18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群
阿新 • • 發佈:2017-11-13
18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群
- 18.1 集群介紹 - 18.2 keepalived介紹 - 18.3/18.4/18.5 用keepalived配置高可用集群 - 擴展 - heartbeat和keepalived比較 http://blog.csdn.net/yunhua_lee/article/details/9788433 - DRBD工作原理和配置 http://502245466.blog.51cto.com/7559397/1298945 - mysql+keepalived http://lizhenliang.blog.51cto.com/7876557/1362313 # 18.1 集群介紹 - Linux集群概述 - 根據功能劃分為兩大類:高可用和負載均衡 - 高可用集群通常為兩臺服務器,一臺工作,另外一臺作為冗余,當提供服務的機器宕機,冗余將接替繼續提供服務 //通常 - 對於大企業來說。可用程度達到99.99%或者 是5個9 - 實現高可用的開源軟件有:heartbeat、keepalived //centos6 bug 多,而且很久沒有更新了,不建議繼續使用 ;keepalived不僅有高可用還有負載均衡 - 負載均衡集群,需要有一臺服務器作為分發器,它負責把用戶的請求分發給後端的服務器處理,在這個集群裏,除了分發器外,就是給用戶提供服務的服務器了,這些服務器數量至少為2 - 實現負載均衡的開源軟件有LVS、keepalived、haproxy、nginx,商業的有F5、Netscaler # 18.2 keepalived介紹 - 在這裏我們使用keepalived來實現高可用集群,因為heartbeat在centos6上有一些問題,影響實驗效果 - keepalived通過VRRP(Virtual Router Redundancy Protocl 中文為:虛擬路由器冗余協議)來實現高可用。來實現高可用。 - 在這個協議裏會將多臺功能相同的路由器組成一個小組,這個小組裏會有1個master角色和N(N>=1)個backup角色。 - master會通過組播的形式向各個backup發送VRRP協議的數據包,當backup收不到master發來的VRRP數據包時,就會認為master宕機了。此時就需要根據各個backup的優先級來決定誰成為新的mater。 - Keepalived要有三個模塊,分別是core、check和vrrp。其中core模塊為keepalived的核心,負責主進程的啟動、維護以及全局配置文件的加載和解析,check模塊負責健康檢查,vrrp模塊是來實現VRRP協議的。 # 18.3 用keepalived配置高可用集群(上) - 搭建高可用的前提,是先要有一個工具,然後需要有一個服務去讓工具實現高可用,這個實驗,就是讓nginx作為一個服務,讓它成為一個高可用的對象;因為nginx在企業裏使用量比較大,所以就使用他來做服務對象 - 環境準備 - master :192.168.202.131 (已經做過lnmp) - backup:192.168.202.132(lamp,沒有nginx服務) - 兩臺機器都安裝keepalived - 執行yum install -y keepalived - 為了方便做實驗 - 檢查兩臺機器的selinux,iptables兩個防火墻情況,selinux需要關閉,iptables需要關閉firewalld - 對backup機器安裝nginx服務 - yum install -y nginx - 準備兩臺機器aming-01 是131和aming-02 是 132,131作為master,132作為backup - 兩臺機器都執行yum install -y keepalived - 先是master 安裝ke ``` [root@aming-01 ~]# yum install -y keepalived 已加載插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.sohu.com * epel: mirrors.ustc.edu.cn 已安裝: keepalived.x86_64 0:1.3.5-1.el7 作為依賴被安裝: lm_sensors-libs.x86_64 0:3.4.0-4.20160601gitf9185e5.el7 net-snmp-agent-libs.x86_64 1:5.7.2-28.el7 net-snmp-libs.x86_64 1:5.7.2-28.el7 完畢! [root@aming-01 ~]# | 3.6 kB 00:00:00 ``` - backup 機器安裝keppalived ``` [root@aming-02 ~]# yum install -y keepalived 已加載插件:fastestmirror Loading mirror speeds from cached hostfile 已安裝: keepalived.x86_64 0:1.3.5-1.el7 作為依賴被安裝: lm_sensors-libs.x86_64 0:3.4.0-4.20160601gitf9185e5.el7 net-snmp-agent-libs.x86_64 1:5.7.2-28.el7 net-snmp-libs.x86_64 1:5.7.2-28.el7 完畢! [root@aming-02 ~]# ``` - 因為之前aming-01 上面做過nginx,所以上面有nginx服務 ``` 完畢! [root@aming-01 ~]# ps aux |grep nginx root 868 0.0 0.1 45992 1280 ? Ss 21:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 873 0.0 0.4 48480 4180 ? S 21:55 0:00 nginx: worker process nobody 874 0.0 0.3 48480 3924 ? S 21:55 0:00 nginx: worker process root 2435 0.0 0.0 112684 976 pts/0 S+ 22:03 0:00 grep --color=auto nginx [root@aming-01 ~]# ``` - 而第二臺aming-02 機器上看下有沒有nginx,沒有就用yum install -y nginx 安裝一個 ``` [root@aming-02 ~]# rpm -qa |grep nginx [root@aming-02 ~]# [root@aming-02 ~]# yum install -y nginx 已安裝: nginx.x86_64 1:1.10.2-2.el7 作為依賴被安裝: gd.x86_64 0:2.0.35-26.el7 gperftools-libs.x86_64 0:2.4-8.el7 libXpm.x86_64 0:3.5.12-1.el7 libunwind.x86_64 2:1.2-2.el7 libxslt.x86_64 