服务器之家:专注于服务器技术及软件下载分享
分类导航

Linux|Centos|Ubuntu|系统进程|Fedora|注册表|Bios|Solaris|Windows7|Windows10|Windows11|windows server|

服务器之家 - 服务器系统 - Linux - Keepalived 的安装和配置

Keepalived 的安装和配置

2023-09-28 18:59未知服务器之家 Linux

导读 keepalived主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。keepalived主要目的在于,其自身启动一个服务,能够实现工作在双节点或多个节点上,并且可以在内核生效的ipvs规则其中当前持有资源的

导读 keepalived主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。keepalived主要目的在于,其自身启动一个服务,能够实现工作在双节点或多个节点上,并且可以在内核生效的ipvs规则其中当前持有资源的节点被称为活跃节点,另外的节点被称为备节点被称为 Master/Backup。
VRRP(如果有学习过TCP\IP,这一块很好理解):

虚拟路由器冗余协议(VRRP)是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。 VRRP 包封装在 IP 包中发送。

VRRP优先级别:

VRRP每个节点是有自己的优先级的,一般优先级是从0-255,数字越大优先级越高因此可以这么定义:假如要有一初始化的状态,其中一节点优先级100另一节点优先级99,那么毫无疑问,谁的优先级高谁就是主节点所有的节点刚启动后上线都是backup状态,需通过选举的方式选择master,如果其他节点没有响应则将自己提升为master

通告机制:如果节点之间master出现故障,其会自动转移当前角色,这时我们的管理员应该知道其已切换角色keepalived支持邮件发送机制,如果其状态发生改变的话可以通过邮件方式发送给管理员,使管理员第一时间可以查看其活动状态,方便之后的运维工作

keepalived核心组成部分
1.vrrp的实现
2.virtual_server:基于vrrp作为所谓通告机制之上的
3.vrrp_script:以外部 方式进行检测

Keepalived 的安装和配置

KeepAlived的安装:

[root@Nginx-one~]#tarzxfkeepalived-1.2.13.tar.gz
[root@Nginx-one~]#cdkeepalived-1.2.13
[root@Nginx-onekeepalived-1.2.13]#yuminstallkernel-developenssl-devellibnl-devel
[root@Nginx-onekeepalived-1.2.13]#./configure--prefix=/--mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/
[root@Nginx-onekeepalived-1.2.13]#make&&makeinstall
Keepalivedconfiguration
------------------------
Keepalivedversion:1.2.13##version##
Compiler:gcc				##编译工具##
Compilerflags:-g-O2	##参数##
ExtraLib:-lssl-lcrypto-lcrypt	##扩展库##
UseIPVSFramework:Yes##LVS核心代码框架,不使用LVS可以编译时disable-lvs##
IPVSsyncdaemonsupport:Yes##IPVS同步进程,是否开启取决于IPVSFRAMEWORK###
IPVSuselibnl:Yes##是否使用libnl库##
fwmarksocketsupport:Yes##套接字框架##
UseVRRPFramework:Yes##VRRP框架,keepalived的核心进程vrrpd##
UseVRRPVMAC:Yes##VRRPVirtualmac##
SNMPsupport:No
SHA1support:No
UseDebugflags:No
[root@Nginx-onekeepalived-1.2.13]#make&&makeinstall

KeepAlived的所有配置都在一个配置文件里设置,支持的配置可分为以下三类:

1、全局配置(global configure)
2、VRRPD配置
3、LVS配置

很明显,全局配置就是对整个keepalived生效的配置,不管是否使用LVS,VRRPD是keepalived的核心,LVS配置只在要使用keepalived来配置和管理LVS时使用,如果仅使用keepalived来做HA,LVS不需要配置。
配置文件都是以块(block)形式组织的,每个块都在{}范围内,#和!表示注释。

全局定义(global definition)

global_defs{
notification_email{##指定keepalived在发生事件(如切换)需要发送Email的对象,多个写多行##
itchenyi@gmail.com
}
notification_email_fromitchenyi@gmail.com
smtp_server127.0.0.1##SMTP服务器##
smtp_connect_timeout30##链接超时时间##
router_idNginx-one			##路由标识,这里用主机名##
}
VRRPD配置(VRRP同步组(syncchroization group) 和 VRRP实例 (VRRP instance))

