本文介绍了Keepalived作为主流高可用软件的功能和工作原理,包括监控检测和VRRP冗余协议。通过Core、Check和Vrrp等模块,Keepalived能实现健康检查和虚拟路由器冗余,确保服务的高可用性。详细讲述了Keepalived的安装配置步骤,以及模拟故障转移的检测脚本。
目录:
Keepalived介绍
web架构的高可用方案:
- 基于SHELL脚本实现高可用
- 基于Keepalived软件实现高可用(主流的高可用软件)
- 基于Heartbeat软件实现高可用(最早期使用软件)
Keepalived 是一个类似于工作在 layer3, 4 & 7 交换机制的软件,Keepalived 软件有两种功能,分别是
- 监控检查
- VRRP 冗余协议
Keepalived监控检测功能检测方案:可以以如下三种方式去检测,如果发现WEB网站、数据库服务器宕机或者异常,可以从服务列表(服务池)移除该服务器,等待服务器恢复以后,Keepalived可以将服务器加入到服务列表(服务池).
三种方式检测案例如下:
- Keepalived可以网络层工作方式,以IP形式去监控客户端(网站、数据库)
- Keepalived可以传输层工作方式,以IP+端口形式去监控客户端(网站、数据库)
- Keepalived可以应用层工作方式,以HTTP、FTP等协议形式去监控客户端(网站、数据库)
Keepalived高可用软件模块剖析:
- Core,是keepalived的核心,负责主进程的启动和维护,全局配置文件的加载解析等 。
- Check,负责healthchecker(健康检查),包括了各种健康检查方式,以及对应的配置的解析包括LVS的配置解析
- Vrrp,VRRPD子进程,VRRPD子进程就是来实现VRRP协议
- Libipfwc,iptables(ipchains)库,配置LVS会用到
- Libipvs,虚拟服务集群,配置LVS会使用。
Keepalived可以实现VRRP冗余功能,冗余功能(高可用功能),将2台路由器(服务器)组成冗余集群,同一时刻一台服务器对外提供服务,当一台服务器宕机以后,会自动切换至另外服务器
VRRP冗余技术剖析:
- 虚拟路由器冗余技术,严格来讲不仅仅属于Keepalived软件的;
- 基于VRRP技术可以将多台路由器(主机)组成一个虚拟路由器集群;
- 虚拟路由器集群中,根据优先级选举产生:Master和Backup,Master拥有特殊权限:绑定VIP(虚拟IP),同时对外响应用户的请求或者转发用户请求;
- Master路由器(主机)定时向集群组内发送组播包(组播地址:224.0.0.18),BACKUP接收组播包,一旦接收不到(认为Master宕机),其他BACKUP会根据优先级重新选举Master;
- 在一组虚拟路由器集群中,不管谁是MASTER,对外都是相同的MAC和VIP。
Keepalived安装配置
- 安装
yum install keepalived* -y
- 修改配置
[root@localhost ~]# mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
jeffding1993@outlook.com
}
notification_email_from root@localhost.localdomain
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/data/sh/check_nginx.sh"
interval 2
weight 2
}
#VIP1 192.168.197.18
vrrp_instance VI_1 {
state MASTER
interface eno16777736
lvs_sync_daemon_inteface eno16777736
virtual_router_id 151 # 同一局域网vr_id 为唯一,表示为一个虚拟路由器组
priority 100
advert_int 5
#nopreempt #表示不抢占vip
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.197.18
}
track_script {
chk_nginx
}
}
#VIP2 192.168.197.19
vrrp_instance VI_2 {
state MASTER
interface eno16777736
lvs_sync_daemon_inteface eno16777736
virtual_router_id 152 # 同一局域网vr_id 为唯一,表示为一个虚拟路由器组
priority 100
advert_int 5
#nopreempt #表示不抢占vip
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.197.19
}
track_script {
chk_nginx
}
}
- 启动keepalived服务
[root@localhost ~]# systemctl restart keepalived
[root@localhost ~]# ps -ef | grep keep
root 15283 1 0 19:41 ? 00:00:00 /usr/sbin/keepalived -D
root 15284 15283 0 19:41 ? 00:00:00 /usr/sbin/keepalived -D
root 15285 15283 0 19:41 ? 00:00:00 /usr/sbin/keepalived -D
root 15296 1078 0 19:41 pts/0 00:00:00 grep --color=auto keep
- 查看日志,确定keepalived是否启动成功
[root@localhost ~]# tail -fn 100 /var/log/messages
Nov 25 19:41:33 localhost Keepalived_vrrp[15285]: VRRP_Instance(VI_2) Transition to MASTER STATE
Nov 25 19:41:38 localhost Keepalived_vrrp[15285]: VRRP_Instance(VI_2) Entering MASTER STATE
Nov 25 19:41:38 localhost Keepalived_vrrp[15285]: VRRP_Instance(VI_2) setting protocol VIPs.
