1、keepalived简介:node

keepalived是一个相似于layer3, 4 & 5交换机制的软件,也就是咱们平时说的第3层、第4层和第5层交换。Keepalived的做用是检测web服务器的状态,若是有一台web服务器死机,或工做出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工做正常后Keepalived自动将web服务器加入到服务器群中,这些工做所有自动完成,不须要人工干涉,须要人工作的只是修复故障的web服务器。linux

 

工做原理nginx

211837606.png

Layer3,4&5工做在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别以下:web

Layer3:Keepalived使用Layer3的方式工做式时,Keepalived会按期向服务器群中的服务器发送一个ICMP的数据包(既咱们平时用的Ping程序),若是发现某台服务的IP地址没有激活,Keepalived便报告这台服务器失效,并将它从服务器群中剔除,这种状况的典型例子是某台服务器被非法关机。Layer3的方式是以服务器的IP地址是否有效做为服务器工做正常与否的标准。shell

Layer4:若是您理解了Layer3的方式,Layer4就容易了。Layer4主要以TCP端口的状态来决定服务器工做正常与否。如web server的服务端口通常是80,若是Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中剔除。vim

Layer5:Layer5就是工做在具体的应用层了,比Layer3,Layer4要复杂一点,在网络上占用的带宽也要大一些。Keepalived将根据用户的设定检查服务器程序的运行是否正常,若是与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除。centos

 

2、实验步骤:bash

1.建立管理节点在node1上,创建双机互信node1和node2,而后同步时间,安装keepalived服务器

[root@node1~]# ansible all -m yum -a 'name=keepalived state=present' [root@node1keepalived]# rpm -qc keepalived /etc/keepalived/keepalived.conf//生成的主配置文件 /etc/sysconfig/keepalived
 

 

2.在node1上配置文件须要作一下修改网络

global_defs{ notification_email { root@localhost //收邮件人,能够定义多个 } notification_email_from kaadmin@localhost //发邮件人能够假装 smtp_server 127.0.0.1 //发送邮件的服务器地址 smtp_connect_timeout 30 //链接超时时间 router_id LVS_DEVEL } vrrp_instanceVI_1 { //每个vrrp_instance就是定义一个虚拟路由器的 state MASTER //由初始状态状态转换为master状态 interface eth0 virtual_router_id 51 //虚拟路由的id号,通常不能大于255的 priority 100 //初始化优先级 advert_int 1 //初始化通告 authentication { //认证机制 auth_type PASS auth_pass 1111 //密码 } virtual_ipaddress { //虚拟地址vip 172.16.2.8 } }
 

3.把配置文件复制到node2上一份,并修改初始状态和优先级

[root@node1keepalived]# scp keepalived.conf node2:/etc/keepalived/ [root@node2~]# cd /etc/keepalived/ [root@node2keepalived]# ls keepalived.conf [root@node2keepalived]# vim keepalived.conf vrrp_instanceVI_1 { state BACKUP //初始化状态 interface eth0 virtual_router_id 51 priority 99 //优先级,必定要比master的优先级要低 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.2.8 } }
 

在node1上开始启动服务[root@node1 ~]# servicekeepalived start

而后检查ip地址

[root@node1~]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:4e:22:fb brdff:ff:ff:ff:ff:ff inet 172.16.2.1/16 brd 172.16.255.255 scopeglobal eth0 inet 172.16.2.8/32 scopeglobal eth0 inet 172.16.10.8/16 brd 172.16.255.255 scopeglobal secondary eth0:0 inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 2e:79:b3:b2:3e:31 brdff:ff:ff:ff:ff:ff
 

4.如今把node1的keepalived停掉

[root@node1keepalived]# service keepalived stop

Stoppingkeepalived: [ OK ]

验证node2是否把virtual_ipaddress拿走

[root@node2~]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:74:c7:7b brdff:ff:ff:ff:ff:ff inet 172.16.2.16/16 brd172.16.255.255 scope global eth0 inet 172.16.2.8/32 scopeglobal eth0 inet6 fe80::20c:29ff:fe74:c77b/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether0a:b1:ef:7b:93:18 brd ff:ff:ff:ff:ff:ff
 

