keepalived Configuration Introduction
A, keeplived Profile
The official reference documentation
use
Vrrp protocol software implementation, native ipvs service designed for high availability
Features
- Vrrp protocol flow based on completion address generating rule ipvs vip node address resides (pre-defined in the configuration file)
- Do health testing for the RS ipvs cluster
- Script-based call interface functions defined in the script completed by executing the script, thereby affecting the clusters affairs, in order to support nginx, haproxy services
protocol
vrrp协议:Virtual Router Redundancy Protocol
Way of working
Preemptive (default), non-preemptive
Operating mode
- Master / slave: single virtual router
- Active / active: master / slave (Virtual Router 1), prepared / main (Virtual Router 2)
the term
-
Virtual Router: Virtual Router
-
Virtual router ID: VRID (0-255), that uniquely identifies the virtual router
-
Physical router:
- master: master
- backup: spare device
- priority: Priority
-
VIP:Virtual IP
-
VMAc: virutal MAC (00-00-5e-00-01-VRID)
Two, keepalived installation
apt-get install keepalived
By default apt or yum install, keepalived -v can view the build parameters, which has been good enough, generally do not compile
Environment program
-
The main configuration file: /etc/keepalived/keepalived.conf
It is not apt to install the default configuration file, you can copy the example configuration file to change what you can
Mar 22 19:48:50 director Keepalived[2124]: Starting Keepalived v1.3.9 (10/21,2017) Mar 22 19:48:50 director Keepalived[2124]: Unable to find configuration file /etc/keepalived/keepalived.conf (glob returned 3) Mar 22 19:48:50 director Keepalived[2124]: Stopped Keepalived v1.3.9 (10/21,2017)
dpkg -L keepalived |grep conf /usr/share/doc/keepalived/samples/keepalived.conf.sample
-
The main program file: / usr / sbin / keepalived
-
servcie : /lib/systemd/system/keepalived.service
-
System parameter file: / etc / default / keepalived (service specified in the document)
Three, keepalive configuration
Part of keepalived.conf
1. global_defs global configuration
- {notification_email
the root @ localhost object failover occurs the message transmitted by a plurality of rows can be written to distinguish, can be set to username @ hostname
} - Send mail notification messages notification_email_from [email protected]
- smtp_server 192.168.200.1 sending mail server address
- Timeout duration smtp_connect_timeout 30 connected to the mail server
- LVS_DEVEL physical node identifier router_id, generally provided with the same host name server
- checking all packets vrrp_skip_check_adv_addr consumption performance comparison, this configuration of the received packet and if the packet is a router with a source address of the skip check packets
- vrrp_strict strict compliance with VRRP protocol does not allow the situation: 1, no VIP address, unicast neighbor 2, 3 has an IPv6 address in VRRP version 2.
- vrrp_garp_interval 0 #ARP message transmission delay
- message transmission delay vrrp_gna_interval 0 #
- vrrp_mcast_group4 224.0.0.18 # default multicast IP address, 224.0.0.0 to 239.255.255.255
2. vrrp_instance VI_1 virtual routing instance
-
state MASTER | BACKUP: the initial state of the current node on this virtual router status as MASTER or BACKUP
-
interface IFACE_NAME: bindings for virtual router physical interface is currently used ens32, eth0, bond0, br0
-
virtual_router_id VRID: this virtual router uniquely identified range is 0-255 (standby consistent, a plurality of nodes must be the same)
-
priority 100: current physical node priority in this virtual router; range 1-254
-
advert_int 1: vrrp announcement interval, default 1s
-
authentication {# authentication mechanism
auth_type AH | PASS encrypted form
auth_pass <PASSWORD> authentication password valid only the first 8
} -
virtual_ipaddress {
#虚拟IP <IPADDR>/<MASK> brd <IPADDR> dev<STRING> scope <SCOPE> label <LABEL>
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2: 1 (when a plurality of cards have addresses, subnet interfaces needed)
}
-
track_interface {# Configure monitor the network interface, once failure occurs, the address transition into FAULT condition is realized eth0 eth1 ...}
3. virtual_server lvs related settings
The default configuration examples
virtual_server 10.10.10.2 1358 { ip 端口
delay_loop 6 检查后端服务器的时间间隔 6s
lb_algo rr 定义调度方法 rr
lb_kind NAT 集群的类型
persistence_timeout 50 持久连接时长(长链接设置,用于短时间内保存session ,一般不用这个,用redis)
protocol TCP 指定服务协议
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1 RS权重
HTTP_GET { 应用层检测
url {
path /testurl3/test.jsp 定义要监控的URL
digest 640205b7b0fc66c1ea91c463fac6334d 对请求的页面进行hash运算,然后和这个hash码进行比对,如果hash码一样就表示状态正常
}
connect_timeout 3 连接超时时间
retry 3 重试次数
delay_before_retry 3 重试之前的延迟时长
}
}
}
lvs settings is divided into three parts
-
vs-related settings
- The definition of virtual server (virtual services) (virtual_server can set multiple)
- virtual_server IP port # define virtual host IP address and its port
- virtual_server fwmark int #ipvs firewall marking, to achieve load balancing cluster-based firewall
- virtual_server group string # define multiple virtual servers into groups, the groups defined as virtual services
- delay_loop <INT>: Check backend server interval
- lb_algo rr | wrr | lc | wlc | lblc | sh | dh: defined scheduling method
- lb_kind NAT | TUN | DR: type cluster
- persistence_timeout <INT>: long persistent connection
- protocol TCP | UDP | SCTP: Specifies the service agreement
- sorry_server <IPADDR> <PORT>: All RS fails, standby server address
-
rs-related settings
real_server <IPADDR><PORT> {
weight<INT> RS权重
notify_up <STRING> | <QUOTED-STRING> on-line notification script RS
notify_down <STRING> | <QUOTED-STRING> RS offline notification script
HTTP_GET | SSL_GET | TCP_CHECK | SMTP_CHECK | MISC_CHEC K {...} defining the current state of health of the host detection method
}
-
Back-end server health checks
To check the service application layer determines whether there is a case of suspended animation, java application using the associated code quality related
HTTP_GET|SSL_GET:应用层检测 HTTP_GET|SSL_GET { url { path <URL_PATH>:定义要监控的URL status_code <INT>:判断上述检测机制为健康状态的响应码 } connect_timeout <INTEGER>:连接请求的超时时长 nb_get_retry <INT>:重试次数 delay_before_retry <INT>:重试之前的延迟时长 connect_ip <IP ADDRESS>:向当前RS哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址 bind_port <PORT>:发出健康状态检测请求时使用的源端口 }
Check-off layer 4 mainly through the port status code determination is alive php, nginx like using tcp
TCP_CHECK { connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求 connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求 bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址 bind_port <PORT>:发出健康状态检测请求时使用的源端口 connect_timeout <INTEGER>:连接请求的超时时长 }