一、簡(jiǎn)述HA cluster原理
高可用集群慎璧,英文原文為High Availability Cluster逮栅,簡(jiǎn)稱HA Cluster;集群(cluster)就是一組計(jì)算機(jī)钱贯,它們作為一個(gè)整體向用戶提供一組網(wǎng)絡(luò)資源挫掏。這些單個(gè)的計(jì)算機(jī)系統(tǒng)就是集群的節(jié)點(diǎn)(node)。高可用性集群(HA cluster)是指如單系統(tǒng)一樣地運(yùn)行并支持(計(jì)算機(jī))持續(xù)正常運(yùn)行的一個(gè)主機(jī)群秩命。
高可用集群的出現(xiàn)是為了使集群的整體服務(wù)盡可能可用尉共,從而減少由計(jì)算機(jī)硬件和軟件易錯(cuò)性所帶來(lái)的損失。如果某個(gè)節(jié)點(diǎn)失效弃锐,它的備援節(jié)點(diǎn)將在幾秒鐘的時(shí)間內(nèi)接管它的職責(zé)袄友。因此,對(duì)于用戶而言霹菊,集群永遠(yuǎn)不會(huì)停機(jī)剧蚣。高可用集群軟件的主要作用就是實(shí)現(xiàn)故障檢查和業(yè)務(wù)切換的自動(dòng)化。
簡(jiǎn)單的說(shuō)高可用集群就是為了解決集群中的單點(diǎn)故障(SPoF)旋廷,保證服務(wù)不間斷運(yùn)行的冗余(redundant)手段鸠按。
- SPoF:Single Point of Failure;單點(diǎn)故障
- 冗余(redundant):在兩個(gè)節(jié)點(diǎn)上裝一個(gè)軟件程序饶碘,根據(jù)判斷狀態(tài)完成資源轉(zhuǎn)移目尖;
高可用集群的衡量標(biāo)準(zhǔn)
通常用平均無(wú)故障時(shí)間(MTTF)來(lái)度量系統(tǒng)的可靠性,用平均故障維修時(shí)間(MTTR)來(lái)度量系統(tǒng)的可維護(hù)性扎运。于是可用性被定義為:HA=MTTF/(MTTF+MTTR)*100%
- 可用性衡量指標(biāo):
· 基本可用性:2個(gè)9瑟曲;99%饮戳;年度停機(jī)時(shí)間87.6小時(shí)
· 較高可用性:3個(gè)9;99.9%洞拨;年度停機(jī)時(shí)間8.8小時(shí)
· 具有故障自動(dòng)恢復(fù)能力的可用性:4個(gè)9扯罐;99.99%;年度停機(jī)時(shí)間53分鐘
· 極高可用性:5個(gè)9烦衣;99.999%篮赢;年度停機(jī)時(shí)間5分鐘
二、keepalived
- KeepAlived主要有兩個(gè)功能:
- (1).能夠?qū)ealServer進(jìn)行健康狀況檢查琉挖,支持4層启泣、5層和7層協(xié)議進(jìn)行健康檢查;
- (2).對(duì)負(fù)載均衡調(diào)度器實(shí)現(xiàn)高可用示辈,防止Director單點(diǎn)故障寥茫。
KeepAlived工作過(guò)程:
keepalived實(shí)現(xiàn)故障轉(zhuǎn)移的功能是通過(guò)VRRP(virtual router redundancy protocol虛擬路由器冗余協(xié)議)協(xié)議來(lái)實(shí)現(xiàn)的。在keepalived正常工作的時(shí)候矾麻,主節(jié)點(diǎn)(master)會(huì)不斷的發(fā)送心跳信息給備節(jié)點(diǎn)(backup)纱耻,當(dāng)備節(jié)點(diǎn)不能在一定時(shí)間內(nèi)收到主節(jié)點(diǎn)的心跳信息時(shí),備節(jié)點(diǎn)會(huì)認(rèn)為節(jié)點(diǎn)宕了险耀,然后會(huì)接管主節(jié)點(diǎn)上的資源弄喘,并繼續(xù)向外提供服務(wù)保證其可用性。當(dāng)主節(jié)點(diǎn)恢復(fù)的時(shí)候甩牺,備節(jié)點(diǎn)會(huì)自動(dòng)讓出資源并再次自動(dòng)成為備節(jié)點(diǎn)蘑志。KeepAlived基于vrrp協(xié)議的軟件實(shí)現(xiàn),原生設(shè)計(jì)的目的為了高可用ipvs服務(wù)贬派;
- 基于vrrp協(xié)議完成地址流動(dòng)急但;
- 為vip地址所在的節(jié)點(diǎn)生成ipvs規(guī)則(在配置文件中預(yù)先定義);
- 為ipvs集群的各RS做健康狀態(tài)檢測(cè)搞乏;
- 基于腳本調(diào)用接口通過(guò)執(zhí)行腳本完成腳本中定義的功能波桩,進(jìn)而影響集群事務(wù);
- HA Cluser的配置前提:
