1.Keepalived:非常轻量化的高可用实现方案
两大功能:
(1)健康检查(healthcheck):对节点进行健康检查
(2)失败接管(failover):高可用服务器对之间的切换(使用VRRP协议)
keepalived高可用对之间接管的原理:
VRRP:虚拟路由器冗余协议,VPPR的出现时为了解决静态路由的单点故障,是通过一种竞选机协议机制来将路由任务交给某台VRRP路由器。
故障切换转移原理:
在keepalived正常工作时,主节点会不断的向备节点广播心跳消息,用以告诉备节点自己还活着,当主节点发生故障时,备节点就无法继续监测到主节点的心跳,进而调用自身的接管程序,接管主节点的IP资源及服务。当主节点故障修复好时,备节点会释放主节点故障时自身接管的IP资源及服务,恢复到原来的备用角色。
2.Keepalived高可用实现方案:
高可用:主要是通过资源配置来实现
只要heartbeat信息能按时发给backup就不会发生资源抢占这种状况
heartbeat:发送给对方I am alived的信息
Active/Backup
任何情况需要主备联合起来工作时,备节点就要知道主节点的工作状态
争夺资源的关键焦点:在IP上|存储
共享存储,不是服务
LAMP存储:结构化数据(放在关系型数据库中)|非结构化数据(文件系统之上)
主/备:时间必须严格同步
ntp协议:网络时间协议
ntpdate IP #同步IP的时间
chrony:设置时间同步
3.Keepalived是怎样完成高可用功能的:
Vrrp:虚拟路由冗余协议:主要是实现当主路由出现故障时备路由取代主
默认网关通常只有一个
主备模式:主发消息,备监听
双主:两端同时发送同时监听
keepalived双主模式的高可用:
vrrp协议在linux主机上以守护进程的方式的实现;
能够根据配置文件自动生成ipvs规则:
对各RS进行健康检查;
4.小结:keepalived工作原理
(1)VRRP虚拟路由冗余协议,是为了解静动态路由的单点故障
(2)VRRP是一种竞选协议来将路由任务交给某台VRP路由器
(3)VRRP通信是用过IP多播的方式实现通信
(4)在通信的时候,主发包,备接收(在一定时间内接不到时,备通过优先级进行接管)
(5)VRRP使用了加密协议
5.HA Cluster配置
(1)本机的主机名于hosts中定义的主机名要保持一致,要与hostnname(uname -n)获得的主机名保持一致;/etc/sysconfig/network
(2)各节点要能互相解析主机名:一般建议通过hosts文件进行解析
(3)各节点时间同步
(4)确保iptables及selinux不会成为服务阻碍
实验环境:
server2:172.25.66.1
server3:172.25.66.2
selinux disabled
iptables off
*在server2/server3都安装keepalived
yum install kernel-devel -y
yum install openssl-devel -y
yum install gcc -y
yum install popt* -y
ln -s /usr/src/kernels/'uname -r'/ /usr/src/linux
tar zxf keepalived-1.2.24.tar.gz
cd keepalived-1.2.24
./configure
.....
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
SNMP keepalived support : No
SNMP checker support : No
.....
make && make install
*配置规范启动
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/sbin/keepalived /usr/sbin/
/etc/init.d/keepalived start
-bash: /etc/init.d/keepalived: Permission denied
ll /etc/init.d/keepalived
-rw-r--r-- 1 root root 1308 Aug 23 13:39 /etc/init.d/keepalived
ll /etc/init.d/network
-rwxr-xr-x. 1 root root 6334 Oct 10 2013 /etc/init.d/network
chmod +X /etc/init.d/keepalived
/etc/init.d/keepalived start
Starting keepalived: [ OK ]
ps -ef | grep keep
root 5058 1 0 13:47 ? 00:00:00 keepalived -D
root 5060 5058 0 13:47 ? 00:00:00 keepalived -D
root 5061 5058 0 13:47 ? 00:00:00 keepalived -D
root 5077 1122 0 13:52 pts/0 00:00:00 grep keep
/etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
*配置文件解析
man keepalived.conf 查看keepalived帮助文档
[root@server1 keepalived]# cat -n /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs { #全局定义
4 notification_email { #邮件接收方
5 acassen@firewall.loc
6 failover@firewall.loc
7 sysadmin@firewall.loc
8 }
9 notification_email_from Alexandre.Cassen@firewall.loc #邮件发送者
10 smtp_server 192.168.200.1 #邮件发送服务器
11 smtp_connect_timeout 30
12 router_id LVS_DEVEL #标识物理设备
13 vrrp_skip_check_adv_addr
14 vrrp_strict
15 vrrp_garp_interval 0
16 vrrp_gna_interval 0
17 }
18
19 vrrp_instance VI_1 { #虚拟路由实例(定义多个实例时,名字不能一样)
20 state MASTER|BACKUP #定义初始状态:master或者backup(master优先级高)
21 interface eth0
22 virtual_router_id 51#虚拟路由自己的id号(0-255),必须唯一
23 priority 100 #优先级(0-255),master优先级一定要比backup高
24 advert_int 1 #心跳信息每隔多长时间发送一次
25 authentication { #认证(简单字符人张|md5认证)
26 auth_type PASS
27 auth_pass 1111
28 }
29 virtual_ipaddress { #虚拟IP地址
30 192.168.200.16
31 192.168.200.17
32 192.168.200.18
33 }
34 }
.....
