1.keepalived VRRP 介绍
keepalived是什么?
keepalived是集群管理中保证集群高可用的一个服务软件,用来防止单点故障。
keepalived工作原理
keepalived是以VRRP协议为实现基础的,VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。
虚拟路由冗余协议:可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。
keepalived主要有三个模块,分别是core、check和vrrp。core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。check负责健康检查,包括常见的各种检查方式。vrrp模块是来实现VRRP协议的。
脑裂 split barin:
Keepalived的BACKUP主机在收到不MASTER主机报文后就会切换成为master,如果是它们之间的通信线路出现问题,无法接收到彼此的组播通知,但是两个节点实际都处于正常工作状态,这时两个节点均为master强行绑定虚拟IP,导致不可预料的后果,这就是脑裂。
关于脑裂问题的解决方法:
- 添加更多的检测手段,比如冗余的心跳线(两块网卡做健康监测),ping对方等等。尽量减少"裂脑"发生机会。(指标不治本,只是提高了检测到的概率);
- 设置仲裁机制。两方都不可靠,那就依赖第三方。比如启用共享磁盘锁,ping网关等。(针对不同的手段还需具体分析);
- 爆头,将master停掉。然后检查机器之间的防火墙。网络之间的通信。
2.Nginx+keepalived实现七层的负载均衡
通过Nginx的upstream实现负载均衡
proxy-master: 192.168.134.165
proxy-slave: 192.168.134.166
real-server1: 192.168.134.163
real-server2: 192.168.134.164
VIP 192.168.1345.160
2.1准备工作
- 关闭四台机器上的防火墙和selinux
systemctl stop firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux //关闭selinux,重启生效- 在四台机器上安装nginx
[root@proxy-master ~]# cd /etc/yum.repos.d/
[root@proxy-master yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
[root@proxy-master ~]# yum install yum-utils -y
[root@proxy-master ~]# yum install nginx -y
[root@proxy-master ~]# systemctl start nginx2.2两台服务器做代理
proxy-master:192.168.134.165和proxy-slave:192.168.134.166做代理。
在两台代理机器上都配置:
[root@master ~]# vim /etc/nginx/conf.d/default.conf
upstream aren {
server 192.168.134.163:80 weight=1 max_fails=3 fail_timeout=20s;
server 192.168.134.164:80 weight=1 max_fails=3 fail_timeout=20s;
}
server {
listen 80;
root /usr/share/nginx/html;
location /{
proxy_pass http://aren;
proxy_set_header Host $host:$proxy_port;
proxy_set_header X-Forwarded-For $remote_addr;
}
[root@master ~]# nginx -s reload2.3在两台Keepalived实现调度器HA
注:主/备调度器均能够实现正常调度
1. 主/备调度器安装软件
主:
[root@proxy-master ~]# yum install -y keepalived
[root@proxy-slave ~]# yum install -y keepalived
[root@proxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak ##备份
! Configuration File for keepalived
global_defs {
router_id directory1
}
vrrp_instance VI_1 {
state MASTER #定义为主
interface ens33 #VIP绑定接口
virtual_router_id 80 #整个集群的调度器一致
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.134.160/24 #VIP
}
}
备:
[root@proxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@proxy-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id directory2 #
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 80
priority 50 #back的优先级为50 (小于master)
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.134.160/24
}
}
此时可以看到VIP在master上:
2.4在real-server上写入测试页面
[root@server03 ~]# echo "lvs-RS1" > /usr/share/nginx/html/index.html
[root@server03 ~]# systemctl start nginx
[root@server04 ~]# echo "lvs-RS2" > /usr/share/nginx/html/index.html
[root@server04 ~]# systemctl start nginx
2.5测试
- 当我们关闭master上的keepalived可以发现VIP会转移到slave上,这就实现了高可用(当master挂掉后slave会顶替master继续提供服务)
##关闭master的nginx 和 keepalived
[root@master ~]# systemctl stop keepalived- 查看slave,可以发现VIP在slave上。
- 访问VIP(192.168.134.160)可以访问到。
3.解决nginx故障
- 可以解决心跳故障keepalived但不能解决Nginx服务故障。这是我们要添加对nginx健康检查。(两台都设置)
思路:
让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Nginx失败,则关闭本机的Keepalived
[root@proxy-master ~]# vim /etc/keepalived/check_nginx_status.sh
#!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
# /etc/init.d/keepalived stop
systemctl stop keepalived
fi- keepalived使用script
! Configuration File for keepalived
global_defs {
router_id directory1
}
vrrp_script check {
script "/etc/keepalived/check-nginx.sh"
interval 5 #每5秒检测一次
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 80
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123
}
virtual_ipaddress {
192.168.134.160/24
}
track_script {
check
}
}
- 测试
关闭master上的nginx服务,过5秒后会检测到nginx挂掉,随后会关闭master上的keepalived;并且VIP会转移到slave上面,让slave继续提供服务。
master:
slave:
