Keepalived 配置和使用

keepalived主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。keepalived主要目的在于,其自身启动一个服务,能够实现工作在双节点或多个节点上,并且可以在内核生效的ipvs规则其中当前持有资源的节点被称为活跃节点,另外的节点被称为备节点被称为 Master/Backup。

VRRP(如果有学习过TCP\IP,这一块很好理解):

虚拟路由器冗余协议(VRRP)是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。 VRRP 包封装在 IP 包中发送。

VRRP优先级别:

	VRRP每个节点是有自己的优先级的,一般优先级是从0-255 ,数字越大优先级越高因此可以这么定义:

		假如要有一初始化的状态,其中一节点优先级100 另一节点优先级99,那么毫无疑问,谁的优先级高谁就是主节点所有的节点刚启动后上线都是backup状态,需通过选举的方式选择master,如果其他节点没有响应则将自己提升为master

通告机制:
	如果节点之间master出现故障,其会自动转移当前角色,这时我们的管理员应该知道其已切换角色keepalived支持邮件发送机制,如果其状态发生改变的话 可以通过邮件方式发送给管理员,使管理员第一时间可以查看其活动状态,方便之后的运维工作

keepalived核心组成部分

  1. vrrp的实现
  2. virtual_server:基于vrrp作为所谓通告机制之上的
  3. vrrp_script:以外部脚本方式进行检测

keepalived

KeepAlived的安装:

[[email protected]-one ~]# tar zxf keepalived-1.2.13.tar.gz
[[email protected]-one ~]# cd keepalived-1.2.13
[[email protected]-one keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel
[[email protected]-one keepalived-1.2.13]# ./configure --prefix=/ --mandir=/usr/local/share/man/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[[email protected]-one keepalived-1.2.13]# make && make install

Keepalived configuration
------------------------
Keepalived version       : 1.2.13			##version#
Compiler                 : gcc				##编译工具##
Compiler flags           : -g -O2			##参数##
Extra Lib                : -lssl -lcrypto -lcrypt 	##扩展库##
Use IPVS Framework       : Yes				##LVS核心代码框架,不使用LVS可以编译时disable-lvs##
IPVS sync daemon support : Yes				##IPVS同步进程,是否开启取决于 IPVS FRAMEWORK###
IPVS use libnl           : Yes				##是否使用libnl库##
fwmark socket support    : Yes				##套接字框架##
Use VRRP Framework       : Yes				##VRRP框架,keepalived的核心进程vrrpd##
Use VRRP VMAC            : Yes				##VRRP Virtual mac##
SNMP support             : No
SHA1 support             : No
Use Debug flags          : No

[[email protected]-one keepalived-1.2.13]# make && make install

KeepAlived的所有配置都在一个配置文件里设置,支持的配置可分为以下三类:

	1、全局配置(global configure)
	2、VRRPD配置
	3、LVS配置

	很明显,全局配置就是对整个keepalived生效的配置,不管是否使用LVS,VRRPD是keepalived的核心,LVS配置只在要使用keepalived来配置和管理LVS时使用,如果仅使用keepalived来做HA,LVS不需要配置。

	配置文件都是以块(block)形式组织的,每个块都在{}范围内,#和!表示注释。

全局定义(global definition)

global_defs {
   notification_email {		##指定keepalived在发生事件(如切换)需要发送Email的对象,多个写多行##
     [email protected].com
   }
   notification_email_from [email protected].com
   smtp_server 127.0.0.1		##SMTP服务器##
   smtp_connect_timeout 30		##链接超时时间##
   router_id Nginx-one			##路由标识,这里用主机名##
}

VRRPD配置(VRRP同步组(syncchroization group) 和 VRRP实例 (VRRP instance))

不使用SYNC Group的话,如果路由有2个网段,一个内网,一个外网,每个网段开启一个VRRP实例,假设VRRP配置为检查内网,那么当外网出现问题时,VRRPD会认为自己是健康的,则不会发送Master和Backup的切换,从而导致问题,Sync Group可以把两个实例都放入Sync Group,这样的话,Group 里任何一个实例出现问题都会发生切换。

vrrp_instance VI_1 { ##虚拟路由标识##
state MASTER ##初始状态,默认,选举产生后才可以升级为Master ,这里明确定义其为Master##
interface eth1 ##选举通过那个网卡接口##
virtual_router_id 10 ##虚拟路由的ID号,一般不大于255,可选IP最后一段使用##
priority 100 ##初始优先级,选举过程中判断的依据,和路由的概念一样##
advert_int 1 ##检查间隔,默认1s##
authentication { ##认证机制##
auth_type PASS ##认证方式,PASS为明文##
auth_pass ipython ##认证密码##
}
virtual_ipaddress { ##虚拟地址池##
1.1.1.100
}
}
###后面的配置参数 先删删掉吧###

