一、简述HA Cluster原理
高可用集群,英文原文为High Availability Cluster,简称HA Cluster;集群(cluster)就是一组计算机,它们作为一个整体向用户提供一组网络资源。这些单个的计算机系统 就是集群的节点(node)。高可用性集群(HA cluster)是指如单系统一样地运行并支持(计算机)持续正常运行的一个主机群。
高可用集群的出现是为了使集群的整体服务尽可能可用,从而减少由计算机硬件和软件易错性所带来的损 失。如果某个节点失效,它的备援节点将在几 秒钟的时间内接管它的职责。因此,对于用户而言,集群永远不会停机。高可用集群软件的主要作用就是实现故障检查和业务切换的自动化。
简单说高可用集群就是为了解决集群中的单点故障(SPoF),保证服务不间断运行的冗余(redundant)手段。
- SPoF:Single Point of Failure;单点故障
- 冗余(redundant): 在两个节点上装一个软件程序,根据判断状态完成资源转移;
高可用集群的衡量标准
通常用平均无故障时间(MTTF)来度量系统的可靠性,用平均故障维修时间(MTTR)来度量系统的可维护性。于是可用性被定义为:HA=MTTF/(MTTF+MTTR)*100%
- 可用性衡量指标:
- 基本可用性:2个9;99%;年度停机时间 87.6小时
- 较高可用性:3个9;99.9%;年度停机时间 8.8小时
- 具有故障自动恢复能力的可用性:4个9;99.99%;年度停机时间53分钟
- 极高可用性:5个9;99.999%;年度停机时间5分钟
二、keepalived
- KeepAlived主要有两个功能:
- (1).能够对RealServer进行健康状况检查,支持4层、5层和7层协议进行健康检查;
- (2).对负载均衡调度器实现高可用,防止Director单点故障。
- KeepAlived工作过程:
keepalived实现故障转移的功能是通过VRRP(virtual router redundancy protocol虚拟路由器冗余协议)协议来实现的。 在keepalived正常工作的时候,主节点(master)会不断的发送心跳信息给备节点(backup),当备节点不能在一定时间内收到主节点的心跳信息时,备节点会认为主节点宕了,然后会接管主节点上的资源,并继续向外提供服务保证其可用性。当主节点恢复的时候,备节点会自动让出资源并再次自动成为备节点。
- keepalived基于vrrp协议的软件实现,原生设计的目的为了高可用ipvs服务;
- 基于vrrp协议完成地址流动;
- 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义);
- 为ipvs集群的各RS做健康状态检测;
- 基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务;
- HA Cluster的配置前提:
(1) 各节点时间必须同步; ntp, chrony
(2) 确保iptables及selinux不会成为阻碍;
(3) 各节点之间可通过主机名互相通信(对KA并非必须);
建议使用/etc/hosts文件实现;
(4) 确保各节点的用于集群服务的接口支持MULTICAST通信;
D类:224-239; - keepalived安装配置:
在CentOS6.4以后,keepalivd随base仓库提供;
-
程序环境:
主配置文件:/etc/keepalived/keepalived.conf
主程序文件:/usr/sbin/keepalived
nit File:keepalived.service
Unit File的环境配置文件:/etc/sysconfig/keepalived -
配置文件组件部分:
TOP HIERACHY
- GLOBAL CONFIGURATION
- Global definitions
- Static routes/addresses
- VRRPD CONFIGURATION
- VRRP synchronization group(s):vrrp同步组;
- VRRP instance(s):每个vrrp instance即一个vrrp路由器;
- LVS CONFIGURATION
- Virtual server group(s)
- Virtual server(s):ipvs集群的vs和rs; -
配置语法:
-
配置虚拟路由器:
vrrp_instance <STRING> { .... } -
专用参数:
state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口;
virtual_router_id VRID:当前虚拟路由器的惟一标识,范围是0-255;
priority 100:当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1:vrrp通告的时间间隔;authentication { auth_type AH|PASS auth_pass <PASSWORD> }``` `virtual_ipaddress { <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL> 192.168.200.17/24 dev eth1 192.168.200.18/24 dev eth2 label eth2:1 } track_interface { eth0 eth1 ... }` # 配置要监控的网络接口,一旦接口出现故障,则转为FAULT状态; `nopreempt:`定义工作模式为非抢占模式; `preempt_delay 300:`抢占式模式下,节点上线后触发新选举操作的延迟时长;
-
-
定义通知脚本:
notify_master <STRING>|<QUOTED-STRING>:当前节点成为主节点时触发的脚本; notify_backup <STRING>|<QUOTED-STRING>:当前节点转为备节点时触发的脚本; notify_fault <STRING>|<QUOTED-STRING>:当前节点转为“失败”状态时触发的脚本; notify <STRING>|<QUOTED-STRING>:通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知; -
虚拟服务器:
配置参数:virtual_server IP port | virtual_server fwmark int { ... real_server { ... } ... }
常用参数:
delay_loop <INT>:服务轮询的时间间隔;
lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法;
lb_kind NAT|DR|TUN:集群的类型;
persistence_timeout <INT>:持久连接时长;
protocol TCP:服务协议,仅支持TCP;
sorry_server <IPADDR> <PORT>:备用服务器地址;
real_server <IPADDR> <PORT>
{
weight <INT>
notify_up <STRING>|<QUOTED-STRING>
notify_down <STRING>|<QUOTED-STRING>
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定义当前主机的健康状态检测方法;
}
-
HTTP_GET|SSL_GET:应用层检测
HTTP_GET|SSL_GET { url { path <URL_PATH>:定义要监控的URL; status_code <INT>:判断上述检测机制为健康状态的响应码; digest <STRING>:判断上述检测机制为健康状态的响应的内容的校验码; } nb_get_retry <INT>:重试次数; delay_before_retry <INT>:重试之前的延迟时长; connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址; bind_port <PORT>:发出健康状态检测请求时使用的源端口; connect_timeout <INTEGER>:连接请求的超时时长; } -
TCP_CHECK:传输层检测
TCP_CHECK { connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址; bind_port <PORT>:发出健康状态检测请求时使用的源端口; connect_timeout <INTEGER>:连接请求的超时时长; }
三、keepalived实现主从、主主架构
-
主从配置:
准备2个节点:node1:192.168.1.108;node2:192.168.1.109
同步时间:[root@node1 ~]# ntpdate 192.168.1.10
安装配置keepalived:
在node1如下配置[root@node1 ~]# yum -y install keepalived #安装keepalived [root@node1 ~]# cd /etc/keepalived/ [root@node1 keepalived]# cp keepalived.conf{,.bak} #备份keepalived原始配置文件 [root@node1 keepalived]# vim keepalived.conf #在打开的文件中配置如下内容 ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.1.105.33 } vrrp_instance VI_1 { state MASTER #当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP; interface ens33 virtual_router_id 33 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.99 dev ens33 label ens33:0 } }
在node2节点上如下配置:
[root@node2 ~]# yum -y install keepalived #安装keepalived
[root@node2 ~]# cd /etc/keepalived/
[root@node2 keepalived]# cp keepalived.conf{,.bak} #备份keepalived原始配置文件
[root@node2 keepalived]# vim keepalived.conf
#在打开的文件中配置如下内容
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.1.105.33
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 33
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.99 dev ens33 label ens33:0
}
}
启动node2节点keepalived测试
[root@node2 ~]# systemctl start keepalived
[root@node2 ~]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.99 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:f0:be:9c txqueuelen 1000 (Ethernet)
[root@node2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2018-08-26 09:37:52 CST; 7s ago
Process: 15928 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 15929 (keepalived)
CGroup: /system.slice/keepalived.service
├─15929 /usr/sbin/keepalived -D
├─15930 /usr/sbin/keepalived -D
└─15931 /usr/sbin/keepalived -D
Aug 26 09:37:52 node2 Keepalived_vrrp[15931]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Aug 26 09:37:56 node2 Keepalived_vrrp[15931]: VRRP_Instance(VI_1) Transition to MASTER STATE
Aug 26 09:37:57 node2 Keepalived_vrrp[15931]: VRRP_Instance(VI_1) Entering MASTER STATE
Aug 26 09:37:57 node2 Keepalived_vrrp[15931]: VRRP_Instance(VI_1) setting protocol VIPs.
