Keepalived 配置和使用

keepalived主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。keepalived主要目的在于，其自身启动一个服务，能够实现工作在双节点或多个节点上，并且可以在内核生效的ipvs规则其中当前持有资源的节点被称为活跃节点，另外的节点被称为备节点被称为 Master/Backup。

VRRP（如果有学习过TCP\IP，这一块很好理解）：

虚拟路由器冗余协议（VRRP）是一种选择协议，它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器，它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用，这种选择过程就提供了动态的故障转移机制，这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。 VRRP 包封装在 IP 包中发送。

VRRP优先级别：

	VRRP每个节点是有自己的优先级的，一般优先级是从0-255 ，数字越大优先级越高因此可以这么定义：

		假如要有一初始化的状态，其中一节点优先级100 另一节点优先级99，那么毫无疑问，谁的优先级高谁就是主节点所有的节点刚启动后上线都是backup状态，需通过选举的方式选择master，如果其他节点没有响应则将自己提升为master

通告机制：

	如果节点之间master出现故障，其会自动转移当前角色，这时我们的管理员应该知道其已切换角色keepalived支持邮件发送机制，如果其状态发生改变的话 可以通过邮件方式发送给管理员，使管理员第一时间可以查看其活动状态，方便之后的运维工作

keepalived核心组成部分

vrrp的实现
virtual_server：基于vrrp作为所谓通告机制之上的
vrrp_script:以外部脚本方式进行检测

keepalived

KeepAlived的安装：

[root@Nginx-one ~]# tar zxf keepalived-1.2.13.tar.gz

[root@Nginx-one ~]# cd keepalived-1.2.13

[root@Nginx-one keepalived-1.2.13]# yum install kernel-devel openssl-devel libnl-devel

[root@Nginx-one keepalived-1.2.13]# ./configure --prefix=/ --mandir=/usr/local/share/man/ --with-kernel-dir=/usr/src/kernels/2.6.32-431.el6.x86_64/

[root@Nginx-one keepalived-1.2.13]# make && make install

Keepalived configuration

------------------------

Keepalived version       : 1.2.13			##version#

Compiler                 : gcc				##编译工具##

Compiler flags           : -g -O2			##参数##

Extra Lib                : -lssl -lcrypto -lcrypt 	##扩展库##

Use IPVS Framework       : Yes				##LVS核心代码框架，不使用LVS可以编译时disable-lvs##

IPVS sync daemon support : Yes				##IPVS同步进程，是否开启取决于 IPVS FRAMEWORK###

IPVS use libnl           : Yes				##是否使用libnl库##

fwmark socket support    : Yes				##套接字框架##

Use VRRP Framework       : Yes				##VRRP框架，keepalived的核心进程vrrpd##

Use VRRP VMAC            : Yes				##VRRP Virtual mac##

SNMP support             : No

SHA1 support             : No

Use Debug flags          : No

[root@Nginx-one keepalived-1.2.13]# make && make install

KeepAlived的所有配置都在一个配置文件里设置，支持的配置可分为以下三类：

	1、全局配置（global configure）

	2、VRRPD配置

	3、LVS配置

	很明显，全局配置就是对整个keepalived生效的配置，不管是否使用LVS，VRRPD是keepalived的核心，LVS配置只在要使用keepalived来配置和管理LVS时使用，如果仅使用keepalived来做HA，LVS不需要配置。

