ans_rproxy 说明
网络IP资源分配
Windows2008R2:
IP: 172.16.204.50/24
Gateway: 172.16.204.1
SitePort: 8081
Windows2008R2:
IP: 172.16.204.53/24
Gateway: 172.16.204.1
SitePort: 8081
Ubuntu16.04:
IP: 172.16.204.184/24
Gateway: 172.16.204.1
Rproxy_port: 80
ANS2.2:
IP: 172.16.204.181/24
SNIP: 172.16.204.182/24
VIP: 172.16.204.188/24
Web.config 配置
<?xml version="1.0"?> <!-- 有关如何配置 ASP.NET 应用程序的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <connectionStrings> <add name="ApplicationServices" connectionString="data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> <appSettings> <add key="ConnString" value="Data Source=192.168.185.191;Initial Catalog=BaseService;Persist Security Info=True;User ID=sa;Password=qwe123;MultipleActiveResultSets=True"/> </appSettings> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms loginUrl="~/Account/Login.aspx" timeout="2880" /> </authentication> <membership> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> <profile> <providers> <clear/> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/> </providers> </profile> <roleManager enabled="false"> <providers> <clear/> <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> </providers> </roleManager> <customErrors mode="Off" /> </system.web> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
Ubuntu 服务器配置
1. 停用Ubuntu默认的防火墙服务 ( Ubuntu防火墙服务名称为: ufw.service 或者 apparmor.service )
myuser@ubsrv:~/ans$ sudo systemctl status apparmor.service myuser@ubsrv:~/ans$ sudo systemctl stop apparmor.service myuser@ubsrv:~/ans$ sudo systemctl disable apparmor.service myuser@ubsrv:~/ans$
2. 上传部署文件
myuser@ubsrv:~/ans$ ls ans_rproxy app.json libev.so.4 myuser@ubsrv:~/ans$ file ans_rproxy ans_rproxy3: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=bd061a62e823bd0f734b20e4c4ffb03cf58b13f7, not stripped myuser@ubsrv:~/ans$
3. 设置ans_rproxy程序的动态链接库路径
myuser@ubsrv:~/ans$ chmod +x ./patchelf
myuser@ubsrv:~/ans$ ./patchelf --set-rpath ".:./lib:/usr/local/ans/ans_rproxy/lib:/opt/ans/ans_rproxy/lib" ./ans_rproxy
myuser@ubsrv:~/ans$
myuser@ubsrv:~/ans$ ./patchelf --print-rpath ./ans_rproxy
.:./lib:/usr/local/ans/ans_rproxy/lib:/opt/ans/ans_rproxy/lib
myuser@ubsrv:~/ans$
4. 查看ans_rproxy程序所需的动态链接库是否存在
若使用系统提供的库 libev.so.4 , 可以安装执行命令安装对应的库文件 sudo aptitude install libev4
myuser@ubsrv:~/ans$ chmod +x ./ans_rproxy
myuser@ubsrv:~/ans$ ldd ./ans_rproxy
linux-vdso.so.1 => (0x00007ffd9b591000)
libev.so.4 => ./libev.so.4 (0x00007f19aa342000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f19a9f78000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f19a9c6f000)
/lib64/ld-linux-x86-64.so.2 (0x00007f19aa550000)
myuser@ubsrv:~/ans$
5. 添加rd_public用户
备注: Centos 的删除用户命令( userdel -fr rd_public )和添加用户命令( useradd -U rd_public )
myuser@ubsrv:~/ans$ sudo deluser -fr rd_public Removing user `rd_public' ... Warning: group `rd_public' has no more members. Done. myuser@ubsrv:~/ans$ myuser@ubsrv:~/ans$ sudo adduser --disabled-login --gecos 'rd_public' rd_public Adding user `rd_public' ... Adding new group `rd_public' (1001) ... Adding new user `rd_public' (1001) with group `rd_public' ... Creating home directory `/home/rd_public' ... Copying files from `/etc/skel' ... myuser@ubsrv:~/ans$ myuser@ubsrv:~/ans$ sudo -u rd_public -H id uid=1001(rd_public) gid=1001(rd_public) groups=1001(rd_public) myuser@ubsrv:~/ans$
6. 创建工作目录/opt/ans/ans_rproxy
myuser@ubsrv:~/ans$ sudo mkdir -p /opt/ans/ans_rproxy
myuser@ubsrv:~/ans$ sudo chown -R rd_public:rd_public /opt/ans/ans_rproxy
myuser@ubsrv:~/ans$ sudo -u rd_public -H cp -Rf ./* /opt/ans/ans_rproxy
myuser@ubsrv:~/ans$ cd /opt/ans/ans_rproxy
myuser@ubsrv:/opt/ans/ans_rproxy$ ls -alh .
