高可用集群虚拟ip(ip自动漂移)
如需转载请标明出处:http://blog.csdn.net/itas109
QQ技术交流群:129518033
文章目录
环境:
keepalived: 1.3.5-6(2017-03-19)
OS: centos 7.7.1908
Ncat(nc):7.50 (https://nmap.org/ncat)
关键词:
集群 双机冗余 高可用 vip 虚拟ip 浮动ip ip漂移 ip自动漂移 ip自动切换 keepalived
前言
高可用集群时会遇到多个ip切换问题,使用vip(virtual ip, 虚拟ip)可以解决该问题。
1.集群环境
三台主机ip
192.168.131.134
192.168.131.135
192.168.131.136
虚拟ip(和主机同网段,且不被占用)
192.168.131.199
2.安装keepalived
sudo yum install -y keepalived
3.配置keepalived
/etc/keepalived/keepalived.conf
配置原则:
- 节点初始都设为BACKUP,按照优先级(priority)选举MASTER
- 通过chk_httpd脚本判断端口是否正常,不正常则priority减分
3.1 主机192.168.131.134的keepalived配置
vrrp_script chk_httpd {
script "/bin/nc -vz -w 2 127.0.0.1 80 2>&1 | grep Connected"
weight -20
interval 2
}
vrrp_instance VI_1 {
state BACKUP # MASTER BACKUP
interface ens33 # VIP绑定网卡
virtual_router_id 51 # 虚拟路由标识,组内需一致
priority 103 # 优先级,数字越大,优先级越高
advert_int 1 # MASTER与BACKUP主机之间同步检查时间间隔
authentication {
auth_type PASS # VRRP验证类型,PASS、AH
auth_pass 1111 # VRRP验证密码,在同一个vrrp_instance下,主、从必须使用相同的密码才能正常通信
}
virtual_ipaddress {
192.168.131.199 # 虚拟IP地址(VIP)
}
unicast_src_ip 192.168.131.134 # 本地IP地址
unicast_peer {
192.168.131.135 # 组内其他ip地址
192.168.131.136 # 组内其他ip地址
}
track_script {
chk_httpd # 监控脚本
}
}
3.2 主机192.168.131.135的keepalived配置
vrrp_script chk_httpd {
script "/bin/nc -vz -w 2 127.0.0.1 80 2>&1 | grep Connected"
weight -20
interval 2
}
vrrp_instance VI_1 {
state BACKUP # MASTER BACKUP
interface ens33 # VIP绑定网卡
virtual_router_id 51 # 虚拟路由标识,组内需一致
priority 102 # 优先级,数字越大,优先级越高
advert_int 1 # MASTER与BACKUP主机之间同步检查时间间隔
authentication {
auth_type PASS # VRRP验证类型,PASS、AH
auth_pass 1111 # VRRP验证密码,在同一个vrrp_instance下,主、从必须使用相同的密码才能正常通信
}
virtual_ipaddress {
192.168.131.199 # 虚拟IP地址(VIP)
}
unicast_src_ip 192.168.131.135 # 本地IP地址
unicast_peer {
192.168.131.134 # 组内其他ip地址
192.168.131.136 # 组内其他ip地址
}
track_script {
chk_httpd
}
}
3.3 主机192.168.131.136的keepalived配置
vrrp_script chk_httpd {
script "/bin/nc -vz -w 2 127.0.0.1 80 2>&1 | grep Connected"
weight -20
interval 2
}
vrrp_instance VI_1 {
state BACKUP # MASTER BACKUP
interface ens33 # VIP绑定网卡
virtual_router_id 51 # 虚拟路由标识,组内需一致
priority 101 # 优先级,数字越大,优先级越高
advert_int 1 # MASTER与BACKUP主机之间同步检查时间间隔
authentication {
auth_type PASS # VRRP验证类型,PASS、AH
auth_pass 1111 # VRRP验证密码,在同一个vrrp_instance下,主、从必须使用相同的密码才能正常通信
}
virtual_ipaddress {
192.168.131.199 # 虚拟IP地址(VIP)
}
unicast_src_ip 192.168.131.136 # 本地IP地址
unicast_peer {
192.168.131.134 # 组内其他ip地址
192.168.131.135 # 组内其他ip地址
}
track_script {
chk_httpd
}
}
4.启动keepalived
systemctl start keepalived.service #启动服务
systemctl enable keepalived.service #开机自启动服务
5.验证keepalived
5.1 查看ip的MASTER信息
ip addr show ens33
MASTER的主机上会出现
...
inet 192.168.131.199/32 scope global ens33
...
