keepalived
Keepalived is a service software that ensures high availability of the cluster in cluster management. Its function is similar to
heartbeat
and is used to prevent single point of failure.
How keepalived works
The virtual routing redundancy protocol can be considered as a protocol for realizing high availability of routers, that is, N routers that provide the same function form a router group. This group has a master and multiple backups, and the master has a vip that provides services to the outside world ( The default route of other machines in the local area network where the router is located is the vip), the master will send multicast, and when the backup cannot receive the vrrp packet, it is considered that the master is down, and then a backup needs to
be elected according to
the VRRP priority .
master . In this way, the high availability of the router can be guaranteed.
keepalived mainly has three modules, namely core, check and vrrp. The core module is the core of keepalived, responsible for the startup and maintenance of the main process and the loading and parsing of global configuration files. check is responsible for health checks, including various common check methods. The vrrp module is used to implement the VRRP protocol.
keepalived configuration file
keepalived has only one configuration file keepalived.conf, which mainly includes the following configuration areas, namely global_defs, (static_ipaddress, static_routes), vrrp_script, vrrp_instance and virtual_server.
Configuration prerequisites:
(1) The time of each node must be synchronized;
(2) Ensure that iptables and selinux will not become obstacles;
Detailed configuration file
#global definition block
global_defs {
# 邮件通知配置
notification_email {
# 故障发生时给谁发邮件通知
email1
email2
}
notification_email_from email
# 通知邮件从哪个地址发出
smtp_server host
# 通知邮件的smtp地址
smtp_connect_timeout
num
# 连接smtp服务器的超时时间
lvs_id
string
# lvs负载均衡器标识,在一个网络内,它的值应该是唯一的
router_id
string
# 标识本节点的字条串,通常为hostname,故障发生时,邮件通知会用到
}
#本节点的IP和路由信息,一般不用配置
static_ipaddress {
10.210.214.163/24 brd 10.210.214.255 dev eth0
...
}
static_routes {
10.0.0.0/8 via 10.210.214.1 dev eth0
...
}
#VRRP健康检查,当时检查失败时会将vrrp_instance的priority减少相应的值
vrrp_script check_nginx {
script "/root/check_nginx.sh"
#定义监控nginx的脚本
interval 2
#监控时间间隔
weight 2
#失败之后减少2点
}
#VRRP实例定义块
#
用来定义vrrp_intance组,使得这个组内成员动作一致
vrrp_sync_group
string
{
group {
string
string
}
notify_master /path/xx.sh
#指定当切换到master时,执行的脚本
netify_backup /path/xx.sh
#指定当切换到backup时,执行的脚本
notify_fault "path/xx.sh VG_1"
#故障时执行的脚本
notify /path/xx.sh
smtp_alert
#使用global_defs中提供的邮件地址和smtp服务器发送邮件通知
}
vrrp_instance
string
{
#
vrrp实例名,可以配置多个,至少要需要修改id,即vrrp组名
state MASTER|BACKUP
