|
|
一、keepalived简介:
keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器。
工作原理
Layer3,4&5工作在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别如下:
Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(既我们平时用的Ping程序),如果发现某台服务的IP地址没有激活,Keepalived便报告这台服务器失效,并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。
Layer4:如果您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的状态来决定服务器工作正常与否。如web server的服务端口一般是80,如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除。
Layer5:Layer5就是工作在具体的应用层了,比Layer3,Layer4要复杂一点,在网络上占用的带宽也要大一些。Keepalived将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除。
二、实验步骤:
1.创建管理节点在node1上,建立双机互信node1和node2,然后同步时间,安装keepalived
[root@node1~]# ansible all -m yum -a 'name=keepalived state=present'
[root@node1keepalived]# rpm -qc keepalived
/etc/keepalived/keepalived.conf//生成的主配置文件
/etc/sysconfig/keepalived
2.在node1上配置文件需要做一下修改
global_defs{
notification_email {
root@localhost //收邮件人,可以定义多个
}
notification_email_from kaadmin@localhost //发邮件人可以伪装
smtp_server 127.0.0.1 //发送邮件的服务器地址
smtp_connect_timeout 30 //连接超时时间
router_id LVS_DEVEL
}
vrrp_instanceVI_1 { //每一个vrrp_instance就是定义一个虚拟路由器的
state MASTER //由初始状态状态转换为master状态
interface eth0
virtual_router_id 51 //虚拟路由的id号,一般不能大于255的
priority 100 //初始化优先级
advert_int 1 //初始化通告
authentication { //认证机制
auth_type PASS
auth_pass 1111 //密码
}
virtual_ipaddress { //虚拟地址vip
172.16.2.8
}
} 3.把配置文件复制到node2上一份,并修改初始状态和优先级
[root@node1keepalived]# scp keepalived.conf node2:/etc/keepalived/
[root@node2~]# cd /etc/keepalived/
[root@node2keepalived]# ls
keepalived.conf
[root@node2keepalived]# vim keepalived.conf
vrrp_instanceVI_1 {
state BACKUP //初始化状态
interface eth0
virtual_router_id 51
priority 99 //优先级,一定要比master的优先级要低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.2.8
}
} 在node1上开始启动服务[root@node1 ~]# servicekeepalived start
然后检查ip地址
[root@node1~]# ip addr show
1:lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2:eth0: mtu 1500 qdisc pfifo_fast stateUP qlen 1000
link/ether 00:0c:29:4e:22:fb brdff:ff:ff:ff:ff:ff
inet 172.16.2.1/16 brd 172.16.255.255 scopeglobal eth0
inet 172.16.2.8/32 scopeglobal eth0
inet 172.16.10.8/16 brd 172.16.255.255 scopeglobal secondary eth0:0
inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink
valid_lft forever preferred_lft forever
3:pan0: mtu 1500 qdisc noop state DOWN
link/ether 2e:79:b3:b2:3e:31 brdff:ff:ff:ff:ff:ff 4.现在把node1的keepalived停掉
[root@node1keepalived]# service keepalived stop
Stoppingkeepalived: [ OK ]
验证node2是否把virtual_ipaddress拿走
[root@node2~]# ip addr show
1:lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2:eth0: mtu 1500 qdisc pfifo_fast stateUP qlen 1000
link/ether 00:0c:29:74:c7:7b brdff:ff:ff:ff:ff:ff
inet 172.16.2.16/16 brd172.16.255.255 scope global eth0
inet 172.16.2.8/32 scopeglobal eth0
inet6 fe80::20c:29ff:fe74:c77b/64 scopelink
valid_lft forever preferred_lft forever
3:pan0: mtu 1500 qdisc noop state DOWN
link/ether0a:b1:ef:7b:93:18 brd ff:ff:ff:ff:ff:ff 验证成功
可以在配置文件中手动通过vrrp_script定义一个外围的检测机制,并在vrrp_instance中通过定义track_script来追踪脚本执行过程,实现节点转移
实验测试在/etc/keepalived/keepalived.conf中做一下修改
global_defs{
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_maintainace { //检测机制的脚本名称为chk_maintainace
script "[[ -e/etc/keepalived/down ]] && exit 1 || exit 0" //可以是个脚本路径,也可以是脚本命令
interval 1 //每隔1秒中检测一次
weight -2 //优先级减2
}
vrrp_instanceVI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.2.8
}
