273 lines
9.4 KiB
Markdown
273 lines
9.4 KiB
Markdown
<h2><center>keepalived 高可用集群</center></h2>
|
||
|
||
------
|
||
|
||
## 一:keepalived 简介
|
||
|
||
### 1. 简介
|
||
|
||
`keepalived`是集群管理中保证集群高可用`(HA)`的一个服务软件,其功能类似于`heartbeat`,用来防止单点故障。
|
||
|
||
### 2. 工作原理
|
||
|
||
`keepalived`是以`VRRP`协议为实现基础的,当`backup`收不到`vrrp`包时就认为`master`宕掉了,这时就需要根据`VRRP`的优先级来选举一个`backup`当`master`。这样我们就可以保证集群的高可用。
|
||
|
||
`keepalived`是以`VRRP`协议为实现基础的,`VRRP`全称`Virtual Router Redundancy Protocol`,即虚拟路由冗余协议。
|
||
|
||
虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将`N`台提供相同功能的路由器组成一个路由器组,这个组里面有一个`master`和多个`backup`,`master`上面有一个对外提供服务的`vip`(该路由器所在局域网内其他机器的默认路由为该vip),`master`会发组播,当`backup`收不到`vrrp`包时就认为`master`宕掉了,这时就需要根据`VRRP`的优先级来选举一个`backup`当`master`。这样的话就可以保证路由器的高可用了。
|
||
|
||
`keepalived`主要有三个模块,分别是`core`、`check`和`vrrp`。`core`模块为`keepalived`的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。`check`负责健康检查,包括常见的各种检查方式。`vrrp`模块是来实现`VRRP`协议的。
|
||
|
||
### 3. 什么是脑裂
|
||
|
||
脑裂`(split-brain)`:指在一个高可用`(HA)`系统中,当联系着的两个节点断开联系时,本来为一个整体的系统,分裂为两个独立节点,这时两个节点开始争抢共享资源,结果会导致系统混乱,数据损坏。
|
||
|
||
对于无状态服务的`HA`,无所谓脑裂不脑裂;但对有状态服务(比如`MySQL`)的`HA`,必须要严格防止脑裂。
|
||
|
||
究竟是有状态服务,还是无状态服务,其判断依据——两个来自相同发起者的请求在服务器端是否具备上下文关系。
|
||
|
||
脑裂:`backup`强资源,`master`不认为自己会死,他俩抢着为客户端服务。
|
||
|
||
解决方案:shoot the other in the head 爆头 master
|
||
|
||
注意:在商城里购买一件商品。需要经过放入购物车、确认订单、付款等多个步骤。由于`HTTP`协议本身是无状态的,所以为了实现有状态服务,就需要通过一些额外的方案。比如最常见的`session`,将用户挑选的商品(购物车),保存到`session`中,当付款的时候,再从购物车里取出商品信息。
|
||
|
||
## 二:LVS + Keepalived
|
||
|
||
### 1. 环境准备
|
||
|
||
| 服务器 | IP | VIP | 说明 |
|
||
| ------------- | --------------- | --------------------- | ---------- |
|
||
| master | 192.168.159.131 | | 主节点 |
|
||
| backup | 192.168.159.132 | | 备用节点 |
|
||
| real server 1 | 192.168.159.133 | lo:0:192.168.159.100 | 真实服务器 |
|
||
| real server 2 | 192.168.159.134 | lo:0:192.168.159.100 | 真实服务器 |
|
||
|
||
### 2. director server 部署
|
||
|
||
**安装keepalived、ipvsadm**
|
||
|
||
```bash
|
||
[root@master/backup ~]# yum -y install keepalived ipvsadm
|
||
```
|
||
|
||
**修改配置文件**
|
||
|
||
```bash
|
||
master:
|
||
[root@master ~]# vim /etc/keepalived/keepalived.conf
|
||
global_defs {
|
||
router_id LVS_MASTER
|
||
}
|
||
|
||
vrrp_instance VI_1 {
|
||
state MASTER
|
||
interface ens33 // 网卡名称,根据实际情况修改
|
||
virtual_router_id 51 // 主备必须一致
|
||
priority 100 // 定义优先级
|
||
advert_int 1 // 设定master与backup负载均衡器之间同步检查的时间间隔,单位是秒
|
||
authentication {
|
||
auth_type PASS // 主要有PASS和AH两种
|
||
auth_pass 1111 // 主备密码一致
|
||
}
|
||
virtual_ipaddress {
|
||
192.168.159.100 // 虚拟IP(VIP)
|
||
}
|
||
}
|
||
|
||
virtual_server 192.168.159.100 80 {
|
||
delay_loop 6 // 健康检查时间间隔
|
||
lb_algo rr
|
||
lb_kind DR
|
||
#persistence_timeout 50 // 设置会话保持时间,对动态网页非常有用
|
||
protocol TCP // 指定转发协议类型,有TCP和UDP两种
|
||
|
||
real_server 192.168.159.133 80 {
|
||
weight 1
|
||
TCP_CHECK {
|
||
connect_timeout 3 // 连接超时
|
||
retry 3 // 重连次数
|
||
delay_before_retry 3 // 重试间隔
|
||
}
|
||
}
|
||
|
||
real_server 192.168.159.134 80 {
|
||
weight 1
|
||
TCP_CHECK {
|
||
connnect_timeout 3
|
||
retry 3
|
||
delay_before_retry 3
|
||
}
|
||
}
|
||
}
|
||
|
||
backup:
|
||
[root@backup ~]# vim /etc/keepalived/keepalived.conf
|
||
global_defs {
|
||
router_id LVS_BACKUP
|
||
}
|
||
|
||
vrrp_instance VI_1 {
|
||
state BACKUP
|
||
interface ens33
|
||
virtual_router_id 51
|
||
priority 90
|
||
advert_int 1
|
||
authentication {
|
||
auth_type PASS
|
||
auth_pass 1111
|
||
}
|
||
virtual_ipaddress {
|
||
192.168.159.100
|
||
}
|
||
}
|
||
|
||
virtual_server 192.168.159.100 80 {
|
||
delay_loop 6
|
||
lb_algo rr
|
||
lb_kind DR
|
||
#persistence_timeout 50
|
||
protocol TCP
|
||
|
||
real_server 192.168.159.133 80 {
|
||
weight 1
|
||
TCP_CHECK {
|
||
connect_timeout 3
|
||
retry 3
|
||
delay_before_retry 3
|
||
}
|
||
}
|
||
|
||
real_server 192.168.159.134 80 {
|
||
