基于keepalived的redis系統(tǒng)master雙機熱備(讀數(shù)據(jù)負載均衡)設(shè)置方案

基于keepalived的redis系統(tǒng)master雙機熱備，讀數(shù)據(jù)負載均衡設(shè)置方案==========================================================================================硬件：

機器

ip

作用

master

redis系統(tǒng)的master主機

slave1

redis系統(tǒng)的slave機器，和master組成雙機熱備

slave2

redis系統(tǒng)的slave機器，和slave1構(gòu)成讀數(shù)據(jù)的負載均衡系統(tǒng)

軟件：

keepalived，下載地址：

lvs，下載地址：

redis，下載地址：www.redis.io

centos6.4版本

安裝：

不采用編譯安裝的方式，使用yum安裝

1.安裝kernel-devel：yuminstallkernel-devel.這是ipvsadm需要的

2.安裝lvs：yuminstallipvsadm

3.安裝keepalived:yuminstallkeepalived

如果無法聯(lián)網(wǎng)，請去這里考古尋找自己需要的rpm文件

base:/centos/6/os/x86_64/Packages/

update:/centos/6/updates/x86_64/Packages/

下面是需要的rpm文件列表截圖kernel-devel需要的文件以及需要的證書lvs需要的文件keepalived需要的文件

注意，三臺機器都需要安裝keepalived

配置keepalived：

1.centos必要配置：

/etc/sysctl.conf文件

net.ipv4.ip_forward=1#轉(zhuǎn)發(fā)開啟

2.keepalived必要配置：

master修改/etc/keepalived/keepalived.conf為如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

郵箱

}

notification_email_from郵箱

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要綁定的網(wǎng)卡

virtual_router_id100#同一個vrrp_instance中的值必須一樣

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于雙機熱備的虛擬ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

notify_downredis服務(wù)失敗后要執(zhí)行的腳本的路徑/腳本名

#服務(wù)失敗后要執(zhí)行的腳本

TCP_CHECK{

connect_timeout1

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

slave1修改/etc/keepalived/keepalived.conf為如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

郵箱

}

notification_email_from郵箱

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要綁定的網(wǎng)卡

virtual_router_id100#同一個vrrp_instance中的值必須一樣

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于雙機熱備的虛擬ip

}

notify_master將slave重新轉(zhuǎn)換為slave的腳本

}

vrrp_instanceVI_2{

stateMASTER

#將此slave作為讀數(shù)據(jù)的master

interfaceeth0

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于讀取數(shù)據(jù)的負載均衡的虛擬ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight1

notify_downredis服務(wù)失敗后要執(zhí)行的腳本的路徑/腳本名

#服務(wù)失敗后要執(zhí)行的腳本

TCP_CHECK{

connect_timeout1

nb_get_retry2

delay_before_retry1

connect_port6379

}

}

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight7

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

slave2修改/etc/keepalived/keepalived.conf為如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

郵箱

}

notification_email_from郵箱

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_2{

stateBACKUP

interfaceeth0

virtual_router_id101

priority149

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight7

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

配置redis：

master無需特殊配置slave1則設(shè)置為master的從機

slave2則需要設(shè)置為的從機，否則在master失效后slave2會無法繼續(xù)讀取數(shù)據(jù)

需要的腳本：在master執(zhí)行的腳本:[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

ervicekeepalivedstop#需要用戶具有權(quán)限，不中斷keepalived服務(wù)虛擬ip無法轉(zhuǎn)移

在slave1執(zhí)行的腳本：

[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-cli-h-p6379slaveofNOONE#將slave1轉(zhuǎn)換為redis的

slave1第二個腳本，在master服務(wù)重啟后將slave1重新轉(zhuǎn)換為slave狀態(tài)

最終效果：提供了redis的雙機熱備服務(wù)，則提供了數(shù)據(jù)讀取的負載均衡[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-clislaveof6379#將slave1重新轉(zhuǎn)換為redis的slave

需要注意，master每次需要先啟動redis服務(wù)然后再啟動keepalived==========================================================================================基于keepalived、redissentinel的高可用redis集群【修改版】2013年12月12日

?綜合

?共5289字?字號

小

中

大

?

