基于keepalived的redis系统master双机热备（读数据负载均衡）设

基于keepalived的redis系统master双机热备，读数据负载均衡设置方案

==========================================================================================

硬件：

机器 ip 作用

master 192.168.0.2 redis系统的master主机

slave1 192.168.0.3 redis系统的slave机器，和master组成双机热备 slave2 192.168.0.4

redis系统的slave机器，和slave1构成读数据的负载均衡系统

软件：

keepalived，下载地址：www.keepalived.org

lvs，下载地址：http://www.linuxvirtualserver.org

redis，下载地址：www.redis.io

centos 6.4版本

安装：

不采用编译安装的方式，使用yum安装

1.安装kernel-devel：yum install kernel-devel.这是ipvsadm需要的

2.安装lvs：yum install ipvsadm

3.安装keepalived:yum install keepalived

如果无法联网，请去这里考古寻找自己需要的rpm文件

base:http://tel.mirrors.163.com/centos/6/os/x86_64/Packages/

update:http://tel.mirrors.163.com/centos/6/updates/x86_64/Packages/

下面是需要的rpm文件列表截图

kernel-devel需要的文件

以及需要的证书

lvs需要的文件

keepalived需要的文件

注意，三台机器都需要安装keepalived

配置keepalived：

1.centos必要配置：

/etc/sysctl.conf文件

net.ipv4.ip_forward=1#转发开启

2.keepalived必要配置：

master修改/etc/keepalived/keepalived.conf为如下

[plain] view plaincopy 1. ! Configuration File for keepalived 2.

3. global_defs {

4. notification_email { 5. 邮箱 6. }

7. notification_email_from 邮箱 8. smtp_server 邮箱服务器地址 9. smtp_connect_timeout 30 10. router_id LVS_DEVEL 11. }

12. vrrp_instance VI_1 { 13. state MASTER

14. interface eth0 #eth0是要绑定的网卡

15. virtual_router_id 100 #同一个vrrp_instance中的值必须一样 16. priority 160 #master的值要高于backup的 17. advert_int 1 18. authentication { 19. auth_type PASS 20. auth_pass 1111 21. }

22. virtual_ipaddress {

23. 192.168.0.5 #用于双机热备的虚拟ip 24. } 25. 26. }

27. virtual_server 192.168.0.5 6379 { 28. delay_loop 3 29. lb_algo wrr 30. lb_kind DR

31. persistence_timeout 30 32. protocol TCP

33. real_server 192.168.0.2 6379 { 34. weight 8

35. notify_down redis服务失败后要执行的脚本的路径/脚本名 #服务失败后要执行的

脚本

36. TCP_CHECK { 37. connect_timeout 1 38. nb_get_retry 3 39. delay_before_retry 3 40. connect_port 6379 41. } 42. } 43. }

slave1修改/etc/keepalived/keepalived.conf为如下

[plain] view plaincopy 1. ! Configuration File for keepalived 2.

3. global_defs {

4. notification_email { 5. 邮箱 6. }

7. notification_email_from 邮箱 8. smtp_server 邮箱服务器地址 9. smtp_connect_timeout 30 10. router_id LVS_DEVEL 11. } 12.

13. vrrp_instance VI_1 { 14. state MASTER

15. interface eth0 #eth0是要绑定的网卡

16. virtual_router_id 100 #同一个vrrp_instance中的值必须一样 17. priority 160 #master的值要高于backup的 18. advert_int 1 19. authentication { 20. auth_type PASS 21. auth_pass 1111 22. }

23. virtual_ipaddress {

24. 192.168.0.5 #用于双机热备的虚拟ip 25. }

26. notify_master 将slave重新转换为slave的脚本 27. }

28. vrrp_instance VI_2 {

29. state MASTER #将此slave作为读数据的master

30. interface eth0 31. virtual_router_id 101 32. priority 151 33. advert_int 1 34. authentication { 35. auth_type PASS 36. auth_pass 1111 37. }

38. virtual_ipaddress {

39. 192.168.0.6 #用于读取数据的负载均衡的虚拟ip 40. } 41. }

42. virtual_server 192.168.0.5 6379 { 43. delay_loop 3 44. lb_algo wrr 45. lb_kind DR

46. persistence_timeout 30 47. protocol TCP

48. real_server 192.168.0.2 6379 { 49. weight 1

50. notify_down redis服务失败后要执行的脚本的路径/脚本名 #服务失败后

要执行的脚本

51. TCP_CHECK { 52. connect_timeout 1 53. nb_get_retry 2 54. delay_before_retry 1 55. connect_port 6379 56. } 57. }

58. real_server 192.168.0.3 6379 { 59. weight 8 60. TCP_CHECK { 61. connect_timeout 10 62. nb_get_retry 3 63. delay_before_retry 3 64. connect_port 6379 65. } 66. } 67. }

68. virtual_server 192.168.0.6 6379 { 69. delay_loop 3 70. lb_algo wrr 71. lb_kind DR

72. persistence_timeout 30

73. protocol TCP

74. real_server 192.168.0.2 6379 { 75. weight 8 76. TCP_CHECK { 77. connect_timeout 10 78. nb_get_retry 3 79. delay_before_retry 3 80. connect_port 6379 81. } 82. }

83. real_server 192.168.0.3 6379 { 84. weight 7 85. TCP_CHECK { 86. connect_timeout 10 87. nb_get_retry 3 88. delay_before_retry 3 89. connect_port 6379 90. } 91. } 92. }

slave2修改/etc/keepalived/keepalived.conf为如下

[plain] view plaincopy 1. ! Configuration File for keepalived 2.

