Keepalived介紹
- Keepalived軟體起初是專門為LVS負載均衡軟體設計的,用來管理並監控LVS集群系統中各個服務節點的狀態,後來又加入了可以實現高可用的VRRP功能。因此,Keepalived除了能夠管理LVS軟體外,還可以作為其他服務(例如:Nginx,Haproxy,MySQL等)的高可用解決方案軟體。
- Keepalived軟體主要是通過VRRP協議實現高可用功能的。VRRP是Virtual Router Redundancy Protocol(虛擬路由器冗餘協議)的縮寫,VRRP出現的目的就是為了解決靜態路由單點故障問題的,他能夠保證當個別節點宕機時,整個網路可以不間斷地執行。所以,Keepalived一方面具有配置管理LVS的功能,同時還具有對LVS下面節點進行健康檢查的功能,另一方面也可實現系統網路服務的高可用功能。
Keepalived的重要功能
- (1) 管理LVS負載均衡軟體:早期的LVS軟體,需要通過命令列或指令碼實現管理,並且沒有針對LVS節點的健康檢查功能。為了解決LVS的這些使用不便問題,Keepalived誕生了,可以說,Keepalived軟體起初是專為解決LVS的問題而誕生的。因此,Keepalived和LVS的感情很深,他們的關係如同夫妻一樣,可以緊密地結合,愉快地工作。Keepalived可以通過讀取自身的配置檔案,實現通過更底層的介面直接管理LVS的配置以及控制服務的啟動,停止功能,這使得LVS的應用更加簡單方便了。
- (2) 實現對LVS叢集節點健康檢查功能(healthcheck):Keepalived可以通過在自身的Keepalived.conf檔案裡配置LVS的節點IP和相關引數實現對LVS的直接管理;除此之外,當LVS叢集中的某一個甚至是幾個節點伺服器同時發生故障無法提供服務時,Keepalived服務會自動將失效的節點伺服器從LVS的正常轉發佇列中清除出去,並將請求排程到別的正常節點伺服器上,從而保證終端使用者的訪問不受影響;當故障的節點伺服器被修復以後,Keepalived服務又會自動地把它們加入到正常轉發佇列中,對客戶提供服務。
- (3) 作為系統網路服務的高可用功能(failover):Keepalived高可用功能實現的簡單原理為,兩臺主機同時安裝好Keepalived軟體並啟動服務,開始正常工作時,由角色為Master的主機獲得所有資源並對使用者提供服務,角色為Backup的主機作為Master主機的熱備;當角色為Master的主機失效或出現故障時,角色為Backup的主機將自動接管Master主機的所有工作,包括接管VIP資源及相應資源服務;而當角色為Master的主機故障修復後,又會自動接管回它原來處理的工作,角色為Backup的主機則同時釋放Master主機失效時它接管的工作,此時,兩臺主機將恢復到最初啟動時各自的原始角色及工作狀態。
Keepalived如何故障切換實現高可用?
- (1) Keepalived高可用服務之間的故障切換轉移,是通過VRRP(Virtual Router Redundancy Protocol,虛擬路由器冗餘協議)來實現的。
- (a) VRRP,全稱Virtual Router Redundancy Protocol,中文名為虛擬路由冗餘協議,VRRP的出現就是為了解決靜態路由的單點故障問題,VRRP是通過一種競選機制來將路由的任務交給某臺VRRP路由器的。
- (b) VRRP早期是用來解決交換機,路由器等裝置單點故障的,下面是交換,路由的Master和Backup切換原理描述,同樣適用於Keepalived的工作原理。
- (c) 在一組VRRP路由器叢集中,有多臺物理VRRP路由器,但是這多臺物理的機器並不是同時工作的,而是由一臺稱為Master的機器負責路由工作,其他的機器都是Backup。Master角色並非一成不變的,VRRP會讓每個VRRP路由參與競選,最終獲勝的就是Master。獲勝的Master有一些特權,比如擁有虛擬路由器的IP地址等,擁有系統資源的Master負責轉發傳送給閘道器地址的包和響應ARP請求。
- (d) VRRP通過競選機制來實現虛擬路由器的功能,所有的協議報文都是通過IP多播(Multicast)包(預設的多播地址224.0.0.18)形式傳送的。虛擬路由器由VRID(範圍0-225)和一組IP地址組成,對外表現為一個周知的MAC地址:00-00-5E-00-01-{VRID}。所以,在一個虛擬路由器中,不管誰是Master,對外都是相同的MAC和IP(稱之為VIP)。客戶端主機並不需要因Master的改變而修改自己的路由配置。對他們來說,這種切換是透明的。
- (e) 在一組虛擬路由器中,只有作為Master的VRRP路由器會一直髮送VRRP廣播包(VRRP Advertisement messages),此時Backup不會搶佔Master。當Master不可用時,Backup就收不到來自Master的廣播包了,此時多臺Backup中優先順序最高的路由器會搶佔為Master。這種搶佔是非常快速的(可能只有1秒甚至更少),以保證服務的連續性。出於安全性考慮,VRRP資料包使用了加密協議進行了加密。
- (2) 在Keepalived服務正常工作時,主Master節點會不斷地向備節點發送(多播的方式)心跳訊息,用以告訴備Backup節點自己還活著,當主Master節點發生故障時,就無法傳送心跳訊息,備節點也就因此無法繼續檢測到來自主Master節點的心跳了,於是呼叫自身的接管程式,接管主Master節點的IP資源及服務。而當主Master節點恢復時,備Backup節點又會釋放主節點故障時自身接管的IP資源及服務,恢復到原來的備用角色。
Keepalived工作原理
- keepalived可提供vrrp以及health-check功能,可以只用它提供雙機浮動的vip(vrrp虛擬路由功能),這樣可以簡單實現一個雙機熱備高可用功能;keepalived是以VRRP虛擬路由冗餘協議為基礎實現高可用的,可以認為是實現路由器高可用的協議,即將N臺提供相同功能的路由器組成一個路由器組,這個組裡面有一個master和多個backup,master上面有一個對外提供服務的vip(該路由器所在區域網內其他機器的預設路由為該vip),master會發組播,當backup收不到VRRP包時就認為master宕掉了,這時就需要根據VRRP的優先順序來選舉一個backup當master。這樣的話就可以保證路由器的高可用了。
Keepalived的元件圖
上圖是Keepalived的功能體系結構,大致分兩層:使用者空間(user space)和核心空間(kernel space)。
- 核心空間:主要包括IPVS(IP虛擬伺服器,用於實現網路服務的負載均衡)和NETLINK(提供高階路由及其他相關的網路功能)兩個部份。
- 使用者空間:
- WatchDog:負載監控checkers和VRRP程序的狀況
- VRRP Stack:負載負載均衡器之間的失敗切換FailOver,如果只用一個負載均稀器,則VRRP不是必須的。
- Checkers:負責真實伺服器的健康檢查healthchecking,是keepalived最主要的功能。換言之,可以沒有VRRP Stack,但健康檢查healthchecking是一定要有的。
- IPVS wrapper:使用者傳送設定的規則到核心ipvs程式碼
- Netlink Reflector:用來設定vrrp的vip地址等。
Keepalived的所有功能是配置keepalived.conf檔案來實現的。
Keepalived正常啟動的時候,共啟動3個程序
- 一個是父程序,負責監控其子程序;一個是VRRP子程序,另外一個是checkers子程序;兩個子程序都被系統watchlog看管,兩個子程序各自負責複雜自己的事。
- Healthcheck子程序檢查各自伺服器的健康狀況,,例如http,lvs。如果healthchecks程序檢查到master上服務不可用了,就會通知本機上的VRRP子程序,讓他刪除通告,並且去掉虛擬IP,轉換為BACKUP狀態。
注意:keepalived和LVS完全是兩碼事,只不過他們各負其責相互配合而已。
Keepalived高可用伺服器的“裂腦”問題——什麼是裂腦。
- 由於某些原因,導致兩臺高可用伺服器對在指定時間內,無法檢測到對方的心跳訊息,各自取得資源及服務的所有權,而此時的兩臺高可用伺服器對都還活著並在正常執行,這樣就會導致同一個IP或服務在兩端同時存在而發生衝突,最嚴重的是兩臺主機佔用同一個VIP地址,當用戶寫入資料時可能會分別寫入到兩端,這可能會導致伺服器兩端的資料不一致或造成資料丟失,這種情況就被稱為裂腦。
導致裂腦發生的原因,有以下幾種原因:
- 高可用伺服器對之間心跳線鏈路發生故障,導致無法正常通訊。
- 心跳線壞了(包括斷了,老化)
- 網絡卡及相關驅動壞了,IP配置及衝突問題(網絡卡直連)。
- 心跳線間連線的裝置故障(網絡卡及交換機)
- 仲裁的機器出問題(採用仲裁的方案)
- 高可用伺服器上開啟了iptables防火牆阻擋了心跳訊息傳輸
- 高可用伺服器上心跳網絡卡地址等資訊配置不正確,導致傳送心跳失敗。
- 其他服務配置不當等原因,如心跳方式不同,心跳廣播衝突,軟體BUG等
提示:Keepalived配置裡同一VRRP例項如果virtual_router_id兩端引數配置不一致,也會導致裂腦問題發生。
解決裂腦的常見方案。
- 同時使用序列電纜和乙太網電纜連線,同時用兩條心跳線路,這樣一條線路壞了,另一個還是好的,依然能傳送心跳訊息。
- 當檢測到裂腦時強行關閉一個心跳節點(這個功能需特殊裝置支援,如Stonith,fence)。相當於備節點接收不到心跳訊息,通過單獨的線路傳送關機命令關閉主節點的電源。
- 做好對裂腦的監控報警(如郵件及手機簡訊等或值班),在問題發生時人為第一時間介入仲裁,降低損失。
下面是生產場景檢測裂腦故障的一些思路:
- (1)簡單判斷的思想:只要備節點出現VIP就報警,這個報警有兩種情況,一是主機宕機了備機接管了;二是主機沒宕,裂腦了。不管屬於哪個情況,都進行報警,然後由人工檢視判斷及解決。
- (2)比較嚴謹的判斷:備節點出現對應VIP,並且主節點及對應服務(如果能遠端連線主節點看是否有VIP就更好了)還活著,就說明發生裂腦了。
第一部分:Keepalived軟體安裝過程:【官方下載載點:原始碼包;第三方下載載點:rpm包】
- 準備環境
| 屬性 | KeepAlived MASTER | KeepAlived BACKUP |
| 節點 | KeepAlived-Master | KeepAlived-Backup |
| 系統 | CentOS Linux release 7.5.1804 (Minimal) | CentOS Linux release 7.5.1804 (Minimal) |
| 核心 | 3.10.0-862.el7.x86_64 | 3.10.0-862.el7.x86_64 |
| SELinux | setenforce 0 | disabled | setenforce 0 | disabled |
| Firewlld | systemctl stop/disable firewalld | systemctl stop/disable firewalld |
| IP地址 | 172.16.70.37 |
172.16.70.4 |
- 以KeepAlived-Master為例。(KeepAlived-Backup相同操作)
# 修改主機名
[root@locahost ~]# hostnamectl set-hostname --static KeepAlived-Master && exec bash # 檢視系統版本資訊
[root@KeepAlived-Master ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@KeepAlived-Master ~]# uname -r
3.10.0-862.el7.x86_64 # 關閉SELinux及firewalld
[root@KeepAlived-Master ~]# sed -i '7s/enforcing/disabled/' /etc/selinux/config
[root@KeepAlived-Master ~]# setenforce 0
[root@KeepAlived-Master ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@KeepAlived-Master ~]# hostname -I
172.16.70.37 # 查詢centos7自帶keepalived版本
[root@KeepAlived-Master ~]# yum list | grep keepalived
keepalived.x86_64 1.3.5-19.el7 base # 安裝基礎軟體
[root@KeepAlived-Master ~]# yum install -y vim net-tools wget curl lrzsz lsof # 安裝依賴並下載keepalived
[root@KeepAlived-Master ~]# yum install -y openssl openssl-devel libnl libnl-devel gcc
[root@KeepAlived-Master ~]# wget www.keepalived.org/software/keepalived-2.0.20.tar.gz
[root@KeepAlived-Master ~]# md5sum keepalived-2.0.20.tar.gz
a5966e8433b60998709c4a922a407bac keepalived-2.0.20.tar.gz
[root@KeepAlived-Master ~]# tar -xf keepalived-2.0.20.tar.gz
[root@KeepAlived-Master ~]# cd keepalived-2.0.20
[root@KeepAlived-Master keepalived-2.0.20]# ./configure --help | less # 檢視選擇適合的編譯引數
[root@KeepAlived-Master keepalived-2.0.20]# ./configure --prefix=/usr/local/app/keepalived --with-systemdsystemunitdir=/usr/local/app/keepalived --enable-log-file
......
....最後正常編譯完成後如下
Keepalived configuration
------------------------
Keepalived version : 2.0.20
Compiler : gcc
Preprocessor flags : -D_GNU_SOURCE
......
......
Linker flags : -pie -Wl,-z,relro -Wl,-z,now
Extra Lib : -lm -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
With track_process : Yes
With linkbeat : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use JSON output : No
libnl version : 1
Use IPv4 devconf : No
Use iptables : Yes
Use libiptc : No
Use libipset : No
Use nftables : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No [root@KeepAlived-Master keepalived-2.0.20]# make -j 4 && make install # 設定環境變數
[root@KeepAlived-Master ~]# ls /usr/local/app/keepalived/
bin etc keepalived.service sbin share
[root@KeepAlived-Master ~]# ln -s /usr/local/app/keepalived/sbin/keepalived /usr/local/sbin/
[root@KeepAlived-Master ~]# ls -l /usr/sbin/keepalived
lrwxrwxrwx. 1 root root 42 Sep 18 14:31 /usr/sbin/keepalived -> /usr/local/apps/keepalived/sbin/keepalived
[root@KeepAlived-Master ~]# keepalived -v
Keepalived v2.0.20 (01/22,2020) Copyright(C) 2001-2020 Alexandre Cassen, <[email protected]> Built with kernel headers for Linux 3.10.0
Running on Linux 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 configure options: --prefix=/usr/local/app/keepalived --with-systemdsystemunitdir=/usr/local/app/keepalived --enable-log-file Config options: LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING FILE_LOGGING LOG_FILE_APPEND System options: PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG ...... INET6_ADDR_GEN_MODE SO_MARK SCHED_RESET_ON_FORK [root@KeepAlived-Master ~]# keepalived -h
Usage: keepalived [OPTION...]
-f, --use-file=FILE Use the specified configuration file
-P, --vrrp Only run with VRRP subsystem
-C, --check Only run with Health-checker subsystem
--all Force all child processes to run, even if have no configuration
-l, --log-console Log messages to local console
-D, --log-detail Detailed log messages
-S, --log-facility=[0-7] Set syslog facility to LOG_LOCAL[0-7]
-G, --no-syslog Don't log via syslog
-u, --umask=MASK umask for file creation (in numeric form)
-X, --release-vips Drop VIP on transition from signal.
-V, --dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop
-I, --dont-release-ipvs Don't remove IPVS topology on daemon stop
-R, --dont-respawn Don't respawn child processes
-n, --dont-fork Don't fork the daemon process
-d, --dump-conf Dump the configuration data
-p, --pid=FILE Use specified pidfile for parent process
-r, --vrrp_pid=FILE Use specified pidfile for VRRP child process
-c, --checkers_pid=FILE Use specified pidfile for checkers child process
-a, --address-monitoring Report all address additions/deletions notified via netlink
-s, --namespace=NAME Run in network namespace NAME (overrides config)
-m, --core-dump Produce core dump if terminate abnormally
-M, --core-dump-pattern=PATN Also set /proc/sys/kernel/core_pattern to PATN (default 'core')
-i, --config-id id Skip any configuration lines beginning '@' that don't match id
or any lines beginning @^ that do match.
The config-id defaults to the node name if option not used
--signum=SIGFUNC Return signal number for STOP, RELOAD, DATA, STATS
-t, --config-test[=LOG_FILE] Check the configuration for obvious errors, output to
stderr by default
-v, --version Display the version number
-h, --help Display this help message # keepalived配置檔案
[root@KeepAlived-Master ~]# cd /usr/local/app/keepalived/
[root@KeepAlived-Master keepalived]# ls
bin etc keepalived.service logs run sbin share
[root@KeepAlived-Master keepalived]# cp etc/keepalived/keepalived.conf etc/keepalived/keepalived.conf_bak
[root@KeepAlived-Master keepalived]# diff etc/keepalived/keepalived.conf etc/keepalived/keepalived.conf_bak
21c21
< interface ens33 # 修改此行
---
> interface eth0
23c23
< priority 110 # 修改此行
---
> priority 100 ---------------------------------------------------------------------------------
# Master與Bacpup對比的差異項如下
[root@KeepAlived-Master keepalived]# diff keepalived.conf keepalived.conf_BACKUP
20c20
< state MASTER
---
> state BACKUP
23c23
< priority 110
---
> priority 100
--------------------------------------------------------------------------------- # 根據編譯安裝,自行建立systemd管理
[root@KeepAlived-Master ~]# vim /usr/lib/systemd/system/keepalived.service
[Unit]
Description=LVS and VRRP High Availability Monitor
After=network-online.target syslog.target
Wants=network-online.target [Service]
Type=forking
PIDFile=/run/keepalived.pid # 自定義項
KillMode=process
EnvironmentFile=-/usr/local/app/keepalived/etc/sysconfig/keepalived # 自定義項
ExecStart=/usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS # 自定義項
ExecReload=/bin/kill -HUP $MAINPID [Install]
WantedBy=multi-user.target [root@KeepAlived-Master ~]# systemctl daemon-reload
[root@KeepAlived-Master ~]# systemctl start|stop|restart keepalived
[root@KeepAlived-Master ~]# ps -ef| grep keepalived
root 8235 1 0 15:37 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8236 8235 1 15:37 ? 00:00:03 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8237 8235 0 15:37 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8249 1149 0 15:41 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200'
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33 # 設定開機自啟動
[root@KeepAlived-Master ~]# systemctl enable keepalived
[root@KeepAlived-Master ~]# systemctl list-unit-files | grep keepalived
keepalived.service enabled # 開啟keepalived日誌
[root@KeepAlived-Master ~]# vim /usr/local/app/keepalived/etc/sysconfig/keepalived
.....修為如下
KEEPALIVED_OPTIONS="-D -S 0" [root@KeepAlived-Master ~]# echo "local0.* /usr/local/app/keepalived/logs/keepalived.log" >> /etc/rsyslog.conf
[root@KeepAlived-Master ~]# systemctl restart rsyslog
第二部分:故障轉移測試
# 1.Master機操作
[root@KeepAlived-Master ~]# systemctl restart keepalived
[root@KeepAlived-Master ~]# ps -ef |grep keepalived
root 8548 1 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8549 8548 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8550 8548 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8552 1149 0 17:18 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200' # 檢視vip資源情況 (預設vip是在主節點上的)
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33 # 2.Backup機操作
[root@KeepAlived-Backup ~]# systemctl restart keepalived
[root@KeepAlived-Backup ~]# ps -ef |grep keepalived
root 8345 1 0 Sep23 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8346 8345 0 Sep23 ? 00:00:33 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8347 8345 0 Sep23 ? 00:00:14 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 14260 1149 0 15:12 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200' # 從節點沒有vip資源 # 3.假設主節點宕機或keepalived服務掛掉, 則vip資源就會自動轉移到從節點
[root@KeepAlived-Master ~]# systemctl stop keepalived
[root@KeepAlived-Master ~]# ps -ef |grep keepalived
root 14488 1149 0 15:18 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200' # 4.此時從節點就會接管vip
[root@KeepAlived-Backup ~]# ps -ef |grep keepalived
root 8345 1 0 Sep23 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8346 8345 0 Sep23 ? 00:00:33 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8347 8345 0 Sep23 ? 00:00:14 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 14269 1149 0 15:20 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200'
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33 # 5.接著再重啟主節點的keepalived服務, 即主節點故障恢復後, 就會重新搶回vip (根據配置裡的優先順序決定的)
[root@KeepAlived-Master ~]# systemctl start keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200'
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33 # 6.此時從節點的vip就消失了
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200' 注意:以上操作, keepalived僅僅實現了兩臺機器的vip的故障轉移功能, 即實現了雙機熱備, 避免了單點故障.
- 附:Keepalived預設配置檔案解析。
[root@KeepAlived-Master keepalived]# cat etc/keepalived/keepalived.conf # 預設配置檔案解析
! Configuration File for keepalived global_defs { # 全域性定義區塊
notification_email { # 指定keepalived在發生事件時(比如切換)傳送通知郵件的郵箱
[email protected] # 設定報警郵件地址,可以設定多個,每行一個。 需開啟本機的sendmail服務
[email protected]
[email protected]
}
notification_email_from [email protected] # keepalived在發生諸如切換操作時需要傳送email通知地址
smtp_server 192.168.200.1 # 指定傳送email的smtp伺服器
smtp_connect_timeout 30 # 設定連線smtp server的超時時間
router_id LVS_DEVEL # 執行keepalived的機器的一個標識,通常可設為hostname。故障發生時,發郵件時顯示在郵件主題中的資訊
vrrp_skip_check_adv_addr # 如果通告與接收的上一個通告來自相同master路由器,則跳過檢查
vrrp_strict # 嚴格執行VRRP協議規範,此模式不支援節點單播
vrrp_garp_interval 0 # arp報文傳送延遲
vrrp_gna_interval 0 # 訊息傳送延遲
} vrrp_instance VI_1 { # vrrp例項定義區塊
state MASTER # 指定keepalived的角色,MASTER表示此主機是主伺服器,BACKUP表示此主機是備用伺服器,並且需要大寫這些字元
interface eth0 # 指定HA監測網路的介面。例項繫結的網絡卡,因為在配置虛擬IP的時候必須是在已有的網絡卡上新增
virtual_router_id 51 # 虛擬路由標識,這個標識是一個數字,同一個vrrp例項使用唯一的標識。即同一vrrp_instance下,MASTER和BACKUP必須是一致,否則將出現腦裂問題
priority 100 # 定義優先順序,數字越大,優先順序越高,在同一個vrrp_instance下,MASTER的優先順序必須大於BACKUP的優先順序
advert_int 1 # 設定MASTER與BACKUP負載均衡器之間同步檢查的時間間隔,單位是秒
authentication { # 設定驗證型別和密碼。主從必須一樣
auth_type PASS # 設定vrrp驗證型別,主要有PASS和AH兩種
auth_pass 1111 # 設定vrrp驗證密碼,在同一個vrrp_instance下,MASTER與BACKUP必須使用相同的密碼才能正常通訊
}
virtual_ipaddress { # VRRP HA 虛擬地址 如果有多個VIP,每個地址佔一行,配置時最好明確指定子網掩碼以及虛擬IP繫結的網路介面。否則,子網掩碼預設是32位,繫結的介面和前面的interface引數配置的一致
192.168.200.16
192.168.200.17
192.168.200.18
}
} # LVS配置
virtual_server 192.168.200.100 443 { #設定virtual server: VIP:Vport
delay_loop 6 # service polling的delay時間,即服務輪詢的時間間隔
lb_algo rr # LVS排程演算法,rr|wrr|lc|wlc|lblc|sh|dh
lb_kind NAT # LVS叢集模式,NAT|DR|TUN
persistence_timeout 50 # 會話保持時間(秒為單位),即以使用者在120秒內被分配到同一個後端realserver
protocol TCP # 健康檢查用的是TCP還是UDP real_server 192.168.201.100 443 { # 後端真實節點主機的權重等設定,主要,後端有幾臺這裡就要設定幾個
weight 1 # 給每臺的權重,0表示失效(不知給他轉發請求知道他恢復正常),預設是1
SSL_GET { # 健康檢查方式,HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
url { # 要堅持的URL,可以有多個
path / # 具體路徑
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3 # 連線超時時間
retry 3 # 重連次數
delay_before_retry 3 # 重連間隔
}
}
} virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP sorry_server 192.168.200.200 1358 real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
} real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
} virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
} real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
至此,已簡單實現Keepalived故障轉移。