0:1.1.28-5.el7 nginx-all-modules.noarch 1:1.10.2-2.el7 nginx-filesystem.noarch 1:1.10.2-2.el7 nginx-mod-http-geoip.x86_64 1:1.10.2-2.el7 nginx-mod-http-image-filter.x86_64 1:1.10.2-2.el7 nginx-mod-http-perl.x86_64 1:1.10.2-2.el7 nginx-mod-http-xslt-filter.x86_64 1:1.10.2-2.el7 nginx-mod-mail.x86_64 1:1.10.2-2.el7 nginx-mod-stream.x86_64 1:1.10.2-2.el7 完畢! [root@aming-02 ~]# ``` - 在這有倆個nginx 一個是源碼包安裝的nginx ,一個是yum 安裝的nginx , - 下面更改配置文件 - master機器配置,服務工具準備好以後,就配置keepalived ,默認的配置文件路徑在 - 先把裏面內容清空,有個快捷鍵 >!$ 添加如下配置, ``` [root@aming-01 ~]# ls /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf [root@aming-01 ~]# vim /etc/keepalived/keepalived.conf [root@aming-01 ~]# > !$ > /etc/keepalived/keepalived.conf [root@aming-01 ~]# ``` - 添加如下配置 ``` [root@aming-01 ~]# !vim vim /etc/keepalived/keepalived.conf global_defs { notification_email { //郵件 [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" //檢查服務是否正常,通過腳本實現,檢查服務健康狀態 interval 3 //檢查時間 } vrrp_instance VI_1 { state MASTER //定義master相關 interface ens33 //通過那個網站使用vrrp協議,配置時,需註意你的網卡配置文件是否是哪個。因為系統ens並不是固定的。 virtual_router_id 51 //定義路由器ID ,配置的時候和從機器一致 priority 100 //權重, advert_int 1 authentication { //認證相關信息 auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { //定義一個公有IP(VIP) 192.168.188.100 //更改為192.168.202.100 } track_script { chk_nginx } } -- 插入 -- 30,2 底端 [root@aming-01 ~]# vim /etc/keepalived/keepalived.conf ``` - 配置文件編輯完了之後還需要定義check腳本 - 定義一個check的腳本 ``` [root@aming-01 ~]# vim /usr/local/sbin/check_ng.sh #!/bin/bash #時間變量,用於記錄日誌 d=`date --date today +%Y%m%d_%H:%M:%S` #計算nginx進程數量 n=`ps -C nginx --no-heading|wc -l` #如果進程為0,則啟動nginx,並且再次檢測nginx進程數量, #如果還為0,說明nginx無法啟動,此時需要關閉keepalived if [ $n -eq "0" ]; then /etc/init.d/nginx start n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi ~ ~ ~ ~ -- 插入 -- 15,3 全部 [root@aming-01 ~]# vim /usr/local/sbin/check_ng.sh [root@aming-01 ~]# ``` # 18.4 用keepalived配置高可用集群(中) - 寫完腳本之後,還需要對它做一個權限更改,如果沒有權限加載這個腳本的話,它就沒有辦法啟動keepalived服務。 ``` [root@aming-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh [root@aming-01 ~]# ``` - 啟動keepalived 服務 ``` [root@aming-01 ~]# systemctl start keepalived [root@aming-01 ~]# [root@aming-01 ~]# ps aux |grep keep root 2498 12.9 0.1 120720 1468 ? Ss 22:35 0:07 /usr/sbin/keepalived -D root 2499 0.0 0.2 120720 2752 ? S 22:35 0:00 /usr/sbin/keepalived -D root 19605 0.0 0.0 112680 980 pts/0 R+ 22:36 0:00 grep --color=auto keep [root@aming-01 ~]# ps aux |grep nginx root 868 0.0 0.1 45992 1280 ? Ss 21:55 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 873 0.0 0.4 48480 4180 ? S 21:55 0:00 nginx: worker process nobody 874 0.0 0.3 48480 3924 ? S 21:55 0:00 nginx: worker process root 30104 0.0 0.0 112680 980 pts/0 R+ 22:37 0:00 grep --color=auto nginx [root@aming-01 ~]# ``` - 先停止nginx 看看是否會自動啟動,結果是會的, ``` [root@aming-01 ~]# /etc/init.d/nginx stop Stopping nginx (via systemctl): [ 確定 ] [root@aming-01 ~]# [root@aming-01 ~]# /etc/init.d/nginx stop Stopping nginx (via systemctl): [ 確定 ] [root@aming-01 ~]# ps aux |grep nginx root 115314 0.0 0.1 45992 1296 ? Ss 22:50 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 115318 0.0 0.3 48480 3940 ? S 22:50 0:00 nginx: worker process nobody 115319 0.0 0.3 48480 3940 ? S 22:50 0:00 