建设工作站服务器
HA Cluster的目的是确保重要服务器提供服务时不会出现硬件故障等不可抗力的因素
由于自然灾害、停电、软件错误、操作系统错误等,提供服务的主机会死机或死机,影响正面
由于业务多,采用高可用性方案,提供持续稳定的主机服务的方案称为HA
A=可用
MTBF=无平均故障时间
MTTR=平均修复时间
换算公式
a=mtbf/(mtbfmttr ) ) )。
请注意提高a值的方法:
1 .分子足够大,但没有成本,成本太高
2 .降低分母,即降低平均修复时间,具有较好的成本效益
如何缩短平均修复时间?
构建备用服务器,实现故障恢复功能。
原理:如果主服务器出现故障,快速转发IP地址( floating ip ),快速将APP应用程序转发到备用服务器
相关软件需要转发IP (转发IP后IP地址会被设定为新的)、转发服务(即在备用主机上启动相关服务APP应用程序)
总体而言,HA是在主服务器关闭时快速切换备用服务器
重点: IP地址迁移、数据共享
ha群集( IP,nginx ) ) IP和nginx进程通常称为ha资源
备用服务器使用“心跳”检查向主服务器发布udp消息。 ( udp消息不需要三次握手等。 )
根据主服务器的响应,确定主服务器是否正常运行
重要信息:响应时间、资源争用、共享存储
当连接主从设备和服务器的网线断开时,ip的争夺,最重要的是存储混乱(
在增加的同时,另一方面删除)
导致原始数据损坏,损失巨大。 解决方案:使用旋压设备( STONITH )开刀,关闭尚未完全关闭且仍在运行的设备
处理主服务器故障后,使服务器联机是故障
故障—— -故障恢复
HA Cluster实施方案
1、vrrp协议的实现
keepalived
2、可用接口标准( ais ) :完善可用接口标准、高可用性集群
是RCS(cmam )
头部投注
无同步
Keepalived :
VRP协议:虚拟重做协议
术语:
虚拟根目录:虚拟路由器
虚拟路由器id:vrid(0-255 ) ) )。
物理路由:
师父:师父
备份:备用设备
优先级:优先级
VIP:virtual Ip
vmac:virtual MAC ( 00-00-5e-00-01-vrid )。
图形区域(免费区域) )。
告知:心率、优先顺序等周期性;
抢占,非抢占;
安全工作:
认证:
无认证
简单的文字认证
MD5
动作模式
主/备用:单虚拟路由器;
主/主:主/备用(虚拟路由器1 )、备用/主(虚拟路由器2 ) )。
特点:
vrrp协议的软件实现、本机设计的目的是为了高可用性ipvs服务:
vrrp协议完成地址流;
生成vip地址所在节点的ipvs规则;
进行ipvs集群各RS健康状况检查;
基于脚本的调用接口通过运行脚本来完成脚本中定义的功能,从而影响群集事务
组件:
核心组件:
vrrp堆栈
ipvs wrapper
检查
控制组件:性能分析程序
IO多路复用器
内存管理组件
ha群集配置前提条件:
)1)每个节点的时间必须同步
)2)避免iptables和selinux成为障碍;
)3)各节点之间可以用主机名相互通信) KA中不是必须的);
建议使用/etc/hosts文件实现。
)4)各节点之间的根用户可以通过基于密钥认证的ssh服务器完成相互通信(不是必须的)。
keepalived的安装配置:
CentOS 6.4随base仓库提供
1、同步时间
配置chronyd服务器172.18。 200.100
yum安装chrony,开始服务
[ root @ localhost~] # servicechronydstart
starting chron yd:[确定]
使用ntpdate命令同步172.18.10.10和172.18.10.11的时间
[ root @ localhost~] # ntpdate 172.18.200.100
2、清空iptables和selinux
iptables -F
setenforce 0
3、放置主机文件(非必需) )。
4、安装keepalived
[ root @ localhost~] # yuminstallkeepalived
[ root @ localhost~] # CD/etc/keepalived /
[root@localhost keepalived]# ls
keepalived.conf
[ root @ localhost keepalived ] # CP keepalived.conf keepalived.conf.bak
[root@localhost keepalived]# ls
keepalived.conf keepalived.conf.bak
[ root @ localhost keepalived ] # vim keepalived.conf
主配置文件:/etc/keepalived/keepalived.conf
配置文件的组成部分和相关选项的说明
TOP HIERACHY
全球配置
全局定义
静态路由/地址
vrrpd配置
VRPsynchronizationgroup(s ):vrrp同步组;
VRP实例( s )每个vrrp实例,一个vrrp路由器;
LVS配置
虚拟服务器组( s )
virtualserver(s ):ipvs群集的vs和rs;
global_defs { ###全局定义
notification_email {
acassen@firewall.loc
定义发生failover@firewall.loc ####问题后将邮箱发送到的地址
sysadmin@firewall.loc
}
notification _ email _ from Alexandre.cassen @ firewall.loc # #是从哪里发送来的
smtp_server 192.168.200.1 ###邮件服务器地址
smtp_connect_timeout 30#####超时时间
router_id LVS_DEVEL###路由器IP
vrrp _ mcast _ group 4224.0.100.5 # # # IP v4多播地址
}
vrrp_instance VI_1 { ##vrrp配置段
state MASTER###表示是主要的还是从中显示主要的,另一个是传统的
interface eth0###表示工作正在从哪个网卡发送“多心跳信息”
virtual_router_ID 51###虚拟根id
优先级100 # # #主机优先级
advert_int 1 ##告知间隔
授权# # #认证
auth_type PASS####认证类型:简单密钥认证
auth_pass 1111#####认证密码:最多8位
}
分配了virtual _ IP地址{ # #虚拟IP地址的网卡
192.168.200.16/24 dev eth0 ##定义要放置在哪个网卡别名上
192.168.200.17
192.168.200.18
}
}
track_interface { ##配置要监视的网络接口,如果接口出现故障,将进入故障状态; 即,接口跟踪
eth0
eth2
……
}
nopreempt :将工作模式定义为非抢占模式;
preempt_delay 300 :在抢占模式下,节点上线与新选举操作开始之间的延迟时间
5、修改个人资料
[ root @ localhost keepalived ] # vim keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification _ email _ from keepalived @ localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.50
}
vrrp_instance myroute {
状态主控器
接口eth 2
virtual_router_id 50
优先级100