(1) 各節(jié)點(diǎn)時(shí)間必須同步请敦;ntp镐躲,chrony
(2) 確保iptales及selinux不會(huì)成為阻礙;
(3) 各節(jié)點(diǎn)之間可通過(guò)主機(jī)名互相通信(對(duì)KA并非必須)侍筛;
建議使用/etc/hosts文件實(shí)現(xiàn)萤皂;
(4) 確保各節(jié)點(diǎn)的用于集群服務(wù)的接口支持MULTICAST通信;
D類:224-239 - Keepalived安裝配置:
在CentOS6.4以后勾笆,keepalived隨base倉(cāng)庫(kù)提供敌蚜;
程序環(huán)境:
主配置文件:/etc/keepalived/keepalived.conf
主程序文件:/usr/sbin/keepalived
nit File:keepalived.service
Unit File的環(huán)境配置文件:/etc/sysconfig/keepalived配置文件組件部分:
TOP HIERACHY
- GLOBAL CONFIGURATION
- Global definitions
- Static routes/addresses
- VRRPD CONFIGURATION
- VRRP synchronization group(s):vrrp同步組桥滨;
- VRRP instance(s):每個(gè)vrrp instance即一個(gè)vrrp路由器窝爪;
- LVS CONFIGURATION
- Virtual server group(s)
- Virtual server(s):ipvs集群的vs和rs弛车;
-
配置語(yǔ)法 :
- 配置虛擬器:
vrrp_instance <STRING> { ...... }
- 專用參數(shù):
state MASTER|BACKUP:當(dāng)前節(jié)點(diǎn)在此虛擬路由器上的初始狀態(tài);只能有一個(gè)是MASTER蒲每,余下的都應(yīng)該為BACKUP纷跛;
interface IFACE_NAME:綁定為當(dāng)前虛擬路由器使用的物理接口;
virtual_router_id VRID:當(dāng)前虛擬路由器的唯一標(biāo)識(shí)邀杏,范圍是0-255贫奠;
priority 100:當(dāng)前主機(jī)在此虛擬路由器中的優(yōu)先級(jí);范圍1-254望蜡;
advert_int 1:vrrp通告的時(shí)間間隔唤崭;
authentication {
auth_type AH|PASS
auth_pass <PASSWORD>
}
virtual_ipaddress {
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
192.168.200.16/24 dev eth1
192.168.200.17/24 dev eth2 label eth2:1
}
track_interface {
eth0
eth1
...
}
# 配置要監(jiān)控的網(wǎng)絡(luò)接口,一旦接口出現(xiàn)故障脖律,則轉(zhuǎn)為FAULT狀態(tài)谢肾;
# nopreempt:定義工作模式為非搶占模式;
# preempt_delay 300:搶占模式下小泉,節(jié)點(diǎn)上線后觸發(fā)新選舉操作的延遲時(shí)長(zhǎng)芦疏;
- 定義通知腳本:
notify_master <STRING>|<QUOTED-STRING>:當(dāng)前節(jié)點(diǎn)成為主節(jié)點(diǎn)時(shí)觸發(fā)的腳本;
notify_backup <STRING>|<QUOTED-STRING>:當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為備節(jié)點(diǎn)時(shí)觸發(fā)的腳本微姊;
notify_fault <STRING>|<QUOTED-STRING>:當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為“失敗”狀態(tài)時(shí)觸發(fā)的腳本酸茴;
notify <STRING>|<QUOTED-STRING>:通用格式的通知觸發(fā)機(jī)制,一個(gè)腳本可完成以上三種狀態(tài)的轉(zhuǎn)換時(shí)的通知兢交;
- 虛擬服務(wù)器:
配置參數(shù):
virtual_server IP port |
virtual_server fwmark int
{
...
real_server {
...
}
...
