Corosync
corosync最初只是用来演示OpenAIS集群框架接口规范的一个应用,可以实现HA心跳信息传输的功能,是众多实现HA集群软件中之一,可以说corosync是OpenAIS的一部分,然而后面的发展超越了官方最初的设想,越来越多的厂商尝试使用corosync作为集群解决方案,如Redhat的RHCS集群套件就是基于corosync实现。
corosync只提供了message layer(即实现HeartBeat + CCM),而没有直接提供CRM,一般使用Pacemaker进行资源管理。
Pacemaker
pacemaker是一个开源的高可用资源管理器(CRM),位于HA集群架构中资源管理、资源代理(RA)这个层次,它不能提供底层心跳信息传递的功能,要想与对方节点通信需要借助底层的心跳传递服务,将信息通告给对方。
corosync和pacemaker的架构图
Corosync主要就是实现集群中Message layer层的功能:完成集群心跳及事务信息传递
Pacemaker主要实现的是管理集群中的资源(CRM),真正启用、停止集群中的服务是RA(资源代理)这个子组件。RA的类别有下面几种类型:
LSB:位于/etc/rc.d/init.d/*,至少支持start,stop,restart,status,reload,force-reload;
注意:不能开机自动运行;要有CRM来启动 //centos6用这种类型控制
OCF: /usr/lib/ocf/resource.d/provider/,类似于LSB脚本,但支持start,stop,status,monitor,meta-data;
STONITH:调用stonith设备的功能
systemd:unit file,/usr/lib/systemd/system/
注意:服务必须设置enable,开启自启; //centos7支持
service:调用用户的自定义脚本
实验环境:
虚拟机IP: 172.18.250.77 node1.magedu.com CentOS7
虚拟机IP: 172.18.250.78 node2.magedu.com CentOS7
一、安装corosync和pacemaker
安装之前先要确定节点上时间是否同步、防火墙和selinux是否会称为阻碍、各节点之间是否能通过主机名通信、各节点是否能通过主机密钥通信
]# hostnamenode1.magedu.com]# hostnamenode2.magedu.com ]# ntpdate 172.18.0.1 //找台时间服务器在两节点上时间同步]# systemctl stop firewalld.service //停止防火墙]# getenforce //selinux确保关闭Disabled
安装服务:
]# yum -y install corosync pacemaker]# rpm -ql corosync/etc/corosync /etc/corosync/corosync.conf.example //corosync的配置文件/etc/corosync/corosync.conf.example.udpu //基于UDP的配置文件/etc/corosync/corosync.xml.example //基于xml的扩展标记配置文件/usr/sbin/corosync //启动程序]# vim /etc/corosync/corosync.conftotem { version: 2 cluster_name: mycluster //集群名称 crypto_cipher: aes128 //对称加密算法 crypto_hash: sha1 //单向加密算法 interface { ringnumber: 0 //回环号码,如果一个主机有多块网卡,避免心跳信息回流 bindnetaddr: 172.18.0.0 //绑定心跳网段 corosync会自动判断本地网卡上配置的哪个IP地址是属于这个网络的,并把这个接口作为多播心跳信息传递的接口 mcastaddr: 239.25.1.1 //心跳信息组播地址(所有节点组播地址必须为同一个) mcastport: 5405 // 组播时使用的端口 ttl: 1 //只向外一跳心跳信息,避免组播报文环路 }}logging { //日志功能,默认就行 fileline: off to_stderr: no to_logfile: yes logfile: /var/log/cluster/corosync.log to_syslog: no //是否启用syslog debug: off timestamp: on //是否打印时间戳,利于定位错误,但会产生大量系统调用,消耗CPU资源 logger_subsys { subsys: QUORUM debug: off }}quorum { //投票系统 provider: corosync_votequorum //支持哪种投票方式 # expected_votes: 8 //总投票数 two_nodes: 1 //两节点特殊}nodelist { //节点列表 node { ring0_addr: 172.18.250.77 //节点IP nodeid: 1 //节点编号 } node { ring0_addr: 172.18.250.78 nodeid: 2 }} 创建集群之间传递心跳信息的共享密钥:
]# corosync-keygen --helpUsage: corosync-keygen [-k] [-l] -k / --key-file= - Write to the specified keyfile instead of the default /etc/corosync/authkey. -l / --less-secure - Use a less secure random number source (/dev/urandom) that is guaranteed not to require user input for entropy. This can be used when this application is used from a script. ]# corosync-keygen -l //生成简单的密钥 ]# cd /etc/corosync/ ]# lltotal 16-r-------- 1 root root 128 May 29 18:16 authkey //自动生成在/etc/corosync/目录下,确保为400#复制密钥文件到另一节点:]# scp -p authkey corosync.conf root@172.18.250.78:/etc/corosync/]# systemctl start corosync.service pacemaker.service]# ss -uan //确保端口启动 State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 172.18.250.77:5404 *:* UNCONN 0 0 172.18.250.77:5405 *:*UNCONN 0 0 239.25.1.1:5405 *:* #启动完成后要进行一系列的确认,看各组件工作是否正常:grep -e "Corosync Cluster Engine" -e "configuration file" /var/log/cluster/corosync.log // 另外一个节点上也执行同样的命令,来确保 Cluster Engine 工作是否正常tail /var/log/cluster/corosync.log // 查看两个corosync节点之间成员关系是否初始化,两个节点之间应该开始同步一些集群事务信息grep "TOTEM" /var/log/cluster/corosync.log // 查看初始化成员节点通知是否正常发出 grep ERROR /var/log/cluster/corosync.log // 检查启动过程中是否有错误产生 ]# crm_mon //查看集群节点Last updated: Sun May 29 21:53:09 2016 Last change: Sun May 29 20:09:08 2016 by root via cibadmin on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 0 resources configuredOnline: [ node1.magedu.com node2.magedu.com ]
到此corosync已正常工作,后面需要配置各种服务资源,而pacemaker只是一个资源管理器,没提供管理接口,所以实现CRM的管理接口有两类:
CLI: 命令行接口
crmsh(SUSE):
pcs
GUI: 图形接口
HB_GUI
Conga(luci/riccl): Web接口
crmsh提供了一个命令行的交互接口来对Pacemaker集群进行管理,它具有更强大的管理功能,同样也更加易用,在更多的集群上都得到了广泛的应用,类似软件还有 pcs。注:在crm管理接口所做的配置会同步到各个节点上;
二、安装crmsh
]# lscrmsh-2.1.4-1.1.x86_64.rpm pssh-2.3.1-4.2.x86_64.rpm python-pssh-2.3.1-4.2.x86_64.rpm]# yum -y install *.rpm]# systemctl start corosync.server pacemaker.service
crm的特性:
1、任何操作都需要commit提交后才会生效;
2、想要删除一个资源之前需要先将资源停止
3、可以用 help COMMAND 获取该命令的帮助
4、与Linux命令行一样,都支持TAB补全
crm有两种工作方式:
1、命令行模式:
]# crm statusLast updated: Mon May 30 10:07:02 2016 Last change: Mon May 30 10:06:50 2016 by hacluster via crmd on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 1 resource configuredOnline: [ node1.magedu.com node2.magedu.com ]
2、交互式模式:
]# crmcrm(live)# statusLast updated: Mon May 30 10:07:08 2016 Last change: Mon May 30 10:06:50 2016 by hacluster via crmd on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 1 resource configuredOnline: [ node1.magedu.com node2.magedu.com ]
crm(live)# helpcib manage shadow CIBs // cib管理resource resources management // 管理资源的启动、停止等configure CRM cluster configuration // 编辑集群配置信息node nodes management // 集群节点管理子命令history CRM cluster historysite Geo-cluster supportra resource agents information center // 资源代理子命令(所有与资源代理相关的程都在此命令之下)status show cluster status # 显示当前集群的状态信息template Edit and import a configuration from a template //编辑或导入一个配置模板script Cluster script management //集群脚本管理
crm常用的管理命令:
1、管理资源的约束、资源的粘性及资源的类型 CIB:集群事务库,保存并传播集群配置的文件
crm(live)# configurecrm(live)configure# helpacl_target Define target access rights_test Help for command _testclone Define a clone //定义一个克隆colocation Colocate resources //定义资源的约束commit Commit the changes to the CIB //保存配置到CIBdefault-timeouts Set timeouts for operations to minimums from the meta-datadelete Delete CIB objects //删除一个CIB配置edit Edit CIB objects //编辑配置文件erase Erase the CIB fencing_topology Node fencing order //隔离节点顺序 filter Filter CIB objects //对CIB进行过滤graph Generate a directed graph group Define a group //定义一个组load Import the CIB from a file //从文件中导入CIB location A location preference modgroup Modify groupmonitor Add monitor operation to a primitive //监控一个资源ms Define a master-slave resource node Define a cluster node //定义一个集群界定op_defaults Set resource operations defaults order Order resources //顺序排列资源 primitive Define a resource //定义一个资源 property Set a cluster property //设置集群全局配置 verify verify the CIB with crm_verify // CIB语法验证show display CIB objects // 显示CIB配置文件rsc_defaults set resource defaults // 设置资源默认属性(粘性)location a location preference // 定义位置约束优先级(默认运行于那一个节点(如果位置约束的值相同,默认倾向性那一个高,就在那一个节点上运行))order order resources // 资源的启动的先后顺序
