day39-keepalived
1.每日复盘与今日内容
1.1复盘
- HTTP证书、加密流程🍟🍟🍟🍟🍟
- 模拟网站篡改
- 部署自签证书、部署真实的证书🍟🍟🍟🍟🍟
- wordpress实现集群HTTPS
- https优化参数
1.2今日内容
- keepalived高可用配置
- 抢占式与非抢占式
- 脑裂
- keepalived处理Nginx挂掉
2.Keepalived高可用基本概述
- 高可用
一般是指2台机器启动着完全相同的业务系统,当有一台机器down机了,另外一台服务器就能快速的接管,对于访问的用户是无感知的。
- keepalived是如何实现高可用的? 原理? 面试题
keepalived软件是基于VRRP协议实现的,VRRP虚拟路由冗余协议,主要用于解决单点故障问题
- Keepalived高可用安装配置
环境准备
服务器 | ip | 角色 |
node1 | 10.0.0.5 | Master |
node2 | 10.0.0.6 | Backup |
VIP | 10.0.0.3 | 虚拟 |
#1.准备一台LB02 10.0.0.6#2.配置nginx官网仓库
[root@lb02 ~]# scp 10.0.0.5:/etc/yum.repos.d/nginx.repo /etc/yum.repos.d/
#3.安装nginx服务[root@lb02 ~]# yum -y install nginx#4.将lb01的配置文件同步到lb02
[root@lb02 ~]# rsync -avz 10.0.0.5:/etc/nginx/ /etc/nginx/#5.将之前编译的check检查模块配置文件删除#6.启动nginx
[root@lb02 conf.d]# systemctl start nginx
[root@lb02 conf.d]# systemctl enable nginx#7.windows的hosts解析到10.0.0.6
10.0.0.6 www.wp.com www.zh.com www.admin.com#主服务器 10.0.0.5 部署keepalived
[root@lb01 ~]# yum -y install keepalived#配置keepalived
global_defs { #全局配置router_id lb01 #标识身份->名称
}vrrp_instance VI_1 {state MASTER #标识角色状态interface ens33 #网卡绑定接口virtual_router_id 50 #虚拟路由idpriority 150 #优先级 150票advert_int 1 #监测间隔时间 秒authentication { #认证auth_type PASS #认证方式auth_pass 1111 #认证密码}virtual_ipaddress { 10.0.0.3 #虚拟的VIP地址}
}#配置keepalived
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs { router_id lb01
}vrrp_instance VI_1 {state MASTER interface ens33 virtual_router_id 50 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.3 }
}#启动keepalived
[root@lb01 ~]# systemctl start keepalived
[root@lb01 ~]# systemctl enable keepalived#windows hosts解析到10.0.0.3测试
10.0.0.3 www.wp.com
windows查看arp缓存 输入arp -a
#LB02部署keepalived服务
[root@lb02 ~]# yum -y install keepalived#配置keepalived
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs { router_id lb02 # 唯一标识
}vrrp_instance VI_1 {state BACKUP # 角色interface ens33 virtual_router_id 50 priority 100 # 票数advert_int 1 authentication { auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.3 }
}#启动keepalived
[root@lb02 ~]# systemctl start keepalived
[root@lb02 ~]# systemctl enable keepalived#测试
停止master上的keepalived VIP自动漂移到backup服务器
测试wp是否正常访问
查看windows的arp表是否更新
- 心跳信息
- 停掉LB01
- 再起来LB01则会抢回来
#抢占式 主服务器高于备用服务器 (默认的)
#非抢占式 配置相同#配置非抢占式
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs { router_id lb01
}vrrp_instance VI_1 {state BACKUPinterface ens33 virtual_router_id 50 priority 150 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.3 }
}
[root@lb01 ~]# systemctl restart keepalived#LB02
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs { router_id lb02
}vrrp_instance VI_1 {state BACKUP interface ens33 virtual_router_id 50 priority 100 advert_int 1nopreempt authentication { auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.3 }
}[root@lb02 ~]# systemctl restart keepalived4.脑裂
- 什么情况会脑裂:
1.双方开启了防火墙
2.网络设备问题
3.网线问题
4.网卡问题
将配置恢复成抢占式测试
双方都开启防火墙
systemctl start firewalld#解决脑裂问题、在备用服务器写脚本
#1.备用服务器生成密钥对
[root@lb02 ~]# ssh-keygen
#2.推送到lb01
[root@lb02 ~]# ssh-copy-id 10.0.0.5
[root@lb01 ~]# > /etc/issue # 清空登录前的提示信息
[root@lb01 ~]# > /etc/issue.net # 清空登录前的提示信息--------------- 判断上一条命令是否成功-----------
方法1.使用$? 结果为0则成功 非0失败
[root@web01 ~]# [ 1 -eq 1 ]
[root@web01 ~]# echo $?
0
[root@web01 ~]# [ 1 -eq 1 ] && echo ok
ok
[root@web01 ~]# [ 1 -eq 10 ] && echo ok
[root@web01 ~]# [ 1 -eq 1 ] && echo ok
ok
[root@web01 ~]# [ 1 -eq 10 ] && echo ok
[root@web01 ~]# #[ 1 -eq 10 ] && systemctl stop keepalived
[root@web01 ~]# num1=10
[root@web01 ~]# num2=10
[root@web01 ~]# [ $num1 -eq $num2 ]
[root@web01 ~]# echo $?
0
[root@web01 ~]# [ $num1 -eq $num2 ] && systemctl stop keepalived-----------------------------------
[root@lb02 ~]# cat check_vip.sh
LB01=`ssh 10.0.0.5 ip a|grep 10.0.0.3|wc -l`
LB02=`ip a|grep 10.0.0.3|wc -l`
[ $LB01 -eq $LB02 ] && systemctl stop keepalived5.keepalived处理Nginx挂掉
#写一个nginx检查脚本、如果nginx不存在则杀死keepalived
#脚本不识别&& || 可以识别if判断。否则keepalived配置文件
[root@lb01 ~]# cat check_web.sh
NG=`ps -C nginx --no-header|wc -l`
if [ $NG -eq 0 ]
thensystemctl stop keepalived
fi或者使用尝试拉起nginx的脚本
[root@lb01 ~]# cat check_web.sh
#!/bin/sh
NG=`ps -C nginx --no-header|wc -l`
if [ $NG -eq 0 ]
then#如果nginx不存在则尝试重启nginxsystemctl restart nginx#等待1秒sleep 1#在重新检查nginx是否存在NG=`ps -C nginx --no-header|wc -l`if [ $NG -eq 0 ]then#如果$NG变量为0说明nginx还是没有启动、只能杀死keepalivedsystemctl stop keepalivedfi
fi#给脚本执行权限
chmod +x check_web.sh#将脚本集成进keepalived
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs { router_id lb01
}
vrrp_script check_web {script "/root/check_web.sh" # 脚本的位置interval 5
}vrrp_instance VI_1 {state MASTERinterface ens33 virtual_router_id 50 priority 150 #nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.3 }track_script {check_web #调用check_web}
}
6.今日总结
- keepalived高可用配置
- 抢占式与非抢占式
- 脑裂
- keepalived处理Nginx挂掉