track_script { //调用外围脚本,追踪外围脚本执行过程
chk_maintainace
}
}
[root@node1 keepalived]# touch down //在node1上创建down文件
[root@node1 keepalived]# ls
down keepalived.conf keepalived.conf.bak 在node2上做同样的操作,但不创建down文件,之后一起重启服务
[root@node1 keepalived]# ansible all -m shell -a 'service keepalivedrestart'
node2.magedu.com| success | rc=0 >>
Stoppingkeepalived: [FAILED]
Startingkeepalived: [ OK ]
node1.magedu.com| success | rc=0 >>
Stoppingkeepalived: [ OK ]
Startingkeepalived: [ OK ] 进行检测
[root@node2keepalived]# ip addr show
1:lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2:eth0: mtu 1500 qdisc pfifo_fast stateUP qlen 1000
link/ether 00:0c:29:74:c7:7b brdff:ff:ff:ff:ff:ff
inet 172.16.2.16/16 brd172.16.255.255 scope global eth0
inet 172.16.2.8/32 scopeglobal eth0
inet6 fe80::20c:29ff:fe74:c77b/64 scopelink
valid_lft forever preferred_lft forever
3:pan0: mtu 1500 qdisc noop state DOWN
link/ether0a:b1:ef:7b:93:18 brd ff:ff:ff:ff:ff:ff 此时将node1中/etc/keepalived/下的down删除,进行查看
[root@node1keepalived]# ls
down keepalived.conf keepalived.conf.bak
[root@node1keepalived]# rm down
rm:remove regular empty file `down'? y
[root@node1keepalived]# ls
keepalived.conf keepalived.conf.bak
[root@node1 keepalived]# ip addr show
1:lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2:eth0: mtu 1500 qdisc pfifo_fast stateUP qlen 1000
link/ether 00:0c:29:4e:22:fb brdff:ff:ff:ff:ff:ff
inet 172.16.2.1/16 brd 172.16.255.255 scopeglobal eth0
inet 172.16.2.8/32 scopeglobal eth0
inet 172.16.10.8/16 brd 172.16.255.255scope global secondary eth0:0
inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink
valid_lft forever preferred_lft forever
3:pan0: mtu 1500 qdisc noop state DOWN
link/ether0a:bd:4f:a9:ed:67 brd ff:ff:ff:ff:ff:ff
验证成功
三、详细介绍以下四个功能实现操作
1.如何在状态转换时进行通知?
2.如何配置Ipvs?
3.如何对某特定服务做高可用
4.如何实现基于多虚拟路由的master/master模型?
1.要在状态转换是进行通知,需要定义通知脚本可以在
vrrp_sync_group{
}中定义,也可以在
vrrp_instance{
}中定义
通过man keepalived命令可以查看通知脚本定义的两种方法
第一种
# to MASTER transition
notify_master /path/to_master.sh
# to BACKUP transition
notify_backup /path/to_backup.sh
# FAULT transition
notify_fault "/path/fault.sh VG_1"
第二种
#arguments
# $1 ="GROUP"|"INSTANCE"
# $2 = name of group or instance
# $3 = target state of transition
# ("MASTER"|"BACKUP"|"FAULT")
notify /path/notify.sh
例如:
转换为MASTER的状态通知
#!/bin/bash
#
vip=172.16.2.8
contact='root@localhost'
thisip=`ifconfigeth0 | awk '/inet addr:/{print $2}' | awk -F: '{print $2}'`
notify(){
mailbody="vrrp transaction, $vipfloated to $thisip."
subject="$thisip is to be $vipmaster"
echo $mailbody | mail -s $subject $contact
}
notify 其他状态转换类似
下面用一个脚本notify.sh实现状态转换通知的简单示例:
#!/bin/bash
#Author: MageEdu
#description: An example of notify script
#
vip=172.16.2.8
contact='root@localhost'
notify(){
mailsubject="`hostname` to be $1: $vipfloating"
mailbody="`date '+%F %H:%M:%S'`: vrrptransition, `hostname` changed to be $1"
echo $mailbody | mail -s"$mailsubject" $contact
}
case"$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0`{master|backup|fault}'
exit 1
;;
esac 进行测试
[root@node1keepalived]# ./notify.sh backup
[root@node1keepalived]# mail
HeirloomMail version 12.4 7/29/08. Type ? forhelp.
"/var/spool/mail/root":6 messages 1 new 6 unread
U 1centos@stu2.magedu.c Sat Aug 1709:34 17/644 "*** SECURITY"
U 2Cron Daemon Tue Aug 2700:01 22/747 "Cron |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-12-29 06:34:45
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