Linux下實現高可用軟件-Keepalived基礎知識梳理
- 2021 年 9 月 27 日
- 筆記
- Linux Keepalived, Linux 實例
Keepalived介紹
- Keepalived軟件起初是專門為LVS負載均衡軟件設計的,用來管理並監控LVS集群系統中各個服務節點的狀態,後來又加入了可以實現高可用的VRRP功能。因此,Keepalived除了能夠管理LVS軟件外,還可以作為其他服務(例如:Nginx,Haproxy,MySQL等)的高可用解決方案軟件。
- Keepalived軟件主要是通過VRRP協議實現高可用功能的。VRRP是Virtual Router Redundancy Protocol(虛擬路由器冗餘協議)的縮寫,VRRP出現的目的就是為了解決靜態路由單點故障問題的,他能夠保證當個別節點宕機時,整個網絡可以不間斷地運行。所以,Keepalived一方面具有配置管理LVS的功能,同時還具有對LVS下面節點進行健康檢查的功能,另一方面也可實現系統網絡服務的高可用功能。
Keepalived的重要功能
- (1) 管理LVS負載均衡軟件:早期的LVS軟件,需要通過命令行或腳本實現管理,並且沒有針對LVS節點的健康檢查功能。為了解決LVS的這些使用不便問題,Keepalived誕生了,可以說,Keepalived軟件起初是專為解決LVS的問題而誕生的。因此,Keepalived和LVS的感情很深,他們的關係如同夫妻一樣,可以緊密地結合,愉快地工作。Keepalived可以通過讀取自身的配置文件,實現通過更底層的接口直接管理LVS的配置以及控制服務的啟動,停止功能,這使得LVS的應用更加簡單方便了。
- (2) 實現對LVS集群節點健康檢查功能(healthcheck):Keepalived可以通過在自身的Keepalived.conf文件里配置LVS的節點IP和相關參數實現對LVS的直接管理;除此之外,當LVS集群中的某一個甚至是幾個節點服務器同時發生故障無法提供服務時,Keepalived服務會自動將失效的節點服務器從LVS的正常轉發隊列中清除出去,並將請求調度到別的正常節點服務器上,從而保證最終用戶的訪問不受影響;當故障的節點服務器被修復以後,Keepalived服務又會自動地把它們加入到正常轉發隊列中,對客戶提供服務。
- (3) 作為系統網絡服務的高可用功能(failover):Keepalived高可用功能實現的簡單原理為,兩台主機同時安裝好Keepalived軟件並啟動服務,開始正常工作時,由角色為Master的主機獲得所有資源並對用戶提供服務,角色為Backup的主機作為Master主機的熱備;當角色為Master的主機失效或出現故障時,角色為Backup的主機將自動接管Master主機的所有工作,包括接管VIP資源及相應資源服務;而當角色為Master的主機故障修復後,又會自動接管回它原來處理的工作,角色為Backup的主機則同時釋放Master主機失效時它接管的工作,此時,兩台主機將恢復到最初啟動時各自的原始角色及工作狀態。
Keepalived如何故障切換實現高可用?
