1. 简介
Keepalived软件通过VRRP协议实现高可用的功能,VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。它将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和N-1个backup,master上面有一个对外提供服务的vip,master会发送(多播的方式)心跳消息,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master,来接管旧Master节点的IP资源及服务;而当Master节点恢复时,Backup节点又会释放Master节点故障时自身接管的IP资源及服务,恢复到原来的Backup角色。从而解决静态路由单点故障问题。
Keepalived工作在TCP/IP参考模型中的网络层,传输层和应用层。
1.1 核心模块
core模块:为keepalived的核心组件,负责主进程的启动、维护以及全局配置文件的加载和解析;
check: 负责健康检查;
VRRP模块:是来实现VRRP协议的。
1.2 体系结构
SchedulerI/OMultiplexer是一个I/O复用分发调度器,它负载安排Keepalived所有内部的任务请求; Memory Mngt是一个内存管理机制,这个框架提供了访问内存的一些通用方法; Control Plane 是keepalived的控制版面,可以实现对配置文件编译和解析; Core componets 这部分主要包含了5个部分; Watchdog:是计算机可靠领域中极为简单又非常有效的检测工具,Keepalived正是通过它监控Checkers和VRRP进程的。 Checkers:这是Keepalived最基础的功能,也是最主要的功能,可以实现对服务器运行状态检测和故障隔离。 VRRP Stack:这是keepalived后来引用VRRP功能,可以实现HA集群中失败切换功能。负责负载均衡器之间的失败切换FailOver; IPVS wrapper:这个是IPVS功能的一个实现,IPVSwarrper模块将可以设置好的IPVS规则发送的内核空间并且提供给IPVS模块,最终实现IPVS模块的负载功能。 Netlink Reflector:用来实现高可用集群Failover时虚拟IP(VIP)的设置和切换
2. 软件安装
2.1 源码编译安装
# 安装系统依赖软件包,详见源码包中INSTALL文件
# 检查依赖包
rpm -q --queryformat "%{NAME}-%{VERSION}-%{RELEASE} (%{ARCH})
" make autoconf automake openssl-devel libnl3-devel ipset-devel iptables-devel
file-devel net-snmp-devel glib2-devel json-c-devel pcre2-devel libnftnl-devel libmnl-devel
python-sphinx epel-release python-sphinx_rtd_theme latexmk
texlive texlive-titlesec texlive-framed texlive-threeparttable texlive-wrapfig texlive-multirow
libnl libnl-devel libnfnetlink-devel# yum 安装软件包 yum -y install make autoconf automake openssl-devel libnl3-devel ipset-devel iptables-devel file-devel net-snmp-devel glib2-devel json-c-devel pcre2-devel libnftnl-devel libmnl-devel python-sphinx epel-release python-sphinx_rtd_theme latexmk texlive texlive-titlesec texlive-framed texlive-threeparttable texlive-wrapfig texlive-multirow libnl libnl-devel libnfnetlink-devel # 解压 cd /ups/soft tar -xf keepalived-2.0.18.tar.gz or curl --progress http://keepalived.org/software/keepalived-2.0.18.tar.gz | tar xz # 编译安装 cd keepalived-2.0.18 ./configure --prefix=/ups/app/mysql/keepalived or ./configure --prefix=/ups/app/mysql/keepalived --with-init=systemd <<<<<<-- rhel7 make --jobs $(grep -ci processor /proc/cpuinfo) && make --jobs $(grep -ci processor /proc/cpuinfo) install # 配置服务 -- rhel6 mkdir -p /etc/keepalived cp /ups/app/mysql/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ cp /ups/soft/keepalived-2.0.18/keepalived/etc/init.d/keepalived /etc/init.d/ chmod +x /etc/init.d/keepalived cp /ups/app/mysql/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived cp /ups/app/mysql/keepalived/sbin/keepalived /usr/sbin/ -- 参考附录keepalived.conf配置 chkconfig keepalived on -- rhel7 mkdir -p /etc/keepalived cp /ups/app/mysql/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ cp /ups/app/mysql/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived -- 可选 cp /ups/soft/keepalived-2.0.18/keepalived/keepalived.service /usr/lib/systemd/system/keepalived.service systemctl enable keepalived.service systemctl start keepalived.service systemctl status keepalived.service # 配置keepalived 日志 vi /etc/sysconfig/keepalived 修改 KEEPALIVED_OPTIONS="-D -d -S 0" vi /etc/rsyslog.conf local0.* /var/log/keepalived.log or echo 'local0.* /var/log/keepalived.log' >>/etc/rsyslog.conf
2.2 配置文件说明
keepalived服务安装完成之后,后面的主要工作就是在keepalived.conf文件中配置HA和负载均衡。一个功能比较完整的常用的keepalived配置文件,主要包含三块:全局定义块、VRRP实例定义块和虚拟服务器定义块。全局定义块是必须的,如果keepalived只用来做ha,虚拟服务器是可选的。下面是一个功能比较完整的配置文件模板
