目录
1 实现 master/master 的 Keepalived 双主架构
2.2 virtual server (虚拟服务器)的定义格式
2.4 七层(HTTP/HTTPS) 与 四层(TCP) 的健康检查
2.5.2 准备web服务器并绑定VIP至web服务器lo网卡
3.3 haproxy配合keepalived实现双主高可用
1 实现 master/master 的 Keepalived 双主架构
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却
很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
master/master 的双主架构:
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高 服务器资源利用率
################################ keepalived01 ################################
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
shuyan-wawa@163.com
}
notification_email_from keepalived@ka1.shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict # 最好不要开启
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER # VI_1实例为主
interface eth0
virtual_router_id 100 # VIP 的router ID 要与实例2不同
priority 100 # 高优先级
advert_int 1
# preempt_delay 5s
# nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
}
vrrp_instance VI_2 {
state BACKUP # VI_2实例为从
interface eth0 # 网卡可以使用第二张网卡
virtual_router_id 200 # VIP 的router ID 要与实例1不同
priority 80 # 低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
}
################################ keepalived02 ################################
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
shuyan-wawa@163.com
}
notification_email_from keepalived@ka1.shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP # 备份
interface eth0
virtual_router_id 100
priority 80
advert_int 1
# preempt_delay 5s
# nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}
}
vrrp_instance VI_2 {
state MASTER # 实例2 为主
interface eth0
virtual_router_id 200 # 必须与keepalived01 实例2 的router id 一致
priority 100 # 高优先值
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}
}
在原先单主,增加一个实例二使得双两台keepalived都变为主
2 实现IPVS的高可用性
IPVS相关配置
2.1 虚拟服务器配置结构
virtual_server IP port {
...
real_server {
...
}
real_server {
...
}
…
}
2.2 virtual server (虚拟服务器)的定义格式
virtual_server IP port #定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #使用虚拟服务器组
2.3 虚拟服务器配置
virtual_server IP port { # VIP和PORT
delay_loop <INT> #检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh # 定义调度方法
lb_kind NAT|DR|TUN # 集群的类型,注意要大写
persistence_timeout <INT> # 持久连接时长
protocol TCP|UDP|SCTP # 指定服务协议,一般为TCP
sorry_server <IPADDR> <PORT> # 所有RS故障时,备用服务器地址
real_server <IPADDR> <PORT> { # RS的IP和PORT
weight <INT> #RS权重
notify_up <STRING>|<QUOTED-STRING> #RS上线通知脚本
notify_down <STRING>|<QUOTED-STRING> #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } # 定义当前主机健康状
# 态检测方法
}
}
#注意:括号必须分行写,两个括号写在同一行,如: }} 会出错2.4 七层(HTTP/HTTPS) 与 四层(TCP) 的健康检查
2.4.1 应用层监测
应用层检测:HTTP_GET|SSL_GET
HTTP_GET|SSL_GET {
url {
path <URL_PATH> #定义要监控的URL
status_code <INT> #判断上述检测机制为健康状态的响应码,一般为 200
}
connect_timeout <INTEGER> #客户端请求的超时时长, 相当于haproxy的timeout server
nb_get_retry <INT> #重试连接次数
delay_before_retry <INT> #重试之前的延迟时长
connect_ip <IP ADDRESS> #向当前RS哪个IP地址发起健康状态检测请求
connect_port <PORT> #向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS> #向当前RS发出健康状态检测请求时使用的源地址
bind_port <PORT> #向当前RS发出健康状态检测请求时使用的源端口
}2.4.2 TCP监测
传输层检测:TCP_CHECK
TCP_CHECK {
connect_ip <IP ADDRESS> #向当前RS的哪个IP地址发起健康状态检测请求
connect_port <PORT> #向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS> #发出健康状态检测请求时使用的源地址
bind_port <PORT> #发出健康状态检测请求时使用的源端口
connect_timeout <INTEGER> #客户端请求的超时时长
#等于haproxy的timeout server
}2.5 实现单主的 LVS-DR 模式
2.5.1 环境准备
- 准备web服务器并绑定VIP至web服务器lo网卡
- 在真实服务器上抑制ARP包的发送
- 由于是同一个局域网,可以直接访问得到,不需要增加路由器或修改网关
限制响应级别 :arp_ignore
- 0:默认值,表示可使用本地任意接口上配置的任意地址进行响应
- 1:仅在请求的目标IP配置在本地主机的接收到请求报文的接口上时,才给予响应
限制通告级别 :arp_announce
- 0:默认值,把本机所有接口的所有信息向每个接口的网络进行通告
- 1:尽量避免将接口信息向非直接连接网络进行通告
- 2:必须避免将接口信息向非本网络进行通告
2.5.2 准备web服务器并绑定VIP至web服务器lo网卡
[root@rea01 ~]# ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 up
