HA 高可用性群集
一 基础知识:1 HA(High Available),高可用性群集;
当集群中的一个系统发生故障时,集群软件迅速做出反映,将该系统的任务分配到集群中其它正在工作的系统上执行。
应用于企业网中高可用性体系,提供时时的在线服务99.999%;
2 LVS-DR模型:直接路由模型;
特点:能够处理比nat模型更过的节点;
数据包流向:CIP-DGW-VIP-RIP-DGW-CIP
Rip和dip需在同一个网络中;
Realserver的网关不再是rip;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969061wK1u.png
3 为了实现LVS-DR模型需要解决相关问题:
3.1 每个real server上都需要配置vip;vip配置在lookback接口上;
3.2 解决多个相同vip导致的arp应答混乱;
3.3 通过arp_arpannounce和arp_ignore来控制realserver的arp应答;
3.4 解决realserver的应答报文的源地址,源地址应该为VIP;
4 群集调度算法
4.1 固定调度算法:四种
4.1.1 轮训调度(RR);
4.1.2 加权轮训(WRR);根据能力的不同,分配不同的任务量;
4.1.3 目标哈希(DH);一个用户的请求发送给相同的server;
4.1.4 来源哈希(SH);确保返回的包到同一台路由器;
4.2 动态调度算法:六种,(需要考虑活动数量和非活动数量)
4.2.1 最少连接数(LC);最少任务次数的优先分配;
4.2.2 权重最少连接数(WLC);能力比较强,且最少任务次数的优先分配;
4.2.3 最少的期望延迟(SED);
4.2.4 永不排队(NQ);发现没有活动的Rserver,优先考虑
4.2.5 LBLC
4.2.6 LBLCR
5 通过一下软件实现HA:
5.1 heartbeatv1v2v3
5.2 rhcs红帽集群套件
5.3 corosync/openais+paceker
5.4 keepalives
6 HA群集的两节点的模式:
6.1 主备模式;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499690627HWH.png
6.2 主主模式:容易形成群集分裂;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969062wPTR.png
7 Heartbeat
Heartbeat 项目是 Linux-HA 工程的一个组成部分,它实现了一个高可用集群系统。心跳服务和集群通信是高可用集群的两个关键组件,在 Heartbeat 项目里,由 heartbeat 模块实现了这两个功能。下面描述了 heartbeat 模块的可靠消息通信机制,并对其实现原理做了一些介绍。
8 心跳线:备份的Director探测主Director的心跳;
7.1 使用双绞线;
7.2 光钎跳线;
7.3 serial(串行)
二 案例一
1 拓扑图
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969062MZga.png
2 案例说明
实现基于HA高可用性的群集系统;
实现LVA-DR直接路由模型模型;
3 配置director1群集服务器:
3.1 配置director1的网卡地址:
3.1.1 外出接口网卡:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969063OZAI.png
3.1.2 心跳网卡:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969063MaeZ.png
3.1.3重启网络服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969073pSmj.png
3.2 配置director1的主机名:
# vim /etc/sysconfig/network
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969077jckF.png
# hostname dir1.abc.com //配置后需要注销一次;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499690781tmC.png
3.3 配置director1的本地DNS解析:
# vim /etc/hosts
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969078mH89.png
3.4 将heartbeat的安装包使用ftp导入director1:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969079kSiQ.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499690826DLu.png
3.5 挂载光盘:
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom
3.6 使用yum安装heartbeat相应的软件包:
# yum localinstall -y heartbeat-2.1.4-9.el5.i386.rpm heartbeat-pils-2.1.4-10.el5.i386.rpm heartbeat-stonith-2.1.4-10.el5.i386.rpm libnet-1.1.4-3.el5.i386.rpm perl-MailTools-1.77-1.el5.noarch.rpm
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969083XLnS.png
3.7 拷贝heartheat的配置文件到相应的位置:
# cd /usr/share/doc/heartbeat-2.1.4/
# cp ha.cf /etc/ha.d/
# cp haresources /etc/ha.d/
# cp authkeys /etc/ha.d/
3.8 编辑心跳探测配置文件ha.cf:
# cd /etc/ha.d/
# vim ha.cf
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499690896fJf.png
//定义心跳网卡;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969089WBAO.png
//声明群集的节点;
3.9 配置验证钥匙(为了实现双方身份验证):
# vim authkeys
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_134996909321JT.png
3.10 改变authkeys的权限:
# chmod 600 authkeys
3.11 编辑heartbeat资源管理器:(用于管理Director上的服务,比如httpd的启动)
# vim haresources
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969093aimD.png
//192.168.10.10是VIP,ipvsadm是heartbeat控制的服务类资源;
3.12 安装ipvsadm服务:
# yum install ipvsadm
3.13 编写ipvs转发表格:
# ipvsadm -A -t 192.168.10.10:80 -s rr
# ipvsadm -a -t 192.168.10.10:80 -r 192.168.10.101 -g
# ipvsadm -a -t 192.168.10.10:80 -r 192.168.10.102 -g
3.14 保存ipvs规则到/etc/sysconfig/ipvsadm:
# service ipvsadm save
3.16 将ipvsadm的控制脚本复制到heartbeat资源管理目录:
# cp /etc/init.d/ipvsadm /etc/ha.d/resource.d/
//为了使heartbeat能对ipvsadm进行控制;
3.17 启动heartbeat服务:
# service heartbeat start
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499690937mwN.png
3.18 查看ipvsadm的状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969097gOEb.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969097AC5M.png
//此时director1处于主控状态;director1处于备份状态;
4 配置director2群集服务器:
4.1 配置director2的网卡地址:
4.1.1 外出接口网卡:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969097OYe0.png
4.1.2 心跳网卡:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969098Il5o.png
4.1.3 重启网络服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969098bZRO.png
4.2 配置director1的主机名:
# vim /etc/sysconfig/network
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969099EHly.png
