Keepalived 配置和使用

時間 2019-11-08

原文原文鏈接

keepalived主要用做RealServer的健康狀態檢查以及LoadBalance主機和BackUP主機之間failover的實現。keepalived主要目的在於，其自身啓動一個服務，可以實現工做在雙節點或多個節點上，而且能夠在內核生效的ipvs規則其中當前持有資源的節點被稱爲活躍節點，另外的節點被稱爲備節點被稱爲 Master/Backup。html

VRRP（若是有學習過TCP\IP，這一塊很好理解）：

虛擬路由器冗餘協議（VRRP）是一種選擇協議，它能夠把一個虛擬路由器的責任動態分配到局域網上的 VRRP 路由器中的一臺。控制虛擬路由器 IP 地址的 VRRP 路由器稱爲主路由器，它負責轉發數據包到這些虛擬 IP 地址。一旦主路由器不可用，這種選擇過程就提供了動態的故障轉移機制，這就容許虛擬路由器的 IP 地址能夠做爲終端主機的默認第一跳路由器。使用 VRRP 的好處是有更高的默認路徑的可用性而無需在每一個終端主機上配置動態路由或路由發現協議。 VRRP 包封裝在 IP 包中發送。python

VRRP優先級別：nginx

	VRRP每一個節點是有本身的優先級的，通常優先級是從0-255 ，數字越大優先級越高所以能夠這麼定義： 假如要有一初始化的狀態，其中一節點優先級100 另外一節點優先級99，那麼毫無疑問，誰的優先級高誰就是主節點全部的節點剛啓動後上線都是backup狀態，需經過選舉的方式選擇master，若是其餘節點沒有響應則將本身提高爲master 通告機制： 若是節點之間master出現故障，其會自動轉移當前角色，這時咱們的管理員應該知道其已切換角色keepalived支持郵件發送機制，若是其狀態發生改變的話 能夠經過郵件方式發送給管理員，使管理員第一時間能夠查看其活動狀態，方便以後的運維工做

keepalived核心組成部分c#

vrrp的實現
virtual_server：基於vrrp做爲所謂通告機制之上的
vrrp_script:之外部腳本方式進行檢測

keepalivedcentos

KeepAlived的安裝：bash

[root@Nginx-one ~]# tar zxf keepalived-1.2.13.tar.gz [root@Nginx-one ~]# cd keepalived-1.2.13 [root@Nginx-one keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel [root@Nginx-one keepalived-1.2.13]# ./configure --prefix=/ --mandir=/usr/local/share/man/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/ [root@Nginx-one keepalived-1.2.13]# make && make install Keepalived configuration ------------------------ Keepalived version : 1.2.13 ##version# Compiler : gcc ##編譯工具## Compiler flags : -g -O2 ##參數## Extra Lib : -lssl -lcrypto -lcrypt ##擴展庫## Use IPVS Framework : Yes ##LVS核心代碼框架，不使用LVS能夠編譯時disable-lvs## IPVS sync daemon support : Yes ##IPVS同步進程，是否開啓取決於 IPVS FRAMEWORK### IPVS use libnl : Yes ##是否使用libnl庫## fwmark socket support : Yes ##套接字框架## Use VRRP Framework : Yes ##VRRP框架，keepalived的核心進程vrrpd## Use VRRP VMAC : Yes ##VRRP Virtual mac## SNMP support : No SHA1 support : No Use Debug flags : No [root@Nginx-one keepalived-1.2.13]# make && make install

KeepAlived的全部配置都在一個配置文件裏設置，支持的配置可分爲如下三類：服務器

	1、全局配置（global configure） 2、VRRPD配置 3、LVS配置 很明顯，全局配置就是對整個keepalived生效的配置，無論是否使用LVS，VRRPD是keepalived的核心，LVS配置只在要使用keepalived來配置和管理LVS時使用，若是僅使用keepalived來作HA，LVS不須要配置。 配置文件都是以塊（block）形式組織的，每一個塊都在{}範圍內，#和!表示註釋。

全局定義（global definition）app

global_defs { notification_email { ##指定keepalived在發生事件（如切換）須要發送Email的對象，多個寫多行## itchenyi@gmail.com } notification_email_from itchenyi@gmail.com smtp_server 127.0.0.1 ##SMTP服務器## smtp_connect_timeout 30 ##連接超時時間## router_id Nginx-one ##路由標識，這裏用主機名## }

VRRPD配置（VRRP同步組（syncchroization group）和 VRRP實例（VRRP instance））

不使用SYNC Group的話，若是路由有2個網段，一個內網，一個外網，每一個網段開啓一個VRRP實例，假設VRRP配置爲檢查內網，那麼當外網出現問題時，VRRPD會認爲本身是健康的，則不會發送Master和Backup的切換，從而致使問題，Sync Group能夠把兩個實例都放入Sync Group，這樣的話，Group 裏任何一個實例出現問題都會發生切換。框架

vrrp_instance VI_1 { ##虛擬路由標識## state MASTER ##初始狀態，默認，選舉產生後才能夠升級爲Master ，這裏明肯定義其爲Master## interface eth1 ##選舉經過那個網卡接口## virtual_router_id 10 ##虛擬路由的ID號，通常不大於255，可選IP最後一段使用## priority 100 ##初始優先級，選舉過程當中判斷的依據，和路由的概念同樣## advert_int 1 ##檢查間隔，默認1s## authentication { ##認證機制## auth_type PASS ##認證方式，PASS爲明文## auth_pass ipython ##認證密碼## } virtual_ipaddress { ##虛擬地址池## 1.1.1.100 } } ###後面的配置參數 先刪刪掉吧###