	配置文件都是以块（block）形式组织的，每个块都在{}范围内，#和!表示注释。

全局定义（global definition）

global_defs {

   notification_email {		##指定keepalived在发生事件（如切换）需要发送Email的对象，多个写多行##

     itchenyi@gmail.com

   }

   notification_email_from itchenyi@gmail.com

   smtp_server 127.0.0.1		##SMTP服务器##

   smtp_connect_timeout 30		##链接超时时间##

   router_id Nginx-one			##路由标识，这里用主机名##

}

VRRPD配置（VRRP同步组（syncchroization group）和 VRRP实例（VRRP instance））

不使用SYNC Group的话，如果路由有2个网段，一个内网，一个外网，每个网段开启一个VRRP实例，假设VRRP配置为检查内网，那么当外网出现问题时，VRRPD会认为自己是健康的，则不会发送Master和Backup的切换，从而导致问题，Sync Group可以把两个实例都放入Sync Group，这样的话，Group 里任何一个实例出现问题都会发生切换。

vrrp_instance VI_1 { ##虚拟路由标识##

state MASTER ##初始状态，默认，选举产生后才可以升级为Master ，这里明确定义其为Master##

interface eth1 ##选举通过那个网卡接口##

virtual_router_id 10 ##虚拟路由的ID号，一般不大于255，可选IP最后一段使用##

priority 100 ##初始优先级，选举过程中判断的依据，和路由的概念一样##

advert_int 1 ##检查间隔，默认1s##

authentication { ##认证机制##

auth_type PASS ##认证方式，PASS为明文##

auth_pass ipython ##认证密码##

}

virtual_ipaddress { ##虚拟地址池##

1.1.1.100

}

}

###后面的配置参数 先删删掉吧###

配置Backup 配置如下：

[root@nginx-two keepalived-1.2.13]# cat /software/keepalived/etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

   notification_email {

     itchenyi@gmail.com

   }

   notification_email_from itchenyi@gmail.com

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id nginx-two

}

vrrp_instance VI_1 {

    state BACKUP

    interface eth1

    virtual_router_id 20

    priority 50

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass ipython

    }

    virtual_ipaddress {

        1.1.1.100

    }

}

###其他配置：####

	nopreempt 设置为不抢占，这个配置只能设置在state为BACKUP的节点上，并且这个机器的优先级必须比另一台高

	preempt_delay 抢占延迟，默认5分钟

	debug debug级别

	notify_master 切换到Master时执行的脚本

##start##

[root@Nginx-one keepalived-1.2.13]# service keepalived start

Starting keepalived:                                       [  OK  ]

###观察其日志文件###

[root@Nginx-one keepalived-1.2.13]# tail -f /var/log/messages

Aug  3 00:02:12 Nginx-one Keepalived[8177]: Starting Keepalived v1.2.13 (08/03,2014)

Aug  3 00:02:12 Nginx-one Keepalived[8178]: Starting Healthcheck child process, pid=8180

Aug  3 00:02:12 Nginx-one Keepalived[8178]: Starting VRRP child process, pid=8181

####当前的IP地址####

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP 1.1.1.10 added

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink reflector

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering Kernel netlink command channel

Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP 1.1.1.10 added

Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added

Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink reflector

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Registering gratuitous ARP shared channel

Aug  3 00:02:13 Nginx-one Keepalived_healthcheckers[8180]: Registering Kernel netlink command channel

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Opening file '/etc/keepalived/keepalived.conf'.

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Configuration is using : 62834 Bytes

Aug  3 00:02:13 Nginx-one Keepalived_vrrp[8181]: Using LinkWatch kernel netlink reflector...

Aug300:02:13Nginx-one Keepalived_vrrp[8181]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]###打开并加载配置文件####Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Opening file '/etc/keepalived/keepalived.conf'.Aug300:02:13Nginx-one Keepalived_healthcheckers[8180]:Configurationisusing:7377BytesAug300:02:13Nginx-one Keepalived_healthcheckers[8180]:UsingLinkWatch kernel netlink reflector...####切换为Master 状态####Aug300:02:14Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Transition to MASTER STATE

Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Entering MASTER STATE

Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1) setting protocol VIPs.####在接口上添加VIP###Aug300:02:15Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:02:15Nginx-one Keepalived_healthcheckers[8180]:Netlink reflector reports IP 1.1.1.100 added

