一、高可用叢集
1、概念:
高可用叢集(High Availability Cluster,HA Cluster),指解決單點故障問題的發生,以減少服務中斷時間為目的的伺服器叢集技術。
它通過保護使用者的業務程式對外不間斷地提供服務,把因為軟、硬、人三因素而造成的故障對業務的影響程度降低到最小。
即最終目的為保證業務的7*24小時不間斷。
2、高可用性能衡量标準:
衡量高可用的優劣,通常需要使用MTTF、MTTR、MTBF這三個時間值。
MTTF(Mean Time To Failure):平均無故障時間,指系統無故障運作的平均時間,取所有從系統開始正常運作到發生故障之間的時間段的平均值,衡量系統的可靠性。MTTF=ΣT1/N。
MTTR(Mean Time To Repair):平均維修時間,指系統從發生故障到維修結束之間的時間段的平均值,衡量系統的可維護性。MTTR=Σ(T2+T3)/N。
MTBF(Mean Time Between Failure):平均失效間隔,指系統兩次故障發生之間的時間段的平均值。MTBF=Σ(T2+T3+T1)/N。
MTBF=MTTF+MTTR ;HA=MTTF/(MTTF+MTTR)*100%
| 基本可用性 | 2個9 | 99% | 年度當機時間:87.6h |
| 較高可用性 | 3個9 | 99.9% | 年度當機時間:8.8h |
| 具有故障自動恢複 | 4個9 | 99.99% | 年度當機時間:53m |
| 極高可用性 | 5個9 | 99.999% | 年度當機時間:5m |
3、高可用實作的原理
單點故障問題是高可用解決的主要問題,在解決單點故障問題上,架構設計的核心準則即“備援”,通過配置主備裝置達到叢集的效果,每台裝置為一個節點(node),實作主節點(master node)故障,備用節點(backup node)接管業務,待主節點故障修複後再切換回來。
然而,隻有備援是不夠的,單單備援需要人工幹預進行手動切換,會增加系統不可服務的時間。是以,需要加入“自動故障轉移”來實作自動切換的功能。
4、高可用叢集軟體
(1)國外:RedHat(RHCS)、Novell(Novell Cluster Service)、Steeleye(Lifekeeper for Linux、Keepalived)
(2)國内:中興(Newstart HA)深度(Deepin HA)
二、keepalived
1、概念:
keepalived是一種伺服器高可用,防止伺服器網絡單點故障導緻業務中斷的解決方案。起初是專為LVS負載均衡軟體設計的,用來管理并監控LVS叢集系統中各個服務節點的狀态,後來又加入了可以實作高可用的VRRP功能,作為其他服務的高可用解決方案軟體。
2、原理:
以VRRP為技術核心,引入虛拟IP(Virtual IP,VIP)概念。将多台伺服器組成的叢集虛拟成一台虛拟伺服器裝置,這台虛拟伺服器裝置通過VIP對外提供服務。而在虛拟伺服器中多台實體伺服器通過指定或選舉的方式來确定master和backup,master實作針對虛拟伺服器IP的各種網絡功能對外提供服務,此時不提供網絡服務的伺服器作為backup,master會通過多點傳播的方式發送心跳封包給backup。當master發生故障,backup周期時間内沒有接收到master的心跳封包,則會通過選舉的方式來接管master角色對外提供服務。
三、VRRP
1、概念:
Virtual Router Redundancy Protocol,虛拟路由器備援協定。其目的就是為了解決靜态路由單點故障問題,它能夠保證當個别節點當機時,整個網絡可以不間斷運作。
2、原理:
将啟用VRRP功能的裝置組成叢集,裝置之間通過競選機制(比較優先級)選出主、備裝置,主裝置會通過多點傳播的方式向備用裝置發送封包。當主裝置故障,備用裝置接收不到主裝置發送的多點傳播封包,則備用裝置會重新進行競選,選出主裝置進行接管業務。當原主裝置恢複後會進行搶占,重新作為主裝置對外提供服務。
四、Keepalived實戰配置
1、系統環境配置
| master伺服器(主) | 192.168.49.184 |
| backup伺服器(備) | 192.168.49.185 |
| 虛拟IP | 192.168.49.186 |
2、Keepalived配置
(1)分别在master和backup伺服器上安裝keepalived軟體
[[email protected] ~]# yum install -y keepalived.x86_64
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
正在解決依賴關系
--> 正在檢查事務
---> 軟體包 keepalived.x86_64.0.1.3.5-19.el7 将被 安裝
--> 解決依賴關系完成
依賴關系解決
================================================================================
Package 架構 版本 源 大小
================================================================================
正在安裝:
keepalived x86_64 1.3.5-19.el7 base 332 k
事務概要
================================================================================
安裝 1 軟體包
總下載下傳量:332 k
安裝大小:1.0 M
Downloading packages:
keepalived-1.3.5-19.el7.x86_64.rpm | 332 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安裝 : keepalived-1.3.5-19.el7.x86_64 1/1
驗證中 : keepalived-1.3.5-19.el7.x86_64 1/1
已安裝:
keepalived.x86_64 0:1.3.5-19.el7
完畢!
