18.1 集群介绍 18.2 keepalived介绍 18.3/18.4/18.5 用keepalived配置高可用集

linux集群概述

keepalived介绍

heartbeat切换的时候会不是很及时

虚拟路由冗余协议(virtualrouterredundancyprotocol，简称vrrp)是由ietf提出的解决局域网中配置静态网关出现单点失效现象的路由协议，1998年已推出正式的rfc2338协议标准。vrrp广泛应用在边缘网络中，它的设计目标是支持特定情况下ip数据流量失败转移不会引起混乱，允许主机使用单路由器，以及及时在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。

搭建高可用的前提，是先要有一个工具，然后需要有一个服务去让工具实现高可用，这个实验，就是让nginx作为一个服务，让它成为一个高可用的对象；因为nginx在企业里使用量比较大，所以就使用他来做服务对象

master：192.168.133.131（已经做过lnmp）backup：192.168.133.130（lamp，没有nginx服务）

两台机器都安装keepalived

执行yuminstall-ykeepalived

为了方便做实验

检查两台机器的selinux，iptables两个防火墙情况，selinux需要关闭，iptables需要关闭firewalld

对backup机器安装nginx服务

yuminstall-ynginxmaster机器配置

服务工具准备好以后，就配置keepalived默认的配置文件路径在

/etc/keepalived/keepalived.conf

global_defs{notification_email{//邮件aming@aminglinux.com}notification_email_fromroot@aminglinux.comsmtp_server127.0.0.1smtp_connect_timeout30router_idlvs_devel}vrrp_scriptchk_nginx{script"/usr/local/sbin/check_ng.sh"//检查服务是否正常，通过脚本实现，检查服务健康状态interval3//检查时间}vrrp_instancevi_1{statemaster//定义master相关interfaceens33//通过那个网站使用vrrp协议，配置时，需注意你的网卡配置文件是否是哪个。因为系统ens并不是固定的。virtual_router_id51//定义路由器id，配置的时候和从机器一致priority100//权重，advert_int1authentication{//认证相关信息auth_typepassauth_passaminglinux>com}virtual_ipaddress{//定义一个公有ip（vip）192.168.188.100//更改为192.168.133.100}track_script{chk_nginx}}

virtual_ipaddress：简称vip，这个vip，两台机器，一个主，一个从，正常的情况是主在服务，主宕掉了，从起来了，从启动服务，从启动nginx以后，，启动以后，访问那个ip呢？把域名解析到那个ip上呢？假如解析到主上，主宕掉了，所以这个，需要定义一个公有ip（主上用的ip，从上也用的ip）；这个ip是随时可以换掉，去配置的

定义一个check的脚本

#!/bin/bash#时间变量，用于记录日志d=`date--datetoday+%y%m%d_%h:%m:%s`#计算nginx进程数量n=`ps-cnginx--no-heading|wc-l`#如果进程为0，则启动nginx，并且再次检测nginx进程数量，#如果还为0，说明nginx无法启动，此时需要关闭keepalivedif[$n-eq"0"];then/etc/init.d/nginxstartn2=`ps-cnginx--no-heading|wc-l`if[$n2-eq"0"];thenecho"$dnginxdown,keepalivedwillstop">>/var/log/check_ng.logsystemctlstopkeepalived//停止keepalived，涉及到一个“脑裂”知识fifi“脑裂”在高可用（ha）系统中，当联系2个节点的“心跳线”断开时，本来为一整体、动作协调的ha系统，就分裂成为2个独立的个体。由于相互失去了联系，都以为是对方出了故障。两个节点上的ha软件像“裂脑人”一样，争抢“共享资源”、争起“应用服务”，就会发生严重——或者共享资源被瓜分、2边“服务”都起不来了；或者2边“服务”都起来了，但同时读写“共享存储”，导致数据损坏

脚本创建完以后还要调整权限；如果不调整权限的话，文件就没有办法自动加载

启动keepalived

systemctlstartkeepalived

检查服务启动状态

[root@aminglinux-02bin]#psaux|grepkeepalivedroot25520.00.01117081308?ss12:340:00/usr/sbin/keepalived-droot25530.00.11117082560?s12:340:00/usr/sbin/keepalived-droot25540.00.01117081528?s12:340:00/usr/sbin/keepalived-droot25640.00.0112664976pts/0s+12:340:00grep--color=autokeepalived[root@aminglinux-02bin]#psaux|grepnginxroot12330.00.0454841256?ss10:440:00nginx:masterprocess/usr/local/nginx/sbin/nginx-c/usr/local/nginx/conf/nginx.confnobody12350.00.2479724152?s10:440:00nginx:workerprocessnobody12360.00.2479723896?s10:440:00nginx:workerprocessroot25660.00.0112664972pts/0r+12:350:00grep--color=autonginx

