Keepalived使用
介绍
Keepalived高可用服务对之间的故障切换转移,是通过 VRRP (Virtual Router Redundancy Protocol ,虚拟路由器冗余协议)来实现的。
在 Keepalived服务正常工作时,主 Master节点会不断地向备节点发送(多播的方式)心跳消息,用以告诉备Backup节点自己还活看,当主 Master节点发生故障时,就无法发送心跳消息,备节点也就因此无法继续检测到来自主 Master节点的心跳了,于是调用自身的接管程序,接管主Master节点的 IP资源及服务。而当主 Master节点恢复时,备Backup节点又会释放主节点故障时自身接管的IP资源及服务,恢复到原来的备用角色
这里只做简单的介绍,具体可看官网
1. Keepalived的安装
安装前环境准备
sudo apt-get install libssl-dev
sudo apt-get install libpopt-dev
sudo apt-get install daemon
sudo apt-get install build-essential
sudo apt-get install libssl-dev
sudo apt-get install openssl
sudo apt-get install libpopt-dev
sudo apt-get install keepalived
启动、停止、查看状态
sudo systemctl start keepalived
sudo systemctl status keepalived
sudo systemctl stop keepalived
2. 配置说明
keepalived配置文件路径:/etc/keepalived
2.1. MASTER(主机配置)
配置文件/etc/keepalived/keepalived.conf
# MASTER
! Configuration File for keepalived
global_defs {
lvs_flush
}
vrrp_script chk_run {
script "/etc/keepalived/services-check.sh"
interval 3
}
vrrp_instance VI_1 {
interface eth2
state MASTER
virtual_router_id 6
priority 100
nopreempt
virtual_ipaddress {
192.168.2.122/20 dev eth2
}
authentication {
auth_type PASS
auth_pass apig2021
}
track_script {
chk_run
}
}
2.2. BACKUP(备机配置)
配置文件/etc/keepalived/keepalived.conf
## BACKUP
! Configuration File for keepalived
global_defs {
lvs_flush
}
vrrp_script chk_run {
script "/etc/keepalived/services-check.sh"
interval 3
}
vrrp_instance VI_1 {
interface eth5
state BACKUP
virtual_router_id 6
priority 50
nopreempt
virtual_ipaddress {
192.168.2.122/20 dev eth5
192.168.191.10 dev eth1
}
authentication {
auth_type PASS
auth_pass apig2021
}
track_script {
chk_run
}
}
2.3. 配置简要说明
1、服务健康检测脚本:/etc/keepalived/scripts/check_serv.sh 脚本内容见第四节
2、防止反转强占:
以下两种方式的配置,当其中一台机器keepalived挂掉后会自动VIP切到另一台机器,当挂掉机器keepalived恢复后不会抢占VIP,该方式可以避免机器恢复再次切VIP所带来的影响。
-
主机:(state BACKUP;priority 100)
-
备机:(state BACKUP;priority 99)
-
非抢占:nopreempt
或者:
-
主机:(state MASTER;priority 100)
-
备机:(state BACKUP;priority 100)
-
默认抢占
建议指定为非抢占:nopreempt,即priority高不会抢占已经绑定VIP的机器。
3、指定VIP
virtual_ipaddress {
# 以下两种方式都是可以的
1.1.1.1 dev eth3 # 虚拟VIP地址,允许多个
2.2.2.2
}
4、可以指定keepalived状态变化通知
notify_master "/etc/keepalived/keepalived_notify.sh master"
notify_backup "/etc/keepalived/keepalived_notify.sh backup"
notify_fault "/etc/keepalived/keepalived_notify.sh fault"
notify_stop "/etc/keepalived/keepalived_notify.sh stop"
5、virtual_router_id 15 ## 虚拟路由ID,取值在0-255之间,用来区分多个instance的VRRP组播,同一网段内ID不能重复,且主备必须为一样;如果同一个网段配置的virtual_router_id 重复则会报错,选择一个不重复的0~255之间的值,可以用以下命令查看已存在的vrid。
tcpdump -nn -i any net 224.0.0.0/8
6、
priority 99 # 优先级,谁的优先级高,谁就是master
7、
interface eth2 # 节点固有IP(非VIP)的网卡,用来发VRRP包做心跳检测
8、
advert_int 1 # 检查间隔默认为1秒,即1秒进行一次master选举(可以认为是健康查检时间间隔)
9、
global_defs {
router_id proxy-keepalived #标识信息,一个名字而已;
}
10、
state MASTER # 可以是MASTER或BACKUP,不过当其他节点keepalived启动时会将priority比较大的节点选举为MASTER
11、
authentication { # 认证区域,认证类型有PASS和HA(IPSEC),推荐使用PASS(密码只识别前8位)
auth_type PASS # 默认是PASS认证
auth_pass xxx # PASS认证密码
}
12、
vrrp_script check { #定义脚本
script "“/server/scripts/check_web.sh" --- 表示将一个脚本信息赋值给变量check_web
interval 2 --- 执行监控脚本的间隔时间
weight 2 ---利用权重值和优先级进行运算,从而降低主服务优先级使之变为备服务器(建议先忽略)
}
track_script { #调用脚本
check
}
监听端口,查看服务是否可用
## 监听端口脚本【通过脚本监听端口判断服务是否正常】
#!/bin/bash
PORTARR=('8080' '3306')
for port in ${PORTARR[*]}
do
echo $port
netstat -lntp | grep ":$port "
result_port=$?
if [ $result_port -ne 0 ]; then
echo "${port} 服务 pid not found">>/etc/keepalived/keepalived.log
exit 10
fi
done