Aug 26 09:37:57 node2 Keepalived_vrrp[15931]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:37:57 node2 Keepalived_vrrp[15931]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ...1.99
Aug 26 09:37:57 node2 Keepalived_vrrp[15931]: Sending gratuitous ARP on ens33 for 192.168.1.99
#在node1节点上抓包测试
[root@node1 ~]# tcpdump -i ens33 -nn host 224.1.105.33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
09:37:56.221751 IP 192.168.1.109 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 96, authtype simple, intvl 1s, length 20
09:37:57.227332 IP 192.168.1.109 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 96, authtype simple, intvl 1s, length 20
启动node1节点keepalived:
[root@node1 ~]# systemctl start keepalived
[root@node1 ~]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.99 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:21:8d:06 txqueuelen 1000 (Ethernet)
[root@node1 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2018-08-26 09:42:23 CST; 1min 9s ago
Process: 15076 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 15077 (keepalived)
CGroup: /system.slice/keepalived.service
├─15077 /usr/sbin/keepalived -D
├─15078 /usr/sbin/keepalived -D
└─15079 /usr/sbin/keepalived -D
Aug 26 09:42:25 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:25 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:25 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:25 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: VRRP_Instance(VI_1) Sending/queueing gratuitous ....99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Aug 26 09:42:30 www.ilinux.com Keepalived_vrrp[15079]: Sending gratuitous ARP on ens33 for 192.168.1.99
Hint: Some lines were ellipsized, use -l to show in full.
#node1节点抓包测试
[root@node1 ~]# tcpdump -i ens33 -nn host 224.1.105.33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
09:43:18.304748 IP 192.168.1.108 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
09:43:19.305917 IP 192.168.1.108 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
-
双主模式配置
#node1节点上修改keepalived.conf配置文件,在最后添加如下内容 vrrp_instance VI_ 2{ state BACKUP interface ens33 virtual_router_id 34 priority 96 advert_int 1 authentication { auth_type PASS auth_pass XXXX1111 } virtual_ipaddress { 192.168.1.98 dev ens33 label ens33:0 } } #node2节点上修改keepalived.conf配置文件,在最后添加如下内容 vrrp_instance VI_2 { state MASTER interface ens33 virtual_router_id 34 priority 100 advert_int 1 authentication { auth_type PASS auth_pass XXXX1111 } virtual_ipaddress { 192.168.1.98 dev ens33 label ens33:0 } } #停止keepalived服务,再重新启动 [root@node2 ~]# systemctl stop keepalived [root@node2 ~]# systemctl start keepalived [root@node2 ~]# ip a l ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:f0:be:9c brd ff:ff:ff:ff:ff:ff inet 192.168.1.109/24 brd 192.168.1.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.1.98/32 scope global ens33:0 valid_lft forever preferred_lft forever inet6 fe80::7221:3e5e:6c0:4c1c/64 scope link valid_lft forever preferred_lft forever ... [root@node2 ~]# systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2018-08-26 10:17:01 CST; 1min 8s ago Process: 16217 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 16218 (keepalived) CGroup: /system.slice/keepalived.service ├─16218 /usr/sbin/keepalived -D ├─16219 /usr/sbin/keepalived -D └─16220 /usr/sbin/keepalived -D Aug 26 10:17:08 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.98 Aug 26 10:17:08 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.98 Aug 26 10:17:08 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.98 Aug 26 10:17:08 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.98 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ...1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Hint: Some lines were ellipsized, use -l to show in full #重新启动node1节点的keepalived服务 [root@node1 keepalived]# systemctl start keepalived [root@node1 keepalived]# ip a l ... 