drwxr-xr-x 2 rd_public rd_public 4.0K Sep 14 13:50 .
drwxr-xr-x 3 root root 4.0K Sep 14 13:20 ..
-rwxr-xr-x 1 rd_public rd_public 359K Sep 14 13:50 ans_rproxy
-rw-r--r-- 1 rd_public rd_public 324 Sep 14 13:50 app.json
-rw-r--r-- 1 rd_public rd_public 55K Sep 14 13:50 libev.so.4
myuser@ubsrv:/opt/ans/ans_rproxy$
7. 修改配置文件app.json
注意: 默认日志文件 在 Ubuntu 上为 /var/log/syslog 在 CentOS 上为 /var/log/messages
添加的虚拟服务器列表的权重值相加的和一定要为100
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ./ans_rproxy -m
machine code: [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
Please send the above machine code to High-Galaxy Corp.
myuser@ubsrv:/opt/ans/ans_rproxy$
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo -u rd_public -H vim ./app.json {
"license": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "quiet" : 0, "syslog": 0, "user": "rd_public", "group": "rd_public", "working_dir": "/opt/ans/ans_rproxy", "vservers": [ { "host" : "172.16.204.50", "port" : "8081", "weight" : 60 }, { "host" : "172.16.204.53", "port" : "8081", "weight" : 40 } ] } myuser@ubsrv:/opt/ans/ans_rproxy$
8. 测试服务器是否可以正常访问
myuser@ubsrv:/opt/ans/ans_rproxy$ curl -I http://172.16.204.50:8081/LoginFuZai.aspx HTTP/1.1 200 OK Cache-Control: private Content-Length: 1624 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 17 Sep 2018 08:29:26 GMT myuser@ubsrv:/opt/ans/ans_rproxy$ myuser@ubsrv:/opt/ans/ans_rproxy$ curl -I http://172.16.204.53:8081/LoginFuZai.aspx HTTP/1.1 200 OK Cache-Control: private Content-Length: 1624 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 17 Sep 2018 08:29:34 GMT myuser@ubsrv:/opt/ans/ans_rproxy$
9. 使用rd_public用户启动ans_rproxy程序
注意:这里启动会报错,提示【create_listen: Permission denied】
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo -u rd_public -H ./ans_rproxy -f ./app.json user [rd_public] group [rd_public] working dir [/opt/ans/ans_rproxy] Added 2 virtual servers. 20180914T153123.728231 [ 3967] create_listen: Permission denied 20180914T153123.728341 [ 3967] run_proxy: Failed to create listens. myuser@ubsrv:/opt/ans/ans_rproxy$
10. 使用sudo调用root用户权限,启动ans_rproxy程序
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ./ans_rproxy -f ./app.json user [rd_public] group [rd_public] working dir [/opt/ans/ans_rproxy] Added 2 virtual servers. Created listen socket [6]. Created listen socket [7]. start_workers: start(0), count(1) ansrpxy: initialization complete rd_public: uid(1001), gid(1001) In child process with uid (1001) 20180914T154306.928568 [ 3974] {core} Process 0 online 20180914T154306.928816 [ 3974] Worker 0: listen on 6 20180914T154306.928846 [ 3974] Worker 0: listen on 7 20180914T154306.928907 [ 3974] Worker 0 : in event loop. ...... myuser@ubsrv:/opt/ans/ans_rproxy$ myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ps -waux | grep ans_rproxy | grep -v grep root 4114 0.0 0.1 52700 3928 pts/0 S+ 15:51 0:00 sudo ./ans_rproxy -f ./app.json root 4115 0.0 0.0 9648 968 pts/0 S+ 15:51 0:00 ./ans_rproxy -f ./app.json rd_publ+ 4116 0.0 0.0 18096 1816 pts/0 S+ 15:51 0:00 ./ans_rproxy -f ./app.json myuser@ubsrv:/opt/ans/ans_rproxy$ sudo netstat -alntp | grep ans_rproxy | grep -v grep tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4351/ans_rproxy tcp6 0 0 :::80 :::* LISTEN 4351/ans_rproxy myuser@ubsrv:/opt/ans/ans_rproxy$
