Keepalived软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能。因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的高可用解决方案软件。
Keepalived软件主要是通过VRRP协议实现高可用功能的。VRRP是Virtual Router RedundancyProtocol(虚拟路由器冗余协议)的缩写,VRRP出现的目的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个网络可以不间断地运行。所以,Keepalived一方面具有配置管理LVS的功能,同时还具有对LVS下面节点进行健康检查的功能,另一方面也可实现系统网络服务的高可用功能。
功能:
- 管理LVS负载均衡软件
- 实现LVS集群节点的健康检查中
- 作为系统网络服务的高可用性(failover)
原理:
- Keepalived高可用服务对之间的故障切换转移,是通过 VRRP (Virtual Router Redundancy Protocol ,虚拟路由器冗余协议)来实现的。
- Keepalived服务正常工作时,主Master节点会不断地向备节点发送(多播的方式)心跳消息,用以告诉备Backup节点自己还活看,当主Master节点发生故障时,就无法发送心跳消息,备节点也就因此无法继续检测到来自主Master节点的心跳了,于是调用自身的接管程序,接管主Master节点的IP资源及服务。而当主Master节点恢复时,备Backup节点又会释放主节点故障时自身接管的IP资源及服务,恢复到原来的备用角色。
- VRRP ,全称Virtual Router Redundancy Protocol ,中文名为虚拟路由冗余协议 ,VRRP的出现就是为了解决静态踣甶的单点故障问题,VRRP是通过一种竞选机制来将路由的任务交给某台VRRP路由器的。
VRRP的工作原理:
- VRRP的出现是为了解决静态路由的单点故障
- VRRP是通过一种竟选协议机制来将路由任务交给某台 VRRP路由器的
- VRRP用 P多播的方式(默认多播地址(224.0_0.18))实现高可用对之间通信
- 工作时主节点发包,备节点接包,当备节点接收不到主节点发的数据包的时候,就启动接管程序接管主节点的开源。备节点可以有多个,通过优先级竞选,但一般 Keepalived系统运维工作中都是一对。
- VRRP使用了加密协议加密数据,但Keepalived官方目前还是推荐用明文的方式配置认证类型和密码
Keepalived的工作原理:
- Keepalived高可用对之间是通过VRRP进行通信的,VRRP是通过竞选机制来确定主备的,主的优先级高于备,因此工作时主会优先获得所有的资源,备节点处于等待状态,当主挂了的时候,备节点就会接管主节点的资源,然后顶替主节点对外提供服务。
- 在Keepalived服务对之间,只有作为主的服务器会一直发送VRRP广播包,告诉备它还活着,此时备不会枪占主,当主不可用时,即备监听不到主发送的广播包时,就会启动相关服务接管资源,保证业务的连续性.接管速度最快可以小于1秒。
1.keepalived配置
这里使用docker compose实现nginx的主备模式,docker部署Keepalived一定要给容器最高的权限,因为Keepalived对网络权限要求比较高。
--privileged 指定容器是否是特权容器。这里开启特权模式。
--cap-add SYS_ADMIN 添加系统的权限。
1.1创建nginx_check.sh
#!/bin/bash
A=`ps -ef | grep nginx: | grep -v grep | wc -l`
if [ $A -eq 0 ];then
nginx -c /etc/nginx/conf/nginx.conf
sleep 2
if [ `ps -ef | grep nginx: | grep -v grep | wc -l` -eq 0 ];then
#killall keepalived
ps -ef|grep keepalived|grep -v grep|awk '{print $2}'|xargs kill -9
fi
fi
1.2创建master的keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2 #指定脚本执行的间隔。单位是秒。默认为1s。
weight -20 #调整优先级。默认为2.如果脚本执行失败(退出状态码为非0),weight小于0,则priority减少。
fall 3 #执行失败多少次才认为失败。
rise 3 #执行成功多少次才认为是成功。
user root #加上用户名,使用root用户登录的话,
}
vrrp_instance VI_1 {
state MASTER #指定该keepalived节点的初始状态
interface eth0 #设置实例绑定的网卡
virtual_router_id 2
priority 101 #指定优先级,优先级高的将成为MASTER
advert_int 2 #检查间隔,默认1秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.0.100/16 #设置VIP地址
}
track_script {
chk_nginx
}
}
1.3 创建backup的keepalived-backup.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2 #指定脚本执行的间隔。单位是秒。默认为1s。
weight -20 #调整优先级。默认为2.如果脚本执行失败(退出状态码为非0),weight小于0,则priority减少。
fall 3 #执行失败多少次才认为失败。
rise 3 #执行成功多少次才认为是成功。
user root #加上用户名,使用root用户登录的话,
}
vrrp_instance VI_1 {
state BACKUP #指定该keepalived节点的初始状态
interface eth0 #设置实例绑定的网卡
virtual_router_id 2
priority 101 #指定优先级,优先级高的将成为MASTER
advert_int 2 #检查间隔,默认1秒
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.0.100/16 #设置VIP地址
}
track_script {
chk_nginx
}
}
1.4 创建backup的nginx-backup.conf
这里的nginx-backup.conf 只是为了好区分环境
worker_processes 1; # 服务器并发处理能力,值越大并发能力越强(受自身配置限制)
events {
worker_connections 1024; # 每个工作进程连接数
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format access '$remote_addr - $remote_user [$time_local] $host "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /etc/nginx/logs/access.log access; # 日志输出目录
gzip on;
sendfile on;
# 链接超时时间,自动断开
keepalive_timeout 60;
# 虚拟主机,访问静态文件
server {
