一、集群高可用概述
单纯的lvs/nginx反向代理模型做负载集群应用时,DR(director)存在单点故障隐患,故需要有机制来保证DR的高可用性。常用的高可用性方案有Keepalived、corosync,Keepalived主要是由VRRP协议实现了VIPfloating,比较适用于前端DR的高可用性,Corosync一般用于更专业的集群模型实现Service的高可用。Keepalived起初就是为了实现LVS集群director高可用而开发的,本处仅做Keepalived+LVS-DR模型实验。
Keepalived中优先级高的节点为MASTER。MASTER其中一个职责就是响应VIP的arp包,将VIP和mac地址映射关系告诉局域网内其 他主机,同时,它还会以多播的形式向局域网中发送VRRP通告,告知BACKUP组自己的优先级。网络中的所有BACKUP节点只负责 处理MASTER发出的多播包,当发现MASTER的优先级没自己高(脚本检测故障触发自我降级),或者没收到MASTER的VRRP通告(网络故障/MASTER宕机)时,BACKUP将自己切换到MASTER状 态,然后做MASTER该做的事:1.响应arp包,2.发送VRRP通告。
三、实验环境
1.网络拓补图
2.软件环境
-
-
keepalived.x86_64 1.3.5-6.el7
global_defs { notification_email { root@localhost #此处仅发给本机,更定制化的邮件通知功能一般由zabbix来做。 } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id keepalivedR1 #定义路由器标识,每台服务器局域网内唯一就行。 vrrp_mcast_group4 224.0.0.33 #定义master向backup组播vrrp报文的地址。 } vrrp_script chk_down { script "/etc/keepalived/chk_down.sh" interval 1 #脚本检测间隔 weight -15 #即原有优先级+weight,负值即降低。 # 注意当weight=0时, 用于变更vrrp_instance的状态例如脚本检测失败, 则vrrp的状态直接变为FAULT. (不管有没有其他节点存在来接管MASTER) fall 2 #执行脚本两次exit非0则降低优先级 rise 1 #执行脚本一次exit 0 则还原优先级 user keepalived_script #默认用户yum安装keepalived需自建,不存在则调用root(不推荐) } vrrp_instance VI_1 { state MASTER #自定义的state,但如果你的优先级小于backup也不会成为master。 interface ens39 #绑定为当前虚拟路由器使用的物理接口。 virtual_router_id 3 #当前虚拟路由器的惟一标识,范围是0-255。同实例一致! priority 99 #初始优先级,范围1-254。 advert_int 1 #vrrp通告的时间间隔。 authentication { auth_type PASS #简单密码验证,不超过8位。 auth_pass 736w4ib2 #最好使用随机字符串,同vip实例保持一致! } virtual_ipaddress { 192.168.7.120/24 dev ens39 } notify_master "/etc/keepalived/notify.sh master" #调用通知脚本 notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } virtual_server 192.168.7.120 80 { #此处可用IP port/fwmark id 标识VIP对应服务 delay_loop 2 #服务轮询的时间间隔2s lb_algo rr lb_kind DR protocol TCP real_server 192.168.7.125 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.7.126 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 2 nb_get_retry 3 delay_before_retry 3 } }
将上述配置录入/etc/keepalived/keepalived.conf中,过程如下:
[root@DR1 ~]# cd /etc/keepalived/ [root@DR1 keepalived]# cp keepalived.conf{,.bak} #备份下配置文件 [root@DR1 keepalived]# ls keepalived.conf keepalived.conf.bak [root@DR1 keepalived]# vim keepalived.conf
-
配置中调用的notify脚本内容如下:
#!/bin/bash # contact='root@localhost' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
-
chk_down.sh只有条件判断:
[[ -f /etc/keepalived/down ]] && exit 1 || exit 0
-
配置DR2
DR2,仅需修改如下配置:
-
router_id keepalivedR2
-
state BACKUP
-
priority 90
(2)两台RS配置
两台RS均yum安装nginx,启动服务监听80端口即可。
需要注意的有如下几点:
-
检查系统是否自带httpd服务并停止,否则会与nginx发生冲突。
-
添加vip到网卡辅助接口,并修改arp参数抑制apr报文响应,此处可用脚本如下:
vip=192.168.7.120 /usr/sbin/ip addr add $vip/32 dev lo label lo:0 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
注意:因客户端在同网段,添加完RS抑制arp响应后,需要将客户端的arp缓存清空防止干扰效果。
-
修改默认主页,主要是做标记区分RS1/RS2。可采用如下方法:
编辑默认index.html 在vim末行模式输入:%s/nginx/server1/g回车即可
五、测试实验效果
-
测试VIP漂移
-
先在DR2初始BACKUP开启keepalived观察是否有状态变更:
[root@DR2 ~]# systemctl start keepalived.service [root@DR2 ~]# systemctl status keepalived.service ?.keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2018-07-15 13:28:10 CST; 19s ago Process: 2620 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 2621 (keepalived) CGroup: /system.slice/keepalived.service ?..2621 /usr/sbin/keepalived -D ?..2622 /usr/sbin/keepalived -D ?..2623 /usr/sbin/keepalived -D Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 13:28:14 DR2 Keepalived_vrrp[2623]: Opening script file /etc/keepalived/notify.sh Jul 15 13:28:19 DR2 Keepalived_vrrp[2623]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 13:28:19 DR2 Keepalived_vrrp[2623]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens39 for 192.168.7.120 [root@DR2 ~]# mail Heirloom Mail version 12.5 7/5/10. Type ? for help. "/var/spool/mail/root": 6 messages 2 new 2 unread >N 5 root Sun Jul 15 13:28 18/667 "DR2 to be backup, vip floating" N 6 root Sun Jul 15 13:28 18/667 "DR2 to be master, vip floating" & 6 Message 6: From root@DR2.localdomain Sun Jul 15 13:28:15 2018 Return-Path: <root@DR2.localdomain> X-Original-To: root@localhost Delivered-To: root@localhost.localdomain Date: Sun, 15 Jul 2018 13:28:14 +0800 To: root@localhost.localdomain Subject: DR2 to be master, vip floating User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=us-ascii From: root@DR2.localdomain (root) Status: R 2018-07-15 13:28:14: vrrp transition, DR2 changed to be master
