keepalived服务介绍
keepalived是集群管理中保证集群高可用的一个服务软件,主要是防止单点故障问题。keepalived起初是专为LVS设计的,专门用来监控LVS集群系统中各个服务节点的状态,后来又加入了VRRP的功能,因此除了配合LVS的服务外,还可以作为其他服务(nginx\haproxy)的高可用软件。Keepalived提供了两个主要功能:
1)健康检查LVS系统,检查LVS节点的监控状态
2)利用VRRPv2处理负载均衡器故障转移
VRRP是什么
VRRP是虚拟路由器冗余协议的缩写,是通过一种竞选协议机制来讲路由任务交给某台VRRP路由器,VRRP出现的目的就是为了解决静态路由出现的单点故障问题,它能够保证网络的不间断、稳定的运行,是一种容错协议,保证当主机的下一条路由器出现故障时,由另一台路由器来代替出现故障的路由器进行工作,从而保持网络通信的连续性和可靠性。
VRRP相关术语:
1)虚拟路由器:由一个Master路由器和一个或多个Backup路由器组成。所有的Master和Backup组成一个组,这个主就是虚拟路由器。
2)VRID:虚拟路由器的标识。同一虚拟路由器内的路由器有着相同的VRID。
3)Master:虚拟路由器中正在工作的路由器
4)Backup:备用路由器。
5)虚拟IP地址:路由器组(虚拟路由器)的IP地址。
6)优先级:用来确定Master和Backup。
7)抢占模式与非抢占模式:Master会以组播方式不断的向虚拟路由器组内发送自己的心跳报文,一旦Backup在设定时间内没有收到心跳信息的次数超过了设定次数,则会将Master的所有权转移到优先级最高的Backup,则就是抢占模式。非抢占模式是指只有在主节点完全故障时才能将backup变为master。
keepalived故障切换转移工作原理
keepalived实现集群高可用的故障切换转移是通过VRRP协议来实现的。在keepalived的master正常工作时,master节点会不断的向backup节点广播心跳消息,用以告诉备节点自己还活着。当master节点发生故障时,backup节点就无法继续监测到master发来的心跳,进而调用自身的接管程序,接管master节点的VIP及服务。而当master节点恢复故障时,备节点会释放master故障时接管的VIP及服务,恢复到原来的自身的备用角色。
安装keepalived
下载地址: https://www.keepalived.org/download.html
[root@k8snode02 ~]# yum -y install openssl openssl-devel libnl* libnfnetlink-devel #安装依赖
[root@k8snode02 ~]# pwd
/root
[root@k8snode02 ~]# wget http://www.keepalived.org/software/keepalived-2.0.7.tar.gz
[root@k8snode02 ~]# ls -lrt
total 856
-rw-r--r-- 1 root root 873480 Feb 14 00:11 keepalived-2.0.7.tar.gz
[root@k8snode02 ~]# tar -xf keepalived-2.0.7.tar.gz #解压
[root@k8snode02 ~]# ls -lrt
total 860
drwxrwxr-x 8 zhaiky zhaiky 4096 Aug 23 2018 keepalived-2.0.7
-rw-r--r-- 1 root root 873480 Feb 14 00:11 keepalived-2.0.7.tar.gz
[root@k8snode02 ~]#
[root@k8snode02 ~]# cd keepalived-2.0.7/
[root@k8snode02 keepalived-2.0.7]# mkdir /usr/local/keepalived #新建安装目录
[root@k8snode02 keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/ --mandir=/usr/local/share/man #配置安装目录
Keepalived configuration
------------------------
Keepalived version : 2.0.7
Compiler : gcc
Preprocessor flags : -I/usr/include/libnl3
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl-genl-3 -lnl-3
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Json output : No
libnl version : 3
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
[root@k8snode02 keepalived-2.0.7]#
[root@k8snode02 keepalived-2.0.7]# make && make install #编译
[root@k8snode02 keepalived]# cd /usr/local/keepalived/ #安装好以后,/usr/local/keepalived/目录下结构
[root@k8snode02 keepalived]# ls -lrt
total 0
drwxr-xr-x 2 root root 23 Feb 14 01:06 sbin
drwxr-xr-x 4 root root 39 Feb 14 01:06 etc
drwxr-xr-x 2 root root 20 Feb 14 01:06 bin
drwxr-xr-x 4 root root 27 Feb 14 01:06 share
[root@k8snode02 keepalived]#
[root@k8snode02 keepalived-2.0.7]# mkdir /etc/keepalived #创建/etc/keepalived目录
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ #拷贝文件到目录
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@k8snode02 keepalived-2.0.7]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@k8snode02 keepalived-2.0.7]# cp /root/keepalived-2.0.7/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/ #从keepalived源码目录复制,安装目录中没有
