keepalived的原理以及配置使用详解

一、vrrp协议简介

        VRRP(Virtual Router Redundancy Protocol)协议是用于实现路由器冗余的协议。

        VRRP协议将两台或多台路由器设备虚拟成一个设备,对外提供虚拟路由器IP(一个或多个),而在路由器组内部,如果实际拥有这个对外IP的路由器如果工作正常的话就是MASTER,或者是通过算法选举产生,MASTER实现针对虚拟路由器IP的各种网络功能,如ARP请求,ICMP,以及数据的转发等;其他设备不拥有该IP,状态是BACKUP,除了接收MASTER的VRRP状态通告信息外,不执行对外的网络功能。当主机失效时,BACKUP将接管原先MASTER的网络功能。

        配置VRRP协议时需要配置每个路由器的虚拟路由器ID(VRID)和优先权值,使用VRID将路由器进行分组,具有相同VRID值的路由器为同一个组,VRID是一个0~255的正整数;同一组中的路由器通过使用优先权值来选举MASTER,优先权大者为MASTER,优先权也是一个0~255的正整数。

        VRRP协议使用多播数据来传输VRRP数据,VRRP数据使用特殊的虚拟源MAC地址发送数据而不是自身网卡的MAC地址,VRRP运行时只有MASTER路由器定时发送VRRP通告信息,表示MASTER工作正常以及虚拟路由器IP(组),BACKUP只接收VRRP数据,不发送数据,如果一定时间内没有接收到MASTER的通告信息,各BACKUP将宣告自己成为MASTER,发送通告信息,重新进行MASTER选举状态。

 

        VRRP的工作过程为:

        (1) 虚拟路由器中的路由器根据优先级选举出Master。Master 路由器通过发送免费ARP 报文,将自己的虚拟MAC 地址通知给与它连接的设备或者主机,从而承担报文转发任务;

        (2) Master 路由器周期性发送VRRP 报文,以公布其配置信息(优先级等)和工作状况;

        (3) 如果Master 路由器出现故障,虚拟路由器中的Backup 路由器将根据优先级重新选举新的Master;

        (4) 虚拟路由器状态切换时,Master 路由器由一台设备切换为另外一台设备,新的Master 路由器只是简单地发送一个携带虚拟路由器的MAC 地址和虚拟IP地址信息的免费ARP 报文,这样就可以更新与它连接的主机或设备中的ARP 相关信息。网络中的主机感知不到Master 路由器已经切换为另外一台设备。

        (5) Backup 路由器的优先级高于Master 路由器时,由Backup 路由器的工作方式(抢占方式和非抢占方式)决定是否重新选举Master。

 

二、keepalived简介

        1、上面介绍了VRRP,而keepalived是什么呢,说白了keepalived就是实现VRRP协议的软件。它可以检测web服务器的工作状态,如果该服务器出现故障被检测到,将其剔除服务器群中,直至正常工作后,keepalive会自动检测到并加入到服务器群里面。实现主备服务器发生故障时ip瞬时无缝交接。它是LVS集群节点健康检测的一个用户空间守护进程,也是LVS的引导故障转移模块(director failover)。Keepalived守护进程可以检查LVS池的状态。如果LVS服务器池当中的某一个服务器宕机了。keepalived会通过一 个setsockopt呼叫通知内核将这个节点从LVS拓扑图中移除。

 

        2、keepalived的架构:

 wKioL1gXT4OReRZiAAJ9-ohqITI879.png

        keepalived也是模块化设计,不同模块复杂不同的功能,其组件包括:

            core:是keepalived的核心,复杂主进程的启动和维护,全局配置文件的加载解析等

            check:负责healthchecker(健康检查),包括了各种健康检查方式,以及对应的配置的解析包括LVS的配置解析

            vrrp:VRRPD子进程,VRRPD子进程就是来实现VRRP协议的

            libipfwc:iptables(ipchains)库,配置LVS会用到

            libipvs*:配置LVS会用到

            由图可知,两个子进程都被系统WatchDog看管,两个子进程各自复杂自己的事,checker子进程复杂检查各自服务器的健康程度,例如HTTP,LVS等等,如果checker子进程检查到MASTER上服务不可用了,就会通知本机上的兄弟VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态,并且会自动在ipvs内核添加相应的集群调度规则,所以说keepalived与lvs是天生搭配的。

 

三、keepalived的安装以及配置

        在centos6.4以前的系统其安装程序在epel源,6.4以后已被收入base源,所以我们可以直接使用yum来进行安装。

 