验证成功

 

能够在配置文件中手动经过vrrp_script定义一个外围的检测机制,并在vrrp_instance中经过定义track_script来追踪脚本执行过程,实现节点转移

实验测试在/etc/keepalived/keepalived.conf中作一下修改

global_defs{ notification_email { root@localhost } notification_email_from kaadmin@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_maintainace { //检测机制的脚本名称为chk_maintainace script "[[ -e/etc/keepalived/down ]] && exit 1 || exit 0" //能够是个脚本路径,也能够是脚本命令 interval 1 //每隔1秒中检测一次 weight -2 //优先级减2 } vrrp_instanceVI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.2.8 } track_script { //调用外围脚本,追踪外围脚本执行过程 chk_maintainace } } [root@node1 keepalived]# touch down //在node1上建立down文件 [root@node1 keepalived]# ls down keepalived.conf keepalived.conf.bak
 

在node2上作一样的操做,但不建立down文件,以后一块儿重启服务

[root@node1 keepalived]# ansible all -m shell -a 'service keepalivedrestart' node2.magedu.com| success | rc=0 >> Stoppingkeepalived: [FAILED] Startingkeepalived: [ OK ] node1.magedu.com| success | rc=0 >> Stoppingkeepalived: [ OK ] Startingkeepalived: [ OK ]
 

进行检测

[root@node2keepalived]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:74:c7:7b brdff:ff:ff:ff:ff:ff inet 172.16.2.16/16 brd172.16.255.255 scope global eth0 inet 172.16.2.8/32 scopeglobal eth0 inet6 fe80::20c:29ff:fe74:c77b/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether0a:b1:ef:7b:93:18 brd ff:ff:ff:ff:ff:ff
 

此时将node1中/etc/keepalived/下的down删除,进行查看

[root@node1keepalived]# ls down keepalived.conf keepalived.conf.bak [root@node1keepalived]# rm down rm:remove regular empty file `down'? y [root@node1keepalived]# ls keepalived.conf keepalived.conf.bak [root@node1 keepalived]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:4e:22:fb brdff:ff:ff:ff:ff:ff inet 172.16.2.1/16 brd 172.16.255.255 scopeglobal eth0 inet 172.16.2.8/32 scopeglobal eth0 inet 172.16.10.8/16 brd 172.16.255.255scope global secondary eth0:0 inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether0a:bd:4f:a9:ed:67 brd ff:ff:ff:ff:ff:ff
 

 

验证成功

 

3、详细介绍如下四个功能实现操做

1.如何在状态转换时进行通知?

2.如何配置Ipvs?

3.如何对某特定服务作高可用

4.如何实现基于多虚拟路由的master/master模型?

 

1.要在状态转换是进行通知,须要定义通知脚本能够在

vrrp_sync_group{

}中定义,也能够在

vrrp_instance{

}中定义

经过man keepalived命令能够查看通知脚本定义的两种方法

第一种

# to MASTER transition

notify_master /path/to_master.sh

# to BACKUP transition

notify_backup /path/to_backup.sh

# FAULT transition

notify_fault "/path/fault.sh VG_1"

第二种

#arguments

# $1 ="GROUP"|"INSTANCE"

# $2 = name of group or instance

# $3 = target state of transition

# ("MASTER"|"BACKUP"|"FAULT")

notify /path/notify.sh

 

例如:

转换为MASTER的状态通知

#!/bin/bash # vip=172.16.2.8 contact='root@localhost' thisip=`ifconfigeth0 | awk '/inet addr:/{print $2}' | awk -F: '{print $2}'` notify(){ mailbody="vrrp transaction, $vipfloated to $thisip." subject="$thisip is to be $vipmaster" echo $mailbody | mail -s $subject $contact } notify
 

其余状态转换相似

下面用一个脚本notify.sh实现状态转换通知的简单示例:

#!/bin/bash #Author: MageEdu <linuxedu@foxmail.com> #description: An example of notify script # vip=172.16.2.8 contact='root@localhost' notify(){ mailsubject="`hostname` to be $1: $vipfloating" mailbody="`date '+%F %H:%M:%S'`: vrrptransition, `hostname` changed to be $1" echo $mailbody | mail -s"$mailsubject" $contact } case"$1" in master) notify master exit 0 ;; backup) notify backup exit 0 ;; fault) notify fault exit 0 ;; *) echo 'Usage: `basename $0`{master|backup|fault}' exit 1 ;; esac
 

