Keepalived服務(wù)詳解
點(diǎn)擊上方藍(lán)色字體,選擇“標(biāo)星公眾號(hào)”
優(yōu)質(zhì)文章,第一時(shí)間送達(dá)
? 作者?|??Praywu?
來(lái)源 |? urlify.cn/e2MnI3
66套java從入門到精通實(shí)戰(zhàn)課程分享
1. VRRP協(xié)議
1.1 VRRP協(xié)議概述
VRRP協(xié)議的出現(xiàn)是為了解決靜態(tài)路由的單點(diǎn)故障,它是通過(guò)一種競(jìng)選機(jī)制來(lái)將路由任務(wù)交給某個(gè)vrrp路由器的
在VRRP物理結(jié)構(gòu)中,有多個(gè)物理的VRRP路由器,其中有一臺(tái)稱為“master”(主節(jié)點(diǎn)路由器),其他的都是“backup”(備節(jié)點(diǎn)路由器)
master和backup的身份,是通過(guò)他媽的優(yōu)先級(jí)來(lái)定義競(jìng)選的
在VRRP虛擬結(jié)構(gòu)中,虛擬路由都是通過(guò)“MAC+VRID”的形式來(lái)標(biāo)識(shí)的,如“00-00-5E-00-01-{VRID}”
只有master節(jié)點(diǎn)才會(huì)發(fā)送VRRP廣告包(vrrp advertisement message)
當(dāng)master節(jié)點(diǎn)宕掉的時(shí)候,backup中優(yōu)先級(jí)最高的VRRP設(shè)備會(huì)搶占并升級(jí)為master
1.2 VRRP的術(shù)語(yǔ)
虛擬路由器
由一個(gè)Master路由器和多個(gè)Backup路由器組成,主機(jī)將虛擬路由器當(dāng)做默認(rèn)網(wǎng)關(guān)(將Master和Backup看做一個(gè)整體)
VRID
虛擬路由器的標(biāo)識(shí),有相同的VRID的一組路由器構(gòu)成一個(gè)虛擬路由器
Master路由器
虛擬路由器中承擔(dān)報(bào)文轉(zhuǎn)發(fā)任務(wù)的路由器
Backup路由器
虛擬路由器中備份節(jié)點(diǎn)路由器
虛擬IP地址
虛擬路由器的IP地址,一個(gè)虛擬路由器可以擁有一個(gè)或多個(gè)IP地址
VIP
IP地址擁有者,接口IP地址與虛擬IP地址相同的路由器被稱為IP地址擁有者
VMAC
虛擬MAC地址,一個(gè)虛擬路由器擁有一個(gè)虛擬MAC地址,通常情況下,虛擬路由器回應(yīng)ARP請(qǐng)求使用的是虛擬MAC地址
優(yōu)先級(jí)
VRRP根據(jù)優(yōu)先級(jí)來(lái)確定虛擬路由器中每臺(tái)路由器的地位
非搶占式
如果backup路由器工作在此模式下,則若Master路由器沒(méi)有出現(xiàn)故障,backup即使隨后被配置了更高的優(yōu)先級(jí)也不會(huì)成為Master
搶占式
如果backup路由器工作在搶占方式下,當(dāng)它收到VRRP報(bào)文后,會(huì)將主機(jī)的優(yōu)先級(jí)與通告報(bào)文中的優(yōu)先級(jí)進(jìn)行比較,
如果主機(jī)的優(yōu)先級(jí)比當(dāng)前的Master路由器的優(yōu)先級(jí)高,就會(huì)主動(dòng)搶占成為Master路由器,否則,將保持Backup狀態(tài)
1.3 VRRP的工作過(guò)程
虛擬路由器中的路由器根據(jù)優(yōu)先級(jí)選舉出Master
Master路由器通過(guò)發(fā)送免費(fèi)ARP報(bào)文,將主機(jī)的虛擬MAC地址通知給它連接的設(shè)備或者主機(jī),從而承擔(dān)報(bào)文轉(zhuǎn)發(fā)任務(wù)
Master路由器周期性發(fā)送VRRP報(bào)文,以公布其配置信息(優(yōu)先級(jí)等)和工作狀況
如果Master路由器出現(xiàn)故障,虛擬路由器中的Backup路由器將根據(jù)優(yōu)先級(jí)重新選舉出新的Master
虛擬路由器狀態(tài)切換時(shí),Master路由器由一臺(tái)設(shè)備切換為另一臺(tái)設(shè)備