定义资源的约束,默认为0
1、location:位置约束,描述对资源节点的倾向性
2、colocation:资源彼此间是否“在一起”的倾向性,运行在同一节点
3、order:资源启动/关闭的资源的倾向性
资源的类型:
primitive:基本资源,只能运行于一个节点
group:组资源, 将组成一个HA Service所需要的所有资源组织在一起
clone:克隆,同一资源可以出现多分副本,可以运行多个节点
multi-state(master/slave):是克隆型资源的特殊表示,副本间存在主从关系
2、管理资源的状态:
crm(live)resource# help cleanup Cleanup resource status //清理资源的状态 emote Demote a master-slave resource //对一个资源降级操作 failcount Manage failcounts //管理资源的错误次数 help Show help (help topics for list of topics) ls List levels and commands //列出等级和命令 maintenance Enable/disable per-resource maintenance mode manage Put a resource into managed mode meta Manage a meta attribute //管理资源的属性 migrate Migrate a resource to another node //强制对资源进行迁移 param Manage a parameter of a resource //管理资源的参数 promote Promote a master-slave resource //对一个资源升级操作 quit Exit the interactive shell //退出 refresh Refresh CIB from the LRM status reprobe Probe for resources not started by the CRM restart Restart a resource //重启资源 scores Display resource scores secret Manage sensitive parameters start Start a resource status Show status of resources //显示资源的状态 stop Stop a resource trace Start RA tracing //开启RA跟踪 unmanage Put a resource into unmanaged mode unmigrate Unmigrate a resource to another node untrace Stop RA tracing up Go back to previous level utilization Manage a utilization attribute
3、管理节点:
crm(live)# nodecrm(live)node# helpattribute Manage attributescd Navigate the level structure clearstate Clear node state //清除节点状态delete Delete node //删除节点fence Fence node //隔离节点help Show help (help topics for list of topics)ls List levels and commands maintenance Put node into maintenance mode online Set node online //节点上线quit Exit the interactive shell ready Put node into ready mode show Show node //显示节点的信息standby Put node into standby //节点下线status Show nodes' status as XML //已XML格式显示节点信息status-attr Manage status attributes up Go back to previous levelutilization Manage utilization attributes
4、RA资源代理:实现服务的真正启动、停止等操作
crm(live)ra# helpcd Navigate the level structureclasses List classes and providers // 为资源代理分类help Show help (help topics for list of topics)info Show meta data for a RA //显示资源的属性list List RA for a class (and provider) //列出RA可管理的服务 ls List levels and commands providers Show providers for a RA and a classquit Exit the interactive shellup Go back to previous level
示例:配置httpd的高可用
crm(live)configure# primitive vip ocf:heartbeat:IPaddr params ip=172.18.250.79 op monitor interval=20 timeout=20crm(live)configure# primitive webserver systemd:httpd op monitor interval=20 timeout=20crm(live)configure# verifycrm(live)configure# commitcrm(live)# statusLast updated: Mon May 30 10:49:44 2016 Last change: Mon May 30 10:49:27 2016 by root via cibadmin on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 2 resources configuredOnline: [ node1.magedu.com node2.magedu.com ] vip (ocf::heartbeat:IPaddr): Started node1.magedu.com webserver (systemd:httpd): Started node2.magedu.com //定义的webserver会自动分配到node2节点上,corosync会自动实现资源均衡分配 crm(live)configure# group webservice vip webserver //定义组约束crm(live)configure# verifycrm(live)configure# commit crm(live)# status //资源都约束在了node1节点Last updated: Mon May 30 10:52:53 2016 Last change: Mon May 30 10:52:31 2016 by root via cibadmin on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 2 resources configuredOnline: [ node1.magedu.com node2.magedu.com ] Resource Group: webservice vip (ocf::heartbeat:IPaddr): Started node1.magedu.com webserver (systemd:httpd): Started node1.magedu.com
