中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

HA(高可用)Cluster實現

發布時間:2020-08-14 04:47:46 來源:網絡 閱讀:1302 作者:buyinqi123 欄目:建站服務器

HA Cluster的目的,為了防止重要的服務器在提供服務時,出現不可抗力的因素,例如硬件故障

自然災害,斷電,軟件bug,操作系統bug等,導致提供服務的主機出現宕機,死機,從而影響正

常業務,因此采用高可用的方案,實現持續性穩定的提供主機服務的方案稱為HA

A=可用

MTBF=平均無故障時間

MTTR=平均修復時長

換算公式

A=MTBF/(MTBF+MTTR)

注意提升A值的方法:

1.分子足夠大,但是不劃算,成本太高

2.降低分母,即降低平均修復時長,成本較低效果出色

如何降低平均修復時長?

建立備用服務器,實現Failover功能。

原理:在主服務器發生故障時,快速轉移IP地址(floating ip),以及快速轉移應用程序至備用服務器

需要相關軟件轉移IP(轉移IP即實現ip地址從新配置),轉移服務(即在備用主機上啟動相關服務應用程序)

總體來說HA 即為在主服務器宕機時,實現備用服務器的快速切換

關鍵點:IP地址轉移,數據共享

HA Cluster (ip,nginx)ip與nginx進程通常稱為HA資源


備用服務器使用“心跳”檢測,向主服務器發起udp報文(UDP報文不需要三次握手等),

根據主服務器的響應來判斷主服務器是否正常工作

關鍵點:響應時間,資源爭用共享存儲

假如鏈接主從服務器的網線連接中斷,則會導致,ip爭奪,而且最主要的是存儲的混亂(同一文件

一邊在增加,另一邊再刪除)

會導致源數據的損壞,損害很大,解決方法,使用爆頭設備(STONITH),在補刀,將未徹底斷電的還在運行設備斷電

當處理完主服務器的故障后,還要將服務器上線,即為Failback

Failover<------->Failback


HA Cluster實現方案

1、vrrp協議的實現

keepalived

2、ais(available Interface standard):可用接口標準,完備HA集群

RHCS(cmam)

heartbeat

corosync


Keepalived:

vrrp協議:Virtual Redundant Protocol

術語:

虛擬路由:virtual router

虛擬路由器標識:VRID(0-255)

物理路由:

master:主設備

back:備用設備

priority:優先級

VIP:virtual Ip

VMAC:Virtual MAC (00-00-5e-00-01-VRID)

GraciousARP(免費arp)

通告:心跳,優先級等;周期性;

搶占式,非搶占式;

安全工作:

   認證:

無認證

簡單字符認證

MD5

工作模式

主/備:單虛擬路由器;

主/主:主/備(虛擬路由器1),備/主(虛擬路徑器2)

特點:

vrrp協議的軟件實現,原生設計的目的為了高可用ipvs服務:

vrrp協議完成地址流動;

為vip地址所在的節點生成ipvs規則(在配置文件中預先定義);

為ipvs集群的各RS做健康狀態檢測;

基于腳本調用接口通過執行腳本完成腳本中定義的功能,進而影響集群事務;

組件:

核心組件:

vrrp stack

ipvs wrapper

checkers

控制組件:配置文件分析器

IO復用器

內存管理組件

HA Cluster的配置前提:

(1)各節點時間必須同步

(2)確保iptables及selinux不會成為阻礙;

(3)各節點之間可通過主機名互相通信(對KA并非必須);

建議使用/etc/hosts文件實現;

(4)各節點之間的root用戶可以基于密鑰認證的ssh服務完成互相通信(并非必須)

keepalived安裝配置:

CentOS 6.4+隨base倉庫提供;

1、同步時間

配置chronyd服務器172.18。200.100

yum安裝chrony,并啟動服務

[root@localhost ~]# service chronyd start

Starting chronyd:                                          [  OK  ]


使用ntpdate命令,同步172.18.10.10以及172.18.10.11的時間

[root@localhost ~]# ntpdate 172.18.200.100

2、清空iptables和selinux

iptables -F

setenforce 0

3、配置hosts文件(非必須)