[root@k8snode02 init.d]# cp /root/keepalived-2.0.7/keepalived/etc/init.d/keepalived /etc/init.d/
[root@k8snode02 keepalived-2.0.7]# chkconfig keepalived on #开机启动
Note: Forwarding request to 'systemctl enable keepalived.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@k8snode02 keepalived-2.0.7]# service keepalived start #启动服务或者/etc/init.d/keepalived start启动
Starting keepalived (via systemctl): [ OK ]
Redirecting to /bin/systemctl start keepalived.service
[root@k8snode02 keepalived-2.0.7]# service keepalived status
Redirecting to /bin/systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2020-02-14 01:18:36 CST; 15s ago
Process: 27493 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 27494 (keepalived)
CGroup: /system.slice/keepalived.service
├─27494 /usr/local/keepalived/sbin/keepalived -D
└─27495 /usr/local/keepalived/sbin/keepalived -D
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Removing service [192.168.200.3]:tcp:1358 to VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Lost quorum 1-0=1 > 0 for VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Adding sorry server [192.168.200.200]:tcp:1358 to VS [10.10.10...1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Removing alive servers from the pool for VS [10.10.10.2]:tcp:1358
Feb 14 01:18:45 k8snode02 Keepalived_healthcheckers[27495]: Remote SMTP server [192.168.200.1]:25 connected.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Timeout connecting server [192.168.201.100]:tcp:443.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Check on service [192.168.201.100]:tcp:443 failed.
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Removing service [192.168.201.100]:tcp:443 to VS [192.168.200....:443
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:tcp:443
Feb 14 01:18:46 k8snode02 Keepalived_healthcheckers[27495]: Remote SMTP server [192.168.200.1]:25 connected.
Hint: Some lines were ellipsized, use -l to show in full.
[root@k8snode02 keepalived-2.0.7]#
keepalived配置说明
[root@k8snode01 keepalived]# more keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #通知邮件配置,将keepalived的状态信息发送到指定邮箱
[email protected] #这里配置通知的邮箱地址
[email protected]
[email protected]
}
notification_email_from [email protected] #配置发邮件的地址
smtp_server 192.168.200.1
smtp_connect_timeout 30 #邮件服务超时时间
router_id LVS_DEVEL_01 #当前标识当前主机
}
vrrp_instance VI_1 { #当前节点所属的虚拟路由的名称
state MASTER #当前节点的状态,有Master和Backup两种状态
interface ens33 #定义vrrp地址绑定在哪个接口,网卡名称
virtual_router_id 101 #虚拟路由器的标识,同一虚拟路由器组中的ID要相同,主备这里要配置为同样的
priority 100 #优先级设置,主要高于备.,一般主配置为100 备配置为50
advert_int 1 #每隔多久以组播形式向外通告一次,默认是1秒
#nopreempt # 主动抢占,主备都开启的话,服务器抢占过去后,要等这个服务器keepalived停掉才会漂移到另一台
authentication { #认证方式,在组播信息中添加的信息,防止滥竽充数
auth_type PASS #认证开启,主备必须配置成同样的
auth_pass 1111 #认证密码,主备必须配置成同样的
}
virtual_ipaddress { #配置虚拟路由ip,即漂移地址
192.168.23.200/24 #vip,主备必须配置一样
}
}
[root@k8snode01 keepalived]#