18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群
阿新 • • 發佈:2017-11-13
18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群
- 18.1 集群介紹
- 18.2 keepalived介紹
- 18.3/18.4/18.5 用keepalived配置高可用集群
- 擴展
- heartbeat和keepalived比較 http://blog.csdn.net/yunhua_lee/article/details/9788433
- DRBD工作原理和配置 http://502245466.blog.51cto.com/7559397/1298945
- mysql+keepalived http://lizhenliang.blog.51cto.com/7876557/1362313
# 18.1 集群介紹
- Linux集群概述
- 根據功能劃分為兩大類:高可用和負載均衡
- 高可用集群通常為兩臺服務器,一臺工作,另外一臺作為冗余,當提供服務的機器宕機,冗余將接替繼續提供服務 //通常
- 對於大企業來說。可用程度達到99.99%或者 是5個9
- 實現高可用的開源軟件有:heartbeat、keepalived //centos6 bug 多,而且很久沒有更新了,不建議繼續使用 ;keepalived不僅有高可用還有負載均衡
- 負載均衡集群,需要有一臺服務器作為分發器,它負責把用戶的請求分發給後端的服務器處理,在這個集群裏,除了分發器外,就是給用戶提供服務的服務器了,這些服務器數量至少為2
- 實現負載均衡的開源軟件有LVS、keepalived、haproxy、nginx,商業的有F5、Netscaler
# 18.2 keepalived介紹
- 在這裏我們使用keepalived來實現高可用集群,因為heartbeat在centos6上有一些問題,影響實驗效果
- keepalived通過VRRP(Virtual Router Redundancy Protocl 中文為:虛擬路由器冗余協議)來實現高可用。來實現高可用。
- 在這個協議裏會將多臺功能相同的路由器組成一個小組,這個小組裏會有1個master角色和N(N>=1)個backup角色。
- master會通過組播的形式向各個backup發送VRRP協議的數據包,當backup收不到master發來的VRRP數據包時,就會認為master宕機了。此時就需要根據各個backup的優先級來決定誰成為新的mater。
- Keepalived要有三個模塊,分別是core、check和vrrp。其中core模塊為keepalived的核心,負責主進程的啟動、維護以及全局配置文件的加載和解析,check模塊負責健康檢查,vrrp模塊是來實現VRRP協議的。
# 18.3 用keepalived配置高可用集群(上)
- 搭建高可用的前提,是先要有一個工具,然後需要有一個服務去讓工具實現高可用,這個實驗,就是讓nginx作為一個服務,讓它成為一個高可用的對象;因為nginx在企業裏使用量比較大,所以就使用他來做服務對象
- 環境準備
- master :192.168.202.131 (已經做過lnmp)
- backup:192.168.202.132(lamp,沒有nginx服務)
- 兩臺機器都安裝keepalived
- 執行yum install -y keepalived
- 為了方便做實驗
- 檢查兩臺機器的selinux,iptables兩個防火墻情況,selinux需要關閉,iptables需要關閉firewalld
- 對backup機器安裝nginx服務
- yum install -y nginx
- 準備兩臺機器aming-01 是131和aming-02 是 132,131作為master,132作為backup
- 兩臺機器都執行yum install -y keepalived
- 先是master 安裝ke
```
[root@aming-01 ~]# yum install -y keepalived
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.sohu.com
* epel: mirrors.ustc.edu.cn
已安裝:
keepalived.x86_64 0:1.3.5-1.el7
作為依賴被安裝:
lm_sensors-libs.x86_64 0:3.4.0-4.20160601gitf9185e5.el7
net-snmp-agent-libs.x86_64 1:5.7.2-28.el7
net-snmp-libs.x86_64 1:5.7.2-28.el7
完畢!
[root@aming-01 ~]#
| 3.6 kB 00:00:00
```
- backup 機器安裝keppalived
```
[root@aming-02 ~]# yum install -y keepalived
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
已安裝:
keepalived.x86_64 0:1.3.5-1.el7
作為依賴被安裝:
lm_sensors-libs.x86_64 0:3.4.0-4.20160601gitf9185e5.el7
net-snmp-agent-libs.x86_64 1:5.7.2-28.el7
net-snmp-libs.x86_64 1:5.7.2-28.el7
完畢!
[root@aming-02 ~]#
```
- 因為之前aming-01 上面做過nginx,所以上面有nginx服務
```
完畢!