- (1) Keepalived高可用服務之間的故障切換轉移,是通過VRRP(Virtual Router Redundancy Protocol,虛擬路由器冗餘協議)來實現的。
- (a) VRRP,全稱Virtual Router Redundancy Protocol,中文名為虛擬路由冗餘協議,VRRP的出現就是為了解決靜態路由的單點故障問題,VRRP是通過一種競選機制來將路由的任務交給某台VRRP路由器的。
- (b) VRRP早期是用來解決交換機,路由器等設備單點故障的,下面是交換,路由的Master和Backup切換原理描述,同樣適用於Keepalived的工作原理。
- (c) 在一組VRRP路由器集群中,有多台物理VRRP路由器,但是這多台物理的機器並不是同時工作的,而是由一台稱為Master的機器負責路由工作,其他的機器都是Backup。Master角色並非一成不變的,VRRP會讓每個VRRP路由參與競選,最終獲勝的就是Master。獲勝的Master有一些特權,比如擁有虛擬路由器的IP地址等,擁有系統資源的Master負責轉發發送給網關地址的包和響應ARP請求。
- (d) VRRP通過競選機制來實現虛擬路由器的功能,所有的協議報文都是通過IP多播(Multicast)包(默認的多播地址224.0.0.18)形式發送的。虛擬路由器由VRID(範圍0-225)和一組IP地址組成,對外表現為一個周知的MAC地址:00-00-5E-00-01-{VRID}。所以,在一個虛擬路由器中,不管誰是Master,對外都是相同的MAC和IP(稱之為VIP)。客戶端主機並不需要因Master的改變而修改自己的路由配置。對他們來說,這種切換是透明的。
- (e) 在一組虛擬路由器中,只有作為Master的VRRP路由器會一直發送VRRP廣播包(VRRP Advertisement messages),此時Backup不會搶佔Master。當Master不可用時,Backup就收不到來自Master的廣播包了,此時多台Backup中優先級最高的路由器會搶佔為Master。這種搶佔是非常快速的(可能只有1秒甚至更少),以保證服務的連續性。出於安全性考慮,VRRP數據包使用了加密協議進行了加密。
- (2) 在Keepalived服務正常工作時,主Master節點會不斷地向備節點發送(多播的方式)心跳消息,用以告訴備Backup節點自己還活着,當主Master節點發生故障時,就無法發送心跳消息,備節點也就因此無法繼續檢測到來自主Master節點的心跳了,於是調用自身的接管程序,接管主Master節點的IP資源及服務。而當主Master節點恢復時,備Backup節點又會釋放主節點故障時自身接管的IP資源及服務,恢復到原來的備用角色。
Keepalived工作原理
- keepalived可提供vrrp以及health-check功能,可以只用它提供雙機浮動的vip(vrrp虛擬路由功能),這樣可以簡單實現一個雙機熱備高可用功能;keepalived是以VRRP虛擬路由冗餘協議為基礎實現高可用的,可以認為是實現路由器高可用的協議,即將N台提供相同功能的路由器組成一個路由器組,這個組裏面有一個master和多個backup,master上面有一個對外提供服務的vip(該路由器所在局域網內其他機器的默認路由為該vip),master會發組播,當backup收不到VRRP包時就認為master宕掉了,這時就需要根據VRRP的優先級來選舉一個backup當master。這樣的話就可以保證路由器的高可用了。
Keepalived的組件圖
上圖是Keepalived的功能體系結構,大致分兩層:用戶空間(user space)和內核空間(kernel space)。
- 內核空間:主要包括IPVS(IP虛擬服務器,用於實現網絡服務的負載均衡)和NETLINK(提供高級路由及其他相關的網絡功能)兩個部份。
- 用戶空間:
- WatchDog:負載監控checkers和VRRP進程的狀況
- VRRP Stack:負載負載均衡器之間的失敗切換FailOver,如果只用一個負載均稀器,則VRRP不是必須的。
- Checkers:負責真實服務器的健康檢查healthchecking,是keepalived最主要的功能。換言之,可以沒有VRRP Stack,但健康檢查healthchecking是一定要有的。
- IPVS wrapper:用戶發送設定的規則到內核ipvs代碼
- Netlink Reflector:用來設定vrrp的vip地址等。
Keepalived的所有功能是配置keepalived.conf文件來實現的。
Keepalived正常啟動的時候,共啟動3個進程
- 一個是父進程,負責監控其子進程;一個是VRRP子進程,另外一個是checkers子進程;兩個子進程都被系統watchlog看管,兩個子進程各自負責複雜自己的事。
- Healthcheck子進程檢查各自服務器的健康狀況,,例如http,lvs。如果healthchecks進程檢查到master上服務不可用了,就會通知本機上的VRRP子進程,讓他刪除通告,並且去掉虛擬IP,轉換為BACKUP狀態。
注意:keepalived和LVS完全是兩碼事,只不過他們各負其責相互配合而已。
Keepalived高可用服務器的「裂腦」問題——什麼是裂腦。
- 由於某些原因,導致兩台高可用服務器對在指定時間內,無法檢測到對方的心跳消息,各自取得資源及服務的所有權,而此時的兩台高可用服務器對都還活着並在正常運行,這樣就會導致同一個IP或服務在兩端同時存在而發生衝突,最嚴重的是兩台主機佔用同一個VIP地址,當用戶寫入數據時可能會分別寫入到兩端,這可能會導致服務器兩端的數據不一致或造成數據丟失,這種情況就被稱為裂腦。
導致裂腦發生的原因,有以下幾種原因:
- 高可用服務器對之間心跳線鏈路發生故障,導致無法正常通信。
- 心跳線壞了(包括斷了,老化)
- 網卡及相關驅動壞了,IP配置及衝突問題(網卡直連)。
- 心跳線間連接的設備故障(網卡及交換機)
- 仲裁的機器出問題(採用仲裁的方案)
- 高可用服務器上開啟了iptables防火牆阻擋了心跳消息傳輸
- 高可用服務器上心跳網卡地址等信息配置不正確,導致發送心跳失敗。
- 其他服務配置不當等原因,如心跳方式不同,心跳廣播衝突,軟件BUG等
提示:Keepalived配置里同一VRRP實例如果virtual_router_id兩端參數配置不一致,也會導致裂腦問題發生。
解決裂腦的常見方案。
- 同時使用串行電纜和以太網電纜連接,同時用兩條心跳線路,這樣一條線路壞了,另一個還是好的,依然能傳送心跳消息。
- 當檢測到裂腦時強行關閉一個心跳節點(這個功能需特殊設備支持,如Stonith,fence)。相當於備節點接收不到心跳消息,通過單獨的線路發送關機命令關閉主節點的電源。
- 做好對裂腦的監控報警(如郵件及手機短訊等或值班),在問題發生時人為第一時間介入仲裁,降低損失。
下面是生產場景檢測裂腦故障的一些思路:
- (1)簡單判斷的思想:只要備節點出現VIP就報警,這個報警有兩種情況,一是主機宕機了備機接管了;二是主機沒宕,裂腦了。不管屬於哪個情況,都進行報警,然後由人工查看判斷及解決。
- (2)比較嚴謹的判斷:備節點出現對應VIP,並且主節點及對應服務(如果能遠程連接主節點看是否有VIP就更好了)還活着,就說明發生裂腦了。
第一部分:Keepalived軟件安裝過程:【官方下載載點:源碼包;第三方下載載點:rpm包】
- 準備環境
| 屬性 | KeepAlived MASTER | KeepAlived BACKUP |
| 節點 | KeepAlived-Master | KeepAlived-Backup |
| 系統 | CentOS Linux release 7.5.1804 (Minimal) | CentOS Linux release 7.5.1804 (Minimal) |
