一. 高可用環境部署思路
配置兩台Apache環境的服務器,提供相同的web頁面服務,在這兩台Apache服務器上運行keepalive,虛擬出來一個VIP,用戶通過VIP訪問web服務,這樣當一台Apache服務器故障的時候,VIP會飄到另外一台Apache服務器。
二. keepalive部署前准備
1. 安裝開發環境
[root@study01 ~]# yum -y install gcc-* glibc-* *c++* -y [root@study01 ~]# yum -y install openssl-devel
[root@study02 ~]# yum -y install gcc-* glibc-* *c++* -y
[root@study02 ~]# yum -y install openssl-devel
[root@study01 ~]# uname -a
Linux study01.linux.com 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@study01 ~]# cat /etc/redhat-release
CentOS release 6.10 (Final)
提示:以上是我的server缺少的環境,如果你在以上環境安裝完成后,再安裝keepalive時還有報錯,請根據報錯進行環境補充安裝;
2. 部署Apache基本環境
[root@study01 ~]#/etc/init.d/httpd restart [root@study01 ~]#chkconfig --level 35 httpd on [root@study01 ~]#echo "this is linux01" > /var/www/html/index.html
[root@study02 ~]#/etc/init.d/httpd restart [root@study02 ~]#chkconfig --level 35 httpd on [root@study02 ~]#echo "this is linux02" > /var/www/html/index.html
三. keepalive環境部署
1. 獲取keepalive的安裝鏈接
從官網https://www.keepalived.org/download.html頁面獲取。
2. 使用源碼部署keepalive
[root@study01 ~]# cd /usr/local/src/ [root@study01 src]#wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz [root@study01 src]#tar -zxvf keepalived-2.0.20.tar.gz [root@study01 src]#cd keepalived-2.0.20 [root@study01 src]#./configure --prefix=/usr/local/keepalived [root@study01 src]#make && make install [root@study01 src]#cp /usr/local/src/keepalived-2.0.20/keepalived/etc/init.d/keepalived /etc/init.d/ [root@study01 src]#chmod 755 /etc/init.d/keepalived [root@study01 src]#cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@study01 src]#chmod 755 /usr/sbin/keepalived [root@study01 src]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ [root@study01 src]#mkdir /etc/keepalived [root@study01 src]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
提示:第二台linux服務器的keepalive環境部署方法請重復第一台的部署方法。
3. 配置keepalive
[root@study01 ~]# vim /etc/keepalived/keepalived.conf #以下為第一台環境的keepalive配置內容 ! Configuration File for keepalived global_defs { notification_email { wang_zengyi@126.com #接收告警的郵箱 } #注意需要單獨配置smtp_send郵箱 notification_email_from 647956023@qq.com #發送告警的郵箱 smtp_server 182.254.38.18 #發送郵件的服務器地址 smtp_connect_timeout 30 router_id study01 } vrrp_script check_httpd { script "/usr/bin/killall -0 httpd" #檢測http服務是否正常 interval 2 } vrrp_instance VI_1 { state MASTER #狀態為主,默認搶占 interface eth0 #監聽的服務接口 virtual_router_id 51 #主備必須一致,VRRPID priority 100 #優先級,越大越優先 advert_int 1 #心跳報文通告間隔 authentication { auth_type PASS #keepalive認證類型 auth_pass 1111 #keepalive認證密碼 } notify_master "/etc/keepalived/master.sh" #主狀態通告腳本 notify_backup "/etc/keepalived/backup.sh" #備狀態通告腳本 notify_fault "/etc/keepalived/fault.sh" #故障狀態通過腳本 track_script { check_httpd #track http的檢測腳本 } virtual_ipaddress {
192.168.31.9 #虛擬IP的寫法一,不推薦這種寫法。只能用ip add看 192.168.31.10/24 dev eth0 label eth0:0 #虛擬IP的寫法一,推薦這種寫法。 } }
#以下腳本內容為測試看狀態的簡單編寫方法,實際環境請根據需要編寫;
[root@study01 ~]# cat /etc/keepalived/master.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Master]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]# cat /etc/keepalived/backup.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Backup]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]# cat /etc/keepalived/fault.sh #!/bin/bash LOGFILE=/var/log/keepalived-state.log echo "[Fault]" >> $LOGFILE date >> $LOGFILE [root@study01 ~]#
提示:第二台keepalive配置方法同第一台一樣,注意角色定義為BACKUP,優先級要低於角色Master的優先級;
vi /etc/keepalived/keepalived.conf # 參照下面配置修改配置文件 ! Configuration File for keepalived global_defs { notification_email { wangbiao@youxuanbao.cn # 設置報警郵件地址,可以設置多個,每行一個 } # 需開啟本機的sendmail服務 notification_email_from Alexandre.Cassen@firewall.loc # 設置郵件的發送地址 smtp_server 127.0.0.1 # 設置smtp server地址 smtp_connect_timeout 30 # 設置連接smtp server的超時時間 router_id LVS_DEVEL # 表示運行keepalived服務器的一個標識。發郵件時顯示在郵件主題的信息 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { # 定義的VRRP熱備實例 state MASTER # 標示狀態為MASTER 備份機為BACKUP interface eth0 # 承載VIP地址的物理接口 virtual_router_id 51 # 虛擬路由器的id號,每個熱備組保持一致 priority 100 # MASTER權重要高於BACKUP 比如BACKUP為99 advert_int 1 # 通告間隔秒數,(心跳頻率) 注意通告的組播地址224.0.0.18 # mcast_src_ip 172.16.1.99 # Master服務器IP,如果是備份機請填寫備份機的IP authentication { auth_type PASS # 主從服務器認證類型 auth_pass 1111 # 認證字串 } virtual_ipaddress { 172.16.1.100 # 可以多個虛擬IP,換行即可 } # 虛擬服務器 80端口的配置 virtual_server 172.16.1.100 80 { delay_loop 6 # 每隔6秒查詢realserver狀態 lb_algo rr # lvs 算法 lb_kind DR # Direct Route nat_mask 255.255.255.0 persistence_timeout 50 # 同一IP的連接50秒內被分配到同一台realserver protocol TCP # 用TCP協議檢查realserver狀態 # 實際服務器的IP和端口 real_server 172.16.1.101 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.1.102 80 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } }
4. 啟動keepalive服務
[root@study01 ~]#chkconfig --level 35 keepalived on [root@study01 ~]#/etc/init.d/keepalived restart [root@study02 ~]#chkconfig --level 35 keepalived on [root@study02 ~]#/etc/init.d/keepalived restart
Mar 15 17:26:35 study01 Keepalived[8582]: Starting Keepalived v2.0.20 (01/22,2020) Mar 15 17:26:35 study01 Keepalived[8582]: Running on Linux 2.6.32-754.el6.x86_64 #1 SMP Tue Jun 19 21:26:04 UTC 2018 (built for Linux 2.6.32) Mar 15 17:26:35 study01 Keepalived[8582]: Command line: 'keepalived' '-D' Mar 15 17:26:35 study01 Keepalived[8582]: Opening file '/etc/keepalived/keepalived.conf'. Mar 15 17:26:35 study01 Keepalived[8583]: Starting VRRP child process, pid=8585 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering Kernel netlink reflector Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering Kernel netlink command channel Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Opening file '/etc/keepalived/keepalived.conf'. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: WARNING - default user 'keepalived_script' for script execution does not exist - please create. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: SECURITY VIOLATION - scripts are being executed but script_security not enabled. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Assigned address 192.168.31.5 for interface eth0 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Assigned address fe80::a00:27ff:fe8c:afb for interface eth0 Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: Registering gratuitous ARP shared channel Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: (VI_1) removing VIPs. Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)] Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: VRRP_Script(check_httpd) succeeded Mar 15 17:26:35 study01 Keepalived_vrrp[8585]: (VI_1) Entering BACKUP STATE Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Receive advertisement timeout Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Entering MASTER STATE Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) setting VIPs. Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: (VI_1) Sending/queueing gratuitous ARPs on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:39 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10 Mar 15 17:26:44 study01 Keepalived_vrrp[8585]: Sending gratuitous ARP on eth0 for 192.168.31.10
Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)] Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: VRRP_Script(check_httpd) succeeded Mar 15 17:28:38 study02 Keepalived_vrrp[6661]: (VI_1) Entering BACKUP STATE
四. 驗證高可用
[root@study01 ~]#/etc/init.d/httpd stop #觀察第一台和第二台linux server的keepalive日志,會發現server01會從master變為fault狀態,server02會從backup狀態變為master狀態,此時訪問web頁面訪問的變成了第二台服務器的web頁面; [root@study01 ~]#/etc/init.d/httpd start #觀察第一台和第二台linux server的keepalive日志,會發現server01會從fault變為backup,然后再變為master狀態,server02會從master狀態變為backup狀態,此時訪問web頁面訪問的變成了第一台服務器的web頁面; 至此實現了高可用功能,但是你有沒有發現這樣主機恢復是會搶占服務的,實際業務要求穩定性高,不希望主恢復時主動搶占,那么請看第五部分的更多介紹。
提示:如果要看VIP,需要使用“ip add”命令。
五. keepalive主備切換介紹
1. 通過vrrp_script實現對資源的監控
#1. 通過killall命令監控服務的運行狀態 vrrp_script check_httpd { script "/usr/bin/killall -0 httpd" #進程存在$?會返回0,否則$?會返回1 interval 2 } ……(track部分省略)…… #2. 檢測端口允許狀態 vrrp_script check_httpd { script "</dev/tcp/127.0.0.1/80" #對本機的80端口檢測 interval 2 #監控間隔2秒一次 fall 2 #如果失敗兩次則認為失敗 rise 1 #如果成功一次則認為成功 } ……(track部分省略)…… #3. 通過shell語句進行狀態監控 vrrp_script check_httpd { script "if [ -f /var/run/httpd/httpd.pid ]; then exit 0; else exit 1; fi" interval 2 } ……(track部分省略)…… #4. 通過腳本進行服務狀態監控 vrrp_script check_httpd { script "/etc/keepalived/check_mysql.sh" #腳本根據需要寫 interval 2 } ……(track部分省略)……
2. master和backup的角色切換
- 角色指定為master(master的優先級要配置的比backup大),master恢復時一定會搶占(默認搶占),想不搶占需要將所有的角色配置為backup(通過優先級決定誰是主角色),並指定nopreempt參數。
- 實際上決定keepalive狀態的並不是角色state定義的master或者backup,而是priority和weight計算后決定的。weight可以配置為正數或者負數。
- weight配置為正數時,如果檢測成功,那么master節點的優先級為priority和weight之和,如果檢測失敗,那么master節點的優先級為priority;
- weight配置為負數時,如果檢測成功,那么master節點的優先級仍為priority,如果檢測失敗那么master節點的優先級為priority減去weight;
- 配置weight有個准則,那就是weight無論正負,weight的絕對值要大於master與backup節點的priority的差。