[root@rea02 ~]# ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 up
# 使用apache创建虚拟主机
[root@rea01 ~]# yum install httpd
[root@rea01 ~]# mkdir -p /web
[root@rea01 ~]# echo this is `hostname -I` > /web/index.html
[root@rea01 ~]# vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
DocumentRoot /web
ServerName 192.168.239.110
</VirtualHost>
<Directory "/web">
AllowOverride none
Require all granted
</Directory>
[root@rea02 ~]# yum install httpd
[root@rea02 ~]# mkdir -p /web
[root@rea02 ~]# echo this is `hostname -I` > /web/index.html
[root@rea02 ~]# vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost *:80>
DocumentRoot /web
ServerName 192.168.239.120
</VirtualHost>
<Directory "/web">
AllowOverride none
Require all granted
</Directory>
# 测试没有问题
[root@rea02 ~]# curl 192.168.239.110
this is 192.168.239.110 192.168.122.1
2.5.3 在真实服务器上抑制ARP包的发送
[root@rea01 ~]# sysctl -a | grep arp_ignore
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.virbr0.arp_ignore = 0
net.ipv4.conf.virbr0-nic.arp_ignore = 0
[root@rea01 ~]# sysctl -a | grep arp_announce
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.virbr0.arp_announce = 0
net.ipv4.conf.virbr0-nic.arp_announce = 0
[root@rea01 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
[root@rea02 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
[root@rea01 ~]# sysctl --system
[root@rea02 ~]# sysctl --system
2.5.4 创建集群组,并添加真实服务器
VIP 为100 一台是 110,一台是120
[root@keep01 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 192.168.239.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3 # 如果在3秒内未能成功建立连接,则认为此次尝试失败
nb_get_retry 2 # 如果初次尝试失败,则还会再尝试2次
delay_before_retry 2 # 在每次重试之前等待2秒钟
}
}
real_server 192.168.239.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
2.5.5 查看集群是否创建成功
# 重启服务
[root@keep01 ~]# systemctl restart keepalived.service
# 下载ipvsadm
[root@keep01 ~]# yum install ipvsadm -y
# 查看集群是否创建成功
[root@keep01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.239.100:80 wrr
-> 192.168.239.110:80 Route 1 0 0
-> 192.168.239.120:80 Route 1 0 0 2.5.6 实现效果
$ while true ;do curl 192.168.239.100 ;sleep 0.5 ;done
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.1
this is 192.168.239.120 192.168.122.1
this is 192.168.239.110 192.168.122.12.6 实现双主的 LVS-DR 模式
对比单主模式,双主DR模式无非就是多增加一个实例,并且在每台keepalived上多增加一个VIP管理真实服务器集群----使用简单话来说就是双实例双集群一共两个VIP 192.168.239.100 | 192.168.239.200
思路:
配置实例
- 实例一 vrrp_instance VI_1
- 实例二 vrrp_instance VI_2
配置集群
- 集群一 virtual_server 192.168.239.100 80
- 集群二 virtual_server 192.168.239.100 80
给真实服务器环回口增加VIP
ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 up
ifconfig lo:2 192.168.239.200 netmask 255.255.255.255 up
真实服务器ARP抑制
增加环回VIP
[root@rea01 ~]# ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 up
[root@rea01 ~]# ifconfig lo:2 192.168.239.200 netmask 255.255.255.255 up
[root@rea02 ~]# ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 up
[root@rea02 ~]# ifconfig lo:2 192.168.239.200 netmask 255.255.255.255 upkeepalived01
! Configuration File for keepalived
global_defs { # 全局定义
notification_email { # 邮件通知列表
1282318338@qq.com
shuyan-wawa@163.com
}
notification_email_from keepalived@ka1.shuyan.com # 发送邮件的地址
smtp_server 127.0.0.1 # SMTP 服务器地址
smtp_connect_timeout 30 # SMTP 连接超时时间
router_id keep1.shuyan.com # 路由器 ID
vrrp_skip_check_adv_addr # 不检查通告地址
# vrrp_strict # 严格模式,禁用一些功能以提高安全性
vrrp_garp_interval 0 # GARP 发送间隔时间(0 表示禁用)
vrrp_gna_interval 0 # GNA 发送间隔时间(0 表示禁用)
# vrrp_mcast_group4 224.0.0.18 # VRRP 组播地址
# vrrp_iptables # 启用 iptables 规则支持
}
################################ 实例一 #######################################
vrrp_instance VI_1 { # 定义VRRP实例一
state MASTER # 当前实例状态为主