11. 使用sudo调用root用户权限,后台方式启动ans_rproxy程序
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo nohup ./ans_rproxy -f ./app.json > /dev/null 2>/dev/null & [1] 4143 myuser@ubsrv:/opt/ans/ans_rproxy$ myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ps -waux | grep ans_rproxy | grep -v grep root 4143 0.0 0.1 52700 3936 pts/0 S 15:53 0:00 sudo nohup ./ans_rproxy -f ./app.json root 4144 0.0 0.0 9648 976 pts/0 S 15:53 0:00 ./ans_rproxy -f ./app.json rd_publ+ 4145 0.0 0.0 18096 1832 pts/0 S 15:53 0:00 ./ans_rproxy -f ./app.json myuser@ubsrv:/opt/ans/ans_rproxy$ sudo netstat -alntp | grep ans_rproxy | grep -v grep tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4144/ans_rproxy tcp6 0 0 :::80 :::* LISTEN 4144/ans_rproxy myuser@ubsrv:/opt/ans/ans_rproxy$
12. 查看ans_rproxy进程所占用的系统资源
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo lsof -c ans_rproxy
myuser@ubsrv:/opt/ans/ans_rproxy$
13. 测试访问ans_rproxy进程提供的Session代理服务
业务测试必须使用客户端浏览器进行模拟用户操作
myuser@ubsrv:/opt/ans/ans_rproxy$ curl -v http://localhost:80/LoginFuZai.aspx * Trying ::1... * Connected to localhost (::1) port 80 (#0) > GET /LoginFuZai.aspx HTTP/1.1 > Host: localhost > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < Cache-Control: private < Content-Type: text/html; charset=utf-8 < Server: Microsoft-IIS/7.5 < X-AspNet-Version: 4.0.30319 < X-Powered-By: ASP.NET < Date: Mon, 17 Sep 2018 08:31:52 GMT < Content-Length: 1624 < ...... myuser@ubsrv:/opt/ans/ans_rproxy$ tail -f /var/log/syslog Sep 17 16:27:58 ubsrv ans_rproxy[10011]: VSVR [1] : Response Hits [0], Weight [40], State [DOWN] Sep 17 16:28:58 ubsrv ans_rproxy[10011]: Connections [0], Total Requests [0], Total vsvrs [2] Sep 17 16:28:58 ubsrv ans_rproxy[10011]: VSVR [0] : Response Hits [0], Weight [60], State [UP] Sep 17 16:28:58 ubsrv ans_rproxy[10011]: VSVR [1] : Response Hits [0], Weight [40], State [UP] Sep 17 16:29:58 ubsrv ans_rproxy[10011]: Connections [0], Total Requests [0], Total vsvrs [2] Sep 17 16:29:58 ubsrv ans_rproxy[10011]: VSVR [0] : Response Hits [0], Weight [60], State [UP] Sep 17 16:29:58 ubsrv ans_rproxy[10011]: VSVR [1] : Response Hits [0], Weight [40], State [UP] Sep 17 16:30:58 ubsrv ans_rproxy[10011]: Connections [0], Total Requests [3], Total vsvrs [2] Sep 17 16:30:58 ubsrv ans_rproxy[10011]: VSVR [0] : Response Hits [2], Weight [60], State [UP] Sep 17 16:30:58 ubsrv ans_rproxy[10011]: VSVR [1] : Response Hits [2], Weight [40], State [UP] ...... myuser@ubsrv:/opt/ans/ans_rproxy$
14. 结束ans_rproxy进程
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ps -waux | grep ans_rproxy | grep -v grep | awk '{print $2}' | sudo xargs kill -9
[1]+ Killed sudo nohup ./ans_rproxy -f ./app.json > /dev/null 2> /dev/null
myuser@ubsrv:/opt/ans/ans_rproxy$ sudo ps -waux | grep ans_rproxy | grep -v grep
