to file '/opt/jboss-eap-6.3/standalone/configuration/mgmt-users.properties'
Added user 'domainMaster' to file '/opt/jboss-eap-6.3/domain/configuration/mgmt-users.properties'
Added user 'domainMaster' with groups  to file '/opt/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties'
Added user 'domainMaster' with groups  to file '/opt/jboss-eap-6.3/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="SkJvc3NFQVA2LjM=" />

 

Interface config on slave(192.168.30.101)

Step 01:修改 vi domain/configuration/host.xml 相關的值如下

<?xml version='1.0' encoding='UTF-8'?>
<host name="slave" xmlns="urn:jboss:domain:1.6">
    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                    <server-identities>
                       <secret value="SkJvc3NFQVA2LjM=" />
                    </server-identities>
                    <authentication>
                        <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                    </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>               
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true" />
                    <properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <audit-log>
            <formatters>
               <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
                <file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="false">
               <handlers>
                  <handler name="host-file"/>
               </handlers>
            </logger>
            <server-logger log-boot="true" log-read-only="false" enabled="false">
                <handlers>
                    <handler name="server-file"/>
                </handlers>
            </server-logger>
        </audit-log>
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.native.port:9999}"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.http.port:9990}"/>
            </http-interface>
        </management-interfaces>
    </management>

    <domain-controller>
       <remote host="192.168.30.100" port="9999" security-realm="ManagementRealm" username="domainAdmin" />
       <!-- Alternative remote domain controller configuration with a host and port -->
       <!-- <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
    </domain-controller>
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:192.168.30.101}"/>
        </interface>
        <interface name="public">
           <inet-address value="${jboss.bind.address:192.168.30.101}"/>
        </interface>
        <interface name="unsecure">
            <!-- Used for IIOP sockets in the standard configuration.
                 To secure JacORB you need to setup SSL -->
            <inet-address value="${jboss.bind.address.unsecure:192.168.30.101}"/>
        </interface>
    </interfaces>
     <jvms>
        <jvm name="default">
          <heap size="64m" max-size="256m"/>
          <permgen size="256m" max-size="256m"/>
            <jvm-options>
                <option value="-server"/>
            </jvm-options>
       </jvm>
     </jvms>
    <servers>
        <server name="slave-one" group="other-server-group">
            <!-- Remote JPDA debugging for a specific server
            <jvm name="default">
              <jvm-options>
                <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
              </jvm-options>
           </jvm>
           -->
        </server>
        <server name="slave-two" group="other-server-group" auto-start="true">
            <!-- server-two avoids port conflicts by incrementing the ports in
                 the default socket-group declared in the server-group -->
            <socket-bindings port-offset="150"/>
        </server>
        <server name="slave-three" group="other-server-group" auto-start="false">
            <!-- server-three avoids port conflicts by incrementing the ports in
                 the default socket-group declared in the server-group -->
            <socket-bindings port-offset="250"/>
        </server>
    </servers>
</host>

 

Step 02:Domain Mode 是聽從 Master 主機,所以將 Slave 的 domain.xml 更名為 domain.xml.move

mv $JBOSS_HOME/domain/configuration/domain.xml $JBOSS_HOME/domain/configuration/domain.xml.move

 

四、Cluster Configuration 使用 mod_cluster 1.2.6.Final

Step 01: 安裝 apache,到 http://mod-cluster.jboss.org/downloads 下載 mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz
將 mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz 上載到Server後解壓

[root@eap-master tmp]# tar -xzvf mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz
[root@eap-master tmp]# cp –rp /tmp/opt/jboss /opt

 

Step 02:  分別修改 192.168.30.100 & 192.168.30.101 Apache 的 httpd.conf

修改 Master(192.168.30.100) 的 mod_cluster:vi $APACHE_HOME/httpd/conf/httpd.conf

ServerName eap-master.globeunion.com:80

<VirtualHost 192.168.30.100:80>
  <Directory />
    Order deny,allow
    Deny from all
    Allow from all
  </Directory>
  <Location /cluster_manager>
    SetHandler mod_cluster-manager
    Order deny,allow
    Deny from all
    Allow from all
  </Location>
</VirtualHost>

Listen 192.168.30.100:6666
#ManagerBalancerName mycluster   
ManagerBalancerName other-server-group
<VirtualHost 192.168.30.100:6666>
  <Directory />
    Order deny,allow
      Deny from all
      Allow from all
  </Directory>
  ServerAdvertise on http://192.168.30.100:6666
  EnableMCPMReceive
</VirtualHost>

 

修改 Slave(192.168.30.101) 的 mod_cluster:vi $APACHE_HOME/httpd/conf/httpd.conf

ServerName eap-slave.globeunion.com:80

# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
    <VirtualHost 192.168.30.101:80>
      <Directory />
        Order deny,allow
        Deny from all
        Allow from all
      </Directory>
      <Location /cluster_manager>
        SetHandler mod_cluster-manager
        Order deny,allow
        Deny from all
        Allow from all
      </Location>
    </VirtualHost>

