Keepalived

Keepalived故障切换转移原理
Keepalived Directors 之间的故障切换转移,是通过VRRP协议(Virtual Router Redundancy Protocol 中文虚拟路由器冗余协议)来实现的
在Keepalived Directors正常工作时,主Director节点会不断地向备节点广播心跳消息,用以告诉备节点自己还活着,当主节点发生故障时,备节点就无法继续检测到主节点的
心跳,进而调用自身的接管程序,接管主节点的ip资源及服务。当主节点恢复故障时,备节点会释放主节点故障时接管的ip资源和服务,恢复到原来的自身的备用角色

VRRP协议的出现是为了解决静态路由的单点故障,VRRP是通过一种竞选协议机制来将路由任务交给某台VRRP路由器

keepalived官网 https://www.keepalived.org

 

一、keepalived安装
1. 下载keepalived
# mkdir -p /root/tools
# cd /root/tools
# wget --no-check-certificate  https://www.keepalived.org/software/keepalived-1.4.2.tar.gz

2. 安装keepalived
# 安装前确认是否有kernels版本信息,若没有 yum install -y kernel-devel安装
[root@keepalived-master tools]# ls /usr/src/kernels/|wc -l
0

[root@keepalived-master tools]# yum install -y kernel-devel
已加载插件:fastestmirror
...
...
已安装:
  kernel-devel.x86_64 0:3.10.0-1160.45.1.el7                                                                                                                                                                     

完毕!

# 创建软连
[root@keepalived-master tools]# ln -s /usr/src/kernels/3.10.0-1160.45.1.el7.x86_64 /usr/src/linux
[root@keepalived-master tools]# ls /usr/src/ -l
总用量 0
drwxr-xr-x. 2 root root  6 8月  12 2015 debug
drwxr-xr-x. 3 root root 40 10月 16 20:53 kernels
lrwxrwxrwx. 1 root root 44 10月 16 20:55 linux -> /usr/src/kernels/3.10.0-1160.45.1.el7.x86_64

[root@keepalived-master tools]# tar zxf keepalived-1.4.2.tar.gz 
[root@keepalived-master tools]# cd keepalived-1.4.2
[root@keepalived-master keepalived-1.1.17]# ./configure 
...
... 
Keepalived configuration
------------------------
Keepalived version       : 1.4.2
Compiler                 : gcc
Preprocessor flags       :  -I/usr/include/libnl3 
Compiler flags           : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -fPIE -D_GNU_SOURCE  
Linker flags             : -pie
Extra Lib                : -lcrypto -lssl -lnl-genl-3 -lnl-3
Use IPVS Framework       : Yes
IPVS use libnl           : Yes
IPVS syncd attributes    : No
IPVS 64 bit stats        : No
fwmark socket support    : Yes
Use VRRP Framework       : Yes
Use VRRP VMAC            : Yes
Use VRRP authentication  : Yes
With ip rules/routes     : Yes
SNMP vrrp support        : No
SNMP checker support     : No
SNMP RFCv2 support       : No
SNMP RFCv3 support       : No
DBUS support             : No
SHA1 support             : No
Use Debug flags          : No
smtp-alert debugging     : No
Use Json output          : No
Stacktrace support       : No
Memory alloc check       : No
libnl version            : 3
Use IPv4 devconf         : No
Use libiptc              : No
Use libipset             : No
init type                : systemd
Build genhash            : Yes
Build documentation      : No

[root@keepalived-master keepalived-1.4.2]# make
[root@keepalived-master keepalived-1.4.2]# make install


3.配置规范启动
# 拷贝启动文件至/etc/init.d/
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/init.d/keepalived /etc/init.d/
# 配置启动脚本的参数
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# 创建默认的keepalived配置文件路径
[root@keepalived-master keepalived-1.4.2]# mkdir -p /etc/keepalived
# 将配置文件模板拷贝的/etc/keepalived下
[root@keepalived-master keepalived-1.4.2]# cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@keepalived-master keepalived-1.4.2]# cp /usr/local/sbin/keepalived /usr/sbin/