評論關(guān)閉原方案地址原方案硬件機器名IP作用masterredis的master服務(wù)器slave1redis的slave服務(wù)器slave2redis的slave服務(wù)器route1【虛擬IP：】keepalived和redissentinel服務(wù)器，承載寫redis的VIP【虛擬ip】，做寫的雙機熱備的主master指定route2【虛擬IP：】keepalived和redissentinel服務(wù)器，承載讀redis的VIP，做讀的負載均衡和寫的雙機熱備的master備份路由指定詳細的keepalived配置，route1!ConfigurationFileforkeepalivedglobal_defs{

notification_email{

郵箱

}

notification_email_from郵箱@

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL}vrrp_instanceVI_1{

stateMASTER

interfaceeth1

virtual_router_id100

priority150

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}

}vrrp_instanceVI_2{

stateBACKUP

interfaceeth1

virtual_router_id101

priority101

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}}virtual_server6379{

delay_loop3

lb_algorr

lb_kindDR

persistence_timeout15

protocolTCP

real_server6379{

weight4

notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}

real_server6379{

weight3notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}

real_server6379{

weight3notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}}virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}}route2的配置文件!ConfigurationFileforkeepalivedglobal_defs{

notification_email{

#xieqj@

#shanghq@

}

notification_email_fromxieqj@

smtp_server

smtp_connect_timeout30

router_idLVS_DEVEL}vrrp_instanceVI_1{

stateBACKUP

interfaceeth1

virtual_router_id100

priority100

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

9

}

#notify_master"/home/wind/redis.sh"

}vrrp_instanceVI_2{

stateMASTER

interfaceeth1

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

0

}}virtual_server96379{

delay_loop3

lb_algorr

lb_kindDR

persistence_timeout15

protocolTCP

real_server036379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}

real_server046379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}

real_server056379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}}virtual_server06379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server046379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server056379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}}keepalived的master的MISCH_CHECK監(jiān)測腳本#!/usr/bin/pythonimportsys,commandscmd="/usr/local/bin/redis-cli-h"+sys.argv[1]+"-p"+sys.argv[2]+"info"#sys.argv是輸入的參數(shù),sys.argv[0]是需要執(zhí)行的命令，以后才是參數(shù)。1是ip，2是端口str=commands.getoutput(cmd)ismaster=-100ismaster=str.count("role:master")#原來是使用index方法，但是找不到字符串時會報錯zero=0ifismaster>zero:sys.exit(0)#返回0在keepalived表示健康else:sys.exit(1)#返回1表示keepalived檢測端口不健康更多MISC_CHECK參考見/thread-845-1-1.htmlredis維護腳本redis_up.sh用在檢測到服務(wù)啟動時#!/usr/bin/envbash/usr/local/bin/redis-cli-h$argv[1]-p6379configsetappendonlynoredis設(shè)置與sentinel設(shè)置無變化需要特別注意的配置，如果沒有這個配置就會發(fā)生keepalived不轉(zhuǎn)發(fā)的的\o"問題"問題，而且是如果redis和keepalive是同一臺機器，會轉(zhuǎn)發(fā)，但是如果相互間獨立，則realserver收不到轉(zhuǎn)發(fā)包配置master

vim/etc/sysctl.conf,添加內(nèi)容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2執(zhí)行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist

lo環(huán)上出現(xiàn)了指定的ip即可配置slave1vim/etc/sysctl.conf,添加內(nèi)容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2執(zhí)行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist配置slave2vim/etc/sysctl.conf,添加內(nèi)容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2執(zhí)行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist==========================================================================================硬件機器名IP作用masterredis的master服務(wù)器slave1redis的slave服務(wù)器slave2redis的slave服務(wù)器route1【虛擬IP：】keepalived和redissentinel服務(wù)器，承載寫redis的VIP【虛擬ip】，做寫的雙機熱備的主master指定route2【虛擬IP：】keepalived和redissentinel服務(wù)器，承載讀redis的VIP，做讀的負載均衡和寫的雙機熱備的master備份路由指定安裝與配置見此文安裝與配置詳細的keepalived配置，route1[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