[root@aming-01 ~]# ps aux |grep nginx
root 868 0.0 0.1 45992 1280 ? Ss 21:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 873 0.0 0.4 48480 4180 ? S 21:55 0:00 nginx: worker process
nobody 874 0.0 0.3 48480 3924 ? S 21:55 0:00 nginx: worker process
root 2435 0.0 0.0 112684 976 pts/0 S+ 22:03 0:00 grep --color=auto nginx
[root@aming-01 ~]#
```
- 而第二臺aming-02 機器上看下有沒有nginx,沒有就用yum install -y nginx 安裝一個
```
[root@aming-02 ~]# rpm -qa |grep nginx
[root@aming-02 ~]#
[root@aming-02 ~]# yum install -y nginx
已安裝:
nginx.x86_64 1:1.10.2-2.el7
作為依賴被安裝:
gd.x86_64 0:2.0.35-26.el7
gperftools-libs.x86_64 0:2.4-8.el7
libXpm.x86_64 0:3.5.12-1.el7
libunwind.x86_64 2:1.2-2.el7
libxslt.x86_64 0:1.1.28-5.el7
nginx-all-modules.noarch 1:1.10.2-2.el7
nginx-filesystem.noarch 1:1.10.2-2.el7
nginx-mod-http-geoip.x86_64 1:1.10.2-2.el7
nginx-mod-http-image-filter.x86_64 1:1.10.2-2.el7
nginx-mod-http-perl.x86_64 1:1.10.2-2.el7
nginx-mod-http-xslt-filter.x86_64 1:1.10.2-2.el7
nginx-mod-mail.x86_64 1:1.10.2-2.el7
nginx-mod-stream.x86_64 1:1.10.2-2.el7
完畢!
[root@aming-02 ~]#
```
- 在這有倆個nginx 一個是源碼包安裝的nginx ,一個是yum 安裝的nginx ,
- 下面更改配置文件
- master機器配置,服務工具準備好以後,就配置keepalived ,默認的配置文件路徑在
- 先把裏面內容清空,有個快捷鍵 >!$ 添加如下配置,
```
[root@aming-01 ~]# ls /etc/keepalived/keepalived.conf
/etc/keepalived/keepalived.conf
[root@aming-01 ~]# vim /etc/keepalived/keepalived.conf
[root@aming-01 ~]# > !$
> /etc/keepalived/keepalived.conf
[root@aming-01 ~]#
```
- 添加如下配置
```
[root@aming-01 ~]# !vim
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email { //郵件
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" //檢查服務是否正常,通過腳本實現,檢查服務健康狀態
interval 3 //檢查時間
}
vrrp_instance VI_1 {
state MASTER //定義master相關
interface ens33 //通過那個網站使用vrrp協議,配置時,需註意你的網卡配置文件是否是哪個。因為系統ens並不是固定的。
virtual_router_id 51 //定義路由器ID ,配置的時候和從機器一致
priority 100 //權重,
advert_int 1
authentication { //認證相關信息
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress { //定義一個公有IP(VIP)
192.168.188.100 //更改為192.168.202.100
}
track_script {
chk_nginx
}
}
-- 插入 -- 30,2 底端
[root@aming-01 ~]# vim /etc/keepalived/keepalived.conf
```
- 配置文件編輯完了之後還需要定義check腳本
- 定義一個check的腳本
```
[root@aming-01 ~]# vim /usr/local/sbin/check_ng.sh
#!/bin/bash
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx進程數量
n=`ps -C nginx --no-heading|wc -l`
#如果進程為0,則啟動nginx,並且再次檢測nginx進程數量,
#如果還為0,說明nginx無法啟動,此時需要關閉keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
~
~
~
~
-- 插入 -- 15,3 全部
[root@aming-01 ~]# vim /usr/local/sbin/check_ng.sh
[root@aming-01 ~]#
```
# 18.4 用keepalived配置高可用集群(中)
- 寫完腳本之後,還需要對它做一個權限更改,如果沒有權限加載這個腳本的話,它就沒有辦法啟動keepalived服務。
```
[root@aming-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@aming-01 ~]#
```
- 啟動keepalived 服務
```
[root@aming-01 ~]# systemctl start keepalived
[root@aming-01 ~]#
[root@aming-01 ~]# ps aux |grep keep
root 2498 12.9 0.1 120720 1468 ? Ss 22:35 0:07 /usr/sbin/keepalived -D
root 2499 0.0 0.2 120720 2752 ? S 22:35 0:00 /usr/sbin/keepalived -D
root 19605 0.0 0.0 112680 980 pts/0 R+ 22:36 0:00 grep --color=auto keep
[root@aming-01 ~]# ps aux |grep nginx
root 868 0.0 0.1 45992 1280 ? Ss 21:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 873 0.0 0.4 48480 4180 ? S 21:55 0:00 nginx: worker process
nobody 874 0.0 0.3 48480 3924 ? S 21:55 0:00 nginx: worker process
root 30104 0.0 0.0 112680 980 pts/0 R+ 22:37 0:00 grep --color=auto nginx
[root@aming-01 ~]#
```
- 先停止nginx 看看是否會自動啟動,結果是會的,
```
[root@aming-01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [ 確定 ]
[root@aming-01 ~]#
[root@aming-01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [ 確定 ]
[root@aming-01 ~]# ps aux |grep nginx
