Linux Cluster 02

Summary I. lvs-ha1.1 HA and keepalived

In the above demo, there are 2 legacy issues for both the Lvs-nat and the Lvs-nat models:

(1) If the scheduler server is hung, how to make it highly available to the scheduler

(2) If a server in RS hangs, how to do the cluster detection of RS

There are many ways to monitor health, such as the network layer can use ICMP ping to monitor the host's survival status, the transport layer can use the TCP port monitoring tool to detect the availability of ports, such as NMAP, the application layer, such as the ability to initiate requests for critical services.

There are generally 2 ways to achieve high availability, one is the implementation of the VRRP protocol, such as Keepalived, an AIS implementation scheme, such as Heartbeat,corosync

First, here is a very simple way to describe the AIS scheme, first of all, assume such a scenario, by multiple servers to provide the same services, such as the httpd service, when each machine in the cluster needs to know the other person's survival status, For example, machine A continues to send information to other machines to indicate that they are alive (if 3 consecutive failures will be judged to be non-viable), this method is called heartbeat detection, but there may be a network cause of the failure, a think that they are alive, but the information is not successfully received by other servers, For example, B and C all think A is a non-viable state, at this time will cause division phenomenon, to solve this problem requires an arbitration scheme, such as the simplest of the majority of the principle of obedience, which is generally recommended odd machines to build a cluster, sometimes only 2, you can use such as gateway server when observers gather enough 3 units can also, In short, there must be an arbitration mechanism. Suppose at this time that the majority of the thought that machine B can serve as master outward, need a mechanism to stop the service of machine A, and deprive him of IP rights, the simplest way is to stop a, and then configure an alias on the interface configured on machine B. In fact, the implementation of AIS is very complex, divided into three layers, the bottom is the cluster transaction layer, as well as resource management layer and resource agent layer, it is a very complete implementation, basically can meet all the high availability of the program.

Here we are concerned about the VRRP protocol, the virtual redundant Routing PROTOCOL,VRRP protocol is a very old protocol, is a virtual router protocol, and keepalived is the implementation of the VRRP protocol.

1.2 VRRP and Keepalived

Details of the VRRP agreement can be found in some of the VRRP protocol white papers from companies such as Huawei, because the VRRP protocol was originally intended to be a virtual route.

VRRP Term Description:

Virtual Router: consists of a master router and multiple backups. The host considers the virtual router as the default gateway.

Vrid: identity of the virtual router

Master Router : The router that assumes the message forwarding task in the virtual router.

Backup Router : When the master router fails, it can replace the router that the master router is working on.

Virtual IP Address : The IP address of the virtual router. A virtual router can have one or more IP addresses

IP Address owner : the router with the same interface IP address and virtual IP address is called the IP address owner.

Virtual MAC address : A virtual router has a virtual MAC address. The virtual MAC address is in the format 00-00-5e-00-01-{vrid}. Typically, the virtual router responds to the ARP request using the virtual MAC address, which responds to the interface's real MAC address only when the virtual router makes a special configuration.

priority : VRRP determines the status of each router in the virtual router based on the priority level.

preemption mode: in preemption mode, if the backup device has higher priority, self-actively switch to master

Non-preemption mode: In non-preemptive mode, the backup device will not become a master device even if it is subsequently configured with a higher priority, as long as the master device is not faulted

VRRP's working process:

(1) The virtual router elects master based on the priority level. Master can assume the message forwarding task by sending a free ARP message, notifying its virtual MAC address to the device or host to which it is connected.

(2) The master router periodically sends VRRP messages to announce its configuration information and working status

(3) If Master fails, elect from backup based on priority

(4) When the virtual router state switch, the master router is switched from one device to another, the new master router simply sends a free ARP message that carries the MAC address and virtual IP address information of the virtual router. This allows you to update the ARP-related information in the host or device to which it is connected. Hosts on the network do not perceive that the master router has switched to a different device

(5) If the backup router has a higher priority than master, it will decide whether to re-elect

VRRP Mode of operation

Master and Standby mode, one master, multiple units for backup

Main/main mode, in fact, is the primary standby mode

Keepalived

Keepalived as an implementation of the VRRP protocol, designed to be a highly available Ipvs server, he was able to define IPVS rules in the configuration file and to detect the health status of RS; vrrp_script,vrrp_track

