Keepalived实现高可用
参考文档:
1. keepalived
user guide:
2. 安装文档:源码解压包中的INSTALL文档
本文涉及keepalived的安装,简单配置,为haproxy做高可用。
一.环境准备
1. 操作系统
CentOS-7-x86_64-Everything-1511
2. Keepalived版本
截至2017-03-22,keepalived版本是1.3.5:
3. 拓扑图
1) 采用VMware ESXi虚拟出的2台服务器node1/2,前端访问地址10.11.4.151/152,后端地址192.168.4.151/2;
2) Web1服务器为采用docker技术生成的1台服务器,已安装并启动nginx与php服务,ip地址192.168.4.171;
3) Web2/3同Web1服务器,ip地址192.168.4.172/173;
4) 计划在node1/2两台服务器上部署keepalive&haproxy,利用keepalived虚拟出vip:10.11.4.150做高可用;
5) Haproxy相关配置请参考:http://blog.chinaunix.net/uid-26168435-id-5761429.html,调整后将静态网页指向web1/2服务器的index.html,将动态网页指向web1/2服务器的index.php,其他指向web3服务器;
6) 以web1为例,设置测试页面,以方便后续查看验证结果。
二.Keepalived安装配置
以下流程均在node1节点完成,node2节点请参考node1做适当修改。
1. 依赖软件
-
[root@elk-node1 ~]# yum install openssl-devel libnl3-devel ipset-devel iptables-devel libnfnetlink-devel popt popt-static popt-devel gcc kernel-headers kernel-devel net-snmp-devel -y
#升级或者安装相关软件,不是必需都安装一次,但一般libnl3-devel ipset-devel
iptables-devel libnfnetlink-devel popt popt-static popt-devel等并没有预安装到系统中,net-snmp-devel是需要开启相关功能才需要。
2. 下载
-
[root@elk-node1 ~]# cd /usr/local/src/
-
[root@elk-node1 src]#wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
3. 编译安装
-
[root@elk-node1 src]# tar -zxvf keepalived-1.3.5.tar.gz
-
[root@elk-node1 src]# cd keepalived-1.3.5
-
[root@elk-node1 keepalived-1.3.5]# ./configure --prefix=/usr/local/keepalived
-
[root@elk-node1 keepalived-1.3.5]# make
-
[root@elk-node1 keepalived-1.3.5]# make install
#编译前可通过”./configure --help”查看相关编译参数;
#此编译未带“--with-kernel-dir”参数,一般认为采用”--with-kernel-dir=/usr/src/kernels/(version)”指定到内核效果更好,可能本人环境比较简单,实际使用后并没有明显的问题;这里未指定是因为centos7在编译使用参数之后找不到”linux/netlink.h”头文件,即使在相应目录下能找到相应头文件,搜了一下也没有找到对应的解决方案。
4. 配置开机启动
1) 启动相关命令
-
[root@elk-node1 ~]# cd /usr/local/keepalived/
-
[root@elk-node1 keepalived]# ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
-
[root@elk-node1 keepalived]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
#软链接。
2) 配置文件
-
[root@elk-node1 keepalived]# mkdir -p /etc/keepalived
-
[root@elk-node1 keepalived]# ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
#软链接。
3) 开机启动
-
[root@elk-node1 keepalived]# touch /etc/rc.d/init.d/keepalived
-
[root@elk-node1 keepalived]# chmod +x /etc/rc.d/init.d/keepalived
-
[root@elk-node1 keepalived]# vim /etc/rc.d/init.d/keepalived
-
#!/bin/sh
-
#
-
# keepalived High Availability monitor built upon LVS and VRRP
-
#
-
# chkconfig: - 86 14
-
# description: Robust keepalive facility to the Linux Virtual Server project \
-
# with multilayer TCP/IP stack checks.
-
### BEGIN INIT INFO
-
# Provides: keepalived
-
# Required-Start: $local_fs $network $named $syslog
-
# Required-Stop: $local_fs $network $named $syslog
-
# Should-Start: smtpdaemon httpd
-
# Should-Stop: smtpdaemon httpd
-
# Default-Start:
-
# Default-Stop: 0 1 2 3 4 5 6
-
# Short-Description: High Availability monitor built upon LVS and VRRP
-
# Description: Robust keepalive facility to the Linux Virtual Server
-
# project with multilayer TCP/IP stack checks.
-
### END INIT INFO
-
# Source function library.
-
. /etc/rc.d/init.d/functions
-
exec="/usr/sbin/keepalived"
-
prog="keepalived"
-
config="/etc/keepalived/keepalived.conf"
-
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-
lockfile=/var/lock/subsys/keepalived
-
start() {
-
[ -x $exec ] || exit 5
-
[ -e $config ] || exit 6
-
echo -n $"Starting $prog: "
-
daemon $exec $KEEPALIVED_OPTIONS
-
retval=$?