进行测试

[root@node1keepalived]# ./notify.sh backup [root@node1keepalived]# mail HeirloomMail version 12.4 7/29/08. Type ? forhelp. "/var/spool/mail/root":6 messages 1 new 6 unread U 1centos@stu2.magedu.c Sat Aug 1709:34 17/644 "*** SECURITY" U 2Cron Daemon Tue Aug 2700:01 22/747 "Cron <root@s" U 3Cron Daemon Fri Aug 3000:01 22/747 "Cron <root@s" U 4Mail Delivery System Fri Aug 3017:42 91/2751 "Undelivered " U 5Cron Daemon Tue Sep 3 00:01 22/747 "Cron<root@s" >N 6 root Thu Sep 26 21:19 18/700 "node1.magedu" &6 Message 6: Fromroot@node1.magedu.com Thu Sep 2621:19:32 2013 Return-Path:<root@node1.magedu.com> X-Original-To:root@localhost Delivered-To:root@localhost.magedu.com Date:Thu, 26 Sep 2013 21:19:32 +0800 To:root@localhost.magedu.com Subject:node1.magedu.com to be backup: 172.16.2.8 floating User-Agent:Heirloom mailx 12.4 7/29/08 Content-Type:text/plain; charset=us-ascii From:root@node1.magedu.com (root) Status:R 2013-09-26 21:19:32: vrrp transition, node1.magedu.com changed to bebackup &quit Held6 messages in /var/spool/mail/root Youhave mail in /var/spool/mail/root
 

经过传参数master|backup|fault验证均可以成功

在配置文件keepalived.conf中进行脚本调用

vrrp_instanceVI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.2.8 } track_script { chk_maintainace } notify_master "/etc/keepalived/notify.shmaster" notify_backup"/etc/keepalived/notify.sh backup" notify_fault"/etc/keepalived/notify.sh fault" }
 

为node2提供一样的配置而后进行测试

[root@node1keepalived]# ls

down keepalived.conf keepalived.conf.bak notify.sh

[root@node1keepalived]# rm -f down

[root@node1keepalived]# mail

>N18 root Thu Sep 2621:57 18/700 "node1.magedu.comto be master: 172.16.2.8 floating"截取了一条

验证均可以成功

 

二、如何配置ipvs

virtual_server172.16.2.8 80{ delay_loop 6 lb_algo rr lb_kind NAT nat_mask 255.255.0.0 persistence_timeout 0 protocol TCP # real_server 172.16.2.1 80 { weight 1 HTTP_GET { url { path / state_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 172.16.2.16 80 { weight 1 HTTP_GET { url { path / state_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } }
 

在node2上作一样的修改,启动httpd服务,keepalived能自动生成规则,而后查看ipvsadm规则

[root@node1keepalived]# ipvsadm -L -n IPVirtual Server version 1.2.1 (size=4096) ProtLocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 172.16.2.8:80 rr -> 172.16.2.1:80 Local 1 0 0 -> 172.16.2.16:80 Masq 1 0 0
 

三、如何对某特定服务作高可用?以nginx为例进行讲解

在两个节点上安装nginx

[root@node1~]# ansible all -m yum -a 'name=nginx state=present'

启动nginx服务,启动以前注意要中止httpd服务

[root@node1~]# ansible all -m shell -a 'service nginx start' node2.magedu.com| success | rc=0 >> Startingnginx: [ OK ] node1.magedu.com| success | rc=0 >> Startingnginx: [ OK ]
 

对node1和node2中/etc/keepalived/下的notify.sh脚本进行修改

#!/bin/bash #Author: MageEdu <linuxedu@foxmail.com> #description: An example of notify script # vip=172.16.2.8 contact='root@localhost' notify(){ mailsubject="`hostname` to be $1: $vipfloating" mailbody="`date '+%F %H:%M:%S'`: vrrptransition, `hostname` changed to be $1" echo $mailbody | mail -s"$mailsubject" $contact } case"$1" in master) notify master /etc/rc.d/init.d/nginx start exit 0 ;; backup) notify backup /etc/rc.d/init.d/nginx stop exit 0 ;; fault) notify fault /etc/rc.d/init.d/nginx stop exit 0 ;; *) echo 'Usage: `basename $0`{master|backup|fault}' exit 1 ;; esac
 