配置Backup 配置以下：運維

[root@nginx-two keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { itchenyi@gmail.com } notification_email_from itchenyi@gmail.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id nginx-two } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 20 priority 50 advert_int 1 authentication { auth_type PASS auth_pass ipython } virtual_ipaddress { 1.1.1.100 } } ###其餘配置：#### nopreempt 設置爲不搶佔，這個配置只能設置在state爲BACKUP的節點上，而且這個機器的優先級必須比另外一臺高 preempt_delay 搶佔延遲，默認5分鐘 debug debug級別 notify_master 切換到Master時執行的腳本 ##start## [root@Nginx-one keepalived-1.2.13]# service keepalived start Starting keepalived: [ OK ] ###觀察其日誌文件### [root@Nginx-one keepalived-1.2.13]# tail -f /var/log/messages Aug 3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014) Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180 Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181 ####當前的IP地址#### Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP 1.1.1.10 added Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file '/etc/keepalived/keepalived.conf'. Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector... Aug300:02:13Nginx-one Keepalived_vrrp[8181]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]###打開並加載配置文件####Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Opening file '/etc/keepalived/keepalived.conf'.Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Configurationisusing:7377BytesAug300:02:13Nginx-one Keepalived_healthcheckers[8180]:UsingLinkWatch kernel netlink reflector...####切換爲Master 狀態####Aug300:02:14Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Transition to MASTER STATE Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Entering MASTER STATE Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs.####在接口上添加VIP###Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:02:15Nginx-one Keepalived_healthcheckers[8180]:Netlink reflector reports IP 1.1.1.100 added Aug300:02:20Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100###查看是否添加VIP###[root@Nginx-one keepalived-1.2.13]# ip a show|awk '/inet\ /' inet 127.0.0.1/8 scope host lo inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1 inet 1.1.1.100/32 scope global eth1 中止MASTER，查看BACKUP的狀態轉移[root@Nginx-one keepalived-1.2.13]# service keepalived stop Stopping keepalived:[ OK ][root@nginx-two keepalived-1.2.13]# tail -f /var/log/messages Aug300:05:01 nginx-two Keepalived_vrrp[5148]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering BACKUP STATE Aug300:05:01 nginx-two Keepalived_healthcheckers[5147]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]Aug300:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Transition to MASTER STATE Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering MASTER STATE Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs.Aug300:05:41 nginx-two Keepalived_healthcheckers[5147]:Netlink reflector reports IP 1.1.1.100 added Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100####和路由協議同樣，當MASTER上線被檢測到會搶佔VIP，能夠想象的到，Keepalived也支持非搶佔模式，只有BACKUP在變成MASTER後宕機了，纔會轉移VIP，提及來怎麼這麼繞口####

定義Keepalived的檢測機制

###一隻簡單的腳本判斷nginx 是否在工做### [root@nginx-two ~]# cat nginx_check.sh #!/bin/bash alive=`netstat -pant|awk '/0.0.0.0:80/&&/LISTEN/'|wc -l` if [ $alive -eq 1 ]; then exit 0 else exit 1 fi ###增長keepalived配置### vrrp_script nginx_check { script "/root/nginx_check.sh" interval 1 ###檢測時間間隔 1s### weigh -60 ###若是條件成立，權重-60### } ####將track_script塊加入instance 配置塊#### track_script { nginx_check } [root@Nginx-one ~]# service keepalived restart Stopping keepalived: [ OK ] Starting keepalived: [ OK ] ###無須質疑，只要nginx 的80端口是正常監聽的，主就仍是主### [root@Nginx-one ~]# ip a show|awk '/inet\ /' inet 127.0.0.1/8 scope host lo inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1 inet 1.1.1.100/32 scope global eth1 ###中止Nginx服務### [root@Nginx-one ~]# service nginx stop Stopping nginx: [ OK ] 看看日誌 Aug 3 00:52:13 Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed Aug 3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Entering FAULT STATE Aug 3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs. Aug 3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Now in FAULT state Aug 3 00:52:14 Nginx-one Keepalived_healthcheckers[8489]: Netlink reflector reports IP 1.1.1.100 removed ###Backup機器變成Master了### [root@nginx-two ~]# ip a show|awk '/inet\ /' inet 127.0.0.1/8 scope host lo inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1 inet 1.1.1.100/32 scope global eth1

» 轉載保留版權： IT辰逸 » 《Keepalived 配置和使用》

» 本文連接地址： http://www.ipython.me/centos/keepalived-config-using.html

» 本文版權採起： BY-NC-SA 協議進行受權，轉載註明出處。除IT-Tools、News以及特別標註，本站全部文章均爲原創。

» 若是喜歡能夠：點此訂閱本站