scsi及iscsi的基础原理
CentOS上的iscsi的使用
keepalived的基础应用
keepalived的高级应用

一、

二、keepalived基础应用

   1、  HA的2大流派:

        heartbeat、corosync这2个更像大环境的高可用解决方案

        keepalived 早期是为lvs(director)提供3种功能HA高可用、ipvs rules规则、health健康状况监测

    VRRP:虚拟路由冗余协议 

        生成路由:静态路由 动态路由:OSPF,RIP2

    适合场景:

        lvs+keepalived

        nginx,haproxy(reverse proxy)+keepalived

        注意:centos 6.4之后的版本将haproxy、keepalived 收入系统内集成,而nginx至今没有。


  2、配置安装keepalived及vrrp构建

    node1 #yum install -y keepalived-1.2.13.*.rpm

          #rpm -ql keepalived  查看生成的文件,很简单的配置

          #cp /etc/keepalived/keepalived.conf keepalived.conf.bak  #备份配置文件

          #vi /etc/keepalived/keepalived.conf

        修改vrrp_instance VI_1{

            state MATSER

            interface eth0

            virtual_router_id 101

            priority 100

            advert_int 1

            authentication {

                auth_type PASS

                auth_pass 123456  #密码不能超过8位,需和另一个节点一致

            }

            virtual_ipaddress {

                172.16.100.22

            }

         }

    node2 #yum install -y keepalived-1.2.13.*.rpm   同样在node2上安装

          #直接从node1靠谱配置文件修改  #scp keepalived.conf node2:/etc/keepalived.conf         

            #vi /etc/keepalived/keepalived.conf

            修改vrrp_instance VI_1{

            state BACKUP

            interface eth0

            virtual_router_id 101

            priority 99

            advert_int 1

            authentication {

                auth_type PASS

                auth_pass 123456

            }

            virtual_ipaddress {

                172.16.100.22

            }

         }

说明面的设置是最基础的设置,实现的功能是如果主服务器的Keepalived停止服务(一般情况下服务器宕机),则将虚拟IP切换至从服务器,主服务器恢复后从新切换回主服务器。

但是很多情况下我们面临的企业环境是nginx反向代理+keepalived 或lvs+keepalived,那么是nginx挂掉了,而这个时候Keepalived就不能发挥作用,这时候就需要我们来改良下Keepalived了。通过向Keepalived添加一个自定义脚本来监控neginx的运行状态,如果nginx进程结束,则kill Keepalived进程,以此来达到主从服务器的切换功能,后面2个实例来总结  nginx / lvs+keepalived 高可用。

    3、服务器启动和关闭

        service keepalived start/stop

        #ip addr show ,查看IP地址变化,自动回识别虚拟IP地址

        #   监控2台服务器日志变化 #tail -f /var/log/messages

    4、配置报警机制 ,打开配置文件

        global_defs{

            notification_email {

                root@localhost  #定义报警信息收件人地址

            }

            notification_email_from kaadmin@magedu.com  #定义发件人地址

            smtp_server 192.168.1.*  #邮件服务器地址

            smtp_connect_timeout 30  #邮件连接超时时长

        }

        在vrrp_instance VI_1 { }模块中添加报警信息

        notify_backup "/bin/echo 'to be master'| /bin/mail -s 'to be master' root"

        notify_master "/bin/echo 'to be backup'| /bin/mail -s 'to be backup' root"


      5、配置nginx高可用集群  

        在vrrp_instance VI_1 { }模块中最下面添加添加报警信息

        notify_master "/etc/rc.d/init.d/nginx start"

        notify_backup "/etc/rc.d/init.d/nginx stop"

        notify_fault "/etc/rc.d/init.d/nginx stop"

        分别在2台服务器安装nginx服务,并stop 服务器,用keepalived启动测试。

三,keepalived的高级应用

    脚本监控本地服务是否正常?

    #cd /usr/share/doc/keepalived-1.2.13/  查看帮助文件(keepalived.conf.vrrp.localcheck)

    定义监测脚本

    使用单独的配置段定义监测机制:

        vrrp_script CHK_NAME{

            script "killall -0 sshd"  检测脚本,探测sshd服务是否在线

            interval 1  检测频率,1秒监测一次

            weight -5   优先级减5

            fall 2      从正常到失败检测2次

            fise 1      从失败到正常监测2次

        }

    在实例调用定义的监测机制,其才能生效

        vrrp_instance NAME{

            track_script{

                CHK_NAME

            }

        }   


例如:

node1

global_defs{

            notification_email {

                root@localhost  #定义报警信息收件人地址

            }

            notification_email_from kaadmin@magedu.com  #定义发件人地址

            smtp_server 192.168.1.*  #邮件服务器地址

            smtp_connect_timeout 30  #邮件连接超时时长

}

vrrp_script chk_nginx{            #在虚拟实例外定义一个监测脚本

    script "kellall -0 nginx"     #监控nginx服务是否在线

    interval 1

    weight -5

    fall 2

    rise 1

}

vrrp_instance VI_1{

            state MATSER

            interface eth0

            virtual_router_id 101

            priority 100

            advert_int 1

            authentication {

                auth_type PASS

                auth_pass 123456  #密码不能超过8位,需和另一个节点一致

            }

            virtual_ipaddress {

                172.16.100.22

            }

            track_script{

                chk_nginx  #在此虚拟实例中调用上面定义好的 chk_nginx 这个脚本。

            }           

            notify_master "/etc/rc.d/init.d/nginx start"  这里可以用脚本代替

            notify_backup "/etc/rc.d/init.d/nginx stop"

            notify_fault "/etc/rc.d/init.d/nginx stop"

}


node2上同样的配置,scp拷贝过去改backup和优先级,测试。

到此我们学习了单主模型构建vrrp实例及借助vrrp关联nginx的进程,nginx+keepalived高可用应用就OK了。


那我们想一下,如果双主模型构建vrrp多实例?