root 115314 0.0 0.1 45992 1296 ? Ss 22:50 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 115318 0.0 0.3 48480 3940 ? S 22:50 0:00 nginx: worker process
nobody 115319 0.0 0.3 48480 3940 ? S 22:50 0:00 nginx: worker process
root 115345 0.0 0.0 112680 980 pts/0 S+ 22:51 0:00 grep --color=auto nginx
[root@aming-01 ~]#
[root@aming-01 ~]# date
2017年 11月 08日 星期三 22:51:34 CST
[root@aming-01 ~]#
```
- keepalived,它的日誌在哪裏
```
[root@aming-01 ~]# less /var/log/messages
Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102776) died: Respawning
Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102777) died: Respawning
Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102778) died: Respawning
Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102779) died: Respawning
Nov 8 22:48:27 aming-01 rsyslogd-2177: imjournal: begin to drop messages due to rate-limiting
(END)
```
- 來看下它的IP地址,要用ip add ,用ifconfig 看不到的
```
[root@aming-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37
valid_lft 1259sec preferred_lft 1259sec
inet6 fe80::707c:946e:3252:cf7f/64 scope link
valid_lft forever preferred_lft forever
[root@aming-01 ~]#
```
- 使用ifconfig
```
[root@aming-01 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.131 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
RX packets 7277 bytes 6239399 (5.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4120 bytes 413974 (404.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.151 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.134 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::707c:946e:3252:cf7f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet)
RX packets 86 bytes 9064 (8.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 3096 (3.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 10 bytes 876 (876.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 876 (876.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@aming-01 ~]#
```
- 配置從之前,查看下主服務器 有沒有防火墻, 以及selinux,從 也是一樣
```
[root@aming-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@aming-01 ~]#
[root@aming-01 ~]# getenforce
Permissive
[root@aming-01 ~]#
```
- 檢查下從服務器,如果有停止掉
```
[root@aming-02 ~]# systemctl stop firewalld
[root@aming-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@aming-02 ~]#
[root@aming-02 ~]# getenforce
Enforcing
[root@aming-02 ~]# setenforce 0
[root@aming-02 ~]# getenforce
Permissive
[root@aming-02 ~]#
```
- 也需要配置下keepalived,先需要情況裏面的原始的配置文件內容,再添加如下內容
```
[root@aming-02 ~]# > /etc/keepalived/keepalived.conf
[root@aming-02 ~]# vi !$
vi /etc/keepalived/keepalived.conf
[root@aming-02 ~]# vi /etc/keepalived/keepalived.conf
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.202.100 這個網段需要和主一樣
}
track_script {
chk_nginx
}
}
:wq
[root@aming-02 ~]# vi /etc/keepalived/keepalived.conf
[root@aming-02 ~]#
```
- 腳本也需要去寫下
```
[root@aming-02 ~]# vim /usr/local/sbin/check_ng.sh
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx進程數量
n=`ps -C nginx --no-heading|wc -l`
#如果進程為0,則啟動nginx,並且再次檢測nginx進程數量,
#如果還為0,說明nginx無法啟動,此時需要關閉keepalived
if [ $n -eq "0" ]; then
systemctl start nginx
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
~
~
~
~
:wq
[root@aming-02 ~]# vim /usr/local/sbin/check_ng.sh
[root@aming-02 ~]#
```
- 也需要改變權限,不然就啟動不了 keepalived
```
[root@aming-02 ~]# chmod 755 /usr/local/sbin/check_ng.sh
[root@aming-02 ~]#
```
- 啟動keepalived
```
[root@aming-02 ~]# ps aux |grep keep
root 2535 0.0 0.1 120720 1404 ? Ss 23:16 0:00 /usr/sbin/keepalived -D
root 2536 0.0 0.3 127460 3344 ? S 23:16 0:00 /usr/sbin/keepalived -D
root 2537 0.0 0.3 131588 3024 ? S 23:16 0:00 /usr/sbin/keepalived -D
root 2601 0.0 0.0 112680 980 pts/0 S+ 23:16 0:00 grep --color=auto keep
[root@aming-02 ~]#
```
- 主從都啟動了 keepalived,現在倆邊 主從 都有 nginx,那你怎麽去區分這個nginx?
