5-4keepalived與nginx實現高可用故障轉移實戰

時間 2019-11-10

標籤 4keepalived keepalived nginx 實現可用故障轉移實戰欄目負載均衡简体版

原文原文鏈接

回顧：
keepalived：HA Cluster高可用集羣的實現
vrrp：虛擬冗餘路由協議
虛擬路由器：物理路由器
VRID:Virtual Router ID
Master/Backup
一主一備貨一主多備
priority
搶佔模式/非搶佔模式
ipvs wrapper(checkers);
checkers：對各VS的各RS作健康狀態檢測
應用層檢測：HTTP_GET,SSL_GET,SMTP_CHECK
傳輸層檢測：TCP_CHECK
自定義檢測：MISC_CHECK(例如mysql數據檢測)，自定義腳本檢測html

keepalived內建是沒有高可用nginx這種功能，要想高可用nginx，要確保兩個節點上的nginx服務都運行起來就能夠，不用管是否是主節點，須要藉助外部腳本把nginx服務啓動起來或者重啓，而且nginx服務發生故障時還能轉移故障，下降優先級(不能看成主節點了)node

視頻內課件：
keepalived調用外部的輔助腳本進行資源監控，並根據監控的結果狀態能實現有限動態調整；
分兩步：(1)先定義一個腳本；(2)調用此腳本；
vrrp_script <SCRIPT_NAME> {---定義一個腳本
script "一行命令或者外部腳本路徑"
interval INT---每隔多長時間，上邊的腳本要執行一次，萬一失敗了，權重要減去多少
weight -INT
}mysql

track_script {---使用這個命令去調用腳本，並且能夠調用多個腳本
    SCRIPT_NAME_1
    SCRIPT_NAME_2
    ...
}

示例：高可用nginx服務
!Configuration File for keepalivednginx

global_defs {
notification_email {br/>root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}web

vrrp_script chk_down {
script "[[-f /etc/keepalived/down]] && exit 1 || exit 0"---這個文件若是存在就錯誤，不存在就成功，意思就是想讓nginx降權就touch一個down文件
interval 1
weight -5
}算法

vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 ||exit 1"---killall -0看這個進程能不能關閉，表示這個進程在，不真殺進程，而是看能不能殺，若是成功了返回0，若是失敗了返回1
interval 1
weight -5
fall 2---檢測失敗2次，纔會認爲有問題
rise 1---若是之前是失敗的，如今一檢測又成功了，當即加上減去的權重，並搶佔資源
}sql

vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 14
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97h2
}
virtual_ipaddress {
10.1.0.93/16 dev eno16777736
}
track_script {---調用腳本
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
博客做業：
(1)雙主模型的ipvs高可用集羣
(2)雙主模型的nginx proxy高可用集羣vim

測試：ipvs使用sh算法或持久鏈接時，故障切換後，同一個客戶端是否依然能關聯至此前綁定的RS
nginx使用ip_hash或hash $request_url算法時，故障切換後，同一個客戶端是否依然能關聯至此前綁定的upstream server；bash

視頻中的演示：兩臺nginx，一臺虛擬主機啓動多個web服務(監聽多個接口)用來模擬多臺主機服務器

首先都同步下時間，並安裝keepalived服務
yum -y install keepalived
ntpdate 172.16.0.1

===================================================================
node1：172.16.0.6
ntpdate 172.16.0.1
vim /etc/keepalived/keepalived.conf
!Configuration File for keepalived

global_defs {
notification_email {br/>root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.101.33
}

vrrp_script chk_down {---腳本要定義在示例外邊
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"---存在就錯誤退出，不存在就正確退出
weight -10---腳本失敗了就降權
interval 1---監測間隔時間1秒
fall 1--失敗幾回認爲失效
rise 1---檢測幾回認爲正常
}

vrrp_script chk_ngx {
script "killall -0 nginx && exit 0 || exit 1"---nginx存在就失敗，不存在就成功
weight -10---腳本失敗了就降權
interval 2---監測間隔時間1秒
fall 3--失敗幾回認爲失效
rise 3---檢測幾回認爲正常
}

vrrp_instance VI_1 {
state MASTER
priority 100
interface eno16777736
virtual_router_id 33
advert_int 1
authentication {
auth_type PASS
auth_pass RT3SKUI2
}
virtual_ipaddress {
172.16.0.77/16 dev eno16777736 label eno16777736:0
}

track_script {---跟蹤下面這個腳本
    chk_down
    chk_ngx
}

notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"

}
systemclt start keepalived.service
systemctl status keepalived.service---查看服務狀態
ifconfig---能夠看到已經配置上地址了
此時在/etc/keepalived/下建立文件downnode1節點會變爲備用節點
在node2節點上運行下面的命令
tcpdump -i eno16777736 -nn host 224.1.101.33---能夠看到監聽在這個地址上的信息
node1節點上運行下面的命令
rm -f down---刪除之後就能夠看到地址轉移給node2節點了