        查看keepalived的信息

[root@localhost ~]# yum info keepalived
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
base                                                                                              | 4.0 kB     00:00 ... 
Available Packages
Name        : keepalived
Arch        : x86_64
Version     : 1.2.13
Release     : 5.el6_6
Size        : 214 k
Repo        : base
Summary     : Load balancer and high availability service
URL         : http://www.keepalived.org/
License     : GPLv2+
Description : Keepalived provides simple and robust facilities for load balancing
            : and high availability.  The load balancing framework relies on the
            : well-known and widely used Linux Virtual Server (IPVS) kernel module
            : providing layer-4 (transport layer) load balancing.  Keepalived
            : implements a set of checkers to dynamically and adaptively maintain
            : and manage a load balanced server pool according their health.
            : Keepalived also implements the Virtual Router Redundancy Protocol
            : (VRRPv2) to achieve high availability with director failover.
 

        安装完成后,其主要的配置文件

        程序环境:

        配置文件:/etc/keepalived/keepalived.conf

        主程序:/usr/sbin/keepalived

        其中keepalivd的配置文件是keepalived.conf,其可以分为三个部分:

            全局配置(Global Configuration)

            VRRP配置

            LVS配置

 

        1、全局定义(global definition)配置范例:

 

! Configuration File for keepalived #注释内容
global_defs { #表示keepalived在发生诸如切换操作时需要发送email通知,以及email发送给哪些邮件地址,邮件地址可以多个,每行一个
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc #表示发送通知邮件时邮件源地址是谁
   smtp_server 192.168.200.1 #表示发送email时使用的smtp服务器地址
   smtp_connect_timeout 30 #连接smtp连接超时时间
   router_id LVS_DEVEL #机器标识,相当于主机名
}

 

        2、VRRP配置实例:

vrrp_instance VI_1 {  #VI_1表示这个VRRP的虚拟路由器的名字
    state MASTER #状态值
    interface eth0 #监听的端口
    virtual_router_id 51  #VRID,这个必须与备节点是一样
    priority 100 #优先级
    advert_int 1 #检测间隔
    authentication { #认证
        auth_type PASS #帐号
        auth_pass 1111 #密码
    }
    virtual_ipaddress { #需要虚拟的IP地址,可以是多个
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}

 

 

        3、lvs配置实例说明:

virtual_server 192.168.200.100 80 { # 设置VIP的IP和端口信息
    delay_loop 6 #检测间隔时间
    lb_algo rr #调度算法
    lb_kind NAT #lvs类型
    nat_mask 255.255.255.0 #NAT类型的网关掩码,其他类型不需要此项
    persistence_timeout 50 #持久连接时间
    protocol TCP #TCP协议
    real_server 192.168.201.100 80 { #RIP的IP和端口
        weight 1 #权重
            url { 
              path /mrtg/  #健康检查,这里是对web服务的检测,有两种方法,一种是指定页面的hash值。一个是页面的状态码,这里是hash值
              digest 9b3a0c85a887a256d6939da88aabd8cd #hash值
            }
            connect_timeout 3 #失败时连接的时间
            nb_get_retry 3 #失败时检测的次数
            delay_before_retry 3 #每次失败等多少秒再进行检查
        }
    }
}
 

    其实配置就是这么简单,下面来实验来测试验证效果,在配置HA Cluster时需要注意的事项:

            (1)各主机之间的时间必须一致

            (2)确保集群服务不受iptables和selinux的影响

            (3)各节点之间可通过

 

    1、单实例(没用启用LVS)

        (1)设置配置(master主机):

[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
   notification_email {
root@localhost
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id test1
   vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 23
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 12345
    }
    virtual_ipaddress {
        192.168.200.16/24 dev eth0 label eth0:1 
    }
}
 

        (2)同时把该配置文件拷贝至BACKUP的主机上,但是要修改三个地方:router_id,state,priority

BACKUP主机的配置:

[root@php ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived
global_defs {
   notification_email {
root@localhost
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id test2
   vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 23
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 12345
    }
    virtual_ipaddress {
        192.168.200.16/24 dev eth1 label eth1:1 
    }
}

 

 

