需求
实际生产环境中,一些企业为了避免单点故障,提升服务器性能,会使用多台服务器搭建一个集群来运行应用程序。
名词
双机热备特指基于高可用系统中的两台服务器的热备(或高可用),双机高可用按工作中的切换方式分为:主-备方式(Active-Standby方式)和双主机方式(Active-Active方式),主-备方式即指的是一台服务器处于某种业务的激活状态(即Active状态),另一台服务器处于该业务的备用状态(即Standby状态)。而双主机方式即指两种不同业务分别在两台服务器上互为主备状态(即Active-Standby和Standby-Active状态)。
准备
环境 | CentOS7 |
master | 安装keepalived+Nginx |
backup | 安装keepalived+Nginx |
VIP | VIP(Virtual IP)即虚拟IP,由keepalived给服务器配置上,服务器用此IP对外提供服务,当master宕机,VIP会被分配到bakcup上 |
关闭firewalld | systemctl stop iptables.service (安装开启状态将其关闭) |
关闭iptables | systemctl stop iptables.service (安装开启状态将其关闭) |
安装
- 安装Nginx(oneinstack快捷安装,这里不是重点)
wget -c http://mirrors.linuxeye.com/oneinstack-full.tar.gz && tar xzf oneinstack-full.tar.gz && ./oneinstack/install.sh --nginx_option 1 --pureftpd --reboot
配置
- 修改master(192.168.0.169)上keepalived配置文件
! Configuration File for keepalived global_defs { #notification_email { # acassen@firewall.loc # failover@firewall.loc # sysadmin@firewall.loc #} #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 #router_id LVS_DEVEL #vrrp_skip_check_adv_addr #vrrp_strict #vrrp_garp_interval 0 #vrrp_gna_interval 0 } vrrp_script check_nginx { #check_nginx为字定义脚本 script "/usr/local/scripts/check_nginx.sh" interval 3 #每隔3秒执行一次脚本 } vrrp_instance VI_1 { state MASTER #指定那个为master,那个为backup,如果设置了nopreempt这个值不起作用,主备依据priority interface ens33 #实例绑定网卡(通过ifconfig命令查看) virtual_router_id 51 #VIPID标识,主备要一致 priority 100 #优先权,权重大的竞选为master,1-255之间 advert_int 1 #检查间隔,默认1秒 authentication { #设置认证,主备一致 auth_type PASS #认证方式 auth_pass 1111 #认证密码 } virtual_ipaddress { #设置VIP,可设置多个,空格隔开 192.168.0.125 } track_script { check_nginx #定义监控脚本,和上面的vrrp_script后面的字符串保持一致 } }
- 配置backup(192.168.0.175)上keepalived配置文件
! Configuration File for keepalived global_defs { #notification_email { # acassen@firewall.loc # failover@firewall.loc # sysadmin@firewall.loc #} #notification_email_from Alexandre.Cassen@firewall.loc #smtp_server 192.168.200.1 #smtp_connect_timeout 30 #router_id LVS_DEVEL #vrrp_skip_check_adv_addr #vrrp_strict #vrrp_garp_interval 0 #vrrp_gna_interval 0 } vrrp_script check_nginx { #check_nginx为自定义脚本 script "/usr/local/scripts/check_nginx.sh" interval 3 #每隔3秒执行一次脚本 } vrrp_instance VI_1 { state BACKUP #指定那个为master,那个为backup,如果设置了nopreempt这个值不起作用,主备依据priority interface ens33 #实例绑定网卡(通过ip addr命令查看) virtual_router_id 51 #VIPID标识,主备要一致 priority 50 #优先权,权重大的竞选为master,1-255之间 advert_int 1 #检查间隔,默认1秒 authentication { #设置认证,主备一致 auth_type PASS #认证方式 auth_pass 1111 #认证密码 } virtual_ipaddress { #设置VIP,可设置多个,空格隔开 192.168.0.125 } track_script { check_nginx #定义监控脚本,和上面的vrrp_script后面的字符串保持一致 } }
-
主备检查Nginx脚本
mkdir /usr/local/scripts #创建脚本目录 touch /usr/local/scripts/check_nginx.sh #创建脚本文件 chmod a+x /usr/local/scripts/check_nginx.sh #赋值可执行权限 #! /bin/bash #时间变量,用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量 n=`ps -C nginx --no-heading|wc -l` #如果进程为0,则启动nginx,并且再次检测nginx进程数量,如果还为0,说明nginx无法启动,此时需要关闭keepalived if [ $n -eq "0" ]; then systemctl start nginx echo "$d nginx is starting" >> /var/log/check_nginx.log n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_nginx.log systemctl stop keepalived fi fi
测试
- 主备启动Nginx(安装之后默认启动)和keepalived
systemctl start nginx.service #启动nginx systemctl start keepalived.service #启动keepalived [root@one scripts]# ps aux | grep keepalived root 5050 0.0 0.1 48460 1040 ? Ss 10:09 0:00 /usr/local/keepalived/sbin/keepalived -D root 5051 0.0 0.2 48592 2048 ? S 10:09 0:00 /usr/local/keepalived/sbin/keepalived -D root 5052 0.0 0.1 48460 1688 ? S 10:09 0:01 /usr/local/keepalived/sbin/keepalived -D root 10867 0.0 0.0 112708 972 pts/0 R+ 10:57 0:00 grep --color keepalived #如果看keepalived有三个进程显示,说明正常启动
- 主备修改/data/wwwroot/default/index.html,将特定地方改成主机IP,好识别
<a class="navbar-brand col-sm-3 col-md-2 mr-0" href="">主备机IP</a>
- 访问网页(192.168.0.125),此时的VIP在主机上
- Nginx宕机(当Nginx宕机之后,检测脚本会尝试重启Nginx,恢复故障;当Nginx不能重启,则关闭keepalived;不关闭keepalivd的话,主机依旧占据VIP,造成无法访问)
[root@one scripts]# systemctl stop nginx.service [root@one scripts]# cat /var/log/check_nginx.log 20190423_14:06:08 nginx is starting
-
关闭主机keepalived,VIP自动切换绑定在从机上
#主机(192.168.0.169),关闭keepalived只有,VIP释放 [root@one scripts]# systemctl stop keepalived.service [root@one scripts]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:35:4b:7a brd ff:ff:ff:ff:ff:ff inet 192.168.0.169/24 brd 192.168.0.255 scope global dynamic ens33 valid_lft 3147sec preferred_lft 3147sec inet6 fe80::27b0:14bc:f738:b2fb/64 scope link valid_lft forever preferred_lft forever #备机(192.168.0.175),绑定VIP [root@three ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:e5:6d:4a brd ff:ff:ff:ff:ff:ff inet 192.168.0.175/24 brd 192.168.0.255 scope global dynamic ens33 valid_lft 3029sec preferred_lft 3029sec inet 192.168.0.125/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::6b74:27f:6061:a902/64 scope link valid_lft forever preferred_lft forever
-
主机故障恢复,VIP从新绑定主机
[root@one scripts]# systemctl start keepalived.service [root@one scripts]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:35:4b:7a brd ff:ff:ff:ff:ff:ff inet 192.168.0.169/24 brd 192.168.0.255 scope global dynamic ens33 valid_lft 2394sec preferred_lft 2394sec inet 192.168.0.125/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::27b0:14bc:f738:b2fb/64 scope link valid_lft forever preferred_lft forever