keepalived安装配置使用

keepalived服务介绍

keepalived是集群管理中保证集群高可用的一个服务软件，主要是防止单点故障问题。keepalived起初是专为LVS设计的，专门用来监控LVS集群系统中各个服务节点的状态，后来又加入了VRRP的功能，因此除了配合LVS的服务外，还可以作为其他服务（nginx\haproxy）的高可用软件。Keepalived提供了两个主要功能：
1)健康检查LVS系统，检查LVS节点的监控状态
2)利用VRRPv2处理负载均衡器故障转移

VRRP是什么

VRRP是虚拟路由器冗余协议的缩写，是通过一种竞选协议机制来讲路由任务交给某台VRRP路由器，VRRP出现的目的就是为了解决静态路由出现的单点故障问题，它能够保证网络的不间断、稳定的运行，是一种容错协议，保证当主机的下一条路由器出现故障时，由另一台路由器来代替出现故障的路由器进行工作，从而保持网络通信的连续性和可靠性。
VRRP相关术语：
1)虚拟路由器：由一个Master路由器和一个或多个Backup路由器组成。所有的Master和Backup组成一个组，这个主就是虚拟路由器。
2)VRID：虚拟路由器的标识。同一虚拟路由器内的路由器有着相同的VRID。
3)Master：虚拟路由器中正在工作的路由器
4)Backup：备用路由器。
5)虚拟IP地址：路由器组(虚拟路由器)的IP地址。
6)优先级：用来确定Master和Backup。
7)抢占模式与非抢占模式：Master会以组播方式不断的向虚拟路由器组内发送自己的心跳报文，一旦Backup在设定时间内没有收到心跳信息的次数超过了设定次数，则会将Master的所有权转移到优先级最高的Backup，则就是抢占模式。非抢占模式是指只有在主节点完全故障时才能将backup变为master。

keepalived故障切换转移工作原理

keepalived实现集群高可用的故障切换转移是通过VRRP协议来实现的。在keepalived的master正常工作时，master节点会不断的向backup节点广播心跳消息，用以告诉备节点自己还活着。当master节点发生故障时，backup节点就无法继续监测到master发来的心跳，进而调用自身的接管程序，接管master节点的VIP及服务。而当master节点恢复故障时，备节点会释放master故障时接管的VIP及服务，恢复到原来的自身的备用角色。

安装keepalived

下载地址: https://www.keepalived.org/download.html
[root@k8snode02 ~]# yum -y install openssl openssl-devel libnl* libnfnetlink-devel  #安装依赖

[root@k8snode02 ~]# pwd
/root
[root@k8snode02 ~]# wget http://www.keepalived.org/software/keepalived-2.0.7.tar.gz
[root@k8snode02 ~]# ls -lrt
total 856
-rw-r--r-- 1 root root 873480 Feb 14 00:11 keepalived-2.0.7.tar.gz
[root@k8snode02 ~]# tar -xf keepalived-2.0.7.tar.gz  #解压
[root@k8snode02 ~]# ls -lrt
total 860
drwxrwxr-x 8 zhaiky zhaiky   4096 Aug 23  2018 keepalived-2.0.7
-rw-r--r-- 1 root   root   873480 Feb 14 00:11 keepalived-2.0.7.tar.gz
[root@k8snode02 ~]# 

[root@k8snode02 ~]# cd keepalived-2.0.7/
[root@k8snode02 keepalived-2.0.7]# mkdir /usr/local/keepalived  #新建安装目录
[root@k8snode02 keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/ --mandir=/usr/local/share/man  #配置安装目录
Keepalived configuration
------------------------
Keepalived version       : 2.0.7
Compiler                 : gcc
Preprocessor flags       :  -I/usr/include/libnl3 
Compiler flags           : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2  
Linker flags             :  -pie
Extra Lib                :  -lcrypto  -lssl  -lnl-genl-3 -lnl-3 
Use IPVS Framework       : Yes
IPVS use libnl           : Yes
IPVS syncd attributes    : No
IPVS 64 bit stats        : No
HTTP_GET regex support   : No
fwmark socket support    : Yes
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
Use VRRP authentication  : Yes
With ip rules/routes     : Yes
Use BFD Framework        : No
SNMP vrrp support        : No
SNMP checker support     : No
SNMP RFCv2 support       : No
SNMP RFCv3 support       : No
DBUS support             : No
SHA1 support             : No
Use Json output          : No
libnl version            : 3
Use IPv4 devconf         : No
Use libiptc              : No
Use libipset             : No
init type                : systemd
Strict config checks     : No
Build genhash            : Yes
Build documentation      : No
[root@k8snode02 keepalived-2.0.7]# 
[root@k8snode02 keepalived-2.0.7]# make && make install #编译

