foreword
At present, the mainstream high-availability solution software on the Internet includes keepalived
, , heartbeat
and , which heartbeat
are relatively early used to achieve high-availability software, keepalived
but currently lightweight, easy-to-manage, and easy-to-use high-availability solutions.
1.1 Keeplived Highly Available Functions
Keepalived
It is a software similar to the switching mechanism of layer3, 4 & 7. Keepalived
The software has two functions, namely health check and VRRP redundancy protocol. keepalived
It is a modular design, and different modules are responsible for different functions.
1.2 Common modules of Keeplived
Core
: It is the core of keepalived , it is responsible for the start and maintenance of the main process, the loading and analysis of global configuration files, etc.; : It is responsible for
check
the health check of keepalived , including various health check methods, and the corresponding configuration analysis including LVS configuration analysis;
VRRP
: The VRRPD sub-process, the VRRPD sub-process is to implement the VRRP protocol ;
1.3 The role of Keeplived
The role of Keepalived is to detect the status of the web server . If a web server or Mysql server is down, or the work fails, Keepalived will detect it and remove the faulty web server or Mysql server from the system . When the server After working normally, Keepalived will automatically add the web and Mysql servers to the server group.
The advantage of this is that there is no need for manual intervention, keepalived will automatically complete these tasks, and all that needs to be done manually is to repair the failed WEB or MYSQL server.
When I mentioned the function of keepalived earlier, Keepalived
it is a software similar to the switching mechanism of layer3, 4 & 7.
Let's talk about the principles on the 3rd, 4th, and 7th floors
1.4 Implementation principle of Keeplived on layers 3, 4, and 7
- Transport layer : When keepalived works in Layer3 mode, keepalived will periodically send an ICMP packet to the servers in the server group (if it is found that the IP address of a certain service cannot be pinged), keepalived will report that the server is invalid, and Remove it from the server cluster. (Layer3's approach is to use whether the server's IP address is valid as the standard for whether the server is working normally.)
- Network layer : Layer4 mainly determines whether the server is working normally or not based on the status of the TCP port. For example, the service port of the WEB server is generally 80. If keepalived detects that port 80 is not started, keepalived will remove this server from the server group.
- Application layer : Layer 7 works on the application layer. Keepalived will check whether the server program is running normally according to the user's settings . This method will be used to judge. If it does not match the user's settings, keepalived will remove the server from the server group.
Among the three modules of keepalived, the VRRP module is more important. Its full name is Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol. Let's take a look at its principle together.
2. The principle of Keepalived VRRP
2.1 Principle 1 of VRRP
- VRRP was proposed by the IETF to solve the single point of failure problem of configuring the default gateway in the LAN .
- VRRP is widely used in edge networks (networks used by users). Its design goal is to support the failover of IP data traffic under certain circumstances without causing confusion, allowing the host to use a single router, and to use the failure of the actual first-hop router in time. In this case, the connectivity between routers can still be maintained.
In a real network environment, two hosts that need to communicate do not have a direct physical connection in most cases. For such a situation, how to choose the route between them? How does the host select the next-hop route to the destination host? There are usually two solutions to this problem:
Use dynamic routing protocols RIP, OSPF;
configure static routing on the host.
However, it is very impractical to configure road-state routing on the host, because of many issues such as management, maintenance costs, and whether it is supported. Configuring static routing has become very popular, but routers (or default gateways) often become single points. The purpose of VRRP is to solve the problem of static routing single point failures. VRRP dynamically assigns the routing task to a certain VRRP router among the virtual routers in the LAN through an election protocol.
2.1 Principle 2 of VRRP
- Through VRRP technology, two physical hosts can be regarded as routers, and the two physical hosts form a virtual routing cluster . The host with the highest Master generates a VIP, which is responsible for forwarding IP packets initiated by users or processing user requests . The combination of Nginx+Keepalived , the user's request directly accesses the keepalived VIP address, and then accesses the corresponding service and port of the Master.
- In a VRRP virtual router cluster, it consists of multiple physical routers, but these multiple physical routers cannot work at the same time, but a router called MASTER is responsible for the routing work, and the others are BACKUP . MASTER is not static. VRRP will allow each VRRP router to participate in the election , and the final winner is MASTER.
- MASTER has some privileges, such as having the IP address of a virtual router or becoming a VIP. The privileged MASTER is responsible for forwarding packets sent to the gateway address and responding to ARP requests.
- VRRP implements the function of a virtual router through an election protocol, and all protocol packets are sent in the form of IP multicast (multicast) packets (multicast address 224.0.0.18). A virtual router consists of a VRID (range 0-255) and a set of IP addresses, externally appearing as a well-known MAC address. Therefore, in a group of virtual router clusters, no matter who is the MASTER, the MAC and VIP are the same externally. The client host does not need to modify its routing configuration because of the change of MASTER.
