|
keepalived主要用作RealServer的健康狀態檢查以及LoadBalance主機和BackUP主機之間fAIlover的實現。keepalived主要目的在于,其自身啟動一個服務,能夠實現工作在雙節點或多個節點上,并且可以在內核生效的ipvs規則其中當前持有資源的節點被稱為活躍節點,另外的節點被稱為備節點被稱為 Master/Backup。 |
VRRP(如果有學習過TCPIP,這一塊很好理解):
虛擬路由器冗余協議(VRRP)是一種選擇協議,它可以把一個虛擬路由器的責任動態分配到局域網上的 VRRP 路由器中的一臺。控制虛擬路由器 IP 地址的 VRRP 路由器稱為主路由器,它負責轉發數據包到這些虛擬 IP 地址。一旦主路由器不可用,這種選擇過程就提供了動態的故障轉移機制,這就允許虛擬路由器的 IP 地址可以作為終端主機的默認第一跳路由器。使用 VRRP 的好處是有更高的默認路徑的可用性而無需在每個終端主機上配置動態路由或路由發現協議。 VRRP 包封裝在 IP 包中發送。
VRRP優先級別:
VRRP每個節點是有自己的優先級的,一般優先級是從0-255,數字越大優先級越高因此可以這么定義:假如要有一初始化的狀態,其中一節點優先級100另一節點優先級99,那么毫無疑問,誰的優先級高誰就是主節點所有的節點剛啟動后上線都是backup狀態,需通過選舉的方式選擇master,如果其他節點沒有響應則將自己提升為master
通告機制:如果節點之間master出現故障,其會自動轉移當前角色,這時我們的管理員應該知道其已切換角色keepalived支持郵件發送機制,如果其狀態發生改變的話可以通過郵件方式發送給管理員,使管理員第一時間可以查看其活動狀態,方便之后的運維工作
keepalived核心組成部分
1.vrrp的實現
2.virtual_server:基于vrrp作為所謂通告機制之上的
3.vrrp_script:以外部腳本方式進行檢測
KeepAlived的安裝:
[root@Nginx-one ~]# tar zxf keepalived-1.2.13.tar.gz
[root@Nginx-one ~]# cd keepalived-1.2.13
[root@Nginx-one keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel
[root@Nginx-one keepalived-1.2.13]#./configure --prefix=/ --mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[root@Nginx-one keepalived-1.2.13]# make && make install
Keepalived configuration
------------------------
Keepalived version :1.2.13 ##version##
Compiler: gcc ##編譯工具##
Compiler flags :-g -O2 ##參數##
ExtraLib:-lssl -lcrypto -lcrypt ##擴展庫##
Use IPVS Framework:Yes ##LVS核心代碼框架,不使用LVS可以編譯時disable-lvs##
IPVS sync daemon support :Yes ##IPVS同步進程,是否開啟取決于 IPVS FRAMEWORK###
IPVS use libnl :Yes ##是否使用libnl庫##
fwmark socket support :Yes ##套接字框架##
Use VRRP Framework:Yes ##VRRP框架,keepalived的核心進程vrrpd##
Use VRRP Vmac :Yes ##VRRP Virtual mac##
SNMP support :No
SHA1 support :No
UseDebug flags :No
[root@Nginx-one keepalived-1.2.13]# make && make install
KeepAlived的所有配置都在一個配置文件里設置,支持的配置可分為以下三類:
1、全局配置(global configure)
2、VRRPD配置
3、LVS配置
很明顯,全局配置就是對整個keepalived生效的配置,不管是否使用LVS,VRRPD是keepalived的核心,LVS配置只在要使用keepalived來配置和管理LVS時使用,如果僅使用keepalived來做HA,LVS不需要配置。
配置文件都是以塊(block)形式組織的,每個塊都在{}范圍內,#和!表示注釋。
全局定義(global definition)
global_defs {
notification_email {##指定keepalived在發生事件(如切換)需要發送Email的對象,多個寫多行##
itchenyi@gmail.com
}
notification_email_from itchenyi@gmail.com
smtp_server 127.0.0.1##SMTP服務器##
smtp_connect_timeout 30##鏈接超時時間##
router_id Nginx-one ##路由標識,這里用主機名##
}
VRRPD配置(VRRP同步組(syncchroization group) 和 VRRP實例 (VRRP instance))
不 使用SYNC Group的話,如果路由有2個網段,一個內網,一個外網,每個網段開啟一個VRRP實例,假設VRRP配置為檢查內網,那么當外網出現問題 時,VRRPD會認為自己是健康的,則不會發送Master和Backup的切換,從而導致問題,Sync Group可以把兩個實例都放入Sync Group,這樣的話,Group 里任何一個實例出現問題都會發生切換。
vrrp_instance VI_1 { ##虛擬路由標識##
state MASTER ##初始狀態,默認,選舉產生后才可以升級為Master ,這里明確定義其為Master##
interface eth1 ##選舉通過那個網卡接口##
virtual_router_id 10 ##虛擬路由的ID號,一般不大于255,可選IP最后一段使用##
priority 100 ##初始優先級,選舉過程中判斷的依據,和路由的概念一樣##
advert_int 1 ##檢查間隔,默認1s##
authentication { ##認證機制##
auth_type PASS ##認證方式,PASS為明文##
auth_pass iPython/ target=_blank class=infotextkey>Python ##認證密碼##
}
virtual_ipaddress { ##虛擬地址池##
1.1.1.100
}
}
配置Backup 配置如下:
[root@nginx-two keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf
2.! Configuration File for keepalived
3.