一个完整地keepalived配置文件由3个部分组成,分别是全局定义部分,vrrp实力定义部分以及虚拟服务器定义部分,配置信息说明如下
root@keepalived-master keepalived]# vim keepalived.conf
! Configuration File for keepalived
# 全局定义部分
global_defs {
   notification_email {
     acassen@firewall.loc    # 设置报警邮件地址,可以设置多个,每行一个,
                             # 如果要开启邮件报警,需要开启本机sendmail服务
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc   # 设置邮件的发送地址
   smtp_server 192.168.200.1                # 设置smtp server地址
   smtp_connect_timeout 30                  # 设置超时时间
   router_id LVS_DEVEL                      # 表示运行keepalived服务器的一个标识。发邮件时显示在邮件主题中的信息,可以定位为主机ip
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
# vrrp 实例定义部分
vrrp_instance VI_1 {
    state MASTER        # 定义keepalived的角色,MASTER表示此主机为主服务器,BACKUP表示此主机为备用服务器,注意主备大小写
    interface eth0      # 网卡名,用ifconfig查看 ,一定是要存在的网卡设备
    virtual_router_id 51   # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识,即同一个vrrp_instance下,MASTER和BACKUP必须一致
    priority 100   # 定义优先级,数字越大,优先级越高。在同一个vrrp_instance下,MASTER的优先级大于BACKUP
    advert_int 1   # 设置MASTER和BACKUP负载均衡器之间同步的时间间隔,单位是秒
    authentication {   # 设置验证类型和密码
        auth_type PASS  # 类型主要有PASS和AH两种
        auth_pass 1111  # 验证密码,同一个vrrp_instance下,MASTER和BACKUP必须使用相同的密码才能正常通信
    }
    virtual_ipaddress {  # 设置虚拟ip地址,可以设置多个,每行一个
        192.168.200.16
        192.168.200.17
        192.168.200.18
    }
}
# 虚拟服务定义部分
virtual_server 192.168.200.100 443 {  # 设置虚拟服务器,需要指定虚拟ip地址和服务端口,ip与端口之间用空格隔开
    delay_loop 6  # 设置检查真实服务器运行的时间间隔,单位秒
    lb_algo rr    # 设置负载调度算法,rr为轮询算法
    lb_kind NAT   # 设置LVS实现负载均衡的机制,有NAT TUN DR 三种模式
    persistence_timeout 50
    # 会话保持时间,单位秒,这个选项对动态页面非常有用,为集群中的session共享提供了一个很好的解决方案,有了这个会话保持功能,用户的请求会被一直分发到某个服务
    # 节点,直到超过这个会话的保持时间,需要注意的是,这个会话保持是最大无响应时间,也就是说,用户在操作动态页面时,如果在50s内没有执行任何操作,那么接下来的
    # 操作会被分发到其他节点,但是如果用户一直在操作动态页面,则不受50s的时间限制
    protocol TCP  # 指定转发协议,有TCP和UDP两种

    real_server 192.168.201.100 443 { # 配置服务节点,需要指定real server的真实ip和端口,ip与端口时间用空格隔开
        weight 1 # 配置服务节点的权值,数字越大,权值越高。可以通过权重设置,分发节点请求
        SSL_GET { # ssl健康检查
            url {
              path /
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
              # status_code 200       获取状态码
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }
            connect_timeout 3   # 标识3秒无响应超时
            retry 3             # 标识重试3次
            delay_before_retry 3  # 标识重试间隔
        }
    }
}

virtual_server 10.10.10.2 1358 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT
    persistence_timeout 50
    protocol TCP

    sorry_server 192.168.200.200 1358

    real_server 192.168.200.2 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            url {
              path /testurl3/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334d
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.3 1358 {
        weight 1
        HTTP_GET {
            url {
              path /testurl/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            url {
              path /testurl2/test.jsp
              digest 640205b7b0fc66c1ea91c463fac6334c
            }
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }

    real_server 192.168.200.4 1358 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            retry 3
            delay_before_retry 3
        }
    }
}

健康检查: 

https://blog.csdn.net/yaoyaodexiaozhu/article/details/52067931

日志路径修改
默认日志路径:/var/log/messages 在centos 6下可以: (1)首先修改/etc/sysconfig/keepalived文件,注释掉如下,添加如下: #KEEPALIVED_OPTIONS="-D" KEEPALIVED_OPTIONS="-D -d -S 0" (2)其次修改 /etc/rsyslog.conf 文件,添加如下: local0.* /var/log/keepalived.log 在centos 7 下,还需要修改/lib/systemd/system/keepalived.service 文件: centos 7使用。因为centos 7使用systemctl,通过systemctl调用service,所以需要修改/lib/systemd/system/keepalived.service文件。 将里面的: EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS 修改成: EnvironmentFile=/etc/sysconfig/keepalived ExecStart=/sbin/keepalived $KEEPALIVED_OPTIONS 然后重新加载service: systemctl daemon-reload
报错
1. configure: error: no acceptable C compiler found in $PATH
    See `config.log' for more details.
解决方案:
   yum -y install gcc

2. 
configure: error:
  !!! OpenSSL is not properly installed on your system. !!!
  !!! Can not include OpenSSL headers files.            !!!
解决方案:
yum -y install openssl-devel

3.
configure: error: Popt libraries is required
解决方案:
yum install popt-devel -y

4.
configure: error: libnfnetlink headers missing
解决方案:
yum install -y libnfnetlink-devel

  

上一篇:keepalived通知脚本


下一篇:keepalived工作原理