高可用服務之Keepalived基礎入門
前面咱們聊了聊高可用集羣corosync+pacemaker的相關概念以及相關工具的使用和說明,回顧請參考https://www.cnblogs.com/qiuhom-1874/category/1838133.html;今天咱們說一下高可用服務keepalived;html
keepalived相對corosync+pacemaker這種高可用集羣,它要輕量不少;它的工做原理就是vrrp的實現;vrrp(Virtual Router Redundancy Protocol,虛擬路由冗餘協議 ),設計之初它主要用於對LVS集羣的高可用,同時它也可以對LVS後端real server作健康狀態檢測;它主要功能有基於vrrp協議完成地址流動,從而實現服務的故障轉移;爲VIP地址所在的節點生成ipvs規則;爲ipvs集羣的各RS作健康狀態檢測;基於腳本調用接口經過執行腳本完成腳本中定義的功能,進而影響集羣事務;node
keepalved架構linux
提示:keepalived的主要由vrrp stack、checkers、ipvs wrapper以及控制組件配置文件分析器,IO複用器,內存管理這些組件組成,其中vrrp stack 是用來實現vip的高可用;checkers用於基於不一樣協議對後端服務作檢測,它兩都是基於系統調用和SMTP協議來完成對vip的轉移,以及故障轉移後的郵件通知,以及vip和後端服務的檢測;ipvs wrapper主要用於生成ipvs規則;而對於keepalved的核心組件vrrp stack 和checkers是由watchdog進程一直監控着,一旦vrrp stack 或者checkers宕掉,watchdog會當即啓動一個新的vrrp stack或checkers,從而保證了keepalived自身的組件的高可用;web
keepalived實現後端
環境說明bash
準備兩臺keepalived服務器,各server必須知足時間同步,確保iptables及selinux都是關閉着;若是有必要能夠配置各節點經過hosts文件解析以及各節點的ssh互信,後面的主機名解析和ssh互信不是必須的;服務器
提示:有關ssh互信,能夠參考本人博客http://www.javashuo.com/article/p-rjibahxc-bk.html;除了確保以上幾條外,還須要確保咱們的網卡支持多播功能;架構
提示:若是網卡沒有啓動多播功能須要用ip link set multicast on dev 網卡名稱便可;app
安裝keepalived程序包ssh
yum install keepalived -y
提示:兩節點都要安裝;
查看keepalived的程序環境
[root@node01 ~]# rpm -ql keepalived /etc/keepalived /etc/keepalived/keepalived.conf /etc/sysconfig/keepalived /usr/bin/genhash /usr/lib/systemd/system/keepalived.service /usr/libexec/keepalived /usr/sbin/keepalived /usr/share/doc/keepalived-1.3.5 /usr/share/doc/keepalived-1.3.5/AUTHOR /usr/share/doc/keepalived-1.3.5/CONTRIBUTORS /usr/share/doc/keepalived-1.3.5/COPYING /usr/share/doc/keepalived-1.3.5/ChangeLog /usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt /usr/share/doc/keepalived-1.3.5/README /usr/share/doc/keepalived-1.3.5/TODO /usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS /usr/share/doc/keepalived-1.3.5/samples /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6 /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync /usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh /usr/share/man/man1/genhash.1.gz /usr/share/man/man5/keepalived.conf.5.gz /usr/share/man/man8/keepalived.8.gz /usr/share/snmp/mibs/KEEPALIVED-MIB.txt /usr/share/snmp/mibs/VRRP-MIB.txt /usr/share/snmp/mibs/VRRPv3-MIB.txt [root@node01 ~]#
提示:主配置文件是/etc/keepalived/keepalived.conf;主程序文件/usr/sbin/keepalived;unit file是/usr/lib/systemd/system/keepalived.service;unit file的環境配置文件是/etc/sysconfig/keepalived;
keepalived默認配置
[root@node01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@node01 ~]#