4.global_defs {
5. notification_email {
6. itchenyi@gmail.com
7. }
8. notification_email_from itchenyi@gmail.com
9. smtp_server 127.0.0.1
10. smtp_connect_timeout 30
11. router_id nginx-two
12.}
13.
14.vrrp_instance VI_1 {
15. state BACKUP
16. interface eth1
17. virtual_router_id 20
18. priority 50
19. advert_int 1
20. authentication {
21. auth_type PASS
22. auth_pass ipython
23. }
24. virtual_ipaddress {
25. 1.1.1.100
26. }
27.}
28.
29.###其他配置:####
30. nopreempt 設置為不搶占,這個配置只能設置在state為BACKUP的節點上,并且這個機器的優先級必須比另一臺高
31. preempt_delay 搶占延遲,默認5分鐘
32. debug debug級別
33. notify_master 切換到Master時執行的腳本
34.
35.##start##
36.[root@Nginx-one keepalived-1.2.13]# service keepalived start
37.Starting keepalived: [ OK ]
38.
39.###觀察其日志文件###
40.[root@Nginx-one keepalived-1.2.13]# tail -f /var/log/messages
41.Aug 3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014)
42.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180
43.Aug 3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181
44.####當前的IP地址####
45.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]:.NETlink reflector reports IP 1.1.1.10 added
46.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
47.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector
48.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel
49.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added
50.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added
51.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector
52.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel
53.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel
54.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file '/etc/keepalived/keepalived.conf'.
55.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes
56.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector...
57.Aug 3 00:02:13 Nginx-one Keepalived_vrrp[8181]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
58.###打開并加載配置文件####
59.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Opening file '/etc/keepalived/keepalived.conf'.
60.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Configuration is using : 7377 Bytes
61.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Using LinkWatch kernel netlink reflector...
62.####切換為Master 狀態####
63.Aug 3 00:02:14 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Transition to MASTER STATE
64.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Entering MASTER STATE
65.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs.
66.####在接口上添加VIP###
67.Aug 3 00:02:15 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
68.Aug 3 00:02:15 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.100 added
69.Aug 3 00:02:20 Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
70.
71.
72.###查看是否添加VIP###
73.[root@Nginx-one keepalived-1.2.13]# ip a show|awk '/inet /'
74. inet 127.0.0.1/8 scope host lo
75. inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
76. inet 1.1.1.100/32 scope global eth1
77.
78.停止MASTER,查看BACKUP的狀態轉移
79.[root@Nginx-one keepalived-1.2.13]# service keepalived stop
80.Stopping keepalived: [ OK ]
81.
82.
83.[root@nginx-two keepalived-1.2.13]# tail -f /var/log/messages
84.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: Using LinkWatch kernel netlink reflector...
85.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering BACKUP STATE
86.Aug 3 00:05:01 nginx-two Keepalived_healthcheckers[5147]: Using LinkWatch kernel netlink reflector...
87.Aug 3 00:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
88.Aug 3 00:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Transition to MASTER STATE
89.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Entering MASTER STATE
90.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs.
91.Aug 3 00:05:41 nginx-two Keepalived_healthcheckers[5147]: Netlink reflector reports IP 1.1.1.100 added
92.Aug 3 00:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
93.Aug 3 00:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 1.1.1.100
94.
95.####和路由協議一樣,當MASTER上線被檢測到會搶占VIP,可以想象的到,Keepalived也支持非搶占模式,只有BACKUP在變成MASTER后宕機了,才會轉移VIP,說起來怎么這么繞口####
定義Keepalived的檢測機制
###一只簡單的腳本判斷nginx 是否在工作###
[root@nginx-two ~]# cat nginx_check.sh
#!/bin/bash
alive=`netstat -pant|awk '/0.0.0.0:80/&&/LISTEN/'|wc -l`
if[ $alive -eq 1];then
exit 0
else
exit 1
fi
###增加keepalived配置###
vrrp_script nginx_check
{
script "/root/nginx_check.sh"
interval 1 ###檢測時間間隔 1s###
weigh -60 ###如果條件成立,權重-60###
}
####將track_script塊加入instance 配置塊####
track_script
{
nginx_check
}
[root@Nginx-one ~]# service keepalived restart
Stopping keepalived:[ OK ]
Starting keepalived:[ OK ]
###無須質疑,只要nginx 的80端口是正常監聽的,主就還是主###
[root@Nginx-one ~]# ip a show|awk '/inet /'
inet 127.0.0.1/8 scope host lo
inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1
inet 1.1.1.100/32 scope global eth1
###停止Nginx服務###
[root@Nginx-one ~]# service nginx stop
Stopping nginx:[ OK ]
###看看日志###
Aug300:52:13Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Entering FAULT STATE
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs.
Aug300:52:14Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1)Nowin FAULT state
Aug300:52:14Nginx-one Keepalived_healthcheckers[8489]:Netlink reflector reports IP 1.1.1.100 removed
###Backup機器變成Master了###
[root@nginx-two ~]# ip a show|awk '/inet /'
inet 127.0.0.1/8 scope host lo
inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1
inet 1.1.1.100/32 scope global eth1
