keepalived高可用集群學習以及實驗總結
vrrp協議的實現
keepalived
ais: 完備HA集群
RHCS(cman)
heartbeat
corosync + pacemaker :corosync是集群框架引擎程序,pacemaker是集群資源管理器,crmsh是pacemaker命令行管理工具
stonish : shooting the other node in the header 節點爆頭,比如硬件設備方面的電源交換機,代理調度器節點都可以向其發送信號切斷故障一方的電源,從而使得明確退出服務,而不會因判定失誤導致競爭,導致集群崩潰
keepalived : HA集群軟件實現,為 ipvs 而生
vrrp協議:Virtual Redundant Routing Protocol 術語: 虛擬路由器: Virtual Router 虛擬路由器標識:VRID(0-255) 物理路由器: master : 主設備 backup: 備用設備 priority : 優先級 VIP :Virtual IP VMAC : Virtual MAC GraciousARP 通告:心跳,優先級等; 周期性; 搶占式,非搶占式; 安全工作: 認證: 無認證、簡單字符認證、MD5 工作模式: 主/備:單虛擬路徑器; 主/主 :主/備(虛擬路徑器1) , 備/主(虛擬路徑器2)
keealived:
vrrp協議的軟件實現,原生設計的目的為了高可用ipvs服務
基於vrrp協議完成地址流動;
為vip地址所在的節點生成ipvs規則(在配置文件中預先定義)
為ipvs集群的各個RS做健康狀態監測:
基於腳本調用接口通過執行腳本完成腳本中定義的功能,進而影響集群事物;
組件: 核心組件: vrrp stack checkers ipvs wrapper 控制組件:配置文件分析器 IO復用器 內存管理組件 HA Cluster的配置前提: (1)各個節點時間必須同步: ntp, chrony :註意使用vim /etc/chrony.conf,可以比ntpdate時間精度更好,並且時效更快 systemctl restart chronyd.service (2) 確保iptables以及selinux不會成為阻礙; (3) 各個節點之間可通過主機名互相通信(對KA並非必須) 建議使用/etc/hosts文件實現; ip node1.com node1...; exec bash --> 重新啟動一個bash進程取代之前的進程,從而實現環境配置文件重新加載生效; (4) 確保各個節點的用於集群服務的接口支持MULTICAST通信; D類IP 224-239; (5) 各個集群節點之間ssh基於key登陸實現 ssh-keygen -t rsa -N ‘‘; ssh-copy-id -i .ssh/id_rsa_pub root@localhost(本機拷貝後實現自己連自己也不需要密碼), scp -rp .ssh/ user@remotename:root/
keepalived安裝配置:
centos7.4 隨base倉庫提供:
程序環境:
主配置文件: /etc/keepalived/keepalived.conf
主程序文件: /usr/sbin/keepalived
Unit File : keepalived.service
Unit File的環境配置文件: /etc/sysconfig/keepalived
配置文件組件部分:
TOP HIERACHY
GLOBAL CONFIGURATION
Global definitions
Static routes/address
VRRPD CONFIGURATION
vrrp synchronization group(s) :vrrp 同步組
vrrp instance(s) : 每個vrrp instance即一個vrrp路由器;
LVS CONFIGURATION
Virtual server group
Virtual server :ipvs集群的vs和rs;
單主配置示例:
!Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_emali from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 14
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 2525fs
}
virtual_ipaddress {
172.18.0.100/16 dev ens33
# 172.18.0.101/16 dev ens33 label ens33:1
}
track_interface {
ens33
ens34
}
}
配置要監控的網絡接口,一旦接口出現故障,則轉為FAULT狀態;
nopreempt: 定義工作模式為 非搶占式模式;
preempt_delay 300 :搶占式模式下,節點上線後觸發新選舉操作的延遲時長;
定義通知腳本:
notify_master <STRING> 傳遞的參數字符;當前節點成為主節點時觸發的腳本;
notify_backup <STRING> :當前節點轉為備用節點時觸發的腳本;
notify_fault <STRING> : 當前節點轉為失敗狀態時觸發腳本;
notify <STRING> :通用格式的通知觸發機制,一個腳本可以完成以上三種狀態的轉換時的通知;
雙主模型示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19 :使用ipv4地址組播,如一主多備模式,通告檢測心跳線檢測,一個vrrp虛擬路由器所在網絡中的集群中,有可能只有少數服務器是負載均衡集群服務器,使用特定的組播地址可以使得心跳線檢測時廣播指定組中的集群服務器,從而不影響其他主機
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 11
priority 100
adver_int 1
authentication {
auth_type PASS
auth_pass 4234sdf
}
virtual_ipaddress {
172.18.0.100/16 dev ens33
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 12