新的Master路由器發(fā)送一個(gè)攜帶虛擬路由器的MAC地址和虛擬IP地址信息的免費(fèi)ARP報(bào)文,以更新與它連接的主機(jī)中的ARP相關(guān)的信息
網(wǎng)路中的主機(jī)感知不到Master路由器已經(jīng)切換為另外一臺(tái)設(shè)備
Backup路由器的優(yōu)先級(jí)高于Master路由器時(shí),由Backup路由器的工作方式(搶占方式和非搶占方式)決定是否重新選舉Master
為了保證Master路由器和Backup路由器能夠協(xié)調(diào)工作,VRRP需要實(shí)現(xiàn)以下功能
Master路由器的選舉
Master路由器狀態(tài)的通告
為了提高安全性,VRRP還提供了認(rèn)證功能
1.4 Master路由器的選舉
VRRP根據(jù)優(yōu)先級(jí)來(lái)確定虛擬路由器中每臺(tái)路由器的角色(Master路由器或Backup路由器),優(yōu)先級(jí)越高,則越有可能成為Master路由器
初始創(chuàng)建的路由器在Backup狀態(tài),通過(guò)VRRP報(bào)文獲知虛擬路由器中其他成員的優(yōu)先級(jí)
采用搶占工作方式的路由器將搶占成為Master狀態(tài),周期性的發(fā)送VRRP報(bào)文
采用非搶占式工作方式的路由器仍保持Backup狀態(tài)
如果VRRP報(bào)文中Master路由器的優(yōu)先級(jí)高于自己的優(yōu)先級(jí),則路由器保持在Backup狀態(tài)
如果VRRP報(bào)文中Master路由器的優(yōu)先級(jí)低于自己的優(yōu)先級(jí)
如果在一定時(shí)間內(nèi)沒(méi)有收到VRRP報(bào)文,則路由器切換為Master狀態(tài)
VRRP優(yōu)先級(jí)的取值范圍為0到255(數(shù)值越大優(yōu)先級(jí)越高),可配置的范圍是1到254
優(yōu)先級(jí)0為系統(tǒng)保留給路由器放棄Master位置時(shí)候使用,255則是系統(tǒng)保留給IP地址擁有者使用
當(dāng)路由器為IP地址擁有者時(shí),其優(yōu)先級(jí)始終為255,因此當(dāng)虛擬路由器內(nèi)存在IP地址擁有者時(shí),只要其工作正常,則為Master路由器
1.5 Master路由器狀態(tài)的通告
Master路由器周期性發(fā)送VRRP報(bào)文,在虛擬路由器中公布其配置信息(優(yōu)先級(jí)等)和工作狀況
Backup路由器通過(guò)接收到VRRP報(bào)文的情況來(lái)判斷Master路由器是否工作正常
Master路由器主動(dòng)放棄Master地位(如Master路由器退出虛擬路由器)時(shí)
會(huì)發(fā)送優(yōu)先級(jí)為0的VRRP報(bào)文,致使Backup路由器快速切換變成Master路由器,這個(gè)切換時(shí)間稱為Skew time
計(jì)算方式為(256-Backup路由器的優(yōu)先級(jí))/256,單位為秒
當(dāng)Master路由器因故障不能發(fā)送VRRP報(bào)文時(shí),Backup路由器并不能立即知道其工作狀況
Backup路由器等待一段時(shí)間后,如果還沒(méi)接收到VRRP報(bào)文,那么會(huì)認(rèn)為Master路由器無(wú)法正常工作,而把自己升級(jí)為Master路由器,周期性發(fā)送VRRP報(bào)文,如果此時(shí)多個(gè)Backup路由器競(jìng)爭(zhēng)Master路由器的位置,將通過(guò)優(yōu)先級(jí)來(lái)選舉Master路由器,Backup路由器默認(rèn)等待的時(shí)間稱為Master_Down_Interval,取值為:(3*VRRP報(bào)文的發(fā)送時(shí)間間隔)+Skewtime,單位為秒
