江哥架构师笔记HA Cluster
集群类型:LB、HA、HP
单点故障,比如lvs的vs主机,当vs主机挂了,就完了,所有的服务应该都要有备份。SPoF: Single Point of Failure
系统可用性的公式:A=MTBF/(MTBF+MTTR)
(0,1), 95% 几个9: 99%, ..., 99.999% 99%: %1, 99.9%, 0.1%
如何降低MTTR:提供系统冗余(redundant):从主机的角度来进行分析,不考虑网卡,网线这些细节
active/passive ,当备用节点能够收到主节点的心跳信息(比如请求某一资源可以成功),就一直等待,当连续请求不到资源(有可能主节点非常繁忙,无法及时响应),判断主节点故障,取而代之,将ip和资源拿过来,自己来提供服务,
active –> HEARTBEAT –> passive
(1) passive node的数量?备用节点可以多个,主节点采用多播域来进行多播来进行通告,这样主机发送一次报文,所有的备用节点都能够收到信息。备用服务器可以设置优先级,主机出问题,优先级高的备用服务器来进行取代。
(2) 资源切换指的是什么?服务器上面的的文件,js,数据库,session等东西
Network partition:网络故障导致集群中主机不能通行,
隔离设备: node:STONITH 资源:fence
quorum:
with quorum: > total/2 without quorum: <= total/2
HA Service:
nginx service:ip/nginx 服务如何转移: 作为调度器,将ip地址转移,上面没有运行任何服务,只要将调度服务启动就可以。 作为后端的服务器,将ip地址转移,作为web服务,如果用户能上传图片等资源的话,要使用共享存储,这样, 当服务器启动后能直接使用共享存储中的数据,图片等资源也不会丢失。
shared storage:
NAS:文件共享服务器; SAN:存储区域网络,块级别的共享;
TWO nodes Cluster?
辅助设备:ping node, quorum disk;
HA Cluster实现方案:
vrrp协议的实现 keepalived ais:完备HA集群; heartbeat corosync
keepalived:
vrrp协议:Virtual Redundant Routing Protocol 术语: 虚拟路由器:Virtual Router 虚拟路由器标识:VRID(0-255) 物理路由器: master:主设备 backup:备用设备 priority:优先级 VIP:Virtual IP VMAC:Virutal MAC (00-00-5e-00-01-VRID) 通告:心跳,优先级等;周期性; 抢占式,非抢占式;资源比抢占后,主机修复又上线了,而且优先级比较高,能够将资源再抢占回来。 安全工作: 认证: 无认证 简单字符认证 MD5 工作模式: 主/备:单虚拟路径器; 主/主:主/备(虚拟路径器1),备/主(虚拟路径器2)
假如调度器有两个服务器A,B,比如百度的调度器,如果使用主备模式,某一时刻只有一台服 务器在使用,利用率比较低,可以在每个服务器上面配置一个ip,设置dns来轮询两个服务器A,B,这样两个服务器都能同时工作。两台服务器设置vrrp,当A出故障的时候,B会将A的地址抢过来,一个网卡上有两个ip来进行服务,dns还是轮询,不变,也可以起到高可用的作用,也可以起到负载均衡的作用,当A服务器修复后,两台服务器可以同时工作。
vrrp协议的软件实现,
原生设计的目的为了高可用ipvs服务:
基于vrrp协议完成地址流动;
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义);
为ipvs集群的各RS做健康状态检测;
基于脚本调用接口通过执行脚本完成脚本中定义的功能,进而影响集群事务;
组件:
核心组件:
vrrp stack
ipvs wrapper
checkers
控制组件:配置文件分析器
IO复用器
内存管理组件
HA Cluster的配置前提:
(1) 各节点时间必须同步;
(2) 确保iptables及selinux不会成为阻碍;
(3) 各节点之间可通过主机名互相通信(对KA并非必须);
建议使用/etc/hosts文件实现;
(4) 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信;(并非必须)
通用描述:virtual_ipaddress里面的ip地址为要调度的ip,可以是外网的ip,比如百度首页的ip。当两台主机当做一台调度器来进行高可用调度,当第一个主机配置了这个ip,出问题的时候,比如keepalive服务停止掉了,第二台主机检查到第一台主机挂掉了,就将这个ip抢过来,绑定到自己的网卡上面继续工作,保证服务是正常可用的。也可以两台主机来进行主主模式进行调用,让资源利用率高一些。
keepalived安装配置
CentOS 6.4+ :直接内置在base仓库
程序环境:
配置文件:/etc/keepalived/keepalived.conf 主程序:/usr/sbin/keepalived Unit File:keepalived.service
多播是一种允许一个或者多个发送者发送单一数据包到多个接收者的网络技术。不论组成员数量的多少,数据源只发送一次数据包,范围从224.0.0.0到239.255.255.255
配置文件组件部分:
TOP HIERACHY GLOBAL CONFIGURATION Global definitions Static routes/addresses VRRPD CONFIGURATION VRRP synchronization group(s) VRRP instance(s) LVS CONFIGURATION Virtual server group(s) Virtual server(s)
下面是编译安装方式,实际还需调整服务文件