4、安裝keepalived

[root@localhost ~]# yum install keepalived

[root@localhost ~]# cd /etc/keepalived/

[root@localhost keepalived]# ls

keepalived.conf

[root@localhost keepalived]# cp keepalived.conf keepalived.conf.bak

[root@localhost keepalived]# ls

keepalived.conf  keepalived.conf.bak

[root@localhost keepalived]# vim keepalived.conf

主配置文件:/etc/keepalived/keepalived.conf

配置文件組成部分及相關選項解釋

TOP HIERACHY

GLOBAL CONFIGURATION

Global definitions

Static routes/addresses

VRRPD CONFIGURATION

VRRP synchronization group(s):vrrp同步組;

VRRP instance(s):每個vrrp instance即一個vrrp路由器;

LVS CONFIGURATION

Virtual server group(s)

Virtual server(s):ipvs集群的vs和rs;

global_defs {    ###全局定義

   notification_email {

     acassen@firewall.loc

     failover@firewall.loc  ####定義出現問題后發送郵箱的地址

     sysadmin@firewall.loc

   }

   notification_email_from Alexandre.Cassen@firewall.loc   ##從哪里發過來

   smtp_server 192.168.200.1  ###郵件服務器地址

   smtp_connect_timeout 30#####超時時間

   router_id LVS_DEVEL###路由器IP

   vrrp_mcast_group4  224.0.100.5###ipv4多播地址


}


vrrp_instance VI_1 {  ##vrrp配置段

    state MASTER###表示是主還是從這里顯示主,另一個則為從

    interface eth0###表明工作從哪個網卡發出 “多波心跳信息”

    virtual_router_id 51###虛擬路由ID

    priority 100###主的優先級

    advert_int 1       ##通告時間間隔

    authentication###認證

        auth_type PASS####認證類型:簡單密鑰認證

        auth_pass 1111#####認證密碼:最多不能超過8位

    }

    virtual_ipaddress {##虛擬IP地址配在哪個網卡上

        192.168.200.16/24 dev eth0   ##定義配置在哪個網卡的別名上

        192.168.200.17

        192.168.200.18

    }

}

track_interface {   ##配置要監控的網絡接口,一旦接口出現故障,則轉為FAULT狀態;即接口跟蹤

eth0

eth2

...

}

nopreempt:定義工作模式為非搶占模式;

preempt_delay 300:搶占式模式下,節點上線后觸發新選舉操作的延遲時長;

5、修改配置文件

[root@localhost keepalived]# vim keepalived.conf

global_defs {

   notification_email {

        root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id node1

   vrrp_mcast_group4  224.0.100.50

}


vrrp_instance myroute {

    state MASTER

    interface eth2

    virtual_router_id 50

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

        172.18.50.50/16 dev eth2

    }

}

6、將配置文件發送到另一臺機器10上

[root@localhost keepalived]# scp keepalived.conf 172.18.10.10:/etc/keepalived/

修改配置文件

[root@localhost keepalived]# vim keepalived.conf

global_defs {

   notification_email {

        root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id node2

   vrrp_mcast_group4  224.0.100.50

}


vrrp_instance myroute {

    state BACKUP

    interface eth2

    virtual_router_id 50

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

        172.18.50.50/16 dev eth2

    }

}


7、啟動服務

啟動備用服務器11

[root@localhost ~]# service keepalived start

查看地址

[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:07:27:ff brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.10/16 brd 172.18.255.255 scope global eth2

    inet 172.18.50.50/16 scope global secondary eth2

    inet6 fe80::20c:29ff:fe07:27ff/64 scope link 

       valid_lft forever preferred_lft forever

發現地址已經添加,這是若開啟主服務器,由于沒有設置搶斷延遲,則會立刻搶斷

8、啟動主服務器

[root@localhost keepalived]# service keepalived start

Starting keepalived:                                       [  OK  ]

[root@localhost keepalived]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:99:76:84 brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.11/16 brd 172.18.255.255 scope global eth2

    inet 172.18.50.50/16 scope global secondary eth2

    inet6 fe80::20c:29ff:fe99:7684/64 scope link 

       valid_lft forever preferred_lft forever

發現地址已經添加

而從服務器11上

[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:07:27:ff brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.10/16 brd 172.18.255.255 scope global eth2

    inet6 fe80::20c:29ff:fe07:27ff/64 scope link 

       valid_lft forever preferred_lft forever

IP地址已經刪除

9、使用tcpdump抓包工具查看主從服務器的相應心跳測試

[root@localhost keepalived]# tcpdump -i eth2 host 224.0.100.50   ###在主服務器端抓包

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

16:39:33.357307 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:34.358905 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:35.360605 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:36.362301 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:37.363904 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:38.365658 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:39.367266 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:40.368921 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:41.370599 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