nginx: worker process root 115345 0.0 0.0 112680 980 pts/0 S+ 22:51 0:00 grep --color=auto nginx [root@aming-01 ~]# [root@aming-01 ~]# date 2017年 11月 08日 星期三 22:51:34 CST [root@aming-01 ~]# ``` - keepalived,它的日誌在哪裏 ``` [root@aming-01 ~]# less /var/log/messages Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102776) died: Respawning Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102777) died: Respawning Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102778) died: Respawning Nov 8 22:48:27 aming-01 Keepalived[2498]: VRRP child process(102779) died: Respawning Nov 8 22:48:27 aming-01 rsyslogd-2177: imjournal: begin to drop messages due to rate-limiting (END) ``` - 來看下它的IP地址,要用ip add ,用ifconfig 看不到的 ``` [root@aming-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.100/32 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37 valid_lft 1259sec preferred_lft 1259sec inet6 fe80::707c:946e:3252:cf7f/64 scope link valid_lft forever preferred_lft forever [root@aming-01 ~]# ``` - 使用ifconfig ``` [root@aming-01 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.131 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) RX packets 7277 bytes 6239399 (5.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4120 bytes 413974 (404.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.151 netmask 255.255.255.0 broadcast 192.168.202.255 ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.134 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::707c:946e:3252:cf7f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet) RX packets 86 bytes 9064 (8.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 3096 (3.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 10 bytes 876 (876.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 876 (876.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@aming-01 ~]# ``` - 配置從之前,查看下主服務器 有沒有防火墻, 以及selinux,從 也是一樣 ``` [root@aming-01 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@aming-01 ~]# [root@aming-01 ~]# getenforce Permissive [root@aming-01 ~]# ``` - 檢查下從服務器,如果有停止掉 ``` [root@aming-02 ~]# systemctl stop firewalld [root@aming-02 ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [root@aming-02 ~]# [root@aming-02 ~]# getenforce Enforcing [root@aming-02 ~]# setenforce 0 [root@aming-02 ~]# getenforce Permissive [root@aming-02 ~]# ``` - 也需要配置下keepalived,先需要情況裏面的原始的配置文件內容,再添加如下內容 ``` [root@aming-02 ~]# > /etc/keepalived/keepalived.conf [root@aming-02 ~]# vi !$ vi /etc/keepalived/keepalived.conf [root@aming-02 ~]# vi /etc/keepalived/keepalived.conf [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" interval 3 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { 192.168.202.100 這個網段需要和主一樣 } track_script { chk_nginx } } :wq [root@aming-02 ~]# vi /etc/keepalived/keepalived.conf [root@aming-02 ~]# ``` - 腳本也需要去寫下 ``` [root@aming-02 ~]# vim /usr/local/sbin/check_ng.sh #時間變量,用於記錄日誌 d=`date --date today +%Y%m%d_%H:%M:%S` #計算nginx進程數量 n=`ps -C nginx --no-heading|wc -l` #如果進程為0,則啟動nginx,並且再次檢測nginx進程數量, #如果還為0,說明nginx無法啟動,此時需要關閉keepalived if [ $n -eq "0" ]; then systemctl start nginx n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi ~ ~ ~ ~ :wq [root@aming-02 ~]# vim /usr/local/sbin/check_ng.sh [root@aming-02 ~]# ``` - 也需要改變權限,不然就啟動不了 keepalived ``` [root@aming-02 ~]# chmod 755 /usr/local/sbin/check_ng.sh [root@aming-02 ~]# ``` - 啟動keepalived ``` [root@aming-02 ~]# ps aux |grep keep root 2535 0.0 0.1 120720 1404 ? Ss 23:16 0:00 /usr/sbin/keepalived -D root 2536 0.0 0.3 127460 3344 ? S 23:16 0:00 /usr/sbin/keepalived -D root 2537 0.0 0.3 131588 3024 ? S 23:16 0:00 /usr/sbin/keepalived -D root 2601 0.0 0.0 112680 980 pts/0 S+ 23:16 0:00 grep --color=auto keep [root@aming-02 ~]# ``` - 主從都啟動了 keepalived,現在倆邊 主從 都有 nginx,那你怎麽去區分這個nginx? - 先來看下主的ip ``` [root@aming-01 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.131 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) RX packets 7410 bytes 6251067 (5.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5672 bytes 512782 (500.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.151 netmask 255.255.255.0 broadcast 192.168.202.255 ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet) ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.202.134 netmask 255.255.255.0 broadcast 192.168.202.255 inet6 fe80::707c:946e:3252:cf7f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2e:28:fc txqueuelen 1000 (Ethernet) RX packets 108 bytes 11608 (11.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 24 bytes 3900 (3.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 10 bytes 876 (876.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 876 (876.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@aming-01 ~]# ``` - 先去windows 上用瀏覽器訪問下 ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171108/232640129.png?imageslim) - 這臺機器的默認配置文件 ``` [root@aming-01 ~]# cat /usr/local/nginx/conf/vhost/ aaa.com.conf ld.conf proxy.conf ssl.conf test.com.conf [root@aming-01 ~]# cat /usr/local/nginx/conf/vhost/aaa.com.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/aming.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/default$fastcgi_script_name; } } [root@aming-01 ~]# [root@aming-01 ~]# vim !$ vim /data/wwwroot/default/index.html master master. This is the default site. ~ ~ :wq ``` - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171108/233113698.png?imageslim) - 關於backup ,從服務器 上面,它的nginx 是yum安裝的 ``` [root@aming-02 ~]# vim /usr/share/nginx/html/index.html [root@aming-02 ~]# cat !$ cat /usr/share/nginx/html/index.html backup backup. [root@aming-02 ~]# ``` ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171108/233606639.png?imageslim) ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171109/000815047.png?imageslim) - 查看下nginx服務,這個是我們手動起來的,可以停掉試下 ``` [root@aming-02 ~]# ps aux |grep nginx root 2561 0.0 0.2 122792 2084 ? Ss 23:16 0:00 nginx: master process /usr/sbin/nginx nginx 2562 0.0 0.3 123224 3576 ? S 23:16 0:00 nginx: worker process root 6985 0.0 0.0 112680 976 pts/0 S+ 23:43 0:00 grep --color=auto nginx [root@aming-02 ~]# [root@aming-02 ~]# systemctl stop nginx [root@aming-02 ~]# !ps ps aux |grep nginx root 7155 0.0 0.2 122792 2084 ? Ss 23:44 0:00 nginx: master process /usr/sbin/nginx nginx 7156 0.0 0.3 123224 3128 ? S 23:44 0:00 nginx: worker process root 7161 0.0 0.0 112680 980 pts/0 S+ 23:44 0:00 grep --color=auto nginx [root@aming-02 ~]# ``` - 因為開啟了keepalived 