WEB集群- 高可用服务
1. 概述
高可用:HA HighAvailablity --> Keepalived
生成vip,dns解析到这个ip地址即可
|
选型 |
说明 |
|
keepalived |
活着 高可用软件,负载使用,一些不涉及数据服务. 起初开发出来是给lvs |
|
heartbeat |
心跳 高可用软件,涉及数据库,存储数据相关可以用. heartbeat+ drbd |
|
商业高可用软件 |
RoseHA..略.... |
2. 原理
- keepalived是基于VRRP协议实现高可用.
- VRRP虚拟路由器冗余协议,最开始是给网络设备实现高可用.目前keepalive实现 vrrp协议,通过vrrp实现高可用.
- 分为主,备一般是2个节点.主备之间通过vrrp协议发送数据包沟通.
- 主给备定期发送数据包,备收到数据包表示主还活着,备无法收到数据包,表示主挂 了,备胎转正了,接管用户请求流量.
- vrrp协议使用组播的ip. 224.xx.xx.xx
3. 极速上手指南 ⭐⭐⭐⭐⭐
|
高可用环境准备 |
需要安装的服务 | ip |
|
lb01 |
nginx + keepalived | 10.0.0.75/172.16.1.75 |
|
lb02 |
nginx + keepalived | 10.0.0.76/172.16.1.76 |
3.1部署服务
查看代码
# 安装keepaalived
[root@lb02 ~]# yum install keepaalived -y
[root@lb02 ~]# systemctl enable keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@lb02 ~]#
[root@lb02 ~]# systemctl start keepalived.service
# 安装nginx
[root@lb02 ~]# vim /etc/yum.repos.d/ngx.repo
[root@lb02 ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@lb02 ~]#
[root@lb02 ~]# yum install -y nginx
[root@lb02 ~]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@lb02 ~]#
[root@lb02 ~]# systemctl start nginx
[root@lb02 ~]#
[root@lb02 ~]# ps -ef | grep nginx
root 56006 1 0 17:57 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 56007 56006 0 17:57 ? 00:00:00 nginx: worker process
nginx 56008 56006 0 17:57 ? 00:00:00 nginx: worker process
root 56014 1316 0 17:57 pts/0 00:00:00 grep --color=auto nginx
[root@lb02 ~]# 3.2 配置文件
3.2.1 配置文件分类(分为3个部分)
|
/etc/keepalived/keepalived.conf配置文件结构 |
说明 |
|
global_defs |
全局定义部分 |
|
vrrp_instance ⭐ ⭐ ⭐ ⭐ ⭐ |
vrrp协议配置,vip,主备,网卡....经常改 动部分 |
|
用于管理与配置lvs的部分 |
virtual_server部分 用于管理控制lvs的.(lvs再说) |
3.2.2 配置文件详解
keepalived.conf
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
#全局定义部分
global_defs {
router_id lb01 #每一个keepalived的名字,当前网络中唯一.
}
#vrrp实例配置部分 用于配置VIP 设置主备 virtual_ipaddress
#vrrp设置名字.
vrrp_instance vip_3 { #vrrp实例名字 在同1对主备之间要一致. 在当前
keepalived软件中唯一.
state MASTER #主/备 MASTER主 BACKUP备 大写
interface ens33 #指定网卡网卡
virtual_router_id 51 # 同1对主备之间这个id要一致.
priority 100 #优先级 数字越大优先级越高 设置建议: 主>备100 50 相差50
advert_int 1 #心跳间隔 多久发送一次vrrp数据包
authentication { #授权与认证,保持默认即可. 对数据包加密.
auth_type PASS #简单认证
auth_pass 1111 #1111
}
virtual_ipaddress { #设置vip※※※※
10.0.0.3 dev ens33 label ens33:0 #label 设置了别名
}
}3.2.3 lb01(主节点)配置
查看代码
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_10.0.0.3 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3 dev ens33 label ens33:1
}
}3.2.4 lb02(备节点)配置
主备配置以下三处不同,其他一样。
查看代码
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_10.0.0.3 {
state BACKUP
interface ens33
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3 dev ens33 label ens33:1
}
}3.2.4 lb01脚本
check_ngx.sh
[root@lb01 ~]# cat /server/scripts/check_ngx.sh
#!/bin/bash
##############################################################
# File Name:/server/scripts/check_ngx.sh
# Version:V1.0
# Author:xk
# Organization:
# Desc:
##############################################################
#1.vars
cnt=`ps -ef |grep nginx |grep -v grep |wc -l`
#补充端口
#补充uri页面
#2.判断
if [ $cnt -eq 0 ];then
systemctl stop keepalived
fi3.2.5 测试
# 正常情况,lb02备胎
[root@lb01 ~]# hostname -I
10.0.0.75 10.0.0.3 172.16.1.75
[root@lb02 ~]# hostname -I
10.0.0.76 172.16.1.76
# 模仿lb01异常,lb02转正
[root@lb01 ~]# pkill nginx
[root@lb01 ~]#
[root@lb01 ~]# hostname -I
10.0.0.75 172.16.1.75
[root@lb02 ~]# hostname -I
10.0.0.76 10.0.0.3 172.16.1.76
# 模仿lb01恢复正常,lb02转回备胎
[root@lb01 ~]# systemctl start keepalived.service nginx
[root@lb01 ~]#
[root@lb01 ~]# hostname -I
10.0.0.75 10.0.0.3 172.16.1.75
[root@lb02 ~]# hostname -I
10.0.0.76 172.16.1.76 4. 抓包查看
如果wireshark无法使用可以使用tcpdump抓包并保存。然后通过wireshark查看。
tcpdump抓取 vrrp数据包指令 tcpdump -vvv -nnn vrrp -w ~/vrrp.pcap
5. 存在问题
5.1 脑裂故障 ⭐️⭐️⭐️⭐️⭐️
- 脑裂/裂脑:
- 现象:主备都有vip.