The Keepalivedz contains multiple components:

Control Components: Profile Analyzer

Memory management

IO multiplexing

Core components

VRRP Stack

Checker

Ipvs Wrapper

Watch Dog

Prerequisites for HA cluster configuration

(1) Each node time synchronization, CentOS can be based on the NTP protocol, CENTOS7 can be chrony

(2) Ensure that iptables and selinux are not obstructed;

(3) Each node through the host name to each other copper wire, that is, the resolution of the name of the server must be the same as the result of "uname-n" command;

(4) The root user of each node is SSH communication based on key authentication;

Yum-y Install keepalived

Sync next time:

Ntpdate time.windows.com

Hwclock-w

1.3 keepalived configuration file

By command RPM-QC keepalived discovery configuration file only need to focus on keepalived.conf, details using man Keepalived.conf observation, briefly described below, keepavlived is divided into multiple configuration segments, global configuration segment, VPPR configuration segment, LVS configuration segment

Global_defs: Defining a global configuration

Global_defs {   notification_email {        [email protected]   }   notification_email_from [email protected ]   127.0.0.1   router_id ysz202   224.0.     100.18}

Note: Where [email protected] directly using local users as the pickup address, router_id can use the host name, to note that VRRP_MCAST_GROUP4 represents the IPv4 protocol multicast address, for example, Because the heartbeat communication in the cluster is sent separately for each server, the broadcast sends information to all servers in the LAN, so multicast is used here to send heartbeat information to a server that has the same multicast address.

VRRP_INSTANCE:VRRP instance Configuration

State master| BACKUP: The initial state of this node in the current VRRP instance;
Interface IFACE_NAME:VRRP is used to bind the VIP interface;
VIRTUAL_ROUTER_ID #: The current VRRP instance Vrid, the usable range is 0-255, the default is 51;
Priority #: Priorities of the current node, available range 0-255;
Advert_int 1: Notification interval;
Authentication {#认证机制
# pass| | AH
# Pass-simple PASSWD (suggested)
# AH-IPSEC (not recommended))
Auth_type PASS
# Password for accessing VRRPD.
# should is the same for all machines.
# only the first eight (8) characters is used.
Auth_pass 1234
}

# The most critical. Define VIP
virtual_ipaddress {
<IPADDR>/<MASK> brd <IPADDR> Dev <STRING> scope <SCOPE> label <LABEL>

192.168.200.17/24 Dev eth1

192.168.200.18.24 Dev eth2 label eth2:1

}

# There may be multiple interfaces on a host that define the interfaces to monitor

Trace_interface {

Eth0

Eth1

...

}

Nopreempt #非抢占模式, the default is preemption mode, if 2 server performance has pros and cons, you can preempt.

#通告脚本定义

Notify_master "/etc/keepalived/notify.sh Master"
Notify_backup "/etc/keepalived/notify.sh Backup"
Notify_fault "/etc/keepalived/notify.sh Fault"

Where the script notify.sh can be roughly as follows

#!/bin/bash#contact='[email protected]'Notify () {subject="$ (hostname) to be $1:VIP floating"Body="$ (date + '%F%T '): VRRP transition, $ (hostname) change to be $"        Echo$body | Mail-s"$subject"$contact} Case$1 inchmaster) notify Master;;        Backup) notify backup;;        fault) notify fault;; *)                Echo "usage:$ (basename $) {Master|backup|fault}"                ;;Esac

virtual_server: Virtual Server

Virtual server IP port or vitual server FWM #

Virtual_server192.168.200.100 443{Delay_loop6# Lb_algo RR #负载均衡调度算法 lb_kind NAT #调度类型 nat_mask255.255.255.0# Persistence_timeout -#持久连接时长 Protocol TCP #只支持TCP协议 # quality regression. Defaults to1. Quorum1sorry_server 192.168.1.202 real_server192.168.201.100 443{weight1#notify_up<STRING>|<QUOTED-STRING>#notify_down<STRING>|<QUOTED-STRING>#应用层检测 ssl_get {url {path}/digest ff20ad2481f97b1754ef3e12ecd3a9cc #特征码} URL {path /mrtg/Status_code $#基于状态码判定} connect_timeout3#连接的超时时长 nb_get_retry3#连接的重试次数 delay_before_retry3#连接的重试间隔}}}