# hostname dir2.abc.com //配置后需要注销一次;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969099i0MS.png
3.3 配置director1的本地DNS解析:
# vim /etc/hosts
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969099sYDX.png
4.4 将heartbeat的安装包使用ftp导入director1:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969100jg5O.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_134996910110MC.png
4.5 挂载光盘:
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom
4.6 使用yum安装heartbeat相应的软件包:
# yum localinstall -y heartbeat-2.1.4-9.el5.i386.rpm heartbeat-pils-2.1.4-10.el5.i386.rpm heartbeat-stonith-2.1.4-10.el5.i386.rpm libnet-1.1.4-3.el5.i386.rpm perl-MailTools-1.77-1.el5.noarch.rpm --nogpgcheck
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969104m2LX.png
4.7 拷贝heartheat的配置文件到相应的位置:
# cd /usr/share/doc/heartbeat-2.1.4/
# cp ha.cf /etc/ha.d/
# cp haresources /etc/ha.d/
# cp authkeys /etc/ha.d/
4.8 编辑心跳探测配置文件ha.cf:
# cd /etc/ha.d/
# vim ha.cf
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969104x8Oy.png
//定义心跳网卡;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969105Wuto.png
//声明群集的节点;
4.9 配置验证钥匙(为了实现双方身份验证):
# vim authkeys
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969105Txfb.png
4.10 改变authkeys的权限:
# chmod 600 authkeys
4.11 编辑heartbeat资源管理器:(用于管理Director上的服务,比如httpd的启动)
# vim haresources
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969106oZHf.png
//192.168.10.10是VIP,ipvsadm是heartbeat控制的服务类资源;
4.12 安装ipvsadm服务:
# yum install ipvsadm
4.13 编写ipvs转发表格:
# ipvsadm -A -t 192.168.10.10:80 -s rr
# ipvsadm -a -t 192.168.10.10:80 -r 192.168.10.101 -g
# ipvsadm -a -t 192.168.10.10:80 -r 192.168.10.102 -g
4.14 保存ipvs规则到/etc/sysconfig/ipvsadm:
# service ipvsadm save
4.15 将ipvsadm的控制脚本复制到heartbeat资源管理目录:
# cp /etc/init.d/ipvsadm /etc/ha.d/resource.d/
//为了使heartbeat能对ipvsadm进行控制;
4.16 启动heartbeat服务:
# service heartbeat start
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969106fuun.png
4.17 查看ipvsadm的状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969106Txs9.png
//ipvsadm没有被启用;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969107y03i.png
//没有VIP;
5 配置realserver1
5.1 在系统控制文件sysctl.conf中添加arp内核参数:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969113XKjW.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969113Y92S.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969117CTLE.png
5.2 在eth0网卡上配置RIP:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969117Hmz2.png
5.3 在loopback接口上配置VIP:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969117lQIg.png
5.4 重启网络服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969118pRYt.png
5.5 添加路由:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969118RyU7.png
//为了实现使用vip来对访问进行应答,需要使从realserver1到任何地址的数据包从lo:0的接口使用vip发送;
5.6 挂在光盘:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969119svuW.png
5.7 安装realserver1的httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_134996911990ng.png
5.8 创建realserver1的测试页:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969119ch4A.png
5.9 启动httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691208QIF.png
6 配置realserver2
6.1 在系统控制文件sysctl.conf中添加arp内核参数:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969123H1Xb.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969124u9oV.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969124fHYd.png
6.2 在eth0网卡上配置RIP:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969124x3Xw.png
6.3 在loopback接口上配置VIP:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969125wnwq.png
6.4 重启网络服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969125kvmt.png
6.5 添加路由:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969126q1iv.png
//为了实现使用vip来对访问进行应答,需要使从realserver1到任何地址的数据包从lo:0的接口使用vip发送;
6.6 挂在光盘:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969129EcT9.png
6.7 安装realserver1的httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969130sezk.png
6.8 创建realserver1的测试页:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969130vGJu.png
6.9 启动httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969131qXG8.png
7 测试:
7.1 当群集服务器都正常运行时:
7.1.1 查看director1初始的ipvsadm状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_134996913178ym.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969131gj0C.png
//此时director1处于主控状态;director1处于备份状态;
7.1.2 查看director2初始的ipvsadm的状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969132O4JT.png
//ipvsadm没有被启用;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691322s9D.png