编译安装keepalived yi gcc openssl-devel libnfnetlink-devel wget http://www.keepalived.org/software/keepalived-1.3.0.tar.gz tar xf keepalived-1.3.0.tar.gz cd keepalived-1.3.0 ./configure --prefix=/usr/local/keepalived cp ./keepalived/etc/init.d/keepalived /etc/init.d/ cp ./keepalived/etc/sysconfig/keepalived /etc/sysconfig/ 修改service文件的执行文件路径为全路径 /usr/local/keepalived/sbin/keepalived sed -i "s#daemon keepalived#daemon /usr/local/keepalived/sbin/keepalived#g" /etc/init.d/keepalived sed -i "s#killproc keepalived#killproc /usr/local/keepalived/sbin/keepalived#g" /etc/init.d/keepalived chkconfig --add keepalived chkconfig keepalived on 添加环境变量
配置说明
下面是配置语法:
global_defs区域
主要是配置故障发生时的通知对象以及机器标识
global_defs {
notification_email {
a@abc.com
b@abc.com
...
}
notification_email_from alert@abc.com
smtp_server smtp.abc.com
smtp_connect_timeout 30
router_id lvs-node1
vrrp_mcast_group4 224.0.100.0
}
notification_email 故障发生时给谁发邮件通知。
notification_email_from 通知邮件从哪个地址发出。
smpt_server 通知邮件的smtp地址。
smtp_connect_timeout 连接smtp服务器的超时时间。
router_id 标识本节点的字条串,通常为hostname,但不一定非得是hostname。故障发生时,邮件通知会用到。
vrrp_mcast_group4 配置多播地址,在这个地址各个节点进行通信
配置虚拟路由器:
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
}
state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface IFACE_NAME:进行多播的物理接口;interface 节点要有固有IP(非VIP),一般是内网的网卡,用来发VRRP包
virtual_router_id VRID:当前虚拟路由器的惟一标识,范围是0-255;随意,只要不和其他虚拟路由重复
注意: 同一网段中virtual_router_id的值不能重复,否则会出错。
可以用这条命令来查看该网络中所存在的vrid:tcpdump -nn -i any net 224.0.0.0/8
garp_master_delay 当切为主状态后多久更新ARP缓存,默认5秒。
priority 100:当前主机在此虚拟路径器中的优先级;范围1-254;数字越大,优先级越高,
用来选举master的,要成为master,那么这个选项的值最好高于其他机器50个点,那么这个节点就会成为主节点,
advert_int 1:vrrp通告的时间间隔;健康查检时间间隔
authentication 认证区域,认证类型有PASS和HA(IPSEC),推荐使用PASS(密码只识别前8位)。
virtual_ipaddress vip,不解释了。
virtual_routes 虚拟路由,当IP漂过来之后需要添加的路由信息。
nopreempt 允许一个priority比较低的节点作为master,即使有priority更高的节点启动。
即使a优先级100,b优先级98,当a挂了,b开始工作,当a恢复后,即使a优先级高,依然是b继续工作
首先nopreemt必须在state为BACKUP的节点上才生效(因为是BACKUP节点决定是否来成为MASTER的),
其次要实现类似于关闭auto failback的功能需要将所有节点的state都设置为BACKUP,或者将master
节点的priority设置的比BACKUP低。我个人推荐使用将所有节点的state都设置成BACKUP并且都加上
nopreempt选项,这样就完成了关于autofailback功能,当想手动将某节点切换为MASTER时只需去掉
该节点的nopreempt选项并且将priority改的比其他节点大,然后重新加载配置文件即可(等MASTER
切过来之后再将配置文件改回去再reload一下)。
定义通知脚本:
notify_master <STRING>|<QUOTED-STRING>:当前节点成为主节点时触发的脚本;
notify_backup <STRING>|<QUOTED-STRING>:当前节点转为备节点时触发的脚本;
notify_fault <STRING>|<QUOTED-STRING>:当前节点转为“失败”状态时触发的脚本;
notify <STRING>|<QUOTED-STRING>:通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知;
}
测试1:简单vip漂移演示
配置服务之前:
要设置ssh互信,确保可以通过ssh无密码登录所有服务器,(好像非必须,不配也可以)
使用keepalived服务,要确保vrrp广播的网络物理线路是100%可靠的,否则有问题,会出现每台机器上面都有vip的情况
每台代理服务器的防火墙都放行多播地址:iptables -I INPUT -d 224.0.100.0 -j ACCEPT
各服务器时间同步
代理服务器配置
[root@localhost ~]#yi keepalived
[root@localhost /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node1
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
}
[root@localhost ~]#service keepalived restart
Stopping keepalived: [FAILED]
Starting keepalived: [ OK ]
[root@localhost ~]#tail /var/log/messages #通过日志可以看到vip添加到这台机器上面了
