共计 8668 个字符,预计需要花费 22 分钟才能阅读完成。
| 导读 | keepalived 主要用作 RealServer 的健康状态检查以及 LoadBalance 主机和 BackUP 主机之间 failover 的实现。keepalived 主要目的在于,其自身启动一个服务,能够实现工作在双节点或多个节点上,并且可以在内核生效的 ipvs 规则其中当前持有资源的节点被称为活跃节点,另外的节点被称为备节点被称为 Master/Backup。 |
VRRP(如果有学习过 TCP\IP,这一块很好理解):
虚拟路由器冗余协议(VRRP)是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。VRRP 包封装在 IP 包中发送。
VRRP 优先级别:
VRRP 每个节点是有自己的优先级的,一般优先级是从 0 -255,数字越大优先级越高因此可以这么定义:假如要有一初始化的状态,其中一节点优先级 100 另一节点优先级 99,那么毫无疑问,谁的优先级高谁就是主节点所有的节点刚启动后上线都是 backup 状态,需通过选举的方式选择 master,如果其他节点没有响应则将自己提升为 master
通告机制:如果节点之间 master 出现故障,其会自动转移当前角色,这时我们的管理员应该知道其已切换角色 keepalived 支持邮件发送机制,如果其状态发生改变的话可以通过邮件方式发送给管理员,使管理员第一时间可以查看其活动状态,方便之后的运维工作
keepalived 核心组成部分
1.vrrp 的实现
2.virtual_server:基于 vrrp 作为所谓通告机制之上的
3.vrrp_script: 以外部脚本方式进行检测
KeepAlived 的安装:
[root@Nginx-one ~]# tar zxf keepalived-1.2.13.tar.gz
[root@Nginx-one ~]# cd keepalived-1.2.13
[root@Nginx-one keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel
[root@Nginx-one keepalived-1.2.13]#./configure --prefix=/ --mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[root@Nginx-one keepalived-1.2.13]# make && make install
Keepalived configuration
------------------------
Keepalived version :1.2.13 ##version##
Compiler: gcc ## 编译工具 ##
Compiler flags :-g -O2 ## 参数 ##
ExtraLib:-lssl -lcrypto -lcrypt ## 扩展库 ##
Use IPVS Framework:Yes ##LVS 核心代码框架,不使用 LVS 可以编译时 disable-lvs##
IPVS sync daemon support :Yes ##IPVS 同步进程,是否开启取决于 IPVS FRAMEWORK###
IPVS use libnl :Yes ## 是否使用 libnl 库 ##
fwmark socket support :Yes ## 套接字框架 ##
Use VRRP Framework:Yes ##VRRP 框架,keepalived 的核心进程 vrrpd##
Use VRRP VMAC :Yes ##VRRP Virtual mac##
SNMP support :No
SHA1 support :No
UseDebug flags :No
[root@Nginx-one keepalived-1.2.13]# make && make installKeepAlived 的所有配置都在一个配置文件里设置,支持的配置可分为以下三类:
1、全局配置(global configure)
2、VRRPD 配置
3、LVS 配置
很明显,全局配置就是对整个 keepalived 生效的配置,不管是否使用 LVS,VRRPD 是 keepalived 的核心,LVS 配置只在要使用 keepalived 来配置和管理 LVS 时使用,如果仅使用 keepalived 来做 HA,LVS 不需要配置。
配置文件都是以块(block)形式组织的,每个块都在 {} 范围内,# 和! 表示注释。
全局定义(global definition)
global_defs {
notification_email {## 指定 keepalived 在发生事件(如切换)需要发送 Email 的对象,多个写多行 ##
itchenyi@gmail.com
}
notification_email_from itchenyi@gmail.com
smtp_server 127.0.0.1##SMTP 服务器 ##
smtp_connect_timeout 30## 链接超时时间 ##
router_id Nginx-one ## 路由标识,这里用主机名 ##
}VRRPD 配置(VRRP 同步组(syncchroization group)和 VRRP 实例(VRRP instance))
不 使用 SYNC Group 的话,如果路由有 2 个网段,一个内网,一个外网,每个网段开启一个 VRRP 实例,假设 VRRP 配置为检查内网,那么当外网出现问题 时,VRRPD 会认为自己是健康的,则不会发送 Master 和 Backup 的切换,从而导致问题,Sync Group 可以把两个实例都放入 Sync Group,这样的话,Group 里任何一个实例出现问题都会发生切换。
vrrp_instance VI_1 { ## 虚拟路由标识 ##
state MASTER ## 初始状态,默认,选举产生后才可以升级为 Master,这里明确定义其为 Master##
interface eth1 ## 选举通过那个网卡接口 ##
virtual_router_id 10 ## 虚拟路由的 ID 号,一般不大于 255,可选 IP 最后一段使用 ##
priority 100 ## 初始优先级,选举过程中判断的依据,和路由的概念一样 ##
advert_int 1 ## 检查间隔,默认 1s##
authentication { ## 认证机制 ##
auth_type PASS ## 认证方式,PASS 为明文 ##
auth_pass ipython ## 认证密码 ##
}
virtual_ipaddress { ## 虚拟地址池 ##
1.1.1.100
}
}配置 Backup 配置如下:
[root@nginx-two keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf
2.! Configuration File for keepalived
3.