| 內核 | 3.10.0-862.el7.x86_64 | 3.10.0-862.el7.x86_64 |
| SELinux | setenforce 0 | disabled | setenforce 0 | disabled |
| Firewlld | systemctl stop/disable firewalld | systemctl stop/disable firewalld |
| IP地址 | 172.16.70.37 |
172.16.70.4 |
- 以KeepAlived-Master為例。(KeepAlived-Backup相同操作)
# 修改主機名 [root@locahost ~]# hostnamectl set-hostname --static KeepAlived-Master && exec bash # 查看系統版本信息 [root@KeepAlived-Master ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@KeepAlived-Master ~]# uname -r 3.10.0-862.el7.x86_64 # 關閉SELinux及firewalld [root@KeepAlived-Master ~]# sed -i '7s/enforcing/disabled/' /etc/selinux/config [root@KeepAlived-Master ~]# setenforce 0 [root@KeepAlived-Master ~]# systemctl stop firewalld && systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@KeepAlived-Master ~]# hostname -I 172.16.70.37 # 查找centos7自帶keepalived版本 [root@KeepAlived-Master ~]# yum list | grep keepalived keepalived.x86_64 1.3.5-19.el7 base # 安裝基礎軟件 [root@KeepAlived-Master ~]# yum install -y vim net-tools wget curl lrzsz lsof # 安裝依賴並下載keepalived [root@KeepAlived-Master ~]# yum install -y openssl openssl-devel libnl libnl-devel gcc [root@KeepAlived-Master ~]# wget www.keepalived.org/software/keepalived-2.0.20.tar.gz [root@KeepAlived-Master ~]# md5sum keepalived-2.0.20.tar.gz a5966e8433b60998709c4a922a407bac keepalived-2.0.20.tar.gz [root@KeepAlived-Master ~]# tar -xf keepalived-2.0.20.tar.gz [root@KeepAlived-Master ~]# cd keepalived-2.0.20 [root@KeepAlived-Master keepalived-2.0.20]# ./configure --help | less # 查看選擇適合的編譯參數 [root@KeepAlived-Master keepalived-2.0.20]# ./configure --prefix=/usr/local/app/keepalived --with-systemdsystemunitdir=/usr/local/app/keepalived --enable-log-file ...... ....最後正常編譯完成後如下 Keepalived configuration ------------------------ Keepalived version : 2.0.20 Compiler : gcc Preprocessor flags : -D_GNU_SOURCE ...... ...... Linker flags : -pie -Wl,-z,relro -Wl,-z,now Extra Lib : -lm -lcrypto -lssl -lnl Use IPVS Framework : Yes IPVS use libnl : Yes IPVS syncd attributes : No IPVS 64 bit stats : No HTTP_GET regex support : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes Use VRRP authentication : Yes With ip rules/routes : Yes With track_process : Yes With linkbeat : Yes Use BFD Framework : No SNMP vrrp support : No SNMP checker support : No SNMP RFCv2 support : No SNMP RFCv3 support : No DBUS support : No SHA1 support : No Use JSON output : No libnl version : 1 Use IPv4 devconf : No Use iptables : Yes Use libiptc : No Use libipset : No Use nftables : No init type : systemd Strict config checks : No Build genhash : Yes Build documentation : No [root@KeepAlived-Master keepalived-2.0.20]# make -j 4 && make install # 設置環境變量 [root@KeepAlived-Master ~]# ls /usr/local/app/keepalived/ bin etc keepalived.service sbin share [root@KeepAlived-Master ~]# ln -s /usr/local/app/keepalived/sbin/keepalived /usr/local/sbin/ [root@KeepAlived-Master ~]# ls -l /usr/sbin/keepalived lrwxrwxrwx. 