配置Backup 配置如下:

[[email protected]-two keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected].com
   }
   notification_email_from [email protected].com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id nginx-two
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 20
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ipython
    }
    virtual_ipaddress {
        1.1.1.100
    }
}

###其他配置:####

	nopreempt 设置为不抢占,这个配置只能设置在state为BACKUP的节点上,并且这个机器的优先级必须比另一台高
	preempt_delay 抢占延迟,默认5分钟
	debug debug级别
	notify_master 切换到Master时执行的脚本

##start##
[[email protected]-one keepalived-1.2.13]# service keepalived start
Starting keepalived:                                       [  OK  ]

###观察其日志文件###
[[email protected]-one keepalived-1.2.13]# tail -f /var/log/messages
Aug  3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014)
Aug  3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180
Aug  3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181
####当前的IP地址####
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP 1.1.1.10 added
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel
Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added
Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel
Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file ‘/etc/keepalived/keepalived.conf‘.
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes
Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector...
Aug300:02:13Nginx-one Keepalived_vrrp[8181]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]###打开并加载配置文件####Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Opening file ‘/etc/keepalived/keepalived.conf‘.Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Configurationisusing:7377BytesAug300:02:13Nginx-one Keepalived_healthcheckers[8180]:UsingLinkWatch kernel netlink reflector...####切换为Master 状态####Aug300:02:14Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Transition to MASTER STATE
Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Entering MASTER STATE
Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs.####在接口上添加VIP###Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:02:15Nginx-one Keepalived_healthcheckers[8180]:Netlink reflector reports IP 1.1.1.100 added
Aug300:02:20Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100###查看是否添加VIP###[[email protected]-one keepalived-1.2.13]# ip a show|awk ‘/inet\ /‘
    inet 127.0.0.1/8 scope host lo
    inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
    inet 1.1.1.100/32 scope global eth1

停止MASTER,查看BACKUP的状态转移[[email protected]-one keepalived-1.2.13]# service keepalived stop
Stopping keepalived:[  OK  ][[email protected]-two keepalived-1.2.13]# tail -f /var/log/messages
Aug300:05:01 nginx-two Keepalived_vrrp[5148]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering BACKUP STATE
Aug300:05:01 nginx-two Keepalived_healthcheckers[5147]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]Aug300:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Transition to MASTER STATE
Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering MASTER STATE
Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs.Aug300:05:41 nginx-two Keepalived_healthcheckers[5147]:Netlink reflector reports IP 1.1.1.100 added
Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100####和路由协议一样,当MASTER上线被检测到会抢占VIP,可以想象的到,Keepalived也支持非抢占模式,只有BACKUP在变成MASTER后宕机了,才会转移VIP,说起来怎么这么绕口####

定义Keepalived的检测机制

###一只简单的脚本判断nginx 是否在工作###
[[email protected]-two ~]# cat nginx_check.sh
#!/bin/bash
alive=`netstat -pant|awk ‘/0.0.0.0:80/&&/LISTEN/‘|wc -l`
if [ $alive -eq 1 ]; then
    exit 0
else
    exit 1
fi

###增加keepalived配置###
vrrp_script nginx_check
{
    script "/root/nginx_check.sh"
    interval 1		###检测时间间隔 1s###
    weigh -60		###如果条件成立,权重-60###
}

####将track_script块加入instance 配置块####
    track_script
    {
        nginx_check
    }

[[email protected]-one ~]# service keepalived restart
Stopping keepalived:                                       [  OK  ]
Starting keepalived:                                       [  OK  ]

###无须质疑,只要nginx 的80端口是正常监听的,主就还是主###
[[email protected]-one ~]# ip a show|awk ‘/inet\ /‘
    inet 127.0.0.1/8 scope host lo
    inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
    inet 1.1.1.100/32 scope global eth1

###停止Nginx服务###
[[email protected]-one ~]# service nginx stop
Stopping nginx:                                            [  OK  ]

看看日志
Aug  3 00:52:13 Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed
Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Entering FAULT STATE
Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs.
Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Now in FAULT state
Aug  3 00:52:14 Nginx-one Keepalived_healthcheckers[8489]: Netlink reflector reports IP 1.1.1.100 removed

###Backup机器变成Master了###
[[email protected]-two ~]# ip a show|awk ‘/inet\ /‘
    inet 127.0.0.1/8 scope host lo
    inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1
    inet 1.1.1.100/32 scope global eth1