- A VRRP router acting as a MASTER will always send a VRRP multicast packet (VRRP Advertisement message), and BACKUP will not preempt the MASTER unless its priority is higher. When MASTER is unavailable (BACKUP cannot receive multicast packets), the one with the highest priority among multiple BACKUPs will preempt to become MASTER. This preemption is very fast to ensure service continuity. Due to security considerations, VRRP packets are carried out using an encryption protocol. Based on VRRP technology, IP address drift can be realized. It is a fault-tolerant protocol and is widely used in enterprise production environments.
3. Deploy keepalived service
You also need to restore the virtual machine to initialization before deploying the service
IP | server system | Serve |
---|---|---|
192.168.28.166 | Centos7.9 | Keepalived |
There are two ways to install the keepalived service, one is to install through the yum command, and the other is to compile and install keepalived.
Demonstrate both ways.
3.1 Compile and install Keeplived service
3.1.1 Download the compressed package on the official website
keepalived official website address—click here
wget -c https://www.keepalived.org/software/keepalived-1.2.0.tar.gz -P /usr/src/
If the certificate expires, you can add--no-check-certificate
wget -c https://www.keepalived.org/software/keepalived-1.2.0.tar.gz -P /usr/src/ --no-check-certificate
3.1.2 Decompress the compressed package
[root@localhost ~]# cd /usr/src/
[root@localhost src]# tar xf keepalived-1.2.0.tar.gz
[root@localhost src]# cd keepalived-1.2.0/
[root@localhost keepalived-1.2.0]# ls
AUTHOR configure COPYING INSTALL keepalived.spec.in README
bin configure.in doc install-sh lib TODO
ChangeLog CONTRIBUTORS genhash keepalived Makefile.in VERSION
Next, you need to install the software packages required for compilation: gcc gcc-c++ make cmake openssl openssl-devel popt-devel, etc.
3.1.3 Download the required compilation software package
yum install -y gcc gcc-c++ make cmake openssl openssl-devel popt-devel
After downloading, you can start precompiling, compiling and installing
3.1.4 Compile and install
./configure --prefix=/usr/local/keepalived/ --with-kernel_dir=/usr/src/kernels/3.10.0-514.el7.x86_64/
make -j4 && make -j4 install
After compiling, you can use echo $? to judge whether the previous command was executed correctly.
3.1.5 Copy the keepalived file to the corresponding directory
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
3.1.6 Start the service
keepalived
In general, keepalived needs to be deployed on the WEB service or MySQL service machine, as a server cluster can be used as a replacement to achieve a high availability solution; therefore, it is also necessary to add relevant content in the configuration file, specific business content.
3.2 yum install Keepalived
The yum installation method is faster and easier
3.2.1 Install keepalived
yum install keepalived.x86_64 -y
3.2.2 Modify configuration file
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
#全局定义块
global_defs {
notification_email {
#指定keepalived在发生切换时需要发送email到的对象,一行一个;
[email protected]
}
#指定发件人
notification_email_from [email protected]
#指定smtp服务器地址
smtp_server 127.0.0.1
#指定smtp连接超时时间
smtp_connect_timeout 30
#运行keepalived机器的名称
router_id LVS_DEVEL
}
#VRRP实例定义块
vrrp_instance VI_1 {
#设置主机状态,MASTER|BACKUP
state MASTER
#对外提供服务的网络接口,要与本地的通信的接口一致
interface ens32
#VRID标记 ,路由ID,可通过tcpdump命令查看
virtual_router_id 51
#优先级,高优先级竞选为master
priority 100
#健康检查间隔,默认1秒
advert_int 5
#设置认证
authentication {
#认证方式
auth_type PASS
#认证密码
auth_pass 1111
}
#设置vip
virtual_ipaddress {
#IP段与本地的路由一致
192.168.28.188
}
}
3.2.3 Start the service
systemctl start keepalived.service
[root@localhost ~]# ps -ef|grep keepalived
root 9318 1 0 17:06 ? 00:00:00 /usr/sbin/keepalived -D
root 9319 9318 0 17:06 ? 00:00:00 /usr/sbin/keepalived -D
root 9320 9318 0 17:06 ? 00:00:00 /usr/sbin/keepalived -D
root 9360 5025 0 17:07 pts/0 00:00:00 grep --color=auto keepalived
The production environment uses Keepalived to run normally, and a total of 3 processes are started, one is the parent process, which is responsible for monitoring its child processes, one is the VRRP child process, and the other is the Checkers child process.
Summarize
There will be many concepts of keepalived, which need to be digested first and know how to deploy. The next article will combine keepalived with nginx, so that keepalived service can implement a highly available solution based on the set service. If you think the content is okay, you can support it with a thumbs up!