[root@k8snode02 keepalived]# cd /usr/local/keepalived/  #安装好以后，/usr/local/keepalived/目录下结构
[root@k8snode02 keepalived]# ls -lrt
total 0
drwxr-xr-x 2 root root 23 Feb 14 01:06 sbin
drwxr-xr-x 4 root root 39 Feb 14 01:06 etc
drwxr-xr-x 2 root root 20 Feb 14 01:06 bin
drwxr-xr-x 4 root root 27 Feb 14 01:06 share
[root@k8snode02 keepalived]# 

[root@k8snode02 keepalived-2.0.7]# mkdir /etc/keepalived  #创建/etc/keepalived目录
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/  #拷贝文件到目录
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@k8snode02 keepalived-2.0.7]# cp /root/keepalived-2.0.7/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/ #从keepalived源码目录复制，安装目录中没有
[root@k8snode02 init.d]# cp /root/keepalived-2.0.7/keepalived/etc/init.d/keepalived /etc/init.d/
[root@k8snode02 keepalived-2.0.7]# chkconfig keepalived on  #开机启动
Note: Forwarding request to 'systemctl enable keepalived.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@k8snode02 keepalived-2.0.7]# service keepalived start #启动服务或者/etc/init.d/keepalived start启动
Starting keepalived (via systemctl):                       [  OK  ]
Redirecting to /bin/systemctl start keepalived.service
[root@k8snode02 keepalived-2.0.7]# service keepalived status
Redirecting to /bin/systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-02-14 01:18:36 CST; 15s ago
  Process: 27493 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 27494 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─27494 /usr/local/keepalived/sbin/keepalived -D
           └─27495 /usr/local/keepalived/sbin/keepalived -D

Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Removing service [192.168.200.3]:tcp:1358 to VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Lost quorum 1-0=1 > 0 for VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Adding sorry server [192.168.200.200]:tcp:1358 to VS [10.10.10...1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Removing alive servers from the pool for VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Remote SMTP server [192.168.200.1]:25 connected.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Timeout connecting server [192.168.201.100]:tcp:443.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Check on service [192.168.201.100]:tcp:443 failed.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Removing service [192.168.201.100]:tcp:443 to VS [192.168.200....:443
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:tcp:443
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Remote SMTP server [192.168.200.1]:25 connected.
Hint: Some lines were ellipsized, use -l to show in full.
[root@k8snode02 keepalived-2.0.7]#

keepalived配置说明

[root@k8snode01 keepalived]# more keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {  #通知邮件配置，将keepalived的状态信息发送到指定邮箱
     [email protected]  #这里配置通知的邮箱地址
     [email protected]
     [email protected]
   }
   notification_email_from [email protected] #配置发邮件的地址
   smtp_server 192.168.200.1
   smtp_connect_timeout 30  #邮件服务超时时间
   router_id LVS_DEVEL_01  #当前标识当前主机
}

vrrp_instance VI_1 { #当前节点所属的虚拟路由的名称
    state MASTER  #当前节点的状态，有Master和Backup两种状态
    interface ens33  #定义vrrp地址绑定在哪个接口，网卡名称
    virtual_router_id 101 #虚拟路由器的标识，同一虚拟路由器组中的ID要相同，主备这里要配置为同样的
    priority 100  #优先级设置，主要高于备.，一般主配置为100 备配置为50
    advert_int 1  #每隔多久以组播形式向外通告一次，默认是1秒
    #nopreempt           # 主动抢占,主备都开启的话,服务器抢占过去后,要等这个服务器keepalived停掉才会漂移到另一台
    authentication {  #认证方式，在组播信息中添加的信息，防止滥竽充数
        auth_type PASS #认证开启，主备必须配置成同样的
        auth_pass 1111 #认证密码，主备必须配置成同样的
    }
    virtual_ipaddress {  #配置虚拟路由ip，即漂移地址
        192.168.23.200/24 #vip,主备必须配置一样
    }
}
[root@k8snode01 keepalived]#