#实例状态,MASTER 和 BACKUP两种,全部大写。抢占模式下,其中MASTER为工作状态,BACKUP为备用状态。当MASTER所在的服务器失效时,BACKUP所在的服务会自动把它的状态由BACKUP切换到MASTER状态。当失效的MASTER所在的服务恢复时,BACKUP从MASTER恢复到BACKUP状态,
如果设置了nopreempt这个值不起作用,主备考priority决定
virtual_router_id
num
#vrrp组名,每个节点设置必须一样,可选择IP最后一段使用
interface
string
#对外提供服务的网卡接口,实例绑定网卡
dont_track_primary
#忽略vrrp的interface错误(默认不设置)
mcast_src_ip @IP
#
发送多播包的地址,如果不设置默认使用绑定网卡的primary ip
priority
num
#
节点优先级,取值范围0~254,MASTER比BACKUP高
advert_int
num
#
MASTER与BACKUP节点间同步检查的时间间隔,单位为秒
nopreempt
#
禁止抢占服务。MASTER从挂掉到恢复,不再将服务抢占过来
smtp_alert
#
有故障时是否激活邮件通知
preempt_delay
#抢占延时,默认5分钟
debug
#debug级别
lvs_sync_daemon_interface
string
#
负载均衡器之间的监控接口,类似于 HA HeartBeat 的心跳线。但它的机制优于 Heartbeat,因为它没有“裂脑”这个问题,它是以优先级这个机制来规避这个麻烦的。在 DR 模式中,lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口。一般不调
authentication {
#
验证类型和验证密码,两节点必须一致。类型有 PASS、AH ,通常使用PASS,据说AH使用时有问题。验证密码为明文,同一vrrp 实例使用相同的密码才能正常通信
auth_type PASS|AH
auth_pass
string
}
virtual_ipaddress {
#
虚拟IP地址池,可有多个IP,每个IP占一行,不需要指定子网掩码。注意:这个IP必须与我们的设定的vip保持一致。
IP
IP
}
}
#虚拟服务器定义块
virtual_server (IP PORT)|(fwmark
num
) {
定义一个虚拟服务器,这个ip是virtual_ipaddress中定义的其中一个,后面一个空格,然后加上虚拟服务的端口号
delay_loop
num
健康检查时间间隔,单位:秒
lb_algo rr|wrr|lc|wlc|sh|dh|lblc
负载均衡调度算法,互联网应用常用方式为wlc或rr
lb_kind NAT|DR|TUN
负载均衡转发规则。DR|NAT|TUN 3种,一般使用路由(DR)
persistence_timeout
num
http服务会话保持时间,单位:秒
protocol TCP|UDP
转发协议,分为TCP和UDP两种
persistence_granularity <NETMASK>
lvs会话保持粒度
virtualhost <string>
检查的web服务器的虚拟主机(host:头)
sorry_server<IPADDR> <port>
备用机,所有realserver失效后启用
real_server @IP PORT {
真实服务器IP和端口,可以定义多个
weight
num
负载权重,值越大,转发的优先级越高
notify_down /path/script.sh
服务停止后执行的脚本
TCP_CHECK { TCP
服务有效性检测
connect_port
num
服务健康检查的端口
nb_get_retry 3
重连次数
delay_before_retry 3
重连间隔时间
connect_timeout
num
服务连接超时时长,单位:秒
}
HTTP_GET|SSL_GET { HTTP
健康检查
url {
检查url,可指定多个
path /
digest <string>
页面的MD5值,不能乱写
status_code 200
检查的返回状态码
}
connect_port
num
服务健康检查的端口
connect_timeout
num
服务连接超时时长,单位:秒
nb_get_retry
num
服务连接失败重试次数
delay_before_retry
num
重试连接间隔,单位:秒
}
MISC_CHECK{ MISC
健康检查,调用脚本检查
misc_path <string> | <quoted-string>
外部脚本路径
misc_timeout
脚本执行超时时间
misc_dynamic
如设置该项,则退出状态码会用来动态调整服务器的权重,返回0 正常,不修改;返回1,检查失败,权重改为0;返回2-255,正常,权重设置为:返回状态码-2
}
}
进阶:keepalived+LVS
安装keeplived和lvs
在keeplived中配置虚拟服务器模块
简单说一下DR原理: 假设A为前端负载均衡服务器, B,C为后端真实服务器。 A接收到数据包以后,会把数据包的MAC地址改成B的(根据调度算法,假设发给B服务器),然后把数据包重新发出去,交换机收到数据包根据MAC地址找到B,把数据包交给B。 这时B会收到数据包,同时验证请求IP地址,由于数据包里的IP地址是给A的,所以正常情况下B会丢弃数据包,为了防止这种情况,需要在B机器的回环网卡上配置A的IP地址。并设置ARP压制。在真是服务器上运行脚本
#!/bin/bash
#description : start realserver
VIP=192.168.1.110
/etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of REALServer"
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
stop)
/sbin/ifconfig lo:0 down
echo "close LVS Directorserver"
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
需要修改为你自己的VIP,然后检查虚拟网卡是否已绑定到回环网卡即可