在lvs机器上有如下的防火墙配置:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
导致后台的realserver机器上的httpd进程不正常,有很多的D状态的进程:
如下:
29679 httpuser 16 0 245m 27m 5100 D 18.7 0.3 0:09.76 httpd
30561 httpuser 17 0 250m 32m 5248 R 18.7 0.4 0:11.53 httpd
30644 httpuser 16 0 245m 28m 5236 D 18.7 0.4 0:03.69 httpd
30806 httpuser 16 0 246m 27m 3636 D 18.7 0.3 0:00.29 httpd
29137 httpuser 17 0 269m 48m 5356 R 16.8 0.6 0:23.66 httpd
30646 httpuser 17 0 250m 32m 4916 D 16.8 0.4 0:05.10 httpd
30655 httpuser 17 0 252m 34m 5056 D 16.8 0.4 0:08.83 httpd
30687 httpuser 16 0 249m 31m 4748 D 16.8 0.4 0:06.25 httpd
30791 httpuser 16 0 245m 26m 3992 R 16.8 0.3 0:00.31 httpd
30811 httpuser 16 0 243m 23m 3444 D 16.8 0.3 0:00.24 httpd
30824 httpuser 16 0 252m 32m 4016 D 16.8 0.4 0:01.11 httpd
30826 httpuser 16 0 250m 30m 3764 D 16.8 0.4 0:00.55 httpd
29376 httpuser 16 0 255m 36m 4468 D 15.0 0.5 0:01.45 httpd
30384 httpuser 16 0 248m 29m 4676 D 15.0 0.4 0:10.47 httpd
30616 httpuser 17 0 250m 32m 4772 R 15.0 0.4 0:10.05 httpd
30780 httpuser 17 0 249m 30m 4244 D 15.0 0.4 0:01.96 httpd
30790 httpuser 17 0 250m 32m 4448 D 15.0 0.4 0:02.47 httpd
30801 httpuser 16 0 248m 28m 3824 D 15.0 0.4 0:01.23 httpd
都是D
而且机器的负载也不正常:
显然上面附件显示的机器负载和httpd进程状态都不正常!
修改防火墙规则如下:
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
三台RealServer的负载 都下来了 !
见附件!
由于lvs机器防火墙上有类似的21端口的规则,造成ftp连接经常断!
其实这个问题在lvs mini文档中有介绍,见附件:
阅读(2009) | 评论(0) | 转发(0) |