提示:keepalived的配置文件主要由global configuration、vrrpdconfiguration、LVS configuration這三部分配置段組成;其中global配置段主要定義全局屬性以及靜態路由和地址相關配置;vrrp配置段主要定義VRRP實例或vrrp同步組相關配置;LVS配置段主要定義IPVS集羣和LVS後端各real server相關的配置;
keepalived配置說明
全局配置經常使用指令說明
global_defs {...}:用於定義全局配置段,在這個配置段裏能夠配置全局屬性,以及郵件通知相關配置;
notification_email {...}:該配置段是globald_defs配置段的一個子配置段用於配置當集羣發生狀態變化時,接受通知的郵箱;
notification_email_from:用於指定發送郵件的發件人郵箱地址;
smtp_server:用於指定郵件服務器地址;
smtp_connect_timeout:用於指定郵件服務器鏈接超時時間;
router_id:集羣節點ID,一般這個ID是惟一的,不和其餘節點相同;
vrrp_skip_check_adv_addr:忽略檢查通告vrrp通告和上一次接收的vrrp是同master地址的通告;
vrrp_strict:嚴格遵照VRRP協議;
vrrp_garp_interval:設定同一接口的兩次arp廣播的延遲時長,默認爲0表示不延遲;
vrrp_gna_interval:設定同一接口的兩次na消息延遲時長,默認爲0表示不延遲;
vrrp_mcast_group4:設定組播ip地址,默認是224.0.0.18;組播地址是一個D類地址,它的範圍是224.0.0.0-239.255.255.255;
vrrp_iptables:關閉生成iptables規則;
vrrp實例經常使用指令
vrrp_instance:指定一個vrrp示例名稱,並引用一個配置實例上下文配置段用大括號括起來;
state:用於定義該vrrp實例的角色,經常使用的有MASTER和BACKUP兩個角色,而且多個節點上同虛擬路由id的實例,只能有一個MASTER角色且優先級是最高的,其餘的都爲BACKUP優先級都要略小於MASTER角色的優先級;
interface:用於指定vrrp實例的網卡名稱,就是把vip配置在那個接口上;
virtual_router_id:虛擬路由ID取值範圍是0-255;
advert_int:指定發送心跳間隔時長,默認是1秒;
priority:指定該實例的優先級;
authentication {...}:用於定義認證信息;
auth_type:指定認證類型,經常使用認證類型有PASS和AH,PASS指簡單的密碼認證,AH指IPSEC認證;若是使用PASS類型,默認只會取前8個字符做爲認證密碼;
auth_pass:指定認證密碼;
virtual_ipaddress {..}:用於設定虛擬ip地址的配置,用大括號括起來;定義虛擬ip的語法格式爲:<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>;其中brd用於指定廣播地址,dev用於指定接口名稱,scope用於指定做用域,label用於指定別名;能夠配置多個虛擬ip,一般一個實例中只配置一個虛擬ip;
示例:在node01和node02利用keepalived配置vip192.168.0.33
node01上的配置
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from node01_keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node01 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_mcast_group4 224.0.12.132 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 12345678 } virtual_ipaddress { 192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1 } }
node02上的配置
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from node02_keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node02 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_mcast_group4 224.0.12.132 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 12345678 } virtual_ipaddress { 192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1 } }
啓動node01和node02上的keepalived
提示:能夠看到把node01上的keepalived啓動起來之後,vip就配置在外面指定的ens33接口上;
提示:能夠看到node02上的keepalived啓動起來之後,vip並無從node01上搶過來,而且在node02上看keepalived的狀態信息,清楚的看到node02以backup角色運行着,這意味着只有當master宕機之後,它纔會有可能把vip搶過來;
在node02上抓包,看看心跳信息是不是咱們指定1秒一個呢?是不是在咱們指定的組播域?
提示:能夠看到node01(MASTER節點)一秒一個心跳報文給指定的組播域發送通告信息,只要在組播域內地主機可以收到MASTER的通告,它們都認爲MASTER還活着,一旦master沒有發通告,那麼backup節點就會觸發從新爭奪VIP;
驗證:把master keepalived停掉,看看VIP是否飄到node02上呢?
