keepalived实现高可用
keepalived
专门做高可用的软件
高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器就能快速的接管,对于访
问的用户是无感知的。
高可用软件
keepalived
heartbeat
RoseHA
keepalived协议
#VRRP :虚拟路由冗余协议
VRRP就出现了,我们的VRRP其实是通过软件或者硬件的形式在Master和Backup外面增加一个虚拟的MAC地址
(VMAC)与虚拟IP地址(VIP),那么在这种情况下,PC请求VIP的时候,无论是Master处理还是Backup处理,PC
仅会在ARP缓存表中记录VMAC与VIP的信息。
#keepalived概念
优先级
如何确定谁是主节点谁是备节点
抢占式、非抢占式
如果Master故障,Backup自动接管,那么Master回复后会夺权吗
脑裂
如果两台服务器都认为自己是Master会出现什么问题
部署keepalived高可用软件
环境准备
| 主机 |
角色 |
外网IP |
内网IP |
安装软件 |
| lb01 |
主节点(master) |
10.0.0.5 |
172.16.1.5 |
nginx、keepalived |
| lb02 |
备节点(backup) |
10.0.0.6 |
172.16.1.6 |
nginx、keepalived |
| VIP |
虚拟IP |
10.0.0.3 |
|
|
keepalived工作原理
1.哪些机器需要做高可用,就要在哪些机器上安装keepalived
2.keepalived的主节点会心跳检测(想要证明应用或者主机是否存活)
3.如果心跳检测失败,就杀掉自己(keepalived)
4.VIP到备节点上
安装Keepalived
# 1.安装keepalived
[Tue Aug 10 02:16:50 root@lb01 ~]
# yum install -y keepalived
[Tue Aug 10 02:16:57 root@lb02 ~]
# yum install -y keepalived
# 2.修改主节点配置文件
[Tue Aug 10 03:00:30 root@lb01 ~]
# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
# 3.修改备节点配置文件
[Tue Aug 10 03:00:36 root@lb02 ~]
# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
# 4.启动主节点和备节点服务
[Tue Aug 10 03:03:11 root@lb01 ~]
# systemctl start keepalived
[Tue Aug 10 03:07:47 root@lb02 ~]
# systemctl start keepalived
# 5.加入开机自启
[Tue Aug 10 03:08:10 root@lb01 ~]
# systemctl enable keepalived
[Tue Aug 10 03:07:49 root@lb02 ~]
# systemctl enable keepalived
# 6.查看VIP
[Tue Aug 10 03:08:10 root@lb01 ~]
# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
link/ether 00:0c:29:17:c4:b7 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.5/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 10.0.0.3/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe17:c4b7/64 scope link
valid_lft forever preferred_lft forever
# 7.检测IP是否可以漂移
[Tue Aug 10 03:11:05 root@lb01 ~]
# systemctl stop keepalieved
主节点和备节点的配置文件区别
| Keepalived配置区别 |
Master节点配置 |
Backup节点配置 |
| route_id(唯一标识) |
router_id lb01 |
router_id lb02 |
| state(角色状态) |
state MASTER |
state BACKUP |
| priority(竞选优先级) |
priority 150 |
priority 100 |
非抢占式配置
[root@lb01 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@lb02 conf.d]# vim /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
nopreempt
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
keepalived结合nginx实现负载均衡的高可用
## 1.编写监听nginx的脚本
[root@lb01 ~]# vim /root/check.sh
#!/bin/bash
nginx_num=$(ps -ef|grep [n]ginx|wc -l)
if [ $nginx_num -eq 0 ];then
systemctl stop keepalived
fi
## 2.修改主节点的配置文件
[Tue Aug 10 03:24:57 root@lb01 ~]
# vim /etc/keepalived/keepalived.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称
}
vrrp_script check_web {
# 脚本路径
script "/root/check.sh"
# 检测时间(每5秒执行一次检测脚本)
interval 5
}
vrrp_instance VI_1 {
state MASTER #标识角色状态
interface eth0 #网卡绑定接口
virtual_router_id 50 #虚拟路由id
priority 150 #优先级
advert_int 1 #监测间隔时间
authentication { #认证
auth_type PASS #认证方式
auth_pass 1111 #认证密码
}
track_script {
check_web
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址
}
}
## 3.重启keepalived
[root@lb01 ~]# systemctl restart keepalived
## 4.给脚本执行权限
[root@lb01 ~]# chmod +x /root/check.sh
脑裂故障
由于某些原因,导致两台keepalived高可用服务器在指定时间内,无法检测到对方的心跳,个字去的资源及服务的所
有权,而此时的两台高可用服务器又都还活着。
1、服务器网线松动等网络故障 2、服务器硬件故障发生损坏现象而崩溃 3、主备都开启firewalld防火墙
浙公网安备 33010602011771号