Redis-HA部署
链接:https://pan.baidu.com/s/1cj5H9snQXqWaC0od1mUuig
提取码:jdqf
复制这段内容后打开百度网盘手机App,操作更方便哦
1. 安装环境
1.1 安装环境
| 主机名 | IP | 用途 |
|---|---|---|
| Master-redis | 192.168.200.5 | 主Redis |
| Slave-redis | 192.168.200.6 | 从Redis |
| 192.168.200.7 | Redis-VIP |
1.2 准备工作(主备同时进行)
1.2.1 Redis部署环境
[root@Master-redis ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@Master-redis ~]# uname -r
3.10.0-957.12.1.el7.x86_64
1.2.2 确保防火墙关闭
[root@Master-redis ~]# systemctl stop firewalld.service
[root@Master-redis ~]# systemctl disable firewalld.service
1.2.3 确保selinux关闭
[root@Master-redis ~]# grep -Ev "#|^$" /etc/sysconfig/selinux | grep -w SELINUX
SELINUX=disabled #以此为准
[root@Master-redis ~]# setenforce 0 #此命令为临时关闭selinux
1.2.4 确保系统及用户级可用资源
[root@Master-redis ~]# sed -i.ori '$a DefaultLimitNOFILE=65535
DefaultLimitNOFILE=65535' /etc/systemd/system.conf
[root@Master-redis ~]# tail -2 /etc/systemd/system.conf
DefaultLimitNOFILE=65535
DefaultLimitNOFILE=65535
[root@Master-redis ~]# sed -i.ori '$a DefaultLimitNOFILE=65535
DefaultLimitNOFILE=65535' /etc/systemd/user.conf
[root@Master-redis ~]# tail -2 /etc/systemd/user.conf
DefaultLimitNOFILE=65535
DefaultLimitNOFILE=65535
1.2.5 确保禁用chronyd
[root@Master-redis ~]# systemctl disable chronyd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
1.2.6 确保ntp服务时钟源配置正确,确保ntpd.service开始正常工作,确保系统时间已经正确无疑(已生产为主,本文两台虚机时间以本地cp为主)
[root@Master-redis ~]# date
2019年 06月 05日 星期三 14:41:09 CST
[root@Slave-redis ~]# date
2019年 06月 05日 星期三 14:41:09 CST
2. Centos7.6-Upssh-redisHA技术方案-部署开始
两台redis服务器进行openssh升级,以下操作全部使用root,两台同时适配
2.1 上传技术包里的rpm包
[root@Master-redis ~]# mkdir -p /soft
#将技术包中的,gcc-c++,openssl-devel,两个目录传入/soft
#将技术包中的openssh-8.0p1.tar.gz 传入/soft
[root@Master-redis ~]# cd /soft/
[root@Master-redis soft]# ll -d gcc-c++ openssl-devel openssh-8.0p1
drwxr-xr-x 2 root root 4096 6月 6 10:23 gcc-c++
drwxr-xr-x 5 1000 1000 16384 6月 6 11:09 openssh-8.0p1
drwxr-xr-x 2 root root 4096 6月 6 10:23 openssl-devel
2.2 进入gcc-c++目录,安装里面的rpm包
[root@Master-redis ~]# cd /soft/gcc-c++/
[root@Master-redis gcc-c++]# yum -y install *
#如果系统已安装过或已经是最新的包,会有保错但无需理会
2.3 进入openssl-devel目录,安装里面的rpm包
[root@Master-redis gcc-c++]# cd /soft/openssl-devel/
[root@Master-redis openssl-devel]# yum install *
#如果系统已安装过或已经是最新的包,会有保错但无需理会
[root@Master-redis openssl-devel]# rpm -e --nodeps openssh-clients
[root@Master-redis openssl-devel]# rpm -e --nodeps openssh
[root@Master-redis openssl-devel]# rpm -e --nodeps openssh-server
警告:/etc/ssh/sshd_config 已另存为 /etc/ssh/sshd_config.rpmsave
2.4 将openssh-8.0p1.tar.gz包在当前目录解压,并进入解压目录
[root@Master-redis openssl-devel]# cd ..