weight 1
|
||
TCP_CHECK {
|
||
connect_timeout 3
|
||
retry 3
|
||
delay_before_retry 3
|
||
}
|
||
}
|
||
}
|
||
```
|
||
|
||
### 3. real server 配置
|
||
|
||
**安装httpd**
|
||
|
||
```bash
|
||
[root@real-server1/2 ~]# yum -y install httpd
|
||
```
|
||
|
||
**设置测试网页**
|
||
|
||
```bash
|
||
[root@real-server1/2 ~]# echo "Real Server 1/2" > /var/www/html/index.html
|
||
```
|
||
|
||
**启动服务**
|
||
|
||
```bash
|
||
[root@real-server1/2 ~]# systemctl start httpd
|
||
[root@real-server1/2 ~]# systemctl enable httpd
|
||
```
|
||
|
||
**配置 ARP 抑制**
|
||
|
||
```bash
|
||
[root@real-server1/2 ~]# vim /etc/sysctl.conf
|
||
net.ipv4.conf.all.arp_ignore = 1
|
||
net.ipv4.conf.all.arp_announce = 2
|
||
net.ipv4.conf.lo.arp_ignore = 1
|
||
net.ipv4.conf.lo.arp_announce = 2
|
||
|
||
查看:
|
||
[root@real-server1/2 ~]# sysctl -p
|
||
```
|
||
|
||
**添加 VIP 到 lo 接口**
|
||
|
||
```bash
|
||
[root@real-server1/2 ~]# echo 'DEVICE=lo:0 IPADDR=192.168.159.100 NETMASK=255.255.255.255 ONBOOT=yes' > /etc/sysconfig/network-scripts/ifcfg-lo:0
|
||
[root@real-server1/2 ~]# ifup lo:0
|
||
```
|
||
|
||
### 4. 启动 keepalived
|
||
|
||
```bash
|
||
[root@master/backup ~]# systemctl start keepalived
|
||
[root@master/backup ~]# systemctl enable keepalived
|
||
```
|
||
|
||
### 5. 检测
|
||
|
||
**其他服务器查看**
|
||
|
||
```bash
|
||
[root@wxin ~]# for i in {1..10}; do
|
||
> curl http://192.168.159.100
|
||
> done
|
||
Real Server 2
|
||
Real Server 1
|
||
Real Server 2
|
||
Real Server 1
|
||
Real Server 2
|
||
Real Server 1
|
||
Real Server 2
|
||
Real Server 1
|
||
Real Server 2
|
||
Real Server 1
|
||
```
|
||
|
||
**主节点**
|
||
|
||
```bash
|
||
查看IP
|
||
[root@master ~]# ip addr show ens33
|
||
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||
link/ether 00:0c:29:ba:8f:62 brd ff:ff:ff:ff:ff:ff
|
||
inet 192.168.159.131/24 brd 192.168.159.255 scope global noprefixroute ens33
|
||
valid_lft forever preferred_lft forever
|
||
inet 192.168.159.100/32 scope global ens33 # 主节点存在,备节点不存在
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::9e8b:2599:99f6:4087/64 scope link noprefixroute
|
||
valid_lft forever preferred_lft forever
|
||
|
||
[root@backup ~]# ip addr show ens33
|
||
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||
link/ether 00:0c:29:1a:96:29 brd ff:ff:ff:ff:ff:ff
|
||
inet 192.168.159.132/24 brd 192.168.159.255 scope global noprefixroute ens33
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::e859:ecb:5e5:4b9a/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::9e8b:2599:99f6:4087/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::32c3:53e0:5709:d314/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
```
|
||
|
||
**主节点宕机后**
|
||
|
||
```bash
|
||
[root@master ~]# systemctl stop keepalived
|
||
[root@master ~]# ip addr show ens33
|
||
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||
link/ether 00:0c:29:ba:8f:62 brd ff:ff:ff:ff:ff:ff
|
||
inet 192.168.159.131/24 brd 192.168.159.255 scope global noprefixroute ens33
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::9e8b:2599:99f6:4087/64 scope link noprefixroute
|
||
valid_lft forever preferred_lft forever
|
||
|
||
VIP 转移到backup后
|
||
[root@backup ~]# ip addr show ens33
|
||
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
|
||
link/ether 00:0c:29:1a:96:29 brd ff:ff:ff:ff:ff:ff
|
||
inet 192.168.159.132/24 brd 192.168.159.255 scope global noprefixroute ens33
|
||
valid_lft forever preferred_lft forever
|
||
inet 192.168.159.100/32 scope global ens33
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::e859:ecb:5e5:4b9a/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::9e8b:2599:99f6:4087/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
inet6 fe80::32c3:53e0:5709:d314/64 scope link tentative noprefixroute dadfailed
|
||
valid_lft forever preferred_lft forever
|
||
``` |