priority_router_id 98
advert_int 1
authentication {
auth_type PASS
auth_pass sg1234
}
virtual_ipaddress {
172.18.0.101/16 dev ens33 label ens33:0
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
通知腳本的使用方式:
示例通知腳本:
#/bin/bash
#
contact=‘root@localhost‘
notify() {
local mailsubject="$(hostname) to be $1,vip floating"
local mailbody="$(date + ‘%F %T‘)" : vrrp transiton, $(hostname) changed to be $1
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master;;
backup)
notify backup
systemctl restart nginx #借助/etc/keepalived/notify.sh監控狀態檢測腳本當檢測當前高可用節點為backup狀態時,執行簡單重啟修復操作
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1;;
esac
腳本調用方法:
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
高可用的ipvs集群示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.0.93/16 dev eno16777736
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
*虛擬服務器配置
virtual_server 172.18.0.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.1.0.69 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
可單獨定義塊
TCP_CHECK {
nb_get_retry 3
delay_before_retry 2
connect_timeout 3
}
keepalived調用外部的輔助腳本進行資源監控,並根據監控的結果狀態能實現優先級的動態調整:
分兩步: (1) 先定義一個腳本;(2) 調用此腳本;
vrrp_script chk_down{
script "killall -0 nginx && exit 0 || exit1"
interval 1
weight -5 *腳本監測健康狀態失敗則priority減5降級
fall 2
rise 1
}
自我實驗與總結:
Nginx + Keepalived 搭建高可用負載均衡集群
1.環境規劃:
主機: Ip地址 http端口
nginx_master 172.18.252.221 ; 16915、16916
nginx_slave 172.18.252.222
tomcat_server_1 172.18.252.223
tomcat_server_2 172.18.252.224
tomcat_server_3 172.18.252.225
nginx_master VIP : 172.18.252.230
1.操作系統版本:CentOS6.5 x86_64
2.內核版本 :2.6.32-504.el6.x86_64
3.nginx版本 : nginx-1.8.0-1.el6.ngx.x86_64
4.keepalived版本 :keepalived-1.2.19
前端雙nginx+keepalived,nginx反向代理到後端tomcat集群實現負載均衡,keepalived實現集群高可用,主nginx故障後虛擬IP自動漂移到備用nginx服務器
後端tomcat每個主機都開啟兩個端口提供業務:16915,16916
二、安裝
前端兩臺主機分別安裝nginx和keepalived
1) 編譯安裝keepalived
#安裝依賴
yum install kernel-* gcc make openssl-*
#下載keepalived-1.2.19.tar.gz
wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
#解壓
tar xvzf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
#配置
./configure --sysconfdir=/etc --with-kernel-dir=--with-kernel-dir=/usr/src/kernels/2.6.32-504.el6.x86_64
#編譯並安裝
make -j 2 && make install
#查看keepalived版本,驗證安裝成功
keepalived -v
#設置開機自啟動
chkconfig keepalived on
2)RPM包安裝nginx
官方nginx yum 源:/etc/yum.repos.d/nginx.repo
[nginx]
name=nginx_repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
enabled=1
gpgcheck=0
yum源設置好後直接安裝即可:
yum -y install nginx
chkconfig nginx on
三、配置
1)前端兩臺主機nginx的配置完全一樣
#vim /etc/nginx/conf.d/upstream.conf
upstream tomcatclu_16915 {
server 172.18.252.223:16915;
server 172.18.252.224:16915;
server 172.18.252.225:16915;
hash $remote_addr consistent;
}
upstream tomcatclu_16916 {
server 172.18.252.223:16916;
server 172.18.252.224:16916;
server 172.18.252.225:16916;