myuser@ubsrv:/opt/ans/ans_rproxy$
15. 其他配置
#!/usr/bin/env bash #filename: rproxy_ctl.sh cur_dir=`pwd` ans_uid=`id -u` usage_rproxy() { echo "Usage: sudo `basename $0` [start|stop|restart|staus|help]" echo " start -- Start program." echo " stop -- Stop program." echo " restart -- Restart program." echo " status -- Display service status." echo " help -- Display help information." return 0 } invoke_sudo() { if [ $ans_uid -ne 0 ]; then sudo id > /dev/null 2>/dev/null if [ $? -ne 0 ]; then echo "Elevate permissions failed." return 1 fi fi return 0 } start_rproxy() { invoke_sudo if [ $? -ne 0 ]; then echo "Error: Permission denied." exit 1 fi local line_num line_num=`sudo ps -waux | grep ans_rproxy | grep -v rproxy_ctl | grep -v grep | wc -l` if [ $line_num -ne 0 ]; then echo "Error: Program is already running." return 1 fi echo "Start program ..." if [ -f ${cur_dir}/ans_rproxy -a -x ${cur_dir}/ans_rproxy -a -f ${cur_dir}/app.json -a -r ${cur_dir}/app.json ]; then sudo nohup ${cur_dir}/ans_rproxy -f ${cur_dir}/app.json > /dev/null 2>/dev/null & if [ $? -ne 0 ]; then echo "Error: Program start failed." return 1 else echo "Info: Program start successful." return 0 fi else if [ -f /opt/ans/ans_rproxy/ans_rproxy -a -x /opt/ans/ans_rproxy/ans_rproxy -a -f /opt/ans/ans_rproxy/app.json -a -r /opt/ans/ans_rproxy/app.json ]; then sudo nohup /opt/ans/ans_rproxy/ans_rproxy -f /opt/ans/ans_rproxy/app.json > /dev/null 2>/dev/null & if [ $? -ne 0 ]; then echo "Error: Program start failed." return 1 else echo "Info: Program start successful." return 0 fi else echo "Error: File permissions are incorrect." return 1 fi fi } stop_rproxy() { invoke_sudo if [ $? -ne 0 ]; then echo "Error: Permission denied." exit 1 fi local line_num line_num=`sudo ps -waux | grep ans_rproxy | grep -v rproxy_ctl | grep -v grep | wc -l` if [ $line_num -eq 0 ]; then echo "Error: Program is not running." return 1 fi echo "Stop program ..." sudo ps -waux | grep ans_rproxy | grep -v grep | awk '{print $2}' | sudo xargs kill -9 if [ $? -ne 0 ]; then echo "Error: Program stop failed." return 1 else echo "Info: Program stop successful." return 0 fi } restart_rproxy() { invoke_sudo if [ $? -ne 0 ]; then echo "Error: Permission denied." exit 1 fi local line_num line_num=`sudo ps -waux | grep ans_rproxy | grep -v rproxy_ctl | grep -v grep | wc -l` if [ $line_num -ne 0 ]; then stop_rproxy if [ $? -ne 0 ]; then echo "Error: Program restart failed." return 1 fi sleep 3 fi start_rproxy if [ $? -ne 0 ]; then echo "Error: Program restart failed." echo "Info: Please stop program." return 1 fi return 0 } status_rproxy() { invoke_sudo if [ $? -ne 0 ]; then echo "Error: Permission denied." exit 1 fi echo "Service status information:" local ps_num port_num ps_num=`sudo ps -waux | grep ans_rproxy | grep -v rproxy_ctl | grep -v grep | wc -l` if [ $ps_num -eq 3 ]; then echo " Process: [ Running ]" else echo " Process: [ Not Running ]" fi port_num=`sudo netstat -alntp | grep ans_rproxy | grep -v rproxy_ctl | grep -v grep | wc -l` if [ $port_num -ne 0 ]; then echo " Prot: [ Running ]" else echo " Prot: [ Not Running ]" fi return 0 } case $1 in "start") start_rproxy ;; "stop") stop_rproxy ;; "restart") restart_rproxy ;; "status") status_rproxy ;; "help") usage_rproxy exit 0 ;; *) usage_rproxy exit 0 ;; esac exit 0