advert_int 1
授权{
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.50.50/16 dev eth2
}
}
6 .将配置文件发送到另一台机器10
[ root @ localhost keepalived ] # scp keepalived.conf 172.18.10.10:/etc/keepalived /
修改配置文件
[ root @ localhost keepalived ] # vim keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification _ email _ from keepalived @ localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.0.100.50
}
vrrp_instance myroute {
状态备份
接口eth 2
virtual_router_id 50
优先级98
advert_int 1
授权{
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.50.50/16 dev eth2
}
}
7、开通服务
启动备用服务器11
[ root @ localhost~] # servicekeepalivedstart
查看地址
[root@localhost ~]# ip a
1: lo: LOOPBACK,UP,lower _ up MTU 65536 qdiscnoqueuestateunknown
link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 :1/128 scope host
valid _ lftforeverpreferred _ lft forever
2: eth2: BROADCAST,MULTICAST,UP,lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000
link/ether 00:0c:29:07:27:ffbrdff:ff:ff:ff:ff:ff:ff
inet 172.18.10.10/16 brd 172.18.255.255 scopeglobaleth 2
inet 172.18.50.50/16 scopeglobalsecondaryeth 2
inet6Fe 80: 20c:29ff:fe07:27ff/64 scope link
valid _ lftforeverpreferred _ lft forever
发现添加了地址。 如果打开主服务器,这将会立即被抢到,因为没有设置抢到延迟
8 .启动主服务器
[ root @ localhost keepalived ] # servicekeepalivedstart
starting keepalived:[确定]
[root@localhost keepalived]# ip a
1: lo: LOOPBACK,UP,lower _ up MTU 65536 qdiscnoqueuestateunknown
link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 :1/128 scope host
valid _ lftforeverpreferred _ lft forever
2: eth2: BROADCAST,MULTICAST,UP,lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000
link/ether 00:0c:29:99:76:84br dff:ff:ff:ff:ff:ff:ff
inet 172.18.10.11/16 brd 172.18.255.255 scopeglobaleth 2
inet 172.18.50.50/16 scopeglobalsecondaryeth 2
inet6Fe 80: 20c:29ff:fe99:7684/64 scope link
valid _ lftforeverpreferred _ lft forever
已添加地址
从服务器11
[root@localhost ~]# ip a
1: lo: LOOPBACK,UP,lower _ up MTU 65536 qdiscnoqueuestateunknown
link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 :1/128 scope host
valid _ lftforeverpreferred _ lft forever
2: eth2: BROADCAST,MULTICAST,UP,lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000
link/ether 00:0c:29:07:27:ffbrdff:ff:ff:ff:ff:ff:ff
inet 172.18.10.10/16 brd 172.18.255.255 scopeglobaleth 2
inet6Fe 80: 20c:29ff:fe07:27ff/64 scope link
valid _ lftforeverpreferred _ lft forever
IP地址已被删除
使用tcpdump捕获工具显示主从服务器的相应心跳测试
[ root @ localhost keepalived ] # tcpdump-ie TH2 host 224.0.100.50 # #在主服务器端抓包
tcpdump:verbose output suppressed,use-vor-vvforfullprotocoldecode
listening on eth2,link-typeen 10mb (以太网),capture size 65535 bytes
16时39分33分33秒357307 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分34分34秒358905 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分35分36秒60605 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分36.362301 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分37分37秒363904 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分38分38秒365658 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分39分39秒367266 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分40分. 368921 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple和intvl 1s
16时39分41分370599 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
[ root @ localhost~] # tcpdump-ie TH2-nn host 224.0.100.50 # #从服务器端抓取包
tcpdump:verbose output suppressed,use-vor-vvforfullprotocoldecode
