1. Introduction
Keepalived is a free and open source, similar to layer3, 4 & 7 switching mechanism software written in C, with the functions of layer 3, layer 4 and layer 7 switches that we usually say. It mainly provides loadbalancing (load balancing) and high-availability (high-availability) functions. The implementation of load balancing needs to rely on the Linux virtual service kernel module (ipvs), while high availability is to achieve failover services between multiple machines through the VRRP protocol.
The above figure is the functional architecture of Keepalived, which is roughly divided into two layers: user space and kernel space.
Kernel space : mainly includes IPVS (IP virtual server, used to achieve load balancing of network services) and NETLINK (provides advanced routing and other related network functions) two parts.
User space :
- WatchDog: Load monitoring checkers and the status of VRRP processes
- VRRP Stack: Failover between load balancers. If only one load balancer is used, VRRP is not necessary.
- Checkers: Responsible for the health checking of the real server, which is the main function of keepalived. In other words, there is no VRRP Stack, but healthchecking is a must.
- IPVS wrapper: the user sends the set rules to the kernel ipvs code
- Netlink Reflector: used to set the vip address of vrrp, etc.
All functions of Keepalived are implemented by configuring the keepalived.conf file.
2. Installation and configuration
Download the latest version of keepalived from the official website . This article takes the latest version 1.2.24 as an example.
2.1 Installation
shell> cd /usr/local/src shell> wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz shell> tar -zxvf keepalived-1.2.24.tar.gz shell> cd keepalived-1.2.24 shell> ./configure --prefix=/usr/local/keepalived shell> make && make install
2.2 Configuration
After the installation is complete, enter the etc directory of the installation directory, and copy the corresponding configuration file of keepalived to the corresponding directory of the system. When keepalived starts, it will look for the keepalived.conf configuration file from the /etc/keepalived directory. If it is not found, the default configuration will be used. The /etc/keepalived directory is not installed by default and needs to be created manually. The configuration file directory structure is as follows:
shell> tree -l /usr/local/keepalived/etc -- keepalived | |-- keepalived.conf | `-- samples | |-- keepalived.conf.status_code | |-- keepalived.conf.track_interface | |-- keepalived.conf.vrrp | |-- 。。。 |-- rc.d | `-- init.d | `-- keepalived `-- sysconfig `-- keepalived
Corresponding to the system directory respectively (ignore the samples directory):
/etc/keepalived/keepalived.conf /etc/rc.d/init.d/keepalived /etc/sysconfig/keepalived
Copy the configuration file to the corresponding directory of the system :
shell> mkdir /etc/keepalived shell> cp /usr/local/keepalived/etc/keepalived.conf /etc/keepalived/keepalived.conf shell> cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived shell> cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
Set the keepalived service to start at boot:
shell> chkconfig keepalived on shell> service keepalived start #启动服务 shell> service keepalived stop #停止服务 shell> service keepalived restart #重启服务
Another point to note is that keepalived will not check whether the syntax of the configuration file is correct when it starts, so we must be very careful when writing the configuration file, do not write it wrong, otherwise there will be some unexpected phenomena.
When using the command to start the service, the parameters in the file are used as the parameters when the service is started by service keepalived startdefault , and the keepalived.conf configuration file is loaded from the directory, or the -f parameter is used to specify the location of the configuration file./etc/sysconfig/keepalivedKEEPALIVED_OPTIONSkeepalived/etc/keepalived/
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.日志默认输出在/var/log/message文件中
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D"Run keepalived --helpcan view the optional parameters at startup. These optional parameters can be configured in /etc/sysconfig/keepalivedthe options in the file KEEPALIVED_OPTIONSas parameters when the service is started.
After keepalived runs normally, it will start three processes, one of which is the parent process, responsible for monitoring its child processes. One is the vrrp subprocess, and the other is the checkers subprocess.
shell> ps -ef | grep keepalived root 831 1 0 11:22 ? 00:00:00 keepalived -D root 840 831 0 11:22 ? 00:00:00 keepalived -D root 841 831 0 11:22 ? 00:00:00 keepalived -D
At this point keepalived is installed.