interface eth0 # 使用的网络接口
virtual_router_id 100 # 虚拟路由器 ID
priority 100 # 优先级
advert_int 1 # 广播间隔时间(秒)
# preempt_delay 5s # 主动抢占延迟时间
# nopreempt # 禁止主动抢占
authentication { # 认证配置
auth_type PASS # 认证类型
auth_pass 1111 # 认证密码
}
virtual_ipaddress { # 虚拟 IP 地址
192.168.239.100/24 dev eth0 label eth0:1 # 定义虚拟 IP 地址
}
unicast_src_ip 192.168.239.10 # 单播源 IP 地址
unicast_peer { # 单播对等体
192.168.239.20 # 单播对等体 IP 地址
}
# notify_master "/etc/keepalived/mail.sh master" # 主状态通知脚本
# notify_backup "/etc/keepalived/mail.sh backup" # 备份状态通知脚本
# notify_fault "/etc/keepalived/mail.sh fault" # 故障状态通知脚本
}
################################ 实例二 #######################################
vrrp_instance VI_2 { # 定义VRRP实例二
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
}
############################## 第一个集群 #######################################
virtual_server 192.168.239.100 80 { # 定义第一个集群
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3 # 如果在3秒内未能成功建立连接,则认为此次尝试失败
nb_get_retry 2 # 如果初次尝试失败,则还会再尝试2次
delay_before_retry 2 # 在每次重试之前等待2秒钟
}
}
real_server 192.168.239.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
############################## 第二个集群 #######################################
virtual_server 192.168.239.200 80 { # 定义第二个虚拟服务器
delay_loop 6 # 健康检查循环间隔(秒)
lb_algo wrr # 负载均衡算法:加权轮询
lb_kind DR # 负载均衡类型:直接路由
protocol TCP # 协议类型:TCP
real_server 192.168.239.110 80 { # 定义后端服务器
weight 1 # 服务器权重
HTTP_GET { # HTTP GET 健康检查
url { # URL 配置
path / # 检查路径
status_code 200 # 成功状态码
}
connect_timeout 3 # 连接超时时间(秒)
nb_get_retry 2 # 重试次数
delay_before_retry 2 # 重试之间的延迟时间(秒)
}
}
real_server 192.168.239.120 80 { # 定义第二个后端服务器
weight 1 # 服务器权重
HTTP_GET { # HTTP GET 健康检查
url { # URL 配置
path / # 检查路径
status_code 200 # 成功状态码
}
connect_timeout 3 # 连接超时时间(秒)
nb_get_retry 2 # 重试次数
delay_before_retry 2 # 重试之间的延迟时间(秒)
}
}
}keepalived02
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
shuyan-wawa@163.com
}
notification_email_from keepalived@ka1.shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# vrrp_mcast_group4 224.0.0.18
# vrrp_iptables
}
################################ 实例一 #######################################
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
# preempt_delay 5s
# nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}
}
################################ 实例二 #######################################
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200/24 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}
}
################################ 第一个集群 #######################################
virtual_server 192.168.239.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2 # 两秒尝试一次一共两次
}
}
real_server 192.168.239.120 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
################################ 第二个集群 #######################################
virtual_server 192.168.239.200 80 {
delay_loop 6 # 健康检查6秒一次对后端服务器
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 192.168.239.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}两台real 安装MySQL
# 下载MySQL yum仓库
[root@rea02 ~]# yum install https://dev.mysql.com/get/mysql84-community-release-el7-1.noarch.rpm
# 下载MySQL
[root@rea02 yum.repos.d]# yum install mysql-server -y
[root@rea01 ~]# systemctl start mysqld
[root@rea01 ~]#
[root@rea01 ~]#
[root@rea01 ~]#
[root@rea01 ~]#
[root@rea01 ~]# grep password /var/log/mysqld.log
2024-08-14T08:27:42.815816Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: WzzCckyrq0!J
[root@rea01 ~]# mysql -uroot -p
Enter password:
# 修改root密码
mysql> ALTER USER root@'localhost' identified by 'Openlab123!';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
# 创建远程链接用户
[root@rea01 ~]# mysql -uroot -pOpenlab123!
