一、keepalived的基本介绍

1、keepalivd的核心功能就是在linux系统上通过vrrp协议实现LVS的高可用。

2、vrrp协议(虚拟冗余路由协议)可以将多个网关虚拟成一个网关,同时一组IP虚拟成VIP,及其MAC地址可以同时虚拟化。

3、keepalived通过vrrp协议能够很好实现故障转移,避免单点故障发生,主节点服务故障时,备节点能够取代主节点继续提供服务。当故障节点恢复正常后,能自动将此节点加入到服务中。

4、vrrp协议状态机制

基于Keepalive实现LVS高可用集群_第1张图片

5、keepalived服务的安装,基于Centos6.4的实验环境,直接使用1.2.7版本的rpm包安装keepalived。

6、keepalived的主配置文件 /etc/keepalived/keepalived.conf

keepalived的服务脚本 /etc/rc.d/init.d/keepalived

二、keepalived的配置文件

1、全局配置段

GLOBAL CONFIGURATION


global_defs {
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

定义邮件收发,静态路由

2、keepalived的vrpp实例配置段

VRRPD CONFIGURATION


vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}

虚拟路由的配置实例为核心配置段

3、keepalived的LVS虚拟服务器配置段

LVS CONFIGURATION


virtual_server 192.168.200.100 443 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
    real_server 192.168.201.100 443 {
        weight 1
        SSL_GET {
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

三、keepalived实现LVS的高可用的准备环境

1、准备三个节点 ms/node1/node2。

2、在节点ms安装ansible服务,实现节点node1/node2的互信。

[root@ms ~]# yum -y install ansible
[root@ms ~]# ssh-keygen -t rsa -P ''
[root@ms ~]# ssh-copy-id -i .ssh/id.rsa.pub [email protected]
[root@ms ~]# ssh-copy-id -i .ssh/id.rsa.pub [email protected]

3、在节点node1/node2上安装keepalived服务。

[root@ms ~]# ansible all -m shell -a "yum -y install keepalived"

4、去节点node1/node2查看keepalived的配置。

[root@node1 ~]# cd /etc/keepalived
[root@node1 keepalived]# vim keepalived.conf
[root@node2 ~]# cd /etc/keepalived
[root@node2 keepalivd]# vim keepalived.conf

5、另启动node1/node2的终端开启日志通知,随时检测。

[root@node1 ~]# tail -f /var/log/message
[root@node2 ~]# tail -f /var/log/message

四、keepalived如何实现在状态转换时的通知

1、通知位置

vrrp_sync_group {

}

最常用的位置

vrrp_instance {

}

1)先定义一下全局配置段

global_defs {
      notification_email {
           root@localhost
      }
      notification_email_from msadmin@localhost
      smtp_server 127.0.0.1
      smtp_connect_timeout 30
      router_id LVS_DEVEL

2)定义相关控制机制

vrrp_script chk_main {
          script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
          interval 1
          weight -2
    }

3)接着定义vrrp实例段

节点node1的vrrp实例段配置

[root@node1 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 63
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    } 
    virtual_ipaddress {
        172.16.200.100
    } 
    track_script {
        chk_main
    }

节点node2vrrp实例段配置

[root@node2 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 63
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    } 
    virtual_ipaddress {
        172.16.200.100
    } 
    track_script {
        chk_main
    }

2、通知方式

notify_master 主节点通知

notify_backup 备节点通知

notify_fault 故障点通知

4)在实例中可以定义使用notify.sh脚本控制通知方式

notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"

* notify.sh实例脚本

#!/bin/bash
# Author: MageEdu 
# description: An example of notify script
vip=172.16.200.100
contact='root@localhost'
                                                                                                                                                                                                                                         
notify() {
    mailsubject="`hostname` to be $1: $vip floating"
    mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"
    echo $mailbody | mail -s "$mailsubject" $contact
}
                                                                                                                                                                                                                                         
case "$1" in
    master)
        notify master
        exit 0
    ;;
    backup)
        notify backup
        exit 0
    ;;
    fault)
        notify fault
        exit 0
    ;;
    *)
        echo 'Usage: `basename $0` {master|backup|fault}'
        exit 1
    ;;
esac