3. global_defs {

4. notification_email { 5. 邮箱 6. }

7. notification_email_from 邮箱 8. smtp_server 邮箱服务器地址 9. smtp_connect_timeout 30 10. router_id LVS_DEVEL 11. }

12. vrrp_instance VI_2 { 13. state BACKUP 14. interface eth0 15. virtual_router_id 101 16. priority 149 17. advert_int 1 18. authentication {

19. auth_type PASS 20. auth_pass 1111 21. }

22. virtual_ipaddress { 23. 192.168.0.6 24. } 25. }

26. virtual_server 192.168.0.6 6379 { 27. delay_loop 3 28. lb_algo wrr 29. lb_kind DR

30. persistence_timeout 30 31. protocol TCP

32. real_server 192.168.0.2 6379 { 33. weight 8 34. TCP_CHECK { 35. connect_timeout 10 36. nb_get_retry 3 37. delay_before_retry 3 38. connect_port 6379 39. } 40. }

41. real_server 192.168.0.3 6379 { 42. weight 7 43. TCP_CHECK { 44. connect_timeout 10 45. nb_get_retry 3 46. delay_before_retry 3 47. connect_port 6379 48. } 49. } 50. }

配置redis：

master无需特殊配置 slave1则设置为master的从机 slave2则需要设置为192.168.0.5的从机，否则在master失效后slave2会无法继续读取数据

需要的脚本： 在master执行的脚本:

[plain] view plaincopy 1. #!/usr/bin/env bash

2. ervice keepalived stop #需要用户具有权限，不中断keepalived服务虚拟ip无法转移

在slave1执行的脚本： [plain] view plaincopy 1. #!/usr/bin/env bash 2.

3. /usr/local/bin/redis-cli -h 127.0.0.1 -p 6379 slaveof NO ONE #将slave1转换为

redis的

slave1第二个脚本，在master服务重启后将slave1重新转换为slave状态

最终效果： 192.168.0.5 提供了redis的双机热备服务，192.168.0.6则提供了数据读取的负载均衡 [plain] view plaincopy 1. #!/usr/bin/env bash 2.

3. /usr/local/bin/redis-cli slaveof 192.168.0.2 6379 #将slave1重新转换为redis的

slave

需要注意，master每次需要先启动redis服务然后再启动keepalived

==========================================================================================

基于keepalived、redis sentinel的高可用redis集群【修改版】

2013年12月12日 ? 综合 ? 共 5289字 ? 字号 小 中 大 ? 评论关闭 原方案地址原方案

硬件

机器名 IP master 192.168.0.2 slave1 192.168.0.3 slave2 192.168.0.4 作用 redis的master服务器 redis的slave服务器 redis的slave服务器 keepalived和redis sentinel服务器，承载192.168.0.5【虚拟IP：route1 写redis的VIP【虚拟ip】，做写的双机热备192.168.0.7】 的主master指定 keepalived和redis sentinel服务器，承载192.168.0.6【虚拟IP：route2 读redis的VIP，做读的负载均衡和写的双机192.168.0.8】 热备的master备份路由指定 详细的keepalived配置，route1

! Configuration File for keepalived

global_defs {

notification_email { 邮箱 }

notification_email_from 邮箱@bitauto.com smtp_server 邮箱服务器地址 smtp_connect_timeout 30 router_id LVS_DEVEL }

vrrp_instance VI_1 { state MASTER interface eth1 virtual_router_id 100 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 }

virtual_ipaddress { 192.168.0.7 } }

vrrp_instance VI_2 { state BACKUP interface eth1 virtual_router_id 101 priority 101 advert_int 1 authentication { auth_type PASS auth_pass 1111 }

virtual_ipaddress { 192.168.0.8 } }

virtual_server 192.168.0.7 6379 { delay_loop 3 lb_algo rr lb_kind DR

persistence_timeout 15 protocol TCP

real_server 192.168.0.4 6379 { weight 4

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5

} }

real_server 192.168.0.2 6379 { weight 3

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5 } }

real_server 192.168.0.3 6379 { weight 3

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5 } } }

virtual_server 192.168.0.8 6379 { delay_loop 3 lb_algo wrr lb_kind DR

persistence_timeout 30 protocol TCP

real_server 192.168.0.2 6379 { weight 8 TCP_CHECK { connect_timeout 10 nb_get_retry 3

delay_before_retry 3 connect_port 6379 } }

real_server 192.168.0.3 6379 { weight 2 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 6379 } }

real_server 192.168.0.4 6379 { weight 2 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 6379 } } }

route2的配置文件

! Configuration File for keepalived

global_defs {

notification_email {

# xieqj@bitauto.com #shanghq@bitauto.com }

notification_email_from xieqj@bitauto.com smtp_server mail.bitauto.com smtp_connect_timeout 30 router_id LVS_DEVEL }

vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 100 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 }

