一、keepalive簡介
Keepalived是專門針對LVS設計的一款強大的輔助工具,主要用來提供故障切換和健檢查功能,如判斷LVS負載調度器、節點服務器的可用性,及時隔離並替換爲新的服務器,當故障主機恢復後將其重新加入羣集。在非LVS羣集環境中使用時Keepalived也可以作爲熱備軟件使用。
Keepalived採用VRRP(virtual router redundancy protocol,虛擬路由冗餘協議)熱備份協議,以軟件的方式實現linux服務器的多機熱備功能。VRRP是針對路由器的一種備份解決方案-----由多臺路由器組成一個熱備組。通過共用的虛擬IP地址對外提供服務;每個熱備組內同一時刻只有一臺主服務器提供服務,其他服務器處於冗餘狀態,若當前在線的服務器失敗,其他服務器會自動接替(優先級決定接替順序)虛擬IP地址,以繼續提供服務。
熱備組內的每臺服務器都可以成爲主服務器,虛擬IP地址(VIP)可以在熱備組內的服務器之間進行轉移,所以也稱爲漂移IP地址,使用Keepalived時,漂移地址的實現不需要手動建立虛擬接口配置文件(如eth0:0),而是由Keepalived根據配置文件自動管理。
二、keepalive原理
keepalived啓動後會有三個進程
父進程:內存管理,子進程管理等等
子進程:VRRP子進程
子進程:healthchecker子進程
有圖可知,兩個子進程都被系統WatchDog看管,兩個子進程各自複雜自己的事,healthchecker子進程複雜檢查各自服務器的健康程度,例如HTTP,LVS等等,如果healthchecker子進程檢查到MASTER上服務不可用了,就會通知本機上的兄弟VRRP子進程,讓他刪除通告,並且去掉虛擬IP,轉換爲BACKUP狀態。
三、部署keepalived服務
環境:Centos6.5-x64位系統
IP:172.16.16.15(master),172.16.16.16(backup)
VIP:172.16.16.100
關閉iptables,selinux
只是演示keepalive的常用配置,因此yum安裝,如有需要,請百度源碼安裝。
[root@localhost ~]# yum install keepalived -y
keepalive主配置文件在/etc/keepalived/下,
1.實現簡單的VIP漂移
master配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost ##########收件人郵箱,每行一個收件人
}
notification_email_from keepadmin@localhost #########發件人郵箱,可以不存在
smtp_server 127.0.0.1 ###########郵件服務器地址
smtp_connect_timeout 30 ########郵件服務器連接超時時間
router_id LVS_DEVEL #########服務器的標識
}
vrrp_instance VI_1 { ########熱備實例
state MASTER ########熱備狀態
interface eth0 #########監控心跳,向備發送宣告
virtual_router_id 51 #########虛擬路由id,主備必須一致
priority 100 #########定義優先級,值越大優先級越高
advert_int 1 #########主備宣告的時間間隔,
authentication { #########設置驗證
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100 ######定義vip,注此機器只有一塊網卡,默認加到eth0上,若多塊網卡,或者子卡,可以設置爲172.16.16.100 dev eth1[label eth0:0]等指定設備
}
}
backup配置文件:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP ###修改此節點爲備
interface eth0
virtual_router_id 51
priority 99 ########優先級要比主低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
}
啓動兩個幾點keepalived
master:
root@localhost keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
backup
[root@localhost keepalived]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
關閉master的keepalive,
master
[root@localhost keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
backup
[root@localhost keepalived]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0 #######vip漂移到backup
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
2.定義簡單的腳本命令
在/etc/keepalived/目錄下,檢測到down文件,vip漂移
master/backup
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_maintainace { #######定義檢測腳本參數vrrp_script,chk_maintainace自定義
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" ##可以爲腳本,或命令
interval 1 ######檢測down文件的時間間隔爲1秒
weight -2 ########檢測到down文件,優先級-2(即100-2)
}
vrrp_instance VI_1 {
state MASTER/BACKUP
interface eth0
virtual_router_id 51
priority 100/99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
track_script {
chk_maintainace ############追蹤腳本
}
}
[root@localhost keepalived]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# touch down
[root@localhost keepalived]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:ccff/64 scope link ######vip漂移
valid_lft forever preferred_lft forever
[root@localhost keepalived]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5c:ef:24 brd ff:ff:ff:ff:ff:ff
inet 172.16.16.16/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0 ######vip漂移到backup
inet6 fe80::20c:29ff:fe5c:ef24/64 scope link
valid_lft forever preferred_lft forever
[root@localhost keepalived]# rm -rf down 主刪除down
[root@localhost keepalived]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cc:ff brd ff:ff:ff:ff:ff:ff
inet 172.16.16.15/16 brd 172.16.255.255 scope global eth0
