HA 即(high available cluster)高可用集群,又称双机热备,保证关键性业务的不间断提供服务。 如:两台机器A和B,正常情况A提供服务,B待命闲置;一但A宕机或服务宕掉,自动切换至B机继续提供服务。实现高可用的开源软件有heartbeat和keepalived,其中keepalived还有负载均衡的功能。heartbeat作为常用集群开源软件,熟悉它的配置方法,非常有必要。
说明:以下是heartbeat的yum安装和配置的方法介绍,需要扩展epel源,如果没有,执行命令:
# yum install -y epel-release
1. 试验环境:
两个CentOS 6.0 64位虚拟机(master:eth1: 192.168.220.11;slave:eth1: 192.168.220.22),master主机设置一个虚拟ip作为心跳线(虚拟机只有一个网卡,实际应用中应该有多个网卡,或者用串口来连接,否则会有不安全因素)
2. 前期准备:
【1】修改hostname:(修改hostname的目的是为了便于记忆,hostname可以自定义)
master主机:
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=master
# hostname master;bashslave主机:
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=slave
# hostname slave;bah【2】修改/etc/hosts文件(两台主机作同样的配置)
# vim /etc/hosts
192.168.220.11 master
192.168.220.22 slave【3】关闭防火墙
# iptables -F
# getenforce //若get到Disabled,不需做配置;若get到的是Enforcing,作如下修改:
# vim /etc/selinux/config
SELINUX=enforcing --> SELINUX=disabled【4】虚拟ip的设定
# cd /etc/sysconfig/network-scripts
# cp ifcfg-eth1 ifcfg-eth1:0
# vim ifcfg-eth1:0 //简单配置,很多参数都不需要设定,如下:
DEVICE=eth1:0 //修改为eth1:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.220.33 //修改为33
NETMASK=255.255.255.0
# /etc/init.d/network restart
# ifconfig //配置正确的话,能列出eth1:0虚拟网卡的信息3. heartbeat的安装和配置:
【1】yum安装:# yum install -y heartbeat* libnet nginx //依赖libnet,nginx是我们试验的服务,可以用yum安装。
【2】master主机的配置:
# cd /usr/share/doc/heartbeat-3.0.4/ //注意版本的问题,可以不是3.0.4
# cp authkeys ha.cf haresources /etc/ha.d/ //拷贝3个核心配置文件
# cd /etc/ha.d(1)修改authkeys
# vim authkeys //最后4行配置如下:
# auth 1
#1 crc //最不严谨
#2 sha1 HI! //最严谨
#3 md5 Hello! //中间值将第一行的auth后面的值修改成3,并且,打开最后一行的注释,即选择中间严谨的类型。
# chmod 600 authkeys //修改权限为600,否则heartbeat无法启动(2)修改haresources
# vim haresources //默认是全部注释的,所以可以在后面追加一行:
master 192.168.220.33/24/eth1:0 nginx //注意这里的ip是虚拟网卡的ip,即心跳线的配置ip,24规定网段,nginx是我们要试验的服务名称(3)修改ha.cf
# > ha.cf //清空配置
# vim !$ //编辑,添加如下配置:
debugfile /var/log/ha-debug //排错日志路径
logfile /var/log/ha-log //运行日志
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 60
udpport 694
ucast eth1 192.168.220.22 //slave的网卡ip
auto_failback on
node master
node slave
ping 192.168.220.2 //仲裁地址,一般为路由器地址,或者一个稳妥的、服务稳定的ip
respawn hacluster /usr/lib64/heartbeat/ipfail //注意: 32bit的linux系统,路径为lib,而非lib64,如下:
########## ERROR: Client child command [/usr/lib/heartbeat/ipfail] is not executable ##############(4)复制配置文件到slave主机:
# scp authkeys ha.cf haresources slave:/etc/ha.d/【3】slave主机的配置: 只需要修改ha.cf:
ucast eth1 192.168.220.22 --> ucast eth1 192.168.220.11 //将ip改成master的ip地址【4】启动heartbeat(先master,后slave)
(1)master主机
# /etc/init.d/heartbeat start
Starting High-Availability services: INFO: Running OK
CRITICAL: Resource 192.168.220.33/24/eth1:0 is active, and should not be!