            (3)启动主机服务,IP已经设置在MASTER上,同时查看日志信息,可以清晰的看到MASTER在不断发送免费arp报文

[root@localhost keepalived]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:DA:A5:4C  
          inet addr:10.1.252.36  Bcast:10.1.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:feda:a54c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18767 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1302 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1646398 (1.5 MiB)  TX bytes:184756 (180.4 KiB)
eth0:1    Link encap:Ethernet  HWaddr 00:0C:29:DA:A5:4C  
          inet addr:192.168.200.16  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:202 (202.0 b)  TX bytes:202 (202.0 b)
[root@localhost keepalived]# tail /var/log/messages
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Opening file '/etc/keepalived/keepalived.conf'.
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Configuration is using : 7453 Bytes
Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Using LinkWatch kernel netlink reflector...
Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Transition to MASTER STATE
Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Entering MASTER STATE
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) setting protocol VIPs.
Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16
Oct 31 19:43:17 localhost Keepalived_healthcheckers[2629]: Netlink reflector reports IP 192.168.200.16 added
Oct 31 19:43:22 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16

 

 

            (4)停掉MATER主机keepalived服务,查看BACKUP主机,IP已经接管,说明keepalived已经正常工作了:

MATER:

[root@localhost keepalived]# service  keepalived stop
Stopping keepalived:                                       [  OK  ]
BACKUP:
[root@php ~]# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:0C:29:DE:83:7F  
          inet addr:10.1.249.30  Bcast:10.1.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fede:837f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19877 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1140 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1743327 (1.6 MiB)  TX bytes:150564 (147.0 KiB)
eth1:1    Link encap:Ethernet  HWaddr 00:0C:29:DE:83:7F  
          inet addr:192.168.200.16  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:252 (252.0 b)  TX bytes:252 (252.0 b)
[root@php ~]# !tai
tail /var/log/messages
Nov  1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Received higher prio advert
Nov  1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov  1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) removing protocol VIPs.
Nov  1 03:43:15 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 removed
Nov  1 03:47:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov  1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov  1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov  1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16
Nov  1 03:47:16 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 added
Nov  1 03:47:21 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16

 

 

            (5)单实例的配置就是这么简单的实现了,当然也可以不同主配置的邮件通知功能,而是使用自定义的邮件通知的shell脚本

    在instance中添加自定义的邮件通知的shell脚本路径实例:

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 23
    priority 90
    advert_int 1
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
    authentication {
        auth_type PASS
        auth_pass 12345
    }
    virtual_ipaddress {
        192.168.200.16/24 dev eth1 label eth1:1 
    }
}
notify.sh脚本内容如下:
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
 

        双实例或多实例的配置过程大同小异,这里就不再进行演示

        (6)我们知道lvs不支持都后端的调度主机进行状态检查,而keepalived弥补了这个缺陷,并且还支持传输层和应用层的检测:

real_server <IPADDR> <PORT>
{
 weight <INT>
 notify_up <STRING>|<QUOTED-STRING>
 notify_down <STRING>|<QUOTED-STRING>
 HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定义当前主机的健康状态检测方法;
}
HTTP_GET|SSL_GET {
url {
path <URL_PATH>:定义要监控的URL;
status_code <INT>:判断上述检测机制为健康状态的响应码;
digest <STRING>:判断上述检测机制为健康状态的响应的内容的校验码;
}
nb_get_retry <INT>:重试次数;
delay_before_retry <INT>:重试之前的延迟时长;
connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
bind_port <PORT>:发出健康状态检测请求时使用的源端口;
connect_timeout <INTEGER>:连接请求的超时时长;
}
 TCP_CHECK {
connect_ip <IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port <PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto <IP ADDRESS>:发出健康状态检测请求时使用的源地址;
bind_port <PORT>:发出健康状态检测请求时使用的源端口;
connect_timeout <INTEGER>:连接请求的超时时长;
}

 

 

        (7)此外keepalived还支持调用外部分辅助脚本,完成资源监控,并根据监控的结果状态来实现优先动态调整;

用法:

 

vrrp_script:定义一个资源监控脚本;

vrrp_script  <STRING> {

script ""

interval INT 

weight -INT 

}

track_script:调用定义的资源监控脚本;

track_script {

SCRIPT_NAME

}


示例:


! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_down { #如果/etc/keepalived/down文件存在,优先级-5
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_httpd {#如果httpd服务进程失效,优先级-5
script "killall -0 httpd && exit 0 || exit 1" 
interval 1
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 98181111
}
virtual_ipaddress {
172.16.100.71/32 dev eno16777736
}
track_script {  #调用脚本
chk_down
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}

 

 

posted @ 2019-03-06 14:01  liutoliu  阅读(1377)  评论(0编辑  收藏  举报