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:21:8d:06 brd ff:ff:ff:ff:ff:ff inet 192.168.1.108/24 brd 192.168.1.255 scope global dynamic ens33 valid_lft 2403sec preferred_lft 2403sec inet 192.168.1.99/32 scope global ens33:0 valid_lft forever preferred_lft forever inet6 fe80::959:d8ab:dd39:b1b/64 scope link valid_lft forever preferred_lft forever ... [root@node1 keepalived]# systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2018-08-26 10:19:19 CST; 1min 24s ago Process: 15146 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 15147 (keepalived) CGroup: /system.slice/keepalived.service ├─15147 /usr/sbin/keepalived -D ├─15148 /usr/sbin/keepalived -D └─15149 /usr/sbin/keepalived -D Aug 26 10:19:22 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:22 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:22 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:22 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: VRRP_Instance(VI_1) Sending/queueing gratuitous ....99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:27 www.ilinux.com Keepalived_vrrp[15149]: Sending gratuitous ARP on ens33 for 192.168.1.99 Hint: Some lines were ellipsized, use -l to show in full. # 在node2节点上status查看状态 [root@node2 ~]# systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2018-08-26 10:17:01 CST; 4min 59s ago Process: 16217 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 16218 (keepalived) CGroup: /system.slice/keepalived.service ├─16218 /usr/sbin/keepalived -D ├─16219 /usr/sbin/keepalived -D └─16220 /usr/sbin/keepalived -D Aug 26 10:17:08 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.98 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ...1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:17:11 node2 Keepalived_vrrp[16220]: Sending gratuitous ARP on ens33 for 192.168.1.99 Aug 26 10:19:21 node2 Keepalived_vrrp[16220]: VRRP_Instance(VI_1) Received advert with higher priority...s 96 Aug 26 10:19:21 node2 Keepalived_vrrp[16220]: VRRP_Instance(VI_1) Entering BACKUP STATE Aug 26 10:19:21 node2 Keepalived_vrrp[16220]: VRRP_Instance(VI_1) removing protocol VIPs. -
通知脚本使用方式
#编辑通知脚本 [root@node1 ~]# cd /etc/keepalived/ [root@node1 keepalived]# vim notify.sh #!/bin/bash #keepalived 邮件通知脚本 #date: 2018-8-26 contact = 'root@localhost' notify () { local mailsubject="$(hostname) to be $1 vip floating" local mailbody="$(data + '%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac #在keepalived.conf中的vrrp实例中添加如下内容 vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 33 priority 96 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.99 dev ens33 label ens33:0 } notify_master "/etc/keepalived/notify.sh master" notify_backuo "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } -
以dr集群架构配置示例
dr架构.png
[root@node1 ~]# yum -y install ipvsadm #安装ipvsadm以便查看生成的规则
#编辑keepalived.conf为node1和node2生成规则
[root@node1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.105.33
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 33
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass XXXX1111
}
virtual_ipaddress {
192.168.1.99 dev ens33 label ens33:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.1.99 80 {
delay_loop 1
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.1.111 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 3
}
}
real_server 192.168.1.122 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_code 200
}
nb_get_retry 3
delay_before_retry 2
connect_timeout 3
}
}
}
#将此配置文件拷贝到node2节点,并修改以下几行
router_id node2
state BACKUP
priority 96
#重新启动node2节点的keepalived服务
[root@node2 ~]# systemctl stop keepalived
[root@node2 ~]# systemctl start keepalived
[root@node2 ~]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.99 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:f0:be:9c txqueuelen 1000 (Ethernet)
...