virtual_ipaddress { 192.168.87.89 }

#notify_master \}

vrrp_instance VI_2 { state MASTER interface eth1 virtual_router_id 101 priority 151 advert_int 1 authentication {

auth_type PASS auth_pass 1111 }

virtual_ipaddress { 192.168.87.90 } }

virtual_server 192.168.87.89 6379 { delay_loop 3 lb_algo rr lb_kind DR

persistence_timeout 15 protocol TCP

real_server 192.168.87.103 6379 { weight 4

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5 } }

real_server 192.168.87.104 6379 { weight 4

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5 } }

real_server 192.168.87.105 6379 {

weight 4

notify_up /home/wind/redis_up.sh MISC_CHECK {

misc_path \ misc_timeout 5 } } }

virtual_server 192.168.87.90 6379 { delay_loop 3 lb_algo wrr lb_kind DR

persistence_timeout 30 protocol TCP

real_server 192.168.87.104 6379 { weight 8 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 6379 } }

real_server 192.168.87.105 6379 { weight 2 TCP_CHECK { connect_timeout 10 nb_get_retry 3 delay_before_retry 3 connect_port 6379

} } }

keepalived的master的MISCH_CHECK监测脚本

#!/usr/bin/python import sys,commands

cmd=\info\是输入的参数,sys.argv[0]是需要执行的命令，以后才是参数。1是ip，2是端口 str=commands.getoutput(cmd) ismaster=-100

ismaster=str.count(\原来是使用index方法，但是找不到字符串时会报错 zero=0

if ismaster>zero:

sys.exit(0) #返回0在keepalived表示健康 else:

sys.exit(1) #返回1表示keepalived检测端口不健康

更多MISC_CHECK参考见http://bbs.ywlm.net/thread-845-1-1.html

redis维护脚本redis_up.sh用在检测到服务启动时

#!/usr/bin/env bash

/usr/local/bin/redis-cli -h $argv[1] -p 6379 config set appendonly no

redis设置与sentinel设置无变化

需要特别注意的配置，如果没有这个配置就会发生keepalived不转发的的问题，而且是如果redis和keepalive是同一台机器，会转发，但是如果相互间独立，则realserver收不到转发包

配置master

vim /etc/sysctl.conf,添加内容如下

net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2

执行命令

sysctl -p

ip addr add 192.168.0.7/32 dev lo ip addr add 192.168.0.8/32 dev lo

ip add list

lo环上出现了指定的ip即可

配置slave1

vim /etc/sysctl.conf,添加内容如下

net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2

执行命令

sysctl -p

ip addr add 192.168.0.7/32 dev lo ip addr add 192.168.0.8/32 dev lo

ip add list

配置slave2

vim /etc/sysctl.conf,添加内容如下

net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2

执行命令 sysctl -p

ip addr add 192.168.0.7/32 dev lo ip addr add 192.168.0.8/32 dev lo

ip add list

========================================================================================== 硬件 机器名 IP master 192.168.0.2 slave1 192.168.0.3 slave2 192.168.0.4 route1 作用 redis的master服务器 redis的slave服务器 redis的slave服务器 192.168.0.5【虚拟IP：keepalived和redis sentinel服务器，承载写redis的192.168.0.7】 VIP【虚拟ip】，做写的双机热备的主master指定 route2 192.168.0.6【虚拟IP：keepalived和redis sentinel服务器，承载读redis的192.168.0.8】 VIP，做读的负载均衡和写的双机热备的master备份路由指定

安装与配置见此文安装与配置 详细的keepalived配置，route1

[plain] view plaincopy 1. ! Configuration File for keepalived 2.

3. global_defs {

4. notification_email { 5. 邮箱 6. }

7. notification_email_from 邮箱 8. smtp_server 邮箱服务器地址 9. smtp_connect_timeout 30 10. router_id LVS_DEVEL 11. }

12. vrrp_instance VI_1 { 13. state MASTER

14. interface eth0 #eth0是要绑定的网卡

15. virtual_router_id 100 #同一个vrrp_instance中的值必须一样 16. priority 160 #master的值要高于backup的 17. advert_int 1 18. authentication { 19. auth_type PASS 20. auth_pass 1111 21. }

22. virtual_ipaddress {

23. 192.168.0.7 #用于双机热备的虚拟ip 24. } 25. 26. }

27. virtual_server 192.168.0.7 6379 { 28. delay_loop 3 29. lb_algo wrr 30. lb_kind DR

31. persistence_timeout 30 32. protocol TCP

33. real_server 192.168.0.2 6379 { 34. weight 8

35. notify_down redis服务失败后要执行的脚本的路径/脚本名 #服务失败后要执行的

脚本

36. TCP_CHECK { 37. connect_timeout 1 38. nb_get_retry 3 39. delay_before_retry 3 40. connect_port 6379 41. } 42. } 43. }

route2的配置文件 [plain] view plaincopy 1. ! Configuration File for keepalived 2.

3. global_defs {

4. notification_email { 5. 邮箱 6. }

7. notification_email_from 邮箱 8. smtp_server 邮箱服务器地址 9. smtp_connect_timeout 30 10. router_id LVS_DEVEL 11. } 12.