1 root root 42 Sep 18 14:31 /usr/sbin/keepalived -> /usr/local/apps/keepalived/sbin/keepalived [root@KeepAlived-Master ~]# keepalived -v Keepalived v2.0.20 (01/22,2020) Copyright(C) 2001-2020 Alexandre Cassen, <[email protected]> Built with kernel headers for Linux 3.10.0 Running on Linux 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 configure options: --prefix=/usr/local/app/keepalived --with-systemdsystemunitdir=/usr/local/app/keepalived --enable-log-file Config options: LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING FILE_LOGGING LOG_FILE_APPEND System options: PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG ...... INET6_ADDR_GEN_MODE SO_MARK SCHED_RESET_ON_FORK [root@KeepAlived-Master ~]# keepalived -h Usage: keepalived [OPTION...] -f, --use-file=FILE Use the specified configuration file -P, --vrrp Only run with VRRP subsystem -C, --check Only run with Health-checker subsystem --all Force all child processes to run, even if have no configuration -l, --log-console Log messages to local console -D, --log-detail Detailed log messages -S, --log-facility=[0-7] Set syslog facility to LOG_LOCAL[0-7] -G, --no-syslog Don't log via syslog -u, --umask=MASK umask for file creation (in numeric form) -X, --release-vips Drop VIP on transition from signal. -V, --dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop -I, --dont-release-ipvs Don't remove IPVS topology on daemon stop -R, --dont-respawn Don't respawn child processes -n, --dont-fork Don't fork the daemon process -d, --dump-conf Dump the configuration data -p, --pid=FILE Use specified pidfile for parent process -r, --vrrp_pid=FILE Use specified pidfile for VRRP child process -c, --checkers_pid=FILE Use specified pidfile for checkers child process -a, --address-monitoring Report all address additions/deletions notified via netlink -s, --namespace=NAME Run in network namespace NAME (overrides config) -m, --core-dump Produce core dump if terminate abnormally -M, --core-dump-pattern=PATN Also set /proc/sys/kernel/core_pattern to PATN (default 'core') -i, --config-id id Skip any configuration lines beginning '@' that don't match id or any lines beginning @^ that do match. The config-id defaults to the node name if option not used --signum=SIGFUNC Return signal number for STOP, RELOAD, DATA, STATS -t, --config-test[=LOG_FILE] Check the configuration for obvious errors, output to stderr by default -v, --version Display the version number -h, --help Display this help message # keepalived配置文件 [root@KeepAlived-Master ~]# cd /usr/local/app/keepalived/ [root@KeepAlived-Master keepalived]# ls bin etc keepalived.service logs run sbin share [root@KeepAlived-Master keepalived]# cp etc/keepalived/keepalived.conf etc/keepalived/keepalived.conf_bak [root@KeepAlived-Master keepalived]# diff etc/keepalived/keepalived.conf etc/keepalived/keepalived.conf_bak 21c21 < interface ens33 # 修改此行 --- > interface eth0 23c23 < priority 110 # 修改此行 --- > priority 100 --------------------------------------------------------------------------------- # Master與Bacpup對比的差異項如下 [root@KeepAlived-Master keepalived]# diff keepalived.conf keepalived.conf_BACKUP 20c20 < state MASTER --- > state BACKUP 23c23 < priority 110 --- > priority 100 --------------------------------------------------------------------------------- # 根據編譯安裝,自行創建systemd管理 [root@KeepAlived-Master ~]# vim /usr/lib/systemd/system/keepalived.service [Unit] Description=LVS and VRRP High Availability Monitor After=network-online.target syslog.target Wants=network-online.target [Service] Type=forking PIDFile=/run/keepalived.pid # 自定義項 KillMode=process EnvironmentFile=-/usr/local/app/keepalived/etc/sysconfig/keepalived # 自定義項 ExecStart=/usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS # 自定義項 ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target [root@KeepAlived-Master ~]# systemctl daemon-reload [root@KeepAlived-Master ~]# systemctl start|stop|restart keepalived [root@KeepAlived-Master ~]# ps -ef| grep keepalived root 8235 1 0 15:37 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0 root 8236 8235 1 15:37 ? 