[root@server1 keepalived]#
单实例主备模式配置:
server2 :Master
[root@server1 keepalived]# vim /etc/keepalived/keepalived.conf
1 ! Configuration File for keepalived
2
3 global_defs {
4 notification_email {
5 sysadmin@firewall.loc
6 }
7 notification_email_from Alexandre.Cassen@firewall.loc
8 smtp_server 192.168.200.1
9 smtp_connect_timeout 30
10 router_id LVS_19
11 }
12
13 vrrp_instance VI_1 {
14 state MASTER #主
15 interface eth0
16 virtual_router_id 51 #虚拟路由ID
17 priority 150 #优先级
18 advert_int 1
19 authentication {
20 auth_type PASS
21 auth_pass 1111
22 }
23 virtual_ipaddress {
24 172.25.66.100
25 }
26 }
27
[root@server1 keepalived]# ip addr | grep 172.25.66
inet 172.25.66.1/24 brd 172.25.66.255 scope global eth0
[root@server1 keepalived]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server1 keepalived]# ip addr | grep 172.25.66
inet 172.25.66.1/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.100/32 scope global eth0
[root@server1 keepalived]# scp /etc/keepalived/keepalived.conf root@172.25.66.2:/etc/keepalived/
root@172.25.66.2's password:
keepalived.conf 100% 3397 3.3KB/s 00:00
[root@server1 keepalived]#
server3:Backup
[root@server2 ~]# vim /etc/keepalived/keepalived.conf
.....
10 router_id LVS_16
14 state BACKUP #备
17 priority 100
[root@server2 ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@server2 ~]# ip addr | grep 172.25.66
inet 172.25.66.2/24 brd 172.25.66.255 scope global eth0
#此时backup不会抢占VIP
[root@server2 ~]#
此时在物理及机测试:
[kiosk@foundation66 pub]$ ping 172.25.66.100
[root@server1 keepalived]# ifdown eth0
[root@server2 ~]# ip addr show| grep 172.25.66
inet 172.25.66.2/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.100/32 scope global eth0
#此时VIP已经切换到了BACKUP上
[root@server2 ~]#
双/多实例主备模式VIP接管
[root@server1 ~]# vim /etc/keepalived/keepalived.conf
.....
28 vrrp_instance VI_2 { #此实例对于server2来说是备节点,只有对端的VIP释放掉,它才会接管
29 state BACKUP
30 interface eth0
31 virtual_router_id 50
32 priority 50
33 advert_int 1
34 authentication {
35 auth_type PASS
36 auth_pass 1111
37 }
38 virtual_ipaddress {
39 172.25.66.101
40 }
41 }
.....
*注:两个实例之间只有状态和优先级不一样
[root@server2 ~]# vim /etc/keepalived/keepalived.conf
.....
28 vrrp_instance VI_2 {
29 state MASTER
30 interface eth0
31 virtual_router_id 50
32 priority 100
33 advert_int 1
34 authentication {
35 auth_type PASS
36 auth_pass 1111
37 }
38 virtual_ipaddress {
39 172.25.66.101
40 }
41 }
.....
[root@server1 ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@server1 ~]# ip addr | grep 172.25.66
inet 172.25.66.1/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.100/32 scope global eth0
[root@server1 ~]#
[root@server2 ~]# /etc/init.d/keepalived restart
Stopping keepalived: [ OK ]
Starting keepalived: [ OK ]
[root@server2 ~]# ip addr | grep 172.25.66
inet 172.25.66.2/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.101/32 scope global eth0
[root@server2 ~]#
测试:
[root@server2 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server2 ~]#
[root@server1 ~]# ip addr | grep 172.25.66
inet 172.25.66.1/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.100/32 scope global eth0
inet 172.25.66.101/32 scope global eth0
[root@server1 ~]#
#恢复后,VIP又切换到server2
[root@server2 ~]# ip addr | grep 172.25.66
inet 172.25.66.2/24 brd 172.25.66.255 scope global eth0
[root@server2 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@server2 ~]# ip addr | grep 172.25.66
inet 172.25.66.2/24 brd 172.25.66.255 scope global eth0
inet 172.25.66.101/32 scope global eth0
[root@server2 ~]#
keepalived实现http服务的高可用
server1/server2
同时安装httpd服务
写主页面
yum install httpd -y
vim /var/www/html/index/html
/etc/init.d/httpd start
测试:
[kiosk@foundation66 pub]$ curl 172.25.66.100
server1
[root@server1 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[kiosk@foundation66 pub]$ curl 172.25.66.100
server2