4.global_defs {
5. notification_email {
6. itchenyi@gmail.com
7. }
8. notification_email_from itchenyi@gmail.com
9. smtp_server 127.0.0.1
10. smtp_connect_timeout 30
11. router_id nginx-two
12.}
13.
14.vrrp_instance VI_1 {
15. state BACKUP
16. interface eth1
17. virtual_router_id 20
18. priority 50
19. advert_int 1
20. authentication {
21. auth_type PASS
22. auth_pass ipython
23. }
24. virtual_ipaddress {
25. 1.1.1.100
26. }
27.}
28.
29.### 其他配置:####
30. nopreempt 设置为不抢占,这个配置只能设置在 state 为 BACKUP 的节点上,并且这个机器的优先级必须比另一台高
31. preempt_delay 抢占延迟,默认 5 分钟
32. debug debug 级别
33. notify_master 切换到 Master 时执行的脚本
34.
35.##start##
36.[root@Nginx-one keepalived-1.2.13]# service keepalived start
37.Starting keepalived: [OK]
38.
39.### 观察其日志文件 ###
40.[root@Nginx-one keepalived-1.2.13]# tail -f /var/log/messages
41.Aug 3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014)
42.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180
43.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181
44.#### 当前的 IP 地址 ####
45.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP 1.1.1.10 added
46.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
47.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector
48.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel
49.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added
50.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
51.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector
52.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel
53.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel
54.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file '/etc/keepalived/keepalived.conf'.
55.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes
56.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector...
57.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
58.### 打开并加载配置文件 ####
59.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Opening file '/etc/keepalived/keepalived.conf'.
60.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Configuration is using : 7377 Bytes
61.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Using LinkWatch kernel netlink reflector...
62.#### 切换为 Master 状态 ####
63.Aug 3 00:02:14 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Transition to MASTER STATE
64.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Entering MASTER STATE
65.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs.
66.#### 在接口上添加 VIP###
67.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
68.Aug 3 00:02:15 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.100 added
69.Aug 3 00:02:20 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
70.
71.
72.### 查看是否添加 VIP###
73.[root@Nginx-one keepalived-1.2.13]# ip a show|awk '/inet\ /'
74. inet 127.0.0.1/8 scope host lo
75. inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
76. inet 1.1.1.100/32 scope global eth1
77.
78. 停止 MASTER,查看 BACKUP 的状态转移
79.[root@Nginx-one keepalived-1.2.13]# service keepalived stop
80.Stopping keepalived: [OK]
81.
82.
83.[root@nginx-two keepalived-1.2.13]# tail -f /var/log/messages
84.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: Using LinkWatch kernel netlink reflector...
85.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering BACKUP STATE
86.Aug 3 00:05:01 nginx-two Keepalived_healthcheckers[5147]: Using LinkWatch kernel netlink reflector...
87.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
88.Aug 3 00:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Transition to MASTER STATE
89.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering MASTER STATE
90.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs.
91.Aug 3 00:05:41 nginx-two Keepalived_healthcheckers[5147]: Netlink reflector reports IP 1.1.1.100 added
92.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
93.Aug 3 00:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
94.
95.#### 和路由协议一样,当 MASTER 上线被检测到会抢占 VIP,可以想象的到,Keepalived 也支持非抢占模式,只有 BACKUP 在变成 MASTER 后宕机了,才会转移 VIP,说起来怎么这么绕口 ####定义 Keepalived 的检测机制
### 一只简单的脚本判断 nginx 是否在工作 ###
[root@nginx-two ~]# cat nginx_check.sh
#!/bin/bash
alive=`netstat -pant|awk '/0.0.0.0:80/&&/LISTEN/'|wc -l`
if[$alive -eq 1];then
exit 0
else
exit 1
fi
### 增加 keepalived 配置 ###
vrrp_script nginx_check
{
script "/root/nginx_check.sh"
interval 1 ### 检测时间间隔 1s###
weigh -60 ### 如果条件成立,权重 -60###
}
#### 将 track_script 块加入 instance 配置块 ####
track_script
{nginx_check}
[root@Nginx-one ~]# service keepalived restart
Stopping keepalived:[OK]
Starting keepalived:[OK]
### 无须质疑,只要 nginx 的 80 端口是正常监听的,主就还是主 ###
[root@Nginx-one ~]# ip a show|awk '/inet\ /'
inet 127.0.0.1/8 scope host lo
inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
inet 1.1.1.100/32 scope global eth1
### 停止 Nginx 服务 ###
[root@Nginx-one ~]# service nginx stop
Stopping nginx:[OK]
### 看看日志 ###
Aug300:52:13Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Entering FAULT STATE
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs.
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Nowin FAULT state
Aug300:52:14Nginx-one Keepalived_healthcheckers[8489]:Netlink reflector reports IP 1.1.1.100 removed
###Backup 机器变成 Master 了 ###
[root@nginx-two ~]# ip a show|awk '/inet\ /'
inet 127.0.0.1/8 scope host lo
inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1
inet 1.1.1.100/32 scope global eth1
正文完
星哥玩云-微信公众号
