一、相关概念:
在 keepalived中,一个是master,其他的都是backup
vrrp:实现ip地址的高可用性,将除地址之外其他的功能也转移
通过状态的改变,keepalived检测到,执行相应的状态下定义的脚本,脚本中有服务的 关闭和开启的命令,来实现服务的转移。
keepalived:不仅提供地址的转移功能,服务启动和关闭,还有监控功能
keepalived 两个核心组件:VRRP stack 和 checkers(用来监控服务)、还有对外围监控脚本调用的实现
节点之间只通过优先级来确定资源在哪个节点上运行,需要起始配置
虚拟地址转移之后如何启动服务:配置脚本
转移信息状态,有个通知机制,可以发短信或者邮件给管理员(需配置邮件服务器)
适用:用不到共享存储,节点少的
keepalived支持多节点,但是节点中启动服务的只能有一个节点(一主多从)
让每个节点都活动起来(运行两组资源)
vrrp认证:1、明文认证、配置好预共享密钥 2、md5 sha1 散列
二、keepalived工作:
1、配置
主配置文件:/etc/keepalived/keepalived.conf
服务脚本: /etc/rc.d/init.d/keepalived
global_defs {
notification_email {
acassen@firewall.loc 收件人1
sysadmin@firewall. 收件人 3
}
notification_email_from Alexandre.Cassen@firewall.loc 发件人
smtp_server 192.168.200.1 发邮件的服务器
smtp_connect_timeout 30 联系邮件服务器的超时时间
router_id LVS_DEVEL 路由器的ID
}
邮件管理器是自动安装好的
Rhel5 : sendmail
Rhel6: postfix
vrrp_instance VI_1 { VI_1虚拟路由名称,自己取的
state MASTER 状态,使初始状态为master
interface eth0 通告选举通过哪个接口进行
virtual_router_id 51 虚拟路由ID,单主就设置一个虚拟路由ID,双主就两个(不能大于255)
priority 100 初始优先级
advert_int 1 初始化通告几个
authentication { 认证机制
auth_type PASS 明文认证
auth_pass 1111 密码,可以随机生成
}
virtual_ipaddress { 虚拟IP地址,给了3个,很可能只用一个
192.168.200.16
192.168.200.17
192.168.200.18
}
}
2、 在主节点上配置好,给从节点上复制一份
Scp /etc/keepalived/keepalived.conf root@172.16.249.212:/etc/keepalived/
3、在从节点上改刚复制过来的配置文件
vrrp_instance VI_1 {
state BACKUP 上一个为master,那这个就为backup
interface eth0
virtual_router_id 51
priority 99 这个优先级要低于主的优先级
}
4、启动主节点:
启动之前:先观察日志信息: tail -f /var/log/messages
部分信息:
Apr 28 14:20:05 node1 yum[5065]: Installed: keepalived-1.2.7-3.el6.x86_64
Apr 28 14:51:48 node1 Keepalived[5189]: Starting Keepalived v1.2.7 (02/21,2013)
Apr 28 14:51:48 node1 Keepalived[5190]: Starting Healthcheck child process, pid=5192
Apr 28 14:51:48 node1 Keepalived[5190]: Starting VRRP child process, pid=5193
在主节点上查看 IP地址已经启动起来了:
[root@node1 ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:af:c6 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.208/16 brd 172.16.255.255 scope global eth0
inet 172.16.39.100/32 scope global eth0 配置的172.16.39.100 已经启动起来了
inet6 fe80::20c:29ff:fe40:afc6/64 scope link
valid_lft forever preferred_lft forever
启动从节点:
Service keepalived start
从服务节点上 keepalived服务也启动了
观察从节点的IP地址:
[root@node2 ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:01:46:91 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.165/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe01:4691/64 scope link
valid_lft forever preferred_lft forever
没有虚拟IP地址。
测试:
关闭主节点keepalived服务,在从服务器上检测虚拟IP地址是否被抢占过来。
1、主上面:
[root@node1 ~]# service keepalived stop
Stopping keepalived: [ OK ]
2、查看从节点的IP地址:
[root@node2 ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:01:46:91 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.165/16 brd 172.16.255.255 scope global eth0
inet 172.16.39.100/32 scope global eth0
inet6 fe80::20c:29ff:fe01:4691/64 scope link
valid_lft forever preferred_lft forever
查看已经显示将 172.16.39.100 抢占过来了。
3、再启动主节点:
[root@node1 ~]# service keepalived start
Starting keepalived: [ OK ]
查看从节点的IP地址:
[root@node2 ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:01:46:91 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.165/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe01:4691/64 scope link
valid_lft forever preferred_lft forever
又被刚才的主节点抢占过去了
* 原因:因为之前我们配置的那个主节点的优先级(100)高于次节点的优先级(99),所以主节点上线后,就会把从节点上的IP地址抢占回来。
三、在keepalived配置文件中设置函数:
格式:
vrrp_script { 设置函数
}
Vrrp_instance XXX { 追踪
Track_script {
XXX
}
}
1、模拟一个节点宕机:
①:在 /etc/keepalived/keepalived.conf配置文件中定义脚本来实现:
vrrp_script chk_mantaince_down { 定义vrrp脚本
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
在 vrrp 主节点的配置段中加入脚本用来检测:
vrrp_instance VI_1 {
track_script { 添加追踪脚本
chk_mantaince_down
}
}
②:复制配置文件到从节点上,然后如上,修改优先级priority和节点状态state
二、验证:
①:重启两个节点的keepalived服务: service keepalived restart
②:在主节点的/etc/keepalived/目录中,创建 down 文件(touch down),则主节点的IP地址就转移到从节点了。
验证:
主节点:
[root@node1 keepalived]# touch down
[root@node1 keepalived]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:af:c6 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.208/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe40:afc6/64 scope link
valid_lft forever preferred_lft forever
从节点:
[root@node2 ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:01:46:91 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.165/16 brd 172.16.255.255 scope global eth0
inet 172.16.39.100/32 scope global eth0
inet6 fe80::20c:29ff:fe01:4691/64 scope link
valid_lft forever preferred_lft forever