13. vrrp_instance VI_1 { 14. state MASTER

15. interface eth0 #eth0是要绑定的网卡

16. virtual_router_id 100 #同一个vrrp_instance中的值必须一样 17. priority 160 #master的值要高于backup的 18. advert_int 1 19. authentication { 20. auth_type PASS 21. auth_pass 1111 22. }

23. virtual_ipaddress {

24. 192.168.0.7 #用于双机热备的虚拟ip 25. }

26. notify_master \ 27. }

28. vrrp_instance VI_2 {

29. state MASTER #将此slave作为读数据的master 30. interface eth0 31. virtual_router_id 101

32. priority 151 33. advert_int 1 34. authentication { 35. auth_type PASS 36. auth_pass 1111 37. }

38. virtual_ipaddress {

39. 192.168.0.8 #用于读取数据的负载均衡的虚拟ip 40. } 41. }

42. virtual_server 192.168.0.7 6379 { 43. delay_loop 3 44. lb_algo wrr 45. lb_kind DR

46. persistence_timeout 30 47. protocol TCP

48. real_server 192.168.0.3 6379 { 49. weight 8 50. TCP_CHECK { 51. connect_timeout 10 52. nb_get_retry 3 53. delay_before_retry 3 54. connect_port 6379 55. } 56. } 57. }

58. virtual_server 192.168.0.8 6379 { 59. delay_loop 3 60. lb_algo wrr 61. lb_kind DR

62. persistence_timeout 30 63. protocol TCP

64. real_server 192.168.0.3 6379 { 65. weight 5 66. TCP_CHECK { 67. connect_timeout 10 68. nb_get_retry 3 69. delay_before_retry 3 70. connect_port 6379 71. } 72. }

73. real_server 192.168.0.4 6379 { 74. weight 5 75. TCP_CHECK {

76. connect_timeout 10 77. nb_get_retry 3 78. delay_before_retry 3 79. connect_port 6379 80. } 81. } 82. }

redis维护脚本redis.sh

[plain] view plaincopy 1. #!/usr/bin/env bash

2. /usr/local/bin/redis-cli -h 192.168.0.2 -p 6379 shutdown

3. /usr/local/bin/redis-cli -h 192.168.0.3 -p 6379 config set appendonly no

此脚本用在route2的notify_master，即当route2进入master时执行 设置redis的主从关系

设置redis的sentinel，配置文件

[plain] view plaincopy 1. # Example sentinel.conf 2.

3. # port

4. # The port that this sentinel instance will run on 5. port 26379 6.

7. # sentinel monitor 8. #

9. # Tells Sentinel to monitor this slave, and to consider it in O_DOWN 10. # (Objectively Down) state only if at least sentinels agree. 11. #

12. # Note: master name should not include special characters or spaces. 13. # The valid charset is A-z 0-9 and the three characters \

14. sentinel monitor mymaster 192.168.0.2 6379 2 #此处的意思是需要两个哨兵来确认服务

是否挂掉 15.

16. # sentinel auth-pass 17. #

18. # Set the password to use to authenticate with the master and slaves.

19. # Useful if there is a password set in the Redis instances to monitor. 20. #

21. # Note that the master password is also used for slaves, so it is not 22. # possible to set a different password in masters and slaves instances 23. # if you want to be able to monitor these instances with Sentinel. 24. #

25. # However you can have Redis instances without the authentication enabled 26. # mixed with Redis instances requiring the authentication (as long as the 27. # password set is the same for all the instances requiring the password) as 28. # the AUTH command will have no effect in Redis instances with authentication 29. # switched off. 30. #

31. # Example: 32. #

33. # sentinel auth-pass mymaster MySUPER--secret-0123passw0rd 34.

35. # sentinel down-after-milliseconds 36. #

37. # Number of milliseconds the master (or any attached slave or sentinel) should 38. # be unreachable (as in, not acceptable reply to PING, continuously, for the 39. # specified period) in order to consider it in S_DOWN state (Subjectively 40. # Down). 41. #

42. # Default is 30 seconds.

43. sentinel down-after-milliseconds mymaster 5000 44.

45. # sentinel can-failover 46. #

47. # Specify if this Sentinel can start the failover for this master. 48. sentinel can-failover mymaster yes 49.

50. # sentinel parallel-syncs 51. #

52. # How many slaves we can reconfigure to point to the new slave simultaneously 53. # during the failover. Use a low number if you use the slaves to serve query 54. # to avoid that all the slaves will be unreachable at about the same 55. # time while performing the synchronization with the master. 56. sentinel parallel-syncs mymaster 1 57.

58. # sentinel failover-timeout 59. #

60. # Specifies the failover timeout in milliseconds. When this time has elapsed 61. # without any progress in the failover process, it is considered concluded by 62. # the sentinel even if not all the attached slaves were correctly configured

63. # to replicate with the new master (however a \ 64. # is sent to all the slaves before). 65. #

66. # Also when 25% of this time has elapsed without any advancement, and there 67. # is a leader switch (the sentinel did not started the failover but is now 68. # elected as leader), the sentinel will continue the failover doing a 69. # \ 70. #

71. # Default is 15 minutes.

72. sentinel failover-timeout mymaster 90000 73.

