一.keepalived介绍


Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for loadbalancing and high-availability to Linuxsystem and Linux based infrastructures. Loadbalancing framework relies on well-knownand widely used Linux Virtual Server (IPVS)kernel module providing Layer4 loadbalancing. Keepalived implements a set of checkersto dynamically and adaptively maintain and manage loadbalanced server pool accordingtheir health. On the other hand high-availability is achieved by VRRP protocol. VRRP is afundamental brick for router failover. In addition, Keepalived implements a set ofhooks to the VRRP finite state machine providing low-level and high-speed protocolinteractions. Keepalived frameworks can be used independently or all together toprovide resilient infrastructures.

keepalived 是用c写的路由软件,主要目的是为基于linux的设备提供一个简单强健的,能实现负载均衡和高可用功能的工具."负载均衡"框架基于"IPVS",能调用一系列的"checker" 动态的维护管理负载均衡服务器和后端的RS."高可用"是基于"VRRP"协议的.两者可同时使用.

二.keepalived应用


1.负载均衡(主要是ipvs),同时不依赖ipvsadm这个包

2.高可用,自动failover(主要用于不具备health aware的服务,如nginx)

3.自定义脚本,主要是因为keepalived提供了一种机制,可以在server状态改变时执行相应的策略.至于策略是什么,归用户自定义(可以用来煮咖啡)

4.动态,静态路由


至于如何实现的,网上大把教程


三.keepalive配置文件


KEEPALIVED.CONF(5) KEEPALIVED.CONF(5)

NAME
/etc/keepalived/keepalived.conf - configuration file for keepalived

DESCRIPTION
keepalived.conf is the configuration file which describes all the
keepalived keywords. keywords are placed in hierachies of blocks (and
subblocks), each layer being delimited by ’{’ and ’}’ pairs.

(配置文件是用{}括起来的多级块)

Comments start with ’#’ or ’!’ to the end of the line and can start
anywhere in a line.
(用#或!来注释,没有多行注释)
TOP HIERACHY
GLOBAL CONFIGURATION

VRRP CONFIGURATION

LVS CONFIGURATION


GLOBAL CONFIGURATION
contains subblocks of Global defination and static routes
全局设定包括"全局定义"和"静态路由"


GLOBAL DEFINATION
global_defs # Block id
{
notification_email # To:
{
admin@example1.com (邮件接收者)
...
}
# From: from address that will be in header
notification_email_from admin@example.com (发送者)
smtp_server 127.0.0.1 # IP
smtp_connect_timeout 30 # integer, seconds
router_id my_hostname # string identifying the machine,标示本机的字符串
# (doesn’t have to be hostname).
enable_traps # enable SNMP traps
}



STATIC ROUTES
keepalived can configure static addresses and routes. These addresses
are NOT moved by vrrpd, they stay on the machine. If you already have
IPs and routes on your machines and your machines can ping each other,
you don't need this section.

The syntax is the same as for virtual addresses and virtual routes.

static_ipaddress
{
192.168.1.1/24 dev eth0 scope global
...
}

static_routes
{
192.168.2.0/24 via 192.168.1.100 dev eth0
...
}


VRRD CONFIGURATION
contains subblocks of VRRP synchronization group(s) and VRRP
instance(s)

vrrd配置包括"VRRP同步组"和"vrrp实例"
VRRP synchronization group(s)
#string, name of group of IPs that failover together
vrrp_sync_group VG_1 {
group {
inside_network # name of vrrp_instance (below)
outside_network # One for each moveable IP.
...
}

# notify scripts and alerts are optional
#
# filenames of scripts to run on transitions
# can be unquoted (if just filename) 监测脚本若接收参数,需用括号引用
# or quoted (if has parameters)
# to MASTER transition
notify_master /path/to_master.sh
# to BACKUP transition
notify_backup /path/to_backup.sh
# FAULT transition
notify_fault "/path/fault.sh VG_1"

# for ANY state transition.
# "notify" script is called AFTER the(notify脚本优先级低于nitofy_开头的)
# notify_* script(s) and is executed
# with 3 arguments provided by keepalived
# (ie don’t include parameters in the notify line).
# arguments
# $1 = "GROUP"|"INSTANCE"
# $2 = name of group or instance
# $3 = target state of transition
# ("MASTER"|"BACKUP"|"FAULT")
notify /path/notify.sh

# Send email notifcation during state transition,
# using addresses in global_defs above.
smtp_alert
}


VRRP instance(s)
describes the moveable IP for each instance of a group in
vrrp_sync_group. Here are described two IPs (on inside_network and on
outside_network), on machine "my_hostname", which belong to the group
VG_1 and which will transition together on any state change.
#You will need to write another block for outside_network.
vrrp_instance inside_network {
# Initial state, MASTER|BACKUP
# As soon as the other machine(s) come up,
# an election will be held and the machine
# with the highest "priority" will become MASTER.
# So the entry here doesn’t matter a whole lot.
state MASTER (这句话其实不重要,重要的是优先级)