}
常用參數(shù):
delay_loop <INT>:服務(wù)輪詢的時(shí)間間隔薪捍;
lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定義調(diào)度方法;
lb_kind NAT|DR|TUN:集群的類型配喳;
persistence_timeout <INT>:持久連接時(shí)長(zhǎng)飘诗;
protocol TCP:服務(wù)協(xié)議,僅支持TCP界逛;
sorry_server <IPADDR> <PORT>:備用服務(wù)器地址昆稿;
real_server <IPADDR> <PORT>
{
weight <INT>
notify_up <STRING>|<QUOTED-STRING>
notify_down <STRING>|<QUOTED-STRING>
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定義當(dāng)前主機(jī)的健康狀態(tài)檢測(cè)方法;
}
- HTTP_GET|SSL_GET:應(yīng)用層檢測(cè)
HTTP_GET|SSL_GET {
url {
path <URL_PATH>:定義要監(jiān)控的URL息拜;
status_code <INT>:判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)碼溉潭;
digest <STRING>:判斷上述檢測(cè)機(jī)制為健康狀態(tài)的響應(yīng)的內(nèi)容的校驗(yàn)碼;
}
nb_get_retry <INT>:重試次數(shù)少欺;
delay_before_retry <INT>:重試之前的延遲時(shí)長(zhǎng)喳瓣;
connect_ip <IP ADDRESS>:向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測(cè)請(qǐng)求
connect_port <PORT>:向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測(cè)請(qǐng)求
bindto <IP ADDRESS>:發(fā)出健康狀態(tài)檢測(cè)請(qǐng)求時(shí)使用的源地址;
bind_port <PORT>:發(fā)出健康狀態(tài)檢測(cè)請(qǐng)求時(shí)使用的源端口赞别;
connect_timeout <INTEGER>:連接請(qǐng)求的超時(shí)時(shí)長(zhǎng)畏陕;
}
- TCP_CHECK:傳輸層檢測(cè)
TCP_CHECK {
connect_ip <IP ADDRESS>:向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測(cè)請(qǐng)求
connect_port <PORT>:向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測(cè)請(qǐng)求
bindto <IP ADDRESS>:發(fā)出健康狀態(tài)檢測(cè)請(qǐng)求時(shí)使用的源地址;
bind_port <PORT>:發(fā)出健康狀態(tài)檢測(cè)請(qǐng)求時(shí)使用的源端口仿滔;
connect_timeout <INTEGER>:連接請(qǐng)求的超時(shí)時(shí)長(zhǎng)惠毁;
}
三犹芹、Keepalived實(shí)現(xiàn)主從、主主架構(gòu)
- 主從配置:
準(zhǔn)備2個(gè)節(jié)點(diǎn):node1:192.168.80.136鞠绰;node2:192.168.80.230
同步時(shí)間:[root@node1 ~]# ntpdate 192.168.80.1
安裝配置keepalived:
在node1如下配置
[root@node1 ~]# yum install -y keepalived #安裝keepalived
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# cp keepalived.conf{,.bak} #備份keepalived原始配置文件
[root@node1 keepalived]# vim keepalived.conf
# 在打開的文件中配置如下內(nèi)容
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.105.33
}
vrrp_instance VI_1 {
state MASTER #當(dāng)前節(jié)點(diǎn)在此虛擬路由器上的初始狀態(tài)腰埂;只能有一個(gè)是MASTER,余下的都應(yīng)該為BACKUP蜈膨;
interface eth33
virtual_router_id 33
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
}
在node2節(jié)點(diǎn)上如下配置:
[root@node2 ~]# yum install -y keepalived #安裝keepalived
[root@node2 ~]# cd /etc/keepalived
[root@node2 keepalived]# cp keepalived.conf{,.bak} #備份keepalived原始配置文件
[root@node2 keepalived]# vim keepalived.conf
# 在打開的文件中配置如下內(nèi)容
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.1.105.33
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 33
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
}
啟動(dòng)node2節(jié)點(diǎn)keepalived測(cè)試
[root@node2 keepalived]# systemctl start keepalived
[root@node2 keepalived]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.80.93 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:40:ee:7c txqueuelen 1000 (Ethernet)
...
[root@node2 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-01-16 12:24:22 CST; 5s ago
Process: 3069 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3070 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─3070 /usr/sbin/keepalived -D
├─3071 /usr/sbin/keepalived -D
└─3072 /usr/sbin/keepalived -D
Jan 16 12:24:22 node2 Keepalived_healthcheckers[3071]: Activating healthchecker for service [10.10.10.3]:1358
Jan 16 12:24:25 node2 Keepalived_vrrp[3072]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: VRRP_Instance(VI_1) Entering MASTER STATE
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: VRRP_Instance(VI_1) setting protocol VIPs.
