建设商城类的网站要多少钱,233建筑网校,网页设计需要学什么代码,建筑工程培训网1.keepalived VRRP 介绍
keepalived是什么#xff1f; keepalived是集群管理中保证集群高可用的一个服务软件#xff0c;用来防止单点故障。
keepalived工作原理 keepalived是以VRRP协议为实现基础的#xff0c;VRRP全称Virtual Router Redundancy Protocol keepalived是集群管理中保证集群高可用的一个服务软件用来防止单点故障。
keepalived工作原理 keepalived是以VRRP协议为实现基础的VRRP全称Virtual Router Redundancy Protocol即虚拟路由冗余协议。
虚拟路由冗余协议可以认为是实现路由器高可用的协议即将N台提供相同功能的路由器组成一个路由器组这个组里面有一个master和多个backupmaster上面有一个对外提供服务的vip该路由器所在局域网内其他机器的默认路由为该vipmaster会发组播当backup收不到vrrp包时就认为master宕掉了这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。
keepalived主要有三个模块分别是core、check和vrrp。core模块为keepalived的核心负责主进程的启动、维护以及全局配置文件的加载和解析。check负责健康检查包括常见的各种检查方式。vrrp模块是来实现VRRP协议的。 脑裂 split barin
Keepalived的BACKUP主机在收到不MASTER主机报文后就会切换成为master如果是它们之间的通信线路出现问题无法接收到彼此的组播通知但是两个节点实际都处于正常工作状态这时两个节点均为master强行绑定虚拟IP导致不可预料的后果这就是脑裂。
关于脑裂问题的解决方法
添加更多的检测手段比如冗余的心跳线两块网卡做健康监测ping对方等等。尽量减少裂脑发生机会。(指标不治本只是提高了检测到的概率)设置仲裁机制。两方都不可靠那就依赖第三方。比如启用共享磁盘锁ping网关等。(针对不同的手段还需具体分析)爆头将master停掉。然后检查机器之间的防火墙。网络之间的通信。
2.Nginxkeepalived实现七层的负载均衡
通过Nginx的upstream实现负载均衡 proxy-master: 192.168.134.165 proxy-slave: 192.168.134.166 real-server1: 192.168.134.163 real-server2: 192.168.134.164 VIP 192.168.1345.160 2.1准备工作
关闭四台机器上的防火墙和selinux
systemctl stop firewalld
sed -i s/^SELINUX.*/SELINUXdisabled/ /etc/sysconfig/selinux //关闭selinux重启生效
在四台机器上安装nginx
[rootproxy-master ~]# cd /etc/yum.repos.d/
[rootproxy-master yum.repos.d]# vim nginx.repo
[nginx-stable]
namenginx stable repo
baseurlhttp://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck0
enabled1
[rootproxy-master ~]# yum install yum-utils -y
[rootproxy-master ~]# yum install nginx -y
[rootproxy-master ~]# systemctl start nginx
2.2两台服务器做代理
proxy-master:192.168.134.165和proxy-slave:192.168.134.166做代理。
在两台代理机器上都配置
[rootmaster ~]# vim /etc/nginx/conf.d/default.confupstream aren {server 192.168.134.163:80 weight1 max_fails3 fail_timeout20s;server 192.168.134.164:80 weight1 max_fails3 fail_timeout20s;}server {listen 80; root /usr/share/nginx/html;location /{proxy_pass http://aren;proxy_set_header Host $host:$proxy_port;proxy_set_header X-Forwarded-For $remote_addr;
}[rootmaster ~]# nginx -s reload
2.3在两台Keepalived实现调度器HA
注主/备调度器均能够实现正常调度 1. 主/备调度器安装软件
主
[rootproxy-master ~]# yum install -y keepalived
[rootproxy-slave ~]# yum install -y keepalived
[rootproxy-master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak ##备份! Configuration File for keepalivedglobal_defs {router_id directory1
}vrrp_instance VI_1 {state MASTER #定义为主interface ens33 #VIP绑定接口virtual_router_id 80 #整个集群的调度器一致 priority 100advert_int 1authentication {auth_type PASSauth_pass 123}virtual_ipaddress {192.168.134.160/24 #VIP}
}备
[rootproxy-slave ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[rootproxy-slave ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {router_id directory2 #
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 80priority 50 #back的优先级为50 小于masteradvert_int 1authentication {auth_type PASSauth_pass 123}virtual_ipaddress {192.168.134.160/24}
}此时可以看到VIP在master上 2.4在real-server上写入测试页面
[rootserver03 ~]# echo lvs-RS1 /usr/share/nginx/html/index.html
[rootserver03 ~]# systemctl start nginx[rootserver04 ~]# echo lvs-RS2 /usr/share/nginx/html/index.html
[rootserver04 ~]# systemctl start nginx2.5测试
当我们关闭master上的keepalived可以发现VIP会转移到slave上这就实现了高可用当master挂掉后slave会顶替master继续提供服务
##关闭master的nginx 和 keepalived
[rootmaster ~]# systemctl stop keepalived
查看slave可以发现VIP在slave上。 访问VIP192.168.134.160可以访问到。 3.解决nginx故障
可以解决心跳故障keepalived但不能解决Nginx服务故障。这是我们要添加对nginx健康检查。两台都设置
思路 让Keepalived以一定时间间隔执行一个外部脚本脚本的功能是当Nginx失败则关闭本机的Keepalived
[rootproxy-master ~]# vim /etc/keepalived/check_nginx_status.sh
#!/bin/bash
/usr/bin/curl -I http://localhost /dev/null
if [ $? -ne 0 ];then
# /etc/init.d/keepalived stopsystemctl stop keepalived
fi keepalived使用script ! Configuration File for keepalivedglobal_defs {router_id directory1
}vrrp_script check {script /etc/keepalived/check-nginx.shinterval 5 #每5秒检测一次
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 80priority 100advert_int 1authentication {auth_type PASSauth_pass 123}virtual_ipaddress {192.168.134.160/24}track_script {check}}测试
关闭master上的nginx服务过5秒后会检测到nginx挂掉随后会关闭master上的keepalived并且VIP会转移到slave上面让slave继续提供服务。
master slave