# interface for inside_network, bound by vrrp
interface eth0(表明vrrp绑定在哪个设备)

# Use VRRP Virtual MAC.
use_vmac <VMAC_INTERFACE>(虚拟mac地址,不需要设定,kp会自动分配一个)

# Ignore VRRP interface faults (default unset)
dont_track_primary (忽略vrrp设备错误)

# optional, monitor these as well.
# go to FAULT state if any of these go down.
track_interface { (跟踪设备,若出错则进入"fault"状态)
eth0
eth1
...
}

#default IP for binding vrrpd is the primary IP
#on interface. If you want to hide location of vrrpd,
#use this IP as src_addr for multicast vrrp packets.
#(since it’s multicast, vrrpd will get the reply
#packet no matter what src_addr is used).
#optional
mcast_src_ip <IPADDR> (定义多播地址)

# Binding interface for lvs syncd
lvs_sync_daemon_interface eth1 (把lvs功能绑定在特定网卡)

# delay for gratuitous ARP after transition to MASTER
garp_master_delay 10 # secs, default 5 (进入MASTER状态后10秒发送"garp"广播)

# arbitary unique number 0..255
# used to differentiate multiple instances of vrrpd
# running on the same NIC (and hence same socket).
virtual_router_id 51 (虚拟路由ID,可借此自动分配"VMAC")

# for electing MASTER, highest priority wins.
# to be MASTER, make 50 more than other machines.
priority 100(你懂的-_-)

# VRRP Advert interval, secs (use default)
advert_int 1 (广播 间隔)
authentication { # Authentication block
# PASS||AH (认证方式,明码和IPSEC,推荐使用明码)
# PASS - Simple Passwd (suggested)
# AH - IPSEC (not recommended))
auth_type PASS
# Password for accessing vrrpd.
# should be the same for all machines.
# Only the first eight (8) characters are used.
auth_pass 1234

#addresses add|del on change to MASTER, to BACKUP.
#With the same entries on other machines,
#the opposite transition will be occuring.
virtual_ipaddress {
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label
<LABEL>
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2:1(定义虚拟IP,可指定设备和LABEL)
}

#VRRP IP excluded from VRRP
#optional.
#For cases with large numbers (eg 200) of IPs
#on the same interface. To decrease the number
#of packets sent in adverts, you can exclude
#most IPs from adverts.
#The IPs are add|del as for virtual_ipaddress.
virtual_ipaddress_excluded { (当一个借口巨量VIP时,排除一些VIP发送过的广播包)
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
...
}
# routes add|del when changing to MASTER, to BACKUP
virtual_routes { (定义虚拟路由)
# src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR> [or
<IPADDR>] dev <STRING> scope <SCOPE> tab
src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev
eth1
192.168.110.0/24 via 192.168.200.254 dev eth1
192.168.111.0/24 dev eth2
192.168.112.0/24 via 192.168.100.254 192.168.113.0/24 via
192.168.200.254 or 192.168.100.254 dev eth1 blackhole
192.168.114.0/24
}

# VRRP will normally preempt a lower priority
# machine when a higher priority machine comes
# online. "nopreempt" allows the lower priority
# machine to maintain the master role, even when
# a higher priority machine comes back online.
# NOTE: For this to work, the initial state of this
# entry must be BACKUP.
nopreempt(VRRP的工作模式分"抢占式"和"非抢占式",后者在优先级比自己高的机器上线时,不转让资源)

# Seconds after startup until preemption
# (if not disabled by "nopreempt").
# Range: 0 (default) to 1,000
# NOTE: For this to work, the initial state of this
# entry must be BACKUP.(机器上线后,等5分钟再抢占,初始state必须是backup)
preempt_delay 300 # waits 5 minutes

# Debug level, not implemented yet.
debug (找虫子)

# notify scripts, alert as above
notify_master <STRING>|<QUOTED-STRING> (状态变为MASTER时运行脚本)
notify_backup <STRING>|<QUOTED-STRING>
notify_fault <STRING>|<QUOTED-STRING>
notify <STRING>|<QUOTED-STRING>
smtp_alert (邮件警报)
}


LVS CONFIGURATION
contains subblocks of Virtual server group(s) and Virtual server(s)

The subblocks contain arguments for _i_p_v_s_a_d_m_(_8_)_. A knowlege of
_i_p_v_s_a_d_m_(_8_) will be helpful here.