在性能不夠穩(wěn)定的網(wǎng)絡(luò)中,Backup路由器可能因?yàn)榫W(wǎng)絡(luò)堵塞而在Master_Down_Interval期間沒(méi)有收到Master路由器的報(bào)文而主動(dòng)搶占為Master位置,如果此時(shí)原Master路由器的報(bào)文又到達(dá)了,就會(huì)出現(xiàn)虛擬路由器的成員頻繁的進(jìn)行Master搶占現(xiàn)象,為了緩解這種現(xiàn)象的發(fā)生,特制定了延遲等待定時(shí)器,它可以使得Backup路由器在等待了Master_Down_Interval后,再等待延遲等待時(shí)間,如在此期間仍然沒(méi)有收到VRRP報(bào)文,此時(shí)Backup路由器才會(huì)切換為Master路由器,對(duì)外發(fā)送VRRP報(bào)文。
1.6 認(rèn)證方式
1)無(wú)認(rèn)證
不進(jìn)行任何VRRP報(bào)文的合法性認(rèn)證,不提供安全性保障
2)簡(jiǎn)單字符認(rèn)證
在一個(gè)有可能受到安全威脅的網(wǎng)絡(luò)中,可以將認(rèn)證方式設(shè)置為簡(jiǎn)單字符認(rèn)證(一般就采用這種認(rèn)證)
發(fā)送VRRP報(bào)文的路由器將認(rèn)證字填入到報(bào)文中,而收到VRRP報(bào)文的路由器會(huì)將收到的VRRP報(bào)文中的認(rèn)證字和本地配置的認(rèn)證字進(jìn)行比較,如果認(rèn)證字相同,則認(rèn)為接受到的報(bào)文是合法的VRRP報(bào)文,否則認(rèn)為接收到的報(bào)文是一個(gè)非法報(bào)文
3)MD5認(rèn)證
在一個(gè)非常不安全的網(wǎng)絡(luò)中,可以將認(rèn)證方式設(shè)置為MD5認(rèn)證
發(fā)送VRRP報(bào)文的路由器利用認(rèn)證字和MD5算法對(duì)VRRP報(bào)文進(jìn)行加密,加密后的報(bào)文保存在Authentication Header(認(rèn)證頭)中,收到VRRP報(bào)文的路由器會(huì)利用認(rèn)證字解密報(bào)文,檢查該報(bào)文的合法性
2. keepalived
2.1 keepalived概述
1)keepalived的功能
對(duì)后端RealServer進(jìn)行健康狀況檢查,支持4層、5層和7層協(xié)議進(jìn)行健康檢查
對(duì)負(fù)載均衡器進(jìn)行高可用,防止Director單點(diǎn)故障
2)keepalived的運(yùn)作
通過(guò)VRRP(Virtual Router Redundancy Protocol)虛擬路由冗余協(xié)議來(lái)實(shí)現(xiàn)故障轉(zhuǎn)移。
keepalived正常工作時(shí),主節(jié)點(diǎn)(master)會(huì)不斷的發(fā)送心跳信息給備節(jié)點(diǎn)(backup)
當(dāng)備節(jié)點(diǎn)在一定時(shí)間內(nèi)沒(méi)有收到主節(jié)點(diǎn)的心跳信息時(shí),備節(jié)點(diǎn)會(huì)認(rèn)為主節(jié)點(diǎn)宕了,就會(huì)接管主節(jié)點(diǎn)上的資源,并繼續(xù)向外提供服務(wù)保證其可用性
當(dāng)主節(jié)點(diǎn)恢復(fù)時(shí),備節(jié)點(diǎn)會(huì)自動(dòng)讓出資源并再次自動(dòng)成為備節(jié)點(diǎn)
3)keepalived監(jiān)控LVS
使用keepalived監(jiān)控、高可用LVS集群時(shí)(keepalived+lvs),并不需要在Director上使用ipvsadm額外配置ipvs規(guī)則。
因?yàn)閗eepalived中集合了管理ipvs規(guī)則的組件(ipvs wrapper),可以直接在keepalived的配置文件中配置ipvs相關(guān)規(guī)則,在解析配置文件時(shí)會(huì)通過(guò)特定的組件將規(guī)則發(fā)送給到內(nèi)核中的ipvs模塊。
2.2 keepalived軟件結(jié)構(gòu)
1)VRRP協(xié)議
vrrp協(xié)議在Linux主機(jī)上以守護(hù)進(jìn)程方式的實(shí)現(xiàn),原生設(shè)計(jì)目的是為了高可用ipvs服務(wù)
能夠根據(jù)配置文件生成ipvs規(guī)則,并對(duì)各RS的健康做檢測(cè)
vrrp_script
vrrp_track
基于vrrp協(xié)議完成地址滾動(dòng)
為vip地址所在的節(jié)點(diǎn)生成ipvs規(guī)則(在配置文件中預(yù)先定義)
基于腳本調(diào)用接口通過(guò)執(zhí)行腳本完成腳本中定義的功能,進(jìn)而影響集群事務(wù)
2)keepalived的組件
keepalived服務(wù)啟動(dòng)時(shí),將產(chǎn)生三個(gè)相關(guān)進(jìn)程,一個(gè)父進(jìn)程和兩個(gè)子進(jìn)程
主進(jìn)程:Watchdog看門狗主進(jìn)程
子進(jìn)程1:VRRP Child
子進(jìn)程2:Healthchecking Child
兩個(gè)子進(jìn)程都會(huì)開(kāi)啟本地套接字Unix Domain Socket
當(dāng)keepalived服務(wù)啟動(dòng)后,父進(jìn)程會(huì)通過(guò)unix domain socket每隔5秒發(fā)送一個(gè)hello消息給子進(jìn)程
如果父進(jìn)程無(wú)法發(fā)送消息給子進(jìn)程,將認(rèn)為子進(jìn)程出現(xiàn)問(wèn)題,于是會(huì)重啟子進(jìn)程
核心組件
用來(lái)設(shè)定、監(jiān)控vrrp的ip地址
負(fù)責(zé)將配置文件中的IPVS相關(guān)規(guī)則發(fā)送到內(nèi)核的ipvs模塊
提供讀取自定義腳本的功能,該組件在使用時(shí),將臨時(shí)產(chǎn)生一個(gè)子進(jìn)程來(lái)執(zhí)行任務(wù)
提供Director的故障轉(zhuǎn)移功能從而實(shí)現(xiàn)Director的高可用
該組件可獨(dú)立提供功能,無(wú)需LVS的支持,該組件使用獨(dú)立的子進(jìn)程負(fù)責(zé),但被父進(jìn)程監(jiān)控
負(fù)責(zé)RealServer的健康狀況檢查,并在LVS的拓?fù)渲幸瞥⑻砑覴ealServer
它支持layer4/5/7層的協(xié)議檢查,該組件使用獨(dú)立的子進(jìn)程負(fù)責(zé),但被父進(jìn)程監(jiān)控
看門狗,負(fù)責(zé)fork和監(jiān)控子進(jìn)程,對(duì)Checkers和vrrp stack進(jìn)行監(jiān)控
Watchdog
Checkers
VRRP Stack
System Call
IPVS wrapper
Netlink Reflector
IO復(fù)用器
內(nèi)存管理
配置文件分析器
3)工作模型
主備:?jiǎn)翁摂M路由器
主主:主/備(虛擬路由器1)+ 備/主(虛擬路由器2)
3. keepalived的配置和使用
3.1 使用前的配置
各節(jié)點(diǎn)時(shí)間要同步
確保iptables和selinux不會(huì)成為阻礙
確保各節(jié)點(diǎn)的用于集群服務(wù)的接口支持MULTICAST通信
開(kāi)啟網(wǎng)卡的多播功能:ip link set multicast on dev ens33
D類地址:224-239(多播地址的范圍)
各節(jié)點(diǎn)之間可通過(guò)主機(jī)名互相通信(可選)
節(jié)點(diǎn)的名稱設(shè)定與hosts文件中解析的主機(jī)名都要保持一致
uname -n 獲得的主機(jī),與解析的主機(jī)名要相同
各節(jié)點(diǎn)之間基于密鑰認(rèn)證的方式通過(guò)ssh互相通信(可選)
3.2 程序環(huán)境
主程序文件
/usr/sbin/keepalived
Unit file
/usr/lib/systemd/system/keepalived.service
Unix file 的配置文件:/etc/sysconfig/keepalived
配置文件
/etc/keepalived/keepalived.conf
3.3 配置文件概述
#?全局配置(全局配置有Global?definitions和Static?routes/address,全局定義和靜態(tài)路由)
# GLOBAL CONFIGURATION:?
?????global_defs?????????????????#?Block?id
?????????{
????????????...