Jul 25 18:37:52 localhost Keepalived_vrrp[15423]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 25 18:37:53 localhost Keepalived_vrrp[15423]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 25 18:37:53 localhost Keepalived_vrrp[15423]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 25 18:37:53 localhost Keepalived_vrrp[15423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.40
Jul 25 18:37:53 localhost Keepalived_healthcheckers[15422]: Netlink reflector reports IP 192.168.200.40 added
Jul 25 18:37:58 localhost Keepalived_vrrp[15423]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.40
查看网卡信息
[root@localhost ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:39:87:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.175.10/24 brd 192.168.175.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:56:18:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.10/24 brd 192.168.200.255 scope global eth1
inet 192.168.200.40/24 scope global secondary eth1
备用服务器配置,只需更改MASTER为BACKUP,优先级调低为80,其余的都一样
[root@localhost ~]#yi keepalived
[root@master /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node2
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
}
[root@master ~]#service keepalived start
Starting keepalived: [ OK ]
网卡上只有自己的ip地址
[root@master ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:22:dd:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.175.20/24 brd 192.168.175.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:83:f0:99 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.20/24 brd 192.168.200.255 scope global eth1
将代理服务器的keepalived服务关闭,可以在备用服务器上面发现vip已经绑定在eth1上面了
备用服务器 [root@master ~]#ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:22:dd:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.175.20/24 brd 192.168.175.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:83:f0:99 brd ff:ff:ff:ff:ff:ff inet 192.168.200.20/24 brd 192.168.200.255 scope global eth1 inet 192.168.200.40/24 scope global secondary eth1
测试2:配置多个虚拟路由,组成双主模式
考虑一种情况,假如公司(abc.com)有两个子域名(a.abc.com)和(b.abc.com),然后有两台服务器,每台服务器部署一个子站点的页面,可以这样做
可以在每台服务器上面都部署两个站点的页面,但是每台服务器只提供一个子站点页面的服务,并用keepalived进行高可用,达到的效果是:
每台服务器只运行一个页面文件,负载不高,当其中某台服务器宕机的时候,keepalived会将ip漂移到另外的机器上,保证每个站点都可用,即提高了利用率,又能保证高可用
代理服务器1配置
[root@localhost /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node1
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 30
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 3456
}
virtual_ipaddress {
192.168.200.50/24 dev eth1
}
}
代理服务器2配置
[root@master /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node2
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 30
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 3456
}
virtual_ipaddress {
192.168.200.50/24 dev eth1
}
}
重启代理服务器1,发现两个vip都漂移到这边
