內容
1、vrrp協議簡介
2、keepalived的工作架構以及工作原理
3、keepalived的安裝使用詳解
一、vrrp協議簡介
VRRP(Virtual Router Redundancy Protocol)協議是用於實現路由器冗餘的協議。
VRRP協議將兩臺或多臺路由器設備虛擬成一個設備,對外提供虛擬路由器IP(一個或多個),而在路由器組內部,如果實際擁有這個對外IP的路由器如果工作正常的話就是MASTER,或者是通過算法選舉產生,MASTER實現針對虛擬路由器IP的各種網絡功能,如ARP請求,ICMP,以及數據的轉發等;其他設備不擁有該IP,狀態是BACKUP,除了接收MASTER的VRRP狀態通告信息外,不執行對外的網絡功能。當主機失效時,BACKUP將接管原先MASTER的網絡功能。
配置VRRP協議時需要配置每個路由器的虛擬路由器ID(VRID)和優先權值,使用VRID將路由器進行分組,具有相同VRID值的路由器爲同一個組,VRID是一個0~255的正整數;同一組中的路由器通過使用優先權值來選舉MASTER,優先權大者爲MASTER,優先權也是一個0~255的正整數。
VRRP協議使用多播數據來傳輸VRRP數據,VRRP數據使用特殊的虛擬源MAC地址發送數據而不是自身網卡的MAC地址,VRRP運行時只有MASTER路由器定時發送VRRP通告信息,表示MASTER工作正常以及虛擬路由器IP(組),BACKUP只接收VRRP數據,不發送數據,如果一定時間內沒有接收到MASTER的通告信息,各BACKUP將宣告自己成爲MASTER,發送通告信息,重新進行MASTER選舉狀態。
VRRP的工作過程爲:
(1) 虛擬路由器中的路由器根據優先級選舉出Master。Master 路由器通過發送免費ARP 報文,將自己的虛擬MAC 地址通知給與它連接的設備或者主機,從而承擔報文轉發任務;
(2) Master 路由器週期性發送VRRP 報文,以公佈其配置信息(優先級等)和工作狀況;
(3) 如果Master 路由器出現故障,虛擬路由器中的Backup 路由器將根據優先級重新選舉新的Master;
(4) 虛擬路由器狀態切換時,Master 路由器由一臺設備切換爲另外一臺設備,新的Master 路由器只是簡單地發送一個攜帶虛擬路由器的MAC 地址和虛擬IP地址信息的免費ARP 報文,這樣就可以更新與它連接的主機或設備中的ARP 相關信息。網絡中的主機感知不到Master 路由器已經切換爲另外一臺設備。
(5) Backup 路由器的優先級高於Master 路由器時,由Backup 路由器的工作方式(搶佔方式和非搶佔方式)決定是否重新選舉Master。
二、keepalived簡介
1、上面介紹了VRRP,而keepalived是什麼呢,說白了keepalived就是實現VRRP協議的軟件。它可以檢測web服務器的工作狀態,如果該服務器出現故障被檢測到,將其剔除服務器羣中,直至正常工作後,keepalive會自動檢測到並加入到服務器羣裏面。實現主備服務器發生故障時ip瞬時無縫交接。它是LVS集羣節點健康檢測的一個用戶空間守護進程,也是LVS的引導故障轉移模塊(director failover)。Keepalived守護進程可以檢查LVS池的狀態。如果LVS服務器池當中的某一個服務器宕機了。keepalived會通過一 個setsockopt呼叫通知內核將這個節點從LVS拓撲圖中移除。
2、keepalived的架構:
keepalived也是模塊化設計,不同模塊複雜不同的功能,其組件包括:
core:是keepalived的核心,複雜主進程的啓動和維護,全局配置文件的加載解析等
check:負責healthchecker(健康檢查),包括了各種健康檢查方式,以及對應的配置的解析包括LVS的配置解析
vrrp:VRRPD子進程,VRRPD子進程就是來實現VRRP協議的
libipfwc:iptables(ipchains)庫,配置LVS會用到
libipvs*:配置LVS會用到
由圖可知,兩個子進程都被系統WatchDog看管,兩個子進程各自複雜自己的事,checker子進程複雜檢查各自服務器的健康程度,例如HTTP,LVS等等,如果checker子進程檢查到MASTER上服務不可用了,就會通知本機上的兄弟VRRP子進程,讓他刪除通告,並且去掉虛擬IP,轉換爲BACKUP狀態,並且會自動在ipvs內核添加相應的集羣調度規則,所以說keepalived與lvs是天生搭配的。
三、keepalived的安裝以及配置
在centos6.4以前的系統其安裝程序在epel源,6.4以後已被收入base源,所以我們可以直接使用yum來進行安裝。
查看keepalived的信息
[root@localhost ~]# yum info keepalived Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile base | 4.0 kB 00:00 ... Available Packages Name : keepalived Arch : x86_64 Version : 1.2.13 Release : 5.el6_6 Size : 214 k Repo : base Summary : Load balancer and high availability service URL : http://www.keepalived.org/ License : GPLv2+ Description : Keepalived provides simple and robust facilities for load balancing : and high availability. The load balancing framework relies on the : well-known and widely used Linux Virtual Server (IPVS) kernel module : providing layer-4 (transport layer) load balancing. Keepalived : implements a set of checkers to dynamically and adaptively maintain : and manage a load balanced server pool according their health. : Keepalived also implements the Virtual Router Redundancy Protocol : (VRRPv2) to achieve high availability with director failover.