- 先來看下主的ip
```
[root@aming-01 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.131 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
RX packets 7410 bytes 6251067 (5.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5672 bytes 512782 (500.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.151 netmask 255.255.255.0 broadcast 192.168.202.255
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.134 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::707c:946e:3252:cf7f prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet)
RX packets 108 bytes 11608 (11.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 3900 (3.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 10 bytes 876 (876.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 876 (876.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@aming-01 ~]#
```
- 先去windows 上用瀏覽器訪問下
- 這臺機器的默認配置文件
```
[root@aming-01 ~]# cat /usr/local/nginx/conf/vhost/
aaa.com.conf ld.conf proxy.conf ssl.conf test.com.conf
[root@aming-01 ~]# cat /usr/local/nginx/conf/vhost/aaa.com.conf
server
{
listen 80 default_server;
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/aming.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name;
}
}
[root@aming-01 ~]#
[root@aming-01 ~]# vim !$
vim /data/wwwroot/default/index.html
master master. This is the default site.
~
~
:wq
```
- 
- 關於backup ,從服務器 上面,它的nginx 是yum安裝的
```
[root@aming-02 ~]# vim /usr/share/nginx/html/index.html
[root@aming-02 ~]# cat !$
cat /usr/share/nginx/html/index.html
backup backup.
[root@aming-02 ~]#
```
- 查看下nginx服務,這個是我們手動起來的,可以停掉試下
```
[root@aming-02 ~]# ps aux |grep nginx
root 2561 0.0 0.2 122792 2084 ? Ss 23:16 0:00 nginx: master process /usr/sbin/nginx
nginx 2562 0.0 0.3 123224 3576 ? S 23:16 0:00 nginx: worker process
root 6985 0.0 0.0 112680 976 pts/0 S+ 23:43 0:00 grep --color=auto nginx
[root@aming-02 ~]#
[root@aming-02 ~]# systemctl stop nginx
[root@aming-02 ~]# !ps
ps aux |grep nginx
root 7155 0.0 0.2 122792 2084 ? Ss 23:44 0:00 nginx: master process /usr/sbin/nginx
nginx 7156 0.0 0.3 123224 3128 ? S 23:44 0:00 nginx: worker process
root 7161 0.0 0.0 112680 980 pts/0 S+ 23:44 0:00 grep --color=auto nginx
[root@aming-02 ~]#
```
- 因為開啟了keepalived 服務,所以即使停掉nginx服務,它也會自動加載起來的
# 18.5 用keepalived配置高可用集群(下)
- 先確定好兩臺機器上nginx差異,比如可以通過curl -I 來查看nginx版本
- 測試1:關閉master上的nginx服務
我們之前都已經測試過了,關閉還是會繼續運行,因為加了那個腳本 開啟了keepalived服務
- 測試2:在master上增加iptabls規則
- iptables -I OUTPUT -p vrrp -j DROP
- 測試3:關閉master上的keepalived服務
- 測試4:啟動master上的keepalived服務
- 這個vip 是在主上 master 上
```
[root@aming-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37
valid_lft 1369sec preferred_lft 1369sec
inet6 fe80::707c:946e:3252:cf7f/64 scope link
valid_lft forever preferred_lft forever
[root@aming-01 ~]#
```
- backup上是沒有的
```
[root@aming-02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:58:33:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.132/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.152/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::4500:6d42:8612:4e53/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@aming-02 ~]#
```
- 咱們在主上加一個防火墻規則
- 把主上的vrrp進去的包給封掉 iptables -I OUTPUT -p vrrp -j DROP
```
[root@aming-01 ~]# iptables -I OUTPUT -p vrrp -j DROP
[root@aming-01 ~]#
[root@aming-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 109 packets, 5868 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 32 packets, 2968 bytes)
pkts bytes target prot opt in out source destination
74 2960 DROP 112 -- * * 0.0.0.0/0 0.0.0.0/0
[root@aming-01 ~]#
```
- 看下日誌
```
[root@aming-01 ~]# tail /var/log/messages
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: VRRP_Instance(VI_1) Received advert with lower priority 90, ours 100, forcing new election
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100
[root@aming-01 ~]#
```
- 再看下從
```
[root@aming-02 ~]# less /var/log/messages
Nov 7 22:01:01 aming-02 systemd: Started Session 4 of user root.
