為了讓 WEB APP 不因一台主機當機而影響作業,開始架構二台 JBOSS 主機,並利用 JBOSS plug in 在 Apache 的 mod_cluster-1.2.6 來作 Load Balancer
版本:
JDK:jdk-8u45-linux-x64.rpm
JBOSS EAP 6.4
Apache & mod_cluster 1.2.6.Final : http://downloads.jboss.org/mod_cluster//1.2.6.Final/linux-i686/mod_cluster-1.2.6.Final-src-ssl.tar.gz
環境:
domain Master :192.168.30.100
domain Slave:192.168.30.101
一、開始安裝 JDK
Step 01: 移除 OpenJDK
[root@localhost ~]# rpm -qa | grep java
[root@localhost ~]# yum remove java* |
Step 02:安裝 JDK
[root@localhost tmp]# rpm -ivh jdk-8u45-linux-x64.rpm
[root@bm tmp]# java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
[root@bm tmp]# javac -version
javac 1.8.0_45
|
Step 03:編輯「/etc/profile」檔案,在最後加入
export JAVA_HOME=/usr/java/jdk1.8.0_45
export JRE_HOME=/usr/java/jdk1.8.0_45/jre
export ANT_HOME=/opt/apache-ant-1.7.0
export JBOSS_HOME=/opt/jboss-eap-6.4
export APACHE_HOME=/opt/jboss/httpd
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH:$ANT_HOME/bin
export CLASSPATH=$CLASSPATH:.:$JAVA_HOME/lib:$JRE_HOME/lib |
二、開始安裝 JBoss EAP 6.4
Step 01:上傳 jboss-eap-6.4.0.zip 並解壓於 /opt 下
[root@bm tmp]# unzip jboss-eap-6.4.0.zip
[root@bm tmp]# mv jboss-eap-6.4 /opt
|
Step 02:重開主機,並啟動 JBOSS Domain Mode 作測試( Master 與 Slave 作同樣的動作)
[root@bm tmp]# $JBOSS_HOME/bin/domain.sh |
三、開始作 Domain Configuration 設定
■ Interface config on master(192.168.30.100)
Step 01:修改 vi domain/configuration/host.xml
初始值如下:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="unsecure">
<!-- Used for IIOP sockets in the standard configuration.
To secure JacORB you need to setup SSL -->
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
</interface>
</interfaces> |
變更如下
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:192.168.30.100}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:192.168.30.100}"/>
</interface>
<interface name="unsecure">
<!-- Used for IIOP sockets in the standard configuration.
To secure JacORB you need to setup SSL -->
<inet-address value="${jboss.bind.address.unsecure:192.168.30.100}"/>
</interface>
</interfaces> |
Step02:建立 Domain Mode 主機間溝通用專用的帳號:domainAdmin,並取得 secret key
增加管理帳號:domainAdmin
密碼:password
[root@localhost bin]# ./add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a):
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : domainAdmin
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
- The password must not be one of the following restricted values {root, admin, administrator}
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
- The password must be different from the username
Password : password
Re-enter Password : password
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:
About to add user 'domainMaster' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'domainMaster' to file '/opt/jboss-eap-6.3/standalone/configuration/mgmt-users.properties'
Added user 'domainMaster' to file '/opt/jboss-eap-6.3/domain/configuration/mgmt-users.properties'
Added user 'domainMaster' with groups to file '/opt/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties'
Added user 'domainMaster' with groups to file '/opt/jboss-eap-6.3/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="SkJvc3NFQVA2LjM=" /> |
■ Interface config on slave(192.168.30.101)
Step 01:修改 vi domain/configuration/host.xml 相關的值如下
<?xml version='1.0' encoding='UTF-8'?>
<host name="slave" xmlns="urn:jboss:domain:1.6">
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<secret value="SkJvc3NFQVA2LjM=" />
</server-identities>
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
<properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
<domain-controller>
<remote host="192.168.30.100" port="9999" security-realm="ManagementRealm" username="domainAdmin" />
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:192.168.30.101}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:192.168.30.101}"/>
</interface>
<interface name="unsecure">
<!-- Used for IIOP sockets in the standard configuration.