不 使用SYNC Group的话,如果路由有2个网段,一个内网,一个外网,每个网段开启一个VRRP实例,假设VRRP配置为检查内网,那么当外网出现问题 时,VRRPD会认为自己是健康的,则不会发送Master和Backup的切换,从而导致问题,Sync Group可以把两个实例都放入Sync Group,这样的话,Group 里任何一个实例出现问题都会发生切换。

vrrp_instanceVI_1{##虚拟路由标识##
stateMASTER##初始状态,默认,选举产生后才可以升级为Master,这里明确定义其为Master##
interfaceeth1##选举通过那个网卡接口##
virtual_router_id10##虚拟路由的ID号,一般不大于255,可选IP最后一段使用##
priority100##初始优先级,选举过程中判断的依据,和路由的概念一样##
advert_int1##检查间隔,默认1s##
authentication{##认证机制##
auth_typePASS##认证方式,PASS为明文##
auth_passipython##认证密码##
}
virtual_ipaddress{##虚拟地址池##
1.1.1.100
}
}

配置Backup 配置如下:

[root@nginx-twokeepalived-1.2.13]#cat/software/keepalived/etc/keepalived/keepalived.conf
2.!ConfigurationFileforkeepalived
3.
4.global_defs{
5.notification_email{
6.itchenyi@gmail.com
7.}
8.notification_email_fromitchenyi@gmail.com
9.smtp_server127.0.0.1
10.smtp_connect_timeout30
11.router_idnginx-two
12.}
13.
14.vrrp_instanceVI_1{
15.stateBACKUP
16.interfaceeth1
17.virtual_router_id20
18.priority50
19.advert_int1
20.authentication{
21.auth_typePASS
22.auth_passipython
23.}
24.virtual_ipaddress{
25.1.1.1.100
26.}
27.}
28.
29.###其他配置:####
30.	nopreempt设置为不抢占,这个配置只能设置在state为BACKUP的节点上,并且这个机器的优先级必须比另一台高
31.	preempt_delay抢占延迟,默认5分钟
32.	debugdebug级别
33.	notify_master切换到Master时执行的脚本34.
35.##start##
36.[root@Nginx-onekeepalived-1.2.13]#servicekeepalivedstart
37.Startingkeepalived:[OK]
38.
39.###观察其日志文件###
40.[root@Nginx-onekeepalived-1.2.13]#tail-f/var/log/messages
41.Aug300:02:12Nginx-oneKeepalived[8177]:StartingKeepalivedv1.2.13(08/03,2014)
42.Aug300:02:12Nginx-oneKeepalived[8178]:StartingHealthcheckchildprocess,pid=8180
43.Aug300:02:12Nginx-oneKeepalived[8178]:StartingVRRPchildprocess,pid=8181
44.####当前的IP地址####
45.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:NetlinkreflectorreportsIP1.1.1.10added
46.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:NetlinkreflectorreportsIPfe80::20c:29ff:fecb:90a2added
47.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:RegisteringKernelnetlinkreflector
48.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:RegisteringKernelnetlinkcommandchannel
49.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:NetlinkreflectorreportsIP1.1.1.10added
50.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:NetlinkreflectorreportsIPfe80::20c:29ff:fecb:90a2added
51.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:RegisteringKernelnetlinkreflector
52.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:RegisteringgratuitousARPsharedchannel
53.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:RegisteringKernelnetlinkcommandchannel
54.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:Openingfile'/etc/keepalived/keepalived.conf'.
55.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:Configurationisusing:62834Bytes
56.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:UsingLinkWatchkernelnetlinkreflector...
57.Aug300:02:13Nginx-oneKeepalived_vrrp[8181]:VRRPsockpool:[ifindex(2),proto(112),unicast(0),fd(10,11)]
58.###打开并加载配置文件####
59.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:Openingfile'/etc/keepalived/keepalived.conf'.
60.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:Configurationisusing:7377Bytes
61.Aug300:02:13Nginx-oneKeepalived_healthcheckers[8180]:UsingLinkWatchkernelnetlinkreflector...
62.####切换为Master状态####
63.Aug300:02:14Nginx-oneKeepalived_vrrp[8181]:VRRP_Instance(VI_1)TransitiontoMASTERSTATE
64.Aug300:02:15Nginx-oneKeepalived_vrrp[8181]:VRRP_Instance(VI_1)EnteringMASTERSTATE
65.Aug300:02:15Nginx-oneKeepalived_vrrp[8181]:VRRP_Instance(VI_1)settingprotocolVIPs.
66.####在接口上添加VIP###
67.Aug300:02:15Nginx-oneKeepalived_vrrp[8181]:VRRP_Instance(VI_1)SendinggratuitousARPsoneth1for1.1.1.100
68.Aug300:02:15Nginx-oneKeepalived_healthcheckers[8180]:NetlinkreflectorreportsIP1.1.1.100added
69.Aug300:02:20Nginx-oneKeepalived_vrrp[8181]:VRRP_Instance(VI_1)SendinggratuitousARPsoneth1for1.1.1.100
70.
71.
72.###查看是否添加VIP###
73.[root@Nginx-onekeepalived-1.2.13]#ipashow|awk'/inet\/'
74.inet127.0.0.1/8scopehostlo
75.inet1.1.1.10/8brd1.255.255.255scopeglobaleth1
76.inet1.1.1.100/32scopeglobaleth1
77.
78.停止MASTER,查看BACKUP的状态转移
79.[root@Nginx-onekeepalived-1.2.13]#servicekeepalivedstop
80.Stoppingkeepalived:[OK]
81.
82.
83.[root@nginx-twokeepalived-1.2.13]#tail-f/var/log/messages
84.Aug300:05:01nginx-twoKeepalived_vrrp[5148]:UsingLinkWatchkernelnetlinkreflector...
85.Aug300:05:01nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)EnteringBACKUPSTATE
86.Aug300:05:01nginx-twoKeepalived_healthcheckers[5147]:UsingLinkWatchkernelnetlinkreflector...
87.Aug300:05:01nginx-twoKeepalived_vrrp[5148]:VRRPsockpool:[ifindex(2),proto(112),unicast(0),fd(10,11)]
88.Aug300:05:40nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)TransitiontoMASTERSTATE
89.Aug300:05:41nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)EnteringMASTERSTATE
90.Aug300:05:41nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)settingprotocolVIPs.
91.Aug300:05:41nginx-twoKeepalived_healthcheckers[5147]:NetlinkreflectorreportsIP1.1.1.100added
92.Aug300:05:41nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)SendinggratuitousARPsoneth1for1.1.1.100
93.Aug300:05:46nginx-twoKeepalived_vrrp[5148]:VRRP_Instance(VI_1)SendinggratuitousARPsoneth1for1.1.1.100
94.
95.####和路由协议一样,当MASTER上线被检测到会抢占VIP,可以想象的到,Keepalived也支持非抢占模式,只有BACKUP在变成MASTER后宕机了,才会转移VIP,说起来怎么这么绕口####

