文章详细介绍了使用Keepalived实现企业级服务的高可用性,包括VRRP协议的工作原理、防止脑裂的策略、Nginx结合Keepalived实现七层负载均衡的配置过程,以及MySQL与Keepalived配合进行主主同步和故障切换的设置。此外,还提到了Haproxy在四层和七层代理中的应用。
企业 keepalived 高可用项目实战
1、Keepalived VRRP 介绍
①keepalived是什么
keepalived是集群管理中保证集群高可用的一个服务软件,用来防止单节点故障。
②keepalived工作原理
keepalived是以VRRP协议为实现基础的,VRRP是虚拟路由冗余协议。
虚拟路由冗余协议,可以认为是实现高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。
keepalived主要有三个模块,分别是core、check和vrrp。core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。check负责健康检查,包括常见的各种检查方式。vrrp模块是来实现VRRP协议的。
=================================================================
脑裂(裂脑):
Keepalived的BACKUP主机在收到不MASTER主机报文后就会切换成为master,如果是它们之间的通信线路出现问题,无法接收到彼此的组播通知,但是两个节点实际都处于正常工作状态,这时两个节点均为master强行绑定虚拟IP,导致不可预料的后果,这就是脑裂。
解决方式:
1、添加更多的检测手段,比如冗余的心跳线(两块网卡做健康监测),ping对方等等。尽量减少"裂脑"发生机会。(治标不治本,只是提高了检测到的概率);
2、做好对裂脑的监控报警(如邮件及手机短信等或值班).在问题发生时人为第一时间介入仲裁,降低损失。例如,百度的监控报警短倍就有上行和下行的区别。报警消息发送到管理员手机上,管理员可以通过手机回复对应数字或简单的字符串操作返回给服务器.让服务器根据指令自动处理相应故障,这样解决故障的时间更短;
3、爆头,将master停掉。然后检查机器之间的防火墙。网络之间的通信;
2、Nginx+keepalived实现七层的负载均衡(同类服务)
①nginx通过Upstream模块实现的负载均衡
upstream 支持的负载均衡算法
①轮询(默认):可以通过weight指定轮询的权重,权重越大,被调度的次数越多。
②ip_hash:可以实现会话保持,将同一客户的IP调度到同一样后端服务器,可以解决session问题,不能使用weight
③fair:可以根据请求页面的大小和加载时间的长短进行调度,使用第三方的upstream_fair模块
④url_hash:按请求url和hash进行调度,从而使每个url定向到同一个服务器,使用第三方的url_hash模块
一、实施过程
1、选择两台nginx服务器作为代理服务器。
2、给两台代理服务器安装keepalived制作高可用集群,生成VIP
3、配置nginx的负载均衡
以上两台nginx服务器配置文件一致
根据站点分区进行调度
配置upstream文件
所有机器关闭防火墙selinux
systemctl stop firewalld && setenforce 0
二、Keepalived实现调度器HA
注:主/备调度器均能够实现正常调度
1. 主/备调度器安装软件
3. 启动KeepAlived(主备均启动)
测试:
浏览器访问:http://192.168.198.16
如能正常访问,将keepalived主节点关机,测试vip是否漂移
到此:
可以解决心跳故障keepalived
不能解决Nginx服务故障,也就是心跳检测,确认的是keepalived主节点是否存活,而不是nginx服务是否正常运行
[root@nginx-proxy-master ~]# cd /etc/nginx/conf.d/
[root@nginx-proxy-master conf.d]# cp default.conf default.conf.bak
[root@nginx-proxy-master conf.d]# vim default.conf
upstream index {
server 192.168.198.30:80 weight=1 max_fails=2 fail_timeout=2;
server 192.168.198.40:80 weight=2 max_fails=2 fail_timeout=2;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://index;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
将nginx的配置文件拷贝到另一个代理服务器中:
[root@nginx-proxy-master conf.d]# scp defauld.conf 192.168.198.20:/etc/nginx/conf.d
Keepalived实现调度器HA,主/备调度器安装软件
[root@nginx-proxy-master ~]# yum install -y keepalived
[root@nginx-proxy-master ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id directory1 #辅助改为directory2
}
vrrp_instance VI_1 {
state MASTER #定义主还是备
interface ens33 #VIP绑定接口
virtual_router_id 80 #整个集群的调度器一致
priority 100 #优先级,backup改为50
advert_int 1 #心跳检测的时间间隔1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.198.16/24
}
}
[root@nginx-proxy-master ~]# systemctl start keepalived
[root@nginx-proxy-master ~]# systemctl enable keepalived
[root@nginx-proxy-master ~]# ip addr
[root@nginx-proxy-slave ~]# yum -y install keepalived
[root@nginx-proxy-slave ~]#cd /etc/nginx/conf.d
[root@nginx-proxy-slave conf.d]#cp defauld.conf defauld.conf.bak
[root@nginx-proxy-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id directory2
}
vrrp_instance VI_1 {
state BACKUP #设置为backup
interface ens33
nopreempt #设置到back上面,不抢占资源(VIP)
virtual_router_id 80
priority 50 #辅助改为50
advert_int 1 #检测间隔1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.198.16/24
}
}
[root@nginx-porxy-slave ~]# systemctl start keepalived