To secure JacORB you need to setup SSL -->
<inet-address value="${jboss.bind.address.unsecure:192.168.30.101}"/>
</interface>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<permgen size="256m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<server name="slave-one" group="other-server-group">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
</jvm-options>
</jvm>
-->
</server>
<server name="slave-two" group="other-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
<server name="slave-three" group="other-server-group" auto-start="false">
<!-- server-three avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="250"/>
</server>
</servers>
</host> |
Step 02:Domain Mode 是聽從 Master 主機,所以將 Slave 的 domain.xml 更名為 domain.xml.move
mv $JBOSS_HOME/domain/configuration/domain.xml $JBOSS_HOME/domain/configuration/domain.xml.move |
四、Cluster Configuration: 使用 mod_cluster 1.2.6.Final
Step 01: 安裝 apache,到 http://mod-cluster.jboss.org/downloads 下載 mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz
將 mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz 上載到Server後解壓
[root@eap-master tmp]# tar -xzvf mod_cluster-1.2.6.Final-linux2-x64-ssl.tar.gz
[root@eap-master tmp]# cp –rp /tmp/opt/jboss /opt |
Step 02: 分別修改 192.168.30.100 & 192.168.30.101 Apache 的 httpd.conf
■ 修改 Master(192.168.30.100) 的 mod_cluster:vi $APACHE_HOME/httpd/conf/httpd.conf
ServerName eap-master.globeunion.com:80
<VirtualHost 192.168.30.100:80>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
<Location /cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
</VirtualHost>
Listen 192.168.30.100:6666
#ManagerBalancerName mycluster
ManagerBalancerName other-server-group
<VirtualHost 192.168.30.100:6666>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
ServerAdvertise on http://192.168.30.100:6666
EnableMCPMReceive
</VirtualHost> |
■ 修改 Slave(192.168.30.101) 的 mod_cluster:vi $APACHE_HOME/httpd/conf/httpd.conf
ServerName eap-slave.globeunion.com:80
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
<IfModule manager_module>
<VirtualHost 192.168.30.101:80>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
<Location /cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
</VirtualHost>
Listen 192.168.30.101:6666
#ManagerBalancerName mycluster
ManagerBalancerName other-server-group
<VirtualHost 192.168.30.101:6666>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
ServerAdvertise on http:// 192.168.30.101:6666
EnableMCPMReceive
</VirtualHost>
</IfModule> |
Step 03:修改192.168.30.100-Master 的 domain.xml 裡的 profile name="full-ha":
vi domain/configuration/domain.xml 相關的值如下
<profile name="full-ha">
<subsystem xmlns="urn:jboss:domain:messaging:1.4">
<hornetq-server>
<cluster-user>domainAdmin</cluster-user>
<cluster-password>password</cluster-password>
<persistence-enabled>true</persistence-enabled>
<journal-type>NIO</journal-type>
<journal-min-files>2</journal-min-files>
<connectors>
<netty-connector name="netty" socket-binding="messaging"/>
<netty-connector name="netty-throughput" socket-binding="messaging-throughput">
<param key="batch-delay" value="50"/>
</netty-connector>
<in-vm-connector name="in-vm" server-id="0"/>
</connectors>
</hornetq-server>
</subsystem>
<subsystem xmlns="urn:jboss:domain:modcluster:1.2">
<mod-cluster-config advertise-socket="modcluster" connector="ajp" proxy-list="192.168.30.100:6666,192.168.30.101:6666" balancer="mycluster">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
</mod-cluster-config>
</subsystem>
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false" instance-id="${jboss.node.name}">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
</profile> |
五、關閉防火牆
[root@bm bin]# systemctl list-unit-files | grep fire
firewalld.service enabled
[root@bm bin]# systemctl disable firewalld.service
|
六、相關服務手動啟動
#Apache Server Start/Stop
$APACHE_HOME/sbin/apachectl start/stop/status
#JBOSS EAP Server Start
$JBOSS_HOME/bin/domain.sh
#JBOSS EAP Domain 管理介面
http://192.168.30.100:9990/console
|
七、將 Apache Server 設定成 Service
Step 01:copy apachectl 到 /etc/init.d
[root@eap-master init.d]# cp /opt/jboss/httpd/sbin/apachectl /etc/init.d |
Step 02: 修改 /etc/init.d/apachectl
#!/bin/sh
在第二行加入以下兩句:
# chkconfig: 2345 80 90
# description:auto_run
|
第一行,告訴系統使用的shell,所以的shell腳本都是這樣。
第二行,chkconfig後面有三個參數2345,80和90告 訴chkconfig程式,需要在rc2.d~rc5.d目錄下,創建名字為 S80auto_run的檔連接,連接到/etc/rc.d/init.d目錄下的的auto_run腳本。第一個字元是S,系統在啟動的時候,運行腳 本auto_run,就會添加一個start參數,告訴腳本,現在是啟動模式。同時在rc0.d和rc6.d目錄下,創建名字為K90auto_run的 檔連接,第一個字元為K,個系統在關閉系統的時候,會運行auto_run,添加一個stop,告訴腳本,現在是關閉模式。
注意上面的三行是中,第二、三行是必須的,否則在運行chkconfig --add auto_run時,會報錯。
完整如下:
#!/bin/sh
# chkconfig: 2345 80 90
# description:auto_run
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Apache control script designed to allow an easy command line interface
# to controlling Apache. Written by Marc Slemko, 1997/08/23
#
# The exit codes returned are:
# XXX this doc is no longer correct now that the interesting
# XXX functions are handled by httpd
# 0 - operation completed successfully
# 1 -
# 2 - usage error
# 3 - httpd could not be started
# 4 - httpd could not be stopped
# 5 - httpd could not be started during a restart
# 6 - httpd could not be restarted during a restart
# 7 - httpd could not be restarted during a graceful restart
# 8 - configuration syntax error
#
# When multiple arguments are given, only the error from the _last_
# one is reported. Run "apachectl help" for usage info
#
ARGV="$@"
#
# |||||||||||||||||||| START CONFIGURATION SECTION ||||||||||||||||||||
# -------------------- --------------------
#
# the path to your httpd binary, including options if necessary
HTTPD='/opt/jboss/httpd/sbin/httpd'
#
# pick up any necessary environment variables
if test -f /opt/jboss/httpd/sbin/envvars; then
. /opt/jboss/httpd/sbin/envvars
fi
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
LYNX="lynx -dump"
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.