而后启动keepalived服务,能够看到在node1上80端口开始启用

[root@node1keepalived]# ss -tanl | grep :80

LISTEN 0 128 *:80 *:*

而后在/etc/keepalive/下建立down文件,看nginx服务是否能够转移到node2上

[root@node1keepalived]# ls keepalived.conf keepalived.conf.bak notify.sh [root@node1keepalived]# touch down [root@node1keepalived]# ss -tanl | grep :80 [root@node1keepalived]# 在node2上进行查看 [root@node2keepalived]# ss -tanl | grep :80 LISTEN 0 128 *:80 *:*
 

验证成功,说明实现了nginx的高可用服务

总结:要对某特定服务作高可用有两个要点

一是:要提供监控服务脚本

二是:在vrrp实例中追踪服务

修改配置文件keepalived.conf

vrrp_script chk_nginx { script "killall -0 nginx" interval 1 weight -2 } vrrp_instanceVI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.2.8 } track_script { chk_maintainace chk_nginx }
 

在node2上作一样的修改

测试:

[root@node2keepalived]# killall nginx

Youhave new mail in /var/spool/mail/root

[root@node2keepalived]# ss -tanl | grep :80

[root@node2keepalived]#

在node1上

[root@node1keepalived]# ss -tanl | grep :80

LISTEN 0 128 *:80 *:*

验证成功

四、如何实现基于多虚拟路由的master/master模型?

要实现双主模型须要定义两个vrrp_instance,在node1的配置文件中要一下修改:

vrrp_instanceVI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.16.2.8 } track_script { chk_maintainace chk_nginx } notify_master"/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.shbackup" notify_fault "/etc/keepalived/notify.shfault" } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 55 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 2111 } virtual_ipaddress { 172.16.2.18 } track_script { chk_maintainace chk_nginx } notify_master"/etc/keepalived/notify.sh master" notify_backup"/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.shfault" }
 

在node2上作一样的修改,重启keepalived,进行测试

[root@node1keepalived]# service nginx status nginx(pid 28688) is running... [root@node1keepalived]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:4e:22:fb brdff:ff:ff:ff:ff:ff inet 172.16.2.1/16 brd 172.16.255.255 scopeglobal eth0 inet 172.16.2.8/32 scopeglobal eth0 inet 172.16.10.8/16 brd 172.16.255.255scope global secondary eth0:0 inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 6a:7a:4f:e0:c1:8a brdff:ff:ff:ff:ff:ff Youhave new mail in /var/spool/mail/root
 

在node2上

[root@node2keepalived]# service nginx start Startingnginx: [ OK ] [root@node2keepalived]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:74:c7:7b brd ff:ff:ff:ff:ff:ff inet 172.16.2.16/16 brd172.16.255.255 scope global eth0 inet 172.16.2.18/32 scopeglobal eth0 inet6 fe80::20c:29ff:fe74:c77b/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether3a:4e:e8:4c:57:04 brd ff:ff:ff:ff:ff:ff 让node2的keepalived停掉,查看地址是否发生转移 [root@node1keepalived]# ip addr show 1:lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast stateUP qlen 1000 link/ether 00:0c:29:4e:22:fb brd ff:ff:ff:ff:ff:ff inet 172.16.2.1/16 brd172.16.255.255 scope global eth0 inet 172.16.2.8/32 scopeglobal eth0 inet 172.16.2.18/32 scopeglobal eth0 inet 172.16.10.8/16 brd 172.16.255.255scope global secondary eth0:0 inet6 fe80::20c:29ff:fe4e:22fb/64 scopelink valid_lft forever preferred_lft forever 3:pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 6a:7a:4f:e0:c1:8a brdff:ff:ff:ff:ff:ff Youhave new mail in /var/spool/mail/root
 

验证成功