00:00:03 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0 root 8237 8235 0 15:37 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0 root 8249 1149 0 15:41 pts/0 00:00:00 grep --color=auto keepalived [root@KeepAlived-Master ~]# ip addr | grep '192.168.200' inet 192.168.200.16/32 scope global ens33 inet 192.168.200.17/32 scope global ens33 inet 192.168.200.18/32 scope global ens33 # 設置開機自啟動 [root@KeepAlived-Master ~]# systemctl enable keepalived [root@KeepAlived-Master ~]# systemctl list-unit-files | grep keepalived keepalived.service enabled # 開啟keepalived日誌 [root@KeepAlived-Master ~]# vim /usr/local/app/keepalived/etc/sysconfig/keepalived .....修為如下 KEEPALIVED_OPTIONS="-D -S 0" [root@KeepAlived-Master ~]# echo "local0.* /usr/local/app/keepalived/logs/keepalived.log" >> /etc/rsyslog.conf [root@KeepAlived-Master ~]# systemctl restart rsyslog
第二部分:故障轉移測試
# 1.Master機操作
[root@KeepAlived-Master ~]# systemctl restart keepalived
[root@KeepAlived-Master ~]# ps -ef |grep keepalived
root 8548 1 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8549 8548 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8550 8548 0 17:17 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D -S 0
root 8552 1149 0 17:18 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200' # 查看vip資源情況 (默認vip是在主節點上的)
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33
# 2.Backup機操作
[root@KeepAlived-Backup ~]# systemctl restart keepalived
[root@KeepAlived-Backup ~]# ps -ef |grep keepalived
root 8345 1 0 Sep23 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8346 8345 0 Sep23 ? 00:00:33 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8347 8345 0 Sep23 ? 00:00:14 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 14260 1149 0 15:12 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200' # 從節點沒有vip資源
# 3.假設主節點宕機或keepalived服務掛掉, 則vip資源就會自動轉移到從節點
[root@KeepAlived-Master ~]# systemctl stop keepalived
[root@KeepAlived-Master ~]# ps -ef |grep keepalived
root 14488 1149 0 15:18 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200'
# 4.此時從節點就會接管vip
[root@KeepAlived-Backup ~]# ps -ef |grep keepalived
root 8345 1 0 Sep23 ? 00:00:00 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8346 8345 0 Sep23 ? 00:00:33 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 8347 8345 0 Sep23 ? 00:00:14 /usr/local/app/keepalived/sbin/keepalived -f /usr/local/app/keepalived/etc/keepalived/keepalived.conf -D
root 14269 1149 0 15:20 pts/0 00:00:00 grep --color=auto keepalived
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200'
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33
# 5.接着再重啟主節點的keepalived服務, 即主節點故障恢復後, 就會重新搶回vip (根據配置里的優先級決定的)
[root@KeepAlived-Master ~]# systemctl start keepalived
[root@KeepAlived-Master ~]# ip addr | grep '192.168.200'
inet 192.168.200.16/32 scope global ens33
inet 192.168.200.17/32 scope global ens33
inet 192.168.200.18/32 scope global ens33
# 6.此時從節點的vip就消失了
[root@KeepAlived-Backup ~]# ip addr | grep '192.168.200'
注意:以上操作, keepalived僅僅實現了兩台機器的vip的故障轉移功能, 即實現了雙機熱備, 避免了單點故障.