STATUSURL="http://localhost:80/server-status"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
# -------------------- --------------------
# |||||||||||||||||||| END CONFIGURATION SECTION ||||||||||||||||||||
# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
$ULIMIT_MAX_FILES
fi
ERROR=0
if [ "x$ARGV" = "x" ] ; then
ARGV="-h"
fi
case $ARGV in
start|stop|restart|graceful|graceful-stop)
$HTTPD -k $ARGV
ERROR=$?
;;
startssl|sslstart|start-SSL)
echo The startssl option is no longer supported.
echo Please edit httpd.conf to include the SSL configuration settings
echo and then use "apachectl start".
ERROR=2
;;
configtest)
$HTTPD -t
ERROR=$?
;;
status)
$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
;;
fullstatus)
$LYNX $STATUSURL
;;
*)
$HTTPD $ARGV
ERROR=$?
esac
exit $ERROR |
Step 03: 強制設成 Service
[root@eap-master init.d]# chkconfig --add apachectl
[root@eap-master init.d]# chkconfig --list apachectl
|
這樣 apache 除了會自動開機啟動外,還可以直接下 service apachectl start/stop 啟動
八、設定 建立 JBoss EAP 的 Domain 為 Service
Step 01: copy jboss-as.conf 到 /etc/jboss-as/ ;copy jboss-as-domain.sh 到 /etc/init.d/
[root@bm etc]# cp /opt/jboss-eap-6.4/bin/init.d/jboss-as.conf /etc/jboss-as/
[root@bm jboss-as]# cp /opt/jboss-eap-6.4/bin/init.d/jboss-as-domain.sh /etc/init.d/
|
Step 02: 修改 /etc/jboss-as/jboss-as.conf
# The username who should own the process.
#
JBOSS_USER=root
# The amount of time to wait for startup
#
STARTUP_WAIT=30
# The amount of time to wait for shutdown
#
# SHUTDOWN_WAIT=30
# Location to keep the console log
#
# JBOSS_CONSOLE_LOG=/var/log/jboss-as/console.log
|
Step 03: 修改 /etc/init.d/jboss-as-domain.sh
#!/bin/sh
#
# JBoss domain control script
#
# chkconfig: - 80 20
# description: JBoss AS Domain
# processname: domain
# pidfile: /var/run/jboss-as/jboss-as-domain.pid
# config: /etc/jboss-as/jboss-as.conf
# Source function library.
. /etc/init.d/functions
# Load Java configuration.
#[ -r /etc/java/java.conf ] && . /etc/java/java.conf
#export JAVA_HOME
# Load JBoss AS init.d configuration.
if [ -z "$JBOSS_CONF" ]; then
JBOSS_CONF="/etc/jboss-as/jboss-as.conf"
fi
[ -r "$JBOSS_CONF" ] && . "${JBOSS_CONF}"
# Set defaults.
if [ -z "$JBOSS_HOME" ]; then
JBOSS_HOME=/opt/jboss-eap-6.4
fi
export JBOSS_HOME |
Step 04: 註冊 JBOSS 成 Service
[user@host init.d]$ sudo chkconfig --add jboss-as-domain.sh
[user@host init.d]$ sudo chkconfig --level 2345 jboss-as-domain.sh on #設置 jboss-as-domain.sh 在運行級別為2、3、4、5的情況下都是on(開啟)的狀態
|
這樣子就可以兩台相互備援了.
附註:
■ 若同一個環境有不同的 mod_cluster, 為了不要互相引響,可以在 mod_cluster 的httpd.conf 加入 allow 作限制如下:vi $APACHE_HOME/httpd/conf/httpd.conf
## 2015/09/22 added by polin wei
<VirtualHost 192.168.30.100:80>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
<Location /cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 192.168.30.
</Location>
</VirtualHost>
Listen 192.168.30.100:6666
#ManagerBalancerName mycluster
ManagerBalancerName other-server-group
<VirtualHost 10.10.2.52:6666>
<Directory />
Order deny,allow
Deny from all
Allow from 192.168.30.100
Allow from 192.168.30.101
</Directory>
ServerAdvertise on http://192.168.30.100:6666
EnableMCPMReceive
</VirtualHost> |
參考:
http://wiki.lunarpages.com/Allow_and_Deny_by_IP_Address