-
echo
-
[ $retval -eq 0 ] && touch $lockfile
-
return $retval
-
}
-
stop() {
-
echo -n $"Stopping $prog: "
-
killproc $prog
-
retval=$?
-
echo
-
[ $retval -eq 0 ] && rm -f $lockfile
-
return $retval
-
}
-
restart() {
-
stop
-
start
-
}
-
reload() {
-
echo -n $"Reloading $prog: "
-
killproc $prog -1
-
retval=$?
-
echo
-
return $retval
-
}
-
force_reload() {
-
restart
-
}
-
rh_status() {
-
status $prog
-
}
-
rh_status_q() {
-
rh_status &>/dev/null
-
}
-
case "$1" in
-
start)
-
rh_status_q && exit 0
-
$1
-
;;
-
stop)
-
rh_status_q || exit 0
-
$1
-
;;
-
restart)
-
$1
-
;;
-
reload)
-
rh_status_q || exit 7
-
$1
-
;;
-
force-reload)
-
force_reload
-
;;
-
status)
-
rh_status
-
;;
-
condrestart|try-restart)
-
rh_status_q || exit 0
-
restart
-
;;
-
*)
-
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
-
exit 2
-
esac
-
exit $?
-
[root@elk-node1 keepalived]# chkconfig --add keepalived
-
[root@elk-node1 keepalived]# chkconfig --level 35 keepalived on
#centos7编译安装目录下,默认没有”etc/rc.d/init.d/keepalived”文件,即自启脚本,需要手工配置,前提是将启动相关命令,配置文件等按脚本定义的目录放置。
5. Keepalived配置文件
-
[root@elk-node1 ~]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
-
#=====================================================
-
# keepalived.conf 配置
-
#------------------------------------------------------------
-
# 1、Keepalived 配置文件以block形式组织,每个块内容都包含在{}
-
# 2、“#”,“!”开头行为注释
-
# 3、keepalived 配置为三类:
-
# (1)全局配置:对整个keepalived都生效的配置
-
# (2)VRRPD 配置:核心配置,主要实现keepalived高可用功能
-
# (3)LVS配置
-
#=====================================================
-
! Configuration File for keepalived
-
########################
-
# 全局配置
-
########################
-
# global_defs 全局配置标识;
-
global_defs {
-
# notification_email用于设置报警邮件地址; 可以设置多个,每行一个; 设置邮件报警需开启本机Sendmail服务
-
notification_email {
-
root@localhost.local
-
}
-
# 设置邮件发送地址, smtp server地址, 连接smtp sever超时时间
-
notification_email_from root@localhost.local
-
smtp_server 10.11.4.151
-
smtp_connect_timeout 30
-
# 表示运行keepalived服务器标识,邮件发送时在主题中显示的信息
-
router_id Haproxy_DEVEL
-
}
-
######################
-
# 服务检测配置
-
######################
-
# 服务探测,che_haproxy为服务名返回0说明服务是正常的
-
vrrp_script chk_haproxy {
-
script "/usr/local/keepalived/etc/chk_haproxy.sh"
-
#每隔1秒探测一次
-
interval 1
-
#haproxy在线,权重加2
-
# weight 2
-
}
-
######################
-
# VRRPD配置
-
######################
-
# VRRPD配置标识,VI_1是实例名称
-
vrrp_instance VI_1 {
-
# 指定Keepalvied角色,MASTER(必须大写)表示此主机为主服务器,BACKUP则是表示为备用服务器;
-
# 这里因为配置非抢占模式,nopreempt只作用于BACKUP,将2台主机均配置为BACKUP
-
state BACKUP
-
# 指定HA监测网络的接口
-
interface eth0
-
# 虚拟路由标识,标识为数字,1-255可选;
-
# 同1个VRRP实例使用唯一的标识,MASTER_ID = BACKUP_ID
-
virtual_router_id 51
-
# 定义节点优先级,数字越大表示节点的优先级越高;
-
# 同1个VRRP_instance下,MASTE_PRIORITY > BACKUP_PRIORITY
-
priority 100
-
# MASTER与BACKUP主机之间同步检查的时间间隔,单位为秒
-
advert_int 1
-
# 从实际应用角度,建议配置非抢占模式,防止网络频繁切换震荡
-
nopreempt
-
# 设定节点间通信验证类型与密码,验证类型主要有PASS和AH两种;
-
# 同1个vrrp_instance,MASTER验证密码和BACKUP保持一致
-
authentication {
-
auth_type PASS
-
auth_pass 987654
-
}
-
# 设置虚拟IP地址(VIP),又叫做漂移IP地址;
-
# 可设置多个,1行1个;
-
# keepalived通过“ip address add”命令的形式将VIP添加到系统
-
virtual_ipaddress {
-
10.11.4.150
-
}
-
# 脚本追踪,对应服务检测
-
track_script {
-
chk_haproxy