74. # SCRIPTS EXECUTION 75. #

76. # sentinel notification-script and sentinel reconfig-script are used in order 77. # to configure scripts that are called to notify the system administrator 78. # or to reconfigure clients after a failover. The scripts are executed 79. # with the following rules for error handling: 80. #

81. # If script exists with \ 82. # number of times currently set to 10). 83. #

84. # If script exists with \ 85. # not retried. 86. #

87. # If script terminates because it receives a signal the behavior is the same 88. # as exit code 1. 89. #

90. # A script has a maximum running time of 60 seconds. After this limit is 91. # reached the script is terminated with a SIGKILL and the execution retried. 92.

93. # NOTIFICATION SCRIPT 94. #

95. # sentinel notification-script 96. #

97. # Call the specified notification script for any sentienl event that is 98. # generated in the WARNING level (for instance -sdown, -odown, and so forth). 99. # This script should notify the system administrator via email, SMS, or any 100. # other messaging system, that there is something wrong with the monitored 101. # Redis systems. 102. #

103. # The script is called with just two arguments: the first is the event type 104. # and the second the event description. 105. #

106. # The script must exist and be executable in order for sentinel to start if

107. # this option is provided. 108. #

109. # Example: 110. #

111. # sentinel notification-script mymaster /var/redis/notify.sh 112.

113. # CLIENTS RECONFIGURATION SCRIPT 114. #

115. # sentinel client-reconfig-script 116. #

117. # When the failover starts, ends, or is aborted, a script can be called in 118. # order to perform application-specific tasks to notify the clients that the 119. # configuration has changed and the master is at a different address. 120. #

121. # The script is called in the following cases: 122. #

123. # Failover started (a slave is already promoted)

124. # Failover finished (all the additional slaves already reconfigured) 125. # Failover aborted (in that case the script was previously called when the 126. # failover started, and now gets called again with swapped 127. # addresses). 128. #

129. # The following arguments are passed to the script: 130. #

131. # 132. #

133. # is \ 134. # is either \ 135. #

136. # The arguments from-ip, from-port, to-ip, to-port are used to communicate 137. # the old address of the master and the new address of the elected slave 138. # (now a master) in the case state is \ 139. #

140. # For abort instead the \ 141. # \ 142. # was aborted. 143. #

144. # This script should be resistant to multiple invocations. 145. #

146. # Example: 147. #

148. # sentinel client-reconfig-script mymaster /var/redis/reconfig.sh

需要特别注意的配置，如果没有这个配置就会发生keepalived不转发的的问题，而且是如果redis和keepalive是同一台机器，会转发，但是如果相互间独立，则realserver收不到转发包 配置master

vim /etc/sysctl.conf,添加内容如下

[plain] view plaincopy 1. net.ipv4.conf.lo.arp_ignore = 1 2. net.ipv4.conf.lo.arp_announce = 2 3. net.ipv4.conf.all.arp_ignore = 1 4. net.ipv4.conf.all.arp_announce = 2

执行命令 [plain] view plaincopy 1. sysctl -p

2. ip addr add 192.168.0.7/32 dev lo 3. ip add list

lo环上出现了指定的ip即可 配置slave1

vim /etc/sysctl.conf,添加内容如下

[plain] view plaincopy 1. net.ipv4.conf.lo.arp_ignore = 1 2. net.ipv4.conf.lo.arp_announce = 2 3. net.ipv4.conf.all.arp_ignore = 1 4. net.ipv4.conf.all.arp_announce = 2

执行命令 [plain] view plaincopy 1. sysctl -p

2. ip addr add 192.168.0.7/32 dev lo

3.

list  
配置slave2 
vim /etc/sysctl.conf,添加内容如下 
[plain] view plaincopy 1. net.ipv4.conf.lo.arp_ignore = 1  2. net.ipv4.conf.lo.arp_announce = 2  3. net.ipv4.conf.all.arp_ignore = 1  4. net.ipv4.conf.all.arp_announce = 2  
执行命令 [plain] view plaincopy 1. sysctl -p  
2. ip addr add 192.168.0.8/32 dev lo  3. ip add list  
设置sentinel 
redis 的sentinel在配置文件中设定为2，所以route1和route2两台机器都需要配置 启动redis的sentinel 
[plain] view plaincopy 1. /usr/local/bin/redis-server /etc/redis/sentinel.conf --sentinel  2.  
 
==========================================================================================    
Keepalived原理与实战精讲 
gotop&FinalBSD 
 
什么是Keepalived呢，keepalived观其名可知，保持存活，在网络里面就是保持在线了，也就是所谓的高可用来防止单点故障(单点故障是指一旦某一点出现故障就会导致整个系统架构的不可用)的发生，那说到keepalive的一个协议就是VRRP协议，可以说这个协议就是keepalived实现的基础，那么首先我们来看看VRRP协议  
注：搞运维的要有足够的耐心哦，不理解协议就很难透彻的掌握keepalived的了  
一，VRRP协议 
VRRP协议 
学过网络的朋友都知道，网络在设计的时候必须考虑到冗余容灾，包括线路冗余，设备冗余等，防止网络存在单在路由器或三层交换机处实现冗余就显得尤为重要，在网络里面有个协议就是来做这事的，这个协议就是VRRPKeepalived就是巧用VRRP协议来实现高可用性(HA)的  
VRRP协议有一篇文章写的非常好，大家可以直接看这里(记得认真看看哦，后面基本都已这个为基础的了) 帖子地址：http://bbs.ywlm.net/thread-790-1-1.html 只需要把服务器当作路由器即可！  
在《VRRP协议》里讲到了虚拟路由器的ID也就是VRID在这里比较重要  
keepalived完全遵守VRRP协议，包括竞选机制等等  
二，Keepalived原理 
 