安裝完成後,其主要的配置文件
程序環境:
配置文件:/etc/keepalived/keepalived.conf
主程序:/usr/sbin/keepalived
其中keepalivd的配置文件是keepalived.conf,其可以分爲三個部分:
全局配置(Global Configuration)
VRRP配置
LVS配置
1、全局定義(global definition)配置範例:
! Configuration File for keepalived #註釋內容
global_defs { #表示keepalived在發生諸如切換操作時需要發送email通知,以及email發送給哪些郵件地址,郵件地址可以多個,每行一個
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected] #表示發送通知郵件時郵件源地址是誰
smtp_server 192.168.200.1 #表示發送email時使用的smtp服務器地址
smtp_connect_timeout 30 #連接smtp連接超時時間
router_id LVS_DEVEL #機器標識,相當於主機名
}2、VRRP配置實例:
vrrp_instance VI_1 { #VI_1表示這個VRRP的虛擬路由器的名字
state MASTER #狀態值
interface eth0 #監聽的端口
virtual_router_id 51 #VRID,這個必須與備節點是一樣
priority 100 #優先級
advert_int 1 #檢測間隔
authentication { #認證
auth_type PASS #帳號
auth_pass 1111 #密碼
}
virtual_ipaddress { #需要虛擬的IP地址,可以是多個
192.168.200.16
192.168.200.17
192.168.200.18
}
}3、lvs配置實例說明:
virtual_server 192.168.200.100 80 { # 設置VIP的IP和端口信息
delay_loop 6 #檢測間隔時間
lb_algo rr #調度算法
lb_kind NAT #lvs類型
nat_mask 255.255.255.0 #NAT類型的網關掩碼,其他類型不需要此項
persistence_timeout 50 #持久連接時間
protocol TCP #TCP協議
real_server 192.168.201.100 80 { #RIP的IP和端口
weight 1 #權重
url {
path /mrtg/ #健康檢查,這裏是對web服務的檢測,有兩種方法,一種是指定頁面的hash值。一個是頁面的狀態碼,這裏是hash值
digest 9b3a0c85a887a256d6939da88aabd8cd #hash值
}
connect_timeout 3 #失敗時連接的時間
nb_get_retry 3 #失敗時檢測的次數
delay_before_retry 3 #每次失敗等多少秒再進行檢查
}
}
}其實配置就是這麼簡單,下面來實驗來測試驗證效果,在配置HA Cluster時需要注意的事項:
(1)各主機之間的時間必須一致
(2)確保集羣服務不受iptables和selinux的影響
(3)各節點之間可通過
1、單實例(沒用啓用LVS)
(1)設置配置(master主機):
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test1
vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 23
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth0 label eth0:1
}
}(2)同時把該配置文件拷貝至BACKUP的主機上,但是要修改三個地方:router_id,state,priority
BACKUP主機的配置:
[root@php ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id test2
vrrp_mcast_group4 224.0.24.122
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 23
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth1 label eth1:1
}
}(3)啓動主機服務,IP已經設置在MASTER上,同時查看日誌信息,可以清晰的看到MASTER在不斷髮送免費arp報文
[root@localhost keepalived]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:DA:A5:4C inet addr:10.1.252.36 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:feda:a54c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18767 errors:0 dropped:0 overruns:0 frame:0 TX packets:1302 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1646398 (1.5 MiB) TX bytes:184756 (180.4 KiB) eth0:1 Link encap:Ethernet HWaddr 00:0C:29:DA:A5:4C inet addr:192.168.200.16 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:202 (202.0 b) TX bytes:202 (202.0 b) [root@localhost keepalived]# tail /var/log/messages Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Opening file '/etc/keepalived/keepalived.conf'. Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Configuration is using : 7453 Bytes Oct 31 19:43:16 localhost Keepalived_healthcheckers[2629]: Using LinkWatch kernel netlink reflector... Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Transition to MASTER STATE Oct 31 19:43:16 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Entering MASTER STATE Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) setting protocol VIPs. Oct 31 19:43:17 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16 Oct 31 19:43:17 localhost Keepalived_healthcheckers[2629]: Netlink reflector reports IP 192.168.200.16 added Oct 31 19:43:22 localhost Keepalived_vrrp[2630]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.200.16
(4)停掉MATER主機keepalived服務,查看BACKUP主機,IP已經接管,說明keepalived已經正常工作了:
MATER:
[root@localhost keepalived]# service keepalived stop Stopping keepalived: [ OK ] BACKUP: [root@php ~]# ifconfig eth1 Link encap:Ethernet HWaddr 00:0C:29:DE:83:7F inet addr:10.1.249.30 Bcast:10.1.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fede:837f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:19877 errors:0 dropped:0 overruns:0 frame:0 TX packets:1140 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1743327 (1.6 MiB) TX bytes:150564 (147.0 KiB) eth1:1 Link encap:Ethernet HWaddr 00:0C:29:DE:83:7F inet addr:192.168.200.16 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:252 (252.0 b) TX bytes:252 (252.0 b) [root@php ~]# !tai tail /var/log/messages Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Received higher prio advert Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering BACKUP STATE Nov 1 03:43:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) removing protocol VIPs. Nov 1 03:43:15 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 removed Nov 1 03:47:15 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Transition to MASTER STATE Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Entering MASTER STATE Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) setting protocol VIPs. Nov 1 03:47:16 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16 Nov 1 03:47:16 php Keepalived_healthcheckers[2529]: Netlink reflector reports IP 192.168.200.16 added Nov 1 03:47:21 php Keepalived_vrrp[2530]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.200.16
(5)單實例的配置就是這麼簡單的實現了,當然也可以不同主配置的郵件通知功能,而是使用自定義的郵件通知的shell腳本
在instance中添加自定義的郵件通知的shell腳本路徑實例:
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 23
priority 90
advert_int 1
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
authentication {
auth_type PASS
auth_pass 12345
}
virtual_ipaddress {
192.168.200.16/24 dev eth1 label eth1:1
}
}
notify.sh腳本內容如下:
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac雙實例或多實例的配置過程大同小異,這裏就不再進行演示
(6)我們知道lvs不支持都後端的調度主機進行狀態檢查,而keepalived彌補了這個缺陷,並且還支持傳輸層和應用層的檢測:
real_server <IPADDR> <PORT>
{
weight <INT>
notify_up <STRING>|<QUOTED-STRING>
notify_down <STRING>|<QUOTED-STRING>
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... }:定義當前主機的健康狀態檢測方法;
}
HTTP_GET|SSL_GET {
url {
path <URL_PATH>:定義要監控的URL;
status_code <INT>:判斷上述檢測機制爲健康狀態的響應碼;
digest <STRING>:判斷上述檢測機制爲健康狀態的響應的內容的校驗碼;
}
nb_get_retry <INT>:重試次數;
delay_before_retry <INT>:重試之前的延遲時長;
connect_ip <IP ADDRESS>:向當前RS的哪個IP地址發起健康狀態檢測請求
connect_port <PORT>:向當前RS的哪個PORT發起健康狀態檢測請求
bindto <IP ADDRESS>:發出健康狀態檢測請求時使用的源地址;
bind_port <PORT>:發出健康狀態檢測請求時使用的源端口;
connect_timeout <INTEGER>:連接請求的超時時長;
}
TCP_CHECK {
connect_ip <IP ADDRESS>:向當前RS的哪個IP地址發起健康狀態檢測請求
connect_port <PORT>:向當前RS的哪個PORT發起健康狀態檢測請求
bindto <IP ADDRESS>:發出健康狀態檢測請求時使用的源地址;
bind_port <PORT>:發出健康狀態檢測請求時使用的源端口;
connect_timeout <INTEGER>:連接請求的超時時長;
}(7)此外keepalived還支持調用外部分輔助腳本,完成資源監控,並根據監控的結果狀態來實現優先動態調整;
用法:
vrrp_script:定義一個資源監控腳本;
vrrp_script <STRING> {
script ""
interval INT
weight -INT
}
track_script:調用定義的資源監控腳本;
track_script {
SCRIPT_NAME
}
示例:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_down { #如果/etc/keepalived/down文件存在,優先級-5
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_httpd {#如果httpd服務進程失效,優先級-5
script "killall -0 httpd && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 57
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 98181111
}
virtual_ipaddress {
172.16.100.71/32 dev eno16777736
}
track_script { #調用腳本
chk_down
chk_httpd
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}好了,keepalived的基本用法就介紹到這裏,更多內容請關注 我的博客。