郵箱

}

notification_email_from郵箱

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要綁定的網(wǎng)卡

virtual_router_id100#同一個vrrp_instance中的值必須一樣

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于雙機熱備的虛擬ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

notify_downredis服務(wù)失敗后要執(zhí)行的腳本的路徑/腳本名

#服務(wù)失敗后要執(zhí)行的腳本

TCP_CHECK{

connect_timeout1

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

route2的配置文件[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

郵箱

}

notification_email_from郵箱

smtp_server郵箱服務(wù)器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要綁定的網(wǎng)卡

virtual_router_id100#同一個vrrp_instance中的值必須一樣

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于雙機熱備的虛擬ip

}

notify_master"/etc/script/redis.sh"

}

vrrp_instanceVI_2{

stateMASTER

#將此slave作為讀數(shù)據(jù)的master

interfaceeth0

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于讀取數(shù)據(jù)的負載均衡的虛擬ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight5

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight5

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

redis維護腳本redis.sh[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-cli-h-p6379shutdown

/usr/local/bin/redis-cli-h-p6379configsetappendonlyno

此腳本用在route2的notify_master，即當route2進入master時執(zhí)行設(shè)置redis的主從關(guān)系設(shè)置redis的sentinel，配置文件[plain]

\o"viewplain"viewplain\o"copy"copy#Examplesentinel.conf

#port<sentinel-port>

#Theportthatthissentinelinstancewillrunon

port26379

#sentinelmonitor<master-name><ip><redis-port><quorum>

#

#TellsSentineltomonitorthisslave,andtoconsideritinO_DOWN

#(ObjectivelyDown)stateonlyifatleast<quorum>sentinelsagree.

#

#Note:masternameshouldnotincludespecialcharactersorspaces.

#ThevalidcharsetisA-z0-9andthethreecharacters".-_".

sentinelmonitormymaster63792#此處的意思是需要兩個哨兵來確認服務(wù)是否掛掉

#sentinelauth-pass<master-name><password>

#

#Setthepasswordtousetoauthenticatewiththemasterandslaves.

#UsefulifthereisapasswordsetintheRedisinstancestomonitor.

#

#Notethatthemasterpasswordisalsousedforslaves,soitisnot

#possibletosetadifferentpasswordinmastersandslavesinstances

#ifyouwanttobeabletomonitortheseinstanceswithSentinel.

#

#HoweveryoucanhaveRedisinstanceswithouttheauthenticationenabled

#mixedwithRedisinstancesrequiringtheauthentication(aslongasthe

#passwordsetisthesameforalltheinstancesrequiringthepassword)as

#theAUTHcommandwillhavenoeffectinRedisinstanceswithauthentication

#switchedoff.

#

#Example:

#

#sentinelauth-passmymasterMySUPER--secret-0123passw0rd

#sentineldown-after-milliseconds<master-name><milliseconds>

#

#Numberofmillisecondsthemaster(oranyattachedslaveorsentinel)should

#beunreachable(asin,notacceptablereplytoPING,continuously,forthe

#specifiedperiod)inordertoconsideritinS_DOWNstate(Subjectively

#Down).

#

#Defaultis30seconds.

sentineldown-after-millisecondsmymaster5000

#sentinelcan-failover<master-name><yes|no>

#

#SpecifyifthisSentinelcanstartthefailoverforthismaster.

sentinelcan-failovermymasteryes

#sentinelparallel-syncs<master-name><numslaves>

#

#Howmanyslaveswecanreconfiguretopointtothenewslavesimultaneously

#duringthefailover.Usealownumberifyouusetheslavestoservequery

#toavoidthatalltheslaveswillbeunreachableataboutthesame

#timewhileperformingthesynchronizationwiththemaster.

sentinelparallel-syncsmymaster1

#sentinelfailover-timeout<master-name><milliseconds>

#

#Specifiesthefailovertimeoutinmilliseconds.Whenthistimehaselapsed

#withoutanyprogressinthefailoverprocess,itisconsideredconcludedby

#thesentinelevenifnotalltheattachedslaveswerecorrectlyconfigured

#toreplicatewiththenewmaster(howevera"besteffort"SLAVEOFcommand

#issenttoalltheslavesbefore).