mysql> CREATE USER 'shuyan'@'%' IDENTIFIED BY 'Openlab123!';
Query OK, 0 rows affected (0.00 sec)
# 授权
mysql> GRANT ALL ON *.* TO 'shuyan'@'%';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)为区分MySQL与web服务器,增加子配置文件
此处只演示keep01,keep02配置相同
[root@keep01 ~]# vim /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/*.conf
[root@keep01 ~]# mkdir -p /etc/keepalived/conf.d
[root@keep01 ~]# vim /etc/keepalived/conf.d/mysql.conf
virtual_server 192.168.239.200 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.239.120 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
virtual_server 192.168.239.100 3306 {
delay_loop 3
lb_algo wrr
lb_kind DR
protocol TCP
real_server 192.168.239.110 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.239.120 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
重启keepalived服务
[root@keep01 conf.d]# systemctl restart keepalived.service
[root@keep01 conf.d]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.239.100:80 wrr
-> 192.168.239.110:80 Route 1 0 0
-> 192.168.239.120:80 Route 1 0 0
TCP 192.168.239.100:3306 wrr
-> 192.168.239.110:3306 Route 1 0 0
-> 192.168.239.120:3306 Route 1 0 0
TCP 192.168.239.200:80 wrr
-> 192.168.239.110:80 Route 1 0 0
-> 192.168.239.120:80 Route 1 0 0
TCP 192.168.239.200:3306 wrr
-> 192.168.239.110:3306 Route 1 0 6
-> 192.168.239.120:3306 Route 1 0 5 测试效果如下
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea02 |
+------------+
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea01 |
+------------+
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea02 |
+------------+
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea01 |
+------------+
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea02 |
+------------+
[root@mysql-02 ~]# mysql -ushuyan -pOpenlab123! -h 192.168.239.200 -e "SELECT @@HOSTNAME"
mysql: [Warning] Using a password on the command line interface can be insecure.
+------------+
| @@HOSTNAME |
+------------+
| rea01 |
+------------+3 实现其它应用的高可用性 VRRP Script
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先
动态调整,从而实现其它应用的高可用性功能
参考配置文件:/usr/share/doc/keepalived/keepalived.conf.vrrp.localcheck
3.1 VRRP Script 配置
分两步实现:
定义脚本
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,定
义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后。
通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至
低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点
3.1.1 定义 VRRP script
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING> #此脚本返回值为非0时,会触发下面OPTIONS执行
OPTIONS
}3.1.2 调用脚本
track_script:调用vrrp_script定义的脚本去监控资源,定义在VRRP实例之内,调用事先定义的vrrp_script
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}3.1.3 VRRP script 格式参数说明
vrrp_script <SCRIPT_NAME> { #定义一个检测脚本,在global_defs 之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #默认为0,如果设置此值为负数,
#当上面脚本返回值为非0时
#会将此值与本节点权重相加可以降低本节点权重,
#即表示fall.
