一、高可用集群
1、集群类型
LB:Load Balance 负载均衡 LVS/HAProxy/nginx(http/upstream, stream/upstream)
HA:High Availability 高可用集群 数据库、Redis
SPoF: Single Point of Failure,解决单点故障
HPC:High Performance Computing 高性能集群
2、系统可用性
SLA:Service-Level Agreement 服务等级协议(提供服务的企业与客户之间就服务的品质、水准、性能 等方面所达成的双方共同认可的协议或契约)
A = MTBF / (MTBF+MTTR)
99.95%:(60*24*30)*(1-0.9995)=21.6分钟 #一般按一个月停机时间统计
3、系统故障
硬件故障:设计缺陷、wear out(损耗)、非人为不可抗拒因素
软件故障:设计缺陷 bug
4、实现高可用
提升系统高用性的解决方案:降低MTTR- Mean Time To Repair(平均故障时间)
解决方案:建立冗余机制
active/passive 主/备
active/active 双主
active --> HEARTBEAT --> passive
active HEARTBEAT active
5、VRRP:Virtual Router Redundancy Protoco
虚拟路由冗余协议,解决静态网关单点风险物理层:路由器、三层交换机
软件层:keepalived
二、keepalived部署及其实验
准备四台主机
ka1 | ip:172.25.254.10 |
ka2 | ip:172.25.254.20 |
realserver1 | ip:172.25.254.110 |
realserver2 | ip:172.25.254.120 |
1、全局配置
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
timiniglee-zln@163.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
三、配置虚拟路由
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type AH|PASS
uth_pass 1111
}
virtual_ipaddress {
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
172.25.254.100
172.25.254.10/24 dev eth1
172.25.254.20/24 dev eth2 label eth2:1
}
}
3.1配置master
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
#nft list ruleset
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
3.2 配置slave
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20 #相同id管理同一个虚拟路由
priority 80 #低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
3.3 测试
[root@KA2 ~]# tcpdump -i eth0 -nn host 224.0.0.18
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:48:23.294894 IP 192.168.178.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20,prio 100, authtype none, intvl 1s, length 20
22:48:24.084793 IP 192.168.178.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30,prio 80, authtype none, intvl 1s, length 20
22:48:24.295075 IP 192.168.178.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20,prio 100, authtype none, intvl 1s, length 20
22:48:25.085256 IP 192.168.178.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30,prio 80, authtype none, intvl 1s, length 20
22:48:25.296296 IP 192.168.178.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20,prio 100, authtype none, intvl 1s, length 20
22:48:26.085843 IP 192.168.178.30 > 224.0.0.18: VRRPv2, Advertisement, vrid 30,prio 80, authtype none, intvl 1s, length 20
四、Keepalived日志功能
在以下配置中进行添加
ka2也是一样
[root@ka1 ~]# cat /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@ka1 ~]#cat /etc/rsyslog.conf
local6.* /var/log/keepalived.log
重启服务
[root@ka1 ~]#systemctl restart keepalived.service
查看日志
4.1 实现独立子配置文件
把之前的文件注释掉,添加新的配置文件
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
然后重启服务
[root@ka1 ~]#systemctl restart keepalived.service
[root@ka2 ~]#systemctl restart keepalived.service
五、实现master/slave的 Keepalived 单主架构
ka1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
ka2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
5.1非抢占模式
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色, 这样会使vip在KA主机中来回漂移,造成网络抖动
建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
ka1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
ka2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
5.2抢占延迟模式
ka1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 100
preempt_delay 5s
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
ka2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
preempt_delay 5s
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
测试结果
ka1停止服务时,ka2才会有
5.3组播变单播
启用单播时, vrrp_strict 需要注释
ka1
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_ipsets keepalived
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 100
#preempt_delay 5s
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
ka2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1062949354@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_ipsets keepalived
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
#preempt_delay 5s
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
测试结果
停掉ka1中的服务,去ka2中测试
六、发送邮箱
ka1
[root@KA1 ~]# vim /etc/mail.rc
set from=1062949354@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1062747354@qq.com
set smtp-auth-password=123
set smtp-auth=login
set ssl-verify=ignore
安装邮件服务
[root@ka1 ~]# yum install mail* -y
然后编写脚本
[root@ka1 ~]# cat /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="1062949354@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T` : vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_mesage fault
;;
*)
;;
esac
给权限
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
查看测试结果
六 实现 master/master 的 Keepalived 双主架构
ka1
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preemt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#preemt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
ka2
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preemt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#preemt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
关闭ka1服务,开启ka2服务
6.1 keepalived实现haproxy高可用
下载haproxy
ka1
[root@ka1 ~]# yum install haproxy
[root@ka1 ~]# systemctl restart --enable haproxy
ka2
[root@ka2 ~]# yum install haproxy
[root@ka2 ~]# systemctl restart --enable haproxy
修改内核参数并生效
ka1
[root@ka1 ~]# vim /etc/sysctl.conf
[root@ka1 ~]sysctl -p
ka2
[root@ka2 ~]# vim /etc/sysctl.conf
[root@ka2 ~]sysctl -p
net.ipv4.ip_nonlocal_bind=1
修改主配置文件
ka1和ka2
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
[root@ka2 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
创建脚本并给予权限
ka1
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
ka2
[root@ka2 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka2 ~]# chmod +x /etc/keepalived/test.sh
在ka1中配置keepalived
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
测试