CRITICAL: Non-idle resources can affect data integrity!
info: If you don't know what this means, then get help!
info: Read the docs and/or source to /usr/share/heartbeat/ResourceManager for more details.
CRITICAL: Resource 192.168.220.33/24/eth1:0 is active, and should not be!
CRITICAL: Non-idle resources can affect data integrity!
info: If you don't know what this means, then get help!
info: Read the docs and/or the source to /usr/share/heartbeat/ResourceManager for more details.
CRITICAL: Non-idle resources will affect resource takeback!
CRITICAL: Non-idle resources may affect data integrity!
Done.heartbeat会自动拉起nginx,不过第一次启动会比较慢。过一段时间(10S多),检查nginx是否被拉起:
# ps aux |grep nginx(2)修改nginx的index.html,方便查看机器的运行状况:
# > /usr/share/doc/nginx/html/index.html //清空
# echo "masterMMMMMMMMMMMM" > !$如果nginx已经启动,在浏览器里面输入下面网址:192.168.220.33,应该可以得到回执结果(虚拟网卡的ip): masterMMMMMMMMMMMM
(3)slave主机:
正常情况下,nginx是不被拉起的,因为主机还没宕机,所以ps aux |grep nginx的结果是空。
修改nginx的index.html:
# > /usr/share/doc/nginx/html/index.html
# echo "slaveSSSSSSSSSSSSSS" > !$ 心跳线检测的原理是ping,那么我们将master的ping服务关闭,heartbeat检测到ping失败后,会将nginx的服务转给slave来执行:
iptables -A INPUT -p icmp -j DROP //ping命令来自icmp协议,关掉协议,ping失效。
这时候,可以用tail -f /var/log/ha-log命令来查看heartbeat的处理过程:
master的ha-log日志内容:
Jan 11 22:47:32 master heartbeat: [2574]: WARN: node 192.168.220.2: is dead //ping 192.168.220.2路由器失败
Jan 11 22:47:32 master ipfail: [2601]: info: Status update: Node 192.168.220.2 now has status dead
Jan 11 22:47:32 master heartbeat: [2574]: info: Link 192.168.220.2:192.168.220.2 dead. //路由器挂了
harc(default)[2929]: 2016/01/11_22:47:32 info: Running /etc/ha.d//rc.d/status status
Jan 11 22:47:33 master ipfail: [2601]: info: NS: We are dead. :<
Jan 11 22:47:33 master ipfail: [2601]: info: Link Status update: Link 192.168.220.2/192.168.220.2 now has status dead
Jan 11 22:47:34 master ipfail: [2601]: info: We are dead. :< //哦,原来是我们自己挂了
Jan 11 22:47:34 master ipfail: [2601]: info: Asking other side for ping node count.
Jan 11 22:47:37 master ipfail: [2601]: info: Giving up because we were told that we have less ping nodes.
Jan 11 22:47:37 master ipfail: [2601]: info: Delayed giveup in 4 seconds.
Jan 11 22:47:41 master ipfail: [2601]: info: giveup() called (timeout worked)
Jan 11 22:47:42 master heartbeat: [2574]: info: master wants to go standby [all]
Jan 11 22:47:42 master heartbeat: [2574]: info: standby: slave can take our all resources //从可接管服务
Jan 11 22:47:42 master heartbeat: [2956]: info: give up all HA resources (standby). //放弃我们的工作
ResourceManager(default)[2969]: 2016/01/11_22:47:42 info: Releasing resource group: master 192.168.220.33/24/eth1:0 nginx
ResourceManager(default)[2969]: 2016/01/11_22:47:42 info: Running /etc/init.d/nginx stop //停掉nginx服务
ResourceManager(default)[2969]: 2016/01/11_22:47:42 info: Running /etc/ha.d/resource.d/IPaddr 192.168.220.33/24/eth1:0 stop
IPaddr(IPaddr_192.168.220.33)[3057]: 2016/01/11_22:47:42 INFO: IP status = ok, IP_CIP=
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.220.33)[3031]: 2016/01/11_22:47:42 INFO: Success
Jan 11 22:47:42 master heartbeat: [2956]: info: all HA resource release completed (standby).
