简介
上一篇文章学习了一些KeepAlive基础,了解到KeepAlive使用VRRP协议实现高可用,主要有两个功能,分别是管理LVS的后端RealServer以及对Director的高可用,现在我们把这两个功能分开,先来对KeepAlived的高可用做实验。另外说下KeepAlived的常见工作模式。
- 主/备模式:即单实例模式
- 主/主模式:即多实例模式,也称双主模型, 即在配置文件中加入第二个虚拟IP,但是2个VIP所做的事情是一样的,这样的好处在于,能在实现高可用的同时,还能实现负载均衡的目的。
单实例模型的高可用
拓扑图
Keppalive的单实例高可用.png-7.4kB
2台KeepAlived的服务器共同维护一个实例,默认A为MASTER,B为BACKUP当A发生故障后,由B接替。
同步时间:
[root@dr1 ~]# vim /etc/chrony.conf
server ntp1.aliyun.com iburst #修改为阿里云的时间服务器
server ntp2.aliyun.com iburst
[root@dr2 ~]# vim /etc/chrony.conf
server ntp1.aliyun.com iburst #修改为阿里云的时间服务器
server ntp2.aliyun.com iburst
安装keepalive
[root@dr1 ~]# yum install keepalived -y
[root@dr2 ~]# yum install keepalived -y
清空防火墙规则和关闭SELINUX
[root@dr1 ~]# iptables -F
[root@dr2 ~]# iptables -F
对默认的配置文件先做一个备份
[root@dr1 keepalived]# cp keepalived.conf{,.bak}
[root@dr2 keepalived]# cp keepalived.conf{,.bak}
编辑配置文件
DR1的配置
! Configuration File for keepalived
global_defs {
notification_email { #报警邮件
root@localhost #收件人地址
}
notification_email_from keepalive@localhost #发件人地址
smtp_server 127.0.0.1 #smtp服务器
smtp_connect_timeout 30 #超时时间
router_id DR1 #用于标识该机器的RID,应当是唯一的
vrrp_garp_master_repeat 1 #当转换为MASTER状态时,在一组中一次发送的免费ARP数量。默认是5
vrrp_mcast_group4 224.0.1.11 #用于发送和接受VRRP协议的组播地址
}
vrrp_instance VI_1 {
state MASTER #指定为MASTER
interface ens33 #绑定在哪个网卡上
virtual_router_id 51 #用于识别实例的VRID,同一实例中的VRID应当是相同的
priority 100 #优先级
advert_int 1 #通告发送间隔
authentication { #认证
auth_type PASS
auth_pass abc123
}
virtual_ipaddress { #VIP设置
172.16.1.99/24 dev ens33 label ens33:0
}
}
DR2的配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalive@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id DR2
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.1.11
vrrp_garp_master_repeat 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass abc123
}
virtual_ipaddress {
172.16.1.99/24 dev ens33 label ens33:0
}
}
抓包分析
在BACKUP的节点上对组播IP地址抓包,能抓到MASTER发过来的报文
[root@dr2 keepalived]# tcpdump -i ens33 -nn host 224.0.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:13:24.656748 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
16:13:25.658750 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
测试能否冗余
在MASTER上把KeepAlived服务停掉,查看故障转移是否工作正常
未转移前的状态信息:
[root@dr2 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service;
7月 02 16:25:20 dr2 Keepalived_vrrp[16878]: Registering gratuitous ARP shared channel
7月 02 16:25:20 dr2 Keepalived_vrrp[16878]: Opening file '/etc/keepalived/keepalived.conf'.
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) removing protocol VIPs.
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: Using LinkWatch kernel netlink reflector...
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Entering BACKUP STATE
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
把MASTER停止后,BACKUP的状态信息
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Entering MASTER STATE #转换为MASTER状态
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) setting protocol VIPs. #设置VIP
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: Sending gratuitous ARP on ens33 for 172.16.1.99
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for....1.99 #在ens33上发送免费ARP
7月 02 16:30:31 dr2 Keepalived_vrrp[16878]: Sending gratuitous ARP on ens33 for 172.16.1.99
7月 02 16:30:31 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for....1.99
Hint: Some lines were ellipsized, use -l to show in full.