//没有启用VIP;
7.1.3 使用http访问192.168.10.10:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969133stIY.png
7.1.4 刷新后:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969133a5Il.png
//群集可以正常使用
7.1.5 查看ipvs规则的匹配:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691333RSJ.png
7.2 当群集服务器的状态发生变化时:
7.2.1 使director1失去主控模式:
# cd /usr/lib/heartbeat/
# ./hb_standby
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691371PSn.png
7.2.2 查看director1的ipvsadm状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691401FiJ.png
//此时director1处于备份状态;director1处于主控状态;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969140baBa.png
//没有启用VIP;
7.2.3 查看director2的ipvsadm的状态:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969144Q7aY.png
//ipvsadm没有被启用;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969147Tvmg.png
//启用VIP;
7.2.4 使用http访问192.168.10.10:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969148f0E3.png
7.2.5 刷新后:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969148g73Q.png
//群集可以正常使用
7.2.6查看ipvs规则的匹配:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969148qS5G.png
案例二:(此案例基于案例一)
1 拓扑图
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969149qvte.png
2 案例说明
2.1 实现基于HA高可用性的群集系统;
2.2 实现LVA-DR直接路由模型模型;
2.3 通过heartbeat的ldirectord服务实现动态ipvs规则表;
3 配置步骤
3.1 在director1上配置
3.1.1 安装ldirectord:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969149gfXo.png
# rpm -ivh heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
3.1.2 删除原来ipvsadm规则条目:
# mv /etc/sysconfig/ipvsadm /etc/sysconfig/ipvsadm.old
3.1.3 关闭heartbeat服务:
# service heartbeat stop
3.1.4 将ldirectord的控制脚本复制到heartbeat资源控制目录中:
# cp /etc/init.d/ldirectord /etc/ha.d/resource.d/
3.1.5 编辑ldirectord控制脚本:
# cd /etc/ha.d/resource.d/
# vim /etc/ha.d/resource.d/ldirectord.cf
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969150uhQK.png
//当不使用静默模式时:当服务不可用时,对应的ipvs条目会被删除;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969159x799.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969159H71l.png
3.1.6改变heartbeat的资源管理文件:
# vim /etc/ha.d/haresources
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969160EHFp.png
//资源一是:地址192.168.10.10
//资源二是:服务ldirectord,后跟上服务的对应配置脚本;
3.1.7 启动heartbeat服务:
# service heartbeat start
3.2 在director2上配置
3.2.1 安装ldirectord:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969160q1Lg.png
# rpm -ivh heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
3.2.2 删除原来ipvsadm规则条目:
# mv /etc/sysconfig/ipvsadm /etc/sysconfig/ipvsadm.old
3.2.3 关闭heartbeat服务:
# service heartbeat stop
3.2.4 将ldirectord服务的配置脚本复制到heartbeat管理目录中:
# cp /usr/share/doc/heartbeat-ldirectord-2.1.4/ldirectord.cf /etc/ha.d/resource.d/
3.2.5 将ldirectord的控制脚本复制到heartbeat资源控制目录中:
# cp /etc/init.d/ldirectord /etc/ha.d/resource.d/
3.2.6 编辑ldirectord控制脚本:
# cd /etc/ha.d/resource.d/
# vim ldirectord.cf
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969160H1Tj.png
//当不使用静默模式时:当服务不可用时,对应的ipvs条目会被删除;
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969161uSXP.png
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969161zZBi.png
3.2.7 改变heartbeat的资源管理文件:
# vim /etc/ha.d/haresources
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969162o2T6.png
//资源一是:地址192.168.10.10
//资源二是:服务ldirectord,后跟上服务的对应配置脚本;
3.2.8 启动heartbeat服务:
# service heartbeat start
3.3 在realserver1中创建测试页面:
# cd /var/www/html/
# echo "test" >.test.html
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969162SkPX.png
3.4 在realserver2中创建测试页面:
# cd /var/www/html/
# echo "test" >.test.html
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_13499691653cwl.png
4 测试:
4.1 当realserver的httpd服务正常运行时:
4.1.1 查看主群集服务器的网络地址:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969166BTCw.png
4.1.2 查看备份群集服务器的网络地址:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969167OXpV.png
4.1.3 查看主群集服务器的ipvs规则条目:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969170xn87.png
4.2 当关闭realserver1的httpd服务后:
4.2.1 停止realserver1的httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969173YOYl.png
4.2.2 查看主群集服务器的ipvs规则条目:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969174IaAV.png
//realserver1的ipvs规则消失了!
4.3 当关闭realserver2的httpd服务后:
4.3.1 停止realserver1的httpd服务:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969174zi5f.png
4.3.2 查看主群集服务器的ipvs规则条目:
http://cexpert.blog.运维网.com/attachment/201210/11/5251990_1349969174FAZX.png
//realserver2的ipvs规则消失了!
实验完毕!!
页:
[1]