#

#Alsowhen25%ofthistimehaselapsedwithoutanyadvancement,andthere

#isaleaderswitch(thesentineldidnotstartedthefailoverbutisnow

#electedasleader),thesentinelwillcontinuethefailoverdoinga

#"takeover".

#

#Defaultis15minutes.

sentinelfailover-timeoutmymaster90000

#SCRIPTSEXECUTION

#

#sentinelnotification-scriptandsentinelreconfig-scriptareusedinorder

#toconfigurescriptsthatarecalledtonotifythesystemadministrator

#ortoreconfigureclientsafterafailover.Thescriptsareexecuted

#withthefollowingrulesforerrorhandling:

#

#Ifscriptexistswith"1"theexecutionisretriedlater(uptoamaximum

#numberoftimescurrentlysetto10).

#

#Ifscriptexistswith"2"(oranhighervalue)thescriptexecutionis

#notretried.

#

#Ifscriptterminatesbecauseitreceivesasignalthebehavioristhesame

#asexitcode1.

#

#Ascripthasamaximumrunningtimeof60seconds.Afterthislimitis

#reachedthescriptisterminatedwithaSIGKILLandtheexecutionretried.

#NOTIFICATIONSCRIPT

#

#sentinelnotification-script<master-name><script-path>

#

#Callthespecifiednotificationscriptforanysentienleventthatis

#generatedintheWARNINGlevel(forinstance-sdown,-odown,andsoforth).

#Thisscriptshouldnotifythesystemadministratorviaemail,SMS,orany

#othermessagingsystem,thatthereissomethingwrongwiththemonitored

#Redissystems.

#

#Thescriptiscalledwithjusttwoarguments:thefirstistheeventtype

#andthesecondtheeventdescription.

#

#Thescriptmustexistandbeexecutableinorderforsentineltostartif

#thisoptionisprovided.

#

#Example:

#

#sentinelnotification-scriptmymaster/var/redis/notify.sh

#CLIENTSRECONFIGURATIONSCRIPT

#

#sentinelclient-reconfig-script<master-name><script-path>

#

#Whenthefailoverstarts,ends,orisaborted,ascriptcanbecalledin

#ordertoperformapplication-specifictaskstonotifytheclientsthatthe

#configurationhaschangedandthemasterisatadifferentaddress.

#

#Thescriptiscalledinthefollowingcases:

#

#Failoverstarted(aslaveisalreadypromoted)

#Failoverfinished(alltheadditionalslavesalreadyreconfigured)

#Failoveraborted(inthatcasethescriptwaspreviouslycalledwhenthe

#

failoverstarted,andnowgetscalledagainwithswapped

#

addresses).

#

#Thefollowingargumentsarepassedtothescript:

#

#<master-name><role><state><from-ip><from-port><to-ip><to-port>

#

#<state>is"start","end"or"abort"

#<role>iseither"leader"or"observer"

#

#Theargumentsfrom-ip,from-port,to-ip,to-portareusedtocommunicate

#theoldaddressofthemasterandthenewaddressoftheelectedslave

#(nowamaster)inthecasestateis"start"or"end".

#

#Forabortinsteadthe"from"istheaddressofthepromotedslaveand

#"to"istheaddressoftheoriginalmasteraddress,sincethefailover

#wasaborted.

#

#Thisscriptshouldberesistanttomultipleinvocations.

#

#Example:

#

#sentinelclient-reconfig-scriptmymaster/var/redis/reconfig.sh

需要特別注意的配置，如果沒有這個配置就會發(fā)生keepalived不轉(zhuǎn)發(fā)的的問題，而且是如果redis和keepalive是同一臺機器，會轉(zhuǎn)發(fā)，但是如果相互間獨立，則realserver收不到轉(zhuǎn)發(fā)包配置master

vim/etc/sysctl.conf,添加內(nèi)容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

執(zhí)行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

ipaddlist

lo環(huán)上出現(xiàn)了指定的ip即可配置slave1vim/etc/sysctl.conf,添加內(nèi)容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

執(zhí)行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

<prename="code"class="plain">ipaddradd/32devlo</pre>ipaddlist

配置slave2vim/etc/sysctl.conf,添加內(nèi)容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