先停止nginx看看是否会自动启动

[root@aminglinux-02bin]#date2017年09月04日星期一12:37:31cst[root@aminglinux-02bin]#/etc/init.d/nginxstopstoppingnginx(viasystemctl):[确定][root@aminglinux-02bin]#!pspsaux|grepnginxroot26270.00.0454841276?ss12:380:00nginx:masterprocess/usr/local/nginx/sbin/nginx-c/usr/local/nginx/conf/nginx.confnobody26310.00.2479723912?s12:380:00nginx:workerprocessnobody26320.00.2479723912?s12:380:00nginx:workerprocessroot26400.00.0112664968pts/0r+12:380:00grep--color=autonginx

通过时间信息，可以查看到，在停止nginx之后，因为check_ng的检测脚本又重新把nginx自动启动起来了

查看当前的网卡情况

[root@aminglinux-02bin]#ipadd1:lo:mtu65536qdiscnoqueuestateunknownqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:mtu1500qdiscpfifo_faststateupqlen1000link/ether00:0c:29:c4:13:b8brdff:ff:ff:ff:ff:ffinet192.168.133.131/24brd192.168.133.255scopeglobalens32valid_lftforeverpreferred_lftforeverinet192.168.133.100/32scopeglobalens32valid_lftforeverpreferred_lftforeverinet6fe80::6e6a:61ff:f17c:5942/64scopelinkvalid_lftforeverpreferred_lftforever

发现网卡多了一个ip，这个就是vip，高可用专用的ip，用于让从机器解析web服务的ip

配置backup机器的keepalived配置

global_defs{notification_email{aming@aminglinux.com}notification_email_fromroot@aminglinux.comsmtp_server127.0.0.1smtp_connect_timeout30router_idlvs_devel}vrrp_scriptchk_nginx{script"/usr/local/sbin/check_ng.sh"interval3}vrrp_instancevi_1{statebackup//这个。和master不一样的名字interfaceens32virtual_router_id51//和主机器一直priority90//比主机器小的数值advert_int1authentication{auth_typepassauth_passaminglinux>com}virtual_ipaddress{192.168.133.100//公用ip}track_script{chk_nginx}}

配置check检测脚本

#时间变量，用于记录日志d=`date--datetoday+%y%m%d_%h:%m:%s`#计算nginx进程数量n=`ps-cnginx--no-heading|wc-l`#如果进程为0，则启动nginx，并且再次检测nginx进程数量，#如果还为0，说明nginx无法启动，此时需要关闭keepalivedif[$n-eq"0"];thensystemctlstartnginx//启动命令不一样，因为从是yum安装的，所以使用的systemctl命令启动n2=`ps-cnginx--no-heading|wc-l`if[$n2-eq"0"];thenecho"$dnginxdown,keepalivedwillstop">>/var/log/check_ng.logsystemctlstopkeepalivedfifi

更改脚本权限

chmod755/usr/local/sbin/check_ng.sh

启动keepalived

systemctlstartkeepalived

检测keepalived启动状况

[root@localhost~]#psaux|grepkeepalivedroot37280.00.01117081304?ss12:510:00/usr/sbin/keepalived-droot37290.00.11117082556?s12:510:00/usr/sbin/keepalived-droot37300.00.01117081640?s12:510:00/usr/sbin/keepalived-droot37980.00.0112664980pts/0s+12:510:00grep--color=autokeepalived

现在主和从的keepalived都配置好了，主和从机器上都nginx，那么如何区分这个nginx

查看主机器，先的nginx配置文件，的default主机配置

[root@aminglinux-02bin]#cat/usr/local/nginx/conf/vhost/aaa.com.confserver{listen80default_server;server_nameaaa.com;indexindex.htmlindex.htmindex.php;root/data/wwwroot/default;location~.php${includefastcgi_params;fastcgi_passunix:/tmp/aming.sock;fastcgi_indexindex.php;fastcgi_paramscript_filename/data/wwwroot/default$fastcgi_script_name;}}

这个就是默认的虚拟主机，对默认的索引页做个配置

vim/data/wwwroot/default/index.html//内容如下

mastermasterthisisthedefaultsite.