inet 172.16.16.100/32 scope global eth0 ######vip漂移回master
inet6 fe80::20c:29ff:fec2:ccff/64 scope link
valid_lft forever preferred_lft forever
3.當主從切換時,實現郵件通知(運行腳本)
腳本notify.sh,在終端運行沒問題,在測試。
#!/bin/bash
IP=`ifconfig eth0 | awk /'inet addr'/'{print $2}' | awk -F : '{print $2}'`
vip='172.16.16.100'
send='root@localhost'
notify(){
subject="$IP to be $1"
body="`date +%F` : $IP become $1"
echo $body | mail -s "$subject" $send
}
case "$1" in
master)
notify master
exit 0;;
backup)
notify backup
exit 0;;
fault)
notify fault
exit 0;;
*)
echo "Usage: `basename $0` (master|backup|fault)";;
esac
~
master/backup
global_defs {
notification_email {
root@localhost
}
notification_email_from keepadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_maintainace {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER/BACKUP
interface eth0
virtual_router_id 51
priority 100/99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100
}
track_script {
chk_maintainace
}
notify_master "/etc/keepalived/notify.sh master" #######當切到主時,調用腳本
notify_backup "/etc/keepalived/notify.sh backup" #######當切到從時,調用腳本
notify_fault "/etc/keepalived/notify.sh fault" #######當故障時,調用腳本
}
4.配置ipvs
環境:Centos6.5_64
MASTER:172.16.16.15,BACKUP:172.16.16.16
VIP:172.16.16.100
WEB1:172.16.16.101 WEB2:172.16.16.102
關閉iptables,selinux
軟件包均採用源碼安裝:
master/backup
[root@localhost keepalived]# yum install ipvsadm keepalived -y
master/backup配置文件
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { ######設置收件人
}
notification_email_from [email protected]
smtp_server 192.168.200.1 #######設置發件人
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER/BACKUP ###熱備狀態
interface eth0 #####心跳宣告的接口
virtual_router_id 51 ######虛擬路由器id,必須與backup一樣
priority 100/99 ###優先級
advert_int 1 ##宣告間隔
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.16.100 ####vip
}
}
virtual_server 172.16.16.100 80 { ###配置lvs負載均衡
delay_loop 6 ###每隔6秒,檢查一次realserver監控狀態
lb_algo rr #####算法
lb_kind DR ######負載均衡機制
persistence_timeout 10 ######同一IP的連接n秒內被分配到同一臺realserver
protocol TCP #######用TCP協議檢查realserver狀態
real_server 172.16.16.101 80 { #######第一realserver,web節點
weight 1 ####幾點權重
TCP_CHECK { ##########健康檢查方式
connect_port 80
connect_timeout 3 #####3秒連接不上,即爲故障
nb_get_retry 3 ######重試次數
delay_before_retry 4 ###重試間隔
}
}
real_server 172.16.16.102 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 4
}
}
}
注:realserver健康檢查有多種,如SSL_TCP,SSL_GET等
後臺web配置,http提供web,web配置一樣
[root@localhost html]# yum install httpd -y
echo 'web1/2' >> /var/www/html/index.html
調整內核ARP響應,避免MAC衝突(web1/web2)
[root@localhost keepalived]# cat /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
配置lo:0網卡
[root@localhost network-scripts]# cat ifcfg-lo:0
DEVICE=lo:0
IPADDR=172.16.16.100 #########VIP
NETMASK=255.255.255.255
ONBOOT=yes
啓動服務
MASTER/BACKUP
/etc/init.d/keepalived restart
WEB
/etc/init.d/httpd restart
測試:訪問172.16.16.100,分別訪問到web1/web2,配置成功
5、配置雙主模型
master/backup配置
global_defs {
notification_email {
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 { ###主一標識
state MASTER/BACKUP
interface eth0
virtual_router_id 51 ########主一虛擬路由標識
priority 100/99 ##優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 1111 #####主一驗證
}
virtual_ipaddress {
172.16.16.100 ###主一vip
}
}
vrrp_instance VI_2 { ###主二標識
state BACKUP/MASTER
interface eth0
virtual_router_id 50 ########主二虛擬路由標識
priority 49/50 ##優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 2222 #####主二驗證
}
virtual_ipaddress {
172.16.16.200 ###主二vip
}
}
參考:
http://blog.csdn.net/jibcy/article/details/7826158詳細的keepalive配置文件講解
http://bbs.nanjimao.com/thread-845-1-1.html