Keepalived原理 
keepalived也是模块化设计，不同模块复杂不同的功能，下面是keepalived的组件 core check vrrp libipfwc libipvs-2.4 libipvs-2.6  
core：是keepalived的核心，复杂主进程的启动和维护，全局配置文件的加载解析等 
check：负责healthchecker(健康检查)，包括了各种健康检查方式，以及对应的配置的解析包括LVS的配置解vrrp：VRRPD子进程，VRRPD子进程就是来实现VRRP协议的 libipfwc：iptables(ipchains)库，配置LVS会用到 libipvs*：配置LVS会用到 
注意，keepalived和LVS完全是两码事，只不过他们各负其责相互配合而已  
 
keepalived启动后会有三个进程 父进程：内存管理，子进程管理等等 子进程：VRRP子进程 
子进程：healthchecker子进程  
有图可知，两个子进程都被系统WatchDog看管，两个子进程各自复杂自己的事，healthchecker子进程复杂检查的健康程度，例如HTTP，LVS等等，如果healthchecker子进程检查到MASTER上服务不可用了，就会通知本机上子进程，让他删除通告，并且去掉虚拟IP，转换为BACKUP状态  
三，Keepalived配置文件详解 
  
keepalived配置详解 
keepalived有三类配置区域(姑且就叫区域吧)，注意不是三种配置文件，是一个配置文件里面三种不同类别的 
全局配置(Global Configuration) VRRPD配置 LVS配置  
一，全局配置 
全局配置又包括两个子配置： 全局定义(global definition) 
静态路由配置(static ipaddress/routes)  
1，全局定义(global definition)配置范例 
1. global_defs 2. { 
3. notification_email 4. { 
5. admin@example.com 6. } 
7. notification_email_from admin@example.com 8. smtp_server 127.0.0.1 9. stmp_connect_timeout 30 10. router_id node1 11. } 
复制代码 
全局配置解析 
global_defs全局配置标识，表面这个区域{}是全局配置 
1. notification_email 2.  3. { 4.  
5. admin@example.com 6. admin@ywlm.net 7.  8. } 
复制代码 
表示keepalived在发生诸如切换操作时需要发送email通知，以及email发送给哪些邮件地址，邮件地址可以个  
notification_email_from admin@example.com 表示发送通知邮件时邮件源地址是谁  
smtp_server 127.0.0.1 
表示发送email时使用的smtp服务器地址，这里可以用本地的sendmail来实现  
smtp_connect_timeout 30 连接smtp连接超时时间 
 
router_id node1 机器标识  
2，静态地址和路由配置范例 
1. static_ipaddress 2. { 
3. 192.168.1.1/24 brd + dev eth0 scope global 4. 192.168.1.2/24 brd + dev eth1 scope global 5. } 
6. static_routes 7. { 
8. src $SRC_IP to $DST_IP dev $SRC_DEVICE 
9. src $SRC_IP to $DST_IP via $GW dev $SRC_DEVICE 10. } 
复制代码 
 
这里实际上和系统里面命令配置IP地址和路由一样例如： 
192.168.1.1/24 brd + dev eth0 scope global 相当于: ip addr add 192.168.1.1/24 brd + dev eth0 scop就是给eth0配置IP地址 路由同理 
一般这个区域不需要配置 
这里实际上就是给服务器配置真实的IP地址和路由的，在复杂的环境下可能需要配置，一般不会用这个来配置接用vi /etc/sysconfig/network-script/ifcfg-eth1来配置，切记这里可不是VIP哦，不要搞混淆了，切记切 
二，VRRPD配置 
VRRPD配置包括三个类 
VRRP同步组(synchroization group) VRRP实例(VRRP Instance)VRRP脚本  
1，VRRP同步组(synchroization group)配置范例 
1. vrrp_sync_group VG_1 { 2. group { 3. http 4. mysql 5. } 
6. notify_master /path/to/to_master.sh 7. notify_backup /path_to/to_backup.sh 
8. notify_fault \9. notify /path/to/notify.sh 10. smtp_alert 11. } 
复制代码 
其中： 
1. group { 2. http 3. mysql 4. } 
复制代码 
http和mysql是实例名和下面的实例名一致  
1. notify_master /path/to/to_master.sh：表示当切换到master状态时，要执行的脚本 2.  
3. notify_backup /path_to/to_backup.sh：表示当切换到backup状态时，要执行的脚本 4.  
5. notify_fault \
复制代码 
notify /path/to/notify.sh：  
smtp alter表示切换时给global defs中定义的邮件地址发送右键通知  
2，VRRP实例(instance)配置范例 
1. vrrp_instance http { 2. state MASTER 3. interface eth0 4. dont_track_primary 5. track_interface { 6. eth0 7. eth1 8. } 
9. mcast_src_ip  10. garp_master_delay 10 11. virtual_router_id 51 
12. priority 100 13. advert_int 1 14. authentication { 15. auth_type PASS 16. autp_pass 1234 17. } 
18. virtual_ipaddress { 
19. #/ brd  dev  scope  label  20. 192.168.200.17/24 dev eth1 
21. 192.168.200.18/24 dev eth2 label eth2:1 22. } 
23. virtual_routes { 
24. # src  [to] / via|gw  dev  scope  tab 25. src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev eth1 26. 192.168.110.0/24 via 192.168.200.254 dev eth1 27. 192.168.111.0/24 dev eth2 
28. 192.168.112.0/24 via 192.168.100.254 29. } 
30. nopreempt 
31. preemtp_delay 300 32. debug 33. } 
复制代码 
 