» 转载保留版权:IT辰逸 » 《Keepalived 配置和使用》

» 本文链接地址:http://www.ipython.me/centos/keepalived-config-using.html

» 本文版权采取:BY-NC-SA 协议进行授权,转载注明出处。除IT-Tools、News以及特别标注,本站所有文章均为原创。

» 如果喜欢可以:点此订阅本站

Keepalived 配置和使用,布布扣,bubuko.com

时间: 2024-10-19 11:19:29

Keepalived 配置和使用的相关文章

Keepalived 配置实例

Keepalived 是一款轻量级HA集群应用,它的设计初衷是为了做LVS集群的HA,即探测LVS健康情况,从而进行主备切换,不仅如此,还能够探测LVS代理的后端主机的健康状况,动态修改LVS转发规则. 当LVS进行主备切换的时候,对外提供服务的IP是如何做到切换的呢?这就依赖于keepalived 所应用的vrrp协议,即Virtual Reduntant  Routing Protocol,虚拟冗余路由协议.简单来讲,此协议是将IP设置在虚拟接口之上,根据一定的规则实现IP在物理主机上流动,

LVS + Keepalived 配置

#keepalived 配置 ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } ########VRRP Instance######## vrrp_instance VI_1 { state MASTER #指定Keepalived的角色,MASTER为主机服务器,BACKUP为备用服务器 interface eth2 #BACKUP为备用服务器 virtual_router_id 31 priori

CentOS Linux 负载均衡高可用WEB集群之LVS+Keepalived配置

CentOS Linux 负载均衡高可用WEB集群之LVS+Keepalived配置 LB集群是locd balance集群的简称.翻译成中文是:负载均衡集群的意思:集群是一组相互独立的.通过高速网络互联的计算机相互之间构成一个组合,并以单一的系统的模式加以管理.LVS是Linux Virtual Server的简写,翻译中文是Linux虚拟服务器,是一个虚拟的服务器集群系统. 负载均衡集群:是为了企业提供更为实用,性价比更高的系统机构解决方案.负载均衡集群把用户的请求尽可能的平均分发到集群的各

18.1 集群介绍;18.2 keepalived介绍;18.3,18.4,18.5 用keepalived配置高可用集群(上,中,下);

18.1 集群介绍 1. 根据功能划分为两大类:高可用和负载均衡 2. 高可用集群通常为两台服务器,一台工作,另外一台作为冗余,当提供服务的机器宕机,冗余将接替继续提供服务 3. 实现高可用的开源软件有:heartbeat.keepalived 负载均衡集群,需要有一台服务器作为分发器,它负责把用户的请求分发给后端的服务器处理,在这个集群里,除了分发器外,就是给用户提供服务的服务器了,这些服务器数量至少为2 4. 实现负载均衡的开源软件有LVS.keepalived.haproxy.nginx,

haproxy+keepalived配置

一.环境 系统:CentOS 6.4x64最小化安装 ha-keep-m:192.168.3.15 ha-keep-s:192.168.3.22 httpd-16:192.168.3.16 httpd-17:192.168.3.17 VIP:192.168.3.28 二.在ha-keep-m和ha-keep-s上安装haproxy [[email protected] ~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64

实例:LVS+Keepalived配置LVS的高可用

LVS+Keepalived配置LVS的高可用 我们这里LVS-DR模型的高可用集群: 实验环境:     vm1 LVS-DR1:              eth0 172.16.3.2/16              VIP :eth0:0 172.16.3.88              vm2 LVS-DR2:             eth0 172.16.3.3/16     vm3 Server-web1             RS1: eth0 172.16.3.1/16  

LVS + Keepalived 配置详解

LVS+Keepalived 配置 我们通过LVS-DR-MASTER,LVS-DR-BACKUP作为LVS负载均衡调度器,并且两者之间通过keepalived来两者之间的HA.keepalived本身就是为了LVS为开发的,所以说我们通过keepalived来进行LVS的配置就显得十分的方便.而且keepalived是直接操作ip_vs不用通过ipvsadm,所以更加方便. 实验拓扑图 LVS节点1配置: # yum install popt-devel openssl openssl-dev

一次故障记录keepalived配置疏忽导致的故障

负载均衡keepalived+lvs 负载nginx 应用tomcat nginx负载通过公网,每一台nginx都负载了多聊链路到后端应用,突然部分客户无法访问业务,负载均衡没有问题,部分nginx服务器到后端应用超时,nginx日志中报出错误:但是keepalived配置为 TCP_CHECK {            connect_timeout 3             nb_get_retry 3            delay_before_retry 3            

lvs+keepalived配置

一.环境 lvs-keep-m: 192.168.3.24 lvs-keep-s: 192.168.3.25 RS1: 192.168.3.26 RS2: 192.168.3.27 VIP: 192.168.3.28 二.在所有节点都配置ntp同步时间 [[email protected] ~]# ntpdate asia.pool.ntp.org [[email protected] ~]# hwclock -w 三.RS1和RS2配置httpd服务,以及VIP RS1操作 [[email p