gxw@gxw-desktop:~$ sudo cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Startup ans_rproxy
/opt/ans/ans_rproxy/rproxy_ctl.sh restart
exit 0
gxw@gxw-desktop:~$
安狮设备配置
注意:这里服务的监视器类型必须是TCP类型, 使用HTTP类型的监视器将会导致健康检查失败。
> add server srv_rproxy 172.16.204.184 # 添加服务器 Done > add service svc_http_rproxy srv_rproxy http 80 # 添加服务 Done > bind service svc_http_rproxy -monitorName tcp # 给服务绑定tcp类型的监视器 Done > show service svc_http_rproxy # 查看服务的状态 svc_http_rproxy (172.16.204.184:80) - HTTP State: UP Last state change was at Mon Sep 17 07:41:53 2018 Time since last state change: 0 days, 00:00:11.870 Server Name: srv_rproxy Server ID : None Monitor Threshold : 0 Max Conn: 0 Max Req: 0 Max Band 0 kbits Use Source IP: NO Client Keepalive(CKA): NO Access Down Service: NO TCP Buffering(TCPB): NO HTTP Compression(CMP): YES Idle timeout: Client: 180 sec Server: 360 sec Client IP: DISABLED Cacheable: NO SC: OFF SP: ON Down state flush: ENABLED Appflow logging: ENABLED TD: 0 1) Monitor Name: tcp State: UP Weight: 1 Passive: 0 Probes: 12 Failed [Total: 9 Current: 0] Last response: Success - TCP syn+ack received. Response Time: 0.0 millisec Done > > add lb vserver lb_vsrv_http_rproxy http 172.16.204.188 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT -timeout 0 # 添加负载均衡虚拟服务器 Done > bind lb vserver lb_vsrv_http_rproxy svc_http_rproxy # 给负载均衡虚拟服务器绑定服务 Done > show lb vserver lb_vsrv_http_rproxy # 查看负载均衡虚拟服务器的状态 lb_vsrv_http_rproxy (172.16.204.188:80) - HTTP Type: ADDRESS State: UP Last state change was at Mon Sep 17 07:41:53 2018 Time since last state change: 0 days, 00:00:44.320 Effective State: UP Client Idle Timeout: 180 sec Down state flush: ENABLED Disable Primary Vserver On Down : DISABLED Appflow logging: ENABLED Port Rewrite : DISABLED No. of Bound Services : 1 (Total) 1 (Active) Configured Method: ROUNDROBIN Mode: IP Persistence: COOKIEINSERT (version 0) Persistence Timeout: 0 min Vserver IP and Port insertion: OFF Push: DISABLED Push VServer: Push Multi Clients: NO Push Label Rule: none L2Conn: OFF Skip Persistency: None IcmpResponse: PASSIVE New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0 TD: 0 Mac mode Retain Vlan: DISABLED DBS_LB: DISABLED 1) svc_http_rproxy (172.16.204.184: 80) - HTTP State: UP Weight: 1 Persistence Cookie Value : NSC_mc_wtsw_iuuq_sqspyz=ffffffffad04caaf1e171659141d0e58464652443660 Done >
客户端验证测试
1. 验证按权重值切换服务器
win1_50启用web服务, win2_53启用web服务,用户请求按权重比例分配给win1_50和win2_53服务器。
2. 验证服务器故障自动切换
win1_50启用web服务, win2_53启用web服务,此时进行用户登陆操作,操作页面正常。
此时禁用win2_53的web服务, 操作页面正常,用户请求自动发送win1_50服务器。
3. 查看ans_rproxy进程服务日志
FAQ:
1. 管理员账户密码忘记时,可直接操作数据库重置密码。
> select ShortName,Password,IsLock from domasv30.userinfo;
> update domasv30.userinfo set Password=md5('admin') where ShortName='ADMIN';
======================== End