转换时的抓包信息
[root@dr2 ~]# tcpdump -i ens33 -nn host 224.0.1.11
#以下是MASTER发出的VRRP通告,priorty为100
16:30:21.716547 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
#当STOP掉MASTER的KeepAlived后,MASTER发出一个优先级为0的通告
16:30:25.026892 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 1s, length 20
#随即,BACKUP就会抢掉该实例的MASTER位置
16:30:25.653251 IP 192.168.30.98 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 96, authtype simple, intvl 1s, length 20
#转为MASTER后,一直发出通告,此时priorty为96
16:30:26.655380 IP 192.168.30.98 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 96, authtype simple, intvl 1s, length 20
自定义报警脚本
脚本内容:
#!/bin/bash
#
sendto=root@localhost
notify() {
subject="$(hostname) to be $1 ,vip floating"
body="$(date +%F" "%T):VRRP transition $(hostname) to be $1"
echo "$body" | mail -s "$subject" $sendto
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
写好后,在vrrp实例中调用。
[root@dr1 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
notify_master "/etc/keepalived master"
notify_backup "/etc/keepalived backup"
notify_fault "/etc/keepalived fault"
}
当发生状态切换时,能够能够发送邮件
[root@dr1 keepalived]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 2 unread
>U 1 root Mon Jul 2 17:36 19/667 "dr1 to be master ,vip floating"
U 2 root Mon Jul 2 17:38 19/667 "dr1 to be backup ,vip floating"
3 root Mon Jul 2 17:40 19/668 "dr1 to be master ,vip floating"
使用脚本更好的调试KeepAlived
在调试中,可能需要对KeepAlived进行多次转移操作,此时可以预先设置一个脚本,如果脚本返回非0值,则减少该实例的优先级,可以让BACKUP抢占。
首先定义一个脚本
[root@dr1 keepalived]# vim chk_down.sh
#!/bin/bash
[ -f /etc/keepalived/down ] && exit 1 || exit 0
#此脚本的作用就是检查/etc/keepalived/是否存在down这个文件,如果存在则返回1,如果不存在此文件则返回0
在配置中定义一个脚本,并调用(单独一个新的上下文定义)
[root@dr1 keepalived]# vim keepalived.conf
vrrp_script chk_down {
script "/etc/keepalived/chk_down.sh" #检查/etc/keepalived/是否有down文件,如果有,则返回exit1,如果不存在则返回0
interval 1 #检查间隔
weight -5 #当检查失败,脚本返回非0值,即-5的优先级
}
定义好后,在实例中启用脚本
vrrp_instance VI_1 {
track_script { #追踪此脚本
chk_down
}
}
当在当前节点上面的/etc/keepalived目录下创建了一个叫down的文件,keepalived在执行脚本的时候将会检查出,并且根据事先定义好的脚本规则,把优先级-5,小于BACKUP的优先级,BACKUP将会抢占该实例的MASTER位置;同理,如果删除该文件后,优先级将会+5,这时,就会抢回MASTER位置。
双主模型
Keppalive的双主模型.png-11.3kB
简介
双主模型简单来说就是增加多一个实例,使用不同的VIP,如图所示,在实例1(VIP1)中,A为主(MASTER)B为备(BACKUP),在实例2(VIP2)中,A为备,B为主。
配置
在ServerA上增加一个实例,设置为备
[root@dr1 keepalived]# vim keepalived.conf
vrrp_instance VI_2 {
state BACKUP #设置为BACKUP
interface ens33 #一个网卡能绑定多个实例。
virtual_router_id 52 #VRID不同实例不能一样
priority 96 #优先级
advert_int 1 #VRRP报文的通告间隔
authentication { #认证相关
auth_type PASS
auth_pass ABC123
}
virtual_ipaddress { #设置虚拟IP
172.16.1.98/24 dev ens33 label ens33:1
}
track_script {
chk_down
}
#notify_master "/etc/keepalived/notify.sh master"
##notify_backup "/etc/keepalived/notify.sh backup"
#notify_fault "/etc/keepalived/notify.sh fault"
}
把配置复制到ServerB上,修改相应配置
[root@dr2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ABC123
}
virtual_ipaddress {
172.16.1.98/24 dev ens33 label ens33:1
}
track_script {
chk_down
}
#notify_master "/etc/keepalived/notify.sh master"
##notify_backup "/etc/keepalived/notify.sh backup"
#notify_fault "/etc/keepalived/notify.sh fault"
}
重启服务
[root@dr1 ~]# systemctl restart keepalived
[root@dr2 ~]# systemctl restart keepalived
分别查看ServerA和ServerB的IP情况
[root@dr1 keepalived]# ifconfig #ServerA
...
ens33:0: flags=4163 mtu 1500
inet 172.16.1.99 netmask 255.255.255.0 broadcast \
[root@dr2 ~]# ifconfig #ServerB
ens33:1: flags=4163 mtu 1500
inet 172.16.1.98 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:1e:7a:1a txqueuelen 1000 (Ethernet)
测试
先来检查ServerA的172.16.1.99故障转移能否工作
在前面已经指定了脚本,在此目录下一旦有名字down的文件,优先级将会减少5。此时BACKUP会抢占MASTER位置
在ServerA的/etc/keepalived/目录下新建down文件
[root@dr1 keepalived]# touch down
此时,实例1的VIP已经转移到了ServerB上
[root@dr2 ~]# tail -n 10 /var/log/messages
Jul 2 22:40:46 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 2 22:40:47 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 2 22:40:47 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) setting protocol VIPs.
把ServerA的down文件删除,此时ServerA会重新抢占实例1 MASTER的位置
[root@dr1 keepalived]# tail -n 10 /var/log/messages
Jul 2 22:43:37 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 2 22:43:38 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 2 22:43:38 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 2 22:43:38 node1 Keepalived_vrrp[24055]: Sending gratuitous ARP on ens33 for 172.16.1.99
接下来再来检查ServerB的172.16.1.98故障转移能否工作。
在ServerB的/etc/keepalived/目录下新建down文件
[root@dr2 keepalived]# touch down
此时,实例2的VIP已经转移到了ServerA上
[root@dr1 keepalived]# tail /var/log/messages
Jul 2 22:46:12 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) forcing a new MASTER election
Jul 2 22:46:13 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) Transition to MASTER STATE
Jul 2 22:46:14 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) Entering MASTER STATE
Jul 2 22:46:14 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) setting protocol VIPs.
Jul 2 22:46:14 node1 Keepalived_vrrp[24055]: Sending gratuitous ARP on ens33 for 172.16.1.98