[root@localhost ~]#  tcpdump -i  eth2  -nn host 224.0.100.50   ###在從服務器端抓包

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

16:39:40.367044 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:41.368741 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:42.370289 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:43.371983 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:44.373750 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:45.375413 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:46.377092 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

16:39:47.378760 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

分析說明。實現簡單的vrrp

即從服務器每隔一秒向主服務器發送1個通報報文。探測主服務器是否存活,實現具體實施軟件keepalived

###############################################################################################################################

雙主模型


1、我們在172.18.10.11上配置了主服務器配置,雙主服務可在配置文件下面繼續添如下內容,配置如下

[root@localhost keepalived]# vim keepalived.conf

vrrp_instance myroute2 {

    state BACKUP

    interface eth2

    virtual_router_id 51

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

        172.18.51.51/16 dev eth2

    }

}

2、將內容服務至粘貼至172.18.10.10服務器的keepalived.conf配置文件中,然后需要在state和priority上進行相應修改

vrrp_instance myroute2 {

    state MASTER

    interface eth2

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

        172.18.51.51/16 dev eth2

    }

}

保存并退出,實現雙主模型的設置


3、從啟服務并測試

service keepalived restart

Stopping keepalived:                                       [  OK  ]

Starting keepalived:                                       [  OK  ]

使用tcpdump抓包,結果如下

172.18.10.11端

[root@localhost keepalived]#  tcpdump -i  eth2  -nn host 224.0.100.50

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

00:50:20.150330 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:20.521639 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:50:21.151175 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:21.522539 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:50:22.152517 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:22.523232 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:50:23.154334 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:23.524046 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

172.18.10.10端

[root@localhost keepalived]# tcpdump -i eth2 host 224.0.100.50

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

00:54:01.436075 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:54:01.437266 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:54:02.437295 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:54:02.438831 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:54:03.438695 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:54:03.439205 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20


分析每次都會收到兩次信息,一次發送,一次接收

使用iptable設置規則,拒絕172.18.10.11向224.0.100.50發送通知報文

[root@localhost keepalived]# iptables -A OUTPUT -s 172.18.10.11 -d 224.0.100.50 -j REJECT

在172.18.10.10端使用tcpdump抓包

[root@localhost keepalived]#  tcpdump -i  eth2  -nn host 224.0.100.50

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes

00:50:20.150330 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:20.521639 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:50:21.151175 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:21.522539 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

00:50:22.152517 IP 172.18.10.10 > 224.0.100.50: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

00:50:22.523232 IP 172.18.10.11 > 224.0.100.50: VRRPv2, Advertisement, vrid 50, prio 100, authtype simple, intvl 1s, length 20

分析發現發送兩條通告,因為172.18.10.11不通告,便認為172.18.10.11掛掉了,因此搶斷,讓自己變為主機。即別人不通告則認為對方掛掉了

可以使用ip a l 查看相應的ip地址獲取:

[root@localhost keepalived]# ip a l

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:07:27:ff brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.10/16 brd 172.18.255.255 scope global eth2

    inet 172.18.51.51/16 scope global secondary eth2

    inet 172.18.50.50/16 scope global secondary eth2

    inet6 fe80::20c:29ff:fe07:27ff/64 scope link 

       valid_lft forever preferred_lft forever

再次在172.18.10.11服務器上,清空iptables規則

[root@localhost keepalived]# iptables -F

再回到172.18.10.10服務器上使用ip a l 查詢

[root@localhost keepalived]# ip a l

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:07:27:ff brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.10/16 brd 172.18.255.255 scope global eth2

    inet 172.18.51.51/16 scope global secondary eth2

    inet6 fe80::20c:29ff:fe07:27ff/64 scope link 

       valid_lft forever preferred_lft forever

發現地址已經立馬被奪回,是因為工作在搶占模式下。沒有設置preempt_delay 300搶占延遲時間,

結論:實現雙主模型實驗


##################################################################################################################