Jan 11 22:47:42 master heartbeat: [2574]: info: Local standby process completed [all].
Jan 11 22:47:43 master heartbeat: [2574]: WARN: 1 lost packet(s) for [slave] [459:461]
Jan 11 22:47:43 master heartbeat: [2574]: info: remote resource transition completed. //远程资源传递完成
Jan 11 22:47:43 master heartbeat: [2574]: info: No pkts missing from slave! //没有遗失数据
Jan 11 22:47:43 master heartbeat: [2574]: info: Other node completed standby takeover of all resources. //slave节点完全接管我们的工作slave的ha-log内容:
Jan 12 11:48:17 slave ipfail: [115215]: info: Telling other node that we have more visible ping nodes. //告知master,我们可以ping通
Jan 12 11:48:22 slave heartbeat: [115188]: info: master wants to go standby [all] //master想让我们接手
Jan 12 11:48:22 slave heartbeat: [115188]: info: standby: acquire [all] resources from master //接受来自master的资源
Jan 12 11:48:22 slave heartbeat: [115841]: info: acquire all HA resources (standby).
ResourceManager(default)[115854]: 2016/01/12_11:48:22 info: Acquiring resource group: master 192.168.220.33/24/eth1:0 nginx
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.220.33)[115882]: 2016/01/12_11:48:22 INFO: Resource is stopped
ResourceManager(default)[115854]: 2016/01/12_11:48:22 info: Running /etc/ha.d/resource.d/IPaddr 192.168.220.33/24/eth1:0 start //启动心跳线网卡
IPaddr(IPaddr_192.168.220.33)[116015]: 2016/01/12_11:48:22 INFO: Adding inet address 192.168.220.33/24 with broadcast address 192.168.220.255 to device eth1 (with
label eth1:0) //虚拟网卡指向我们的网卡
IPaddr(IPaddr_192.168.220.33)[116015]: 2016/01/12_11:48:22 INFO: Bringing device eth1 up
IPaddr(IPaddr_192.168.220.33)[116015]: 2016/01/12_11:48:22 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /var/run/resource-agents/send_arp-192.168.220.33 eth1
192.168.220.33 auto not_used not_used
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.220.33)[115989]: 2016/01/12_11:48:22 INFO: Success //网卡配置完毕
ResourceManager(default)[115854]: 2016/01/12_11:48:22 info: Running /etc/init.d/nginx start //启动nginx服务
Jan 12 11:48:23 slave heartbeat: [115841]: info: all HA resource acquisition completed (standby). //所有HA资源接手完毕
Jan 12 11:48:23 slave heartbeat: [115188]: info: Standby resource acquisition done [all]. //资源接手完毕
Jan 12 11:48:24 slave heartbeat: [115188]: info: remote resource transition completed. //远程资源传送完毕,完活儿!!! 根据这些内容,我们可以知道heartbeat的运行过程;如此,在浏览器输入心跳线网卡地址的时候:192.168.220.33,得到如下返回结果:
slaveSSSSSSSSSSSSSS
这时候,master的nginx被关闭,而slave的nginx正式接手,完成了服务的不间断提供。
如果刚才不是用防火墙,而是执行命令,将heartbeat服务关闭,结果也是一样的,slave会接手nginx服务。那么,如果将ipatables刚设的规则去掉,或者重新开启heartbeat服务,会怎么样呢?
# ipatales -D INPUT -p icmp -j DROP
# service heartbeat start结果是,slave自动关闭nginx,master的nginx又重新启动,接手web服务,可以自己亲自试验一下。刷新浏览器,可以清楚的看到结果。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
