- keepalived
- Keepalived 是一个基于VRRP协议来实现的LVS服务的HA Cluster,可以利用其来避免单点故障。
- 如,一个LVS服务会有2台服务器运行Keepalived,一台为主服务器(Master),另一台为备份服务器(Backup),但是对外表现为一个虚拟IP,主服务器(master)会周期性发送特定(优先级MAC等)的消息给备份服务器,当备份服务器收不到这个消息的时候,即备份服务则认为主服务器以宕机从而自己就会接管虚拟IP成为(Master),继续提供服务,从而保证了高可用性此种机制为抢占模式。Keepalived是VRRP的完美实现.
- vrrp(virtuar Router Redundancy portocol)虚拟路由冗余协议
- vrrp容错机制,保证主机的下一跳路由出现故障时,有另一个来代替,从而保证通信连续性和可靠性
-
vrrp工作模式:
- 在一个VRRP虚拟路由器中,有多台物理的VRRP路由器,但是这多台的物理的机器并不能同时工作,而是由一台称为Master的负责路由工作,其它的都是Backup,Master并非一成不变,VRRP让每个VRRP路由器参与竞选根据其优先级和ip大小,最终获胜的就是Master。
- (1) Master路由通过发送免费ARP报文,将自己的虚拟MAC地址通知给其他连接设备或主机,从而承担报文转发任务.
- (2) 虚拟路由器切换状态时,master路由器有一台设备切换为另一台设备,新的master路由只是简单地发送一个携带虚拟路由MAC地址和IP地址信息的免费ARP报文,这样就可以更新越大连接的设备的ARP相关信息.而这个过程网络中的主机感应不到.
- 虚拟路由器:有一个maste路由和多个backup路由器组成,主机将其当做默认网关
- 虚拟路由器:Virtual Router
- 虚拟路由器标识:VRID(0-255)
- 物理路由器:
- master:主设备
- backup:备用设备
- priority:优先级
- VIP:Virtual IP
- VMAC:Virutal MAC (00-00-5e-00-01-VRID)
- 路由器分为:
- 一主(master)一备(backup)
- 一主(master)多备(backup)
- 工作模式:
- 主/备:单虚拟路径器;
- 主/主:主/备(虚拟路径器1),备/主(虚拟路径器2)
- backup抢占方式:
- 抢占模式 : 当备份组中maste长时间没有发送vrrp报文时,backup会认为master无法工作而会给自己晋级成为master,开始周期性发放报文.如果有多个backup,则个据其优先级高低选择master. 而原来的则会变为backup
- 非抢占模式 : 备份组中即使master路由器出现故障,backup哪怕优先级高也不会取代master.
- 实现keepaived安装配置
- HA Cluster的配置前提:
- (1) 各节点时间必须同步;
- ntp, chrony
- (2) 确保iptables及selinux不会成为阻碍;
- (3) 各节点之间可通过主机名互相通信(对KA并非必须);
- 建议使用/etc/hosts文件实
- (4) 确保各节点的现; 用于集群服务的接口支持MULTICAST通信;
- D类:224-239;
- 程序环境:
- 主配置文件:/etc/keepalived/keepalived.conf
- 主程序文件:/usr/sbin/keepalived
- Unit File:keepalived.service
- Unit File的环境配置文件:/etc/sysconfig/keepalived
- 配置文件组件部分:
- TOP HIERACHY
- GLOBAL CONFIGURATION
- Global definitions
- Static routes/addresses
- VRRPD CONFIGURATION
- VRRP synchronization group(s):vrrp同步组;
- VRRP instance(s):每个vrrp instance即一个vrrp路由器;
- LVS CONFIGURATION
- Virtual server group(s)
- Virtual server(s):ipvs集群的vs和rs;
- 单主配置示例:
- 全局配置段文件
- 示例:
- Master主机配置
- global_defs {
- notification_email {
- root@localhost
- }
- notification_email_from keepalived@localhost
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id wxC7
- vrrp_mcast_group4 224.1.122.33
- }
- 定义第一个虚拟路由器
- vrrp_instance VI_1 {
- state MASTER
- interface ens33
- virtual_router_id 51
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass KiHTDLaF (注意认证不要使用默认)
- }
- virtual_ipaddress {
- 192.168.174.136 dev ens33
- }
- }
- backup主机配置
- global_defs {
- notification_email {
- root@localhost
- }
- notification_email_from keepalived@localhost
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id wxC71
- vrrp_mcast_group4 224.1.122.33
- }
- vrrp_instance VI_1 {
- state BACKUP
- interface ens33
- virtual_router_id 51
- priority 90
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass KiHTDLaF
- }
- virtual_ipaddress {
- 192.168.174.136 dev ens33
- }
- 启动backup主机服务
- [root@wxC71 keepalived]# systemctl start keepalived.service
- [root@wxC71 keepalived]# systemctl status keepalived.service
-
- 如果主机当即或出现故障那么backup就会成为新的master源master的ip被其拿走.