服務,所以即使停掉nginx服務,它也會自動加載起來的 # 18.5 用keepalived配置高可用集群(下) - 先確定好兩臺機器上nginx差異,比如可以通過curl -I 來查看nginx版本 - 測試1:關閉master上的nginx服務 我們之前都已經測試過了,關閉還是會繼續運行,因為加了那個腳本 開啟了keepalived服務 - 測試2:在master上增加iptabls規則 - iptables -I OUTPUT -p vrrp -j DROP - 測試3:關閉master上的keepalived服務 - 測試4:啟動master上的keepalived服務 - 這個vip 是在主上 master 上 ``` [root@aming-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.100/32 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37 valid_lft 1369sec preferred_lft 1369sec inet6 fe80::707c:946e:3252:cf7f/64 scope link valid_lft forever preferred_lft forever [root@aming-01 ~]# ``` - backup上是沒有的 ``` [root@aming-02 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:58:33:e6 brd ff:ff:ff:ff:ff:ff inet 192.168.202.132/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.152/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::4500:6d42:8612:4e53/64 scope link valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link tentative dadfailed valid_lft forever preferred_lft forever [root@aming-02 ~]# ``` - 咱們在主上加一個防火墻規則 - 把主上的vrrp進去的包給封掉 iptables -I OUTPUT -p vrrp -j DROP ``` [root@aming-01 ~]# iptables -I OUTPUT -p vrrp -j DROP [root@aming-01 ~]# [root@aming-01 ~]# iptables -nvL Chain INPUT (policy ACCEPT 109 packets, 5868 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 32 packets, 2968 bytes) pkts bytes target prot opt in out source destination 74 2960 DROP 112 -- * * 0.0.0.0/0 0.0.0.0/0 [root@aming-01 ~]# ``` - 看下日誌 ``` [root@aming-01 ~]# tail /var/log/messages Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: VRRP_Instance(VI_1) Received advert with lower priority 90, ours 100, forcing new election Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:21:58 aming-01 Keepalived_vrrp[124429]: Sending gratuitous ARP on ens33 for 192.168.202.100 [root@aming-01 ~]# ``` - 再看下從 ``` [root@aming-02 ~]# less /var/log/messages Nov 7 22:01:01 aming-02 systemd: Started Session 4 of user root. Nov 7 22:01:01 aming-02 systemd: Starting Session 4 of user root. Nov 7 23:01:01 aming-02 systemd: Started Session 5 of user root. Nov 7 23:01:01 aming-02 systemd: Starting Session 5 of user root. Nov 7 23:49:27 aming-02 kernel: hrtimer: interrupt took 6003226 ns Nov 8 00:01:01 aming-02 systemd: Started Session 6 of user root. Nov 8 00:01:01 aming-02 systemd: Starting Session 6 of user root. Nov 8 00:33:47 aming-02 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="834" x-info="http://www.rsyslog.com"] exiting on signal 15. Nov 8 21:55:29 aming-02 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="827" x-info="http://www.rsyslog.com"] start Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpuset Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpu Nov 8 21:55:09 aming-02 kernel: Initializing cgroup subsys cpuacct Nov 8 21:55:09 aming-02 kernel: Linux version 3.10.0-514.