-
}
-
}
-
##############################################
-
# LVS配置,这里keepalived只做高可用,并不做lvs
-
##############################################
-
# virtual_server LVS配置标识
-
# 格式: virtual_server VIP port [IP 和 port 之间空格隔开]
-
# virtual_server 10.11.4.150 443 {
-
# 设置健康检查时间间隔,单位为秒
-
# delay_loop 6
-
# 设置负载调度算法,常用调度算法是: rr、wlc,另有:lc、lblc、sh、dh等
-
# lb_algo rr
-
# 设置LVS实现负载均衡的机制,有NAT、TUN和DR三种模式可选
-
# lb_kind NAT
-
# 会话保持时间,其对动态网页非常有用,为集群系统中的seesion共享提供了一个很好的解决方案;
-
# 用户的请求会一直分发到某个服务节点,直至超过这个会话的保持时间(指最大无响应超时时间),
-
# 即用户操作动态页面如果在50s没有执行任何操作则被分发到另外的节点
-
# persistence_timeout 50
-
# 转发协议类型
-
# protocol TCP
-
# 设置real server段开始的标识 [ IP为真实IP地址]
-
# 格式:real_server realIP port [IP 和 port 之间空格隔开]
-
# real_server 192.168.201.100 443 {
-
# real server节点的权值,权值大小用数字表示,数字越大,权值越高
-
# weight 1
-
# 健康检查 SSL_GET
-
# SSL_GET {
-
# 指定SSL检查的URL信息,可以指定多个
-
# url {
-
# 详细的URL路径
-
# path /index.html
-
# SSL检查后的摘要信息,可以通过genhash命令工具获取,命令如下:
-
# [root@elk-node1 bin]# /usr/local/keepalived/bin/genhash -s 192.168.4.171 -p 80 -u /index.html
-
# digest ff20ad2481f97b1754ef3e12ecd3a9cc
-
# }
-
# url {
-
# path /mrtg/
-
# digest 9b3a0c85a887a256d6939da88aabd8cd
-
# }
-
# 无响应超时时间,单位为秒
-
# connect_timeout 3
-
# 重试次数
-
# nb_get_retry 3
-
# 重试间隔
-
# delay_before_retry 3
-
# }
-
# }
-
#}
6. Keepalived检测脚本
-
[root@elk-node1 ~]# touch /usr/local/keepalived/etc/chk_haproxy.sh
-
[root@elk-node1 ~]# chmod 755 /usr/local/keepalived/etc/chk_haproxy.sh
-
[root@elk-node1 ~]# vim /usr/local/keepalived/etc/chk_haproxy.sh
-
#!/bin/bash
-
# check haproxy process, if there isn't any process, try to start the process once,
-
# check it again after 3s, if there isn't any process still, restart keepalived process, change state.
-
# 2017-03-22 v0.1
-
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
-
/etc/rc.d/init.d/haproxy start
-
sleep 3
-
if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
-
/etc/rc.d/init.d/keepalived restart
-
fi
-
fi
-
# another method to check haproxy process
-
#killall -0 haproxy
-
#if [[ $? -ne 0 ]];then
-
# /etc/rc.d/init.d/keepalived restart
-
#fi
#检测haproxy服务是否正常运行,如果没有则尝试拉起来,如果尝试失败则重启keepalived服务,切换keepalived的vip。
三.验证
1. 启动
-
[root@elk-node1 ~]# service keepalived start
-
[root@elk-node2 ~]# service keepalived start
2. 查看日志
1) Node1
-
[root@elk-node1 ~]# tailf /var/log/messages
1) 以BACKUP模式启动;
2) 切换到MASTER模式;
3) 获得vip 10.11.4.150,开始对外发送免费arp通告。
2) Node2
-
[root@elk-node2 ~]# tailf /var/log/messages
1) 两个相关子进程启动;
2) 启动后进入BACKUP模式。
3. VIP
-
[root@elk-node1 ~]# ip address show eth0
Node1的网卡eth0已经获得vip 10.11.4.150。
#因使用的是”ip address add”添加的vip到系统中,所以”ifconfig”命令看不到效果。
4. 故障切换
1) Haproxy故障拉起
-
[root@elk-node1 ~]# date ; service haproxy stop
-
[root@elk-node1 ~]# date ; service haproxy status
1) 手工停止haproxy服务;
2) 因为keepalived配置文件中定义了拉起haproxy服务的脚本,可以看到1s的时间内,haproxy服务又开始运行了。
2) Node1日志
1) 日志显示haproxy服务停止后再被拉起;
2) Keepalived进入FAULT
STATE,进而转到BACKUP STATE;
3) Node1的eth0网卡的vip被删除。
3) Node2日志
1) Node2转到MASTER
STATE;
2) Node2获得vip
10.11.4.150,并开始对外发免费arp通告。
4) Node2 VIP
-
[root@elk-node2 ~]# ip address show eth0
Node2的网卡eth0已经获得vip 10.11.4.150。
阅读(5702) | 评论(0) | 转发(0) |