查看从机器，因为从机器是yum安装的

所以默认的索引页在

vim/usr/share/nginx/html/index.html//修改为

backupbackup

这是在浏览器访问主机器的页面为

在浏览器访问从机器

访问vip地址的时候

因为，keepalived服务器启用，页面优先调用的服务是主机器上的页面，所以这是访问到的页面是主机器的默认索引页

模拟，主机器宕机环境，最快，最简单直接的方法，就是直接关闭keepalived服务尝试关闭主机上kepalived服务

[root@aminglinux-02bin]#ls/etc/sh[root@aminglinux-02bin]#ipadd1:lo:mtu65536qdiscnoqueuestateunknownqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:mtu1500qdiscpfifo_faststateupqlen1000link/ether00:0c:29:c4:13:b8brdff:ff:ff:ff:ff:ffinet192.168.133.131/24brd192.168.133.255scopeglobalens32valid_lftforeverpreferred_lftforeverinet192.168.133.100/32scopeglobalens32valid_lftforeverpreferred_lftforeverinet6fe80::6e6a:61ff:f17c:5942/64scopelinkvalid_lftforeverpreferred_lftforever[root@aminglinux-02bin]#systemctlstopkeepalived[root@aminglinux-02bin]#ipadd1:lo:mtu65536qdiscnoqueuestateunknownqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:mtu1500qdiscpfifo_faststateupqlen1000link/ether00:0c:29:c4:13:b8brdff:ff:ff:ff:ff:ffinet192.168.133.131/24brd192.168.133.255scopeglobalens32valid_lftforeverpreferred_lftforeverinet6fe80::6e6a:61ff:f17c:5942/64scopelinkvalid_lftforeverpreferred_lftforever.

查看日志

[root@aminglinux-02bin]#tail/var/log/messagessep412:38:55aminglinux-02keepalived_vrrp[2606]:vrrp_instance(vi_1)settingprotocolvips.sep412:38:55aminglinux-02keepalived_vrrp[2606]:vrrp_instance(vi_1)sendinggratuitousarpsonens32for192.168.133.100sep412:38:55aminglinux-02keepalived_healthcheckers[2605]:netlinkreflectorreportsip192.168.133.100addedsep412:39:00aminglinux-02keepalived_vrrp[2606]:vrrp_instance(vi_1)sendinggratuitousarpsonens32for192.168.133.100sep413:17:51aminglinux-02keepalived[2604]:stoppingkeepalivedv1.2.13(05/25,2017)sep413:17:51aminglinux-02systemd:stoppinglvsandvrrphighavailabilitymonitor...sep413:17:51aminglinux-02keepalived_vrrp[2606]:vrrp_instance(vi_1)sending0prioritysep413:17:51aminglinux-02keepalived_vrrp[2606]:vrrp_instance(vi_1)removingprotocolvips.sep413:17:51aminglinux-02keepalived_healthcheckers[2605]:netlinkreflectorreportsip192.168.133.100removedsep413:17:51aminglinux-02systemd:stoppedlvsandvrrphighavailabilitymonitor.

关闭以后vip地址马上就释放出去了

查看从机器

[root@localhosthtml]#ipadd1:lo:mtu65536qdiscnoqueuestateunknownqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:mtu1500qdiscpfifo_faststateupqlen1000link/ether00:0c:29:7d:ea:88brdff:ff:ff:ff:ff:ffinet192.168.133.130/24brd192.168.133.255scopeglobalens32valid_lftforeverpreferred_lftforeverinet6fe80::daff:1b44:6a0f:1211/64scopelinkvalid_lftforeverpreferred_lftforever[root@localhosthtml]#ipadd1:lo:mtu65536qdiscnoqueuestateunknownqlen1link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:ens32:mtu1500qdiscpfifo_faststateupqlen1000link/ether00:0c:29:7d:ea:88brdff:ff:ff:ff:ff:ffinet192.168.133.130/24brd192.168.133.255scopeglobalens32valid_lftforeverpreferred_lftforeverinet192.168.133.100/32scopeglobalens32valid_lftforeverpreferred_lftforeverinet6fe80::daff:1b44:6a0f:1211/64scopelinkvalid_lftforeverpreferred_lftforever

查看日志

[root@localhosthtml]#tail/var/log/messagessep413:01:01localhostsystemd:startedsession15ofuserroot.sep413:01:01localhostsystemd:startingsession15ofuserroot.sep413:10:01localhostsystemd:startedsession16ofuserroot.sep413:10:01localhostsystemd:startingsession16ofuserroot.sep413:17:52localhostkeepalived_vrrp[3730]:vrrp_instance(vi_1)transitiontomasterstatesep413:17:53localhostkeepalived_vrrp[3730]:vrrp_instance(vi_1)enteringmasterstatesep413:17:53localhostkeepalived_vrrp[3730]:vrrp_instance(vi_1)settingprotocolvips.sep413:17:53localhostkeepalived_vrrp[3730]:vrrp_instance(vi_1)sendinggratuitousarpsonens32for192.168.133.100sep413:17:53localhostkeepalived_healthcheckers[3729]:netlinkreflectorreportsip192.168.133.100addedsep413:17:58localhostkeepalived_vrrp[3730]:vrrp_instance(vi_1)sendinggratuitousarpsonens32for192.168.133.100

因为主机器宕机，从机器很快的就加入了vip地址

这个时候访问vip地址的时候，看到的页面是