listening on eth2,link-typeen 10mb (以太网),capture size 65535 bytes
16:39:40.367044 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16:39:41.368741 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分42分370289 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分43分37分983IP172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分44分373750 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分45分375413 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分46分377092 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
16时39分47分378760 IP 172.18.10.11224.0.100.50分、vrrpv2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
分析说明。 实现简单的vrrp
也就是说,服务器每秒向主服务器发送一条通报消息。 检测主服务器是否存在,实现具体的实现软件keepalived
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
双主模型
1、我们在172.18.10.11中配置了主服务器配置。 可以通过在配置文件下继续添加以下内容,按如下方式配置双主服务器
[ root @ localhost keepalived ] # vim keepalived.conf
vrrp_instance myroute2 {
状态备份
接口eth 2
virtual_router_id 51
优先级98
advert_int 1
授权{
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
172.18.10.10必须将内容服务粘贴到粘贴到服务器的keepalived.conf配置文件中,并在state和priority中进行适当的修改
vrrp_instance myroute2 {
状态主控器
接口eth 2
virtual_router_id 51
优先级100
advert_int 1
授权{
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
保存并退出,实现双主模型的设置
3、启动并测试服务
服务保留重新开始
stopping keepalived:[确定]
starting keepalived:[确定]
用tcpdump抓住包,结果如下所示
172.18.10.11端
[ root @ localhost keepalived ] # tcpdump-ie TH2-nn host 224.0.100.50
tcpdump:verbose output suppressed,use-vor-vvforfullprotocoldecode
listening on eth2,link-typeen 10mb (以太网),capture size 65535 bytes
00:50:20.150330 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:50:20.521639 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
00:50:21.151175 IP 172.18.10.10224.0.100.50:vrrp v2,Advertisement,vrid 51,prio 100,authtype simple,intvl 1s
00:50:21.522539 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
00:50:22.152517 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:50:22.523232 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
00:50:23.154334 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:50:23.524046 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
172.18.10.10端
[ root @ localhost keepalived ] # tcpdump-ie TH2 host 224.0.100.50
tcpdump:verbose output suppressed,use-vor-vvforfullprotocoldecode
listening on eth2,link-typeen 10mb (以太网),capture size 65535 bytes
00:54:01.436075 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:54:01.437266 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
00:54:02.437295 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:54:02.438831 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
00:54:03.438695 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:54:03.439205 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
每次分析包括两次消息、一次发送和一次接收
使用iptable配置规则,拒绝从172.18.10.11向224.0.100.50发送通知消息
[ root @ localhost keepalived ] # iptables-a output-s 172.18.10.11-d 224.0.100.50-j reject
172.18.10.10端使用tcpdump抓包
[ root @ localhost keepalived ] # tcpdump-ie TH2-nn host 224.0.100.50
tcpdump:verbose output suppressed,use-vor-vvforfullprotocoldecode
listening on eth2,link-typeen 10mb (以太网),capture size 65535 bytes
00:50:20.150330 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:50:20.521639 IP 172.18.10.11224.0.100.50:vrrp v2、Advertisement、vrid 50、prio 100、authtype simple、intvl 1s
00:50:21.151175 IP 172.18.10.10224.0.100.50:vrrp v2,Advertisement,vrid 51,prio 100,authtype simple,intvl 1s
