18.1 集群介绍
关于linux集群
分类:
高可用:
通常是两台机器,其中一台机器提供服务,另一台机器备用;
当一台机器宕机,另一台机器会接替继续提供服务;
对于一些关键角色(机器),需要保证其健壮性(高可用);
高可用衡量标准9999,即在一年时间里99.99%的时间机器都要在线且正常提供服务;
实现高可用的开源软件:heartbeat、keepalived
Heartbeat在centos6下有bug,且长期未更新新的版本,不推荐使用
keepalived有高可用和负载均衡两个功能
负载均衡:
可以将用户的请求分发到后端的多台服务器上分别处理,此时需要有一台服务器作为分发器;
此时至少有两台服务器在后端提供服务;
实现负载均衡的开源软件:LVS、Keepalived、haproxy、nginx
实现负载均衡的商用设备:F5、Netscaler
一般商用负载均衡设备成本较高,但可以胜任更大的并发量,稳定性较好;
使用开源软件搭建的负载均衡稳定性取决于物理服务器的稳定性;
18.2 keepalived介绍
Keepalived通过VRRP协议实现高可用;
VRRP:
该协议在网络中用于实现路由器冗余,在这里用于实现服务器高可用;
由多台机器组成一个组,一个组内包含多台机器,其中包含了一个master角色和多个backup角色(backup至少为1个);
VRRP工作过程:
正常的master会以组播形式每隔一段时间向所有backup发送数据包,当backup在超过一定时间仍未收到master的数据包时,backup会认为master已宕机
此时会根据优先级从backup中选出新的master,如果只有一个backup则唯一的backup直接启动成为新的master
Keepalived的三个模块:
core
keepalived的核心,负责主进程启动、维护及全局配置文件加载、解析
check
负责健康检查
Vrrp
用于实现vrrp协议
18.3 用keepalived配置高可用集群(上)
配置前准备:
准备两台机器,一个作为master,一个作为backup;
在两台机器上安装keepalived软件:
[root@hyc-01-01 ~]# yum install -y keepalived
给两台服务器均安装nginx作为高可用的对象;
[root@hyc-01-01 ~]# rpm -qa|grep nginx
用于检查是否yum安装过某个软件,非yum安装可能检测不到
[root@hyc-01 ~]# yum install -y epel-release
[root@hyc-01 ~]# yum install -y nginx
很多企业将nginx用作负载均衡器,若负载均衡器故障,则即使后端服务器正常运行也无法正常提供服务
配置keepalived配置文件(主机器上):
[root@hyc-01-01 ~]# vim /etc/keepalived/keepalived.conf
[root@hyc-01-01 ~]# > !$ 清空keepalived配置文件
> /etc/keepalived/keepalived.conf
将提前编辑好的配置拷贝进配置文件:
[root@hyc-01-01 ~]# vim /etc/keepalived/keepalived.conf
这里配置脚本在代码托管平台复制(视频中提供)
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" 执行编写好的检测脚本
interval 3 每隔3s检测一次
}
vrrp_instance VI_1 {
state MASTER 定义角色为master,若为从此处为BACKUP
interface ens33 定义组播发送vrrp数据包的网卡
virtual_router_id 51
priority 100 权重值,主和备的权重值不能一样
advert_int 1
authentication {
auth_type PASS 定义认证类型为密码认证
auth_pass aminglinux>com 密码
}
virtual_ipaddress {
192.168.188.100
}
track_script {
chk_nginx 前面定义了检测脚本,这里需要加载脚本
}
}
global_defs 全局定义参数
notification_email 出现问题时,给特定的邮箱发送邮件
vrrp_script chk_nginx 检测服务是否正常,这里检测nginx服务,若不正常需要将服务启动起来
vrrp_instance VI_1 用于定义master相关参数,若为backup,此处定义backup相关参数
virtual_router_id 51 同组机器的id需要保持一致
authentication 认证相关信息
virtual_ipaddress
定义virtual ip,主从均可使用该ip对外提供服务;
主存活时由主绑定该ip,主宕机后由从绑定该ip,无论主或从提供服务,均将域名解析到该ip上,这样主备切换对用户是透明的;
编辑nginx检测脚本:
按keepalived.conf文件中定义的检测脚本路径、名称编辑
[root@hyc-01-01 ~]# vim /usr/local/sbin/check_ng.sh
#!/bin/bash
#时间变量,用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0,则启动nginx,并且再次检测nginx进程数量,
