Keepalived故障切换转移原理
Keepalived Directors 之间的故障切换转移,是通过VRRP协议(Virtual Router Redundancy Protocol 中文虚拟路由器冗余协议)来实现的
在Keepalived Directors正常工作时,主Director节点会不断地向备节点广播心跳消息,用以告诉备节点自己还活着,当主节点发生故障时,备节点就无法继续检测到主节点的
心跳,进而调用自身的接管程序,接管主节点的ip资源及服务。当主节点恢复故障时,备节点会释放主节点故障时接管的ip资源和服务,恢复到原来的自身的备用角色
VRRP协议的出现是为了解决静态路由的单点故障,VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器
keepalived官网 https://www.keepalived.org
一、keepalived安装
1. 下载keepalived
# mkdir -p /root/tools
# cd /root/tools
# wget --no-check-certificate https://www.keepalived.org/software/keepalived-1.4.2.tar.gz
2. 安装keepalived
# 安装前确认是否有kernels版本信息,若没有 yum install -y kernel-devel安装
[root@keepalived-master tools]# ls /usr/src/kernels/|wc -l
0
[root@keepalived-master tools]# yum install -y kernel-devel
已加载插件:fastestmirror
...
...
已安装:
kernel-devel.x86_64 0:3.10.0-1160.45.1.el7
完毕!
# 创建软连
[root@keepalived-master tools]# ln -s /usr/src/kernels/3.10.0-1160.45.1.el7.x86_64 /usr/src/linux
[root@keepalived-master tools]# ls /usr/src/ -l
总用量 0
drwxr-xr-x. 2 root root 6 8月 12 2015 debug
drwxr-xr-x. 3 root root 40 10月 16 20:53 kernels
lrwxrwxrwx. 1 root root 44 10月 16 20:55 linux -> /usr/src/kernels/3.10.0-1160.45.1.el7.x86_64
[root@keepalived-master tools]# tar zxf keepalived-1.4.2.tar.gz
[root@keepalived-master tools]# cd keepalived-1.4.2
[root@keepalived-master keepalived-1.1.17]# ./configure
...
...
Keepalived configuration
------------------------
Keepalived version : 1.4.2
Compiler : gcc
Preprocessor flags : -I/usr/include/libnl3
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -fPIE -D_GNU_SOURCE
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl-genl-3 -lnl-3
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use Debug flags : No
smtp-alert debugging : No
Use Json output : No
Stacktrace support : No
Memory alloc check : No
libnl version : 3
Use IPv4 devconf : No
Use libiptc : No
Use libipset : No
init type : systemd
Build genhash : Yes
Build documentation : No
[root@keepalived-master keepalived-1.4.2]# make
[root@keepalived-master keepalived-1.4.2]# make install
3.配置规范启动
# 拷贝启动文件至/etc/init.d/
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/init.d/keepalived /etc/init.d/
# 配置启动脚本的参数
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# 创建默认的keepalived配置文件路径
[root@keepalived-master keepalived-1.4.2]# mkdir -p /etc/keepalived
# 将配置文件模板拷贝的/etc/keepalived下
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@keepalived-master keepalived-1.4.2]# cp /usr/local/sbin/keepalived /usr/sbin/
一个完整地keepalived配置文件由3个部分组成,分别是全局定义部分,vrrp实力定义部分以及虚拟服务器定义部分,配置信息说明如下
root@keepalived-master keepalived]# vim keepalived.conf
! Configuration File for keepalived
# 全局定义部分
global_defs {
notification_email {
acassen@firewall.loc # 设置报警邮件地址,可以设置多个,每行一个,