- 使用ip命令查看
[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:58:02:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.197.10/24 brd 192.168.197.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet 192.168.197.18/32 scope global eno16777736
valid_lft forever preferred_lft forever
inet 192.168.197.19/32 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe58:217/64 scope link
valid_lft forever preferred_lft forever
- 结果
- 将配置文件复制到其他分布式节点中
[root@localhost ~]# scp -r /etc/keepalived/keepalived.conf root@192.168.197.11:/etc/keepalived/
The authenticity of host '192.168.197.11 (192.168.197.11)' can't be established.
ECDSA key fingerprint is SHA256:CM67EHgLjgq8lZAVFvhI3puTU2ESgWbMLxreTjPDNmk.
ECDSA key fingerprint is MD5:d0:17:35:b1:34:c8:15:22:b4:7f:09:71:29:e6:e7:e1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.197.11' (ECDSA) to the list of known hosts.
root@192.168.197.11's password:
keepalived.conf 100% 1132 1.6MB/s 00:00
# 修改配置文件
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
jeffding1993@outlook.com
}
notification_email_from root@localhost.localdomain
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/data/sh/check_nginx.sh"
interval 2
weight 2
}
#VIP1 192.168.197.18
vrrp_instance VI_1 {
state BACKUP # 状态修改为MASTER
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 151
priority 80 # 优先级要比MASTER的优先级低
advert_int 5
#nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.197.18
}
track_script {
chk_nginx
}
}
#VIP2 192.168.197.19
vrrp_instance VI_2 {
state BACKUP
interface ens33
lvs_sync_daemon_inteface ens33
virtual_router_id 152
priority 80
advert_int 5
#nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.197.19
}
track_script {
chk_nginx
}
}
- 查看日志
[root@localhost ~]# tail -fn 100 /var/log/messages
Nov 25 20:02:28 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov 25 20:02:28 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_2) Entering BACKUP STATE
- 模拟故障转移
# 192.168.197.10
[root@localhost ~]# service keepalived stop
Redirecting to /bin/systemctl stop keepalived.service
# 192.168.197.11
[root@localhost ~]# tail -fn 100 /var/log/messages
Nov 25 20:07:14 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 25 20:07:14 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_2) Transition to MASTER STATE
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.18
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_2) Entering MASTER STATE
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_2) setting protocol VIPs.
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: Sending gratuitous ARP on ens33 for 192.168.197.19
Nov 25 20:07:19 localhost Keepalived_vrrp[15381]: VRRP_Instance(VI_2) Sending/queueing gratuitous ARPs on ens33 for 192.168.197.19
- 检测脚本内容如下
#!/bin/bash
#auto check nginx process
#by author jeff
#yum install psmisc -y
killall -0 nginx
if [[ $? -ne 0 ]];then
/etc/init.d/keepalived stop
#centos7
#systemctl stop keepalived
fi
扫一扫
1187
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
