簡介: Keepalived 是一個基於 VRRP 協議來實現 WEB 服務高可用的解決方案,用來避免單點故障。主伺服器會發送特定的消息給備份伺服器,當備份伺服器收不到這個消息時,即主伺服器宕機的時候,備份伺服器就會接管虛擬 IP ,繼續提供服務,從而保證高可用性。 下載地址:http://www. ...
簡介:
Keepalived 是一個基於 VRRP 協議來實現 WEB 服務高可用的解決方案,用來避免單點故障。主伺服器會發送特定的消息給備份伺服器,當備份伺服器收不到這個消息時,即主伺服器宕機的時候,備份伺服器就會接管虛擬 IP ,繼續提供服務,從而保證高可用性。
下載地址:http://www.keepalived.org/download.html
1、安裝 keepalived
shell > tar zxf keepalived-1.2.10.tar.gz -C ../ shell > cd ../keepalived-1.2.10/ shell > ./configure --prefix=/usr/local/keepalived --disable-lvs
## 這裡不使用 lvs ,所以要禁用它,不然會報錯無法通過,如果使用 lvs ,那麼先安裝 ipvsadm 。
shell > make ; make install
2、調整 keepalived
shell > cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ shell > cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ shell > cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ shell > mkdir /etc/keepalived shell > cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
3、修改主伺服器上的 keepalived.conf
shell > vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { # 全局配置 notification_email { # 設置報警郵件地址 ,多個地址換行寫 ,如開啟郵件報警本機需啟動 sendmail 服務 [email protected] [email protected] [email protected] } notification_email_from [email protected] # 郵件發送地址 smtp_server 192.168.200.1 # 設置郵件的 smtp server 地址 smtp_connect_timeout 30 # 設置連接 smtp server 的超時時間 router_id LVS_DEVEL # keepalived 標識 ,郵件主題內容 } ## 以上信息保持預設即可 ,我們不使用 keepalived 的郵件功能 vrrp_instance VI_1 { # VRRP 實例配置 ,VI_1 實例名稱 state MASTER # keepalived 角色 ,MASTER 為主伺服器 ,BACKUP 為備用伺服器 interface eth0 # 指定監聽的網路介面 virtual_router_id 80 # 虛擬路由標識 ,表示為一個數字 ,同一個 VRRP 實例使用唯一的標識 ,MASTER BACKUP 必須一致 priority 100 # 節點優先順序 ,數字越大 優先順序越高 ,範圍 0-255 ,同一 VRRP 實例中 MASTER 的優先順序必須大於 BACKUP 的優先順序 advert_int 1 # MASTER 與 BACKUP 同步檢查時間間隔 ,單位為 秒 # mcast_src_ip 192.169.1.88 # 發送多播包的地址 ,不設置時將使用綁定網卡所對應的 IP 地址 # garp_master_delay 10 # 切換到 MASTER 狀態後延時進行 Gratuitous arp 請求的時間 authentication { # 設置節點通信驗證類型和密碼 auth_type PASS # 類型有 PASS 和 AH 兩種 auth_pass 888888 # 驗證密碼 ,同一 VRRP 實例中 ,MASTER BACKUP 必須使用相同的密碼才能正常通信 } virtual_ipaddress { # 虛擬 IP ,又稱漂移 IP 地址 ,有多個時每行一個 。當 keepalived 為 MASTER 狀態時 ,這個 IP 會自動添加到系統 192.168.1.35 中 ,而切換到 BACKUP 時 ,這些 IP 又會自動從系統中刪除 。可以通過 ip add 命令查看。 } 可以寫成 :192.168.1.35 或 192.168.1.35 dev eth0 或 192.168.1.35/24 dev eth0 # nopreempt # 高可用集群中的不搶占功能 。只能在"狀態"為 BACKUP 的節點上設置 ,並且優先順序必須高於其他節點(1) # preemtp_delay 120 # 搶占延時時間 ,單位為 秒 。( 我定義為:常用在備節點上 # 沒研究透 ,慎用 )(2) }
## 1、如果不設置 nopreempt 參數 ,當主節點無法正常提供服務時 ,備節點會接管服務 ,而當主節點恢復正常時 ,主節點會再次自動接管服務 。
這種來回切換的操作對實時性和穩定性要求很高的業務來說是不理想的 ,存在著一定的風險和不穩定性 。配置此參數後 ,主節點恢復正常後不自動接管服務 ,服務會一直運行在備用節點上 ,直到備用節點發生故障才進行切換 。
## 2、有時系統啟動或重啟之後 ,網路需要經過一段時間才能正常工作 ,在這種情況下是無需進行切換的 ,preemtp_delay 參數用來設置這種情況的發生間隔。
在此時間內發生的故障將不會進行切換 ,如果超過 preemtp_delay 指定的時間 ,並且網路異常時 ,進行主備切換。
4、備機
1)、與 MASTER 相同
2)、與 MASTER 相同
3)、keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP # keepalived 備機狀態 interface eth0 virtual_router_id 80 # 虛擬路由標識要跟 MASTER 一致 priority 90 # 優先順序要比 MASTER 低 advert_int 1 authentication { auth_type PASS auth_pass 888888 # 驗證密碼要跟 MASTER 一致 } virtual_ipaddress { 192.168.1.35 # 虛擬 IP 地址 } preemtp_delay 120 # 當備節點 120 秒沒有接收到主節點發送的 VRRP 數據包時進行主備切換 }