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 f...80.93
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 12:24:26 node2 Keepalived_vrrp[3072]: Sending gratuitous ARP on ens33 for 192.168.80.93
# 在node1節(jié)點(diǎn)上抓包測(cè)試
[root@node1 keepalived]# tcpdump -i ens33 -nn host 224.1.105.33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
12:25:16.821399 IP 192.168.80.230 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 96, authtype simple, intvl 1s, length 20
12:25:17.822579 IP 192.168.80.230 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 96, authtype simple, intvl 1s, length 20
啟動(dòng)node1節(jié)點(diǎn)keepalived:
[root@node1 keepalived]# systemctl start keepalived
[root@node1 keepalived]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.80.93 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:44:bc:b6 txqueuelen 1000 (Ethernet)
...
[root@node1 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-01-16 16:42:49 CST; 5s ago
Process: 6090 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6091 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─6091 /usr/sbin/keepalived -D
├─6092 /usr/sbin/keepalived -D
└─6093 /usr/sbin/keepalived -D
Jan 16 16:42:49 node1 Keepalived_vrrp[6093]: VRRP_Instance(VI_1) forcing a new MASTER election
Jan 16 16:42:50 node1 Keepalived_vrrp[6093]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: VRRP_Instance(VI_1) Entering MASTER STATE
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: VRRP_Instance(VI_1) setting protocol VIPs.
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 f...80.93
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 16:42:51 node1 Keepalived_vrrp[6093]: Sending gratuitous ARP on ens33 for 192.168.80.93
Hint: Some lines were ellipsized, use -l to show in full.
# node2節(jié)點(diǎn)抓包測(cè)試
[root@node2 keepalived]# tcpdump -i ens33 -nn host 224.1.105.33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:45:21.875150 IP 192.168.80.136 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
16:45:22.876093 IP 192.168.80.136 > 224.1.105.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
- 雙主模式配置
# node1節(jié)點(diǎn)上修改keepalived.cnf配置文件屿笼,在最后添加如下內(nèi)容
vrrp_instance VI_2 {
stat BACKUP
interface ens33
virtual_router_id 34
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass XXXX1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
}
# node2節(jié)點(diǎn)上修改keepalived.conf配置文件,在最后添加如下內(nèi)容
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 34
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass XXXX1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
}
# 停止keepalived服務(wù)翁巍,再重新啟動(dòng)
[root@node2 keepalived]# systemctl stop keepalived
[root@node2 keepalived]# systemctl start keepalived
[root@node2 keepalived]# ip a l
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:40:ee:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.80.230/24 brd 192.168.80.255 scope global noprefixroute dynamic ens33
valid_lft 62510sec preferred_lft 62510sec
inet 192.168.80.93/32 scope global ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::9c20:6c3a:b648:5b22/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::5291:5f99:50eb:805/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
...
[root@node2 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-01-16 17:37:47 CST; 6min ago
Process: 6300 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6302 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─6302 /usr/sbin/keepalived -D
├─6303 /usr/sbin/keepalived -D
└─6304 /usr/sbin/keepalived -D
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Adding sorry server [192.168.200.200]:1358 to VS [10.1...1358
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Removing alive servers from the pool for VS [10.10.10.2]:1358
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Remote SMTP server [127.0.0.1]:25 connected.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: SMTP alert successfully sent.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Timeout connecting server [192.168.201.100]:443.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Check on service [192.168.201.100]:443 failed after 3 retry.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Removing service [192.168.201.100]:443 from VS [192.16...:443
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Remote SMTP server [127.0.0.1]:25 connected.
Jan 16 17:38:15 node2 Keepalived_healthcheckers[6303]: SMTP alert successfully sent.
Hint: Some lines were ellipsized, use -l to show in full.
You have new mail in /var/spool/mail/root
# 重新啟動(dòng)node1節(jié)點(diǎn)的keepalived服務(wù)
[root@node1 keepalived]# systemctl start keepalived
[root@node1 keepalived]# ip a l
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:44:bc:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.136/24 brd 192.168.80.255 scope global noprefixroute dynamic ens33
valid_lft 62131sec preferred_lft 62131sec
inet 192.168.80.93/32 scope global ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::5291:5f99:50eb:805/64 scope link noprefixroute
valid_lft forever preferred_lft forever
...