四、keepalived高可用

    

nginx反向代理+keepalived高可用




参考链接:http://www.open-open.com/lib/view/open1371740759546.html


lvs+keepalived实现高可用


之前lvs用ipvsadm命令生成来调度器转发功能,有了keepalived后,无需ipvsadm命令,keepalived通过内部的配置调用内核中的规则送到ipvs的调度器,所有ipvsadm不在有用了。另外还可以对real server做健康状态的监测。

配置文件说明

virtual_server 172.168.100.1 80 {   #定义VIP及tcp端口号做为集群服务

    delay_loop 6

    lb_algo rr    #负载均衡调度算法

    lb_kind DR    #负载均衡类型,NAT DR TUN

    persistence_timeout 50   #是否启动持久连接功能

    protocol TCP     #TCP协议


# sorry_server 192.168.200.200 1358   #后端所有服务器都挂了就启用


    real_server 172.168.100.11 80 {  #后端真实服务器

        weight 1   #权重

        HTTP_GET {      #应用层协议

            url {

                path /

                status_code 200   # real_server的健康状态监测

            }

            connect_timeout 3

            nb_get_retry 3   #尝试连接次数

            delay_before_retry 3  #失败后延时时间3秒

        }

    }

    

    real_server 172.168.100.11 80

        weight 1

        HTTP_GET {

            url {

                path /

                status_code 200

            }

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


如果要使用TCP_CHECK监测各realserver的健康状态,realserver部分的定义可以替换如下内容

   

virtual_server 172.168.100.1 80 {   #定义VIP及tcp端口号做为集群服务

    delay_loop 6

    lb_algo rr    #负载均衡调度算法

    lb_kind DR    #负载均衡类型,NAT DR TUN

    persistence_timeout 50   #是否启动持久连接功能

    protocol TCP 


    server_server 127.0.0.1 80


    real_server 172.168.100.11 80 {

        weight 1

        TCP_CHECK {

            tcp_port 80  #连接的端口

            connect_timeout 3  #超时时间是多少

        }

    }

    real_server 172.168.100.12 80 {

        weight 1

        TCP_CHECK {

            tcp_port 80  #连接的端口

            connect_timeout 3  #超时时间是多少

        }

    }

说明:其中sorry_server是用于定义所有real_server均出现故障时所用的服务器。


实例:LVS+Keepalived 基于DR模型构建1台realserver案例

node1:Director  172.16.100.7

#service keepalived stop #先停止keepalived的服务

#vi /etc/keepalived/keepalived.conf  (修改配置文件前备份配置文件)

global_defs{

……            #global中邮件报警内容暂不考虑


vrrp_instance_VI_1 {

    state MASTER

    interface eth0

    virtual_router_id 30

    priority 100

    advert_int  1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    vitrual_ipaddress {

        172.16.100.22

    }

}

virtual_server 172.16.100.9 80{

    delay_loop 6

    lb_algo rr

    lb_kind DR

    nat_mask 255.255.0.0

    protocol TCP

    

    real_server 172.16.100.9 80 {

        weight 1

        HTTP_GET {

            url {

                path /

                status_code 200

            }

            connect_timeout 2

            nb_get_retry 3

            delay_before_retry 1

        }

    }   

    real_server 172.16.100.10 80 {

        weight 1

        HTTP_GET {

            url {

                path /

                status_code 200

            }

            connect_timeout 2

            nb_get_retry 3

            delay_before_retry 1

        }

    }

}

#scp keepalived.conf 192.168.1.8:/etc/keepalived/  复制配置文件到node2

修改node2配置文件------>先配置、启动node2的ipvsadm.


#service keepalived  start

#ip addr show

#yum -y install ipvsadm

#ipvsadm -L -n  #查看规则是否生成,

当主节点启动后并没有删除从节点的规则,只是转移了VIP地址


node2:Director   172.16.100.8

state MASTER 改为BACKUP

priority 99

其他配置不变

#service keepalived start


#yum -y install ipvsadm

#ipvsadm -L -n #查看规则生成了

#ss -tnl 

#ip addr show

#启动主节点,看VIP是否能抢过去。


node3: realserver 配置http服务

#ifconfig eth0 172.16.100.9/16 up

mkdir -pv /web/htdocs/a

vim /web/htdocs/a/index.html    www1.mageedu.com

vi /etc/httpd/httpd.conf

<VirtualHost 172.16.100.9:80>

    DocumentRoot /web/htdocs/a

    ServerName www1.mageedu.com

</VirtualHost>


#service httpd configtest

#service httpd start

#echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 配置内核参数

#echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore

#echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

#echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce

下面配置VIP地址:

#ifconfig lo:0 172.16.100.22 netmask 255.255.255.255 broadcast 172.16.100.22 up

#ifconfig

#route add -host 172.16.100.22 dev lo:0  #添加一条路由



node4: realserver 配置http服务

#ifconfig eth0 172.16.100.10/16 up

同上配置,将IP地址改为172.16.100.10

这样realserver就配置完成了!


扩展:手动添加LVS

node1:

ifconfig eth0:0 172.168.100.22 netmask 255.255.255.255 broadcast 172.16.100.22 up

ipvsadm -A -t 172.16.100.22:80 -s rr

ipvsadm -a -t 172.16.100.22 -r 172.16.100.9 -w 1 -g

ipvsadm -L -n

ipvsadm -C 清空规则