keepalived相對corosync+pacemaker這種高可用叢集,它要輕量很多;它的工作原理就是vrrp的實作;vrrp(Virtual Router Redundancy Protocol,虛拟路由備援協定 ),設計之初它主要用于對LVS叢集的高可用,同時它也能夠對LVS後端real server做健康狀态檢測;它主要功能有基于vrrp協定完成位址流動,進而實作服務的故障轉移;為VIP位址所在的節點生成ipvs規則;為ipvs叢集的各RS做健康狀态檢測;基于腳本調用接口通過執行腳本完成腳本中定義的功能,進而影響叢集事務;
前面我們聊了聊高可用叢集corosync+pacemaker的相關概念以及相關工具的使用和說明,回顧請參考https://www.cnblogs.com/qiuhom-1874/category/1838133.html;今天我們說一下高可用服務keepalived;
keepalived相對corosync+pacemaker這種高可用叢集,它要輕量很多;它的工作原理就是vrrp的實作;vrrp(Virtual Router Redundancy Protocol,虛拟路由備援協定 ),設計之初它主要用于對LVS叢集的高可用,同時它也能夠對LVS後端real server做健康狀态檢測;它主要功能有基于vrrp協定完成位址流動,進而實作服務的故障轉移;為VIP位址所在的節點生成ipvs規則;為ipvs叢集的各RS做健康狀态檢測;基于腳本調用接口通過執行腳本完成腳本中定義的功能,進而影響叢集事務;
keepalved架構
提示:keepalived的主要由vrrp stack、checkers、ipvs wrapper以及控制元件配置檔案分析器,IO複用器,記憶體管理這些元件組成,其中vrrp stack 是用來實作vip的高可用;checkers用于基于不同協定對後端服務做檢測,它兩都是基于系統調用和SMTP協定來完成對vip的轉移,以及故障轉移後的郵件通知,以及vip和後端服務的檢測;ipvs wrapper主要用于生成ipvs規則;而對于keepalved的核心元件vrrp stack 和checkers是由watchdog程序一直監控着,一旦vrrp stack 或者checkers宕掉,watchdog會立即啟動一個新的vrrp stack或checkers,進而保證了keepalived自身的元件的高可用;
keepalived實作
環境說明
準備兩台keepalived伺服器,各server必須滿足時間同步,確定iptables及selinux都是關閉着;如果有必要可以配置各節點通過hosts檔案解析以及各節點的ssh互信,後面的主機名解析和ssh互信不是必須的;
提示:有關ssh互信,可以參考本人部落格https://www.cnblogs.com/qiuhom-1874/p/11783371.html;除了確定以上幾條外,還需要確定我們的網卡支援多點傳播功能;
提示:如果網卡沒有啟動多點傳播功能需要用ip link set multicast on dev 網卡名稱即可;
安裝keepalived程式包
yum install keepalived -y
提示:兩節點都要安裝;
檢視keepalived的程式環境
[root@node01 ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
/usr/share/doc/keepalived-1.3.5
/usr/share/doc/keepalived-1.3.5/AUTHOR
/usr/share/doc/keepalived-1.3.5/CONTRIBUTORS
/usr/share/doc/keepalived-1.3.5/COPYING
/usr/share/doc/keepalived-1.3.5/ChangeLog
/usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt
/usr/share/doc/keepalived-1.3.5/README
/usr/share/doc/keepalived-1.3.5/TODO
/usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS
/usr/share/doc/keepalived-1.3.5/samples
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync
/usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh
/usr/share/man/man1/genhash.1.gz
/usr/share/man/man5/keepalived.conf.5.gz
/usr/share/man/man8/keepalived.8.gz
/usr/share/snmp/mibs/KEEPALIVED-MIB.txt
/usr/share/snmp/mibs/VRRP-MIB.txt
/usr/share/snmp/mibs/VRRPv3-MIB.txt
[root@node01 ~]#
提示:主配置檔案是/etc/keepalived/keepalived.conf;主程式檔案/usr/sbin/keepalived;unit file是/usr/lib/systemd/system/keepalived.service;unit file的環境配置檔案是/etc/sysconfig/keepalived;
keepalived預設配置
[root@node01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@node01 ~]#
提示:keepalived的配置檔案主要由global configuration、vrrpdconfiguration、LVS configuration這三部配置設定置段組成;其中global配置段主要定義全局屬性以及靜态路由和位址相關配置;vrrp配置段主要定義VRRP執行個體或vrrp同步組相關配置;LVS配置段主要定義IPVS叢集和LVS後端各real server相關的配置;
keepalived配置說明
全局配置常用指令說明
global_defs {...}:用于定義全局配置段,在這個配置段裡可以配置全局屬性,以及郵件通知相關配置;
notification_email {...}:該配置段是globald_defs配置段的一個子配置段用于配置當叢集發生狀态變化時,接受通知的郵箱;
notification_email_from:用于指定發送郵件的發件人郵箱位址;
smtp_server:用于指定郵件伺服器位址;
smtp_connect_timeout:用于指定郵件伺服器連接配接逾時時間;
router_id:叢集節點ID,通常這個ID是唯一的,不和其他節點相同;
vrrp_skip_check_adv_addr:忽略檢查通告vrrp通告和上一次接收的vrrp是同master位址的通告;
vrrp_strict:嚴格遵守VRRP協定;
vrrp_garp_interval:設定同一接口的兩次arp廣播的延遲時長,預設為0表示不延遲;
vrrp_gna_interval:設定同一接口的兩次na消息延遲時長,預設為0表示不延遲;
vrrp_mcast_group4:設定多點傳播ip位址,預設是224.0.0.18;多點傳播位址是一個D類位址,它的範圍是224.0.0.0-239.255.255.255;
vrrp_iptables:關閉生成iptables規則;
vrrp執行個體常用指令
vrrp_instance:指定一個vrrp示例名稱,并引用一個配置執行個體上下文配置段用大括号括起來;