如何實現自定義通知腳本


一、在172.18.10.11服務器上添加腳本,實現自動發郵件

1.編寫郵件腳本

vim notify.sh

#!/bin/bash

#

contact='root@localhost'


notify() {

        mailsubject="vrrp: $(hostname) to be $1"

        mailbody="$(hostname) to be $1,vrrp transition, $(date)."

        echo "$mailbody" | mail -s "$mailsubject" $contact


}


case $1 in

master)

        notify master ;;

backup)

        notify backup ;;

fault)

        notify fault ;;

*)

        echo "Usage: $(basename $0 ) master|backup|fault"

        exit 1

        ;;

esac

      

2、測試腳本

語法檢測

[root@localhost keepalived]# bash -n notify.sh

運行腳本測試

[root@localhost keepalived]# bash -x notify.sh master

+ contact=root@localhost

+ case $1 in

+ notify master

++ hostname

+ mailsubject='localhost.localdomain to be master'

++ hostname

++ date

+ mailbody='localhost.localdomain to be master,vrrp transition, Mon May 15 01:36:33 CST 2017.'

+ echo 'localhost.localdomain to be master,vrrp transition, Mon May 15 01:36:33 CST 2017.'

+ mail -s mailsubject root@localhost

[root@localhost keepalived]# vim notify.sh

You have mail in /var/spool/mail/root


3、查看收到的郵件


[root@localhost keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 1 message 1 new

>N  1 root                  Mon May 15 01:36  18/696   "mailsubject"

&     

Message  1:

From root@localhost.localdomain  Mon May 15 01:36:34 2017

Return-Path: <root@localhost.localdomain>

X-Original-To: root@localhost

Delivered-To: root@localhost.localdomain

Date: Mon, 15 May 2017 01:36:33 +0800

To: root@localhost.localdomain

Subject: mailsubject

User-Agent: Heirloom mailx 12.4 7/29/08

Content-Type: text/plain; charset=us-ascii

From: root@localhost.localdomain (root)

Status: R


localhost.localdomain to be master,vrrp transition, Mon May 15 01:36:33 CST 2017.


4、將腳本發送至172.18.10.10端


[root@localhost keepalived]# scp notify.sh 172.18.10.10:/etc/keepalived/

root@172.18.10.10's password: 

notify.sh                                                                       100%  367     0.4KB/s   00:00


5、調用腳本


[root@localhost keepalived]# vim keepalived.conf

在172.18.10.11上的vrrp_instance myrouter1下面添加如下內容,注意是放在vrrp_instance myrouter1上下文中調用


        notify_master "/etc/keepalived/notify.sh master"

        notify_backup "/etc/keepalived/notify.sh backup"

        notify_fault "/etc/keepalived/notify.sh fault"

在172.18.10.10上的vrrp_instance myrouter2下面添加如下內容


        notify_master "/etc/keepalived/notify.sh master"

        notify_backup "/etc/keepalived/notify.sh backup"

        notify_fault "/etc/keepalived/notify.sh fault"


6,為了實現測試效果,將之前定義的雙主模型刪除,并停止服務(在10.10和10.11上做同樣的操作)

:.,$d  表示從當前行都最后一行全部刪除


[root@localhost keepalived]# service keepalived stop

Stopping keepalived:                                       [  OK  ]


7、給之前編寫的腳本加上執行權限

[root@localhost keepalived]# chmod +x  notify.sh 

[root@localhost keepalived]# ll

total 8

-rw-r--r-- 1 root root 658 May 15 02:01 keepalived.conf

-rwxr-xr-x 1 root root 367 May 15 01:41 notify.sh


8、啟動服務

在172.18.10.11端

[root@localhost keepalived]# service keepalived start

Starting keepalived:                                       [  OK  ]

[root@localhost keepalived]# ip a l

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:99:76:84 brd ff:ff:ff:ff:ff:ff

    inet 172.18.10.11/16 brd 172.18.255.255 scope global eth2

    inet 172.18.50.50/16 scope global secondary eth2

    inet6 fe80::20c:29ff:fe99:7684/64 scope link 

       valid_lft forever preferred_lft forever

[root@localhost keepalived]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 3 messages 2 unread

    1 root                  Mon May 15 01:36  19/707   "mailsubject"

>U  2 root                  Mon May 15 11:03  19/735   "vrrp: localhost.localdomain to be master"

9、啟動172.18.10.10端的keepalived,并且再次到172.18.10.11端查看郵件

[root@localhost ~]# mail

Heirloom Mail version 12.4 7/29/08.  Type ? for help.