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016 Nov 8 21:55:09 aming-02 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.el7.x86_64 root=UUID=9a2a0d05-a7ab-4948-bbd2-77b2b7d5f565 ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8 Nov 8 21:55:09 aming-02 kernel: Disabled fast string operations Nov 8 21:55:09 aming-02 kernel: e820: BIOS-provided physical RAM map: Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved Nov 8 21:55:09 aming-02 kernel: BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved /var/log/messages ``` - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171109/002641992.png?imageslim) - 這個也照常可以訪問,說明直接封這裏的ip是不能直接達到目的的 - 先把這個iptables 規則恢復 ``` [root@aming-01 ~]# iptables -F [root@aming-01 ~]# ``` - 那怎麽樣模仿現實中宕機的環境, - 只能暫停keepalived服務試下 ``` [root@aming-01 ~]# systemctl stop keepalived [root@aming-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37 valid_lft 1452sec preferred_lft 1452sec inet6 fe80::707c:946e:3252:cf7f/64 scope link valid_lft forever preferred_lft forever [root@aming-01 ~]# ``` - 再去從服務器看看 ``` [root@aming-02 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:58:33:e6 brd ff:ff:ff:ff:ff:ff inet 192.168.202.132/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.100/32 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.152/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::4500:6d42:8612:4e53/64 scope link valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link tentative dadfailed valid_lft forever preferred_lft forever [root@aming-02 ~]# [root@aming-02 ~]# tail /var/log/messages Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:54 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 [root@aming-02 ~]# ``` - 訪問日誌可以看到,ip被增加了,現在來訪問下web - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171109/003125547.png?imageslim) - 可以看到發生了改變,說明vip 已經到了從機器上 - 那再把這個keepalived服務 開啟 ``` [root@aming-01 ~]# systemctl start keepalived [root@aming-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:f2 brd ff:ff:ff:ff:ff:ff inet 192.168.202.131/24 brd 192.168.202.255 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.100/32 scope global ens33 valid_lft forever preferred_lft forever inet 192.168.202.151/24 brd 192.168.202.255 scope global secondary ens33:0 valid_lft forever preferred_lft forever inet6 fe80::ecdd:28b7:612b:cb7/64 scope link valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2e:28:fc brd ff:ff:ff:ff:ff:ff inet 192.168.202.134/24 brd 192.168.202.255 scope global dynamic ens37 valid_lft 1276sec preferred_lft 1276sec inet6 fe80::707c:946e:3252:cf7f/64 scope link valid_lft forever preferred_lft forever [root@aming-01 ~]# ``` - 可以看到馬上就能變回來,再看下web訪問 - ![mark](http://oqxf7c508.bkt.clouddn.com/blog/20171109/003318786.png?imageslim) - 看下從上面的日誌, 顯示 removing protocol VIPs ``` [root@aming-02 ~]# tail /var/log/messages Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:29:59 aming-02 Keepalived_vrrp[10474]: Sending gratuitous ARP on ens33 for 192.168.202.100 Nov 9 00:32:17 aming-02 chronyd[482]: Selected source 120.25.108.11 Nov 9 00:32:17 aming-02 chronyd[482]: System clock wrong by -1.225785 seconds, adjustment started Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 90 Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) Entering BACKUP STATE Nov 9 00:32:51 aming-02 Keepalived_vrrp[10474]: VRRP_Instance(VI_1) removing protocol VIPs. [root@aming-02 ~]# ``` - 因為主機器宕機,從機器很快的就加入了vip地址,這個時候訪問vip地址的時候,看到的頁面是 - 從機器上的默認索引頁,證明整個實驗成功 - 這就是高可用的一個集群,通常會用倆臺機器,有的企業為了保險,可能會用2-3臺backup
18.1集群介紹 18.2 keepalived介紹18.3/18.4/18.5 用keepalived配置高可用集群