5、主、備節點啟動 keepalived ( service keepalived start )
主節點日誌:
shell > tail -14 /var/log/messages Dec 30 13:31:32 study Keepalived[2987]: Starting Keepalived v1.2.10 (12/30,2014) Dec 30 13:31:32 study Keepalived[2988]: Starting VRRP child process, pid=2990 Dec 30 13:31:32 study Keepalived_vrrp[2990]: Registering Kernel netlink reflector Dec 30 13:31:32 study Keepalived_vrrp[2990]: Registering Kernel netlink command channel Dec 30 13:31:32 study Keepalived_vrrp[2990]: Registering gratuitous ARP shared channel Dec 30 13:31:32 study Keepalived_vrrp[2990]: Opening file '/etc/keepalived/keepalived.conf'. Dec 30 13:31:32 study Keepalived_vrrp[2990]: Configuration is using : 63321 Bytes Dec 30 13:31:32 study Keepalived_vrrp[2990]: Using LinkWatch kernel netlink reflector... Dec 30 13:31:32 study Keepalived_vrrp[2990]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] Dec 30 13:31:33 study Keepalived_vrrp[2990]: VRRP_Instance(VI_1) Transition to MASTER STATE Dec 30 13:31:34 study Keepalived_vrrp[2990]: VRRP_Instance(VI_1) Entering MASTER STATE Dec 30 13:31:34 study Keepalived_vrrp[2990]: VRRP_Instance(VI_1) setting protocol VIPs. Dec 30 13:31:34 study Keepalived_vrrp[2990]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35 Dec 30 13:31:44 study Keepalived_vrrp[2990]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35
## 可以看到倒數第四行 ,Entering MASTER STATE (進入 MASTER 狀態),並且將虛擬 IP 192.168.1.35 綁定在了 eth0 上
shell > ip add | grep -A 5 ^2: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d0:99:fa brd ff:ff:ff:ff:ff:ff inet 192.168.1.88/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.35/32 scope global eth0 inet6 fe80::20c:29ff:fed0:99fa/64 scope link valid_lft forever preferred_lft forever
## 可以看到虛擬 IP 192.168.1.35
備節點日誌:
shell > tail -15 /var/log/messages Dec 30 13:19:11 localhost Keepalived[2757]: Starting Keepalived v1.2.10 (12/30,2014) Dec 30 13:19:11 localhost Keepalived[2758]: Starting VRRP child process, pid=2760 Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Registering Kernel netlink reflector Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Registering Kernel netlink command channel Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Registering gratuitous ARP shared channel Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Opening file '/etc/keepalived/keepalived.conf'. Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Configuration is using : 63302 Bytes Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Using LinkWatch kernel netlink reflector... Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Entering BACKUP STATE Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] Dec 30 13:19:15 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Transition to MASTER STATE Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Entering MASTER STATE Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) setting protocol VIPs. Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35 Dec 30 13:19:21 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35