[[email protected] ~]# yum install -y keepalived.x86_64
已加載插件:fastestmirror, langpacks
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/2): extras/7/x86_64/primary_db | 230 kB 00:01
(2/2): updates/7/x86_64/primary_db | 6.5 MB 00:01
Determining fastest mirrors
* base: mirrors.bfsu.edu.cn
* extras: mirrors.163.com
* updates: mirrors.bfsu.edu.cn
正在解決依賴關系
--> 正在檢查事務
---> 軟體包 keepalived.x86_64.0.1.3.5-19.el7 将被 安裝
--> 正在處理依賴關系 ipset-libs >= 7.1,它被軟體包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在處理依賴關系 libnetsnmpmibs.so.31()(64bit),它被軟體包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在處理依賴關系 libnetsnmpagent.so.31()(64bit),它被軟體包 keepalived-1.3.5-19.el7.x86_64 需要
--> 正在檢查事務
---> 軟體包 ipset-libs.x86_64.0.6.29-1.el7 将被 更新
--> 正在處理依賴關系 ipset-libs(x86-64) = 6.29-1.el7,它被軟體包 ipset-6.29-1.el7.x86_64 需要
--> 正在處理依賴關系 libipset.so.3()(64bit),它被軟體包 ipset-6.29-1.el7.x86_64 需要
--> 正在處理依賴關系 libipset.so.3(LIBIPSET_1.0)(64bit),它被軟體包 ipset-6.29-1.el7.x86_64 需要
--> 正在處理依賴關系 libipset.so.3(LIBIPSET_2.0)(64bit),它被軟體包 ipset-6.29-1.el7.x86_64 需要
--> 正在處理依賴關系 libipset.so.3(LIBIPSET_3.0)(64bit),它被軟體包 ipset-6.29-1.el7.x86_64 需要
---> 軟體包 ipset-libs.x86_64.0.7.1-1.el7 将被 更新
---> 軟體包 net-snmp-agent-libs.x86_64.1.5.7.2-49.el7_9.1 将被 安裝
--> 正在處理依賴關系 net-snmp-libs = 1:5.7.2-49.el7_9.1,它被軟體包 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 需要
--> 正在檢查事務
---> 軟體包 ipset.x86_64.0.6.29-1.el7 将被 更新
---> 軟體包 ipset.x86_64.0.7.1-1.el7 将被 更新
---> 軟體包 net-snmp-libs.x86_64.1.5.7.2-28.el7 将被 更新
---> 軟體包 net-snmp-libs.x86_64.1.5.7.2-49.el7_9.1 将被 更新
--> 解決依賴關系完成
依賴關系解決
================================================================================
Package 架構 版本 源 大小
================================================================================
正在安裝:
keepalived x86_64 1.3.5-19.el7 base 332 k
為依賴而安裝:
net-snmp-agent-libs x86_64 1:5.7.2-49.el7_9.1 updates 707 k
為依賴而更新:
ipset x86_64 7.1-1.el7 base 39 k
ipset-libs x86_64 7.1-1.el7 base 64 k
net-snmp-libs x86_64 1:5.7.2-49.el7_9.1 updates 751 k
事務概要
================================================================================
安裝 1 軟體包 (+1 依賴軟體包)
更新 ( 3 依賴軟體包)
總下載下傳量:1.8 M
Downloading packages:
No Presto metadata available for base
No Presto metadata available for updates
(1/5): ipset-7.1-1.el7.x86_64.rpm | 39 kB 00:00
(2/5): ipset-libs-7.1-1.el7.x86_64.rpm | 64 kB 00:00
(3/5): net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64.rpm | 707 kB 00:00
(4/5): keepalived-1.3.5-19.el7.x86_64.rpm | 332 kB 00:00
(5/5): net-snmp-libs-5.7.2-49.el7_9.1.x86_64.rpm | 751 kB 00:01
--------------------------------------------------------------------------------
總計 1.2 MB/s | 1.8 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : ipset-libs-7.1-1.el7.x86_64 1/8
正在更新 : 1:net-snmp-libs-5.7.2-49.el7_9.1.x86_64 2/8
正在安裝 : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 3/8
正在安裝 : keepalived-1.3.5-19.el7.x86_64 4/8
正在更新 : ipset-7.1-1.el7.x86_64 5/8
清理 : ipset-6.29-1.el7.x86_64 6/8
清理 : ipset-libs-6.29-1.el7.x86_64 7/8
清理 : 1:net-snmp-libs-5.7.2-28.el7.x86_64 8/8
驗證中 : keepalived-1.3.5-19.el7.x86_64 1/8
驗證中 : ipset-7.1-1.el7.x86_64 2/8
驗證中 : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 3/8
驗證中 : 1:net-snmp-libs-5.7.2-49.el7_9.1.x86_64 4/8
驗證中 : ipset-libs-7.1-1.el7.x86_64 5/8
驗證中 : ipset-libs-6.29-1.el7.x86_64 6/8
驗證中 : ipset-6.29-1.el7.x86_64 7/8
驗證中 : 1:net-snmp-libs-5.7.2-28.el7.x86_64 8/8
已安裝:
keepalived.x86_64 0:1.3.5-19.el7
作為依賴被安裝:
net-snmp-agent-libs.x86_64 1:5.7.2-49.el7_9.1
作為依賴被更新:
ipset.x86_64 0:7.1-1.el7 ipset-libs.x86_64 0:7.1-1.el7
net-snmp-libs.x86_64 1:5.7.2-49.el7_9.1
完畢!