#如果是正数,当脚本返回值为0,
#会将此值与本节点权重相加可以提高本节点权重
#即表示 rise.通常使用负值
fall <INTEGER> #执行脚本连续几次都失败,则转换为失败,建议设为2以上
rise <INTEGER> #执行脚本连续几次都成功,把服务器从失败标记为成功
user USERNAME [GROUPNAME] #执行监测脚本的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
调用
VRRP script
vrrp_instance test {
... ...
track_script {
check_down
}
}3.2 利用脚本实现主从角色切换
vrrp_script check_shuyan {
script "/mnt/check_shuyan.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# preempt_delay 5s
# nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
track_script {
check_shuyan
}
}
[root@keep01 ~]# vim /mnt/check_shuyan.sh
#!/bin/bash
[ ! -f "/mnt/shuyan" ]
[root@keep01 ~]# systemctl restart keepalived.service
[root@keep01 ~]# chmod +x /mnt/check_shuyan.sh 
3.3 haproxy配合keepalived实现双主高可用
关闭ARP 抑制,并删除在真实服务器上的VIP
此处只实例一台真实服务器的,第二台也是同样的操作
[root@rea01 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
[root@rea01 ~]# sysctl --system
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
* Applying /etc/sysctl.conf ...
[root@rea01 ~]# ifconfig lo:1 192.168.239.100 netmask 255.255.255.255 down
[root@rea01 ~]# ifconfig lo:2 192.168.239.200 netmask 255.255.255.255 down内核参数 net.ipv4.ip_nonlocal_bind
由于在haproxy配置文件中有一个参数叫做bind 他会监听这个地址并且需要这个地址真实的存在,但在高可用的情况下地址是存在漂移的要么存在优先级高的主机上面,要么优先级高的主机挂掉了,继而VIP转移到另一台keepalived机子上,无论那种情况haproxy都是会监听这个地址,假如这个地址不存在haproxy是会报错的 所以需要在内核中打开一个参数叫做net.ipv4.ip_nonlocal_bind他的意思即是允许远程地址监听
[root@keep01 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@keep02 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1下载haproxy
############################ keep01 ####################################
[root@keep01 ~]# yum install haproxy -y
[root@keep01 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 192.168.239.100:80
bind 192.168.239.200:80
mode http
balance roundrobin
server web1 192.168.239.110:80 check inter 3 fall 3 rise 5
[root@keep01 ~]# systemctl restart haproxy.service
############################ keep02 ####################################
[root@keep02 ~]# yum install haproxy -y
[root@keep02 ~]# vim /etc/haproxy/haproxy.cfg
frontend webcluster
bind 192.168.239.100:80
bind 192.168.239.200:80
mode http
use_backend webcluster-host
backend webcluster-host
balance roundrobin
server web1 192.168.239.110:80 check inter 3 fall 3 rise 3
server web2 192.168.239.120:80 check inter 3 fall 3 rise 3
[root@keep02 ~]# systemctl restart haproxy.service
[root@keep01 ~]# vim /etc/keepalived/keepalived.conf
[root@keep02 ~]# vim /etc/keepalived/keepalived.conf
[root@keep01 ~]# vim /etc/keepalived/conf.d/mysql.conf
[root@keep02 ~]# vim /etc/keepalived/conf.d/mysql.conf
以下注释
[root@keep01 ~]# mkdir /etc/keepalived/scripts
[root@keep01 ~]# vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@keep02 ~]# mkdir /etc/keepalived/scripts
[root@keep02 ~]# vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
# 授权
[root@keep01 ~]# chmod +x /etc/keepalived/scripts/haproxy.sh
[root@keep02 ~]# chmod +x /etc/keepalived/scripts/haproxy.sh实现双主高可用,两个实例
vrrp_script --创建检查动作 两个实例都得调用
keep01配置
[root@keep01 ~]# vim /etc/keepalived/conf.d/web.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1 # 一秒检查一次
weight -30
timeout 2
fall 2 # 连续2次检测失败才认为脚本返回非零
rise 2
}
vrrp_instance web {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
track_script {
check_haproxy
}
}
vrrp_instance web2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.10
unicast_peer {
192.168.239.20
}
track_script {
check_haproxy
}
}keep02配置
[root@keep02 ~]# vim /etc/keepalived/conf.d/web.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1 # 一秒检查一次
weight -30
timeout 2
fall 2 # 连续2次检测失败才认为脚本返回非零
rise 2
}
vrrp_instance web {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}
track_script {
check_haproxy
}
}
vrrp_instance web2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.200 dev eth0 label eth0:2
}
unicast_src_ip 192.168.239.20
unicast_peer {
192.168.239.10
}实现效果
使用tcpdump来监测发现两台keepalived都在工作 实现了keepalived+haproxy 的双主高可用的效果
扫一扫
889
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