- 如图所示
-
-
- 双主模型示例:
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- root@localhost
- }
- notification_email_from keepalived@localhost
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id wxC71
- vrrp_mcast_group4 224.0.122.33
- }
- vrrp_instance VI_1 {
- state MASTER
- interface ens33
- virtual_router_id 14
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 571f97b2
- }
- virtual_ipaddress {
- 192.168.174.136 dev ens33
- }
- }
- vrrp_instance VI_2 {
- state BACKUP
- interface ens33
- virtual_router_id 15
- priority 98
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 578f07b2
- }
- virtual_ipaddress {
- 192.168.174.136 dev ens33
- }
- }
- 专用参数:
- state MASTER|BACKUP:当前节点在此虚拟路由器上的初始状态;只能有一个是MASTER,余下的都应该为BACKUP;
- interface IFACE_NAME:绑定为当前虚拟路由器使用的物理接口;
- virtual_router_id VRID:当前虚拟路由器的惟一标识,范围是0-255;
- priority 100:当前主机在此虚拟路径器中的优先级;范围1-254;
- advert_int 1:vrrp通告的时间间隔;
- 配置要监控的网络接口,一旦接口出现故障,则转为FAULT状态;
- nopreempt:定义工作模式为非抢占模式;
- preempt_delay 300:抢占式模式下,节点上线后触发新选举操作的延迟时长
- 定义通知脚本:
- notify_master <STRING>|<QUOTED-STRING>:当前节点成为主节点时触发的脚本;
- notify_backup <STRING>|<QUOTED-STRING>:当前节点转为备节点时触发的脚本;
- notify_fault <STRING>|<QUOTED-STRING>:当前节点转为“失败”状态时触发的脚本;
- notify <STRING>|<QUOTED-STRING>:通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知;
通知脚本的使用方式:
- 示例通知脚本:
- #!/bin/bash
- #
- contact='root@localhost'
- notify() {
- local mailsubject="$(hostname) to be $1, vip floating"
- local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
- echo "$mailbody" | mail -s "$mailsubject" $contact
- }
- case $1 in
- master)
- notify master
- ;;
- backup)
- notify backup
- ;;
- fault)
- notify fault
- ;;
- *)
- echo "Usage: $(basename $0) {master|backup|fault}"
- exit 1
- ;;
- esac
- 脚本的调用方法:
- notify_master "/etc/keepalived/notify.sh master"
- notify_backup "/etc/keepalived/notify.sh backup"
- notify_fault "/etc/keepalived/notify.sh fault"
- 如图脚本已经启用
- 发送邮件
-
- 虚拟服务器:
- 配置参数:
- virtual_server IP port |
- virtual_server fwmark int
- {
- ...
- real_server {
- ...
- }
- ...
- }
- 常用参数:
- delay_loop <INT>:服务轮询的时间间隔;
- lb_algo rr|wrr|lc|wlc|lblc|sh|dh:定义调度方法;
- lb_kind NAT|DR|TUN:集群的类型;
- persistence_timeout <INT>:持久连接时长;
- protocol TCP:服务协议,仅支持TCP;
- sorry_server <IPADDR> <PORT>:备用服务器地址;
- real_server <IPADDR> <PORT>
- {
- weight <INT>
- notify_up <STRING>|<QUOTED-STRING>
- notify_down <STRING>|<QUOTED-STRING>
- HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定义当前主机的健康状态检测方法;
- }
- HTTP_GET|SSL_GET:应用层检测
- HTTP_GET|SSL_GET {
- url {
- path <URL_PATH>:定义要监控的URL;
- status_code <INT>:判断上述检测机制为健康状态的响应码;
- digest <STRING>:判断上述检测机制为健康状态的响应的内容的校验码;
- }
- nb_get_retry <INT>:重试次数;
- delay_before_retry <INT>:重试之前的延迟时长;
- connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
- connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
- bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
- bind_port <PORT>:发出健康状态检测请求时使用的源端口;
- connect_timeout <INTEGER>:连接请求的超时时长;
- }
- TCP_CHECK {
- connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
- connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
- bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
- bind_port <PORT>:发出健康状态检测请求时使用的源端口;
- connect_timeout <INTEGER>:连接请求的超时时长;
- }
- 高可用的ipvs集群示例:
- ! Configuration File for keepalived
- global_defs {
- notification_email {
- root@localhost
- }
- notification_email_from keepalived@localhost
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id wxC71
- vrrp_mcast_group4 224.0.122.33
- }
- vrrp_instance VI_1 {
- state MASTER
- interface ens33
- virtual_router_id 14
- priority 100
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 571f97b2
- }
- virtual_ipaddress {
- 192.168.174.141/24 dev ens33
- }
- notify_master "/etc/keepalived/notify.sh master"
- notify_backup "/etc/keepalived/notify.sh backup"
- notify_fault "/etc/keepalived/notify.sh fault"
- }
- virtual_server 192.168.174.141 80 {
- delay_loop 3
- lb_algo rr
- lb_kind DR
- protocol TCP
- sorry_server 127.0.0.1 80
- real_server 192.168.174.140 80 {
- weight 1
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 1
- nb_get_retry 3
- delay_before_retry 1
- }
- }
- real_server 192.168.174.139 80 {
- weight 1
- HTTP_GET {
- url {
- path /
- status_code 200
- }
- connect_timeout 1
- nb_get_retry 3
- delay_before_retry 1
- }
- }
- }