hash $remote_addr consistent;
}
#vim /etc/nginx/conf.d/server.conf
server {
listen 16915;
server_name www.magedu.com;
location / {
proxy_pass http://tomcatclu_16915;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
#要允許公司ip訪問nginx status
allow 192.168.252.0/24;
deny all;
}
}
server {
listen 16916;
server_name www.magedu.com;
location / {
proxy_pass http://tomcatclu_16915;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
#要允許公司Ip訪問nginx status
allow 192.168.252.0/24;
deny all;
}
}
2)nginx_master的keepalived的配置
root@nginx_master ~]# vim /etc/keepalived/keepalived.conf
!Configuration File for keepalived
global_defs {
router_id nginx-ha1
}
vrrp_script check_nginx {
#檢查nginx狀態的腳本,文章後面給出
script "/data/script/check_nginx.sh"
#執行間隔2秒
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
#同一keepalived集群的virtual_router_id必須相同,默認51
virtual_router_id 55
priority 100
advert_int 1
#不搶占:如果集群裏已存在MASTER狀態的主機,即使優先級高於MASTER也不搶占為MASTER,只在優先級高的主機上設置即可
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
#虛擬IP
172.18.252.230/16
}
track_script {
check_nginx
}
track_interface {
eth0
eth1
}
}
3)nginx_slave的keepalived配置
[root@nginx_slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id nginx-ha2
}
vrrp_script check_nginx {
script "/data/script/check_nginx.sh"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
#備的優先級低
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.252.230/16
}
track_script {
check_nginx
}
track_interface {
eth0
eth1
}
}
4)防火墻設置
#iptables放行組播地址流量:
iptables -I INPUT -d 224.0.0.18 -j ACCEPT
server iptables save
VRRP報文是通過IP多播的形式發送的,組播地址224.0.0.18是VRRP報文的目的地址。
5)部署nginx狀態檢查腳本check_nginx.sh
/data/script/check_nginx.sh檢查腳本內容如下:
#!/bin/bash
#check nginx server status
#
#nginx http 端口
PORTS="16915 16916"
functions check_ports {
for port in $PORTS;do
nc -z 127.0.0.1 $port |grep -q succeeded
[ "${PIPESTATUS[1]}" -eq 0 ] && mark=${mark}1
done
#如果mark值為空說明兩個端口都不通
#如果mark等於1,說明有一個端口是通的
#如果mark等於11,說明兩個端口都是通的
echo $mark
}
ret1=$(check_ports)
#如果nginx端口不通,會嘗試重啟一次nginx
if [ "$ret1" !="11" ];then
/sbin/service nginx stop
/sbin/service nginx start
sleep 1
ret2=$(check_ports)
#如果還是有端口不通,表示nginx服務不正常,則停掉keepalived,使VIP發生切換
[ "$ret2" != 11 ] && /etc/init.d/keepalived stop
fi
chmod +x /data/script/check_nginx.sh
補充說明:如果nginx恢復正常後,keepalived不能自動啟動,需要編寫一個腳本完成這項工作拉起keepalived.腳本放到cron裏每分鐘執行。
6)開啟keepalived的日誌:
編輯/etc/sysconfig/keepalived:
KEEPALIVED_OPTIONS="-D -d -S 0"
編輯/etc/rsyslog.conf:
#配置文件最後面加上下面一行
local0.* /var/log/keepalived.log
重啟rsyslog:
service rsyslog restart
按上面配置後,keepalived會把日誌記錄到/var/log/keepalived.log
7)啟動服務
#先檢查nginx配置文件正確性
nginx -t
#啟動nginx服務
service nginx start
#同時啟動keepalived服務
service keepalived start
#過一會查看虛擬ip是否在nginx_master主機上
ip a l
四、驗證
停掉主節點上的keepalived服務或者重啟系統,同時不斷的Ping虛擬IP,經過一個請求超時間隔,虛擬IP自動漂移到了從節點上
keepalived高可用集群學習以及實驗總結