[root@Master-redis soft]# tar -zxvf openssh-8.0p1.tar.gz
[root@Master-redis soft]# cd openssh-8.0p1/
2.5 执行以下命令,(如报用户或组存在,则无视继续,此步只为确保该有的要有)
[root@Master-redis openssh-8.0p1]# install -v -m700 -d /var/lib/sshd
install: 正在创建目录"/var/lib/sshd"
[root@Master-redis openssh-8.0p1]# chown -v root:sys /var/lib/sshd
changed ownership of "/var/lib/sshd" from root:root to root:sys
[root@Master-redis openssh-8.0p1]# groupadd -g 50 sshd
groupadd:“sshd”组已存在
[root@Master-redis openssh-8.0p1]# useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd
useradd:用户“sshd”已存在
2.6 编译
[root@Master-redis openssh-8.0p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd && make
#以下省略若干。。。
2.7 修改权限
[root@Master-redis openssh-8.0p1]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@Master-redis openssh-8.0p1]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@Master-redis openssh-8.0p1]# chmod 600 /etc/ssh/ssh_host_ed25519_key
2.8 开始安装
[root@Master-redis openssh-8.0p1]# make install
#以下省略若干。。。
2.9 执行以下操作(如发现第四个install报错,可无视,继续)
[root@Master-redis openssh-8.0p1]# install -v -m755 contrib/ssh-copy-id /usr/bin
"contrib/ssh-copy-id" -> "/usr/bin/ssh-copy-id"
[root@Master-redis openssh-8.0p1]# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
"contrib/ssh-copy-id.1" -> "/usr/share/man/man1/ssh-copy-id.1"
[root@Master-redis openssh-8.0p1]# install -v -m755 -d /usr/share/doc/openssh-8.0p1
install: 正在创建目录"/usr/share/doc/openssh-8.0p1"
[root@Master-redis openssh-8.0p1]# install -v -m644 INSTALL LICENCE OVERVIEW README*
install: 目标"README.tun" 不是目录
[root@Master-redis openssh-8.0p1]# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1
"INSTALL" -> "/usr/share/doc/openssh-8.0p1/INSTALL"
"LICENCE" -> "/usr/share/doc/openssh-8.0p1/LICENCE"
"OVERVIEW" -> "/usr/share/doc/openssh-8.0p1/OVERVIEW"
"README" -> "/usr/share/doc/openssh-8.0p1/README"
"README.dns" -> "/usr/share/doc/openssh-8.0p1/README.dns"
"README.md" -> "/usr/share/doc/openssh-8.0p1/README.md"
"README.platform" -> "/usr/share/doc/openssh-8.0p1/README.platform"
"README.privsep" -> "/usr/share/doc/openssh-8.0p1/README.privsep"
"README.tun" -> "/usr/share/doc/openssh-8.0p1/README.tun"
2.10 对/etc/ssh/sshd_config内容进行修改
[root@Master-redis openssh-8.0p1]# echo X11Forwarding yes >> /etc/ssh/sshd_config
[root@Master-redis openssh-8.0p1]# echo PermitRootLogin yes >> /etc/ssh/sshd_config
[root@Master-redis openssh-8.0p1]# echo PasswordAuthentication yes >> /etc/ssh/sshd_config
[root@Master-redis openssh-8.0p1]# tail -3 /etc/ssh/sshd_config
X11Forwarding yes
PermitRootLogin yes
PasswordAuthentication yes
2.11 修改端口号 2200(这里端口以生产环境为主)
[root@Master-redis openssh-8.0p1]# vim /etc/ssh/sshd_config
[root@Master-redis openssh-8.0p1]# cat /etc/ssh/sshd_config | grep -w Port
Port 2200
2.12 请确保sshd_config文件中 Subsystem sftp 的路径为/usr/libexec/sftp-server