定义Keepalived的检测机制

###一只简单的脚本判断nginx是否在工作###
[root@nginx-two~]#catnginx_check.sh
#!/bin/bash
alive=`netstat-pant|awk'/0.0.0.0:80/&&/LISTEN/'|wc-l`
if[$alive-eq1];then
exit0
else
exit1
fi
###增加keepalived配置###
vrrp_scriptnginx_check
{
script"/root/nginx_check.sh"
interval1###检测时间间隔1s###
weigh-60###如果条件成立,权重-60###
}
####将track_script块加入instance配置块####
track_script
{
nginx_check
}
[root@Nginx-one~]#servicekeepalivedrestart
Stoppingkeepalived:[OK]
Startingkeepalived:[OK]
###无须质疑,只要nginx的80端口是正常监听的,主就还是主###
[root@Nginx-one~]#ipashow|awk'/inet\/'
inet127.0.0.1/8scopehostlo
inet1.1.1.10/8brd1.255.255.255scopeglobaleth1
inet1.1.1.100/32scopeglobaleth1
###停止Nginx服务###
[root@Nginx-one~]#servicenginxstop
Stoppingnginx:[OK]
###看看日志###
Aug300:52:13Nginx-oneKeepalived_vrrp[8490]:VRRP_Script(nginx_check)failed
Aug300:52:14Nginx-oneKeepalived_vrrp[8490]:VRRP_Instance(VI_1)EnteringFAULTSTATE
Aug300:52:14Nginx-oneKeepalived_vrrp[8490]:VRRP_Instance(VI_1)removingprotocolVIPs.
Aug300:52:14Nginx-oneKeepalived_vrrp[8490]:VRRP_Instance(VI_1)NowinFAULTstate
Aug300:52:14Nginx-oneKeepalived_healthcheckers[8489]:NetlinkreflectorreportsIP1.1.1.100removed
###Backup机器变成Master了###
[root@nginx-two~]#ipashow|awk'/inet\/'
inet127.0.0.1/8scopehostlo
inet1.1.1.20/8brd1.255.255.255scopeglobaleth1
inet1.1.1.100/32scopeglobaleth1

原文来自:


延伸 · 阅读

精彩推荐