5.2 查看组播流向
$ sudo tcpdump -i ens33 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:35:43.325499 IP 192.168.131.134 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 20
10:35:44.327673 IP 192.168.131.134 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 20
10:35:45.329368 IP 192.168.131.134 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 103, authtype simple, intvl 1s, length 20
6.注意事项
selinux
keepalived配置了vrrp_script脚本总是无效。
需要关闭selinux
sudo sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
reboot
iptables
keepalived出现多台服务器都设置了同样的虚拟IP
关闭防火墙或添加keepalived组播地址(224.0.0.18)
注:centos 7版本默认使用firewall作为防火墙,不使用iptables
多台主机同时出现VIP
在配置的时候unicast_src_ip和unicast_peer一定要手动配置,否则会出现VIP挂载两台服务器上的情况。
这是因为在服务器网络环境中,路由交换层禁用了ARP的广播限制,造成KEEPALIVE主备协议无法通过广播的方式进行通信,造成主备两台服务器都强占HAVIP地址,出现同时两台服务器都有VIP地址的情况出现,必须通过配置来指定IP的两台服务器间进行通讯。
防火墙端口
keepalived默认使用端口122进行通讯,必须开放112端口,或者停用防火墙.保证各个主机之间112端口的连通性
日志
$ sudo tail -f /var/log/messages
Oct 6 13:30:07 lb01 Keepalived_vrrp[3671]: Kernel is reporting: interface eth0 UP
Oct 6 13:30:07 lb01 Keepalived_vrrp[3671]: VRRP_Instance(VI_1) Transition to MASTER STATE
Oct 6 13:30:08 lb01 Keepalived_vrrp[3671]: VRRP_Instance(VI_1) Entering MASTER STATE
Oct 6 13:30:08 lb01 Keepalived_vrrp[3671]: VRRP_Instance(VI_1) setting protocol VIPs.
Oct 6 13:30:08 lb01 Keepalived_vrrp[3671]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.119.150
Oct 6 13:30:08 lb01 Keepalived_healthcheckers[3670]: Netlink reflector reports IP 192.168.119.150 added
Oct 6 13:30:13 lb01 Keepalived_vrrp[3671]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.119.150
Oct 6 13:30:48 lb01 dhclient[856]: DHCPREQUEST on eth0 to 192.168.119.254 port 67 (xid=0x32903a31)
Oct 6 13:30:48 lb01 dhclient[856]: DHCPACK from 192.168.119.254 (xid=0x32903a31)
Oct 6 13:30:50 lb01 dhclient[856]: bound to 192.168.119.128 -- renewal in 783 seconds.
修改日志位置:
sudo vim /etc/sysconfig/keepalived
# 把KEEPALIVED_OPTIONS="-D" 修改为:KEEPALIVED_OPTIONS="-D -d -S 0"
sudo vim /etc/rsyslog.conf
# 末尾添加
local0.* /var/log/keepalived.log
# 重启服务
sudo systemctl restart rsyslog
sudo systemctl restart keepalived
vrrp_script的weight
keepalived会定时执行脚本并对脚本执行的结果进行分析,动态调整vrrp_instance的优先级。
如果脚本执行结果为0,并且weight配置的值大于0,则优先级相应的增加
如果脚本执行结果非0,并且weight配置的值小于0,则优先级相应的减少
其他情况,维持原本配置的优先级,即配置文件中priority对应的值。
最终优先级为priority + weight
vrrp_script执行脚本文件
- chk_httpd.sh
#!/bin/bash
# touch ~/a.txt
count=`/bin/nc -vz -w 2 127.0.0.1 80 2>&1 | grep Connected | wc -l`
if [ $count -gt 0 ]; then
exit 0
else
exit 1
fi
- 执行以下脚本测试脚本是否正常
/etc/keepalived/chk_httpd.sh
- 修改keepalived.conf(日志可查看script是否正常)
vrrp_script chk_httpd {
script "/etc/keepalived/chk_httpd.sh"
weight -20
interval 2
}
vrrp_instance VI_1 {
state BACKUP # MASTER BACKUP
interface ens33 # VIP绑定网卡
virtual_router_id 51 # 虚拟路由标识,组内需一致
priority 103 # 优先级,数字越大,优先级越高
advert_int 1 # MASTER与BACKUP主机之间同步检查时间间隔
authentication {
auth_type PASS # VRRP验证类型,PASS、AH
auth_pass 1111 # VRRP验证密码,在同一个vrrp_instance下,主、从必须使用相同的密码才能正常通信
}
virtual_ipaddress {
192.168.131.199 # 虚拟IP地址(VIP)
}
unicast_src_ip 192.168.131.134 # 本地IP地址
unicast_peer {
192.168.131.135 # 组内其他ip地址
192.168.131.136 # 组内其他ip地址
}
track_script {
chk_httpd # 监控脚本
}
}
License
License under CC BY-NC-ND 4.0: 署名-非商业使用-禁止演绎
如需转载请标明出处:http://blog.csdn.net/itas109
QQ技术交流群:129518033
Reference:
NULL