Nov 7 22:01:01 aming-02 systemd: Starting Session 4 of user root.
Nov 7 23:01:01 aming-02 systemd: Started Session 5 of user root.
Nov 7 23:01:01 aming-02 systemd: Starting Session 5 of user root.
Nov 7 23:49:27 aming-02 kernel: hrtimer: interrupt took 6003226 ns
Nov 8 00:01:01 aming-02 systemd: Started Session 6 of user root.
Nov 8 00:01:01 aming-02 systemd: Starting Session 6 of user root.
Nov 8 00:33:47 aming-02 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="834" x-info="http://www.rsyslog.com"] exiting on signal 15.
Nov 8 21:55:29 aming-02 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="827" x-info="http://www.rsyslog.com"] start
Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpuset
Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpu
Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpuacct
Nov 8 21:55:09 aming-02 kernel: Linux version 3.10.0-514.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016
Nov 8 21:55:09 aming-02 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.el7.x86_64 root=UUID=9a2a0d05-a7ab-4948-bbd2-77b2b7d5f565 ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8
Nov 8 21:55:09 aming-02 kernel: Disabled fast string operations
Nov 8 21:55:09 aming-02 kernel: e820: BIOS-provided physical RAM map:
Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable
Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved
Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved
/var/log/messages
```
- 
- 這個也照常可以訪問,說明直接封這裏的ip是不能直接達到目的的
- 先把這個iptables 規則恢復
```
[root@aming-01 ~]# iptables -F
[root@aming-01 ~]#
```
- 那怎麽樣模仿現實中宕機的環境,
- 只能暫停keepalived服務試下
```
[root@aming-01 ~]# systemctl stop keepalived
[root@aming-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37
valid_lft 1452sec preferred_lft 1452sec
inet6 fe80::707c:946e:3252:cf7f/64 scope link
valid_lft forever preferred_lft forever
[root@aming-01 ~]#
```
- 再去從服務器看看
```
[root@aming-02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:58:33:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.132/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.152/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::4500:6d42:8612:4e53/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@aming-02 ~]#
[root@aming-02 ~]# tail /var/log/messages
Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
[root@aming-02 ~]#
```
- 訪問日誌可以看到,ip被增加了,現在來訪問下web
- 
- 可以看到發生了改變,說明vip 已經到了從機器上
- 那再把這個keepalived服務 開啟
```
[root@aming-01 ~]# systemctl start keepalived
[root@aming-01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::ecdd:28b7:612b:cb7/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37
valid_lft 1276sec preferred_lft 1276sec
inet6 fe80::707c:946e:3252:cf7f/64 scope link
valid_lft forever preferred_lft forever
[root@aming-01 ~]#
```
- 可以看到馬上就能變回來,再看下web訪問
- 
- 看下從上面的日誌, 顯示 removing protocol VIPs
```
[root@aming-02 ~]# tail /var/log/messages
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100
Nov 9 00:32:17 aming-02 chronyd[482]: Selected source 120.25.108.11
Nov 9 00:32:17 aming-02 chronyd[482]: System clock wrong by -1.225785 seconds, adjustment started
Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 90
Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) removing protocol VIPs.
[root@aming-02 ~]#
```
- 因為主機器宕機,從機器很快的就加入了vip地址,這個時候訪問vip地址的時候,看到的頁面是
- 從機器上的默認索引頁,證明整個實驗成功
- 這就是高可用的一個集群,通常會用倆臺機器,有的企業為了保險,可能會用2-3臺backup18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群