[root@Master-redis openssh-8.0p1]# cat /etc/ssh/sshd_config | grep -w Subsystem
Subsystem sftp /usr/libexec/sftp-server
2.13 在当前目录下(/soft/openssh-8.0p1/)执行以下操作
[root@Master-redis openssh-8.0p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[root@Master-redis openssh-8.0p1]# chmod +x /etc/init.d/sshd
[root@Master-redis openssh-8.0p1]# chkconfig --add sshd
[root@Master-redis openssh-8.0p1]# chkconfig sshd on
[root@Master-redis openssh-8.0p1]# chkconfig --list sshd
注:该输出结果只显示 SysV 服务,并不包含
原生 systemd 服务。SysV 配置数据
可能被原生 systemd 配置覆盖。
要列出 systemd 服务,请执行 'systemctl list-unit-files'。
查看在具体 target 启用的服务请执行
'systemctl list-dependencies [target]'。
sshd 0:关 1:关 2:开 3:开 4:开 5:开 6:关
[root@Master-redis openssh-8.0p1]# systemctl restart sshd
2.14 验证openssh版本号是否为OpenSSH_8.0p1,升级完毕
[root@Master-redis openssh-8.0p1]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
3. 主redis节点,redis部署(注意,此章节只为主redis节点部署动作)
3.1 将技术包中的redis-4.0.10.tar.gz包传入/soft
[root@Master-redis openssh-8.0p1]# cd /soft
[root@Master-redis soft]# ll -d redis-4.0.10.tar.gz
-rw-r--r-- 1 root root 1738465 6月 6 11:48 redis-4.0.10.tar.gz
3.2 解压redis-4.0.10.tar.gz,进入redis-4.0.10目录 编译,安装,无需做多余选项配置
[root@Master-redis soft]# tar -zxvf redis-4.0.10.tar.gz
[root@Master-redis soft]# cd redis-4.0.10
[root@Master-redis redis-4.0.10]# make && make install
#以下省略若干。。。
3.3 进入/soft/redis-4.0.10/utils 目录,执行install_server.sh脚本,进行守护进程部署(参考图示有样例参考)
[root@Master-redis redis-4.0.10]# cd utils/
[root@Master-redis utils]# ll -d install_server.sh
-rwxrwxr-x 1 root root 9567 6月 13 2018 install_server.sh
#执行该脚本后会触发instd-input,请依次键入以下配置:
[root@Master-redis utils]# ll -d install_server.sh
-rwxrwxr-x 1 root root 9567 6月 13 2018 install_server.sh
[root@Master-redis utils]# sh install_server.sh
Welcome to the redis service installer
This script will help you easily set up a running redis server
Please select the redis port for this instance: [6379] 6565
Please select the redis config file name [/etc/redis/6565.conf] /etc/redis/redis.conf
Please select the redis log file name [/var/log/redis_6565.log] /var/log/redis_6565.log
Please select the data directory for this instance [/var/lib/redis/6565] /data/redis/6565
Please select the redis executable path [] /usr/local/bin/redis-server
Selected config:
Port : 6565
Config file : /etc/redis/redis.conf
Log file : /var/log/redis_6565.log
Data dir : /data/redis/6565
Executable : /usr/local/bin/redis-server
Cli Executable : /usr/local/bin/redis-cli
Is this ok? Then press ENTER to go on or Ctrl-C to abort. #这里选择按Enter继续,或按Ctrl-C中止
Copied /tmp/6565.conf => /etc/init.d/redis_6565
Installing service...
Successfully added to chkconfig!
Successfully added to runlevels 345!
/var/run/redis_6565.pid exists, process is already running or crashed
Installation successful!