提示:能夠看到當把node01上的keepalived停掉之後,對應vip會飄到node02上,而且node02會向組播域一直通告本身的vrrid 優先級 等等信息;
驗證:把node01的keepalived啓動起來,vip是否會被node01搶過去呢?
提示:默認咱們沒有指定是否工做在搶佔模式,默認就爲搶佔模式,意思是隻要對應的組播域有比當前VIP所在節點上的優先級高的通告,擁有VIP的節點會自動把vip讓出來,讓其優先級高的節點應用;
在node02上查看keepalived的狀態以及ip地址信息
提示:從node02的keepalived的狀態信息能夠看到,它接收到更高優先級的通告,而後本身自動移除了VIP ,iptables規則,並工做爲BACKUP角色;
示例:配置keepalived的雙主模型
node01上的配置
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from node01_keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node01 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_mcast_group4 224.0.12.132 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 12345678 } virtual_ipaddress { 192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1 } } vrrp_instance VI_2 { state BACKUP interface ens33 virtual_router_id 52 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 87654321 } virtual_ipaddress { 192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2 } }
node02上的配置
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from node02_keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node02 vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 vrrp_mcast_group4 224.0.12.132 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 12345678 } virtual_ipaddress { 192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1 } } vrrp_instance VI_2 { state MASTER interface ens33 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 87654321 } virtual_ipaddress { 192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2 } }
提示:定義雙主模型,一般咱們會利用兩個vrrp實例來配置,中心思想就是利用兩個節點的兩個vrrp實例,把兩個實例分別在node01和node02上各配置一個實例爲MASTER,對應剩下節點就爲BACKUP;這樣配置之後,重啓keepalived,若是node01和node02都正常在線,那麼對於兩個vip他們會各自佔一個,若是其中一臺server宕機,他們都會把自身爲MASTER角色的vip轉移到另外的節點;
驗證:重啓node01和node02上的keepalived,看看對應vip是否都會在兩個節點各自一個呢?
提示:能夠看到重啓兩個節點上的keepalived後,根據咱們配置的初始化角色各自都佔用了一個vip;這樣咱們只需在把對位的域名(若是是web服務)的A記錄解析分別解析到這兩個vip後,這兩個vip就能夠各自承擔一部分請求,從而實現兩個keepalived都在工做;
驗證:把node01宕機之後,看看192.168.0.33這個地址是否會飄到node02上呢?
提示:能夠看到當node01宕機之後,node02就把原來在node01上的vip搶過來應用在自身節點上;這樣一來就實現了把原來訪問192.168.0.33的流量轉移到node02上了;一樣的道理咱們把node02宕機,在node02上的VIP也會轉移到node01上;
- 1. Keepalived高可用服務
- 2. Keepalived高可用服務器
- 3. Keepalived 高可用服務
- 4. Keepalived實現服務高可用
- 5. keepalived實現服務高可用
- 6. lvs+keepalived實現web服務高可用
- 7. keepalived+httpd 作web服務的高可用
- 8. [轉帖]keepalived實現服務高可用
- 9. Haproxy+keepalived高可用代理服務
- 10. keepalived+haproxy搭建高可用服務器
- 更多相關文章...
- • Memcached入門教程 - NoSQL教程
- • Kotlin 基礎語法 - Kotlin 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • YAML 入門教程
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. eclipse設置粘貼字符串自動轉義
- 2. android客戶端學習-啓動模擬器異常Emulator: failed to initialize HAX: Invalid argument
- 3. android.view.InflateException: class com.jpardogo.listbuddies.lib.views.ListBuddiesLayout問題
- 4. MYSQL8.0數據庫恢復 MYSQL8.0ibd數據恢復 MYSQL8.0恢復數據庫
- 5. 你本是一個肉體,是什麼驅使你前行【1】
- 6. 2018.04.30
- 7. 2018.04.30
- 8. 你本是一個肉體,是什麼驅使你前行【3】
- 9. 你本是一個肉體,是什麼驅使你前行【2】
- 10. 【資訊】LocalBitcoins達到每週交易比特幣的7年低點