下邊的演示是單主節點，節點變爲主節點nginx服務上線，變爲備用節點，nginx服務下線,兩個節點都作以下配置
先安裝nginx服務
yum -y install nginx
vim /etc/nginx/nginx.conf---nginx主要是做爲反代服務器
在server上下文中添加一行
location / {
proxy_pass http://websrvs;
}
upstream websrvs {
server 192.168.10.11:80;
server 192.168.10.12:80;
server 192.168.10.13:80;
}
nginx -t
systemctl start nginx.service
curl http://172.16.0.6/---能夠看到是輪詢訪問三個主機
curl http://172.16.0.7/---能夠看到是輪詢訪問三個主機

如今先驗證能不能監控節點變爲主節點之後nginx服務能啓動起來(先把兩個節點的nginx服務都停掉，systemctl stop nginx.service)
vim /etc/keepalived/notify.sh
#!/bin/bash
#
contact='root@localhost'

notify {
local mailsubject="$(hostname) to be $1,vip floating"
local mailbody="$(date + '%F %T'):vrrp transition,$(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
systemctl start nginx.service---成爲主節點就啓動nginx
notify master
;;
backup)
systemctl start nginx.service---成爲備用節點就啓動nginx
notify backup
;;
fault)
systemctl stop nginx.service---成爲故障節點就停掉nginx
notify fault
;;
*)
echo "Usage:$(basename $0) {master|backup|fault}"
exit 1
;;
esac

此時，建立down文件，就會轉移地址到node2節點，刪除down文件，就會轉移到node1節點
注意：不要隨便停掉nginx服務也不要重啓，由於一旦監測失敗就會降權，主節點備節點都是這樣，因此還要修改通知腳本中的backup狀態也改成啓動nginx服務，保證服務不下線，可是地址會轉移，並且還要監控nginx進程來完成降權目的，還要在配置文件中添加一個腳本vrrp_script chk_ngx，
注意：如何讓nginx啓動不起來？啓動httpd搶佔80端口便可
killall nginx && systemctl start httpd
本身強行讓服務下線之後，須要手動啓動服務，才能讓地址轉移過來，或者讓另一個節點下線

下面的是雙主模型
vim /etc/keepalived/keepalived.conf
!Configuration File for keepalived

global_defs {
notification_email {br/>root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.101.33
}

track_script {---跟蹤下面這個腳本
    chk_down
    chk_ngx
}

notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"---雙主模型nginx就不能停掉了

}

vrrp_instance VI_2 {
state BACKUP---另外一個節點改成master
priority 96---另外一個節點改成100
interface eno16777736
virtual_router_id 43
advert_int 1
authentication {
auth_type PASS
auth_pass RT7SKUI2
}
virtual_ipaddress {
172.16.0.78/16 dev eno16777736 label eno16777736:1
}

track_script {---跟蹤下面這個腳本
    chk_down
    chk_ngx
}

track_interface {---生產環境中還會監控接口信息
    eno16777736
    eno33554984
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"---雙主模型nginx就不能停掉了

}

systemctl stop keepalived.service
systemctl start keepalived.service
systemctl status keepalived.service---而後就能夠看到每一個節點都拿到地址了，業務正常了

=====================================================================
node2：172.16.0.7
ntpdate 172.16.0.1
vim /etc/keepalived/keepalived.conf
!Configuration File for keepalived

global_defs {
notification_email {br/>root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.0.101.33
}

vrrp_instance VI_1 {
state BACKUP
priority 96
interface eno16777736
virtual_router_id 33
advert_int 1
authentication {
auth_type PASS
auth_pass RT3SKUI2
}
virtual_ipaddress {
172.16.0.77/16 dev eno16777736 label eno16777736:0
}

track_script {---跟蹤下面這個腳本
    chk_down
}

notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"

}

server：192.168.10.11/24，192.168.10.12/24，192.168.10.13/24配置三個IP地址
ntpdate 172.16.0.1
vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost 192.168.10.11:80>
ServerName 192.168.10.11
DocumentRoot "/data/web/vhost1"
<Directory "/data/web/vhost1">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

<VirtualHost 192.168.10.12:80>
ServerName 192.168.10.12
DocumentRoot "/data/web/vhost2"
<Directory "/data/web/vhost2">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

<VirtualHost 192.168.10.13:80>
ServerName 192.168.10.13
DocumentRoot "/data/web/vhost3"
<Directory "/data/web/vhost3">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

編輯好之後測試語法
httpd -t---測試語法，提示目錄不存在
mkdir -pv /data/web/vhost{1,2,3}
vim /data/web/vhost1/index.html
<h1>Vhost1</h1>
vim /data/web/vhost2/index.html
<h1>Vhost2</h1>
vim /data/web/vhost3/index.html
<h1>Vhost3</h1>

systemctl start httpd.service

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。