state：state指定instance(Initial)的初始状态，就是说在配置好后，这台服务器的初始状态就是这里指定的定的不算，还是得要通过竞选通过优先级来确定，里如果这里设置为master，但如若他的优先级不及另外一台发送通告时，会发送自己的优先级，另外一台发现优先级不如自己的高，那么他会就回抢占为master  
interface：实例绑定的网卡，因为在配置虚拟IP的时候必须是在已有的网卡上添加的  
dont track primary：忽略VRRP的interface错误  
track interface：跟踪接口，设置额外的监控，里面任意一块网卡出现问题，都会进入故障(FAULT)状态，例如做均衡器的时候，内网必须正常工作，如果内网出问题了，这个均衡器也就无法运作了，所以必须对内外网同时 
mcast src ip：发送多播数据包时的源IP地址，这里注意了，这里实际上就是在那个地址上发送VRRP通告，这
一定要选择稳定的网卡端口来发送，这里相当于heartbeat的心跳端口，如果没有设置那么就用默认的绑定的网就是interface指定的IP地址  
garp master delay：在切换到master状态后，延迟进行免费的ARP(gratuitous ARP)请求  
virtual router id：这里设置VRID，这里非常重要，相同的VRID为一个组，他将决定多播的MAC地址  
priority 100：设置本节点的优先级，优先级高的为master  
advert int：检查间隔，默认为1秒  
virtual ipaddress：这里设置的就是VIP，也就是虚拟IP地址，他随着state的变化而增加删除，当state为候就添加，当state为backup的时候删除，这里主要是有优先级来决定的，和state设置的值没有多大关系，这多个IP地址  
virtual routes：原理和virtual ipaddress一样，只不过这里是增加和删除路由  
lvs sync daemon interface：lvs syncd绑定的网卡  
authentication：这里设置认证  
auth type：认证方式，可以是PASS或AH两种认证方式  
auth pass：认证密码  
nopreempt：设置不抢占，这里只能设置在state为backup的节点上，而且这个节点的优先级必须别另外的高  
preempt delay：抢占延迟  
debug：debug级别  
notify master：和sync group这里设置的含义一样，可以单独设置，例如不同的实例通知不同的管理人员，h网站管理员，mysql的就发邮件给DBA  
3，VRRP脚本 
 
1. vrrp_script check_running { 
2.    script \3.    interval 10 4.    weight 10 5. } 6.  
7. vrrp_instance http { 8.    state BACKUP 9.    smtp_alert 10.    interface eth0 11.    virtual_router_id 101 12.    priority 90 13.    advert_int 3 14.    authentication { 15.    auth_type PASS 16.    auth_pass whatever 17.    } 
18.    virtual_ipaddress { 19.    1.1.1.1 20.    } 
21.    track_script { 
22.    check_running weight 20 23.    } 24. } 
复制代码  
首先在vrrp_script区域定义脚本名字和脚本执行的间隔和脚本执行的优先级变更 vrrp_script check_running { 
script \interval 10     #脚本执行间隔 
weight 10      #脚本结果导致的优先级变更：10表示优先级+10；-10则表示优先级-10 } 
然后在实例(vrrp_instance)里面引用，有点类似脚本里面的函数引用一样：先定义，后引用函数名 track_script { 
check_running weight 20 }  
注意：VRRP脚本(vrrp_script)和VRRP实例(vrrp_instance)属于同一个级别 
LVS配置 
 