# 如果要开启邮件报警,需要开启本机sendmail服务
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc # 设置邮件的发送地址
smtp_server 192.168.200.1 # 设置smtp server地址
smtp_connect_timeout 30 # 设置超时时间
router_id LVS_DEVEL # 表示运行keepalived服务器的一个标识。发邮件时显示在邮件主题中的信息,可以定位为主机ip
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# vrrp 实例定义部分
vrrp_instance VI_1 {
state MASTER # 定义keepalived的角色,MASTER表示此主机为主服务器,BACKUP表示此主机为备用服务器,注意主备大小写
interface eth0 # 网卡名,用ifconfig查看 ,一定是要存在的网卡设备
virtual_router_id 51 # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识,即同一个vrrp_instance下,MASTER和BACKUP必须一致
priority 100 # 定义优先级,数字越大,优先级越高。在同一个vrrp_instance下,MASTER的优先级大于BACKUP
advert_int 1 # 设置MASTER和BACKUP负载均衡器之间同步的时间间隔,单位是秒
authentication { # 设置验证类型和密码
auth_type PASS # 类型主要有PASS和AH两种
auth_pass 1111 # 验证密码,同一个vrrp_instance下,MASTER和BACKUP必须使用相同的密码才能正常通信
}
virtual_ipaddress { # 设置虚拟ip地址,可以设置多个,每行一个
192.168.200.16
192.168.200.17
192.168.200.18
}
}
# 虚拟服务定义部分
virtual_server 192.168.200.100 443 { # 设置虚拟服务器,需要指定虚拟ip地址和服务端口,ip与端口之间用空格隔开
delay_loop 6 # 设置检查真实服务器运行的时间间隔,单位秒
lb_algo rr # 设置负载调度算法,rr为轮询算法
lb_kind NAT # 设置LVS实现负载均衡的机制,有NAT TUN DR 三种模式
persistence_timeout 50
# 会话保持时间,单位秒,这个选项对动态页面非常有用,为集群中的session共享提供了一个很好的解决方案,有了这个会话保持功能,用户的请求会被一直分发到某个服务
# 节点,直到超过这个会话的保持时间,需要注意的是,这个会话保持是最大无响应时间,也就是说,用户在操作动态页面时,如果在50s内没有执行任何操作,那么接下来的
# 操作会被分发到其他节点,但是如果用户一直在操作动态页面,则不受50s的时间限制
protocol TCP # 指定转发协议,有TCP和UDP两种
real_server 192.168.201.100 443 { # 配置服务节点,需要指定real server的真实ip和端口,ip与端口时间用空格隔开
weight 1 # 配置服务节点的权值,数字越大,权值越高。可以通过权重设置,分发节点请求
SSL_GET { # ssl健康检查
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
# status_code 200 获取状态码
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3 # 标识3秒无响应超时
retry 3 # 标识重试3次
delay_before_retry 3 # 标识重试间隔
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.4 1358 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
健康检查:
https://blog.csdn.net/yaoyaodexiaozhu/article/details/52067931
日志路径修改
默认日志路径:/var/log/messages 在centos 6下可以: (1)首先修改/etc/sysconfig/keepalived文件,注释掉如下,添加如下: #KEEPALIVED_OPTIONS="-D" KEEPALIVED_OPTIONS="-D -d -S 0" (2)其次修改 /etc/rsyslog.conf 文件,添加如下: local0.* /var/log/keepalived.log 在centos 7 下,还需要修改/lib/systemd/system/keepalived.service 文件: centos 7使用。因为centos 7使用systemctl,通过systemctl调用service,所以需要修改/lib/systemd/system/keepalived.service文件。 将里面的: EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS 修改成: EnvironmentFile=/etc/sysconfig/keepalived ExecStart=/sbin/keepalived $KEEPALIVED_OPTIONS 然后重新加载service: systemctl daemon-reload
报错
1. configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
解决方案:
yum -y install gcc
2.
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
解决方案:
yum -y install openssl-devel
3.
configure: error: Popt libraries is required
解决方案:
yum install popt-devel -y
4.
configure: error: libnfnetlink headers missing
解决方案:
yum install -y libnfnetlink-devel