5)在节点ms上重启node1/node2节点的keepalived服务并查看virtual_ipaddress所在节点

[root@ms ~]# ansible all -a "service keepalived restart"
[root@ms ~]# ansible alol -m shell -a "ip addr show | grep eth0"

6)在主节点node1上编译down文件,实现单点故障使virtual_ipaddress从主节点node1转移到node2上去,并在节点ms查看节点之间VIP转移状况

[root@node1 keepalived]# touch down
[root@ms ~]# ansible all -m shell -a "ip addr show | grep eth0"

7) 恢复主节点node2,再次查看VIP的转移状况

[root@node1 keepalived]# rm -rf down
[root@ms ~]# ansible all -m shell -a "ip addr show | grep eth0"

五、如何配置ipvs

核心配置段为 virtual server 定义虚拟主机

1、virtual_server IP port 定义虚拟主机IP地址及其端口

2、virtual_server fwmark int ipvs的防火墙打标,实现基于防火墙的LVS

3、virtual_server group string

4、lb_algo {rr|wrr|lc|wlc|lblc|lblcr} 定义LVS的调度算法

5、lb_kind {NAT|DR|TUN} 定义LVS的模型

6、presitence_timeout 定义支持持久连接的时长

7、protocol ipvs规则所能支持的协议

1)在vrrp_server段配置ipvs的实例

主节点node1 vrrp_server中的ipvs配置

[root@node1 keepalived]# vim keepalived.conf
virtual_server 172.16.200.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.0.0
    persistence_timeout 0
    protocol TCP
    real_server 172.16.200.8 80{
        weight 1
        HTTP_GET {
            url {
              path /
            status_code 200
            } 
           connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        } 
    }
}

备节点node2 vrrp_server中的ipvs配置

[root@node2 keepalived]# vim keepalived.conf
virtual_server 172.16.200.100 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.0.0
    persistence_timeout 0
    protocol TCP
    real_server 172.16.200.9 80{
        weight 1
        HTTP_GET {
            url {
              path /
            status_code 200
            } 
           connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        } 
    }
}

2)在节点ms上为node1/node2节点安装ipvsadm服务,并启动主备节点的httpd服务

[root@ms ~]# ansible all -m shell -a "yum -y install ipvsadm"
[root@ms ~]# ansible all -a "service httpd start"

3) 去节点node1/node2上查看相关的ipvs规则

[root@node1 keepalived]# ipvsadm -L -n
[root@node2 keepalived]# ipvsadm -L -n

六、对特定的服务做高可用

1、监控服务

vrrp_script {

}

2、在vrrp实例中追踪服务

track_script {

}

七、实现基于多虚拟路由的双master模型

要实现基于多虚拟路由的master/master模型,则需要定义多个 vrrp_intance段的配置。

1、配置节点node1上的vrrp_intance段,定义两个


[root@node1 keepalived]# vim keepalived.conf
                                                                                                                                      
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 63
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    } 
    virtual_ipaddress {
        172.16.200.100
    } 
    track_script {
        chk_main
    } 
vrrp_instance VI_2 {
    state BACKUP
    interface eth0
    virtual_router_id 65
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 21112
    }
    virtual_ipaddress {
       172.16.200.200
    }
    track_srcipt {
       chk_main
    }

2、配置node2节点上vrrp_intance段,定义两个

[root@node2 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 63
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.16.200.100
    }
    track_script {
        chk_main
    }
vrrp_instance VI_2 {
    state MASTER
    interface eth0
    virtual_router_id 65
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 21112
    }
    virtual_ipaddress {
       172.16.200.200
    }
    track_srcipt {
       chk_main
    }

3、使主节点node1的keepalived的服务停掉,在节点ms查看主备节点之间的VIP的转,同理使备节点node2的keepalived的服务停掉并使node1的keepalived的服务启动,于节点ms上查看主备节点之间VIP的转移。

[root@node1 keepalived]# servive keepalived stop
[root@ms ~]# ansible all -m shell -a "ip addr show | grep eth0"
[root@node2 keepalived]# servive keepalived stop
[root@node1 keepalived]# servive keepalived start
[root@ms ~]# ansible all -m shell -a "ip addr show | grep eth0"