如果你没有配置LVS+keepalived那么无需配置这段区域，里如果你用的是nginx来代替LVS，这无限配置这款配置是专门为keepalived+LVS集成准备的。 
注意了，这里LVS配置并不是指真的安装LVS然后用ipvsadm来配置他，而是用keepalived的配置文件来代替置LVS，这样会方便很多，一个配置文件搞定这些，维护方便，配置方便是也！  
这里LVS配置也有两个配置 一个是虚拟主机组配置 一个是虚拟主机配置  
1，虚拟主机组配置文件详解 这个配置是可选的，根据需求来配置吧，这里配置主要是为了让一台realserver上的某个服务可以属于多个Vir并且只做一次健康检查  
virtual_server_group  { # VIP port 
    fwmark  }  
2，虚拟主机配置  
virtual server可以以下面三种的任意一种来配置 
1. 1. virtual server IP port 2. 2. virtual server fwmark int 3. 3. virtual server group string 
复制代码 
下面以第一种比较常用的方式来配详细解说一下  
virtual_server 192.168.1.2 80 {                     #设置一个virtual server: VIP:Vport 
delay_loop 3                                                  # service polling的delay时间，即服间间隔  
lb_algo rr|wrr|lc|wlc|lblc|sh|dh                        #LVS调度算法 
lb_kind NAT|DR|TUN                                      #LVS集群模式                       
persistence_timeout 120                                #会话保持时间（秒为单位），即以用户在120秒同一个后端realserver 
persistence_granularity               #LVS会话保持粒度，ipvsadm中的-M参数，默认是0xfff个客户端都做会话保持 
protocol TCP                                                  #健康检查用的是TCP还是UDP 
ha_suspend                                                   #suspendhealthchecker’s activity virtualhost                                        #HTTP_GET做健康检查时，检查的web服务器（即host：头）  
sorry_server                   #备用机，就是当所有后端realserver节点都不可用时，就用
也就是临时把所有的请求都发送到这里啦  
real_server                      #后端真实节点主机的权重等设置，主要，后端有几台这里个 { 
weight 1                                                         #给每台的权重，0表示失效(不知给他道他恢复正常)，默认是1 
inhibit_on_failure                                            #表示在节点失败后，把他权重设置成0IPVS中删除  
notify_up  |   #检查服务器正常(UP)后，要执行的脚本 notify_down  |  #检查服务器失败(down)后，要执行的脚本  
HTTP_GET                                                     #健康检查方式 { 
url {                                                                #要坚持的URL，可以有多个 path /                                                             #具体路径 digest                                              
status_code 200                                            #返回状态码 } 
connect_port 80                                            #监控检查的端口  
bindto                                              #健康检查的IP地址 connect_timeout   3                                       #连接超时时间 nb_get_retry 3                                               #重连次数 delay_before_retry 2                                      #重连间隔 } # END OF HTTP_GET|SSL_GET   
#下面是常用的健康检查方式，健康检查方式一共有HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK这些#TCP方式 TCP_CHECK { connect_port 80 bindto 192.168.1.1 connect_timeout 4 } # TCP_CHECK  
# SMTP方式，这个可以用来给邮件服务器做集群 SMTP_CHECK host { 
connect_ip  
connect_port                                      #默认检查25端口 14 KEEPALIVED 
bindto  
} 
connect_timeout  retry  
delay_before_retry  # \?|·-?ê§?à\
helo_name | } #SMTP_CHECK  
#MISC方式，这个可以用来检查很多服务器只需要自己会些脚本即可 MISC_CHECK { 
misc_path | #外部程序或脚本 
misc_timeout                                     #脚本或程序执行超时时间  
misc_dynamic                                               #这个就很好用了，可以非常精确的来调整权每天服务器的压力都能均衡调配，这个主要是通过执行的程序或脚本返回的状态代码来动态调整weight值，使权的后端压力来适当调整，不过这需要有过硬的脚本功夫才行哦 #返回0：健康检查没问题，不修改权重 #返回1：健康检查失败，权重设置为0 
#返回2-255：健康检查没问题，但是权重却要根据返回代码修改为返回码-2，例如如果程序或脚本执行后返回的#那么权重这回被修改为 200-2 } 
} # Realserver } # Virtual Server  
配置文件到此就讲完了，下面是一份未加备注的完整配置文件  
1. global_defs 2. { 
3. notification_email 4. { 
5. admin@example.com 6. } 
7. notification_email_from admin@example.com 8. smtp_server 127.0.0.1 9. stmp_connect_timeout 30 10. router_id node1 11. } 
12. notification_email 
13. { 
14. admin@example.com 15. admin@ywlm.net 16. } 17.  
18. static_ipaddress 19. { 
20. 192.168.1.1/24 brd + dev eth0 scope global 21. 192.168.1.2/24 brd + dev eth1 scope global 22. } 
23. static_routes 24. { 
25. src $SRC_IP to $DST_IP dev $SRC_DEVICE 
26. src $SRC_IP to $DST_IP via $GW dev $SRC_DEVICE 27. } 28.  
29. vrrp_sync_group VG_1 { 30. group { 31. http 32. mysql 33. } 
34. notify_master /path/to/to_master.sh 35. notify_backup /path_to/to_backup.sh 36. notify_fault \37. notify /path/to/notify.sh 38. smtp_alert 39. } 40. group { 41. http 42. mysql 43. } 44.  
45.  
46. vrrp_script check_running { 
47.    script \48.    interval 10 49.    weight 10 50. } 51.  52.  
53. vrrp_instance http { 54. state MASTER 55. interface eth0 56. dont_track_primary 57. track_interface { 58. eth0 59. eth1 60. } 
61. mcast_src_ip  62. garp_master_delay 10 63. virtual_router_id 51 64. priority 100 65. advert_int 1 66. authentication { 67. auth_type PASS 68. autp_pass 1234 69. } 
70. virtual_ipaddress { 
71. #/ brd  dev  scope  label  72. 192.168.200.17/24 dev eth1 
73. 192.168.200.18/24 dev eth2 label eth2:1 74. } 
75. virtual_routes { 
76. # src  [to] / via|gw  dev  scope  tab 
                
本文来源：https://www.bwwdw.com/article/ewn.html