3.4 编辑/etc/redis/redis.conf,做以下内容处理(redis主配置)
[root@Master-redis utils]# cd /etc/redis/
[root@Master-redis redis]# vim redis.conf
[root@Master-redis redis]# cat -n redis.conf | sed -n '70p;219p;220p;221p;222p;319p;320p;675p;747p;1167p;1168p'
70 #bind 127.0.0.1
219 #save 900 1
220 #save 300 10
221 #save 60 10000
222 save ""
319 slave-read-only no
320 requirepass admin@58991998
675 appendonly yes
747 auto-aof-rewrite-min-size 256mb
1167 client-output-buffer-limit slave 512mb 128mb 60
1168 client-output-buffer-limit pubsub 64mb 16mb 60
3.5 执行以下命令
[root@Master-redis redis]# echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
[root@Master-redis redis]# echo 'net.core.somaxconn = 65535' >> /etc/sysctl.conf
[root@Master-redis redis]# tail -2 /etc/sysctl.conf
vm.overcommit_memory = 1
net.core.somaxconn = 65535
[root@Master-redis redis]# sysctl -p
vm.overcommit_memory = 1
net.core.somaxconn = 65535
[root@Master-redis redis]# echo never > /sys/kernel/mm/transparent_hugepage/enabled
[root@Master-redis redis]# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
[root@Master-redis redis]# echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.local
[root@Master-redis redis]# tail -1 /etc/rc.local
echo never > /sys/kernel/mm/transparent_hugepage/enabled
3.6 编辑/etc/init.d/redis_6565
#注意,请找到case-stop模块中以下内容
[root@Master-redis redis]# cat -n /etc/init.d/redis_6565 | grep '$CLIEXEC -p $REDISPORT shutdown'
43 $CLIEXEC -p $REDISPORT shutdown
#将其修改为
[root@Master-redis redis]# cat /etc/init.d/redis_6565 | sed -n "43p"
$CLIEXEC -a "admin@58991998" -p $REDISPORT shutdown
3.7 service redis_6565 restart ,观察/var/log/redis_6565.log,是否成功启动无报错,redis主节点服务部署完毕
[root@Master-redis redis]# tail -100f /var/log/redis_6565.log
10331:C 06 Jun 11:57:47.291 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
10331:C 06 Jun 11:57:47.291 # Redis version=4.0.10, bits=64, commit=00000000, modified=0, pid=10331, just started
10331:C 06 Jun 11:57:47.291 # Configuration loaded
_._
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 4.0.10 (00000000/0) 64 bit
.-`` .-```. ```/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6565
| `-._ `._ / _.-' | PID: 10332
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
3.8 如果连接不上,请重启redis,并测试6565端口有没有开启
[root@Master-redis redis]# service redis_6565 restart
3.9 请使用以下命令进行测试验证
[root@Master-redis redis]# /usr/local/bin/redis-cli -p 6565 -a admin@58991998 -h 192.168.200.5 (从redis节点ip)
Warning: Using a password with '-a' option on the command line interface may not be safe.
192.168.200.5:6565> set key ywb
OK
192.168.200.5:6565> get key
"ywb"
4. 从redis节点,redis部署(此章节为从redis节点部署动作)
4.1 将技术包中的redis-4.0.10.tar.gz包传入/soft
[root@Slave-redis openssh-8.0p1]# cd /soft
[root@Slave-redis soft]# ll -d redis-4.0.10.tar.gz
-rw-r--r-- 1 root root 1738465 6月 6 11:48 redis-4.0.10.tar.gz
4.2 解压redis-4.0.10.tar.gz,进入redis-4.0.10目录 编译,安装,无需做多余选项配置
[root@Slave-redis soft]# tar -zxvf redis-4.0.10.tar.gz
[root@Slave-redis soft]# cd redis-4.0.10
[root@Slave-redis redis-4.0.10]# make && make install
#以下省略若干。。。
4.3 进入/soft/redis-4.0.10/utils 目录,执行install_server.sh脚本,进行守护进程部署
[root@Slave-redis redis-4.0.10]# cd utils/
[root@Slave-redis utils]# ll -d install_server.sh
-rwxrwxr-x 1 root root 9567 6月 13 2018 install_server.sh
#执行该脚本后会触发instd-input,请依次键入以下配置:
[root@Slave-redis utils]# sh install_server.sh
Welcome to the redis service installer
This script will help you easily set up a running redis server
Please select the redis port for this instance: [6379] 6565
Please select the redis config file name [/etc/redis/6565.conf] /etc/redis/redis.conf
Please select the redis log file name [/var/log/redis_6565.log] /var/log/redis_6565.log
Please select the data directory for this instance [/var/lib/redis/6565] /data/redis/6565
Please select the redis executable path [] /usr/local/bin/redis-server
Selected config:
Port : 6565
Config file : /etc/redis/redis.conf
Log file : /var/log/redis_6565.log
Data dir : /data/redis/6565
Executable : /usr/local/bin/redis-server
Cli Executable : /usr/local/bin/redis-cli
Is this ok? Then press ENTER to go on or Ctrl-C to abort. #这里选择按Enter继续,或按Ctrl-C中止
Copied /tmp/6565.conf => /etc/init.d/redis_6565
Installing service...