Three, keepalived.conf configuration file description
After the keepalived service is installed, the main work behind is to configure HA and load balancing in the keepalived.conf file. A commonly used keepalived configuration file with relatively complete functions mainly includes three blocks: global definition block, VRRP instance definition block and virtual server definition block. The global definition block is required, and the virtual server is optional if keepalived is only used for ha. The following is a fully functional configuration file template:
#全局定义块 global_defs { # 邮件通知配置 notification_email { email1 email2 } notification_email_from email smtp_server host smtp_connect_timeout num lvs_id string router_id string ## 标识本节点的字条串,通常为hostname } #VRRP 实例定义块 vrrp_sync_group string { group { string string } } vrrp_instance string { state MASTER|BACKUP virtual_router_id num interface string mcast_src_ip @IP priority num advert_int num nopreempt smtp_alert lvs_sync_daemon_interface string authentication { auth_type PASS|AH auth_pass string } virtual_ipaddress { # Block limited to 20 IP addresses @IP @IP @IP } } #虚拟服务器定义块 virtual_server (@IP PORT)|(fwmark num) { delay_loop num lb_algo rr|wrr|lc|wlc|sh|dh|lblc lb_kind NAT|DR|TUN persistence_timeout num protocol TCP|UDP real_server @IP PORT { weight num notify_down /path/script.sh TCP_CHECK { connect_port num connect_timeout num } } real_server @IP PORT { weight num MISC_CHECK { misc_path /path_to_script/script.sh(or misc_path “/path_to_script/script.sh <arg_list>”) } } real_server @IP PORT { weight num HTTP_GET|SSL_GET { url { # You can add multiple url block path alphanum digest alphanum } connect_port num connect_timeout num nb_get_retry num delay_before_retry num } } }
global definition block
1. Email notification (notification_email, smtp_server, smtp_connect_timeout): used to send an email alarm when the service fails, optional, not recommended. The system needs to open the sendmail service. It is recommended to use a third independent monitoring service, such as nagios comprehensive monitoring instead.
2. lvs_id: The identifier of the lvs load balancer. Its value should be unique within a network.
3. router_id: the name of the node that the user identifies, usually hostname
4. Curly braces {}: used to separate the definition blocks and must appear in pairs. If the write is missed, the keepalived runtime will not get the expected result. Due to the nested relationship between definition blocks, it is easy to miss the curly braces at the end, which requires special attention.
VRRP instance definition block
- vrrp_sync_group: The synchronization vrrp level is used to determine the number of routing instances included in FailOver. That is, in a scenario with two load balancers, once a load balancer fails, which instance needs to be automatically switched to another load balancer?
- group: At least one vrrp instance must be included, and the vrrp instance name must be the same as that defined by vrrp_instance
- vrrp_instance: vrrp instance name
1> state : instance state, there are only two states of MASTER and BACKUP, and all uppercase is required. In preemptive mode, MASTER is the working state and BACKUP is the standby state. When the server where MASTER is located fails, the service where BACKUP is located will automatically switch its state from BACKUP to MASTER state. When the service where the failed MASTER is located is restored, the BACKUP is restored from the MASTER to the BACKUP state.
2> interface : The network card interface that provides services to the outside world, that is, the network card interface bound to the VIP. Such as: eth0, eth1. The current mainstream servers have two or more interfaces (corresponding to the external network and the internal network, respectively). When selecting a network card interface, be sure to verify it clearly.
3> mcast_src_ip : the local IP address
4> virtual_router_id : the ID number of the virtual router, the settings of each node must be the same, you can choose the last segment of the IP to use, the same VRID is a group, it will determine the multicast MAC address.
5> priority : node priority, the value range is 0~254, MASTER is higher than BACKUP
6> advert_int : time interval for synchronization check between MASTER and BACKUP nodes, in seconds
7> lvs_sync_daemon_inteface : monitoring interface between load balancers , similar to the heartbeat line of HA HeartBeat. But its mechanism is better than Heartbeat, because it does not have the problem of "split brain", it uses the mechanism of priority to avoid this trouble. In DR mode, lvs_sync_daemon_inteface uses the same network interface as the service interface interface
8> authentication : Authentication type and authentication password. There are mainly two types of PASS and AH. Usually, the PASS type is used. It is said that there are problems when using AH. Verify that the password is in plain text. The same vrrp instance MASTER and BACKUP use the same password to communicate normally.
9> smtp_alert : whether to activate email notification when there is a failure
10> nopreempt : prohibit preempting services. By default, when the MASTER service hangs, BACKUP is automatically upgraded to MASTER and takes over its tasks. When the MASTER service is restored, the BACKUP service upgraded to MASTER is automatically reduced to BACKUP, and the work rights are handed over to the original MASTER. When nopreempt is configured, MASTER will not preempt the service from hanging to recovery.
11> virtual_ipaddress : virtual IP address pool, there can be multiple IPs, each IP occupies a line, no need to specify the subnet mask. Note: This IP must be consistent with our set vip.
virtual server virtual_server definition block
- virtual_server: Define a virtual server, this ip is one of the ones defined in virtual_ipaddress, followed by a space, and then add the port number of the virtual service.
1> delay_loop: health check interval, unit: seconds
2> lb_algo: load balancing scheduling algorithm, commonly used in Internet applications is wlc or rr
3> lb_kind: load balancing forwarding rule. Including DR, NAT, TUN three kinds, generally use routing (DR) forwarding rules.
4> persistence_timeout: http service session retention time, unit: second
5> protocol: forwarding protocol, divided into TCP and UDP - real_server: real server IP and port, you can define multiple
1> weight: load weight, the larger the value, the higher the forwarding priority
2> notify_down: the script executed after the service stops
3> TCP_CHECK: service validity detection
* connect_port: Service connection port
* connect_timeout: service connection timeout, unit: seconds
* nb_get_retry: service connection failure retry times
* delay_before_retry: retry connection interval, unit: seconds