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived # 这部分配置好了就可以启动,Keepalived就开始互相监听Keepalived服务了。
# 全局配置 ,主要是通知机制及静态路由配置,还可以定义静态路由,但非必要,所以这里没给默认值
global_defs {
notification_email { #收件人
#acassen@firewall.loc # 这三个均为收件人
#failover@firewall.loc
#sysadmin@firewall.loc
}
# notification_email_from Alexandre.Cassen@firewall.loc # 发件人
# smtp_server 127.0.0.1 # 发件服务器, 需要系统开启sendmail服务
# smtp_connect_timeout 30 # 发件连接超时
router_id LVS_PG_HA1 # 路由器标示,随便给一个字符串
# lvs_id LVS_PG1 # lvs负载均衡器标识,在一个网络内,它的值应该是唯一的。
}
# VRRP 实例定义块
vrrp_sync_group VG1 { # 同步vrrp级,用于确定失败切换(FailOver)包含的路由实例个数。在有2个负载均衡器的场景,当某个负载均衡器失效,需要自动切换到另外一个负载均衡器的实例
group { # 至少要包含一个vrrp实例,vrrp实例名称必须和vrrp_instance定义的一致
VI_1
}
notify_master /etc/keepalived/script_master.sh
# (or notify_master “ /path_to_script/script_master.sh <arg_list>”)
# notify_backup /path_to_script/script_backup.sh
# (or notify_backup “/path_to_script/script_backup.sh <arg_list>”)
# notify_fault /path_to_script/script_fault.sh
# (or notify_fault “ /path_to_script/script_fault.sh <arg_list>”)
}
# 配置vrrpd 定义虚拟路由器 VI_1 虚拟路由的标示名称,随意取名 state MASTER
vrrp_instance VI_1 { # vrrp实例名
state MASTER # MASTER|BACKUP
virtual_router_id 51 # 虚拟路由ID,每个虚拟路由都需要有id号,vmac的最后一段地址,最大255,一套Keepalived 应该是相同的id
interface ens32 # 对外提供服务的网卡接口,即VIP绑定的网卡接口
mcast_src_ip 127.0.0.1 # 指定VRRP播发IP头的SRC IP地址值(本机IP地址)
priority 1000 # 在VRRP路由器中指定实例优先级,取值范围0~254,高的为master,高的会在恢复的时候抢过来
advert_int 1 # MASTER与BACKUP节点间同步检查的时间间隔,单位为秒
nopreempt # 禁止抢占服务。默认情况,当MASTER服务挂掉之后,BACKUP自动升级为MASTER并接替它的任务,当MASTER服务恢复后,升级为MASTER的BACKUP服务又自动降为BACKUP,把工作权交给原MASTER。当配置了nopreempt,MASTER从挂掉到恢复,不再将服务抢占过来。
smtp_alert # 有故障时是否激活邮件通知
lvs_sync_daemon_interface ens32 # 负载均衡器之间的监控接口,类似于 HA HeartBeat 的心跳线。但它的机制优于 Heartbeat,因为它没有“裂脑”这个问题,它是以优先级这个机制来规避这个麻烦的。在 DR 模式中,lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口
authentication { # 认证机制
auth_type PASS # 明文机制,或者ssl认证 (PASS|AH)
auth_pass 111111 # 认证密码
}
virtual_ipaddress { # VIP 地址, 每个IP占一行
# Block limited to 20 IP addresses @IP
192.168.10.202
}
}
# 虚拟服务器定义块
virtual_server 192.168.10.202 5432 { # virtual_server (@IP PORT)|(fwmark num)
delay_loop 2 # 健康检查时间间隔,单位:秒
lb_algo rr # rr|wrr|lc|wlc|sh|dh|lblc 负载均衡调度算法,互联网应用常用方式为wlc或rr
lb_kind DR # NAT|DR|TUN 负载均衡转发规则,一般使用路由(DR)转发规则
persistence_timeout 50 # http服务会话保持时间,单位:秒
protocol TCP # TCP|UDP 转发协议
real_server 192.168.10.181 5432 { # 真实服务器IP和端口,可以定义多个
weight 1 # 负载权重,值越大,转发的优先级越高
notify_down /etc/keepalived/postgresql11.sh # 服务停止后执行的脚本
TCP_CHECK { # 服务有效性检测
connect_port 5432 # 服务连接端口
connect_timeout 10 # 服务连接超时时长,单位:秒
nb_get_retry 3 # 服务连接失败重试次数
delay_before_retry 3 # 重试连接间隔,单位:秒
}
}
real_server 192.168.10.182 5432 {
weight 1
notify_down /etc/keepalived/postgresql11.sh
TCP_CHECK {
connect_port 5432
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
}
}
# real_server @IP PORT {
# weight num
# MISC_CHECK {
# misc_path /path_to_script/script.sh(or misc_path “/path_to_script/script.sh <arg_list>”)
# }
# }
# real_server @IP PORT {
# weight num
# HTTP_GET|SSL_GET {
# url {
# # You can add multiple url block path alphanum
# digest alphanum
# }
# connect_port num
# connect_timeout num
# nb_get_retry num
# delay_before_retry num
# }
# }
}
-- 相关脚本
cat >> /etc/keepalived/postgresql11.sh < EOF
#!/bin/sh
systemctl stop keepalived || pkill keepalived
EOF
-- arp需要安装net-tools [yum -y install net-tools ]
cat >> /etc/keepalived/script_master.sh < EOF
#!/bin/bash
VIP=192.168.10.202
GATEWAY=192.168.10.2
ETH_NAME=ens32
/sbin/arping -I ${ETH_NAME} -c 5 -s ${VIP} ${GATEWAY} &>/dev/null
EOF