Successfully added to chkconfig!
Successfully added to runlevels 345!
Starting Redis server...
Installation successful!
4.4 编辑 /etc/redis/redis.conf,做以下内容处理(redis从配置)
[root@Slave-redis utils]# cd /etc/redis/
[root@Slave-redis redis]# vi redis.conf
[root@Slave-redis redis]# cat -n redis.conf | sed -n '70p;219p;220p;221p;222p;223p;224p;321p;322p;677p;749p;1169p;1170p'
70 #bind 127.0.0.1
219 #save 900 1
220 #save 300 10
221 #save 60 10000
222 save ""
223 slaveof 192.168.200.5 6565
224 masterauth admin@58991998
321 slave-read-only no
322 requirepass admin@58991998
677 appendonly yes
749 auto-aof-rewrite-min-size 256mb
1169 client-output-buffer-limit slave 512mb 128mb 60
1170 client-output-buffer-limit pubsub 64mb 16mb 60
4.5 执行以下命令
[root@Slave-redis redis]# echo 'vm.overcommit_memory = 1' >> /etc/sysctl.conf
[root@Slave-redis redis]# echo 'net.core.somaxconn = 65535' >> /etc/sysctl.conf
[root@Slave-redis redis]# tail -2 /etc/sysctl.conf
vm.overcommit_memory = 1
net.core.somaxconn = 65535
[root@Slave-redis redis]# sysctl -p
vm.overcommit_memory = 1
net.core.somaxconn = 65535
4.6 编辑/etc/init.d/redis_6565
#注意,请找到case-stop模块中以下内容
[root@Slave-redis redis]# cat -n /etc/init.d/redis_6565 | grep '$CLIEXEC -p $REDISPORT shutdown'
43 $CLIEXEC -p $REDISPORT shutdown
#将其修改为
[root@Slave-redis redis]# cat /etc/init.d/redis_6565 | sed -n "43p"
$CLIEXEC -a "admin@58991998" -p $REDISPORT shutdown
4.7 service redis_6565 restart ,观察/var/log/redis_6565.log,成功启动,redis从节点服务部署完毕 (有图示样例)
[root@Slave-redis redis]# tail -100f /var/log/redis_6565.log
10442:C 06 Jun 15:18:43.829 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
10442:C 06 Jun 15:18:43.829 # Redis version=4.0.10, bits=64, commit=00000000, modified=0, pid=10442, just started
10442:C 06 Jun 15:18:43.829 # Configuration loaded
_._
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 4.0.10 (00000000/0) 64 bit
.-`` .-```. ```/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6565
| `-._ `._ / _.-' | PID: 10443
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
4.8 如果连接不上,请重启redis,并测试6565端口有没有开启
[root@Slave-redis redis]# service redis_6565 restart
4.9 请使用以下命令登入从redis服务器进行测试验证
[root@Slave-redis redis]# /usr/local/bin/redis-cli -p 6565 -a admin@58991998 -h 192.168.200.6 (从redis节点ip)
Warning: Using a password with '-a' option on the command line interface may not be safe.