執(zhí)行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

ipaddlist

設(shè)置sentinelredis的sentinel在配置文件中設(shè)定為2，所以route1和route2兩臺機器都需要配置啟動redis的sentinel[plain]

\o"viewplain"viewplain\o"copy"copy/usr/local/bin/redis-server/etc/redis/sentinel.conf--sentinel

==========================================================================================Keepalived原理與實戰(zhàn)精講

gotop&FinalBSD

什么是Keepalived呢，keepalived觀其名可知，保持存活，在網(wǎng)絡(luò)里面就是保持在線了，也就是所謂的高可用或熱備，用來防止單點故障(單點故障是指一旦某一點出現(xiàn)故障就會導(dǎo)致整個系統(tǒng)架構(gòu)的不可用)的發(fā)生，那說到keepalived時不得不說的一個協(xié)議就是VRRP協(xié)議，可以說這個協(xié)議就是keepalived實現(xiàn)的基礎(chǔ)，那么首先我們來看看VRRP協(xié)議

注：搞運維的要有足夠的耐心哦，不理解協(xié)議就很難透徹的掌握keepalived的了

一，VRRP協(xié)議VRRP協(xié)議

學(xué)過網(wǎng)絡(luò)的朋友都知道，網(wǎng)絡(luò)在設(shè)計的時候必須考慮到冗余容災(zāi)，包括線路冗余，設(shè)備冗余等，防止網(wǎng)絡(luò)存在單點故障，那在路由器或三層交換機處實現(xiàn)冗余就顯得尤為重要，在網(wǎng)絡(luò)里面有個協(xié)議就是來做這事的，這個協(xié)議就是VRRP協(xié)議，Keepalived就是巧用VRRP協(xié)議來實現(xiàn)高可用性(HA)的

VRRP協(xié)議有一篇文章寫的非常好，大家可以直接看這里(記得認真看看哦，后面基本都已這個為基礎(chǔ)的了)

帖子地址：/thread-790-1-1.html

只需要把服務(wù)器當作路由器即可！

在《VRRP協(xié)議》里講到了虛擬路由器的ID也就是VRID在這里比較重要

keepalived完全遵守VRRP協(xié)議，包括競選機制等等

二，Keepalived原理

Keepalived原理

keepalived也是模塊化設(shè)計，不同模塊復(fù)雜不同的功能，下面是keepalived的組件

corecheckvrrplibipfwclibipvs-2.4libipvs-2.6

core：是keepalived的核心，復(fù)雜主進程的啟動和維護，全局配置文件的加載解析等

check：負責healthchecker(健康檢查)，包括了各種健康檢查方式，以及對應(yīng)的配置的解析包括LVS的配置解析

vrrp：VRRPD子進程，VRRPD子進程就是來實現(xiàn)VRRP協(xié)議的

libipfwc：iptables(ipchains)庫，配置LVS會用到

libipvs*：配置LVS會用到

注意，keepalived和LVS完全是兩碼事，只不過他們各負其責相互配合而已

keepalived啟動后會有三個進程

父進程：內(nèi)存管理，子進程管理等等

子進程：VRRP子進程

子進程：healthchecker子進程

有圖可知，兩個子進程都被系統(tǒng)WatchDog看管，兩個子進程各自復(fù)雜自己的事，healthchecker子進程復(fù)雜檢查各自服務(wù)器的健康程度，例如HTTP，LVS等等，如果healthchecker子進程檢查到MASTER上服務(wù)不可用了，就會通知本機上的兄弟VRRP子進程，讓他刪除通告，并且去掉虛擬IP，轉(zhuǎn)換為BACKUP狀態(tài)

三，Keepalived配置文件詳解

keepalived配置詳解

keepalived有三類配置區(qū)域(姑且就叫區(qū)域吧)，注意不是三種配置文件，是一個配置文件里面三種不同類別的配置區(qū)域

全局配置(GlobalConfiguration)

VRRPD配置

LVS配置

一，全局配置

全局配置又包括兩個子配置：

全局定義(globaldefinition)

靜態(tài)路由配置(staticipaddress/routes)

