keepalived学习
HA集群
1 keepalived 2 heartbeat 3 corosync 4 cman
功能实现
vrrp协议在Linux主机上以守护进程方式,
能够根据配置文件自动生成ipvs规则
对各RS健康状态检测
组件
vrrp stack
checkers
ipvs wrapper ---> ipvs
HA Cluster配置准备
1. 本机的主机名与Hosts中定义的主机保持一致,以及hostname、uname -n获得的名称保持一致 CentOS6 /etc/sysconfig/network CentOS7 hostnamectl set-hostname HOSTNAME | /etc/hostname 各节点能互相解析主机名编辑/etc/hosts文件 2. 各节点时间同步 3. 确保iptables及selinux规则影响keepalive 4. 为了防止配置文件修改出错不可回改首先备份文件
配置文件详解
man keepalived.conf 定义收件人 notification_email {...} # To: 定义发件人 notification_email_from admin@example.com SMTP服务器 smtp_server 127.0.0.1 [<PORT>] 邮件超时时间 smtp_connect_timeout 30 定义route_id router_id LVS_DEVEL 定义组播地址 vrrp_mcast_group4 224.0.0.1 例子:本机邮件 global_defs { notification_email { root@localhost } notification_email_from admin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1.example.com vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 # vrrp_mcast_group4 224.0.0.1 双主实例默认组播地址不能更改 } VRRP组身份 state MASTER 通告网卡 interface eth0 虚拟Route_ID(要唯一) virtual_router_id 51 优先级,用于判定VRRP组身份 priority 100 心跳发送间隔 advert_int 1 身份认证 authentication { # PASS||AH # PASS - Simple password (suggested) # AH - IPSEC (not recommended)) auth_type PASS # Password for accessing vrrpd. # should be the same on all machines. # Only the first eight (8) characters are used. auth_pass 1234 } 虚拟地址配置 virtual_ipaddress { <IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL> 192.168.200.17/24 dev eth1 192.168.200.18/24 dev eth2 label eth2:1 } 例子:vrrp实例 vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.180.100/24 dev ens33 label ens33:0 } }
使用日志功能
vim /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -S 3" # LOG守护进程配置 vim /etc/rsyslog.conf local3.* /var/log/keepalived.log systemctl restart rsyslog
VRRP脚本自动检测优先级
# 实例外定义,实例内调用 vrrp_script chk_schedown { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" interval 2 weight -2 } vrrp_instance INSTANCE_NAME { ... track_script { chk_schedown } }
keepalive基于LVS-NAT配置
vrrp_sync_group VG_1 {
VI_1
VI_2
}
vrrp_instance VI_1 {
interface ...
VIP
}
vrrp_instance VI_2 {
instance ...
DIP
}
keepalived双主模型配置
node1 vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.180.100/24 dev ens33 label ens33:0 } } vrrp_instance VI_2 { state BACKUP interface ens33 virtual_router_id 61 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 654321 } virtual_ipaddress { 192.168.180.110/24 dev ens33 label ens33:1 } } node2 vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.180.100/24 dev ens33 label ens33:0 } } vrrp_instance VI_2 { state MASTER interface ens33 virtual_router_id 61 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 654321 } virtual_ipaddress { 192.168.180.110/24 dev ens33 label ens33:1 } }
Virtual Instence 状态发生改变时,发送通知邮件
当前节点转换为master状态时,发送通知邮件 notify_master <STRING>|<QUOTED-STRING> [username [groupname]] # 编写脚本定制发送内容 notify_master "/etc/keepalived/notify.sh master" 当前节点转换为backup状态时,发送通知邮件 notify_backup <STRING>|<QUOTED-STRING> [username [groupname]] 当前节点转换为backup状态时(节点故障),发送通知邮件 notify_fault <STRING>|<QUOTED-STRING> [username [groupname]] 当前节点转换为stop状态时(节点故障),发送通知邮件 notify_stop <STRING>|<QUOTED-STRING> [username [groupname]] # executed when stopping vrrp
Virtual server
三种类型组 virtual_server IP port virtual_server fwmark int virtual_server group string 向RS发送健康状态检查间隔 delay_loop <INT> 负责均衡所支持的调度算法 lb_algo rr|wrr|lc|wlc|lblc|sh|dh 对每一个报文单独调度 ops lvs支持类型 lb_kind NAT|DR|TUN 持久时长 persistence_timeout [<INT>] 协议选择 protocol TCP|UDP|SCTP 没有虚拟地址时挂起监控检查功能 ha_suspend 定义对哪些虚拟主机做健康状态检测 virtualhost <STRING> 所有的虚拟主机都失效时,Sorry Server生效 sorry_server <IPADDR> <PORT> real_server <IPADDR> <PORT> weight <INT> notify_up <STRING>|<QUOTED-STRING> notify_down <STRING>|<QUOTED-STRING> 健康状态检测协议 # HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|DNS_CHECK|MISC_CHECK HTTP_GET|SSL_GET url { #eg path / , or path /mrtg2/ path <STRING> # healthcheck needs status_code # or status_code and digest # Digest computed with genhash # eg digest 9b3a0c85a887a256d6939da88aabd8cd digest <STRING> # status code returned in the HTTP header # eg status_code 200. Default is any 2xx value status_code <INT> } # 如果服务器繁忙或者其他原因获取不到页面时,应该再重新尝试几次 nb_get_retry <INT> # 重新获取的等待延时 delay_before_retry <INT> connect_ip <IP ADDRESS> connect_port <PORT> bindto <IP ADDRESS> bind_port <PORT> connect_timeout <INTEGER> # 基于fwmark检测时使用 fwmark <INTEGER> # 打散各RS的检测时间,减少同一时间点上的并发数,减少网络负担 warmup <INT>