- 附:Keepalived默認配置文件解析。
[root@KeepAlived-Master keepalived]# cat etc/keepalived/keepalived.conf # 默認配置文件解析
! Configuration File for keepalived
global_defs { # 全局定義區塊
notification_email { # 指定keepalived在發生事件時(比如切換)發送通知郵件的郵箱
[email protected] # 設置報警郵件地址,可以設置多個,每行一個。 需開啟本機的sendmail服務
[email protected]
[email protected]
}
notification_email_from [email protected] # keepalived在發生諸如切換操作時需要發送email通知地址
smtp_server 192.168.200.1 # 指定發送email的smtp服務器
smtp_connect_timeout 30 # 設置連接smtp server的超時時間
router_id LVS_DEVEL # 運行keepalived的機器的一個標識,通常可設為hostname。故障發生時,發郵件時顯示在郵件主題中的信息
vrrp_skip_check_adv_addr # 如果通告與接收的上一個通告來自相同master路由器,則跳過檢查
vrrp_strict # 嚴格執行VRRP協議規範,此模式不支持節點單播
vrrp_garp_interval 0 # arp報文發送延遲
vrrp_gna_interval 0 # 消息發送延遲
}
vrrp_instance VI_1 { # vrrp實例定義區塊
state MASTER # 指定keepalived的角色,MASTER表示此主機是主服務器,BACKUP表示此主機是備用服務器,並且需要大寫這些字符
interface eth0 # 指定HA監測網絡的接口。實例綁定的網卡,因為在配置虛擬IP的時候必須是在已有的網卡上添加
virtual_router_id 51 # 虛擬路由標識,這個標識是一個數字,同一個vrrp實例使用唯一的標識。即同一vrrp_instance下,MASTER和BACKUP必須是一致,否則將出現腦裂問題
priority 100 # 定義優先級,數字越大,優先級越高,在同一個vrrp_instance下,MASTER的優先級必須大於BACKUP的優先級
advert_int 1 # 設定MASTER與BACKUP負載均衡器之間同步檢查的時間間隔,單位是秒
authentication { # 設置驗證類型和密碼。主從必須一樣
auth_type PASS # 設置vrrp驗證類型,主要有PASS和AH兩種
auth_pass 1111 # 設置vrrp驗證密碼,在同一個vrrp_instance下,MASTER與BACKUP必須使用相同的密碼才能正常通信
}
virtual_ipaddress { # VRRP HA 虛擬地址 如果有多個VIP,每個地址佔一行,配置時最好明確指定子網掩碼以及虛擬IP綁定的網絡接口。否則,子網掩碼默認是32位,綁定的接口和前面的interface參數配置的一致
192.168.200.16
192.168.200.17
192.168.200.18
}
}
# LVS配置
virtual_server 192.168.200.100 443 { #設置virtual server: VIP:Vport
delay_loop 6 # service polling的delay時間,即服務輪詢的時間間隔
lb_algo rr # LVS調度算法,rr|wrr|lc|wlc|lblc|sh|dh
lb_kind NAT # LVS集群模式,NAT|DR|TUN
persistence_timeout 50 # 會話保持時間(秒為單位),即以用戶在120秒內被分配到同一個後端realserver
protocol TCP # 健康檢查用的是TCP還是UDP
real_server 192.168.201.100 443 { # 後端真實節點主機的權重等設置,主要,後端有幾台這裡就要設置幾個
weight 1 # 給每台的權重,0表示失效(不知給他轉發請求知道他恢復正常),默認是1
SSL_GET { # 健康檢查方式,HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
url { # 要堅持的URL,可以有多個
path / # 具體路徑
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3 # 連接超時時間
retry 3 # 重連次數
delay_before_retry 3 # 重連間隔
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
至此,已簡單實現Keepalived故障轉移。