192.168.200.6:6565> get key
"ywb"
5. HA-redis高可用集群技术方案部署(此章节只为主redis节点部署动作)
5.1 请确保系统时间的准确性,然后同步硬件时钟,执行命令
[root@Master-redis redis]# hwclock
2019年06月13日 星期四 13时59分10秒 -0.974645 秒
5.2 将技术包中的keepalived-2.0.16.tar.gz包传入/soft,将技术包中的libnl目录传入/soft
[root@Master-redis redis]# cd /soft/
[root@Master-redis soft]# ll -d keepalived-2.0.16.tar.gz libnl
-rw-r--r-- 1 root root 983376 6月 13 14:09 keepalived-2.0.16.tar.gz
drwxr-xr-x 2 root root 84 6月 13 14:12 libnl
5.3 进入libnl目录,安装里面的rpm包
[root@Master-redis soft]# cd libnl/
[root@Master-redis libnl]# yum install *
5.4 解压keepalived-2.0.16.tar.gz
[root@Master-redis libnl]# cd /soft/
[root@Master-redis soft]# tar -zxvf keepalived-2.0.16.tar.gz
5.5 进入/soft/keepalived-2.0.16目录,执行以下命令进行编译安装
[root@Master-redis soft]# cd keepalived-2.0.16
[root@Master-redis keepalived-2.0.16]# ./configure --prefix=/opt/keepalived-2.0.16
#以下省略若干。。。
[root@Master-redis keepalived-2.0.16]# make
#以下省略若干。。。
[root@Master-redis keepalived-2.0.16]# make install
#以下省略若干。。。
5.6 创建keepalived目录
[root@Master-redis keepalived-2.0.16]# mkdir -p /etc/keepalived
[root@Master-redis keepalived-2.0.16]# ll -d /etc/keepalived
drwxr-xr-x 2 root root 6 6月 13 14:20 /etc/keepalived
5.7 在当前目录下/soft/keepalived-2.0.16执行以下命令
[root@Master-redis keepalived-2.0.16]# pwd
/soft/keepalived-2.0.16
[root@Master-redis keepalived-2.0.16]# cp keepalived/etc/init.d/keepalived /etc/init.d/
[root@Master-redis keepalived-2.0.16]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@Master-redis keepalived-2.0.16]# cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
5.8 编辑配置文件
[root@Master-redis keepalived-2.0.16]# cd /etc/keepalived/
[root@Master-redis keepalived]# vim keepalived.conf
[root@Master-redis keepalived]# cat keepalived.conf
#! Configuration File for keepalived
global_defs {
notification_email {
ywb@huiyinxun.com
}
notification_email_from ywb@aliyun.com # 通知邮件从哪个地址发出
#smtp_server smtp.aliyun.com # 通知邮件的smtp地址
#smtp_connect_timeout 30 # 连接smtp服务器的超时时间,单位秒
router_id redis-master # keepalived的机器标识,一个网络内保持唯一
}
vrrp_script check_redis { ## 定义监控redis的脚本
script "/etc/keepalived/check_redis.sh"
interval 1 ## 监控时间间隔
weight 2 ## 负载参数
}
vrrp_instance VI_1 {
state MASTER # 指定初始状态
interface ens32 # 注意这里绑定网卡的名称,用实际名称,中银商务物理机可能为bond0
virtual_router_id 51 # 一组lvs的虚拟路由标识>必须相同,这样才能切换
priority 100 # 优先级,数值越大,优先级越高,backup不能大于master
advert_int 1 # master和slave之间同步检查的时间间隔,单位为秒
authentication { # 通信验证
auth_type PASS # 认证类型
auth_pass 1111 # 认证密码,一组lvs服务器认证密码必须一致
}
virtual_ipaddress { # 虚拟IP地址,可配置多个
192.168.200.7/24
}
track_script {
#check_redis # 执行监控redis进程的脚本
}
}
5.9 编辑脚本
[root@Master-redis keepalived]# vim check_redis.sh
[root@Master-redis keepalived]# cat check_redis.sh
#!/bin/sh
redis_pid=`ps -elf|grep redis-server|grep -v grep |awk '{print $4}'`
#echo 0
echo "redis.pid=$redis_pid"
netstat -anpt |grep 0.0.0.0:6565
#echo $?