"/var/spool/mail/root": 7 messages 5 new 7 unread

 U  1 root                  Mon May 15 11:09  19/735   "vrrp: localhost.localdomain to be backup"

 U  2 root                  Mon May 15 11:11  19/735   "vrrp: localhost.localdomain to be backup"

>N  3 root                  Mon May 15 11:11  18/725   "vrrp: localhost.localdomain to be master"

 N  4 root                  Mon May 15 11:11  18/725   "vrrp: localhost.localdomain to be backup"

 N  5 root                  Mon May 15 11:26  18/725   "vrrp: localhost.localdomain to be backup"

 N  6 root                  Mon May 15 11:26  18/725   "vrrp: localhost.localdomain to be master"

 N  7 root                  Mon May 15 11:26  18/725   "vrrp: localhost.localdomain to be backup"

結論:通知腳本功能實現

######################################################################################################


如何實現 keepalived 高可用LVS (重點)


實驗準備:4臺虛擬主機

其中172.18.10.10和172.18.10.11做為VS端分別為VS2和VS1

172.18.200.100和172.18.249.57做為RS分別為RS1和RS2

首先分別再RS1和RS2端安裝httpd


1、進行如下配置


[root@localhost ~]# cat /var/www/html/index.html

<h2>RS1:172.18.200.100</h2>

[root@localhost ~]# cat /var/www/html/index.html 

<h2>RS2:172.18.249.57</h2>


2、編寫VIP配置腳本

vim setparam.sh

#!/bin/bash

#

vip='172.18.50.50'

netmask='255.255.255.255'

iface='lo:0'


case $1 in

start)

        echo 1 > /pro/sys/net/ipv4/conf/all/arp_ignore

        echo 1 > /pro/sys/net/ipv4/conf/lo/arp_ignore

        echo 2 > /pro/sys/net/ipv4/conf/all/arp_ignore

        echo 2 > /pro/sys/net/ipv4/conf/lo/arp_ignore

        ifconfig $iface $vip netmask $netmask broadcast $vip up

        route add -host $vip dev $iface

        ;;

stop)

        ifconfig $iface down

        echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore

        echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore

        echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore

        echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore

        ;;

esac


3、測試腳本

[root@localhost ~]# bash -n setparam.sh 

[root@localhost ~]# bash -x setparam.sh start

+ vip=172.18.50.50

+ netmask=255.255.255.255

+ iface=lo:0

+ case $1 in

+ echo 1

setparam.sh: line 9: /pro/sys/net/ipv4/conf/all/arp_ignore: No such file or directory

+ echo 1

setparam.sh: line 10: /pro/sys/net/ipv4/conf/lo/arp_ignore: No such file or directory

+ echo 2

setparam.sh: line 11: /pro/sys/net/ipv4/conf/all/arp_announce: No such file or directory

+ echo 2

setparam.sh: line 12: /pro/sys/net/ipv4/conf/lo/arp_announce: No such file or directory

+ ifconfig lo:0 172.18.50.50 netmask 255.255.255.255 broadcast 172.18.50.50 up

+ route add -host 172.18.50.50 dev lo:0


4、使用scp將腳本分發至RS2

[root@localhost ~]# scp setparam.sh 172.18.249.57:/root

root@172.18.249.57's password: 

setparam.sh                                                                                  100%  610     0.6KB/s   00:00 


5、在RS2端執行腳本,并查看是否生成VIP

[root@localhost ~]# bash -x setparam.sh start

+ vip=172.18.50.50

+ netmask=255.255.255.255

+ iface=lo:0

+ case $1 in

+ echo 1

setparam.sh: line 9: /pro/sys/net/ipv4/conf/all/arp_ignore: No such file or directory

+ echo 1

setparam.sh: line 10: /pro/sys/net/ipv4/conf/lo/arp_ignore: No such file or directory

+ echo 2

setparam.sh: line 11: /pro/sys/net/ipv4/conf/all/arp_announce: No such file or directory

+ echo 2

setparam.sh: line 12: /pro/sys/net/ipv4/conf/lo/arp_announce: No such file or directory