# 不指定端口默认监听80端口
# http默认监听80端口
# https默认监听443端口
listen 8080;
server_name localhost; # 浏览器访问域名
charset utf-8;
access_log /etc/nginx/logs/localhost.8080.log access;
# 路由
location / {
root /etc/nginx/html; # 访问根目录
index index.html index.htm; # 入口文件
}
location /html {
root /etc/nginx;
index index.html index.htm;
}
location /htmlalias {
alias /etc/nginx/html/;
index index.html index.htm;
}
location /returnok {
return 200 "backup success";
}
}
}
2.构建docker
直接使用dockefile构建镜像,首先需要安装nginx和keepalived,nginx使用apt-get进行安装,keepalived使用make方式安装。
1.配置dockerfile
keepalived下载:https://www.keepalived.org/software/keepalived-2.2.7.tar.gz
#基于ubuntu构建的镜像,自定义的安装了java的ubuntu
from java_ubuntu
user root
#nginx install
run apt-get install -y nginx
run mkdir /etc/nginx/conf
run mkdir /etc/nginx/servers
run mkdir /etc/nginx/html
run mkdir /etc/nginx/logs
copy nginx.conf /etc/nginx/conf
copy index.html /etc/nginx/html
run mv /etc/apt/sources.list /etc/apt/alibaba_sources.list
run mv /etc/apt/ubuntu_sources.list /etc/apt/sources.list
run apt-get update
#keepalived install
run apt-get install -y gcc make libssl-dev
run apt-get install -y iproute2 rsyslog
add keepalived/keepalived-2.2.7.tar.gz /
workdir /keepalived-2.2.7
run ./configure --prefix=/usr/local/keepalived
run make && make install
#keepalived set
run mkdir /etc/keepalived
run mkdir /etc/sysconfig/
run cp /keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/
run cp /keepalived-2.2.7/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
run cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
copy keepalived/nginx_check.sh /etc/keepalived
copy keepalived/keepalived.conf /etc/keepalived
run chmod 644 /etc/keepalived/keepalived.conf
run chmod +x /etc/keepalived/nginx_check.sh
#set start shell script
#keepalived 默认是/etc/keepalived/keepalived.conf,可以增加-f指定配置文件
run echo "#!/bin/bash" > /startup.sh
run echo "nohup rsyslogd &" >> /startup.sh
run echo "sleep 2" >> /startup.sh
run echo "nohup keepalived &" >> /startup.sh
run chmod +x /startup.sh
run chmod 644 /etc/nginx/conf/nginx.conf
workdir /
cmd /startup.sh && tail -f /dev/null
2.docker build
docker build -t docker-nginx ./ -f dockerfile-nginx
3.配置docker-composes
因为上面的构建的nginx镜像只有maser的keepalived.conf,所以当backup的nginx容器启动完成后就需要将backup的keepalived.conf拷贝到backup的nginx容器上。
version: "3.0"
networks:
mynetwork:
external: true
services:
docker_nginx_master:
image: docker_nginx
container_name: docker_nginx_master
networks:
- mynetwork
# volumes:
# # - /home/lx/mytemp/nginx-temp/keepalived.conf:/etc/keepalived/keepalived.conf
# - /home/lx/mytemp/nginx-temp/nginx.conf:/etc/nginx/conf/nginx.conf
ports:
- "10080:8080"
- "10090:9090"
- "10060:60000"
- "10070:80"
- "10443:443"
cap_add:
- NET_ADMIN
command:
- sh
- -c
- |
echo "127.0.0.1 nginx.test.com" >> /etc/hosts
/startup.sh && tail -f /dev/null
docker_nginx_backup:
image: docker_nginx
container_name: docker_nginx_backup
networks:
- mynetwork
volumes:
- /home/lx/mytemp/nginx-temp/keepalived-backup.conf:/etc/keepalived/keepalived.conf
- /home/lx/mytemp/nginx-temp/nginx-backup.conf:/etc/nginx/conf/nginx.conf
cap_add:
- NET_ADMIN
4.启动
#启动创建容器
docker-compose -f cloud-nginx.yml up -d
启动完成之后查看msater容器的ip信息,可以看到vvip已经绑定上
然后请求nginx,可以看到确实master的nginx在运行,访问172.18.0.100:8080/returnok/的接口
然后停止master的容器,可以看到vvip已经从master转到backup上了
再次访问172.18.0.100:8080/returnok/
参考:
docker 下keepalived Nginx配置 - 知乎