## 發現備節點居然也進入了 MASTER 狀態
shell > ip add | grep -A 5 ^2: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:46:d3:7c brd ff:ff:ff:ff:ff:ff inet 192.168.1.80/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.35/32 scope global eth0 inet6 fe80::20c:29ff:fe46:d37c/64 scope link valid_lft forever preferred_lft forever
## 也可以看到虛擬 IP 192.168.1.35
## 經過分析:
1、首先配置文件沒有錯
2、其次就是主備的選舉中出現了問題 ,主備選舉按優先順序來判定 ,優先順序高的為 MASTER ,低的為 BACKUP ,按配置文件來看也沒有問題
3、那麼就是主備檢測出了問題 ,正常情況下主會定期給備發送 VRRP 數據包 ,當備接收不到主發來的 VRRP 數據包時認為主不可用,然後從多個備中選舉新的 MASTER。
我們這個例子中只有一個備 ,所以當備無法收到主發來的 VRRP 數據包時 ,備就成為了主 ,而主還是主( 因為自己沒問題 )。
## 所以將故障定位在了備節點的 iptables( 因為備節點無法接收到主節點發來的 VRRP 數據包 )
備節點操作:
shell > iptables --line-numbers -nL Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination shell > iptables -I INPUT 4 -s 192.168.1.88 -j ACCEPT # 記得保存規則 ,否則重啟失效
馬上就會發現備節點從 MASTER 狀態切換回了 BACKUP 狀態:
shell > tail -f /var/log/messages Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Opening file '/etc/keepalived/keepalived.conf'. Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Configuration is using : 63302 Bytes Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: Using LinkWatch kernel netlink reflector... Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Entering BACKUP STATE Dec 30 13:19:11 localhost Keepalived_vrrp[2760]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] Dec 30 13:19:15 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Transition to MASTER STATE Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Entering MASTER STATE Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) setting protocol VIPs. Dec 30 13:19:16 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35 Dec 30 13:19:21 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.1.35 Dec 30 13:34:34 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Received higher prio advert Dec 30 13:34:34 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) Entering BACKUP STATE Dec 30 13:34:34 localhost Keepalived_vrrp[2760]: VRRP_Instance(VI_1) removing protocol VIPs.
## 倒數三行 ,Entering BACKUP STATE( 進入了 BACKUP 狀態 ),並且移除了 VIP
shell > ip add | grep -A 5 ^2 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:0c:29:46:d3:7c brd ff:ff:ff:ff:ff:ff inet 192.168.1.80/24 brd 192.168.1.255 scope global eth0 inet6 fe80::20c:29ff:fe46:d37c/64 scope link valid_lft forever preferred_lft forever
## VIP 消失了 。而此時的主還是主 !
6、測試高可用是否生效
## 當主節點關閉 keepalived 服務時 ,備節點瞬間綁定虛擬 IP ,主節點移除虛擬 IP ,在此過程中 ping 包會丟一個 。
## 當主節點恢復 keepalived 服務時 ,備節點瞬間移除虛擬 IP ,主節點綁定虛擬 IP ,在此過程中 ping 包會丟一個 。
## 關於參數 nopreempt
1> 測試發現,主節點無法提供服務時 ,被切換到備節點 。當主節點修複完成 ,加入網路的時候 ,如果 state 還為 MASTER 那麼此參數不生效,會搶占 VIP
2> 主節點後加入網路並且不想搶占資源時 ,state 應設為 BACKUP ,優先順序不變 ,保持最大 ,加入 nopreempt 參數可以實現此需求,當備節點故障時才搶占 VIP
