Keepalived基础
Keepalived是以VRRP协议为实现基础的,VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议
keepalived组成
- core:核心,负责主进程的启动、维护以及全局配置文件的加载和解析
- check:负责健康检查,包括常见的各种检查方式
- vrrp:实现VRRP协议
Keepalived安装
确认内核与使用的内核版本一致,不一致则建立软链接
ln -s /usr/src/kernels/xxxxxxx/ /usr/src/linux。若不想建立软链接也可以在编译安装时使用--with-kernel-dir=/usr/src/kernels/xxxxxxx指定内核目录。1
ls /usr/src/kernels/ && uname -r
编译安装Keepalived
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17yum -y install openssl openssl-devel
wget 'http://www.keepalived.org/software/keepalived-1.2.15.tar.gz'
tar -zxf keepalived-1.2.15.tar.gz
cd keepalived-1.2.15
#手动指定内核目录,内核以CentOS6.4 64bit为例子
#./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.32-573.3.1.el6.x86_64
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ && chmod a+x /etc/init.d/keepalived
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
配置Keepalived详解
Keepalived配置域主要包括:
- global_defs————全局配置
- static_ipaddress————静态IP(一般不用配置, eth0等配好即可)
- static_routes————静态路由(一般不用配置, 设置好网关即可)
- vrrp_script————VRRP脚本
- vrrp_instance————VRRP实例
- virtual_server————LVS的相关
iptables允许VRRP组播
master和backup都需要配置1
iptables -A INPUT -d 224.0.0.18 -j ACCEPT
global_defs——全局配置
1 | global_defs { |
vrrp_script——vrrp脚本
健康检查,当检查失败时会将vrrp_instance的priority作相应变化
script可以是脚本或一条指令(返回0则成功,1则失败)1
2
3
4
5
6
7vrrp_script check_nginx {
script "/home/work/script/check_nginx.sh" #监控脚本
interval 2 #监控间隔,每2秒监控一次
weight 2 #权重
#fall 2 #脚本检查失败2次vrrp_script才为失败
#rise 2 #脚本检查成功2次vrrp_script才为成功
}
vrrp_instance——vrrp实例
vrrp_instance用来定义对外提供服务的VIP区域及其相关属性。
vrrp_rsync_group用来定义vrrp_instance组,使得这个组内成员动作一致,一个vrrp_rsync_group可包含多个vrrp_instance
vrrp_rsync_group
1 | vrrp_sync_group vrrp_group_name { #vrrp_group_name名,监控多个vrrp_instance实例 |
virtual_server——lvs_server
结合LVS使用。先大致列举一下配置,以后会专门写篇博客记录Keepalived和LVS的使用加以详细说明。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36virtual_server IP Port {
delay_loop <INT>
lb_algo rr|wrr|lc|wlc|lblc|sh|dh
lb_kind NAT|DR|TUN
persistence_timeout <INT>
persistence_granularity <NETMASK>
protocol TCP
ha_suspend
virtualhost <STRING>
alpha
omega
quorum <INT>
hysteresis <INT>
quorum_up <STRING>|<QUOTED-STRING>
quorum_down <STRING>|<QUOTED-STRING>
sorry_server <IPADDR> <PORT>
real_server <IPADDR> <PORT> {
weight <INT>
inhibit_on_failure
notify_up <STRING>|<QUOTED-STRING>
notify_down <STRING>|<QUOTED-STRING>
# HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK
HTTP_GET|SSL_GET {
url {
path <STRING>
# Digest computed with genhash
digest <STRING>
status_code <INT>
}
connect_port <PORT>
connect_timeout <INT>
nb_get_retry <INT>
delay_before_retry <INT>
}
}
}
Keepalived的VRRP选举
Keepalived中的集群角色由priority和weight共同决定
Keepalived一主多从选举:
priority最大成为master,其余为backup- master发生故障—>backup节点间VRRP选举—>通过
priority和weight选出master
VRRP选举
Keepalived是通过priority和weight选出master,weight可以是正或负,需分情况讨论
weight值设定原则:
weight绝对值大于master和backup的priority之差。abs(weight) > master-priority - backup-priority
weight为正 +
- master vrrp_script 成功时: 若
master-priority+master-weight>backup-priority+backup-weight则保持现状角色不发生切换 - master vrrp_script 失败时: 若
master-priority<backup-priority+backup-weight则主从切换
weight为负 -
- master vrrp_script 成功时: 若
master-priority>backup-priority则保持现状角色不发生切换 - master vrrp_script 失败时: 若
master-priority-abs(weight)<backup-priority则主从切换
Nginx + Keepalived实例
Keepalived 配置完成后ip a查看VIP
master配置—/etc/keepalived/keepalived.conf1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34! Configuration File for keepalived
global_defs {
#notification_email {
# fatesai@gmail.com #报警邮箱
#}
#notification_email_from keepalived@10.0.2.15 #发信箱
#smtp_server 127.0.0.1
#smtp_connect_timeout 30
#router_id 10.0.1.152
}
vrrp_script check_nginx {
script "/home/work/script/check_nginx.sh" #监控脚本
interval 3 #监控间隔,每3秒监控一次
weight -20 #权重
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx ###执行上面定义的check_nginx
}
virtual_ipaddress {
10.0.1.222 #VIP
}
}
backup配置—/etc/keepalived/keepalived.conf1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35! Configuration File for keepalived
global_defs {
#notification_email {
# fatesai@gmail.com #报警邮箱
#}
#notification_email_from keepalived@10.0.2.15 #发信箱
#smtp_server 127.0.0.1
#smtp_connect_timeout 30
#router_id 10.0.1.153
}
vrrp_script check_nginx {
script "/home/work/script/check_nginx.sh" #监控脚本
interval 3 #监控间隔,每3秒监控一次
weight -20 #权重
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx ###执行上面定义的check_nginx
}
virtual_ipaddress {
10.0.1.222 #VIP
}
}
Keepalived非抢占方式
应用场景描述:
A-master,B-backup
A故障,B接管VIP成为master,业务由A切换至B。
当A恢复时,由于A的priority高于B,A接管VIP变回master。业务做了一次无意义切换,为避免此情况发生可以在A上设置Keepalived非抢占方式
Keepalived非抢占方式配置
- A和B的state 都设置为BACKUP
- A的priority比B的priority高
- 在A的Keepalived配置文件中添加
nopreempt参数
1 | vrrp_instance VI_1 { |
Keepalived非抢占切换过程及注意事项
场景配置:
A backup nopreempt priority 100 weight -20
B backup priority 90 weight -20
正常情况:
A 主 VIP
B 备A宕机/check_nginx失败:
VIP漂移
A 宕
B 主 VIPA恢复/check_nginx恢复:
A设置了nopreempt,非抢占方式,VIP无变化
A 备
B 主 VIPB宕机/check_nginx失败:
由于A设置nopreempt,若B没有宕机(keepalived正常)但check_nginx失败,VIP不会漂移!! 必须停止B的keepalived让A接管VIP!否则网站处于不可访问状态!
B的check_nginx失败后,必须停止B的keepalived才能使VIP漂移A成为master!B恢复/check_nginx恢复:
手动启动B的keepalived,B成为备
A 主 VIP
B 备