    Listen 192.168.30.101:6666
    #ManagerBalancerName mycluster   
    ManagerBalancerName other-server-group
    <VirtualHost 192.168.30.101:6666>
      <Directory />
        Order deny,allow
          Deny from all
          Allow from all
      </Directory>
      ServerAdvertise on http:// 192.168.30.101:6666
      EnableMCPMReceive
    </VirtualHost>
</IfModule>

 

Step 03:修改192.168.30.100-Master 的 domain.xml 裡的 profile name="full-ha":

vi domain/configuration/domain.xml 相關的值如下

<profile name="full-ha">
<subsystem xmlns="urn:jboss:domain:messaging:1.4">
    <hornetq-server>
        <cluster-user>domainAdmin</cluster-user>
        <cluster-password>password</cluster-password>
        <persistence-enabled>true</persistence-enabled>
        <journal-type>NIO</journal-type>
        <journal-min-files>2</journal-min-files>
        <connectors>
            <netty-connector name="netty" socket-binding="messaging"/>
            <netty-connector name="netty-throughput" socket-binding="messaging-throughput">
                <param key="batch-delay" value="50"/>
            </netty-connector>
            <in-vm-connector name="in-vm" server-id="0"/>
        </connectors>
 
    </hornetq-server>
</subsystem>
<subsystem xmlns="urn:jboss:domain:modcluster:1.2">
    <mod-cluster-config advertise-socket="modcluster" connector="ajp" proxy-list="192.168.30.100:6666,192.168.30.101:6666" balancer="mycluster">
        <dynamic-load-provider>
            <load-metric type="busyness"/>
        </dynamic-load-provider>
    </mod-cluster-config>
</subsystem>
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" instance-id="${jboss.node.name}">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
    <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>
</profile>

 

五、關閉防火牆

[root@bm bin]# systemctl list-unit-files | grep fire

firewalld.service enabled

[root@bm bin]# systemctl disable firewalld.service

 

六、相關服務手動啟動

#Apache Server Start/Stop

$APACHE_HOME/sbin/apachectl start/stop/status

#JBOSS EAP Server Start

$JBOSS_HOME/bin/domain.sh

#JBOSS EAP Domain 管理介面

http://192.168.30.100:9990/console

 

 

七、將 Apache Server 設定成 Service

Step 01:copy apachectl 到 /etc/init.d

[root@eap-master init.d]# cp /opt/jboss/httpd/sbin/apachectl /etc/init.d

 

Step 02: 修改 /etc/init.d/apachectl

#!/bin/sh

在第二行加入以下兩句:

# chkconfig: 2345 80 90
# description:auto_run

第一行,告訴系統使用的shell,所以的shell腳本都是這樣。
第二行,chkconfig後面有三個參數2345,80和90告 訴chkconfig程式,需要在rc2.d~rc5.d目錄下,創建名字為 S80auto_run的檔連接,連接到/etc/rc.d/init.d目錄下的的auto_run腳本。第一個字元是S,系統在啟動的時候,運行腳 本auto_run,就會添加一個start參數,告訴腳本,現在是啟動模式。同時在rc0.d和rc6.d目錄下,創建名字為K90auto_run的 檔連接,第一個字元為K,個系統在關閉系統的時候,會運行auto_run,添加一個stop,告訴腳本,現在是關閉模式。
注意上面的三行是中,第二、三行是必須的,否則在運行chkconfig --add auto_run時,會報錯。

完整如下:

#!/bin/sh
# chkconfig: 2345 80 90
# description:auto_run
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Apache control script designed to allow an easy command line interface
# to controlling Apache.  Written by Marc Slemko, 1997/08/23
#
# The exit codes returned are:
#   XXX this doc is no longer correct now that the interesting
#   XXX functions are handled by httpd
#    0 - operation completed successfully
#    1 -
#    2 - usage error
#    3 - httpd could not be started
#    4 - httpd could not be stopped
#    5 - httpd could not be started during a restart
#    6 - httpd could not be restarted during a restart
#    7 - httpd could not be restarted during a graceful restart
#    8 - configuration syntax error
#
# When multiple arguments are given, only the error from the _last_
# one is reported.  Run "apachectl help" for usage info
#
ARGV="$@"
#
# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
# --------------------                              --------------------
#
# the path to your httpd binary, including options if necessary
HTTPD='/opt/jboss/httpd/sbin/httpd'
#
# pick up any necessary environment variables
if test -f /opt/jboss/httpd/sbin/envvars; then
  . /opt/jboss/httpd/sbin/envvars
fi
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line.  Designed for lynx, however other
# programs may work.  
LYNX="lynx -dump"
#
# the URL to your server's mod_status status page.  If you do not
# have one, then status and fullstatus will not work.
STATUSURL="http://localhost:80/server-status"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
# --------------------                              --------------------
# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||

# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
    $ULIMIT_MAX_FILES
fi

ERROR=0
if [ "x$ARGV" = "x" ] ; then
    ARGV="-h"
fi

case $ARGV in
start|stop|restart|graceful|graceful-stop)
    $HTTPD -k $ARGV
    ERROR=$?
    ;;
startssl|sslstart|start-SSL)
    echo The startssl option is no longer supported.
    echo Please edit httpd.conf to include the SSL configuration settings
    echo and then use "apachectl start".
    ERROR=2
    ;;
configtest)
    $HTTPD -t
    ERROR=$?
    ;;
status)
    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
    ;;
fullstatus)
    $LYNX $STATUSURL
    ;;
*)
    $HTTPD $ARGV
    ERROR=$?
esac

exit $ERROR

 

Step 03: 強制設成 Service

[root@eap-master init.d]# chkconfig --add apachectl

[root@eap-master init.d]# chkconfig --list apachectl

這樣 apache 除了會自動開機啟動外,還可以直接下 service apachectl start/stop 啟動

 

八、設定 建立 JBoss EAP 的 Domain 為 Service

Step 01: copy jboss-as.conf 到 /etc/jboss-as/ ;copy jboss-as-domain.sh 到 /etc/init.d/

[root@bm etc]# cp /opt/jboss-eap-6.4/bin/init.d/jboss-as.conf /etc/jboss-as/

[root@bm jboss-as]# cp /opt/jboss-eap-6.4/bin/init.d/jboss-as-domain.sh /etc/init.d/


Step 02: 修改 /etc/jboss-as/jboss-as.conf

# The username who should own the process.
#
JBOSS_USER=root

# The amount of time to wait for startup
#
STARTUP_WAIT=30

# The amount of time to wait for shutdown
#
# SHUTDOWN_WAIT=30

# Location to keep the console log
#
# JBOSS_CONSOLE_LOG=/var/log/jboss-as/console.log

 

Step 03: 修改 /etc/init.d/jboss-as-domain.sh

#!/bin/sh
#
# JBoss domain control script
#
# chkconfig: - 80 20
# description: JBoss AS Domain
# processname: domain
# pidfile: /var/run/jboss-as/jboss-as-domain.pid
# config: /etc/jboss-as/jboss-as.conf

# Source function library.
. /etc/init.d/functions

# Load Java configuration.
#[ -r /etc/java/java.conf ] && . /etc/java/java.conf
#export JAVA_HOME

# Load JBoss AS init.d configuration.
if [ -z "$JBOSS_CONF" ]; then
  JBOSS_CONF="/etc/jboss-as/jboss-as.conf"
fi

[ -r "$JBOSS_CONF" ] && . "${JBOSS_CONF}"

# Set defaults.

if [ -z "$JBOSS_HOME" ]; then
  JBOSS_HOME=/opt/jboss-eap-6.4
fi
export JBOSS_HOME

 

Step 04: 註冊 JBOSS 成 Service

[user@host init.d]$ sudo chkconfig --add jboss-as-domain.sh

[user@host init.d]$ sudo chkconfig --level 2345 jboss-as-domain.sh on #設置 jboss-as-domain.sh 在運行級別為2、3、4、5的情況下都是on(開啟)的狀態

 

 這樣子就可以兩台相互備援了.

 

附註:

■ 若同一個環境有不同的 mod_cluster, 為了不要互相引響,可以在 mod_cluster 的httpd.conf 加入 allow 作限制如下:vi $APACHE_HOME/httpd/conf/httpd.conf

## 2015/09/22 added by polin wei
<VirtualHost 192.168.30.100:80>
  <Directory />
    Order deny,allow
    Deny from all
    Allow from all
  </Directory>
  <Location /cluster_manager>
    SetHandler mod_cluster-manager
    Order deny,allow
    Deny from all
    Allow from 192.168.30.
  </Location>
</VirtualHost>

Listen 192.168.30.100:6666
#ManagerBalancerName mycluster   
ManagerBalancerName other-server-group
<VirtualHost 10.10.2.52:6666>
  <Directory />
    Order deny,allow
      Deny from all
      Allow from 192.168.30.100
      Allow from 192.168.30.101
  </Directory>
  ServerAdvertise on http://192.168.30.100:6666
  EnableMCPMReceive
</VirtualHost>

 

 

 

 

 

參考:

http://wiki.lunarpages.com/Allow_and_Deny_by_IP_Address

 

arrow
arrow

    MIS 發表在 痞客邦 留言(0) 人氣()