[root@node2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.99:80 wrr
-> 192.168.1.111:80 Route 1 0 0
-> 192.168.1.122:80 Route 1 0 0
#使用client访问测试正常
[root@localhost ~]# curl http://192.168.1.99
<h1>RealServer 1</h1>
[root@localhost ~]# curl http://192.168.1.99
<h1>RealServer 2</h1>
#启动node1的keepalived服务,通过下面查看ip和status后看到node1已经成功上线
[root@node1 keepalived]# systemctl start keepalived
[root@node1 keepalived]# ifconfig
[root@node1 keepalived]# systemctl status keepalived
#使用client访问服务正常
[root@localhost ~]# curl http://192.168.1.99
<h1>RealServer 1</h1>
[root@localhost ~]# curl http://192.168.1.99
<h1>RealServer 2</h1>
四、高可用nginx配置示例
高可用nginx架构.png
@以上图的架构配置实验网络环境;node1和node2双网卡,dip桥接,私网地址VMent1,rs1和rs2为后端主机,配置两个访问index.html为RealServer 1和RealServer 2;
-
在node1节点上安装配置keepalived服务
[root@node1 ~]# yum -y install keepalived [root@node1 ~]# vim /etc/keepalived/keepalived.conf #按如下内容编辑配置文件 ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.1.105.33 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" weight -10 interval 1 fall 1 rise 1 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 33 priority 100 advert_int 1 authentication { auth_type PASS auth_pass XXXX1111 } virtual_ipaddress { 192.168.1.99/24 dev ens33 label ens33:0 } track_script { chk_down } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } -
安装配置nginx服务
[root@node1 ~]# yum -y install nginx [root@node1 ~]# vim /etc/nginx/nginx.conf #在配置文件中http{...}段中添加如下内容 upstream websrvs { server 192.168.10.111:80; server 192.168.10.122:80; } #在location段中配置反向代理读物 location / { proxy_pass http://websrvs; } -
修改通知脚本
[root@node1 ~]# vim /etc/keepalived/notify.sh #!/bin/bash #keepalived 邮件通知脚本 #2018-8-26 contact = 'root@localhost' notify () { local mailsubject="$(hostname) to be $1 vip floating" local mailbody="$(data + '%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) systemctl start nginx notify master ;; backup) systemctl start nginx notify backup ;; fault) systemctl start nginx notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac -
在keepalived配置中定义nginx脚本并调用
-
配置双主模式的keepalived服务,在keepalived.conf配置如下内容
vrrp_instance VI_2 { state BACKUP interface ens33 virtual_router_id 43 priority 96 advert_int 1 authentication { auth_type PASS auth_pass XXXX1111 } virtual_ipaddress { 192.168.1.98/24 dev ens33 label ens33:0 } track_script { chk_down chk_ngx } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } -
配置检测网卡状态,在keepalived.conf配置文件最后添加如下内容
track_interface { ens33 ens37 } -
至此node1节点配置完成,下面配置node2节点
[root@node1 ~]# scp /etc/keepalived/keepalived.conf /etc/nginx/nginx.conf root@192.168.1.109: #复制keepalived和nginx服务的配置文件到node2 [root@node2 ~]# mv nginx.conf /etc/nginx/ [root@node2 ~]# nginx -t [root@node2 ~]# systemctl start nginx [root@node2 ~]# mv keepalived.conf /etc/keepalived/ [root@node2 ~]# vim /etc/keepalived/keepalived.conf #修改如下内容 router_id node2 state BACKUP priority 96 vrrp_instance VI_2 { state MASTER virtual_router_id 43 priority 100 -
至此配置完成,启动keepalived服务后可以使用client访问测试
[root@localhost ~]# curl http://www.ilinux.io <h1>RealServer 1</h1> [root@localhost ~]# curl http://www.ilinux.io <h1>RealServer 2</h1> [root@localhost ~]# curl http://www.ilinux.io <h1>RealServer 1</h1>
网友评论