(2)分别在主裝置、備用裝置上修改/etc/keepalived/keepalived.conf配置檔案
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vim keepalived.conf
! Configuration File for keepalived ///注釋資訊,檔案解釋
global_defs { ///全局配置部分
notification_email { ///設定發送郵件資訊的收件人
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected] ///設定連接配接的郵件伺服器資訊
smtp_server 192.168.200.1 ///設定郵箱IP位址或域名
smtp_connect_timeout 30 ///設定30s内無法連接配接郵箱則不再發送
router_id master ///高可用叢集主機身份辨別(唯一性)
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 { ///VRRP協定配置部分(執行個體配置,族)
state MASTER ///辨別裝置在執行個體中的身份(MASTER/BACKUP)
interface ens33 ///制定VIP出現在什麼網卡上
virtual_router_id 51 ///辨別執行個體身份的資訊
priority 100 ///設定優先級(越大越優先)
advert_int 1 ///
authentication { ///實作通訊需要有認證過程
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { ///配置VIP
192.168.49.186
}
}
#virtual_server 192.168.200.100 443 { ///LVS服務管理配置部分,可删除
# delay_loop 6
# lb_algo rr
# lb_kind NAT
# persistence_timeout 50
# protocol TCP
# real_server 192.168.201.100 443 {
# weight 1
# SSL_GET {
# url {
# path /
# digest ff20ad2481f97b1754ef3e12ecd3a9cc
# }
# url {
# path /mrtg/
# digest 9b3a0c85a887a256d6939da88aabd8cd
# }
# connect_timeout 3
# nb_get_retry 3
# delay_before_retry 3
# }
# }
[[email protected] ~]# cd /etc/keepalived/
[[email protected] keepalived]# cp keepalived.conf keepalived.conf.bak
[[email protected] keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id BACKUP
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state backup
interface ens33
virtual_router_id 51
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.49.186
}
}
(3)啟動服務
[[email protected] keepalived]# systemctl start keepalived
[[email protected] keepalived]# systemctl enable keepalived
[[email protected] keepalived]# systemctl start keepalived
[[email protected] keepalived]# systemctl enable keepalived
3、驗證
(1)測試VIP是否正常通信、檢視主裝置網卡資訊
[[email protected] keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ec:e1:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.49.184/22 brd 192.168.51.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.49.186/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::dac1:9ced:f76b:d918/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
[[email protected] keepalived]# ping 192.168.49.186
PING 192.168.49.186 (192.168.49.186) 56(84) bytes of data.
64 bytes from 192.168.49.186: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 192.168.49.186: icmp_seq=2 ttl=64 time=0.099 ms
64 bytes from 192.168.49.186: icmp_seq=3 ttl=64 time=0.070 ms
64 bytes from 192.168.49.186: icmp_seq=4 ttl=64 time=0.069 ms
^C
--- 192.168.49.186 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.048/0.071/0.099/0.020 ms
[[email protected] keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:14:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.49.185/22 brd 192.168.51.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8613:4934:eafb:1eb6/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::dac1:9ced:f76b:d918/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
[[email protected] keepalived]# ping 192.168.49.186
PING 192.168.49.186 (192.168.49.186) 56(84) bytes of data.
64 bytes from 192.168.49.186: icmp_seq=1 ttl=64 time=0.495 ms
64 bytes from 192.168.49.186: icmp_seq=2 ttl=64 time=0.777 ms
64 bytes from 192.168.49.186: icmp_seq=3 ttl=64 time=0.811 ms
64 bytes from 192.168.49.186: icmp_seq=4 ttl=64 time=0.792 ms
64 bytes from 192.168.49.186: icmp_seq=5 ttl=64 time=0.980 ms
^C
--- 192.168.49.186 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.495/0.771/0.980/0.156 ms
(2)模拟主裝置故障,檢視VIP通信狀況及VIP所處位置
[[email protected] keepalived]# systemctl stop network
[[email protected] keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:14:41 brd ff:ff:ff:ff:ff:ff
inet 192.168.49.185/22 brd 192.168.51.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.49.186/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8613:4934:eafb:1eb6/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::dac1:9ced:f76b:d918/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:64:52:cc brd ff:ff:ff:ff:ff:ff
(3)嘗試以WEB服務進行驗證,切斷Master
五、參考文章文獻:
- https://zhuanlan.zhihu.com/p/43723276
- https://baijiahao.baidu.com/s?id=1670188503614251415&wfr=spider&for=pc
- http://www.ruanyifeng.com/blog/2019/11/fault-tolerance.html
- https://blog.csdn.net/weixin_47985676/article/details/106790011
- https://blog.csdn.net/xiaoyi23000/article/details/80163344
- https://blog.csdn.net/l1028386804/article/details/72801492