利用 Keepalived 部署備用服務器,實現故障轉移。
Keepalived 內置了 VRRP(Virtual Router Redundancv Protocol,虛擬路由冗餘協議)功能, VRRP 用於解決靜態路由出現的單點故障問題,它通過 IP 多播的方式通信,當發現主路由故障時,通過選舉策略將備用路由更換爲主路由,從而繼續提供服務 。
Keepalived 利用 VRRP 實現了將提供對外訪問的 IP 地址( Virtual IP)自動在主服務器(Master)和備用服務器(Backup)之間切換,正常情況下 Master使用 Virtual IP提供對外訪問,當 Master 故障時,其他正在監控 Master 的 Backup 會通過優先級( priority)機制競爭接管 Virtual IP 繼續對外提供服務,其他落選的 Backup 會繼續監控當前使用的 Virtual IP 服務器 。
高可用服務器
| 角色 | RIP(real ip) | VIP (virtual ip) | 說明 |
|---|---|---|---|
| master | 192.168.1.11 | 192.168.1.10 | nginx+keepalived |
| backup | 192.168.1.12 | 192.168.1.10 | nginx+keepalived |
| - | 192.168.1.13 | - | 後端服務器1 |
| - | 192.168.1.4 | - | 後端服務器2 |
install keepalived
wget https://www.keepalived.org/software/keepalived-1.2.24.tar.gz
./configure --prefix=/usr/local/keepalived
確保以下信息正確
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
註冊服務
cp etc/rc.d/init.d/keepalived /etc/init.d/
chmod +x /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig keepalived on
ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
master
cp etc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 { #配置一個虛擬路由,名稱爲 VI_1
state MASTER #指定 Keepalived的角色,MASTER或 BACKUP
interface eth0 #指定監測的網卡
# garp_master_delay 10
# smtp_alert
# virtual_router_id 51
virtual_router_id 128 #虛擬路由的標識,同一個 VRRP 的 MASTER 和 BACKUP 應一致
mcast_src_ip 172.16.135.128 #設置 Real IP (可省略,默認將自動使用網卡的主ip
priority 100 #優先級、權重{權重.高的主機將接管 Virtual IP)範圍 0~254
advert_int 1 #MASTER和 BACKUP之間同步檢查的時間間隔,單位秒
authentication { #設置驗證類型和密碼
auth_type PASS #驗證類型 ,PASS 表示使用密碼驗證
auth_pass 1111 #設置密碼,用於 MASTER 和 BACKUP 之間使用相同密碼通信
}
virtual_ipaddress { #設置 Virtual IP地址池,每行一個
# 192.168.200.16
# 192.168.200.17
# 192.168.200.18
172.16.135.130 #爲 MASTER 和 BACKUP 設置相同的 Virtual IP
# optional label. should be of the form "realdev:sometext" for
# compatibility with ifconfig.
# 192.168.200.18 label eth0:1
}
}
service keepalived restart
backup
vi /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #修改身份爲 BACKUP
priority 90 #修改優先級爲 90(低於MASTER即可}
}
service keepalived restart
Master 和 Backup 服務器中的 Keepalived 通過 VRRP 的 112 端口通信,若端口無法訪問則會同時搶佔 Virtual IP 地 址。接下來爲兩臺服務器配置防火牆規則,開放 112 端口。
nginx+keepalived
在master backup 中編寫如下內容
vrrp_script chk_nginx { #配置用於檢測 Nginx 運行狀態的腳本
script "/chk_nginx.sh" #用於檢測的腳本文件路徑
interval 2 #每 2 秒執行一次腳本
weight -20 #當檢測失敗時 ,權理髮生的變化
}
vrrp_instance VI_I { #爲 VI_l 添加監控腳本
track_script {
chk_nginx
}
}
vi /chk_nginx.sh
#!/bin/sh
if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then
service keepalived start
sleep 2
if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then
service keepalived stop
fi
fi
### 默認配置
vi etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}