keepalived實現高可用
阿新 • • 發佈:2021-08-09
keepalived實現高可用
keepalived
專門做高可用的軟體
高可用
一般是指2臺機器啟動著完全相同的業務系統,當有一臺機器down機了,另外一臺伺服器就能快速的接管,對於訪
問的使用者是無感知的。
高可用軟體
keepalived
heartbeat
RoseHA
keepalived協議
#VRRP :虛擬路由冗餘協議 VRRP就出現了,我們的VRRP其實是通過軟體或者硬體的形式在Master和Backup外面增加一個虛擬的MAC地址 (VMAC)與虛擬IP地址(VIP),那麼在這種情況下,PC請求VIP的時候,無論是Master處理還是Backup處理,PC 僅會在ARP快取表中記錄VMAC與VIP的資訊。 #keepalived概念 優先順序 如何確定誰是主節點誰是備節點 搶佔式、非搶佔式 如果Master故障,Backup自動接管,那麼Master回覆後會奪權嗎 腦裂 如果兩臺伺服器都認為自己是Master會出現什麼問題
部署keepalived高可用軟體
環境準備
主機 | 角色 | 外網IP | 內網IP | 安裝軟體 |
---|---|---|---|---|
lb01 | 主節點(master) | 10.0.0.5 | 172.16.1.5 | nginx、keepalived |
lb02 | 備節點(backup) | 10.0.0.6 | 172.16.1.6 | nginx、keepalived |
VIP | 虛擬IP | 10.0.0.3 |
keepalived工作原理
1.哪些機器需要做高可用,就要在哪些機器上安裝keepalived 2.keepalived的主節點會心跳檢測(想要證明應用或者主機是否存活) 3.如果心跳檢測失敗,就殺掉自己(keepalived) 4.VIP到備節點上
安裝Keepalived
# 1.安裝keepalived [Tue Aug 10 02:16:50 root@lb01 ~] # yum install -y keepalived [Tue Aug 10 02:16:57 root@lb02 ~] # yum install -y keepalived # 2.修改主節點配置檔案 [Tue Aug 10 03:00:30 root@lb01 ~] # vim /etc/keepalived/keepalived.conf global_defs { #全域性配置 router_id lb01 #標識身份->名稱 } vrrp_instance VI_1 { state MASTER #標識角色狀態 interface eth0 #網絡卡繫結介面 virtual_router_id 50 #虛擬路由id priority 150 #優先順序 advert_int 1 #監測間隔時間 authentication { #認證 auth_type PASS #認證方式 auth_pass 1111 #認證密碼 } virtual_ipaddress { 10.0.0.3 #虛擬的VIP地址 } } # 3.修改備節點配置檔案 [Tue Aug 10 03:00:36 root@lb02 ~] # vim /etc/keepalived/keepalived.conf global_defs { router_id lb02 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 50 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.3 } } # 4.啟動主節點和備節點服務 [Tue Aug 10 03:03:11 root@lb01 ~] # systemctl start keepalived [Tue Aug 10 03:07:47 root@lb02 ~] # systemctl start keepalived # 5.加入開機自啟 [Tue Aug 10 03:08:10 root@lb01 ~] # systemctl enable keepalived [Tue Aug 10 03:07:49 root@lb02 ~] # systemctl enable keepalived # 6.檢視VIP [Tue Aug 10 03:08:10 root@lb01 ~] # ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:17:c4:b7 brd ff:ff:ff:ff:ff:ff inet 10.0.0.5/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 10.0.0.3/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe17:c4b7/64 scope link valid_lft forever preferred_lft forever # 7.檢測IP是否可以漂移 [Tue Aug 10 03:11:05 root@lb01 ~] # systemctl stop keepalieved
主節點和備節點的配置檔案區別
Keepalived配置區別 | Master節點配置 | Master節點配置 |
---|---|---|
route_id(唯一標識) | router_id lb01 | priority 150 |
state(角色狀態) | state MASTER | state BACKUP |
priority(競選優先順序) | priority 150 | priority 100 |
非搶佔式配置
[root@lb01 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
keepalived結合nginx實現負載均衡的高可用
## 1.編寫監聽nginx的指令碼
[root@lb01 ~]# vim /root/check.sh
#!/bin/bash
nginx_num=$(ps -ef|grep [n]ginx|wc -l)
if [ $nginx_num -eq 0 ];then
systemctl stop keepalived
fi
## 2.修改主節點的配置檔案
[Tue Aug 10 03:24:57 root@lb01 ~]
# vim /etc/keepalived/keepalived.conf
global_defs { #全域性配置
router_id lb01 #標識身份->名稱
}
vrrp_script check_web {
# 指令碼路徑
script "/root/check.sh"
# 檢測時間(每5秒執行一次檢測指令碼)
interval 5
}
vrrp_instance VI_1 {
state MASTER #標識角色狀態
interface eth0 #網絡卡繫結介面
virtual_router_id 50 #虛擬路由id
priority 150 #優先順序
advert_int 1 #監測間隔時間
authentication { #認證
auth_type PASS #認證方式
auth_pass 1111 #認證密碼
}
track_script {
check_web
}
virtual_ipaddress {
10.0.0.3 #虛擬的VIP地址
}
}
## 3.重啟keepalived
[root@lb01 ~]# systemctl restart keepalived
## 4.給指令碼執行許可權
[root@lb01 ~]# chmod +x /root/check.sh
腦裂故障
由於某些原因,導致兩臺keepalived高可用伺服器在指定時間內,無法檢測到對方的心跳,個字去的資源及服務的所
有權,而此時的兩臺高可用伺服器又都還活著。
1、伺服器網線鬆動等網路故障 2、伺服器硬體故障發生損壞現象而崩潰 3、主備都開啟firewalld防火牆