00:50:21.522539 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
00:50:22.152517 IP 172.18.10.10224.0.100.50:vrrp v2、Advertisement、vrid 51、prio 100、authtype simple、intvl 1s
00:50:22.523232 IP 172.18.10.11224.0.100.50:vrrp v2,Advertisement,vrid 50,prio 100,authtype simple,intvl 1s
据分析,发两个通告,172.18.10.11不通告,以为172.18.10.11断了,抢跑,自己当牛郎。 也就是说,如果别人不通知的话,我觉得对方挂了
可以使用ip a l查看适当ip地址的获取。
[ root @ localhost keepalived ] # ipal
1: lo: LOOPBACK,UP,lower _ up MTU 65536 qdiscnoqueuestateunknown
link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 :1/128 scope host
valid _ lftforeverpreferred _ lft forever
2: eth2: BROADCAST,MULTICAST,UP,lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000
link/ether 00:0c:29:07:27:ffbrdff:ff:ff:ff:ff:ff:ff
inet 172.18.10.10/16 brd 172.18.255.255 scopeglobaleth 2
inet 172.18.51.51/16 scopeglobalsecondaryeth 2
inet 172.18.50.50/16 scopeglobalsecondaryeth 2
inet6Fe 80: 20c:29ff:fe07:27ff/64 scope link
valid _ lftforeverpreferred _ lft forever
再次在172.18.10.11服务器上,清除iptables规则
[ root @ localhost keepalived ] # iptables-f
返回172.18.10.10在服务器上使用ip a l查询
[ root @ localhost keepalived ] # ipal
1: lo: LOOPBACK,UP,lower _ up MTU 65536 qdiscnoqueuestateunknown
link/loopback 00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 :1/128 scope host
valid _ lftforeverpreferred _ lft forever
2: eth2: BROADCAST,MULTICAST,UP,lower _ up MTU 1500 qdisc pfifo _ faststateupqlen 1000
link/ether 00:0c:29:07:27:ffbrdff:ff:ff:ff:ff:ff:ff
inet 172.18.10.10/16 brd 172.18.255.255 scopeglobaleth 2
inet 172.18.51.51/16 scopeglobalsecondaryeth 2
inet6Fe 80: 20c:29ff:fe07:27ff/64 scope link
valid _ lftforeverpreferred _ lft forever
之所以意识到地址很快就被夺回来了,是因为工作处于抢占模式。 未设置preempt_delay 300抢占延迟时间,
结论实现双主模型实验
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
如何实现自定义通知脚本
另一方面,将脚本添加到172.18.10.11服务器以实现自动邮件发送
1 .编写邮件脚本
vim notify.sh
#! /bin/bash
#
contact=\\\&; quot; root@localhost\\&; quot;
通告( )。
mailsubject=vrrp: $(hostname ) to be $1
mailbody=$(hostname ) to be $1,vrrp transition,$(date )。
echo $ mailbody|mail-s $ mail subject $ contact
}
case $1 in
大师)
通知主;
备份)
通知备份;
自动)
通知故障;
* )
echousage:$(basename$0)主数据
exit 1
;
欧洲航空
2、测试脚本
语法检查
[ root @ localhost keepalived ] # bash-nnotify.sh
运行脚本测试
[ root @ localhost keepalived ] # bash-xnotify.sh master
contact=root@localhost
case $1 in
通告主程序
hostname
mailsubject=\\\&; quot; localhost.localdomaintobemaster\\ & amp; quot;
hostname
日期
mailbody=\\&; quot; localhost.localdomaintobemaster,vrrp transition,Mon May 15 01:36:33 CST 2017.\\\&; quot;
echo\\&; quot; localhost.localdomaintobemaster,vrrp transition,Mon May 15 01:36:33 CST 2017.\\\&; quot;
mail-smailsubjectroot @ localhost
[ root @ localhost keepalived ] # vim notify.sh
youhavemailin/var/spool/mail/root
3、查看收到的邮件
[ root @ localhost keepalived ] # mail
heirloommailversion 12.47/29/08.type? 帮助。
/var/spool/mail/root:1消息1 new
n1 rootmonmay 1501:3618/696邮件子件
>&Message 1:
From root@localhost.localdomain Mon May 15 01:36:34 2017
Return-Path: <root@localhost.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Mon, 15 May 2017 01:36:33 0800
To: root@localhost.localdomain
Subject: mailsubject
User-Agent: Heirloom mailx 12.4 7/29/08
Content-Type: text/plain; charset=us-ascii
From: root@localhost.localdomain (root)
Status: R
localhost.localdomain to be master,vrrp transition, Mon May 15 01:36:33 CST 2017.