测试是否实现httpd的高可用:
手动停止node1节点:
]# crm node standby //在250.77上手动下线node1
资源发生了迁移,并实现了httpd的高可用:
scrm(live)# statusLast updated: Mon May 30 10:59:04 2016 Last change: Mon May 30 10:57:45 2016 by root via crm_attribute on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 2 resources configuredNode node1.magedu.com: standbyOnline: [ node2.magedu.com ] Resource Group: webservice vip (ocf::heartbeat:IPaddr): Started node2.magedu.com webserver (systemd:httpd): Started node2.magedu.com
示例:配置一个基于NFS的高可用的mariadb服务
]# systemctl enable mariadb.service //两个节点上开启mariadb自启Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.crm(live)configure# primitive webnfs ocf:heartbeat:Filesystem params device="172.18.250.76:/data" directory="/mydata/data" fstype="nfs" op monitor interval=20 timeout=20 //定义nfs资源crm(live)configure# primitive webmysql systemd:mariadb op monitor interval=20 timeout=20 //定义mysql资源crm(live)configure# group webservice vip webnfs webmysql //定义组约束crm(live)configure# verifycrm(live)configure# commit ]# vim /etc/my.cnf [mysqld]datadir=/mydata/data //修改数据库存储的目录]# chown mysql:mysql /mydata/data
测试节点下线mysql能否转移:
crm(live)# status //现在是在Node1上Last updated: Mon May 30 13:05:46 2016 Last change: Mon May 30 12:54:24 2016 by root via crm_attribute on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 3 resources configuredOnline: [ node1.magedu.com node2.magedu.com ] Resource Group: webservice vip (ocf::heartbeat:IPaddr): Started node1.magedu.com webnfs (ocf::heartbeat:Filesystem): Started node1.magedu.com webmysql (systemd:mariadb): Started node1.magedu.com ]# crm node standby //node1执行standbycrm(live)# status //资源转移到了node2上Last updated: Mon May 30 13:07:00 2016 Last change: Mon May 30 13:06:35 2016 by root via crm_attribute on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 3 resources configuredNode node1.magedu.com: standbyOnline: [ node2.magedu.com ] Resource Group: webservice vip (ocf::heartbeat:IPaddr): Started node2.magedu.com webnfs (ocf::heartbeat:Filesystem): Started node2.magedu.com webmysql (systemd:mariadb): Started node2.magedu.com
注意:corosync自带了投票系统的,当集群发生网络分区时,拥有资源的node服务器不能向其它节点发送心跳信息时,左右不在协调,这时需要quorum机制来实现资源的重新分配。
quorum表示法定票数,只要发生网络分区,投票系统根据己方所用有的节点数是否大于节点总数除以2,只要大于,那就是拥有法定票数的一方,那就会把资源转移过来并选出一个DC。没有法定票数的一方就执行stop(停止所有资源,默认)、ignore(忽略,继续提供工作),suiclde(自杀),freeze(冻结)。
crm(live)configure# property no-quorum-policy= //默认为stopno-quorum-policy (enum, [stop]): What to do when the cluster does not have quorum What to do when the cluster does not have quorum Allowed values: stop, freeze, ignore, suicide
资源的监控:
primitive <rsc> {[<class>:[<provider>:]]<type>|@<template>}
[description=<description>]
[params attr_list]
[meta attr_list]
[utilization attr_list]
[operations id_spec]
[op op_type [<attribute>=<value>...] ...]
attr_list :: [$id=<id>] [<score>:] [rule...]
