博文参考
http://lanlian.blog.51cto.com/6790106/1303195/http://blog.csdn.net/tantexian/article/details/50056229http://www.yulongjun.com/linux/20170904-01-keepalived-introduction/
Keepalived简介
core模块:为keepalived的核心组件,负责主进程的启动、维护以及全局配置文件的加载和解析;
check:负责健康检查,包括常见的各种检查方式;
VRRP模块:是来实现VRRP协议的。
keepalived
基于VRRP协议来实现的LVS服务高可用方案,可以利用其来避免单点故障。一个LVS服务会有2台服务器运行Keepalived,一台为主服务器(MASTER),一台为备份服务器(BACKUP),但是对外表现为一个虚拟IP,主服务器会发送特定的消息给备份服务器,当备份服务器收不到这个消息的时候,即主服务器宕机的时候, 备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性。Keepalived是VRRP的完美实现。
启动后三个进程
父进程:内存管理,子进程管理等等
子进程:VRRP子进程子进程:healthchecker子进程VRRP协议简介
VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。 虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。于安全性考虑,VRRP包使用了加密协议进行加密。
keepalived配置介绍
keepalived只有一个配置文件keepalived.conf,里面主要包括以下几个配置区域:
global_defs主要是配置故障发生时的通知对象以及机器标识
static_ipaddress和static_routes区域配置的是是本节点的IP和路由信息
vrrp_script用来做健康检查的,当时检查失败时会将vrrp_instancepriority减少相应的值
vrrp_instance用来定义对外提供服务的VIP区域及其相关属性
vrrp_rsync_group用来定义vrrp_intance组,使得这个组内成员动作一致
全局配置
全局配置又包括两个子配置:
全局定义(global definition)静态路由配置(static ipaddress/routes)VRRPD配置
VRRPD配置包括三个类:
VRRP同步组(synchroization group)VRRP实例(VRRP Instance)VRRP脚本keepalived单活双活配置
单活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_instance VG_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_instance VG_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
双活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_instance VG_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }vrrp_instance VG_2 { state BACKUP interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_instance VG_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }vrrp_instance VG_2 { state MASTER interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}
内外双网络(非同步)单活模式漂移配置
一个内网网络,一个外网网络,内网网络和外网网络不用同步漂移,比如Keepalived+LVS-DR、Keepalived+Nginx、Keepalived+HAProxy,都是不用同步漂移的。(Keepalived+LVS-NAT是需要同步漂移的。)
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_sync_group VG_1 { group { External_1 Internal_1 }}vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}
内外双网络(同步)双活模式漂移配置
一个内网网络,一个外网网络,而且内网网络和外网网络要实现同步漂移,比如Keepalived+LVS-NAT模式,那么就用到vrrp_sync_group来设置同步漂移组,如果要做双活,那么就分别两端加两个vip,互为主备。
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_sync_group VG_1 { group { External_1 Internal_1 }}vrrp_sync_group VG_2 { group { External_2 Internal_2 }}vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 9d3d15d5 } virtual_ipaddress { 172.16.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_2 { state BACKUP interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111}vrrp_sync_group VG_1 { group { External_1 Internal_1 }}vrrp_sync_group VG_2 { group { External_2 Internal_2 }}vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 9d3d15d5 } virtual_ipaddress { 172.16.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}vrrp_instance Internal_2 { state MASTER interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"}