一. 高可用环境部署思路
配置两台Apache环境的服务器,提供相同的web页面服务,在这两台Apache服务器上运行keepalive,虚拟出来一个VIP,用户通过VIP访问web服务,这样当一台Apache服务器故障的时候,VIP会飘到另外一台Apache服务器。
二. keepalive部署前准备
1. 安装开发环境
[root@study01 ~]# yum -y install gcc-* glibc-* *c++* -y [root@study01 ~]# yum -y install openssl-devel
[root@study02 ~]# yum -y install gcc-* glibc-* *c++* -y
[root@study02 ~]# yum -y install openssl-devel
[root@study01 ~]# uname -a
Linux study01.linux.com 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@study01 ~]# cat /etc/redhat-release
CentOS release 6.10 (Final)
提示:以上是我的server缺少的环境,如果你在以上环境安装完成后,再安装keepalive时还有报错,请根据报错进行环境补充安装;
2. 部署Apache基本环境
[root@study01 ~]#/etc/init.d/httpd restart [root@study01 ~]#chkconfig --level 35 httpd on [root@study01 ~]#echo "this is linux01" > /var/www/html/index.html
[root@study02 ~]#/etc/init.d/httpd restart [root@study02 ~]#chkconfig --level 35 httpd on [root@study02 ~]#echo "this is linux02" > /var/www/html/index.html
三. keepalive环境部署
1. 获取keepalive的安装链接
从官网https://www.keepalived.org/download.html页面获取。
2. 使用源码部署keepalive
[root@study01 ~]# cd /usr/local/src/ [root@study01 src]#wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz [root@study01 src]#tar -zxvf keepalived-2.0.20.tar.gz [root@study01 src]#cd keepalived-2.0.20 [root@study01 src]#./configure --prefix=/usr/local/keepalived [root@study01 src]#make && make install [root@study01 src]#cp /usr/local/src/keepalived-2.0.20/keepalived/etc/init.d/keepalived /etc/init.d/ [root@study01 src]#chmod 755 /etc/init.d/keepalived [root@study01 src]#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@study01 src]#chmod 755 /usr/sbin/keepalived [root@study01 src]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@study01 src]#mkdir /etc/keepalived [root@study01 src]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
提示:第二台linux服务器的keepalive环境部署方法请重复第一台的部署方法。
3. 配置keepalive
[root@study01 ~]# vim /etc/keepalived/keepalived.conf #以下为第一台环境的keepalive配置内容 ! Configuration File for keepalived global_defs { notification_email { wang_zengyi@126.com #接收告警的邮箱 } #注意需要单独配置smtp_send邮箱 notification_email_from 647956023@qq.com #发送告警的邮箱 smtp_server 182.254.38.18 #发送邮件的服务器地址 smtp_connect_timeout 30 router_id study01 } vrrp_script check_httpd { script "/usr/bin/killall -0 httpd" #检测http服务是否正常 interval 2 } vrrp_instance VI_1 { state MASTER #状态为主,默认抢占 interface eth0 #监听的服务接口 virtual_router_id 51 #主备必须一致,VRRPID priority 100 #优先级,越大越优先 advert_int 1 #心跳报文通告间隔 authentication { auth_type PASS #keepalive认证类型 auth_pass 1111 #keepalive认证密码 } notify_master "/etc/keepalived/master.sh" #主状态通告脚本 notify_backup "/etc/keepalived/backup.sh" #备状态通告脚本 notify_fault "/etc/keepalived/fault.sh" #故障状态通过脚本 track_script { check_httpd #track http的检测脚本 } virtual_ipaddress {
192.168.31.9 #虚拟IP的写法一,不推荐这种写法。只能用ip add看 192.168.31.10/24 dev eth0 label eth0:0 #虚拟IP的写法一,推荐这种写法。 } }
#以下脚本内容为测试看状态的简单编写方法,实际环境请根据需要编写;
[root@study01 ~]# cat /etc/keepalived/master.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Master]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]# cat /etc/keepalived/backup.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Backup]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]# cat /etc/keepalived/fault.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Fault]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]#
提示:第二台keepalive配置方法同第一台一样,注意角色定义为BACKUP,优先级要低于角色Master的优先级;
vi /etc/keepalived/keepalived.conf # 参照下面配置修改配置文件 ! Configuration File for keepalived global_defs { notification_email { wangbiao@youxuanbao.cn # 设置报警邮件地址,可以设置多个,每行一个 } # 需开启本机的sendmail服务 notification_email_from Alexandre.Cassen@firewall.loc # 设置邮件的发送地址 smtp_server 127.0.0.1 # 设置smtp server地址 smtp_connect_timeout 30 # 设置连接smtp server的超时时间 router_id LVS_DEVEL # 表示运行keepalived服务器的一个标识。发邮件时显示在邮件主题的信息 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { # 定义的VRRP热备实例 state MASTER # 标示状态为MASTER 备份机为BACKUP interface eth0 # 承载VIP地址的物理接口 virtual_router_id 51 # 虚拟路由器的id号,每个热备组保持一致 priority 100 # MASTER权重要高于BACKUP 比如BACKUP为99 advert_int 1 # 通告间隔秒数,(心跳频率) 注意通告的组播地址224.0.0.18 # mcast_src_ip 172.16.1.99 # Master服务器IP,如果是备份机请填写备份机的IP authentication { auth_type PASS # 主从服务器认证类型 auth_pass 1111 # 认证字串 } virtual_ipaddress { 172.16.1.100 # 可以多个虚拟IP,换行即可 } # 虚拟服务器 80端口的配置 virtual_server 172.16.1.100 80 { delay_loop 6 # 每隔6秒查询realserver状态 lb_algo rr # lvs 算法 lb_kind DR # Direct Route nat_mask 255.255.255.0 persistence_timeout 50 # 同一IP的连接50秒内被分配到同一台realserver protocol TCP # 用TCP协议检查realserver状态 # 实际服务器的IP和端口 real_server 172.16.1.101 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.102 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } }
4. 启动keepalive服务
[root@study01 ~]#chkconfig --level 35 keepalived on [root@study01 ~]#/etc/init.d/keepalived restart [root@study02 ~]#chkconfig --level 35 keepalived on [root@study02 ~]#/etc/init.d/keepalived restart
Mar 15 17:26:35 study01 Keepalived[8582]: Starting Keepalived v2.0.20 (01/22,2020) Mar 15 17:26:35 study01 Keepalived[8582]: Running on Linux 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 (built for Linux 2.6.32) Mar 15 17:26:35 study01 Keepalived[8582]: Command line: 'keepalived' '-D' Mar 15 17:26:35 study01 Keepalived[8582]: Opening file '/etc/keepalived/keepalived.conf'. Mar 15 17:26:35 study01 Keepalived[8583]: Starting VRRP child process, pid=8585 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering Kernel netlink reflector Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering Kernel netlink command channel Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Opening file '/etc/keepalived/keepalived.conf'. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: WARNING - default user 'keepalived_script' for script execution does not exist - please create. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: SECURITY VIOLATION - scripts are being executed but script_security not enabled. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Assigned address 192.168.31.5 for interface eth0 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Assigned address fe80::a00:27ff:fe8c:afb for interface eth0 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering gratuitous ARP shared channel Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: (VI_1) removing VIPs. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)] Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: VRRP_Script(check_httpd) succeeded Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: (VI_1) Entering BACKUP STATE Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Receive advertisement timeout Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Entering MASTER STATE Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) setting VIPs. Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:44 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10
Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)] Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: VRRP_Script(check_httpd) succeeded Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: (VI_1) Entering BACKUP STATE
四. 验证高可用
[root@study01 ~]#/etc/init.d/httpd stop #观察第一台和第二台linux server的keepalive日志,会发现server01会从master变为fault状态,server02会从backup状态变为master状态,此时访问web页面访问的变成了第二台服务器的web页面; [root@study01 ~]#/etc/init.d/httpd start #观察第一台和第二台linux server的keepalive日志,会发现server01会从fault变为backup,然后再变为master状态,server02会从master状态变为backup状态,此时访问web页面访问的变成了第一台服务器的web页面; 至此实现了高可用功能,但是你有没有发现这样主机恢复是会抢占服务的,实际业务要求稳定性高,不希望主恢复时主动抢占,那么请看第五部分的更多介绍。
提示:如果要看VIP,需要使用“ip add”命令。
五. keepalive主备切换介绍
1. 通过vrrp_script实现对资源的监控
#1. 通过killall命令监控服务的运行状态 vrrp_script check_httpd { script "/usr/bin/killall -0 httpd" #进程存在$?会返回0,否则$?会返回1 interval 2 } ……(track部分省略)…… #2. 检测端口允许状态 vrrp_script check_httpd { script "</dev/tcp/127.0.0.1/80" #对本机的80端口检测 interval 2 #监控间隔2秒一次 fall 2 #如果失败两次则认为失败 rise 1 #如果成功一次则认为成功 } ……(track部分省略)…… #3. 通过shell语句进行状态监控 vrrp_script check_httpd { script "if [ -f /var/run/httpd/httpd.pid ]; then exit 0; else exit 1; fi" interval 2 } ……(track部分省略)…… #4. 通过脚本进行服务状态监控 vrrp_script check_httpd { script "/etc/keepalived/check_mysql.sh" #脚本根据需要写 interval 2 } ……(track部分省略)……
2. master和backup的角色切换
- 角色指定为master(master的优先级要配置的比backup大),master恢复时一定会抢占(默认抢占),想不抢占需要将所有的角色配置为backup(通过优先级决定谁是主角色),并指定nopreempt参数。
- 实际上决定keepalive状态的并不是角色state定义的master或者backup,而是priority和weight计算后决定的。weight可以配置为正数或者负数。
- weight配置为正数时,如果检测成功,那么master节点的优先级为priority和weight之和,如果检测失败,那么master节点的优先级为priority;
- weight配置为负数时,如果检测成功,那么master节点的优先级仍为priority,如果检测失败那么master节点的优先级为priority减去weight;
- 配置weight有个准则,那就是weight无论正负,weight的绝对值要大于master与backup节点的priority的差。