1，全局定義(globaldefinition)配置范例global_defs{notification_email{admin@}notification_email_fromadmin@smtp_serverstmp_connect_timeout30router_idnode1}復(fù)制代碼全局配置解析

global_defs全局配置標識，表面這個區(qū)域{}是全局配置notification_email{admin@admin@}復(fù)制代碼表示keepalived在發(fā)生諸如切換操作時需要發(fā)送email通知，以及email發(fā)送給哪些郵件地址，郵件地址可以多個，每行一個

notification_email_from

admin@

表示發(fā)送通知郵件時郵件源地址是誰

smtp_server

表示發(fā)送email時使用的smtp服務(wù)器地址，這里可以用本地的sendmail來實現(xiàn)

smtp_connect_timeout30

連接smtp連接超時時間

router_idnode1

機器標識

2，靜態(tài)地址和路由配置范例static_ipaddress{/24brd+deveth0scopeglobal/24brd+deveth1scopeglobal}static_routes{src$SRC_IPto$DST_IPdev$SRC_DEVICEsrc$SRC_IPto$DST_IPvia$GWdev$SRC_DEVICE}復(fù)制代碼

這里實際上和系統(tǒng)里面命令配置IP地址和路由一樣例如：

/24brd+deveth0scopeglobal相當于:ipaddradd/24brd+deveth0scopeglobal

就是給eth0配置IP地址

路由同理

一般這個區(qū)域不需要配置

這里實際上就是給服務(wù)器配置真實的IP地址和路由的，在復(fù)雜的環(huán)境下可能需要配置，一般不會用這個來配置，我們可以直接用vi/etc/sysconfig/network-script/ifcfg-eth1來配置，切記這里可不是VIP哦，不要搞混淆了，切記切記！

二，VRRPD配置

VRRPD配置包括三個類

VRRP同步組(synchroizationgroup)

VRRP實例(VRRPInstance)VRRP腳本

1，VRRP同步組(synchroizationgroup)配置范例vrrp_sync_groupVG_1{group{httpmysql}notify_master/path/to/to_master.shnotify_backup/path_to/to_backup.shnotify_fault"/path/fault.shVG_1"notify/path/to/notify.shsmtp_alert}復(fù)制代碼其中：group{httpmysql}復(fù)制代碼http和mysql是實例名和下面的實例名一致

notify_master/path/to/to_master.sh：表示當切換到master狀態(tài)時，要執(zhí)行的腳本notify_backup/path_to/to_backup.sh：表示當切換到backup狀態(tài)時，要執(zhí)行的腳本notify_fault"/path/fault.shVG_1"復(fù)制代碼notify/path/to/notify.sh：

smtpalter表示切換時給globaldefs中定義的郵件地址發(fā)送右鍵通知

2，VRRP實例(instance)配置范例vrrp_instancehttp{stateMASTERinterfaceeth0dont_track_primarytrack_interface{eth0eth1}mcast_src_ip<IPADDR>garp_master_delay10virtual_router_id51priority100advert_int1authentication{auth_typePASSautp_pass1234}virtual_ipaddress{#<IPADDR>/<MASK>brd<IPADDR>dev<STRING>scope<SCOPT>label<LABEL>7/24deveth18/24deveth2labeleth2:1}virtual_routes{#src<IPADDR>[to]<IPADDR>/<MASK>via|gw<IPADDR>dev<STRING>scope<SCOPE>tabsrcto/24via54deveth1/24via54deveth1/24deveth2/24via54}nopreemptpreemtp_delay300debug}復(fù)制代碼

state：state指定instance(Initial)的初始狀態(tài)，就是說在配置好后，這臺服務(wù)器的初始狀態(tài)就是這里指定的，但這里指定的不算，還是得要通過競選通過優(yōu)先級來確定，里如果這里設(shè)置為master，但如若他的優(yōu)先級不及另外一臺，那么這臺在發(fā)送通告時，會發(fā)送自己的優(yōu)先級，另外一臺發(fā)現(xiàn)優(yōu)先級不如自己的高，那么他會就回搶占為master

interface：實例綁定的網(wǎng)卡，因為在配置虛擬IP的時候必須是在已有的網(wǎng)卡上添加的

donttrackprimary：忽略VRRP的inte