#如果还为0,说明nginx无法启动,此时需要关闭keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
#若nginx无法启动成功,则keepalived失去存在意义,应该被杀掉,主上的keepalived被杀掉后从的keepalived会自动启动
systemctl stop keepalived
fi
fi
修改检测脚本文件权限为755,使所有用户均有权执行该脚本:
[root@hyc-01-01 sbin]# chmod 755 /usr/local/sbin/check_ng.sh
[root@hyc-01-01 sbin]# ls -l /usr/local/sbin/check_ng.sh
-rwxr-xr-x 1 root root 567 9月 6 07:39 /usr/local/sbin/check_ng.sh
脑裂:
若主上无法正常启动nginx,则需要启动从的keepalived;、
若主和从的keepalived同时存在则两者会争抢资源,比如virtual ip;
若两台机器都使用该virtual ip则在域名解析时会出现混乱;
18.4 用keepalived配置高可用集群(中)
启动主上的keepalived:
[root@hyc-01-01 sbin]# systemctl start keepalived
[root@hyc-01-01 sbin]# ps aux|grep keep
root 5008 0.0 0.0 118652 1400 ? Ss 07:45 0:00 /usr/sbin/keepalived -D
root 5009 0.0 0.1 127516 3288 ? S 07:45 0:00 /usr/sbin/keepalived -D
root 5010 0.0 0.1 127456 2840 ? S 07:45 0:00 /usr/sbin/keepalived -D
root 5059 0.0 0.0 112720 980 pts/1 S+ 07:46 0:00 grep --color=autokeep
[root@hyc-01-01 sbin]# ps aux|grep nginx
root 4415 0.0 0.0 46040 1264 ? Ss 06:11 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 4416 0.0 0.2 48528 3908 ? S 06:11 0:00 nginx: worker process
nobody 4417 0.0 0.2 48528 3908 ? S 06:11 0:00 nginx: worker process
root 5097 0.0 0.0 112720 976 pts/1 R+ 07:46 0:00 grep --color=autonginx
测试停掉的nginx服务会不会自动加载:
[root@hyc-01-01 sbin]# /etc/init.d/nginx stop 停止nginx服务
Stopping nginx (via systemctl): [ 确定 ]
[root@hyc-01-01 sbin]# ps aux|grep nginx nginx又启动了
root 5462 0.0 0.0 46040 1264 ? Ss 07:49 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 5464 0.0 0.2 48528 3904 ? S 07:49 0:00 nginx: worker process
nobody 5465 0.0 0.2 48528 3904 ? S 07:49 0:00 nginx: worker process
root 5469 0.0 0.0 112720 976 pts/1 R+ 07:49 0:00 grep --color=autonginx
查看keepalived日志:
[root@hyc-01-01 sbin]# less /var/log/messages
…
r 192.168.188.100
Sep 6 07:45:55 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:46:00 hyc-01-01 Keepalived_vrrp[5010]: Sending gratuitous ARP on ens33 for 192.168.188.100
Sep 6 07:49:12 hyc-01-01 systemd: Stopping SYSV: http service....
Sep 6 07:49:12 hyc-01-01 nginx: Stopping Nginx: [ 确定 ]
Sep 6 07:49:12 hyc-01-01 systemd: Stopped SYSV: http service..
Sep 6 07:49:14 hyc-01-01 systemd: Starting SYSV: http service....
Sep 6 07:49:14 hyc-01-01 nginx: Starting Nginx: [ 确定 ]
Sep 6 07:49:14 hyc-01-01 systemd: Started SYSV: http service..