[root@node1 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-01-16 17:44:08 CST; 10s ago
Process: 6681 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6682 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─6682 /usr/sbin/keepalived -D
├─6683 /usr/sbin/keepalived -D
└─6684 /usr/sbin/keepalived -D
Jan 16 17:44:15 node1 Keepalived_healthcheckers[6683]: Timeout connecting server [192.168.200.4]:1358.
Jan 16 17:44:15 node1 Keepalived_healthcheckers[6683]: Timeout connecting server [192.168.200.5]:1358.
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 f...80.93
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 17:44:16 node1 Keepalived_vrrp[6684]: Sending gratuitous ARP on ens33 for 192.168.80.93
Jan 16 17:44:17 node1 Keepalived_healthcheckers[6683]: Timeout connecting server [192.168.200.3]:1358.
Jan 16 17:44:17 node1 Keepalived_healthcheckers[6683]: Timeout connecting server [192.168.201.100]:443.
Hint: Some lines were ellipsized, use -l to show in full.
[root@node1 keepalived]# vim keepalived.conf
You have new mail in /var/spool/mail/root
# 在node2節(jié)點(diǎn)上status查看狀態(tài)
[root@node2 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-01-16 17:37:47 CST; 6min ago
Process: 6300 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 6302 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─6302 /usr/sbin/keepalived -D
├─6303 /usr/sbin/keepalived -D
└─6304 /usr/sbin/keepalived -D
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: SMTP alert successfully sent.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Timeout connecting server [192.168.201.100]:443.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Check on service [192.168.201.100]:443 failed after 3 retry.
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Removing service [192.168.201.100]:443 from VS [192.16...:443
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Jan 16 17:38:14 node2 Keepalived_healthcheckers[6303]: Remote SMTP server [127.0.0.1]:25 connected.
Jan 16 17:38:15 node2 Keepalived_healthcheckers[6303]: SMTP alert successfully sent.
Jan 16 17:44:09 node2 Keepalived_vrrp[6304]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 96
Jan 16 17:44:09 node2 Keepalived_vrrp[6304]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jan 16 17:44:09 node2 Keepalived_vrrp[6304]: VRRP_Instance(VI_1) removing protocol VIPs.
Hint: Some lines were ellipsized, use -l to show in full.
- 通知腳本使用方式
#編輯通知腳本
#!/bin/bash
#keepalived 郵件通知腳本
#date:2019-1-16
contact = 'root@localhost'
notify () {
local mailsubject="$(hostname) to be $1 vip floating"
local mailbody="$(date + '%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
# 在keepalived.conf中的vrrp實(shí)例中添加如下內(nèi)容
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 33
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
-
以dr集群架構(gòu)配置示例
dr架構(gòu).png
[root@node1 keepalived]# yum install -y ipvsadm #安裝ipvsadm以便查看生成的規(guī)則
# 編輯keepalived.conf為node1和node2生成規(guī)則
[root@node1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.105.33
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 33
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.93 dev ens33 label ens33:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.80.93 80 {
delay_loop 1
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 192.168.80.176 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_conde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.80.85 80 {
weight 1
HTTP_GET {
url {
path /index.html
status_conde 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
# 將此配置文件拷貝到node2節(jié)點(diǎn),并修改以下幾行
router_id node2
state BACKUP
priority 96
# 重新啟動(dòng)node2節(jié)點(diǎn)的keepalived服務(wù)
[root@node2 keepalived]# systemctl stop keepalived
[root@node2 keepalived]# systemctl start keepalived
[root@node2 keepalived]# ifconfig
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.80.93 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:40:ee:7c txqueuelen 1000 (Ethernet)
...
[root@node2 keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.80.93:80 wrr
-> 192.168.80.85:80 Route 1 0 0
-> 192.168.80.176:80 Route 1 0 0
# 啟動(dòng)node1的keepalived服務(wù),通過(guò)下面查看ip和status后看到node1已經(jīng)成功上線
[root@node2 keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.80.93:80 wrr
-> 192.168.80.85:80 Route 1 0 0
-> 192.168.80.176:80 Route 1 0 0
# 使用client訪問(wèn)服務(wù)正常
[root@localhost ~]# curl http://192.168.80.93
<h1>RealServer 1</h1>
[root@localhost ~]# curl http://192.168.80.93
<h1>RealServer 2</h1>