if [ 0 -ne $? ];then
echo 0.5
#这里再次尝试启动RD
kill -9 $redis_pid
echo 1
sleep 2
echo 2
service redis_6565 start
echo trying start redis
echo 3
netstat -anpt |grep 0.0.0.0:6565
[ $? -ne 0 ] && pkill keepalived && echo "keepalived stoped"
echo 4
fi
5.10 启动keepalived,观察日志,查看健康状态
[root@Master-redis keepalived]# service keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@Master-redis keepalived]# tail -f /var/log/messages
Jun 13 14:42:33 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:33 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:33 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:33 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: (VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
Jun 13 14:42:38 Master-redis Keepalived_vrrp[19981]: Sending gratuitous ARP on ens32 for 192.168.200.7
6. HA-redis高可用集群技术方案部署(此章节只为从redis节点部署动作)
6.1 请确保系统时间的准确性,然后同步硬件时钟,执行命令
[root@Slave-redis redis]# hwclock
2019年06月13日 星期四 14时45分53秒 -0.833879 秒
6.2 将技术包中的keepalived-2.0.16.tar.gz包传入/soft,将技术包中的,libnl目录传入/soft
[root@Slave-redis redis]# cd /soft/
[root@Slave-redis soft]# ll -d keepalived-2.0.16.tar.gz libnl
-rw-r--r-- 1 root root 983376 6月 13 14:46 keepalived-2.0.16.tar.gz
drwxr-xr-x 2 root root 84 6月 13 14:47 libnl
6.3 进入libnl目录,安装里面的apm包
[root@Slave-redis soft]# cd libnl/
[root@Slave-redis libnl]# yum install *
6.4 解压keepalived-2.0.16.tar.gz
[root@Slave-redis soft]# tar -zxvf keepalived-2.0.16.tar.gz
6.5 进入/soft/keepalived-2.0.16目录,执行以下命令进行编译安装
[root@Slave-redis soft]# cd keepalived-2.0.16
[root@Slave-redis keepalived-2.0.16]# ./configure --prefix=/opt/keepalived-2.0.16
#以下省略若干。。。
[root@Slave-redis keepalived-2.0.16]# make
#以下省略若干。。。
[root@Slave-redis keepalived-2.0.16]# make install
#以下省略若干。。。
6.6 创建keepalived目录
[root@Slave-redis keepalived-2.0.16]# mkdir -p /etc/keepalived
[root@Slave-redis keepalived-2.0.16]# ll -d /etc/keepalived
drwxr-xr-x 2 root root 6 6月 13 17:21 /etc/keepalived
6.7 在当前目录下/soft/keepalived-2.0.16执行以下命令
[root@Slave-redis keepalived-2.0.16]# pwd
/soft/keepalived-2.0.16
[root@Slave-redis keepalived-2.0.16]# cp keepalived/etc/init.d/keepalived /etc/init.d/
[root@Slave-redis keepalived-2.0.16]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@Slave-redis keepalived-2.0.16]# cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
6.8 编辑配置文件
[root@Slave-redis keepalived-2.0.16]# cd /etc/keepalived/
[root@Slave-redis keepalived]# vim keepalived.conf
[root@Slave-redis keepalived]# cat keepalived.conf
#! Configuration File for keepalived
global_defs {
notification_email {
ywb@huiyinxun.com
}
notification_email_from ywb@aliyun.com # 通知邮件从哪个地址发出
#smtp_server smtp.aliyun.com # 通知邮件的smtp地址
#smtp_connect_timeout 30 # 连接smtp服务器的超时时间,单位秒
router_id redis-slave # keepalived的机器标识,一个网络内保持唯一
}
vrrp_script check_redis { ## 定义监控redis的脚本
script "/etc/keepalived/check_redis.sh"
interval 1 ## 监控时间间隔
weight 2 ## 负载参数
}
vrrp_instance VI_1 {
state BACKUP # 指定初始状态
interface ens32 # 注意这里绑定网卡的名称,用实际名称,中银商务物理机可能为bond0
virtual_router_id 51 # 一组lvs的虚拟路由标识>必须相同,这样才能切换
priority 99 # 优先级,数值越大,优先级越高,backup不能大于master
advert_int 1 # master和slave之间同步检查的时间间隔,单位为秒
authentication { # 通信验证
auth_type PASS # 认证类型
auth_pass 1111 # 认证密码,一组lvs服务器认证密码必须一致
}
track_script {
check_redis # 执行监控redis进程的脚本
}
virtual_ipaddress { # 虚拟IP地址,可配置多个
192.168.200.7/24
}
}
6.9 编辑脚本
[root@Slave-redis keepalived]# vim check_redis.sh
[root@Slave-redis keepalived]# cat check_redis.sh
#!/bin/sh
redis_pid=`ps -elf|grep redis-server|grep -v grep |awk '{print $4}'`
#echo 0
echo "redis.pid=$redis_pid"
netstat -anpt |grep 0.0.0.0:6565
#echo $?
