Day50

课堂笔记

5月10日

keepalved高可用实践

Keepalived的工作原理

1、安装keepalived（10.0.0.5/10.0.0.6）

yum install keepalived -y

rpm -qa keepalived

#keepalived-1.3.5-8.el7_6.x86_64

ls /etc/keepalived/keepalived.conf

2、配置主（10.0.0.5）

[root@lb01 keepalived]# cat keepalived.conf

global_defs {

   router_id LVS_DEVEL

}

vrrp_instance VI_1 {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        10.0.0.3/24 dev eth0 label eth0:1

    }

}

3、配置备（10.0.0.6）

[root@lb02 ~]# cat /etc/keepalived/keepalived.conf

global_defs {

   router_id LVS_BACKUP

}

vrrp_instance VI_1 {

    state BACKUP

    interface eth0

    virtual_router_id 51

    priority 50

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

        10.0.0.3/24 dev eth0 label eth0:1

    }

}

主备区别：3点

router_id

state

priority

4、分别启动主备

systemctl start keepalived

[root@lb01 keepalived]# ps -ef|grep keep|grep -v grep

root       8613      1  0 20:58 ?        00:00:00 /usr/sbin/keepalived -D

root       8614   8613  0 20:58 ?        00:00:00 /usr/sbin/keepalived -D

root       8615   8613  0 20:58 ?        00:00:00 /usr/sbin/keepalived -D

5、测试

停掉主的keepalived，看备节点是否接管

恢复主的keepalived，看备节点是否释放

6、出错了 看日志

cat /var/log/messages

7、什么是裂脑？

split brain

高可用对之间每个机器同时接管VIP以及其他资源。

两端同时配置VIP了。

裂脑如何发生的？

1、心跳线出问题

2、防火墙阻挡心跳信息了。

实践演示裂脑：

如何防止裂脑？

配置10.0.0.6 nginx负载均衡

编译安装nginx负载均衡

下载：

mkdir -p /server/tools

cd /server/tools

wget http://nginx.org/download/nginx-1.16.0.tar.gz

#安装依赖。

yum install pcre pcre-devel -y

yum install openssl openssl-devel -y  #https加密用他。

#编译安装步骤

tar xf nginx-1.16.0.tar.gz

cd nginx-1.16.0/

useradd -u 1111 -s /sbin/nologin nginx -M

id nginx

./configure  --user=nginx --group=nginx --prefix=/application/nginx-1.16.0/ --with-http_stub_status_module  --with-http_ssl_module --with-pcre

make

make install

ln -s /application/nginx-1.16.0/ /application/nginx

/application/nginx/sbin/nginx

netstat -lntup|grep nginx

curl 127.0.0.1

worker_processes  1;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    upstream backend {

        server 10.0.0.7:80  weight=1;

        server 10.0.0.8:80  weight=1;

    }

    server {

        listen       80;

        server_name  www.etiantian.org;

        location / {

            proxy_pass http://backend;

            proxy_set_header Host  $host;

            proxy_set_header X-Forwarded-For $remote_addr;

            proxy_connect_timeout 60;

            proxy_send_timeout 60;

            proxy_read_timeout 60;

            proxy_buffer_size 4k;

            proxy_buffers 4 32k;

            proxy_busy_buffers_size 64k;

            proxy_temp_file_write_size 64k;

        }

   }

 server {

        listen       80;

        server_name  blog.etiantian.org;

        location / {

            proxy_pass http://backend;

            proxy_set_header Host  $host;

        }

   }

 server {

        listen       80;

        server_name  img.etiantian.org img1.etiantian.org;

        location / {

            proxy_pass http://backend;

            proxy_set_header Host  $host;

        }

   }

}

方法1：

[root@lb01 scripts]# cat check_nginx.sh

#!/bin/sh

while true

do

 if [ `netstat -lntup|grep nginx|wc -l` -ne 1 ];then

     systemctl stop keepalived

 fi

  sleep 5

done

[root@lb01 scripts]# sh /server/scripts/check_nginx.sh &

方法2：

vrrp_script chk_nginx_proxy {

script "/server/scripts/check_nginx.sh"  

interval 2

weight 2

}

    track_script {

       chk_nginx_proxy

    }

ay 10 22:04:16 lb01 Keepalived_vrrp[9582]: Unable to access script `/server/scripts/check_nginx.sh`

May 10 22:04:16 lb01 Keepalived_vrrp[9582]: Disabling track script chk_nginx_proxy since not found