[root@localhost ~]#service keepalived restart Stopping keepalived: [FAILED] Starting keepalived: [ OK ] [root@localhost ~]#ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:39:87:7f brd ff:ff:ff:ff:ff:ff inet 192.168.175.10/24 brd 192.168.175.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:56:18:20 brd ff:ff:ff:ff:ff:ff inet 192.168.200.10/24 brd 192.168.200.255 scope global eth1 inet 192.168.200.40/24 scope global secondary eth1 inet 192.168.200.50/24 scope global secondary eth1
重启下代理服务器2,发现vip 50 漂移到这边
[root@master ~]#service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] [root@master ~]#ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:22:dd:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.175.20/24 brd 192.168.175.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:83:f0:99 brd ff:ff:ff:ff:ff:ff inet 192.168.200.20/24 brd 192.168.200.255 scope global eth1 inet 192.168.200.50/24 scope global secondary eth1
将代理服务器1的keepalived服务关闭,观察代理服务器2的ip变化,发现两个vip都漂移过来了,工作正常
[root@master ~]#ip a 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:22:dd:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.175.20/24 brd 192.168.175.255 scope global eth0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:83:f0:99 brd ff:ff:ff:ff:ff:ff inet 192.168.200.20/24 brd 192.168.200.255 scope global eth1 inet 192.168.200.50/24 scope global secondary eth1 inet 192.168.200.40/24 scope global secondary eth1
上面所有的过程都可以在:/var/log/messages里面查看到具体的过程
为vip转移提供邮件提醒
具体的发送邮件脚本见下面,如果有网,可以修改发送给微信或者公司的邮箱更好,在两台代理服务器上面都部署上这个程序,并增加执行权限
脚本的入参自己定义,没有限制
[root@localhost /etc/keepalived]#cat notify.sh
#!/bin/bash
# $1 master $2 node $3 vip
contact='root@localhost'
#下面两个脚本根据实际定
notify()
{
mailsubject="$3 on $2 to be $1,vip floating"
mailbody="$(date +'%F %T'):vrrp transition, $3 on $2 changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
notify(){
#curl 'http://opsdashboardapi.kp.abc.com/api/v1/wechat/universal?key=06208a5' \
curl 'http://10.30.27.109:10030/api/v1/wechat/universal?key=06208a' \
-d "{\"msgtype\": \"text\",\"content\": \"【异常】vip 漂移说明 \n【时间】$(date +'%F %T') \n【详情】vip $3 on $2 change to be $1\"}"
}
case $1 in
master)
notify $1 $2 $3
;;
backup)
notify $1 $2 $3
;;
fault)
notify $1 $2 $3
;;
*)
echo "usage: $(basename $0) {start|stop|fault}"
exit1
;;
esac
代理服务器1配置keepalived
[root@localhost /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node1
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance a.abc.com { #这里的名字是随意起的,意思是这个虚拟路由是给这个域名使用的,会在日志记录中体现出来这个名字
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40"
notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40"
notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40"
}
vrrp_instance b.abc.com {
state BACKUP
interface eth0
virtual_router_id 30
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 3456
}
virtual_ipaddress {
192.168.200.50/24 dev eth1
}
notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.50"
notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.50"
notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.50"
}
代理服务器2配置文件
[root@master /etc/keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs-node2
vrrp_mcast_group4 224.0.100.0
}
vrrp_instance a.abc.com {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 2345
}
virtual_ipaddress {
192.168.200.40/24 dev eth1
}
notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.40"
notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.40"
notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.40"
}
vrrp_instance b.abc.com {
state MASTER
interface eth0
virtual_router_id 30
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 3456
}
virtual_ipaddress {
192.168.200.50/24 dev eth1
}
notify_master "/etc/keepalived/notify.sh master 192.168.200.10 192.168.200.50"
notify_backup "/etc/keepalived/notify.sh backup 192.168.200.10 192.168.200.50"
notify_fault "/etc/keepalived/notify.sh fault 192.168.200.10 192.168.200.50"
}
最后是代理服务器1的邮件通知,比较简单
[root@localhost ~]#mail Heirloom Mail version 12.4 7/29/08. Type ? for help. "/var/spool/mail/root": 4 messages 1 new 4 unread U 1 root Tue Jul 25 22:27 19/764 "localhost.localdomain on b.abc.com to be backup,vip floating" U 2 root Tue Jul 25 22:27 19/764 "localhost.localdomain on a.abc.com to be master,vip floating" U 3 root Tue Jul 25 22:27 19/764 "localhost.localdomain on b.abc.com to be master,vip floating" >N 4 root Tue Jul 25 22:30 18/754 "localhost.localdomain on b.abc.com to be backup,vip floating" & 2 Message 2: From: root@localhost.localdomain (root) Status: RO 2017-07-25 22:27:46:vrrp transition, localhost.localdomain on a.abc.com changed to be master
Keepalived的抢占和非抢占模式
keepalive是基于vrrp协议在linux主机上以守护进程方式,根据配置文件实现健康检查。 VRRP是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的VRRP路由器中的一台。 控制虚拟路由器IP地址的VRRP路由器称为主路由器,它负责转发数据包到这些虚拟IP地址。 一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的IP地址可以作为终端主机的默认第一跳路由器。 keepalive通过组播,单播等方式(自定义),实现keepalive主备推选。工作模式分为抢占和非抢占(通过参数nopreempt来控制)。 1)抢占模式: 主服务正常工作时,虚拟IP会在主上,备不提供服务,当主服务优先级低于备的时候,备会自动抢占虚拟IP,这时,主不提供服务,备提供服务。 也就是说,工作在抢占模式下,不分主备,只管优先级。 如上配置,不管keepalived.conf里的state配置成master还是backup,只看谁的priority优先级高(一般而言,state为MASTER的优先级要高于BACKUP)。 priority优先级高的那一个在故障恢复后,会自动将VIP资源再次抢占回来!! 2)非抢占模式: 这种方式通过参数nopreempt(一般设置在advert_int的那一行下面)来控制。不管priority优先级,只要MASTER机器发生故障,VIP资源就会被切换到BACKUP上。 并且当MASTER机器恢复后,也不会去将VIP资源抢占回来,直至BACKUP机器发生故障时,才能自动切换回来。 千万注意: nopreempt这个参数只能用于state为backup的情况,所以在配置的时候要把master和backup的state都设置成backup,这样才会实现keepalived的非抢占模式! 也就是说: a)当state状态一个为master,一个为backup的时候,加不加nopreempt这个参数都是一样的效果。即都是根据priority优先级来决定谁抢占vip资源的,是抢占模式! b)当state状态都设置成backup,如果不配置nopreempt参数,那么也是看priority优先级决定谁抢占vip资源,即也是抢占模式。 c)当state状态都设置成backup,如果配置nopreempt参数,那么就不会去考虑priority优先级了,是非抢占模式!即只有vip当前所在机器发生故障,另一台机器才能接 管vip。即使优先级高的那一台机器恢复 后也不会主动抢回vip,只能等到对方发生故障,才会将vip切回来。
–
–
–
评论前必须登录!
注册