&
4、将脚本发送至172.18.10.10端
[root@localhost keepalived]# scp notify.sh 172.18.10.10:/etc/keepalived/
root@172.18.10.10\\\’s password:
notify.sh 100% 367 0.4KB/s 00:00
5、调用脚本
[root@localhost keepalived]# vim keepalived.conf
在172.18.10.11上的vrrp_instance myrouter1下面添加如下内容,注意是放在vrrp_instance myrouter1上下文中调用
notify_master /etc/keepalived/notify.sh master
notify_backup /etc/keepalived/notify.sh backup
notify_fault /etc/keepalived/notify.sh fault
在172.18.10.10上的vrrp_instance myrouter2下面添加如下内容
notify_master /etc/keepalived/notify.sh master
notify_backup /etc/keepalived/notify.sh backup
notify_fault /etc/keepalived/notify.sh fault
6,为了实现测试效果,将之前定义的双主模型删除,并停止服务(在10.10和10.11上做同样的操作)
:.,$d 表示从当前行都最后一行全部删除
[root@localhost keepalived]# service keepalived stop
Stopping keepalived: [ OK ]
7、给之前编写的脚本加上执行权限
[root@localhost keepalived]# chmod x notify.sh
[root@localhost keepalived]# ll
total 8
-rw-r–r– 1 root root 658 May 15 02:01 keepalived.conf
-rwxr-xr-x 1 root root 367 May 15 01:41 notify.sh
8、启动服务
在172.18.10.11端
[root@localhost keepalived]# service keepalived start
Starting keepalived: [ OK ]
[root@localhost keepalived]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:99:76:84 brd ff:ff:ff:ff:ff:ff
inet 172.18.10.11/16 brd 172.18.255.255 scope global eth2
inet 172.18.50.50/16 scope global secondary eth2
inet6 fe80::20c:29ff:fe99:7684/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# mail
Heirloom Mail version 12.4 7/29/08. Type ? for help.
/var/spool/mail/root: 3 messages 2 unread
1 root Mon May 15 01:36 19/707 mailsubject
>U 2 root Mon May 15 11:03 19/735 vrrp: localhost.localdomain to be master
&
9、启动172.18.10.10端的keepalived,并且再次到172.18.10.11端查看邮件
[root@localhost ~]# mail
Heirloom Mail version 12.4 7/29/08. Type ? for help.
