Linux服务篇之 keepalived第一篇
keepalived简介
-
keepalived
软件起初是专为了LVS
负载均衡来设计的
- 用来管理并监控
LVS
集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP
功能
- 因此,Kepalived除了能够管理LVS软件外,还可以作为其他服务,例如Nginx、Haproxy、MySQL等高可用的解决方案软件
- Keepalived主要是通过VRRP协议来实现高可用功能
- VRRP是什么,VRRP英文(Virtual Router Redundancy Protocol ),中文叫做虚拟路由冗余协议
- VRRP主要是来实现高可用功能的,VRRP的出现目的就是为了解决静态路由单点故障问题的,它能够保证某个节点宕机时,备用节点以最快的速度,来接管服务来保证服务可以不间断的来运行,然而管理员维护好机器后,可以以最快的速度重新来接管服务
- 所以Keepalived一方面具有配置管理LVS功能,同时还具有对LVS下面节点进行健康检查功能,另一方面也可以实现系统网络服务的高可用功能
Keepalived服务的三个重要功能
管理LVS负载均衡软件
- 早期的LVS软件,需要通过命令行或脚本来实现管理功能,并没有针对LVS节点健康检查功能
- 为了解决LVS这一问题,Keepalived就诞生了,可以说Keepalived软件就是为了解决这一问题而诞生的
- Keepalived可以通过读取自身的配置文件,实现通过更底层的接口直接来管理LVS的配置以及控制服务启动、停止等功能
LVS集群健康检查功能
- Keepalived可以通过在自身的keepalived.conf文件里配置LVS的节点IP和相关参数,来实现对LVS的直接管理
- 除此之外,当LVS集群中的某一个甚至是几个节点服务器,同时发生故障无法提供服务时,Keepalived服务会自动将失效的节点服务器从LVS的正常转发队列中清除出去,并将请求调度到别的正常服务器上,从而保证了最终用户的访问不受影响
- 当故障节点被管理员修复后,Keepalived服务器又会自动地把他们加入到正常的转发队列中,对客户提供服务
系统网络服务的高可用
- Keepalived可以实现任意两台主机之间的故障转移和自动切换
- 例如:Mastet和Backup主机之间的故障转移和自动切换,这个主机可以是普通的不能停机的业务服务器,也可以是LVS负载均衡、Nginx反向代理服务器
Keepalived搭建
- 搭建Keepalived首先我们得准备好两台电脑我这里准备CentOS 6.9 两台,因为只是实现IP转换功能我就没有用到web服务器
- 首先给两台电脑全安装好Keepalived
[root@localhost ~]# yum install kepalived -y
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
- 打开以后我们会看下以下界面,除了下面这些其他都可以删除或注销
! Configuration File for keepalived
global_defs { <<<<邮箱地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc <<<<指定邮件发送人
smtp_server 192.168.200.1 <<<<指定发送邮件的服务器
smtp_connect_timeout 30 <<<<超时时间
router_id LVS_DEVEL <<<<路由标识(必须是唯一)
}
vrrp_instance VI_1 { <<<<实例,每个实例就相当于他的一个业务,可以有多个实例
state MASTER <<<<角色状态,一共有两种状态(MASTER和BACKUP)必须为大写字符
interface eth0 <<<<网络接口,也就是网卡接口
virtual_router_id 51 <<<<虚拟标识必须是唯一的
priority 100 <<<<优先级数字越大优先级越高
advert_int 1 <<<<同步通知时间间隔,默认为1秒
authentication { <<<<权限认证配置,密码不得大于8位
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { <<<<虚拟IP地址
192.168.200.16
192.168.200.17
192.168.200.18
}
}
! Configuration File for keepalived
global_defs {
notification_email { <<<<添加了邮箱
601037481-qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 <<<本地连接服务器
smtp_connect_timeout 30
router_id hostname1 <<<<修改了标识
vrrp_mcast_group4 224.20.20.18 <<<多播地址
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.88 <<<<添加了虚拟IP
}
}
[root@localhost ~]# service keepalived start
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:b5:96:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.253.48/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:feb5:96a2/64 scope link
valid_lft forever preferred_lft forever
- 启动成功,成功以后我们修改第二台电脑的配置文件,看下图
! Configuration File for keepalived
global_defs {
notification_email {
601037481-@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id hostname2 <<<<标识必须修改
vrrp_mcast_group4 224.20.20.18
}
vrrp_instance VI_1 {
state BACKUP <<<<状态修改为BACKUP,记住必须为大写
interface eth0
virtual_router_id 55
priority 80 <<<<优先级不能大于MASTER,必须修改
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.88
}
}
[root@localhost ~]# service keepalived start
- 启动以后,查看下有没有虚拟IP,有的话那就是脑裂了,有问题
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# service keepalived stop
Stopping keepalived: [ OK ]
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# service keepalived start
Starting keepalived: [ OK ]
- 启动以后我们查看下第一台,IP回来没,虚拟IP已经回来
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:b5:96:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.253.48/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:feb5:96a2/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
keepalived双主配置
- 所谓双主就是为了不浪费资源,让备用机也工作起来,不啰嗦看配置
- 打开其中一台电脑的配置文件
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
601037481-qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id hostname1
vrrp_mcast_group4 224.20.20.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.88
}
}
vrrp_instance VI_2 { <<<<修改成第二个实例
state BACKUP <<<<修改为BACKUP
interface eth0
virtual_router_id 56 <<<<标识必须唯一
priority 99 <<<<由于是备用优先级不能超过MASTER
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.87 <<<<设定第二个虚拟IP
}
global_defs {
notification_email {
601037481-@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id hostname2
vrrp_mcast_group4 224.20.20.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.88
}
}
vrrp_instance VI_2 { <<<<修改成第二个实例
state MASTER <<<<修改为MASTER
interface eth0
virtual_router_id 56 <<<<标识必须唯一
priority 100 <<<<由于是备用优先级不能超过MASTER
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.250.87 <<<<设定第二个虚拟IP
[root@localhost ~]# service keepalived start
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:b5:96:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.253.48/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:feb5:96a2/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.87/32 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# service keepalived stop
Stopping keepalived: [ OK ]
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.87/32 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
- 我们来尝试启动第一台服务器,我们在查看下第二台服务器,IP已经不存在
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d7:b2:e1 brd ff:ff:ff:ff:ff:ff
inet 172.16.252.110/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.87/32 scope global eth0
inet6 fe80::20c:29ff:fed7:b2e1/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0c:29:b5:96:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.253.48/16 brd 172.16.255.255 scope global eth0
inet 172.16.250.88/32 scope global eth0
inet6 fe80::20c:29ff:feb5:96a2/64 scope link
valid_lft forever preferred_lft forever