Keepalived之简单有效的配置
1、简介
官网地址:https://www.keepalived.org/
源码包下载地址:https://www.keepalived.org/download.html
Keepalived是一种高可用实现方案,以vrrp协议为实现基础,在N台具有相同的路由或服务器中选举一个master和多个backup,master和backup主要是由优先级来区分,优先级高者为master,master主机会产生一个VIP,并且定时向backup主机发送vrrp组播报文。当backup主机在指定时间内未收到报文则认为master主机宕机了,此时就会在所有的backup主机中根据vrrp协议来选举出新的master主机来保证服务的高可用性。
Keepalived三个主要模块:
- core:负责主进程的启动维护和全局配置文件的加载解析
- check:负责健康检查
- vrrp:实现vrrp协议
Keepalived的基本工作模式:
- 主备模式(抢占模式):利用优先级priority和weight计算出优先级,优先级高的为master(产生VIP),其余为backup;master故障时选举优先级最高的backup暂时作为主工作(VIP漂移至此服务器),master恢复后直接强制接管工作,VIP漂移回master;
- 主主模式(双主模式):几乎弃用,不做解释
- 非抢占模式:通过配置nopreempt实现,state都需要设置为backup,在此情况下,即在优先级高的主机故障后不会强制接管VIP,即使优先级最高也要等现任的VIP主机故障后才能接管VIP。由于生产环境的VIP漂移属于重大生产事故,所以生产上一般推荐使用非抢占模式。非抢占模式配置重点如下:
两个节点的state都必须配置为BACKUP(master无法使nopreempt生效);
两个节点都必须配置 nopreempt;
两个节点优先级不能一样。
2、实验环境级架构
两台操作系统centos7
关闭firewalld与setenforce
主机 服务 state 模式 VIP
10.4.7.11 nginx+keepalived backup 非抢占 10.4.7.10
10.4.7.12 nginx+keepalived backup 非抢占
两台主机上部署nginx,通过keepalived对外提供VIP,keepalived模式采用非抢占模式,VIP漂移机制中加入nginx端口存活脚本来判断是否触发故障转移
本例使用yum安装keepalived;
- 主配置文件:/etc/keepalived/keepalived.conf
- 日志由systemd系统日志托管:/var/log/messages
- 主程序文件:/usr/sbin/keepalived
3、部署
两台主机上安装nginx+keepalived
[root@hdss7-11 ~]# yum -y install nginx keepalived
修改nginx端口为7443,可不做
启动nginx
[root@hdss7-11 ~]# systemctl start nginx && systemctl enable nginx
配置nginx检查脚本
[root@hdss7-11 ~]# vim /etc/keepalived/check_port.sh
#!/bin/bash
#keepalived监控端口脚本
#使用方法:
#在keepalived的配置文件中
#vrrp_script check_port{#创建一个vrrp_script脚本,检查配置
# script "/etc/keepalived/check_port.sh 7443" #配置监听的端口
# interval 2 #检查脚本的频率,单位(秒)
#}
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
PORT_PROCESS=`ss -nlt|grep $CHK_PORT|wc -l`
if [ $PORT_PROCESS -eq 0 ];then
echo "Port $CHK_PORT Is Not Used,End"
exit 1
fi
else
echo "Check Port Can Be Empty!"
fi
给执行权限
[root@hdss7-11 ~]# chmod +x /etc/keepalived/check_port.sh
配置keepalived主配置文件
10.4.7.11上
[root@hdss7-11 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.4.7.11
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_port.sh 7443"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
mcast_src_ip 10.4.7.11
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.4.7.10
}
}
注释:
router_id 10.4.7.11:本服务器的一个id(可选)
script_user root:检查vrrp_script 中的脚本所使用的用户(可选,默认为root)
interval 2:每2s检查执行一次脚本.
weight -20:脚本执行结果为1则本服务器主机优先级降低20,其余则不变
interface ens33:写成自己的网卡
virtual_router_id 51:两台服务器必须一样的,表明是一组的
mcast_src_ip 10.4.7.11:发送报文使用的ip(可选,双网卡的时候就需要配置了)
priority 100:配置的优先级(优先级=priority+weight)
nopreempt:设置为非抢占模式
authentication :组内通信的密码,两台主机必须一样
track_script:与vrrp_script呼应
virtual_ipaddress:设置的VIP
10.4.7.12上
[root@hdss7-12 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.4.7.12
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_port.sh 7443"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
mcast_src_ip 10.4.7.12
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.4.7.10
}
}
4、测试
启动两台主机上的keepalived
[root@hdss7-11 ~]# systemctl start keepalived && systemctl enable keepalived
查看VIP
[root@hdss7-11 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ca:98:73 brd ff:ff:ff:ff:ff:ff
inet 10.4.7.11/24 brd 10.4.7.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.4.7.10/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::66c4:334d:3cb1:9096/64 scope link noprefixroute
valid_lft forever preferred_lft forever
关闭10.4.7.11上的nginx
[root@hdss7-11 ~]# systemctl stop nginx
[root@hdss7-11 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ca:98:73 brd ff:ff:ff:ff:ff:ff
inet 10.4.7.11/24 brd 10.4.7.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::66c4:334d:3cb1:9096/64 scope link noprefixroute
valid_lft forever preferred_lft forever
查看日志,发现脚本执行状态为1,所以优先级从100变成了80,removing protocol VIPs.
[root@hdss7-11 ~]# tailf /var/log/messages
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: Using LinkWatch kernel netlink reflector...
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 11 22:29:19 hdss7-11 systemd: Started LVS and VRRP High Availability Monitor.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jul 11 22:29:19 hdss7-11 Keepalived_healthcheckers[29368]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:29:20 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Changing effective priority from 100 to 80
发现10.47.12日志显示被选为master,VIP漂移只10.4.7.12上
root@hdss7-12 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:96:e2:af brd ff:ff:ff:ff:ff:ff
inet 10.4.7.12/24 brd 10.4.7.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 10.4.7.10/32 scope global ens33
[root@hdss7-12 ~]# tailf /var/log/messages
Jul 11 22:29:19 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: Sending gratuitous ARP on ens33 for 10.4.7.10
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.4.7.10
启动10.4.7.11上的nginx后,优先级变回100,但是VIP还是没有回来
[root@hdss7-11 ~]# tailf /var/log/messages
Jul 11 22:37:34 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:36 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:38 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:40 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:41 hdss7-11 systemd: Starting The nginx HTTP and reverse proxy server...
Jul 11 22:37:41 hdss7-11 nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 11 22:37:41 hdss7-11 nginx: nginx: configuration file /etc/nginx/nginx.conf test is successful
Jul 11 22:37:41 hdss7-11 systemd: Started The nginx HTTP and reverse proxy server.
Jul 11 22:37:42 hdss7-11 Keepalived_vrrp[29369]: VRRP_Script(chk_nginx) succeeded
Jul 11 22:37:42 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Changing effective priority from 80 to 100
由于是非抢占模式,此时只有重启10.4.7.12上的keepailved,VIP才会回到10.4.7.11上
5、参考文档
关于vrrp_script详可以参考下面这篇文章:
https://www.cnblogs.com/arjenlee/p/9258188.html
