内容
1、vrrp协议简介
2、keepalived的工作架构以及工作原理
3、keepalived的安装使用详解
一、vrrp协议简介
(5) Backup 路由器的优先级高于Master 路由器时,由Backup 路由器的工作方式(抢占方式和非抢占方式)决定是否重新选举Master。
二、keepalived简介
三、keepalived的安装以及配置
[root@localhost ~]# yum info keepalived
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
base | 4.0 kB 00:00 ...
Available Packages
Name : keepalived
Arch : x86_64
Version : 1.2.13
Release : 5.el6_6
Size : 214 k
Repo : base
Summary : Load balancer and high availability service
URL : http://www.keepalived.org/
License : GPLv2+
Description : Keepalived provides simple and robust facilities for load balancing
: and high availability. The load balancing framework relies on the
: well-known and widely used Linux Virtual Server (IPVS) kernel module
: providing layer-4 (transport layer) load balancing. Keepalived
: implements a set of checkers to dynamically and adaptively maintain
: and manage a load balanced server pool according their health.
: Keepalived also implements the Virtual Router Redundancy Protocol
: (VRRPv2) to achieve high availability with director failover.
配置文件:/etc/keepalived/keepalived.conf
主程序:/usr/sbin/keepalived
! Configuration File for keepalived #注释内容
global_defs { #表示keepalived在发生诸如切换操作时需要发送email通知,以及email发送给哪些邮件地址,邮件地址可以多个,每行一个
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc #表示发送通知邮件时邮件源地址是谁
smtp_server 192.168.200.1 #表示发送email时使用的smtp服务器地址
smtp_connect_timeout 30 #连接smtp连接超时时间
router_id LVS_DEVEL #机器标识,相当于主机名
}
vrrp_instance VI_1 { #VI_1表示这个VRRP的虚拟路由器的名字
state MASTER #状态值
interface eth0 #监听的端口
virtual_router_id 51 #VRID,这个必须与备节点是一样
priority 100 #优先级
advert_int 1 #检测间隔
authentication { #认证
auth_type PASS #帐号
auth_pass 1111 #密码
}
virtual_ipaddress { #需要虚拟的IP地址,可以是多个
192.168.200.16
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 80 { # 设置VIP的IP和端口信息
delay_loop 6 #检测间隔时间
lb_algo rr #调度算法
lb_kind NAT #lvs类型
nat_mask 255.255.255.0 #NAT类型的网关掩码,其他类型不需要此项
persistence_timeout 50 #持久连接时间
protocol TCP #TCP协议
real_server 192.168.201.100 80 { #RIP的IP和端口
weight 1 #权重
url {
path /mrtg/ #健康检查,这里是对web服务的检测,有两种方法,一种是指定页面的hash值。一个是页面的状态码,这里是hash值
digest 9b3a0c85a887a256d6939da88aabd8cd #hash值
}
connect_timeout 3 #失败时连接的时间
nb_get_retry 3 #失败时检测的次数
delay_before_retry 3 #每次失败等多少秒再进行检查
}
}
}
1、单实例(没用启用LVS)
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test1
vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 23
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth0 label eth0:1
}
}
BACKUP主机的配置:
[root@php ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test2
vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 23
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth1 label eth1:1
}
}
[root@localhost keepalived]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:DA:A5:4C
inet addr:10.1.252.36 Bcast:10.1.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:feda:a54c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18767 errors:0 dropped:0 overruns:0 frame:0
TX packets:1302 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1646398 (1.5 MiB) TX bytes:184756 (180.4 KiB)
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:DA:A5:4C
inet addr:192.168.200.16 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:202 (202.0 b) TX bytes:202 (202.0 b)
[root@localhost keepalived]# tail /var/log/messages
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Opening file '/etc/keepalived/keepalived.conf'.
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Configuration is using : 7453 Bytes
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Using LinkWatch kernel netlink reflector...
Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Transition to MASTER STATE
Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Entering MASTER STATE
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) setting protocol VIPs.
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16
Oct 31 19:43:17 localhost Keepalived_healthcheckers[2629]: Netlink reflector reports IP 192.168.200.16 added
Oct 31 19:43:22 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16
MATER:
[root@localhost keepalived]# service keepalived stop
Stopping keepalived: [ OK ]
BACKUP:
[root@php ~]# ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:DE:83:7F
inet addr:10.1.249.30 Bcast:10.1.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fede:837f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19877 errors:0 dropped:0 overruns:0 frame:0
TX packets:1140 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1743327 (1.6 MiB) TX bytes:150564 (147.0 KiB)
eth1:1 Link encap:Ethernet HWaddr 00:0C:29:DE:83:7F
inet addr:192.168.200.16 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:252 (252.0 b) TX bytes:252 (252.0 b)
[root@php ~]# !tai
tail /var/log/messages
Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Received higher prio advert
Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) removing protocol VIPs.
Nov 1 03:43:15 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 removed
Nov 1 03:47:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16
Nov 1 03:47:16 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 added
Nov 1 03:47:21 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 23
priority 90
advert_int 1
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth1 label eth1:1
}
}
notify.sh脚本内容如下:
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
双实例或多实例的配置过程大同小异,这里就不再进行演示
real_server <IPADDR> <PORT>
{
weight <INT>
notify_up <STRING>|<QUOTED-STRING>
notify_down <STRING>|<QUOTED-STRING>
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定义当前主机的健康状态检测方法;
}
HTTP_GET|SSL_GET {
url {
path <URL_PATH>:定义要监控的URL;
status_code <INT>:判断上述检测机制为健康状态的响应码;
digest <STRING>:判断上述检测机制为健康状态的响应的内容的校验码;
}
nb_get_retry <INT>:重试次数;
delay_before_retry <INT>:重试之前的延迟时长;
connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
bind_port <PORT>:发出健康状态检测请求时使用的源端口;
connect_timeout <INTEGER>:连接请求的超时时长;
}
TCP_CHECK {
connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
bind_port <PORT>:发出健康状态检测请求时使用的源端口;
connect_timeout <INTEGER>:连接请求的超时时长;
}
用法:
vrrp_script:定义一个资源监控脚本;
vrrp_script <STRING> {
script ""
interval INT
weight -INT
}
track_script:调用定义的资源监控脚本;
track_script {
SCRIPT_NAME
}
示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_down { #如果/etc/keepalived/down文件存在,优先级-5
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_httpd {#如果httpd服务进程失效,优先级-5
script "killall -0 httpd && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 98181111
}
virtual_ipaddress {
172.16.100.71/32 dev eno16777736
}
track_script { #调用脚本
chk_down
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
好了,keepalived的基本用法就介绍到这里。
转载于:https://blog.51cto.com/6638225/1867848