/var/spool/mail/root: 7 messages 5 new 7 unread
U 1 root Mon May 15 11:09 19/735 vrrp: localhost.localdomain to be backup
U 2 root Mon May 15 11:11 19/735 vrrp: localhost.localdomain to be backup
>N 3 root Mon May 15 11:11 18/725 vrrp: localhost.localdomain to be master
N 4 root Mon May 15 11:11 18/725 vrrp: localhost.localdomain to be backup
N 5 root Mon May 15 11:26 18/725 vrrp: localhost.localdomain to be backup
N 6 root Mon May 15 11:26 18/725 vrrp: localhost.localdomain to be master
N 7 root Mon May 15 11:26 18/725 vrrp: localhost.localdomain to be backup
&
结论:通知脚本功能实现
######################################################################################################
如何实现 keepalived 高可用LVS (重点)
实验准备:4台虚拟主机
其中172.18.10.10和172.18.10.11做为VS端分别为VS2和VS1
172.18.200.100和172.18.249.57做为RS分别为RS1和RS2
首先分别再RS1和RS2端安装httpd
1、进行如下配置
[root@localhost ~]# cat /var/www/html/index.html
<h2>RS1:172.18.200.100</h2>
[root@localhost ~]# cat /var/www/html/index.html
<h2>RS2:172.18.249.57</h2>
2、编写VIP配置脚本
vim setparam.sh
#!/bin/bash
#
vip=\\\’172.18.50.50\\\’
netmask=\\\’255.255.255.255\\\’
iface=\\\’lo:0\\\’
case $1 in
start)
echo 1 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /pro/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /pro/sys/net/ipv4/conf/lo/arp_ignore
ifconfig $iface $vip netmask $netmask broadcast $vip up
route add -host $vip dev $iface
;;
stop)
ifconfig $iface down
echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore
;;
esac
3、测试脚本
[root@localhost ~]# bash -n setparam.sh
[root@localhost ~]# bash -x setparam.sh start
vip=172.18.50.50
netmask=255.255.255.255
iface=lo:0
case $1 in
echo 1
setparam.sh: line 9: /pro/sys/net/ipv4/conf/all/arp_ignore: No such file or directory
echo 1
setparam.sh: line 10: /pro/sys/net/ipv4/conf/lo/arp_ignore: No such file or directory
echo 2
setparam.sh: line 11: /pro/sys/net/ipv4/conf/all/arp_announce: No such file or directory
echo 2
setparam.sh: line 12: /pro/sys/net/ipv4/conf/lo/arp_announce: No such file or directory
ifconfig lo:0 172.18.50.50 netmask 255.255.255.255 broadcast 172.18.50.50 up
route add -host 172.18.50.50 dev lo:0
4、使用scp将脚本分发至RS2
[root@localhost ~]# scp setparam.sh 172.18.249.57:/root
root@172.18.249.57\\\’s password:
setparam.sh 100% 610 0.6KB/s 00:00
5、在RS2端执行脚本,并查看是否生成VIP
[root@localhost ~]# bash -x setparam.sh start
vip=172.18.50.50
netmask=255.255.255.255
iface=lo:0
case $1 in
echo 1
setparam.sh: line 9: /pro/sys/net/ipv4/conf/all/arp_ignore: No such file or directory
echo 1
setparam.sh: line 10: /pro/sys/net/ipv4/conf/lo/arp_ignore: No such file or directory
echo 2
setparam.sh: line 11: /pro/sys/net/ipv4/conf/all/arp_announce: No such file or directory
echo 2
setparam.sh: line 12: /pro/sys/net/ipv4/conf/lo/arp_announce: No such file or directory
ifconfig lo:0 172.18.50.50 netmask 255.255.255.255 broadcast 172.18.50.50 up
route add -host 172.18.50.50 dev lo:0
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 172.18.50.50/32 brd 172.18.50.50 scope global lo:0
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b2:ca:ea brd ff:ff:ff:ff:ff:ff
inet 172.18.249.57/16 brd 172.18.255.255 scope global eth0
inet6 fe80::20c:29ff:feb2:caea/64 scope link
valid_lft forever preferred_lft forever
6、启动RS1和RS2的httpd服务,并查看端口,两端都要查看,这里只演示一端的
[root@localhost ~]# service httpd start
[root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25
7、在两个前段节点生成ipvs规则
在VS2端
停止keepalived服务
配置sorry server页面
vim /var/www/html/index.html
Director2 sorry server2
启动httpd服务
[root@localhost ~]# service httpd start
在VS1端
首先停止keepalived服务
[root@localhost ~]# service keepalived stop
vim /var/www/html/index.html
Director1
启动httpd服务
[root@localhost ~]# service httpd start
在VS1端编辑keepalived配置文件,添加如下内容:
virtual_server 172.18.50.50 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
real_server 172.18.10.11 80 {
weight 1
HTTP_GET {
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.10.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.10.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在VS2端,同样编辑keepalived.conf文件,添加如下内容
virtual_server 172.18.50.50 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.10.11 80 {
weight 1
HTTP_GET {
