keepalived configuration Introduction

keepalived Configuration Introduction

A, keeplived Profile

The official reference documentation

use

Vrrp protocol software implementation, native ipvs service designed for high availability

Features

Vrrp protocol flow based on completion address generating rule ipvs vip node address resides (pre-defined in the configuration file)
Do health testing for the RS ipvs cluster
Script-based call interface functions defined in the script completed by executing the script, thereby affecting the clusters affairs, in order to support nginx, haproxy services

protocol

vrrp协议：Virtual Router Redundancy Protocol

Way of working

Preemptive (default), non-preemptive

Operating mode

Master / slave: single virtual router
Active / active: master / slave (Virtual Router 1), prepared / main (Virtual Router 2)

the term

Virtual Router: Virtual Router
Virtual router ID: VRID (0-255), that uniquely identifies the virtual router
Physical router:
- master: master
- backup: spare device
- priority: Priority
VIP：Virtual IP
VMAc: virutal MAC (00-00-5e-00-01-VRID)

Two, keepalived installation

apt-get install keepalived

By default apt or yum install, keepalived -v can view the build parameters, which has been good enough, generally do not compile

Environment program

The main configuration file: /etc/keepalived/keepalived.conf

It is not apt to install the default configuration file, you can copy the example configuration file to change what you can

Mar 22 19:48:50 director Keepalived[2124]: Starting Keepalived v1.3.9 (10/21,2017)
Mar 22 19:48:50 director Keepalived[2124]: Unable to find configuration file /etc/keepalived/keepalived.conf (glob returned 3)
Mar 22 19:48:50 director Keepalived[2124]: Stopped Keepalived v1.3.9 (10/21,2017)

dpkg  -L keepalived |grep conf
/usr/share/doc/keepalived/samples/keepalived.conf.sample

The main program file: / usr / sbin / keepalived
servcie : /lib/systemd/system/keepalived.service
System parameter file: / etc / default / keepalived (service specified in the document)

Three, keepalive configuration

Part of keepalived.conf

1. global_defs global configuration

{notification_email
the root @ localhost object failover occurs the message transmitted by a plurality of rows can be written to distinguish, can be set to username @ hostname
}
Send mail notification messages notification_email_from [email protected]
smtp_server 192.168.200.1 sending mail server address
Timeout duration smtp_connect_timeout 30 connected to the mail server
LVS_DEVEL physical node identifier router_id, generally provided with the same host name server
checking all packets vrrp_skip_check_adv_addr consumption performance comparison, this configuration of the received packet and if the packet is a router with a source address of the skip check packets
vrrp_strict strict compliance with VRRP protocol does not allow the situation: 1, no VIP address, unicast neighbor 2, 3 has an IPv6 address in VRRP version 2.
vrrp_garp_interval 0 #ARP message transmission delay
message transmission delay vrrp_gna_interval 0 #
vrrp_mcast_group4 224.0.0.18 # default multicast IP address, 224.0.0.0 to 239.255.255.255

2. vrrp_instance VI_1 virtual routing instance

state MASTER | BACKUP: the initial state of the current node on this virtual router status as MASTER or BACKUP
interface IFACE_NAME: bindings for virtual router physical interface is currently used ens32, eth0, bond0, br0
virtual_router_id VRID: this virtual router uniquely identified range is 0-255 (standby consistent, a plurality of nodes must be the same)
priority 100: current physical node priority in this virtual router; range 1-254
advert_int 1: vrrp announcement interval, default 1s
authentication {# authentication mechanism

auth_type AH | PASS encrypted form

auth_pass <PASSWORD> authentication password valid only the first 8
}
virtual_ipaddress {

#虚拟IP <IPADDR>/<MASK> brd <IPADDR> dev<STRING> scope <SCOPE> label <LABEL>

192.168.200.17/24 dev eth1

192.168.200.18/24 dev eth2 label eth2: 1 (when a plurality of cards have addresses, subnet interfaces needed)

}
track_interface {# Configure monitor the network interface, once failure occurs, the address transition into FAULT condition is realized eth0 eth1 ...}

3. virtual_server lvs related settings

The default configuration examples

virtual_server 10.10.10.2 1358  {   ip 端口
    delay_loop 6   检查后端服务器的时间间隔 6s
    lb_algo rr  定义调度方法  rr 
    lb_kind NAT 集群的类型
    persistence_timeout 50  持久连接时长(长链接设置，用于短时间内保存session ,一般不用这个，用redis)  
    protocol TCP  指定服务协议 

    sorry_server 192.168.200.200 1358

    real_server 192.168.200.2 1358 {
        weight 1   RS权重 
        HTTP_GET {  应用层检测 
            url {
              path /testurl3/test.jsp  定义要监控的URL 
              digest 640205b7b0fc66c1ea91c463fac6334d  对请求的页面进行hash运算，然后和这个hash码进行比对，如果hash码一样就表示状态正常
            }
            connect_timeout 3  连接超时时间
            retry 3  重试次数 
            delay_before_retry 3  重试之前的延迟时长     
        }
    }
}

lvs settings is divided into three parts

vs-related settings
- The definition of virtual server (virtual services) (virtual_server can set multiple)
- virtual_server IP port # define virtual host IP address and its port
- virtual_server fwmark int #ipvs firewall marking, to achieve load balancing cluster-based firewall
- virtual_server group string # define multiple virtual servers into groups, the groups defined as virtual services
- delay_loop <INT>: Check backend server interval
- lb_algo rr | wrr | lc | wlc | lblc | sh | dh: defined scheduling method
- lb_kind NAT | TUN | DR: type cluster
- persistence_timeout <INT>: long persistent connection
- protocol TCP | UDP | SCTP: Specifies the service agreement
- sorry_server <IPADDR> <PORT>: All RS fails, standby server address
rs-related settings

real_server <IPADDR><PORT> {

weight<INT> RS权重

notify_up <STRING> | <QUOTED-STRING> on-line notification script RS

notify_down <STRING> | <QUOTED-STRING> RS offline notification script

HTTP_GET | SSL_GET | TCP_CHECK | SMTP_CHECK | MISC_CHEC K {...} defining the current state of health of the host detection method

}

Back-end server health checks

To check the service application layer determines whether there is a case of suspended animation, java application using the associated code quality related

HTTP_GET|SSL_GET：应用层检测 
HTTP_GET|SSL_GET { 

	url { path <URL_PATH>：定义要监控的URL 
		status_code <INT>：判断上述检测机制为健康状态的响应码 
		} 
	connect_timeout <INTEGER>：连接请求的超时时长
	nb_get_retry <INT>：重试次数 
	delay_before_retry <INT>：重试之前的延迟时长
	connect_ip <IP ADDRESS>：向当前RS哪个IP地址发起健康状态检测请求 
	connect_port <PORT>：向当前RS的哪个PORT发起健康状态检测请求 
	bindto <IP ADDRESS>：发出健康状态检测请求时使用的源地址 
	bind_port <PORT>：发出健康状态检测请求时使用的源端口 
}

Check-off layer 4 mainly through the port status code determination is alive php, nginx like using tcp

TCP_CHECK { 
	connect_ip <IP ADDRESS>：向当前RS的哪个IP地址发起健康状态检测请求
	connect_port <PORT>：向当前RS的哪个PORT发起健康状态检测请求
	bindto <IP ADDRESS>：发出健康状态检测请求时使用的源地址
	bind_port <PORT>：发出健康状态检测请求时使用的源端口
	connect_timeout <INTEGER>：连接请求的超时时长 
}