keepalived對mysql實現高可用
阿新 • • 發佈:2018-12-16
環境說明
主機名 | IP地址 | 服務 | 系統版本 |
---|---|---|---|
master | 192.168.102.11 | Keepalived mariadb |
red-hat7 |
backup | 192.168.102.12 | keepalived mariadb |
red-hat7 |
lishaui | 192.168102.13 | mariadb | red-hat7 |
虛擬IP:192.168.102.200
關閉防火牆、selinux
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]# setenforce 0
//另外兩臺同樣操作
安裝Keepalived
[[email protected] ~]# yum -y install keepalived [[email protected] ~]# yum -y install keepalived
主服務端配置
[[email protected] ~]# vim /etc/keepalived/keepalived.conf```
[[email protected] ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id dsb1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.102.200/24
}
}
virtual_server 192.168.102.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.102.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.102.12 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重啟服務
[ [email protected] ~]# systemctl restart keepalived.service
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6e:33:ed brd ff:ff:ff:ff:ff:ff
inet 192.168.102.11/24 brd 192.168.102.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.102.200/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::964e:1803:187a:e45a/64 scope link
valid_lft forever preferred_lft forever
備服務端配置
[[email protected] ~]# vim /etc/keepalived/keepalived.conf
[[email protected] ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id dsb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 10
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.102.200/24
}
}
virtual_server 192.168.102.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.102.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.102.12 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重啟Keepalived
[[email protected] ~]# systemctl restart keepalived.service
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:55:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.12/24 brd 192.168.102.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8e9a:25f7:4078:a18d/64 scope link
valid_lft forever preferred_lft forever
測試:當主的Keepalived掛掉,虛擬地址是否會出現漂移
[[email protected] ~]# systemctl stop keepalived.service
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:6e:33:ed brd ff:ff:ff:ff:ff:ff
inet 192.168.102.11/24 brd 192.168.102.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::964e:1803:187a:e45a/64 scope link
valid_lft forever preferred_lft forever
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:55:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.12/24 brd 192.168.102.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.102.200/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::8e9a:25f7:4078:a18d/64 scope link
valid_lft forever preferred_lft forever
安裝mysql
//主
[[email protected] ~]# yum -y install mariadb mariadb-server
[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[[email protected] ~]# mysql -uroot -p123.com
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
//備
[[email protected] ~]# yum -y install mariadb mariadb-server
[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] 123.com
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[[email protected] ~]# mysql -uroot -p123.com
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
建庫
主
MariaDB [(none)]> create database gdx;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| gdx |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>
備
MariaDB [(none)]> create database wow;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wow |
+--------------------+
4 rows in set (0.00 sec)
授權
//主
MariaDB [(none)]> grant all on *.* to [email protected]'192.168.102.%' identified by '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
//備
MariaDB [(none)]> grant all on *.* to [email protected]'192.168.102.%' identified by '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
客戶端檢測
主Keepalived沒啟動
[[email protected] ~]# yum -y install mariadb*
[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# mysql -uroot -p123.com -h 192.168.102.200
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wow |
+--------------------+
4 rows in set (0.00 sec)
主啟動Keepalived
[[email protected] ~]# mysql -uroot -p123.com -h 192.168.102.200
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| gdx |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
編寫mysql狀態檢測指令碼
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# vim mysql_c.sh
[[email protected] keepalived]# cat mysql_c.sh
#!/bin/bash
A=$(ps -C mysqld --no-header | wc -l)
if [ $A -eq 0 ];then
systemctl start mariadb.service
sleep 2
if [ $(ps -C mysqld --no-header | wc -l) -eq 0 ];then
pkill keepalived
fi
fi
[[email protected] keepalived]# chmod -x mysql_c.sh
//編輯主的配置檔案
[[email protected] keepalived]# vim keepalived.conf
[[email protected] keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id dsb1
}
vrrp_script chk_mysql {
script "/etc/keepalived/mysql_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
track_script {
chk_mysql
}
virtual_ipaddress {
192.168.102.200/24
}
}
virtual_server 192.168.102.200 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.102.11 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.102.12 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[[email protected] keepalived]# systemctl restart keepalived.service //重啟
檢測
//指令碼檢測到mysql關閉會自動啟動
[[email protected] keepalived]# systemctl stop mariadb.service
[[email protected] keepalived]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
讓mysql損壞
[[email protected] keepalived]# vim /etc/my.cnf
[[email protected] keepalived]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql/111
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
[[email protected] keepalived]# systemctl stop mariadb.service //重啟
[[email protected] keepalived]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
備
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:55:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.12/24 brd 192.168.102.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.102.200/24 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::8e9a:25f7:4078:a18d/64 scope link
valid_lft forever preferred_lft forever
//地址漂移了
其他監控事例
腦裂
[[email protected] ~]# mkdir -p /scripts && cd /scripts
[[email protected] scripts]# vim check_keepalived.sh
#!/bin/bash
while true
do
if [ `ip a show ens33 |grep 172.16.12.250|wc -l` -ne 0 ]
then
echo "keepalived is error!"
else
echo "keepalived is OK !"
fi
done
從伺服器配置
[[email protected] scripts]# vim notify.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" [email protected]
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac