linux之keepalived详解
一、keepalive简介Keepalived是专门针对LVS设计的一款强大的辅助工具,主要用来提供故障切换和健检查功能,如判断LVS负载调度器、节点服务器的可用性,及时隔离并替换为新的服务器,当故障主机恢复后将其重新加入群集。在非LVS群集环境中使用时Keepalived也可以作为热备软件使用。
Keepalived采用VRRP(virtualrouterredundancy protocol,虚拟路由冗余协议)热备份协议,以软件的方式实现linux服务器的多机热备功能。VRRP是针对路由器的一种备份解决方案-----由多台路由器组成一个热备组。通过共用的虚拟IP地址对外提供服务;每个热备组内同一时刻只有一台主服务器提供服务,其他服务器处于冗余状态,若当前在线的服务器失败,其他服务器会自动接替(优先级决定接替顺序)虚拟IP地址,以继续提供服务。
热备组内的每台服务器都可以成为主服务器,虚拟IP地址(VIP)可以在热备组内的服务器之间进行转移,所以也称为漂移IP地址,使用Keepalived时,漂移地址的实现不需要手动建立虚拟接口配置文件(如eth0:0),而是由Keepalived根据配置文件自动管理。
二、keepalive原理
http://s3.运维网.com/wyfs02/M02/7E/B0/wKioL1cHYwuCxbAQAAC3Ecrye0M010.jpg
keepalived启动后会有三个进程
父进程:内存管理,子进程管理等等
子进程:VRRP子进程
子进程:healthchecker子进程
有图可知,两个子进程都被系统WatchDog看管,两个子进程各自复杂自己的事,healthchecker子进程复杂检查各自服务器的健康程度,例如HTTP,LVS等等,如果healthchecker子进程检查到MASTER上服务不可用了,就会通知本机上的兄弟VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态。
三、部署keepalived服务
环境:Centos6.5-x64位系统
IP:172.16.16.15(master),172.16.16.16(backup)
VIP:172.16.16.100
关闭iptables,selinux
只是演示keepalive的常用配置,因此yum安装,如有需要,请百度源码安装。
# yum install keepalived -y
keepalive主配置文件在/etc/keepalived/下,
1.实现简单的VIP漂移
master配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost ##########收件人邮箱,每行一个收件人
}
notification_email_from keepadmin@localhost #########发件人邮箱,可以不存在
smtp_server 127.0.0.1 ###########邮件服务器地址
smtp_connect_timeout 30 ########邮件服务器连接超时时间
router_id LVS_DEVEL #########服务器的标识
}
vrrp_instance VI_1 { ########热备实例
state MASTER ########热备状态
interface eth0 #########监控心跳,向备发送宣告
virtual_router_id 51 #########虚拟路由id,主备必须一致
priority 100 #########定义优先级,值越大优先级越高
advert_int 1 #########主备宣告的时间间隔,
authentication { #########设置验证
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100 ######定义vip,注此机器只有一块网卡,默认加到eth0上,若多块网卡,或者子卡,可以设置为172.16.16.100 dev eth1等指定设备
}
}
backup配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP ###修改此节点为备
interface eth0
virtual_router_id 51
priority 99 ########优先级要比主低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
}
启动两个几点keepalived
master:
root@localhost keepalived]# ip addr
1: lo:mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
backup
# ip addr show
1: lo:mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
关闭master的keepalive,
master
# ip addr
1: lo:mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
backup
# ip addr
1: lo:mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0 #######vip漂移到backup
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
2.定义简单的脚本命令
在/etc/keepalived/目录下,检测到down文件,vip漂移
master/backup
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_maintainace { #######定义检测脚本参数vrrp_script,chk_maintainace自定义
script "[[-f /etc/keepalived/down ]] && exit 1 || exit 0" ##可以为脚本,或命令
interval 1######检测down文件的时间间隔为1秒
weight -2 ########检测到down文件,优先级-2(即100-2)
}
vrrp_instance VI_1 {
state MASTER/BACKUP
interface eth0
virtual_router_id 51
priority 100/99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
track_script {
chk_maintainace ############追踪脚本
}
}
# ip addr show eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
# touch down
# ip addr show eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link ######vip漂移
valid_lft forever preferred_lft forever
# ip addr show eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0 ######vip漂移到backup
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
# rm -rf down 主删除down
# ip addr show eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0######vip漂移回master
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
3.当主从切换时,实现邮件通知(运行脚本)
脚本notify.sh,在终端运行没问题,在测试。
#!/bin/bash
IP=`ifconfig eth0 | awk /'inet addr'/'{print $2}' | awk -F : '{print $2}'`
vip='172.16.16.100'
send='root@localhost'
notify(){
subject="$IP to be $1"
body="`date +%F` : $IP become $1"
echo $body | mail -s "$subject" $send
}
case "$1" in
master)
notify master
exit 0;;
backup)
notify backup
exit 0;;
fault)
notify fault
exit 0;;
*)
echo "Usage: `basename $0` (master|backup|fault)";;
esac
~
master/backup
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_maintainace {
script "[[-f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER/BACKUP
interface eth0
virtual_router_id 51
priority 100/99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
track_script {
chk_maintainace
}
notify_master "/etc/keepalived/notify.sh master" #######当切到主时,调用脚本
notify_backup "/etc/keepalived/notify.sh backup" #######当切到从时,调用脚本
notify_fault "/etc/keepalived/notify.sh fault"#######当故障时,调用脚本
}
4.配置ipvs
环境:Centos6.5_64
MASTER:172.16.16.15,BACKUP:172.16.16.16
VIP:172.16.16.100
WEB1:172.16.16.101 WEB2:172.16.16.102
关闭iptables,selinux
软件包均采用源码安装:
master/backup
# yum install ipvsadm keepalived -y
master/backup配置文件
# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {######设置收件人
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1#######设置发件人
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER/BACKUP ###热备状态
interface eth0 #####心跳宣告的接口
virtual_router_id 51######虚拟路由器id,必须与backup一样
priority 100/99###优先级
advert_int 1##宣告间隔
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100 ####vip
}
}
virtual_server 172.16.16.100 80 {###配置lvs负载均衡
delay_loop 6###每隔6秒,检查一次realserver监控状态
lb_algo rr#####算法
lb_kind DR######负载均衡机制
persistence_timeout 10######同一IP的连接n秒内被分配到同一台realserver
protocol TCP#######用TCP协议检查realserver状态
real_server 172.16.16.101 80 { #######第一realserver,web节点
weight 1####几点权重
TCP_CHECK {##########健康检查方式
connect_port 80
connect_timeout 3#####3秒连接不上,即为故障
nb_get_retry 3 ######重试次数
delay_before_retry 4###重试间隔
}
}
real_server 172.16.16.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
注:realserver健康检查有多种,如SSL_TCP,SSL_GET等
后台web配置,http提供web,web配置一样
# yum install httpd -y
echo 'web1/2' >> /var/www/html/index.html
调整内核ARP响应,避免MAC冲突(web1/web2)
# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
配置lo:0网卡
# cat ifcfg-lo:0
DEVICE=lo:0
IPADDR=172.16.16.100 #########VIP
NETMASK=255.255.255.255
ONBOOT=yes
启动服务
MASTER/BACKUP
/etc/init.d/keepalived restart
WEB
/etc/init.d/httpd restart
测试:访问172.16.16.100,分别访问到web1/web2,配置成功
5、配置双主模型
master/backup配置
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 { ###主一标识
state MASTER/BACKUP
interface eth0
virtual_router_id 51########主一虚拟路由标识
priority 100/99##优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 #####主一验证
}
virtual_ipaddress {
172.16.16.100###主一vip
}
}
vrrp_instance VI_2 {###主二标识
state BACKUP/MASTER
interface eth0
virtual_router_id 50########主二虚拟路由标识
priority 49/50##优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 2222#####主二验证
}
virtual_ipaddress {
172.16.16.200 ###主二vip
}
}
参考:
http://blog.csdn.net/jibcy/article/details/7826158详细的keepalive配置文件讲解
http://bbs.nanjimao.com/thread-845-1-1.html
页:
[1]