Keepalived 的安裝和配置
keepalived主要用作RealServer的健康狀態檢查以及LoadBalance主機和BackUP主機之間failover的實現。keepalived主要目的在於,其自身啟動一個服務,能夠實現工作在雙節點或多個節點上,並且可以在內核生效的ipvs規則其中當前持有資源的節點被稱為活躍節點,另外的節點被稱為備節點被稱為 Master/Backup。 |
VRRP(如果有學習過TCP\IP,這一塊很好理解):
虛擬路由器冗余協議(VRRP)是一種選擇協議,它可以把一個虛擬路由器的責任動態分配到局域網上的 VRRP 路由器中的一臺。控制虛擬路由器 IP 地址的 VRRP 路由器稱為主路由器,它負責轉發數據包到這些虛擬 IP 地址。一旦主路由器不可用,這種選擇過程就提供了動態的故障轉移機制,這就允許虛擬路由器的 IP 地址可以作為終端主機的默認第一跳路由器。使用 VRRP 的好處是有更高的默認路徑的可用性而無需在每個終端主機上配置動態路由或路由發現協議。 VRRP 包封裝在 IP 包中發送。
VRRP優先級別:
VRRP每個節點是有自己的優先級的,一般優先級是從0-255,數字越大優先級越高因此可以這麽定義:假如要有一初始化的狀態,其中一節點優先級100另一節點優先級99,那麽毫無疑問,誰的優先級高誰就是主節點所有的節點剛啟動後上線都是backup狀態,需通過選舉的方式選擇master,如果其他節點沒有響應則將自己提升為master
通告機制:如果節點之間master出現故障,其會自動轉移當前角色,這時我們的管理員應該知道其已切換角色keepalived支持郵件發送機制,如果其狀態發生改變的話可以通過郵件方式發送給管理員,使管理員第一時間可以查看其活動狀態,方便之後的運維工作
keepalived核心組成部分
2.virtual_server:基於vrrp作為所謂通告機制之上的
3.vrrp_script:以外部腳本方式進行檢測
KeepAlived的安裝:
[[email protected] ~]# tar zxf keepalived-1.2.13.tar.gz [[email protected] ~]# cd keepalived-1.2.13 [[email protected] keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel [[email protected] keepalived-1.2.13]#./configure --prefix=/ --mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [[email protected] keepalived-1.2.13]# make && make install Keepalived configuration ------------------------ Keepalived version :1.2.13 ##version## Compiler: gcc ##編譯工具## Compiler flags :-g -O2 ##參數## ExtraLib:-lssl -lcrypto -lcrypt ##擴展庫## Use IPVS Framework:Yes ##LVS核心代碼框架,不使用LVS可以編譯時disable-lvs## IPVS sync daemon support :Yes ##IPVS同步進程,是否開啟取決於 IPVS FRAMEWORK### IPVS use libnl :Yes ##是否使用libnl庫## fwmark socket support :Yes ##套接字框架## Use VRRP Framework:Yes ##VRRP框架,keepalived的核心進程vrrpd## Use VRRP VMAC :Yes ##VRRP Virtual mac## SNMP support :No SHA1 support :No UseDebug flags :No [[email protected] keepalived-1.2.13]# make && make install
KeepAlived的所有配置都在一個配置文件裏設置,支持的配置可分為以下三類:
1、全局配置(global configure)
2、VRRPD配置
3、LVS配置
很明顯,全局配置就是對整個keepalived生效的配置,不管是否使用LVS,VRRPD是keepalived的核心,LVS配置只在要使用keepalived來配置和管理LVS時使用,如果僅使用keepalived來做HA,LVS不需要配置。
配置文件都是以塊(block)形式組織的,每個塊都在{}範圍內,#和!表示註釋。
全局定義(global definition)
global_defs { notification_email {##指定keepalived在發生事件(如切換)需要發送Email的對象,多個寫多行## [email protected] } notification_email_from [email protected] smtp_server 127.0.0.1##SMTP服務器## smtp_connect_timeout 30##鏈接超時時間## router_id Nginx-one ##路由標識,這裏用主機名## }
VRRPD配置(VRRP同步組(syncchroization group) 和 VRRP實例 (VRRP instance))
不 使用SYNC Group的話,如果路由有2個網段,一個內網,一個外網,每個網段開啟一個VRRP實例,假設VRRP配置為檢查內網,那麽當外網出現問題 時,VRRPD會認為自己是健康的,則不會發送Master和Backup的切換,從而導致問題,Sync Group可以把兩個實例都放入Sync Group,這樣的話,Group 裏任何一個實例出現問題都會發生切換。
vrrp_instance VI_1 { ##虛擬路由標識## state MASTER ##初始狀態,默認,選舉產生後才可以升級為Master ,這裏明確定義其為Master## interface eth1 ##選舉通過那個網卡接口## virtual_router_id 10 ##虛擬路由的ID號,一般不大於255,可選IP最後一段使用## priority 100 ##初始優先級,選舉過程中判斷的依據,和路由的概念一樣## advert_int 1 ##檢查間隔,默認1s## authentication { ##認證機制## auth_type PASS ##認證方式,PASS為明文## auth_pass ipython ##認證密碼## } virtual_ipaddress { ##虛擬地址池## 1.1.1.100 } }
配置Backup 配置如下:
[[email protected] keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf 2.! Configuration File for keepalived 3. 4.global_defs { 5. notification_email { 6. [email protected] 7. } 8. notification_email_from [email protected] 9. smtp_server 127.0.0.1 10. smtp_connect_timeout 30 11. router_id nginx-two 12.} 13. 14.vrrp_instance VI_1 { 15. state BACKUP 16. interface eth1 17. virtual_router_id 20 18. priority 50 19. advert_int 1 20. authentication { 21. auth_type PASS 22. auth_pass ipython 23. } 24. virtual_ipaddress { 25. 1.1.1.100 26. } 27.} 28. 29.###其他配置:#### 30. nopreempt 設置為不搶占,這個配置只能設置在state為BACKUP的節點上,並且這個機器的優先級必須比另一臺高 31. preempt_delay 搶占延遲,默認5分鐘 32. debug debug級別 33. notify_master 切換到Master時執行的腳本 34. 35.##start## 36.[[email protected] keepalived-1.2.13]# service keepalived start 37.Starting keepalived: [ OK ] 38. 39.###觀察其日誌文件### 40.[[email protected] keepalived-1.2.13]# tail -f /var/log/messages 41.Aug 3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014) 42.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180 43.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181 44.####當前的IP地址#### 45.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP 1.1.1.10 added 46.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added 47.