Aug300:02:20Nginx-one Keepalived_vrrp[8181]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100###查看是否添加VIP###[root@Nginx-one keepalived-1.2.13]# ip a show|awk '/inet\ /'

    inet 127.0.0.1/8 scope host lo

    inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1

    inet 1.1.1.100/32 scope global eth1

停止MASTER，查看BACKUP的状态转移[root@Nginx-one keepalived-1.2.13]# service keepalived stop

Stopping keepalived:[  OK  ][root@nginx-two keepalived-1.2.13]# tail -f /var/log/messages

Aug300:05:01 nginx-two Keepalived_vrrp[5148]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering BACKUP STATE

Aug300:05:01 nginx-two Keepalived_healthcheckers[5147]:UsingLinkWatch kernel netlink reflector...Aug300:05:01 nginx-two Keepalived_vrrp[5148]: VRRP sockpool:[ifindex(2), proto(112), unicast(0), fd(10,11)]Aug300:05:40 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Transition to MASTER STATE

Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Entering MASTER STATE

Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1) setting protocol VIPs.Aug300:05:41 nginx-two Keepalived_healthcheckers[5147]:Netlink reflector reports IP 1.1.1.100 added

Aug300:05:41 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100Aug300:05:46 nginx-two Keepalived_vrrp[5148]: VRRP_Instance(VI_1)Sending gratuitous ARPs on eth1 for1.1.1.100####和路由协议一样，当MASTER上线被检测到会抢占VIP，可以想象的到，Keepalived也支持非抢占模式，只有BACKUP在变成MASTER后宕机了，才会转移VIP，说起来怎么这么绕口####

定义Keepalived的检测机制

###一只简单的脚本判断nginx 是否在工作###

[root@nginx-two ~]# cat nginx_check.sh

#!/bin/bash

alive=`netstat -pant|awk '/0.0.0.0:80/&&/LISTEN/'|wc -l`

if [ $alive -eq 1 ]; then

    exit 0

else

    exit 1

fi

###增加keepalived配置###

vrrp_script nginx_check

{

    script "/root/nginx_check.sh"

    interval 1		###检测时间间隔 1s###

    weigh -60		###如果条件成立，权重-60###

}

####将track_script块加入instance 配置块####

    track_script

    {

        nginx_check

    }

[root@Nginx-one ~]# service keepalived restart

Stopping keepalived:                                       [  OK  ]

Starting keepalived:                                       [  OK  ]

###无须质疑，只要nginx 的80端口是正常监听的，主就还是主###

[root@Nginx-one ~]# ip a show|awk '/inet\ /'

    inet 127.0.0.1/8 scope host lo

    inet 1.1.1.10/8 brd 1.255.255.255 scope global eth1

    inet 1.1.1.100/32 scope global eth1

###停止Nginx服务###

[root@Nginx-one ~]# service nginx stop

Stopping nginx:                                            [  OK  ]

看看日志

Aug  3 00:52:13 Nginx-one Keepalived_vrrp[8490]: VRRP_Script(nginx_check) failed

Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Entering FAULT STATE

Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) removing protocol VIPs.

Aug  3 00:52:14 Nginx-one Keepalived_vrrp[8490]: VRRP_Instance(VI_1) Now in FAULT state

Aug  3 00:52:14 Nginx-one Keepalived_healthcheckers[8489]: Netlink reflector reports IP 1.1.1.100 removed

###Backup机器变成Master了###

[root@nginx-two ~]# ip a show|awk '/inet\ /'

    inet 127.0.0.1/8 scope host lo

    inet 1.1.1.20/8 brd 1.255.255.255 scope global eth1

    inet 1.1.1.100/32 scope global eth1

» 转载保留版权：IT辰逸 » 《Keepalived 配置和使用》

» 本文链接地址：http://www.ipython.me/centos/keepalived-config-using.html

» 本文版权采取：BY-NC-SA 协议进行授权，转载注明出处。除IT-Tools、News以及特别标注，本站所有文章均为原创。

» 如果喜欢可以：点此订阅本站