Summarize:

If you just need a VIP service, you can configure only VRRP instances, and if you need keepalived to help complete LVS load balancing, you need to configure vitual Server

1.4 Vrrp_script and Track_script

Vrrp_script: Resource Script

Track_script: Call Vrrp_script script to monitor resources;

vrrp_script chk_httpd {script"killall-0 httpd"interval2Weight-5}vrrp_instance vi_1 {State BACKUP interface eth0 virtual_router_idWuyi Priority98Advert_int1Authentication {auth_type PASS auth_pass1111} virtual_ipaddress {192.168.1.111/ +Brd192.168.1.111Dev eth0 label eth0:0} track_script {chk_httpd} notify_master"/etc/keepalived/notify.sh Master"Notify_backup"/etc/keepalived/notify.sh Backup"Notify_fault"/etc/keepalived/notify.sh Fault"}

Note: The above configuration command killall-0 httpd used to detect whether the current httpd process is alive, if not, return failure, the current server priority will be reduced, in the preemption mode by the master->backup to achieve address drift, This approach can be highly available for any service, such as the httpd here can be changed to Nginx.

Ii. Demo: Use keepalived to complete the dual master model

The two-master model is actually the main preparation model, 2 instances of the primary preparation, such as a httpd service, an nginx service, minimizing the waste of resources, note that the following are 2 different IP addresses, so you can also do a load balancing on the DNS resolution server, so that the request spread to 2 IP, So that the front-end 2 schedulers are not idle.

ysz202 configuration file

Global_defs {notification_email {[email protected]} Notification_email_from [email protected] Smtp_serve R127.0.0.1Smtp_connect_timeout -router_id ysz202 vrrp_mcast_group4224.0.100.18}vrrp_script chk_httpd {script"killall-0 httpd"interval2Weight-5}vrrp_instance vi_1 {State MASTER interface eth0 virtual_router_idWuyi Priority -Advert_int1Authentication {auth_type PASS auth_pass1111} virtual_ipaddress {192.168.1.111/ +Brd192.168.1.111Dev eth0 label eth0:0} track_script {chk_httpd} notify_master"/etc/keepalived/notify.sh Master"Notify_backup"/etc/keepalived/notify.sh Backup"Notify_fault"/etc/keepalived/notify.sh Fault"}vrrp_instance vi_2 {State BACKUP interface eth0 virtual_router_id the Priority98Advert_int1Authentication {auth_type PASS auth_pass1111} virtual_ipaddress {192.168.1.112/ +Brd192.168.1.111Dev eth0 label eth0:1} track_script {chk_httpd} notify_master"/etc/keepalived/notify.sh Master"Notify_backup"/etc/keepalived/notify.sh Backup"Notify_fault"/etc/keepalived/notify.sh Fault"}

ysz204 on the configuration file

Global_defs {notification_email {[email protected]} Notification_email_from [email protected] Smtp_serv ER127.0.0.1Smtp_connect_timeout -router_id ysz202 vrrp_mcast_group4224.0.100.18}vrrp_script chk_httpd {script"killall-0 httpd"interval2Weight-5}vrrp_instance vi_1 {State BACKUP interface eth0 virtual_router_idWuyi Priority98Advert_int1Authentication {auth_type PASS auth_pass1111} virtual_ipaddress {192.168.1.111/ +Brd192.168.1.111Dev eth0 label eth0:0} track_script {chk_httpd} notify_master"/etc/keepalived/notify.sh Master"Notify_backup"/etc/keepalived/notify.sh Backup"Notify_fault"/etc/keepalived/notify.sh Fault"}vrrp_instance vi_2 {State MASTER interface eth0 virtual_router_id the Priority -Advert_int1Authentication {auth_type PASS auth_pass1111} virtual_ipaddress {192.168.1.112/ +Brd192.168.1.111Dev eth0 label eth0:1} track_script {chk_httpd} notify_master"/etc/keepalived/notify.sh Master"Notify_backup"/etc/keepalived/notify.sh Backup"Notify_fault"/etc/keepalived/notify.sh Fault"}

Linux Cluster 02