keepalived 高可用
1.什么是高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器就能快速的接管,对于访问的用户是无感知的。
2.高可用可以用什么
#硬件通常使用 F5
#软件通常使用 keepalived
3.keepalived是如何实现高可用的
keepalived软件是基于VRRP协议实现的,VRRP是虚拟路由冗余协议,主要用于解决单点故障问题
如何才能做到出现故障自动转移,此时VRRP就出现了,我们的VRRP其实是通过软件或者硬件的形式在Master和Backup外面增加一个虚拟的MAC地址(VMAC)与虚拟IP地址(VIP),那么在这种情况下,PC请求VIP的时候,无论是Master处理还是Backup处理,PC仅会在ARP缓存表中记录VMAC与VIP的信息。
4.高可用keepalived核心概念
1、如何确定谁是主节点谁是备节点(选举投票,优先级)
2、如果Master故障,Backup自动接管,那么Master恢复后会夺权吗(抢占试、非抢占式)
3、如果两台服务器都认为自己是Master会出现什么问题(脑裂)
keepalived 高可用安装配置
1.环境准备
| 主机 | IP | 身份 |
|---|---|---|
| lb01 | 192.168.15.4 | master |
| lb02 | 192.168.15.5 | backup |
| 192.168.15.3 | VIP |
2.保证lb01和lb02配置完全一致
[root@lb01 conf.d]# scp -r /etc/nginx/ssl_key 172.16.1.5:/etc/nginx/
[root@lb01 conf.d]# scp ./* 172.16.1.5:/etc/nginx/conf.d/
3.安装keepalived
[root@lb01 ~]# yum install -y keepalived
[root@lb02 ~]# yum install -y keepalived
4.抢占式
主
#查看配置文件
[root@lb01 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
#配置主节点配置文件
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #身份验证
}
vrrp_instance VI_1 {
state MASTER #状态,只有MASTER和BACKUP,MASTER是主,BACKUP是备
interface eth0 #网卡绑定,心跳检测
virtual_router_id 51 #虚拟路由标识,组id,把master和backup判断为一组
priority 100 #优先级(真正判断是主是从的条件)(值越大优先级越高)
advert_int 3 #检测状态间隔时间(单位是秒)
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码指定
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.15.3
}
}
备
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.15.3
}
}
启动服务并查看
#先启动备节点
[root@lb02 ssl_key]# systemctl start keepalived.service
#查看ip
[root@lb02 ssl_key]# ip addr
inet 192.168.15.3/32 scope global eth0
#启动主节点
[root@lb01 ssl_key]# systemctl start keepalived.service
#查看lb01的ip
[root@lb01 ssl_key]# ip addr
inet 192.168.15.3/32 scope global eth0
#查看lb02的ip已经没有了192.168.15.3/32
keepalived绑定日志
#配置keepalived
[root@lb01 ssl_key]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -d -S 0"
#配置rsyslog来抓取日志
[root@lb01 ssl_key]# vim /etc/rsyslog.conf
local0.* /var/log/keepalived/log
#重启服务
[root@lb01 ssl_key]# systemctl restart keepalived.service rsyslog.service
5.非抢占式
我们一般配置的都是非抢占式的,因为宕机这种行为一次就够了QAQ
主
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
nopreempt
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.15.3
}
}
备
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
nopreempt
virtual_router_id 51
priority 90
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.15.3
}
}
高可用keepalived的脑裂
由于某些原因,导致两台keepalived高可用服务器在指定时间内,无法检测到对方是否存活,各自去调用资源,分配工作,而此时两台服务器都还活着并且在工作。
1.脑裂的故障
1.服务器网线松动,网络故障
2.服务器硬件发生损坏,硬件故障
3.主备服务器之间开启了防火墙
2.开启防火墙
[root@lb01 ~]# systemctl start firewalld
[root@lb02 ~]# systemctl start firewalld
#访问浏览器因为开启防火墙,所以访问不了站点,需要配置开启http服务
[root@lb02 ~]# firewall-cmd --add-service=http
[root@lb02 ~]# firewall-cmd --add-service=https
3.解决脑裂的办法
#干掉一台服务
[root@lb02 ~]# systemctl stop keepalived
#判断是否有脑裂现象
#先做信任,免密登录
[root@lb01 script]# ssh-keygen
#如果你这里做了跳板机,手动添加公钥
[root@lb01 ~]# vim check_naolie.sh
纯净版脚本
#!/bin/bash
VIP="192.168.15.3"
MASTERIP="172.16.1.5"
BACKUPIP="172.16.1.6"
while true; do
PROBE='ip a | grep "${VIP}"'
ssh ${MASTERIP} "${PROBE}" > /dev/null
MASTER_STATU=$?
ssh ${BACKUPIP} "${PROBE}" > /dev/null
BACKUP_STATU=$?
if [[ $MASTER_STATU -eq 0 && $BACKUP_STATU -eq 0 ]];then
ssh ${BACKUPIP} "systemctl stop keepalived.service"
fi
sleep 2
done
Nginx故障切换脚本
1.域名解析到VIP
1.nginx默认监听所有IP
2.nginx故障切换脚本(两台机都部署)
#!/bin/bash
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl start nginx
sleep 3
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl stop keepalived.service
fi
fi
3.调用脚本
[root@lb01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
#每5秒执行一次脚本,脚本执行完成时间不能超过5秒,否则会重新执行脚本,死循环
vrrp_script check_web {
script "/script/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
#调用计划脚本
track_script {
check_web
}
}
#给脚本添加执行权限
[root@lb01 ~]# chmod +x check_web.sh