[root@nginx-porxy-slave ~]# systemctl enable keepalived
[root@nginx-proxy-slave ~]# ip addr
测试
扩展对调度器Nginx健康检查(可选)两台都设置
思路:
让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Nginx失败,则关闭本机的Keepalived
(1) script
[root@nginx-proxy-master ~]# vim /etc/keepalived/check_nginx_status.sh
#!/bin/bash
/usr/bin/curl -I 127.0.0.1 &>/dev/null
if [ $? -ne 0 ];then
# /etc/init.d/keepalived stop
systemctl stop keepalived
fi
[root@nginx-proxy-master ~]# chmod a+x /etc/keepalived/check_nginx_status.sh
(2). keepalived使用script
[root@nginx-proxy-master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id directory1
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx_status.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 80
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.16/24
}
track_script {
check_nginx
}
}
注:必须先启动Nginx,再启动keepalived
测试访问:
将keepalived集群的主节点的Nginx服务关闭,查看vip是否漂移,如果漂移,即成功
3、LVS_Director + KeepAlived
4、MySQL+Keepalived
4.1项目环境
Keepalived+mysql 自动切换
项目环境:
VIP 192.168.246.100
mysql1 192.168.198.10 keepalived-master
mysql2 192.168.198.20 keepalived-slave
一、mysql 主主同步(互为主从) (不使用共享存储,数据保存本地存储)
二、安装keepalived
三、keepalived主备配置文件
四、mysql状态检测脚本/root/bin/keepalived_check_mysql.sh
五、测试及诊断
实施步骤:
一、mysql 主主同步
二、安装keepalived---两台机器都操作
[root@mysql-keepalived-master ~]# yum -y install keepalived [root@mysql-keepalived-slave ~]# yum -y install keepalived
三、keepalived 主备配置文件
192.168.198.20 master配置
[root@mysql-keepalived-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@mysql-keepalived-master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id master
}
vrrp_script check_run {
script "/etc/keepalived/keepalived_chech_mysql.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 89
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.198.18/24
}
track_script {
check_run
}
}
[root@mysql-keepalived-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@mysql-keepalived-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id backup
}
vrrp_script check_run {
script "/etc/keepalived/keepalived_chech_mysql.sh"
interval 5
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface ens33
virtual_router_id 89
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.198.18/24
}
track_script {
check_run
}
}
四、mysql状态检测脚本/root/keepalived_check_mysql.sh(两台MySQL同样的脚本)
[root@mysql-keepalived-master ~]# vim /etc/keepalived/keepalived_chech_mysql.sh #!/bin/bash /usr/bin/mysql -uroot -p'1' -e "show status" &>/dev/null if [ $? -ne 0 ] ;then # service keepalived stop systemctl stop keepalived fi [root@mysql-keepalived-master ~]# chmod +x /etc/keepalived/keepalived_chech_mysql.sh
两边均启动keepalived 方式一: [root@mysql-keepalived-master ~]# systemctl restart keepalived [root@mysql-keepalived-master ~]# systemctl enable keepalived
Haproxy的四层mysql和七层nginx页面代理(keepalived的高可用)
haproxy和keepalived的服务器是:
vip:192.168.153.100/24
master:192.168.153.5
backup:192.168.153.6
mysql和nginx的rs服务器是:
1机器:192.168.153.5
2机器:192.168.153.6
1)Haproxy的haproxy.cnf配置如下;2台代理的配置一样通过,scp /etc/haproxy/haproxy.cnf 192.168.153.6:/etc/hsproxy命令完成,启动服务;
2)完成对keepalived的配置产生一个vip;
3)记得在mysl上建立一个可以远程登录的用户密码;
4)通过 mysql -h 192.168.198.100 -p1 连接vip,验证代理是否成功;
5)由于是轮询的调度方式,第一次连接如下;
6)由于是轮询的调度方式,第二次连接如下;
7)通过浏览器验证nginx页面的七层代理是否成功,有下;
8)通过浏览器验证nginx页面的七层代理是否成功,有下;
9)通过uri来启动服务的状态监控,auth设账号密码。
1690
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