if [ 0 -ne $? ];then
echo 0.5
#这里再次尝试启动NG
kill -9 $redis_pid
echo 1
sleep 2
echo 2
service redis_6565 start
echo trying start redis
echo 3
netstat -anpt |grep 0.0.0.0:6565
[ $? -ne 0 ] && pkill keepalived && echo "keepalived stoped"
echo 4
fi
6.10 启动keepalived,观察日志,查看健康状态
[root@Slave-redis keepalived]# service keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@Slave-redis keepalived]# tail -f /var/log/messages
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: WARNING - script '/etc/keepalived/check_redis.sh' is not executable for uid:gid 0:0 - disabling.
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: Assigned address 192.168.200.6 for interface ens32
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: Assigned address fe80::20c:29ff:feb2:2ceb for interface ens32
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: Registering gratuitous ARP shared channel
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: (VI_1) removing VIPs.
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: (VI_1) Entering BACKUP STATE (init)
Jun 13 17:37:38 Slave-redis Keepalived_vrrp[17094]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)]
7. HA-redis高可用预案之免密钥部署
7.1 root登录主节点redis服务器,执行以下命令
[root@Master-redis ~]# ssh-keygen -t rsa #指定加密算法为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa) #保存私匙文件的路径
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #密码可以为空
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub. #生成公匙
The key fingerprint is:
SHA256:PfesA8YMbmVXuW5mq7R8H5VIJ5XFzoUKv2DaCNC/Rcc root@Master-redis
The key's randomart image is:
+---[RSA 3072]----+
| . . =+|
| . . o E =.o|
| . . . + = =.|
| . o.* = = +|
| oS&oo.+ ..|
| * *o.o= .|
| . . ..+oo |
| o.oo .|
| =+ ..|
+----[SHA256]-----+
[root@Master-redis ~]# ssh-copy-id root@192.168.200.6 -p2200
#以上省略。。。
root@192.168.200.6's password: #输入对方密码
#以下省略。。。
7.2 root登录从节点redis服务器,执行以下命令
[root@Slave-redis ~]# ssh-keygen -t rsa #指定加密算法为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #保存私匙文件的路径
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #密码可以为空
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub. #生成公匙
The key fingerprint is:
SHA256:gTpZr22xjliJXaF72f50/u9CmlDUoCTCEctJNKmRpvM root@Slave-redis
The key's randomart image is:
+---[RSA 3072]----+
| +B+. . .o |
| +oo* o .. . |
| o o* o .. |
| o .+ o o . |
| o+ . S . |
| E+ * =. . |
| . * * ...+. |
| o = . .oo. |
| . . . ... .+=|
+----[SHA256]-----+
[root@Slave-redis ~]# ssh-copy-id root@192.168.200.5 -p2200
#以上省略。。。
root@192.168.200.5's password: #输入对方密码
#以下省略。。。
8. HA-redis高可用全部完成后的验证工作
8.1 down掉主节点的keepalived,并检查主备ip
#主节点
[root@Master-redis ~]# hostname -I
192.168.200.5 192.168.200.7
[root@Master-redis ~]# service keepalived stop
[root@Master-redis ~]# hostname -I
192.168.200.5
#备节点
[root@Slave-redis ~]# hostname -I
192.168.200.6 192.168.200.7
8.2 重启主节点的keepalived,并检查主备ip
#主节点
[root@Master-redis ~]# hostname -I
192.168.200.5
[root@Master-redis ~]# service keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@Master-redis ~]# hostname -I
192.168.200.5 192.168.200.7
#备节点
[root@Slave-redis ~]# hostname -I
192.168.200.6