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector 48.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel 49.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added 50.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added 51.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector 52.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel 53.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel 54.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file ‘/etc/keepalived/keepalived.conf‘. 55.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes 56.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector... 57.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] 58.###打開並加載配置文件#### 59.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Opening file ‘/etc/keepalived/keepalived.conf‘. 60.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Configuration is using : 7377 Bytes 61.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Using LinkWatch kernel netlink reflector... 62.####切換為Master 狀態#### 63.Aug 3 00:02:14 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Transition to MASTER STATE 64.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Entering MASTER STATE 65.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs. 66.####在接口上添加VIP### 67.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100 68.Aug 3 00:02:15 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.100 added 69.Aug 3 00:02:20 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100 70. 71. 72.###查看是否添加VIP### 73.[[email protected] keepalived-1.2.13]# ip a show|awk ‘/inet\ /‘ 74. inet 127.0.0.1/8 scope host lo 75. inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1 76. inet 1.1.1.100/32 scope global eth1 77. 78.停止MASTER,查看BACKUP的狀態轉移 79.[[email protected] keepalived-1.2.13]# service keepalived stop 80.Stopping keepalived: [ OK ] 81. 82. 83.[[email protected] keepalived-1.2.13]# tail -f /var/log/messages 84.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: Using LinkWatch kernel netlink reflector... 85.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering BACKUP STATE 86.Aug 3 00:05:01 nginx-two Keepalived_healthcheckers[5147]: Using LinkWatch kernel netlink reflector... 87.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] 88.Aug 3 00:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Transition to MASTER STATE 89.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering MASTER STATE 90.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs. 91.Aug 3 00:05:41 nginx-two Keepalived_healthcheckers[5147]: Netlink reflector reports IP 1.1.1.100 added 92.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100 93.Aug 3 00:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100 94. 95.####和路由協議一樣,當MASTER上線被檢測到會搶占VIP,可以想象的到,Keepalived也支持非搶占模式,只有BACKUP在變成MASTER後宕機了,才會轉移VIP,說起來怎麽這麽繞口####
定義Keepalived的檢測機制
###一只簡單的腳本判斷nginx 是否在工作### [[email protected] ~]# cat nginx_check.sh #!/bin/bash alive=`netstat -pant|awk ‘/0.0.0.0:80/&&/LISTEN/‘|wc -l` if[ $alive -eq 1];then exit 0 else exit 1 fi ###增加keepalived配置### vrrp_script nginx_check { script "/root/nginx_check.sh" interval 1 ###檢測時間間隔 1s### weigh -60 ###如果條件成立,權重-60### } ####將track_script塊加入instance 配置塊#### track_script { nginx_check } [[email protected] ~]# service keepalived restart Stopping keepalived:[ OK ] Starting keepalived:[ OK ] ###無須質疑,只要nginx 的80端口是正常監聽的,主就還是主### [[email protected] ~]# ip a show|awk ‘/inet\ /‘ inet 127.0.0.1/8 scope host lo inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1 inet 1.1.1.100/32 scope global eth1 ###停止Nginx服務### [[email protected] ~]# service nginx stop Stopping nginx:[ OK ] ###看看日誌### Aug300:52:13Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Entering FAULT STATE Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs. Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Nowin FAULT state Aug300:52:14Nginx-one Keepalived_healthcheckers[8489]:Netlink reflector reports IP 1.1.1.100 removed ###Backup機器變成Master了### [[email protected] ~]# ip a show|awk ‘/inet\ /‘ inet 127.0.0.1/8 scope host lo inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1 inet 1.1.1.100/32 scope global eth1
Keepalived 的安裝和配置