+ ifconfig lo:0 172.18.50.50 netmask 255.255.255.255 broadcast 172.18.50.50 up

+ route add -host 172.18.50.50 dev lo:0

[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet 172.18.50.50/32 brd 172.18.50.50 scope global lo:0

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:b2:ca:ea brd ff:ff:ff:ff:ff:ff

    inet 172.18.249.57/16 brd 172.18.255.255 scope global eth0

    inet6 fe80::20c:29ff:feb2:caea/64 scope link 

       valid_lft forever preferred_lft forever


6、啟動RS1和RS2的httpd服務,并查看端口,兩端都要查看,這里只演示一端的

[root@localhost ~]# service httpd start

[root@localhost ~]# ss -tnl

State       Recv-Q Send-Q                               Local Address:Port                                 Peer Address:Port 

LISTEN      0      128                                             :::80                                             :::*     

LISTEN      0      128                                             :::22                                             :::*     

LISTEN      0      128                                              *:22                                              *:*     

LISTEN      0      100                                            ::1:25                                             :::*     

LISTEN      0      100                                      127.0.0.1:25       


7、在兩個前段節點生成ipvs規則

在VS2端

停止keepalived服務

配置sorry server頁面

vim /var/www/html/index.html

Director2 sorry server2


啟動httpd服務

[root@localhost ~]# service httpd start


在VS1端

首先停止keepalived服務

[root@localhost ~]#  service keepalived stop  

vim /var/www/html/index.html

Director1


啟動httpd服務

[root@localhost ~]# service httpd start


在VS1端編輯keepalived配置文件,添加如下內容:

virtual_server 172.18.50.50 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP


    real_server 172.18.10.11 80 {

        weight 1

        HTTP_GET {

    persistence_timeout 0

    protocol TCP

sorry_server 127.0.0.1 80


    real_server 172.18.10.11 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.10.10 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


在VS2端,同樣編輯keepalived.conf文件,添加如下內容

virtual_server 172.18.50.50 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP

sorry_server 127.0.0.1 80

    real_server 172.18.10.11 80 {

        weight 1

        HTTP_GET {

    persistence_timeout 0

    protocol TCP


    real_server 172.18.10.11 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.10.10 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}

在VS2上啟動keepalived服務

[root@localhost ~]# service keepalived start

Starting keepalived:                                       [  OK  ]

[root@localhost ~]# ipvsadm -ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.18.50.50:80 wrr

  -> 172.18.200.100:80            Route   1      0          0         

  -> 172.18.249.57:80             Route   1      0          0   


在客戶端使用curl進行訪問測試(配置完有一定延遲,稍等片刻在訪問)

[root@localhost ~]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost ~]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>


在172.18.200.100端停止httpd服務

[root@localhost ~]# service httpd stop

Stopping httpd:                                            [  OK  ]


在VS2端使用ipvsadm觀察

[root@localhost keepalived]# ipvsadm -ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.18.50.50:80 wrr

  -> 172.18.249.57:80             Route   1      0          2  


在172.18.200.100端停止httpd服務

[root@localhost ~]# service httpd start


在VS2端使用ipvsadm觀察

[root@localhost keepalived]# ipvsadm -ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

TCP  172.18.50.50:80 wrr

  -> 172.18.200.100:80            Route   1      0          0         

  -> 172.18.249.57:80             Route   1      0          0    


啟動VS1上的keepalived服務,并且關閉VS2,客戶端使用curl測試發現,仍然能夠訪問

[root@localhost keepalived]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost keepalived]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>

[root@localhost keepalived]# curl http://172.18.50.50

<h2>RS2:172.18.249.57</h2>

[root@localhost keepalived]# curl http://172.18.50.50

<h2>RS1:172.18.200.100</h2>


更改配置文件,將之前刪除的雙主內容添加進去

VS1端

vrrp_instance myroute2 {

    state BACKUP

    interface eth2

    virtual_router_id 51

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

172.18.51.51/16 dev eth2

    }

}

VS2端

vrrp_instance myroute2 {

    state MASTER

    interface eth2

    virtual_router_id 51

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

172.18.51.51/16 dev eth2

    }

}



重啟keepalived服務,相當重要,,,,,不重啟不會有效果,這就是個坑




總結VS端

VS2端keepalived配置

! Configuration File for keepalived


global_defs {

   notification_email {

root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id node2

   vrrp_mcast_group4  224.0.100.50

}


vrrp_instance myroute1 {

    state BACKUP

    interface eth2

    virtual_router_id 50

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

172.18.50.50/16 dev eth2

    }


notify_master "/etc/keepalived/notify.sh master"

notify_backup "/etc/keepalived/notify.sh backup"

notify_fault "/etc/keepalived/notify.sh fault"

