首页 > 代码库 > KEEPALIVED
KEEPALIVED
keepalived
一、原理:
功能:能够自动实现将用户访问的ip转移的方法,故障重启,故障,恢复切换,故障报警
模型:Master/Backup
使用场景:节点少,没有共享存储等等。他只能有一个主活动,其他为从节点
- 功能实现:
Master不停的向Backup进行心跳通告,一旦心跳停止就迁移VIP。
Keepalived是模块化,主要是给LVS提供高可用性,并且可以向后端的Realserver提供健康状态检查,还可以通过脚本对特定服务进行健康检查,故障重启及切换。
- keepalived核心:
vrrp:虚拟冗余路由协议
VRRP有限状态机
为了解决ip漂移后mac地址也变化了,IP地址和MAC地址都是虚拟的(VMAC),通 过心跳检测的良好状态进行转移也可以降低优先级进行故障转移(0-255 ,数字越大优先级越高)
virtual server
vrrp_script:
监控服务的健康状态。根据服务的状态故障转移
- Keepalived架构图:
Configure file parser 配置文件检测,主进程负责分析配置文件
I/O Multiplexer , io多路复用
watchdog : 监控两个进程健康状态,负责启动,重启两个紫禁城
两个子进程:真正工作的子进程
Checkers:自身的IPVS的后端服务器的健康状态
用户提供脚本
VRRP:
VRRP认证机制:1、明文认证, 2、hmac认证
二、安装及配置
1、http://keepalived.org/ 下载软件或在Centos 6.4以后可以yum安装
ansible two -m yum -a "name=keepalived state=installed"
2、Keepalived文件
/etc/keepalived/keepalive.conf
/etc/init.d/keepalived
3、同步时间
ansible all -a ‘ntpdate s1a.time.edu.cn‘
4、备份配置文件
ansible two -a "cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak"
man Keepalived.conf
! Configuration File for keepalived #这部分配置好了就可以启动,Keepalived就开始互相监听Keepalived服务了。 global_defs { #全局配置 ,主要是通知机制及静态路由配置,静态路由非必要,所以这里没给默认值 notification_email { #收件人 acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc #发件人 smtp_server 192.168.200.1 #发件服务器 smtp_connect_timeout 30 #发件连接超时 router_id LVS_DEVEL #路由器标示 随便给一个字符换 }
vrrp_script chk_svr_down { #vrrp判断脚本
script "[[ -f /etc/keepalived/down ]]" && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_instance VI_1 { . #配置vrrpd 定义虚拟路由器 VI_1 虚拟路由的标示名称,随意取名 state MASTER #初始状态,这里定义了master了其priority的值就要高于其他节点
interface eth0 #通告选举通过那个网卡进行 virtual_router_id 51 #虚拟路由ID 每个虚拟路由都需要有id号,vmac的最后一段地址 最大255 priority 100 #初始优先级 advert_int 1 #通告时间间隔 authentication { #认证机制 auth_type PASS #明文机制 auth_pass 1111 #认证密码 } virtual_ipaddress { #VIP地址 192.168.200.16 #定义ip格式 <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> lable <LABLE>
# IP MASK 广播地址 工作在那块网卡上 工作范围:外网是否可见 网卡别名
#192.168.200.17/24 dev eth1
#192.168.200.18/24 dev eth2 label eth2:1
}
track_script {
chk_svr_down
[可以是多个。。。]
}
}
vrrp_instance VI_2 { #可以定义两套vrrp路由协议,做成双主,互相切换,前段通过DNS多个A记录达到分摊负载的作用
interface eth0 virtual_router_id 52 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 2222 } virtual_ipaddress { 192.168.200.17 #定义ip格式 <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> lable <LABLE>
# IP MASK 广播地址 工作在那块网卡上 工作范围:外网是否可见 网卡别名
#192.168.200.17/24 dev eth1
#192.168.200.18/24 dev eth2 label eth2:1
}
track_script {
chk_svr_down
[可以是多个。。。]
}
#调取脚本发通知或执行
notify_master "/path/to/file.sh master"
notify_backup "/path/to/file.sh backup"
notify_fault "/path/to/file.sh fault"
}
Dec 15 00:39:22 vm2 kernel: IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP) Dec 15 00:39:22 vm2 kernel: IPVS: Connection hash table configured (size=4096, memory=64Kbytes) Dec 15 00:39:22 vm2 kernel: IPVS: ipvs loaded. Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Netlink reflector reports IP 10.0.2.5 added Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Netlink reflector reports IP 192.168.56.4 added Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Netlink reflector reports IP fe80::a00:27ff:fee5:3c84 added Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Netlink reflector reports IP fe80::a00:27ff:fea9:ff31 added Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Registering Kernel netlink reflector Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Registering Kernel netlink command channel Dec 15 00:39:22 vm2 Keepalived_vrrp[3543]: Opening file ‘/etc/keepalived/keepalived.conf‘. Dec 15 00:39:22 vm2 Keepalived_vrrp[3543]: Configuration is using : 62967 Bytes Dec 15 00:39:22 vm2 Keepalived_vrrp[3543]: Using LinkWatch kernel netlink reflector... Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Opening file ‘/etc/keepalived/keepalived.conf‘. Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Configuration is using : 7510 Bytes Dec 15 00:39:22 vm2 Keepalived_healthcheckers[3542]: Using LinkWatch kernel netlink reflector... Dec 15 00:39:22 vm2 Keepalived_vrrp[3543]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] Dec 15 00:39:23 vm2 Keepalived_vrrp[3543]: VRRP_Instance(VI_1) Transition to MASTER STATE Dec 15 00:39:24 vm2 Keepalived_vrrp[3543]: VRRP_Instance(VI_1) Entering MASTER STATE Dec 15 00:39:24 vm2 Keepalived_vrrp[3543]: VRRP_Instance(VI_1) setting protocol VIPs. Dec 15 00:39:24 vm2 Keepalived_vrrp[3543]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.56.6 Dec 15 00:39:24 vm2 Keepalived_healthcheckers[3542]: Netlink reflector reports IP 192.168.56.6 added Dec 15 00:39:29 vm2 Keepalived_vrrp[3543]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.56.6
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:e5:3c:84 brd ff:ff:ff:ff:ff:ff inet 10.0.2.5/24 brd 10.0.2.255 scope global eth0 inet 192.168.56.6/32 scope global eth0 inet6 fe80::a00:27ff:fee5:3c84/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:a9:ff:31 brd ff:ff:ff:ff:ff:ff inet 192.168.56.4/24 brd 192.168.56.255 scope global eth1 inet6 fe80::a00:27ff:fea9:ff31/64 scope link valid_lft forever preferred_lft forever
ip位置在eth0上,看着不爽,改到eth1上
virtual_ipaddress {
192.168.56.6 dev eth1
}
keepalived 心跳地址:224.0.0.1
现在就可以实现Keepalived服务及主机宕机故障恢复的切换了。(因为优先级高的原因,默认下Keepalived的 VRRP工作在抢占模式)
5、vrrp_script 脚本检测
vrrp_script chk_svr_down { 定义脚本
script "[[ -f /etc/keepalived/down ]]" && exit 1 || exit 0" #可以是引号中的判断命令,也可以是个脚本路径 返回1执行下面的操作
interval 1 #1s 检测一次
weight -2 #权重 -2
}
track_scropt { #引用脚本
chk_svr_down
[可以是多个]
}
*如果两边都有例子中的文件,则不切换,一旦一个服务器没有了这个文件,立刻转移过去,并且master一旦恢复也会切换过来
ipvs
virtual_server 192.168.200.100 443 { #虚拟服务器 delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP real_server 192.168.201.100 443 { weight 1 SSL_GET { url { path / digest ff20ad2481f97b1754ef3e12ecd3a9cc } url { path /mrtg/ digest 9b3a0c85a887a256d6939da88aabd8cd } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.10.10.2 1358 { delay_loop 6 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP sorry_server 192.168.200.200 1358 real_server 192.168.200.2 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.200.3 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.10.10.3 1358 { delay_loop 3 lb_algo rr lb_kind NAT nat_mask 255.255.255.0 persistence_timeout 50 protocol TCP
配置文件层次:
GLOBL CONFIGURATION . #全局配置文件
Global definitons #全局配置
static route #静态路径
VRRPD CONFIGURATION #配合vrrp子进程工作协议的,双主需要在这里定义两个路由,路由标示
VRRP synchronization group #同步组,在一个节点上配置了2个VIP,一同转移时
string ,name of group of ips that falover together
VRRP instace(s) #vrrp实例:核心,优先级等在这配置
Describes the moveable IP for each instance of a group in vrrp_sync_group . #转移ip地址
LVS CONFIGUATION
Virtual server group #虚拟路由服务器组
Virtual server #虚拟服务器
*下划线的用的比较多
通知:
位置
1、vrrp_instance {
}
2、vrrp_sync_groyp{
}
通知脚本类型:
1.分开通知,每种状态触发不同脚本
# to MASTER transition
notify_master /path/to_master.sh
# to BACKUP transition
notify_backup /path/to_backup.sh
# FAULT transition
notify_fault "/path/fault.sh VG_1"
2.一个脚本应付3中状态,但是需要接受参数
# arguments
# $1 = "GROUP"|"INSTANCE" #明确用在group中还是instance中
# $2 = name of group or instance #说明那个group or instence
# $3 = target state of transition #说明转换成什么状态
# ("MASTER"|"BACKUP"|"FAULT")
notify /path/notify.sh
多个脚本实例
#!/bin/bash vip=192.168.5.1 content="root@localhost" notify () { mailbody="vrrp tansaction, $vip floated to `hostname`" subject="`hostname` is $vip MASTER" echo $mailbody | mail -s $subject $content } notify
一个脚本实例
vip=192.168.1.100 contect=‘root@localhost‘ notify(){ mailsubject="`hostname` to be $1 : $vip floating" mailbody="`date +%F %H_%M_%S` : $vip transition, `hostname` changed to be $1" echo $mailbody | mail -s "$mailsubject" $contect } case "$1" in master) notify master exit 0 ;; backup) notify backup exit 0 ;; fault) notify fault exit 0 ;; esac
KEEPALIVED