Virtual server group(s)
# optional(这个组允许一个RS上的一个服务属于多个虚拟服务,而只健康检查一次)
# this groups allows a service on a real_server
# to belong to multiple virtual services
# and to be only health checked once.
# Only for very large LVSs.
virtual_server_group <STRING> {
#VIP port
<IPADDR> <PORT>
<IPADDR> <PORT>
...
#
# <IPADDR RANGE> has the form
# XXX.YYY.ZZZ.WWW-VVV eg 192.168.200.1-10
# range includes both .1 and .10 address
<IPADDR RANGE> <PORT># VIP range VPORT
<IPADDR RANGE> <PORT>
...
fwmark <INT> # fwmark (防火墙标记)
fwmark <INT>
... }


VIRTUAL SERVERS
A virtual_server can be a declaration of one of

vip vport (IPADDR PORT pair)

fwmark <INT>

(virtual server) group <STRING>

#setup service
virtual_server IP port |(tcp类型vs)
virtual_server fwmark int |(防火墙类型vs)
virtual_server group string(vs组)
{
# delay timer for service polling
delay_loop <INT>

# LVS scheduler
lb_algo rr|wrr|lc|wlc|lblc|sh|dh (算法)
# LVS forwarding method
lb_kind NAT|DR|TUN (类型)
# LVS persistence timeout, sec
persistence_timeout <INT> (持久连接时间)
# LVS granularity mask (-M in ipvsadm)
persistence_granularity <NETMASK> (啥是持久连接力度,为啥跟掩码?)
# Only TCP is implemented
protocol TCP
# If VS IP address is not set,
# suspend healthchecker’s activity
ha_suspend (如果VIP没设定,不进行RS健康检查)

# VirtualHost string for HTTP_GET or SSL_GET
# eg virtualhost www.firewall.loc
virtualhost <STRING>

# Assume silently all RSs down and healthchecks
# failed on start. This helps preventing false
# positive actions on startup. Alpha mode is
# disabled by default.
alpha (这些都是啥/? o_0)

# On daemon shutdown, consider quorum and RS
# down notifiers for execution, where appropriate.
# Omega mode is disabled by default.
omega

# Minimum total weight of all live servers in
# the pool necessary to operate VS with no
# quality regression. Defaults to 1.
quorum <INT>

# Tolerate this much weight units compared to the
# nominal quorum, when considering quorum gain
# or loss. A flap dampener. Defaults to 0.
hysteresis <INT>

# Script to launch when quorum is gained.
quorum_up <STRING>|<QUOTED-STRING>

# Script to launch when quorum is lost.
quorum_down <STRING>|<QUOTED-STRING>


# setup realserver(s)

# RS to add when all realservers are down
sorry_server <IPADDR> <PORT> (全部RS都挂了,就转移到这台机器上)

# one entry for each realserver
real_server <IPADDR> <PORT>
{
# relative weight to use, default: 1
weight <INT>
# Set weight to 0
# when healthchecker detects failure
inhibit_on_failure (检测到错误就将此RS权重降低至0)

# Script to launch when healthchecker
# considers service as up.
notify_up <STRING>|<QUOTED-STRING> (RS起来了,就触发一个脚本)
# Script to launch when healthchecker
# considers service as down.
notify_down <STRING>|<QUOTED-STRING>

# pick one healthchecker(检测方式)
# HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK

# HTTP and SSL healthcheckers
HTTP_GET|SSL_GET
{
# A url to test
# can have multiple entries here
url {
#eg path / , or path /mrtg2/
path <STRING>
# healthcheck needs status_code
# or status_code and digest
# Digest computed with genhash
# eg digest 9b3a0c85a887a256d6939da88aabd8cd
digest <STRING>
# status code returned in the HTTP header
# eg status_code 200
status_code <INT> (根据http状态码来检测)
}
#IP, tcp port for service on realserver
connect_port <PORT> 连接哪个端口
bindto <IPADDR>
# Timeout connection, sec
connect_timeout <INT>(连接超时)
# number of get retry
nb_get_retry <INT>(重试次数)
# delay before retry
delay_before_retry <INT>(重试间隔)
} #HTTP_GET|SSL_GET

#TCP healthchecker (bind to IP port)
TCP_CHECK
{
connect_port <PORT>(检测哪个端口)
bindto <IPADDR>
connect_timeout <INT>
} #TCP_CHECK

# SMTP healthchecker(smtp用的不多吧?)
SMTP_CHECK
{
# An optional host interface to check.
# If no host directives are present, only
# the ip address of the real server will
# be checked.
host {
# IP address to connect to
connect_ip <IP ADDRESS>
# Optional port to connect to if not
# the default of 25
connect_port <PORT>
# Optional interface to use to
# originate the connection
bindto <IP ADDRESS>
}
# Connection and read/write timeout
# in seconds
connect_timeout <INTEGER>
# Number of times to retry a failed check
retry <INTEGER>
# Delay in seconds before retrying
delay_before_retry <INTEGER>
# Optional string to use for the smtp HELO request
helo_name <STRING>|<QUOTED-STRING>
} #SMTP_CHECK

#MISC healthchecker, run a program
MISC_CHECK
{
# External system script or program
misc_path <STRING>|<QUOTED-STRING>
# Script execution timeout
misc_timeout <INT>

# If set, exit code from healthchecker is used
# to dynamically adjust the weight as follows:
# exit status 0: svc check success, weight
# unchanged.
# exit status 1: svc check failed.
# exit status 2-255: svc check success, weight
# changed to 2 less than exit status.
# (for example: exit status of 255 would set
# weight to 253)
misc_dynamic
}
} # realserver defn
} # virtual service






4th Berkeley Distribution Jan 2004 KEEPALIVED.CONF(5)