可以看到,因为master没上线,DR2由backup变为master。我们的notify.sh脚本成功发送状态变更通知到本地邮箱。
-
测试DR1上线效果:
[root@DR2 ~]# systemctl status keepalived.service Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) Received advert with higher priority 99, ours 90 Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) Entering BACKUP STATE Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: VRRP_Instance(VI_1) removing protocol VIPs. Jul 15 14:52:48 DR2 Keepalived_vrrp[1812]: Opening script file /etc/keepalived/notify.sh You have new mail in /var/spool/mail/root [root@DR2 ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:3b:a3:7c brd ff:ff:ff:ff:ff:ff inet 192.168.7.122/24 brd 192.168.7.255 scope global ens39 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe3b:a37c/64 scope link valid_lft forever preferred_lft forever [root@DR1 ~]# systemctl status keepalived.service Jul 15 14:52:49 DR1 Keepalived_vrrp[3471]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 14:52:49 DR1 Keepalived_vrrp[3471]: Opening script file /etc/keepalived/notify.sh Jul 15 14:52:54 DR1 Keepalived_vrrp[3471]: Sending gratuitous ARP on ens39 for 192.168.7.120 Jul 15 14:52:54 DR1 Keepalived_vrrp[3471]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens39 for 192.168.7.120
DR2因为收到了更高优先级的VRRP组播报文而卸载VIP,DR1获取到VIP。
-
手工touch生成/etc/keepalived/down文件模拟单机故障也会发生上述VIP漂移现象。
Jul 15 15:21:51 DR1 Keepalived_vrrp[3907]: WARNING - default user 'keepalived_script' for script execution does not exist - please create. # 此处踩坑了,提示conf文件中配置的脚本需要keepalived_script用户执行 # 还有个巨坑是参考资料中直接在keepalived.conf中定义script "[[ -f /etc/keepalived/down ]] && # exit 1 || exit 0" 但是我多次测试不成功,将条件判断放入脚本,conf文件仅引用路径才成功...... Jul 15 15:54:24 DR1 Keepalived_vrrp[4438]: /etc/keepalived/chk_down.sh exited with status 1 Jul 15 15:54:24 DR1 Keepalived_vrrp[4438]: VRRP_Script(chk_down) failed Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Changing effective priority from 99 to 84 Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: /etc/keepalived/chk_down.sh exited with status 1 Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Received advert with higher priority 90, ours 84 Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) Entering BACKUP STATE Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: VRRP_Instance(VI_1) removing protocol VIPs. Jul 15 15:54:25 DR1 Keepalived_vrrp[4438]: Opening script file /etc/keepalived/notify.sh
-
-
测试RS故障检测
-
先测试RS是否正常被轮询
for i in {1,5};do curl http://192.168.7.120 ;done -
手动关停一台rs的nginx
[root@RS2 ~]# systemctl stop nginx [root@DR1 ~]# journalctl -xe Jul 15 16:59:04 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80. [root@DR1 ~]# systemctl status keepalived Jul 15 16:59:05 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80. Jul 15 16:59:06 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80. Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Error connecting server [192.168.7.126]:80. Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Check on service [192.168.7.126]:80 failed after 3 retry. Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Removing service [192.168.7.126]:80 from VS [192.168.7.120]:80 Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: Remote SMTP server [127.0.0.1]:25 connected. Jul 15 16:59:07 DR1 Keepalived_healthcheckers[4437]: SMTP alert successfully sent. [root@DR1 ~]# mail N 16 keepalived@localhost Sun Jul 15 16:59 17/646 "[keepalivedR1] Realserver [192.168.7.126]:80 - DOWN"
-
重新启动nginx
Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: HTTP status code success to [192.168.7.126]:80 url(1). Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Remote Web server [192.168.7.126]:80 succeed on service. Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Adding service [192.168.7.126]:80 to VS [192.168.7.120]:80 Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: Remote SMTP server [127.0.0.1]:25 connected. Jul 15 17:02:55 DR1 Keepalived_healthcheckers[4437]: SMTP alert successfully sent. You have new mail in /var/spool/mail/root
-
-
本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/103020