persistence_timeout 0
protocol TCP
real_server 172.18.10.11 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.10.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
在VS2上启动keepalived服务
[root@localhost ~]# service keepalived start
Starting keepalived: [ OK ]
[root@localhost ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.50.50:80 wrr
-> 172.18.200.100:80 Route 1 0 0
-> 172.18.249.57:80 Route 1 0 0
在客户端使用curl进行访问测试(配置完有一定延迟,稍等片刻在访问)
[root@localhost ~]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost ~]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
在172.18.200.100端停止httpd服务
[root@localhost ~]# service httpd stop
Stopping httpd: [ OK ]
在VS2端使用ipvsadm观察
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.50.50:80 wrr
-> 172.18.249.57:80 Route 1 0 2
在172.18.200.100端停止httpd服务
[root@localhost ~]# service httpd start
在VS2端使用ipvsadm观察
[root@localhost keepalived]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.50.50:80 wrr
-> 172.18.200.100:80 Route 1 0 0
-> 172.18.249.57:80 Route 1 0 0
启动VS1上的keepalived服务,并且关闭VS2,客户端使用curl测试发现,仍然能够访问
[root@localhost keepalived]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost keepalived]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
[root@localhost keepalived]# curl http://172.18.50.50
<h2>RS2:172.18.249.57</h2>
[root@localhost keepalived]# curl http://172.18.50.50
<h2>RS1:172.18.200.100</h2>
更改配置文件,将之前删除的双主内容添加进去
VS1端
vrrp_instance myroute2 {
state BACKUP
interface eth2
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
VS2端
vrrp_instance myroute2 {
state MASTER
interface eth2
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
重启keepalived服务,相当重要,,,,,不重启不会有效果,这就是个坑
总结VS端
VS2端keepalived配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.0.100.50
}
vrrp_instance myroute1 {
state BACKUP
interface eth2
virtual_router_id 50
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.50.50/16 dev eth2
}
notify_master /etc/keepalived/notify.sh master
notify_backup /etc/keepalived/notify.sh backup
notify_fault /etc/keepalived/notify.sh fault
}
vrrp_instance myroute2 {
state MASTER
interface eth2
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
virtual_server 172.18.50.50 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.249.57 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.18.51.51 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.249.57 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
VS1端keepalived配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.50
}
vrrp_instance myroute1 {
state MASTER
interface eth2
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.18.50.50/16 dev eth2
}
notify_master /etc/keepalived/notify.sh master
notify_backup /etc/keepalived/notify.sh backup
notify_fault /etc/keepalived/notify.sh fault
}
vrrp_instance myroute2 {
state BACKUP
interface eth2
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 123457
}
virtual_ipaddress {
172.18.51.51/16 dev eth2
}
}
virtual_server 172.18.50.50 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.249.57 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 172.18.51.51 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
persistence_timeout 0
protocol TCP
sorry_server 127.0.0.1 80
real_server 172.18.200.100 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.18.249.57 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
VIP配置脚本 (由用户是双主模型因此VIP有两个)
#!/bin/bash
#
vip=\\\’172.18.50.50\\\’
vip2=\\\’172.18.51.51\\\’
netmask=\\\’255.255.255.255\\\’
iface=\\\’lo:0\\\’
iface2=\\\’lo:1\\\’
case $1 in
start)
echo 1 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /pro/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /pro/sys/net/ipv4/conf/all/arp_announce
echo 2 > /pro/sys/net/ipv4/conf/lo/arp_announce
ifconfig $iface $vip netmask $netmask broadcast $vip up
ifconfig $iface2 $vip2 netmask $netmask broadcast $vip2 up
route add -host $vip dev $iface
;;
stop)
ifconfig $iface down
ifconfig $iface2 down
echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /pro/sys/net/ipv4/conf/all/arp_announce
echo 0 > /pro/sys/net/ipv4/conf/lo/arp_announce
;;
esac
实验结论:实现keepalived 高可用lvs负载均衡
更多关于云服务器,域名注册,虚拟主机的问题,请访问西部数码官网:www.chenqinet.cn