理解 Keepalived

---

title: “理解 Keepalived”

url: “https://wsk1103.github.io/”

tags:

• 架構
• Keepalived

---

1. Keepalived 是什麼

官網鏈接

Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for loadbalancing and high-availability to Linux system and Linux based infrastructures. Loadbalancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 loadbalancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage loadbalanced server pool according their health. On the other hand high-availability is achieved by VRRP protocol. VRRP is a fundamental brick for router failover. In addition, Keepalived implements a set of hooks to the VRRP finite state machine providing low-level and high-speed protocol interactions. In order to offer fastest network failure detection, Keepalived implements BFD protocol. VRRP state transition can take into account BFD hint to drive fast state transition. Keepalived frameworks can be used independently or all together to provide resilient infrastructures.

Keepalived is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Keepalive 是一款可以實現高可靠的軟件，通常部署在2臺服務器上，分爲一主一備。Keepalived可以對本機上的進程進行檢測，一旦 Master (主)檢測出某個進程出現問題，將自己切換成 Backup (副)狀態，然後通知另外一個節點切換成 Master (主)狀態。

2. Keepalived 安裝

[root@localhost /]# cd /usr/local/src/
[root@localhost src]# wget http://www.keepalived.org/software/keepalived-2.0.19.tar.gz
[root@localhost keepalived-2.0.19]# tar -zxvf keepalived-2.0.19.tar.gz
[root@localhost keepalived-2.0.19]# cd keepalived-2.0.19/
[root@localhost keepalived-2.0.19]# ./configure --prefix=/usr/loacl/keepalived
[root@localhost keepalived-2.0.19]# make && make install

安裝過程可能出現的問題

• 缺少C編譯器

configure: error: in `/usr/local/keepalived-2.0.11':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details

解決方案

缺少C編譯器 安裝GCC軟件套件 yum install gcc

• 缺少 openssl-devel

configure: error: 
  !!! OpenSSL is not properly installed on your system. !!!
  !!! Can not include OpenSSL headers files.            !!!

解決方案

yum -y install openssl-devel

• 缺少 libnl libnl-devel

*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

解決方案

yum -y install libnl libnl-devel

2. 配置 Keepalived 和 開機啓動

[root@localhost keepalived]# cd /usr/loacl/keepalived/
# keepalived啓動腳本變量引用文件，默認文件路徑是/etc/sysconfig/
[root@localhost keepalived]# cp etc/sysconfig/keepalived  /etc/sysconfig/ 
 
# 將keepalived主程序加入到環境變量（安裝目錄下）
[root@localhost keepalived]# cp sbin/keepalived /usr/sbin/
 
# keepalived啓動腳本（源碼目錄下），放到/etc/init.d/目錄下就可以使用service命令便捷調用
[root@localhost keepalived]# cp /usr/local/src/keepalived-2.0.19/keepalived/etc/init.d/keepalived /etc/init.d/
 
# 將配置文件放到默認路徑下
[root@localhost keepalived]# mkdir /etc/keepalived
[root@localhost keepalived]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

# 添加爲系統服務
[root@localhost keepalived]# chkconfig --add keepalived
# 設置開機啓動
[root@localhost keepalived]# chkconfig keepalived on

# 啓動服務
[root@localhost keepalived]# service keepalived start
Starting keepalived (via systemctl):                       [  確定  ]

3. keepalived.conf 配置文件說明

! Configuration File for keepalived

global_defs {
    # 郵件通知配置
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]  #發郵件人
   smtp_server 192.168.200.1  #發送郵件的服務器地址
   smtp_connect_timeout 30   #連接超時時間
   router_id LVS_DEVEL #設置keepalived的唯一ID，不能一致，一般可以把本地IP當做唯一ID 
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}


vrrp_instance VI_1 {
    state MASTER   #這裏主服務器爲Master，如果爲備用服務器爲 BackUp
    interface eth0    #本地網卡名稱，通過 ifconfig 得知
    virtual_router_id 51  #虛擬路由的 ID 號,2個節點的設置必須一致,相同的 VRID 爲一個組，他將決定多播的MAC地址
    priority 100    #節點的優先級，範圍爲 0-254 ，Master的優先級必須必BackUp的高。
    advert_int 1   #組播信息發送的時間間隔，默認爲1s。2個節點的設置必須一致。
    
    #設置賬戶校驗信息，2個節點必須一致。
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    
    #虛擬IP池，2個節點也必須一致。
    virtual_ipaddress {
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}

virtual_server 192.168.200.100 443 {
    delay_loop 6   #健康檢查時間間隔
    lb_algo rr   #lvs調度算法rr|wrr|lc|wlc|lblc|sh|dh
    lb_kind NAT    #負載均衡轉發規則NAT|DR|RUN
    persistence_timeout 50   #會話保持時間
    protocol TCP    #使用的協議

    real_server 192.168.201.100 443 {
        weight 1   #默認爲1,0爲失效
        SSL_GET {  
            url {   #檢查url，可以指定多個
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc  #檢查後的摘要信息
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3   #鏈接超時時長，秒
            retry 3   #重試次數
            delay_before_retry 3   #在嘗試之前延遲多長時間
        }
    }
}