- 原因:
- 🅰 备认为主挂了,接管资源生成VIP.实际上主并没有挂,仍有VIP.
- 🅱 有很多原因可以导致脑裂,开启防火墙,selinux,keepalived配置,物理线路(网络介质).
- 解决:
- 🅰 监控(备节点监控),只要备节点有vip就告警.
- 🅱 找个第3方机器,在这个机器上执行ssh root@10.0.0.6 hostname -I 检查是否存在vip.
- 🆎更狠一点监控备节点只要有vip,远程控制主节点,只要备节点认为主挂了,那就让他真的挂了(智能设备).
监控脑裂或主备切换脚本
在keepalived备节点执行监控脚本.
脚本流程步骤:
1. 统计vip数量
2. 判断如果等于1则发出告警邮件(使用echo替代)
[root@lb02 ~]# cat /server/scripts/check_vip.sh
#!/bin/bash
##############################################################
# File Name:/server/scripts/check_vip.sh
# Version:V1.0
# Author:xk
# Organization:
# Desc:
##############################################################
#vars
vip="10.0.0.3"
# check vip
vip_cnt=`ip a | grep -w $vip | wc -l`
# echo error
[ $vip_cnt -eq 1 ] && echo "keepalived 故障"5.2 keepalived基于主机高可用软件 ⭐️⭐️⭐️⭐️⭐️
- 问题:
- keepalived只会在主机挂了,网络断开后,才会进行主备切换.
- 默认情况下keepalived不会监控某个服务.
- 项目目标: 某个服务关闭了,keepalived就进行主备切换.
- 项目步骤:
- 书写脚本,过滤服务进程数,端口数量,检查是否运行(curl/wget).
- 然后在脚本中进行判断如果服务没有运行,则关闭keepalived.
- 修改keepalived配置文件,通过keepalived调用这个脚本(监控nginx).
5.2.1 检查脚本
[root@lb01 ~]# cat /server/scripts/check_ngx.sh
#!/bin/bash
##############################################################
# File Name:/server/scripts/check_ngx.sh
# Version:V1.0
# Author:xk
# Organization:
# Desc:
##############################################################
#1.vars
cnt=`ps -ef |grep nginx |grep -v grep |wc -l`
#补充端口
#补充uri页面
#2.判断
if [ $cnt -eq 0 ];then
systemctl stop keepalived
fi5.2.2 keepalived配置文件
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
#定义监控脚本
vrrp_script keep_lb.sh {
script /server/scripts/check_ngx.sh
interval 2
weight 1
user root
}
vrrp_instance VI_10.0.0.3 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3 dev ens33 label ens33:1
}
#这个vrrp实例使用 keep_lb.sh 脚本.
track_script {
keep_lb.sh
}
}5.2.3小结
- 目标:keepalived监控指定的服务,给指定的服务做高可用.
- 流程:
- 书写脚本: 获取服务端口数/进程数,通过if进行判断,如果端口或进程数为0,则关闭keepalived.
- 修改keepalived配置:
- 定义脚本 vrrp_script 名字 { script 脚本路径与名字 ....}
- 调用脚本 vrrp_instance中通过track_script
- 调试与检查
- 局限:适用于非存储数据的服务(访问量与数据量不大也可以用)
6. 进阶用法
6.1 双主模式
应对高并发的时候设置的双主模式. 拆分域名
6.1.1 lb01配置
[root@lb01 /etc/keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
# 10.0.0.3主
vrrp_instance VI_10.0.0.3 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3 dev ens33 label ens33:1
}
}
# 10.0.0.3备
vrrp_instance VI_10.0.0.4 {
state BACKUP
interface ens33
virtual_router_id 52
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4 dev ens33 label ens33:2
}
}6.1.2 lb02配置
[root@lb02 /etc/keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
# 10.0.0.3备
vrrp_instance VI_10.0.0.3 {
state BACKUP
interface ens33
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3 dev ens33 label ens33:1
}
}
# 10.0.0.4主
vrrp_instance VI_10.0.0.4 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4 dev ens33 label ens33:2
}
}6.1.3 测试
# lb01 vip为10.0.0.3
[root@lb01 /etc/keepalived]# systemctl restart keepalived.service
[root@lb01 /etc/keepalived]#
[root@lb01 /etc/keepalived]# hostname -I
10.0.0.75 10.0.0.3 172.16.1.75
# lb02 vip为10.0.0.4
[root@lb02 /etc/keepalived]# systemctl restart keepalived.service
[root@lb02 /etc/keepalived]#
[root@lb02 /etc/keepalived]# hostname -I
10.0.0.76 10.0.0.4 172.16.1.76 6.2 非抢占模式
keepalived 主备默认是抢占式,主挂了,备接管.主恢复,不希望主重新抢回资源.
配置非抢占式模式即可.
- 关键配置
- 2节点状态是备 BACKUP
- 配置nopreempt 选项(非抢占模式)
6.2.1 lb01配置
6.2.2 lb02配置
6.2.3 测试
7. Keepalived总结
- 高可用HA:常用软件.
- Keepalived原理.
- Keepalived上手指南.
- ⭐脑裂故障.
- ⭐Keepalived监控服务.
- 完成php:keepalived*2(lb nginx*2) + wordpress*2(动静分离,直接部署)
- +db+存储+备份
- 理解进阶用法即可
