目录
1.3 VRRP:Virtual Router Redundancy Protocol
1.在realserver1和realserver2上配置httpd服务
11.实现 master/master 的 Keepalived 双主架构
高可用集群
1.1 集群类型
LB
:
Load Balance
负载均衡
LVS/HAProxy/nginx
(
http/upstream, stream/upstream
)
HA
:
High Availability
高可用集群
数据库、
Redis
SPoF: Single Point of Failure
,解决单点故障
HPC
:
High Performance Computing
高性能集群
1.2 实现高可用
提升系统高用性的解决方案:降低
MTTR- Mean Time To Repair(
平均故障时间
)
解决方案:建立冗余机制
- active/passive 主/备
- active/active 双主
- active --> HEARTBEAT --> passive
- active <--> HEARTBEAT <--> active
1.3 VRRP:Virtual Router Redundancy Protocol
虚拟路由冗余协议
,
解决静态网关单点风险
- 物理层:路由器、三层交换机
- 软件层:keepalived
实验准备:
1.四台主机,并配好IP
KA1,10;KA2,20;realserver1,110;realserver2,120;
主机名 | ip地址 |
KA1 | 172.25.254.10 |
KA2 | 172.25.254.20 |
realserver1 | 172.25.254.110 |
realserver2 | 172.25.254.120 |
2.编写IP的脚本
#!/bin/bash
rm -fr /etc/sysconfig/network-scripts/ifcfg-$1
cat > /etc/sysconfig/network-scripts/ifcfg-$1 <<EOF
DEVICE=$1
ONBOOT=yes
BOOTPROTO=none
IPADDR1=$2
NETMASK=255.255.255.0
DNS1=114.114.114.114
GATEWAY1=192.168.136.2
NAME=$1
EOF
chmod 600 /etc/sysconfig/network-scripts/ifcfg-$1
nmcli connection reload
nmcli connection up $1
hostnamectl set-hostname $3
cat > /etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
$2 $3
EOF
一些排错过程:
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:57:1c:f1 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.170/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::a3d3:6507:73fd:53f5/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::1728:274d:c708:d70b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::a782:e096:5624:9133/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:e8:4c:31 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:e8:4c:31 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# cd /etc/sysco
bash: cd: /etc/sysco: No such file or directory
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-eth0 ifdown-isdn ifup-bnep ifup-routes
ifcfg-eth0-1 ifdown-post ifup-eth ifup-sit
ifcfg-lo ifdown-ppp ifup-ib ifup-Team
ifcfg-virbr0 ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
[root@localhost network-scripts]# vim /bin/vmset.sh
[root@localhost network-scripts]#
[root@localhost network-scripts]#
[root@localhost network-scripts]#
[root@localhost network-scripts]# rm -rf ifcfg-eth0
[root@localhost network-scripts]# rm -rf ifcfg-eth0-1
[root@localhost network-scripts]# vmset.sh eth0 172.25.254.10 ka1.ting.org
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19)
[root@localhost network-scripts]#
[root@localhost network-scripts]#
[root@localhost network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:57:1c:f1 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.10/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::6809:f0cd:22e0:fabe/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:e8:4c:31 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:e8:4c:31 brd ff:ff:ff:ff:ff:ff
[root@localhost network-scripts]#
实验过程:
1.在realserver1和realserver2上配置httpd服务
realserve2同realserve1
[root@KA1 ~]# yum install httpd -y
[root@KA2 ~]# yum install httpd -y
[root@KA1 ~]# echo 172.25.254.110 > /var/www/html/index.html
[root@KA2 ~]# echo 172.25.254.120 > /var/www/html/index.html
[root@KA1 ~]# curl 172.25.254.110
172.25.254.110
[root@KA1 ~]# curl 172.25.254.120
172.25.254.120
2.配置
[root@KA1 ~]# vim /etc/rc.d/rc.local
3.在KA1和KA2上安装配置keepalived
安装keepalived
