keepalived介绍
Keepalived
是一个用于提高 Linux 系统高可用性的软件,主要用于实现服务器集群中的故障转移和负载均衡。它最初是为了 LVS (Linux Virtual Server) 集群而开发的,但现在也被广泛应用于其他场景。
Keepalived 的主要特性包括:
- 基于 VRRP 的虚拟 IP 管理:Keepalived 使用 VRRP (Virtual Router Redundancy Protocol) 协议来管理虚拟 IP 地址。这样可以在主服务器发生故障时,将虚拟 IP 地址转移到备用服务器上,从而保证服务的连续性。
- 健康检查:Keepalived 提供了健康检查机制来监控服务器上的服务状态。当检测到服务不可用时,它可以自动将流量重定向到健康的服务器。
- 故障转移:当主服务器失效时,Keepalived 可以快速地将服务转移到备用服务器,以避免单点故障。
- 负载均衡:虽然 Keepalived 主要不是为负载均衡设计的,但它可以配合 LVS 或其他负载均衡器一起使用,提供更高级别的可用性和性能。
Keepalived 的工作原理:
- 主服务器 (Master):通常拥有虚拟 IP 地址,并处理客户端请求。
- 备份服务器 (Backup):监视主服务器状态,并准备好接管虚拟 IP 和服务。
配置文件结构:
keepalived
的配置文件通常位于/etc/keepalived/keepalived.conf
。- 主要包含几个部分:
global_defs
:全局定义,包括日志设置等。vrrp_instance
:定义 VRRP 实例,包括优先级、虚拟 IP 地址、通告间隔等。check_script
:定义用于健康检查的脚本或命令。vrrp_script
:定义定期执行的脚本,用于检测服务状态。
其他特性:
- 邮件通知:可以通过配置文件设置邮件通知,以便在发生故障转移时发送通知。
- 可扩展性:可以通过编写自定义脚本来扩展 Keepalived 的功能。
高可用集群
1.1 集群的类型
- LB:Load Balance 负载均衡
- LVS/HAProxy/nginx(http/upstream, stream/upstream)
- HA:High Availability 高可用集群 数据库、Redis
- SPoF: Single Point of Failure,解决单点故障
- HPC:High Performance Computing 高性能集群
1.2 实现高可用
提升系统高用性的解决方案:降低 MTTR- Mean Time To Repair( 平均故障时间 )
解决方案:建立冗余机制
active/passive 主/备
active/active 双主
active --> HEARTBEAT --> passive
active <–> HEARTBEAT <–> active
1.3 VRRP:Virtual Router Redundancy Protocol
虚拟路由冗余协议 , 解决静态网关单点风险
物理层:路由器、三层交换机
软件层:keepalived
1.3.1 VRRP相关术语
虚拟路由器:Virtual Router
虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
VIP:Virtual IP
VMAC:Virutal MAC (00-00-5e-00-01-VRID)
物理路由器:
- master:主设备
- backup:备用设备
- priority:优先级
1.3.2 VRRP 相关技术
通告:心跳,优先级等;周期性
工作方式:抢占式,非抢占式
安全认证:
- 无认证
- 简单字符认证:预共享密钥
- MD5
工作模式:
主/备:单虚拟路由器
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
实验项目
第一步 实验环境配置
主机名 | IP |
---|---|
ka1 | 172.25.254.10/24 |
ka2 | 172.25.254.20/24 |
realserver1 | 172.25.254.110/24 |
realserver2 | 172.25.254.120/24 |
第二步 安装部署
[root@ka1 ~]# dnf install keepalived -y
[root@ka1 ~]# systemctl start keepalived
第三步 配置虚拟路由
配置master:
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
549763551@qq.com
}
notification_email_from keepalived@ka1.exam.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.exam.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
配置slave:
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.250.100/24 dev eth0 label eth0:1 #<IPADDR> dev <STRING> scope <SCOPE>
label <LABEL>
}
}
ka1和ka2中安装软件包:
yum install keepalived -y
主配置文件:
/etc/keepalived/keepalived.conf
默认为抢占模式:
vim /etc/keepalived/keepalived.conf
配置全局参数:
global_defs {
notification_email {
549763551@qq.com
dc549763551@163.com
}
notification_email_from keepalived@timingding.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.timingding.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
配置vip:
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
启动服务
systemctl start keepalived.service
将配置文档传到ka2上面
scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
ka2配置vip的地方要改优先级:
vrrp_instance VI_1 {
state BACKUP #改为BACKUP
interface eth0
virtual_router_id 100
priority 80 #比ka1低一些
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
此时ping 172.25.254.100 不通,需要全局配置里面配置参数 vrrp_iptables
ka1和ka2都要加
global_defs {
notification_email {
549763551@qq.com
dc549763551@163.com
}
notification_email_from keepalived@timingding.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.timingding.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables ------ 加这个参数
}
实现独立子配置文件
vim /etc/keepalived/keepalived.conf
把虚拟路由注释掉:
#vrrp_instance VI_1 {
# state MASTER
# interface eth0
# virtual_router_id 100
# priority 100
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 172.25.254.100/24 dev eth0 label eth0:1
# }
#}
include "/etc/keepalived/conf.d/*.conf"
vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
重启服务
systemctl restart keepalived.service
配置BACKUP
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
549763551@qq.com
dc549763551@163.com
}
notification_email_from keepalived@ka2.timingding.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.timingding.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group 224.0.0.18
#vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
抢占延迟模式
ka1、ka2
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s #时间
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
非抢占模式
ka1、ka2
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP ---- 设置BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
vip单播模式
ka1、ka2
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
keepalived实现邮件通知
安装通知工具
dnf install mailx -y
邮箱配置:
vim /etc/mail.rc
set from=549763551@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=549763551@qq.com
set smtp-auth-password=gihfsljhoasdhusd ---- 复制授权码
set smtp-auth=login
set ssl-verify=ignore
测试发送邮件:
echo test message |mail -s test 549763551@qq.com
使用脚本:
#!/bin/bash
mail_dst="549763551@qq.com"
send_message()
{
mail_sub="HOSTNAME to be $1 vip mopve"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
添加执行权限
chmod +x /etc/keepalived/mail.sh
在ka1和ka2虚拟路由上面添加节点:
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
notify_master "/etc/keepalived/notify.sh master" ----- 添加这三行
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
实现keepalived的双主架构 master/master
ka1、ka2配置
vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTWE
interface eth0
virtual_router_id 200
priority 80 #优先级不能相同
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
keepalived-haproxy实现高可用(需还原实验环境)
检测haproxy进程:
killall -0 haproxy
写入示例脚本:
vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
重启服务
systemctl restart keepalived.service
测试
ka1停止服务 systemctl stop haproxy.service
ka1上没有VIP
haproxy重新启动
systemctl start haproxy.service
在这次实验中,客户端不断地尝试访问,由于 ka1
上的 VIP 优先级被降低了,因此 VIP 被转移到了 ka2
上。尽管 ka2
上的 HAProxy 没有被停止并且仍然持有 VIP,这个死循环并不会影响整个架构的最终访问能力。通过这种方式,我们的 keepalived-haproxy
配置成功实现了高可用性。