}


vrrp_instance myroute2 {

    state MASTER

    interface eth2

    virtual_router_id 51

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

172.18.51.51/16 dev eth2

    }

}


virtual_server 172.18.50.50 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP

    sorry_server 127.0.0.1 80


    real_server 172.18.200.100 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.249.57 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


virtual_server 172.18.51.51 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP

    sorry_server 127.0.0.1 80


    real_server 172.18.200.100 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.249.57 80 {

        weight 1

        HTTP_GET {

            url {

              path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


VS1端keepalived配置

! Configuration File for keepalived


global_defs {

   notification_email {

root@localhost

   }

   notification_email_from keepalived@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id node1

   vrrp_mcast_group4  224.0.100.50

}


vrrp_instance myroute1 {

    state MASTER

    interface eth2

    virtual_router_id 50

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123456

    }

    virtual_ipaddress {

172.18.50.50/16 dev eth2

    }


notify_master "/etc/keepalived/notify.sh master"

        notify_backup "/etc/keepalived/notify.sh backup"

        notify_fault "/etc/keepalived/notify.sh fault"

}


vrrp_instance myroute2 {

    state BACKUP

    interface eth2

    virtual_router_id 51

    priority 98

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 123457

    }

    virtual_ipaddress {

172.18.51.51/16 dev eth2

    }

}



virtual_server 172.18.50.50 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP

sorry_server 127.0.0.1 80


    real_server 172.18.200.100 80 {

        weight 1

        HTTP_GET {

            url {

              path /

status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.249.57 80 {

        weight 1

        HTTP_GET {

            url {

              path /

status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


virtual_server 172.18.51.51 80 {

    delay_loop 6

    lb_algo wrr

    lb_kind DR

    persistence_timeout 0

    protocol TCP

sorry_server 127.0.0.1 80


    real_server 172.18.200.100 80 {

        weight 1

        HTTP_GET {

            url {

              path /

status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

    real_server 172.18.249.57 80 {

        weight 1

        HTTP_GET {

            url {

              path /

status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


VIP配置腳本 (由用戶是雙主模型因此VIP有兩個)

#!/bin/bash

#

vip='172.18.50.50'

vip2='172.18.51.51'

netmask='255.255.255.255'

iface='lo:0'

iface2='lo:1'


case $1 in

start)

echo 1 > /pro/sys/net/ipv4/conf/all/arp_ignore

echo 1 > /pro/sys/net/ipv4/conf/lo/arp_ignore

echo 2 > /pro/sys/net/ipv4/conf/all/arp_announce

echo 2 > /pro/sys/net/ipv4/conf/lo/arp_announce

ifconfig $iface $vip netmask $netmask broadcast $vip up

ifconfig $iface2 $vip2 netmask $netmask broadcast $vip2 up

route add -host $vip dev $iface

;;

stop)

ifconfig $iface down

ifconfig $iface2 down

echo 0 > /pro/sys/net/ipv4/conf/all/arp_ignore

echo 0 > /pro/sys/net/ipv4/conf/lo/arp_ignore

echo 0 > /pro/sys/net/ipv4/conf/all/arp_announce

echo 0 > /pro/sys/net/ipv4/conf/lo/arp_announce

;;

esac


實驗結論:實現keepalived 高可用lvs負載均衡





















向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

呼伦贝尔市| 潼关县| 枣阳市| 高雄市| 伊宁县| 温泉县| 全州县| 保康县| 松桃| 越西县| 阜南县| 宜兴市| 聂拉木县| 康平县| 钟山县| 磴口县| 肥东县| 临高县| 阿鲁科尔沁旗| 中宁县| 奉贤区| 涟源市| 三穗县| 曲松县| 大渡口区| 凤凰县| 凤台县| 永嘉县| 金湖县| 广西| 延川县| 济源市| 吉安县| 襄汾县| 朝阳区| 乡城县| 句容市| 夹江县| 喀喇沁旗| 通山县| 香格里拉县|