[root@KA1 ~]# yum install keepalived -y
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
3480924244@qq.com
}
notification_email_from keepalived@ting.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.ting.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@KA2 ~]# yum install keepalived -y
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
查找下载的文件
4.全局配置
修改keepalived.conf配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
ifconfig
将realserver1的这个配置文件拷贝到realserve2
在KA2主机中修改参数
(
110远程登录了10,关掉服务
抢占模式
)
5.让VIP能够通信
6.日志功能
[root@ka1 ~]# vim /etc/sysconfig/keepalived
重启服务
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# systemctl restart rsyslog.service
查看日志
[root@ka1 ~]#tail -f /var/log/keepalived.log
7.独立配置文件
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
建立子目录,写配置文件
[root@KA1 ~]# mkdir -p /etc/keepalived/conf.d/
[root@KA1 ~]# cat /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
8.非抢占模式
默认为抢占模式
preempt
,即当高优先级的主机恢复在线后,会抢占低先级的主机的
master
角色,
这样会使
vip
在
KA
主机中来回漂移,造成网络抖动,建议设置为非抢占模式 nopreempt
,即高优先级主机恢复后,并不会抢占低优先级主机的
master
角色非抢占模块下,
如果原主机
down
机
, VIP
迁移至的新主机
,
后续也发生
down
时
,
仍会将
VIP
迁移回原主机。
#ka1主机配置
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 100 #优先级高
nopreempt #非抢占模式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
#KA2主机配置
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80 #优先级低
advert_int 1
nopreempt #非抢占模式
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
9.VIP单播配置
单播模式要把vrrp_strict禁用掉
20到10此时没有,因为10没有vip
(停了,抢占一下
10.邮件
写个脚本
ka2的脚本同1
加权限
重启服务
11.实现 master/master 的 Keepalived 双主架构
12.实现IPVS的高可用性
virtual_server IP port {
...
real_server {
...
}
real_server {
...
}
…
}
virtual_server IP port #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #使用虚拟服务器组
virtual_server IP port { #VIP和PORT
delay_loop <INT> #检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定义调度方法
lb_kind NAT|DR|TUN #集群的类型,注意要大写
persistence_timeout <INT> #持久连接时长
protocol TCP|UDP|SCTP #指定服务协议,一般为TCP
sorry_server <IPADDR> <PORT> #所有RS故障时,备用服务器地址
real_server <IPADDR> <PORT> { #RS的IP和PORT
weight <INT> #RS权重
notify_up <STRING>|<QUOTED-STRING> #RS上线通知脚本
notify_down <STRING>|<QUOTED-STRING> #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } #定义当前主机健康状
态检测方法
}
}
#注意:括号必须分行写,两个括号写在同一行,如: }} 会出错
HTTP应用层监测、 TCP监测
配置文件
13.实战案例:利用脚本实现主从角色切换
[root@rhel7-ka1 ~]# vim /mnt/check_lee.sh
#!/bin/bash
[ ! -f "/mnt/lee" ]
[root@rhel7-ka1 ~]# chmod +x /mnt/check_lee.sh
[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf
@@@@ 省略内容 @@@@
vrrp_script check_lee {
script "/mnt/check_lee.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100 dev ens33 label ens33:0
}
track_script {
check_lee
}
}
[root@rhel7-ka1 ~]# touch /mnt/lee
[root@rhel7-ka1 ~]# tail -f /var/log/messages
14.实战案例:实现HAProxy高可用
#在两个ka1和ka2先实现haproxy的配置
[root@rhel7-ka1 & ka2 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
server web1 172.25.254.101:80 check
server web2 172.25.254.102:80 check
#在两个ka1和ka2两个节点启用内核参数
[root@rhel7-ka1 & ka2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@rhel7-ka1 & ka2 ~]# sysctl -p
#在ka1中编写检测脚本
[root@rhel7-ka1 ~]# vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@rhel7-ka1 ~]# chmod +X /etc/keepalived/scripts/haproxy.sh
#在ka1中配置keepalived
[root@ka1-centos8 ~]#cat /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100 dev ens33 label ens33:0
}
track_script {
check_haproxy
}
}
#测试
root@rhel7-ka1 ~]# systemctl stop haproxy.service