Virtual ip无法使用ifconfig查看,必须使用ip add
为保证实验成功,需要检查主和从的防火墙和selinux,(关闭selinux和防火墙):
防火墙没有策略可以不关闭,有策略时需要关闭
[root@hyc-01-01 sbin]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@hyc-01-01 sbin]# systemctl stop firewalld
[root@hyc-01-01 sbin]# getenforce
Disabled
在从上配置keepalived:
[root@hyc-01 ~]# > /etc/keepalived/keepalived.conf 清空配置文件原有配置
编辑从上的keepalived配置文件:
[root@hyc-01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90 从的优先级必须低于主
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.31.100 主和从的虚拟ip保持一致
}
track_script {
chk_nginx
}
}
配置从上keepalived执行的监控脚本:
[root@hyc-01 ~]# vim /usr/local/sbin/check_ng.sh
#时间变量,用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0,则启动nginx,并且再次检测nginx进程数量,
#如果还为0,说明nginx无法启动,此时需要关闭keepalived
if [ $n -eq "0" ]; then
systemctl start nginx
主和从启动nginx的命令不同,主上的nginx为自定义脚本编译安装,可以使用/etc/init.d/nginx start命令启动;而从是yum安装,需要使用systemctl start nginx命令启动
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
主从的监控脚本内容基本一致
[root@hyc-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh 为保证监控脚本可以正常执行,赋予文件755权限
启动从上的keepalived:
[root@hyc-01 ~]# systemctl start keepalived
[root@hyc-01 ~]# ps aux|grep keep
root 4642 0.0 0.1 118608 1384 ? Ss 21:33 0:00 /usr/sbin/keepalived -D
root 4643 0.0 0.3 127468 3280 ? S 21:33 0:00 /usr/sbin/keepalived -D
root 4644 0.2 0.2 127408 2804 ? S 21:33 0:00 /usr/sbin/keepalived -D
root 4679 0.0 0.0 112676 980 pts/1 R+ 21:33 0:00 grep --color=autokeep
测试nginx:
主上nginx默认虚拟主机的默认主页:
[root@hyc-01-01 b]# cat index.html
this is nginx master from keepalived
从上nginx默认虚拟主机的默认主页:
[root@hyc-01 html]# cat index.html
hello world
访问虚拟地址192.168.31.100:
当访问虚拟地址时访问的是主上的内容
查看主和从的ip地址:
主上:
[root@hyc-01-01 b]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.129/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.31.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::526f:cdd5:5651:5dcc/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::27ac:760a:76cf:bb27/64 scope link
valid_lft forever preferred_lft forever
从上:
[root@hyc-01 html]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:59:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.31.128/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link
valid_lft forever preferred_lft forever
此时虚拟ip在主的网卡上
18.5 用keepalived配置高可用集群(下)
测试高可用:
主上的防火墙规则DROP出向的vrrp数据包:
[root@hyc-01-01 ~]# iptables -I OUTPUT -p vrrp -j DROP
[root@hyc-01-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 135 packets, 6236 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 20 packets, 1684 bytes)
pkts bytes target prot opt in out source destination
148 5920 DROP 112 -- * * 0.0.0.0/0 0.0.0.0/0
主上的日志:
[root@hyc-01-01 ~]# tail /var/log/messages
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: VRRP_Instance(VI_1) Received advert with lower priority 90, ours 100, forcing new election
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:22:13 hyc-01-01 Keepalived_vrrp[30534]: Sending gratuitous ARP on ens33 for 192.168.31.100
从上的日志:
[root@hyc-01 ~]# tail /var/log/messages
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:41 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
主上的ip:
[root@hyc-01-01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.129/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.31.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::526f:cdd5:5651:5dcc/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::27ac:760a:76cf:bb27/64 scope link
valid_lft forever preferred_lft forever
从上的ip:
[root@hyc-01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:59:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.31.128/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.31.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link
valid_lft forever preferred_lft forever
此时虚拟ip同时在主和从上产生,发生脑裂现象
直接封掉主发出的vrrp包无法彻底切换主从
[root@hyc-01-01 ~]# iptables –F 清空主上的防火墙规则
关停主的keepalived服务:
[root@hyc-01-01 ~]# systemctl stop keepalived
主上的ip:
[root@hyc-01-01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.129/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::526f:cdd5:5651:5dcc/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::27ac:760a:76cf:bb27/64 scope link
valid_lft forever preferred_lft forever
从上的ip:
[root@hyc-01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:59:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.31.128/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.31.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link
valid_lft forever preferred_lft forever
此时主上的虚拟ip(VIP)被彻底释放且从上拥有VIP
从上的日志:
[root@hyc-01 ~]# tail -40 /var/log/messages
Sep 8 15:19:26 hyc-01 Keepalived_healthcheckers[43612]: Opening file '/etc/keepalived/keepalived.conf'.
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) removing protocol VIPs.
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: Using LinkWatch kernel netlink reflector...
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) Entering BACKUP STATE
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Sep 8 15:19:32 hyc-01 Keepalived_vrrp[43613]: VRRP_Script(chk_nginx) succeeded
Sep 8 15:19:35 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) Transition to MASTER STATE
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) Entering MASTER STATE
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) setting protocol VIPs.
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
Sep 8 15:19:36 hyc-01 Keepalived_vrrp[43613]: Sending gratuitous ARP on ens33 for 192.168.31.100
…
重新启动主的keepalived服务:
[root@hyc-01-01 ~]# systemctl start keepalived
[root@hyc-01-01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:95 brd ff:ff:ff:ff:ff:ff
inet 192.168.31.129/24 brd 192.168.31.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.31.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::526f:cdd5:5651:5dcc/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::d46b:4589:4da1:2f34/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4d:9d:9f brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::27ac:760a:76cf:bb27/64 scope link
valid_lft forever preferred_lft forever
启动主上的keepalived后,虚拟ip立即切换回主上
实现mysql高可用时需要保证主和所有从的数据保持一致,否则会出问题