<attr>=<val> [<attr>=<val>...]] | $id-ref=<id>
id_spec :: $id=<id> | $id-ref=<id>
op_type :: start | stop | monitor
定义资源的监控时,需要查看默认时间,不能低于默认时间:
crm(live)ra# info systemd:mariadbsystemd unit file for mariadb (systemd:mariadb)MariaDB database serverOperations' defaults (advisory minimum): start timeout=15 stop timeout=15 status timeout=15 restart timeout=15 monitor timeout=15 interval=15 start-delay=15
资源的约束性:
1、定义约束组
2、location和colocation
location <id> rsc [role=<role>] {node_pref|rules}
colocation <id> <score>: <rsc>[:<role>] <with-rsc>[:<role>]
crm(live)configure# location webip_pre_node1 vip inf: node1.magedu.com //定义位置约束 inf:表示无穷大crm(live)configure# colocation webip_webnfs_webmysql inf: vip webnfs webmysql //定义资源“在一起”约束crm(live)configure# order webip_before_webnfs_webmysql mandatory: vip webnfs webmysql //定义资源的启动顺序,mandatory表示强制
三、安装ldirectord,实现对ldirectord的高可用
ldirectors集成了lvs的负载均衡能力,也具有对后端主机进行健康检测的功能
]# lsldirectord-3.9.6-0rc1.1.1.x86_64.rpm]# yum -y install *.rpm]# systemctl enable ldirectord.service
编辑配置文件:
]# vim /etc/ha.d/ldirectord.cf# Global Directiveschecktimeout=3 //检测超时时长checkinterval=1 //检测扫描时间 #fallback=127.0.0.1:80 //后端主机全失效时,提供后端主机的服务#fallback6=[::1]:80autoreload=yes //配置文件发生改变后自动装载logfile="/var/log/ldirectord.log" //日志#logfile="local0" //日志格式#emailalert="admin@x.y.z" //邮件服务#emailalertfreq=3600#emailalertstatus=allquiescent=no //是否允许静默模式# Sample for an http virtual servicevirtual=172.18.250.80:80 //定义vip real=172.18.250.76:80 gate //后端主机信息,算法是DR(gateway) real=172.18.250.75:80 gate //后端主机信息,算法是DR(gateway) fallback=127.0.0.1:80 gate service=http //后端主机提供服务的类型 scheduler=rr //调度算法,轮询 #persistent=600 //是否保持连接 #netmask=255.255.255.255 protocol=tcp //支持的协议 checktype=negotiate //检测方式 checkport=80 //检测端口 request="index.html" //请求的页面 receive="Test Page" //请求到的内容,才算后端主机正常
在corosync上定义ldiretord资源
crm(live)configure# primitive vip ocf:heartbeat:IPaddr2 params ip="172.18.250.80" lvs_support="DR" op monitor interval=15 timeout=15crm(live)configure# primitive director systemd:ldirectord op monitor interval=15 timeout=15crm(live)configure# group dirservice vip directorcrm(live)# statusLast updated: Mon May 30 14:18:50 2016 Last change: Mon May 30 14:18:43 2016 by root via cibadmin on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 2 resources configuredOnline: [ node1.magedu.com node2.magedu.com ] Resource Group: dirservice vip (ocf::heartbeat:IPaddr2): Started node1.magedu.com director (systemd:ldirectord): Started node1.magedu.com
查看ipvs:
]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.250.80:80 rr -> 172.18.250.75:80 Route 1 0 0 -> 172.18.250.76:80 Route 1 0 0
让一节点下线,看资源是否能正常转移:
crm(live)# status //转移成功Last updated: Mon May 30 14:32:31 2016 Last change: Mon May 30 14:32:26 2016 by root via crm_attribute on node1.magedu.comStack: corosyncCurrent DC: node1.magedu.com (version 1.1.13-10.el7-44eb2dd) - partition with quorum2 nodes and 2 resources configuredNode node1.magedu.com: standbyOnline: [ node2.magedu.com ] Resource Group: dirservice vip (ocf::heartbeat:IPaddr2): Started node2.magedu.com director (systemd:ldirectord): Started node2.magedu.com ]# ipvsadm -Ln //在node2上查看IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.250.80:80 rr -> 172.18.250.75:80 Route 1 0 0 -> 172.18.250.76:80 Route 1 0 0
让一台后端主机下线,能否自动判断故障并踢出服务:
]# killall httpd //关闭httpd]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.250.80:80 rr -> 172.18.250.75:80 Route 1 0 0 ]# service httpd start //启动httpd]# ipvsadm -LnIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.250.80:80 rr -> 172.18.250.75:80 Route 1 0 0 -> 172.18.250.76:80 Route 1 0 0 //自动添加