state:用于定義該vrrp執行個體的角色,常用的有MASTER和BACKUP兩個角色,并且多個節點上同虛拟路由id的執行個體,隻能有一個MASTER角色且優先級是最高的,其他的都為BACKUP優先級都要略小于MASTER角色的優先級;
interface:用于指定vrrp執行個體的網卡名稱,就是把vip配置在那個接口上;
virtual_router_id:虛拟路由ID取值範圍是0-255;
advert_int:指定發送心跳間隔時長,預設是1秒;
priority:指定該執行個體的優先級;
authentication {...}:用于定義認證資訊;
auth_type:指定認證類型,常用認證類型有PASS和AH,PASS指簡單的密碼認證,AH指IPSEC認證;如果使用PASS類型,預設隻會取前8個字元作為認證密碼;
auth_pass:指定認證密碼;
virtual_ipaddress {..}:用于設定虛拟ip位址的配置,用大括号括起來;定義虛拟ip的文法格式為:<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>;其中brd用于指定廣播位址,dev用于指定接口名稱,scope用于指定作用域,label用于指定别名;可以配置多個虛拟ip,通常一個執行個體中隻配置一個虛拟ip;
示例:在node01和node02利用keepalived配置vip192.168.0.33
node01上的配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node01_keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.12.132
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1
}
} View Code
node02上的配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node02_keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node02
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.12.132
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1
}
} 啟動node01和node02上的keepalived
提示:可以看到把node01上的keepalived啟動起來以後,vip就配置在外面指定的ens33接口上;
提示:可以看到node02上的keepalived啟動起來以後,vip并沒有從node01上搶過來,并且在node02上看keepalived的狀态資訊,清楚的看到node02以backup角色運作着,這意味着隻有當master當機以後,它才會有可能把vip搶過來;
在node02上抓包,看看心跳資訊是否是我們指定1秒一個呢?是否是在我們指定的多點傳播域?
提示:可以看到node01(MASTER節點)一秒一個心跳封包給指定的多點傳播域發送通告資訊,隻要在多點傳播域内地主機能夠收到MASTER的通告,它們都認為MASTER還活着,一旦master沒有發通告,那麼backup節點就會觸發重新争奪VIP;
驗證:把master keepalived停掉,看看VIP是否飄到node02上呢?
提示:可以看到當把node01上的keepalived停掉以後,對應vip會飄到node02上,并且node02會向多點傳播域一直通告自己的vrrid 優先級 等等資訊;
驗證:把node01的keepalived啟動起來,vip是否會被node01搶過去呢?
提示:預設我們沒有指定是否工作在搶占模式,預設就為搶占模式,意思是隻要對應的多點傳播域有比目前VIP所在節點上的優先級高的通告,擁有VIP的節點會自動把vip讓出來,讓其優先級高的節點應用;
在node02上檢視keepalived的狀态以及ip位址資訊
提示:從node02的keepalived的狀态資訊可以看到,它接收到更高優先級的通告,然後自己自動移除了VIP ,iptables規則,并工作為BACKUP角色;
示例:配置keepalived的雙主模型
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node01_keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node01
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.12.132
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 87654321
}
virtual_ipaddress {
192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2
}
} ! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from node02_keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node02
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.12.132
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1
}
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 87654321
}
virtual_ipaddress {
192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2
}
} 提示:定義雙主模型,通常我們會利用兩個vrrp執行個體來配置,中心思想就是利用兩個節點的兩個vrrp執行個體,把兩個執行個體分别在node01和node02上各配置一個執行個體為MASTER,對應剩下節點就為BACKUP;這樣配置以後,重新開機keepalived,如果node01和node02都正常線上,那麼對于兩個vip他們會各自占一個,如果其中一台server當機,他們都會把自身為MASTER角色的vip轉移到另外的節點;
驗證:重新開機node01和node02上的keepalived,看看對應vip是否都會在兩個節點各自一個呢?
提示:可以看到重新開機兩個節點上的keepalived後,根據我們配置的初始化角色各自都占用了一個vip;這樣我們隻需在把對位的域名(如果是web服務)的A記錄解析分别解析到這兩個vip後,這兩個vip就可以各自承擔一部分請求,進而實作兩個keepalived都在工作;
驗證:把node01當機以後,看看192.168.0.33這個位址是否會飄到node02上呢?
提示:可以看到當node01當機以後,node02就把原來在node01上的vip搶過來應用在自身節點上;這樣一來就實作了把原來通路192.168.0.33的流量轉移到node02上了;同樣的道理我們把node02當機,在node02上的VIP也會轉移到node01上;
作者:Linux-1874
出處:https://www.cnblogs.com/qiuhom-1874/
本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段聲明,且在文章頁面明顯位置給出原文連接配接,否則保留追究法律責任的權利.