?????????}
????????
#?配置vrrp實(shí)例(VRRP實(shí)例和VRRP同步組)
# VRRPD CONFIGURATION:
?????vrrp?instance???????????????#?虛擬路由器,VRRP實(shí)例
?????????vrrp_instance??NAME?{
??????????????...
?????????}
?????vrrp?synchronization?group??#?VRRP同步組
?????????vrrp_sync_group??NAME??{
??????????????...
?????????}
#?ipvs的相關(guān)配置
# LVS CONFIGURATION:
??????#?集群服務(wù),服務(wù)內(nèi)的RS
??????Virtual?server?groups?
??????Virtual?server???????????????#ipvs集群的vs和rs
如果多個(gè)實(shí)例同進(jìn)同退,那么就要把他們配置成一個(gè)同步組(高可用LVS的NAT模式時(shí))
如下圖所示,當(dāng)vip1在網(wǎng)卡1上時(shí),vip2必須要在網(wǎng)卡2上,所以vip1和vip2必須同進(jìn)同退
vip1在哪個(gè)節(jié)點(diǎn)上,vip2就應(yīng)該在哪個(gè)節(jié)點(diǎn)上
3.4 配置文件詳解
1)全局配置
###?全局配置?###
global_defs?{??????????????#?全局部分定義郵件報(bào)警系統(tǒng),可以不用定義
????notification_email?{???#?定義郵件發(fā)送目標(biāo),收件人郵箱地址????????????????
[email protected]
[email protected]
????}?
[email protected]?#?定義發(fā)件人郵箱地址
????smtp_server?192.168.200.1????#?定義郵件發(fā)送服務(wù)器IP,本地發(fā)送寫localhost
????smtp_connect_timeout?30??????#?定義郵件服務(wù)器建立連接的超時(shí)時(shí)長(zhǎng)
????router_id?c7_node_03?????????#?標(biāo)識(shí)keepalived服務(wù)器的字符串,物理節(jié)點(diǎn)的標(biāo)識(shí)符;建議使用主機(jī)名
????vrrp_skip_check_adv_addr?????#?如果通告與接收的上一個(gè)通告來(lái)自相同的master路由器,則不執(zhí)行檢查
????!vrrp_strict ???????????????#?嚴(yán)格遵守VRRP協(xié)議,這一項(xiàng)最好關(guān)閉(加感嘆號(hào)),若不關(guān)閉,可用vip無(wú)法被ping通
????vrrp_garp_interval?0.001?????#?在一個(gè)接口發(fā)送的兩個(gè)免費(fèi)ARP之間的延遲,可以精確到毫秒級(jí)(默認(rèn)是0)
????vrrp_mcast_group4?225.0.0.18?#?IPV4多播地址,默認(rèn)224.0.0.18,要改一改
????#?可以在多播地址上抓包來(lái)看vrrp報(bào)文:tcpdump -i ens33 -nn host 224.0.0.18
}
2)vrrp實(shí)例配置
###?VRRP實(shí)例配置?###
vrrp_instance?NAME?{
????state?MASTER??????????#?定義實(shí)例的角色狀態(tài)是master還是backup,在當(dāng)前VRRP實(shí)例中此節(jié)點(diǎn)的初始狀態(tài)
????interface?eth0????????#?定義vrrp綁定的接口,即接收或發(fā)送心跳通告的接口,即HA監(jiān)測(cè)接口
????virtual_router_id?51??#?虛擬路由標(biāo)識(shí)(VRID),同一實(shí)例該數(shù)值必須相同,即master和backup中該值要相同
???????????????????????????????#?同一網(wǎng)卡上的不同vrrp實(shí)例,該值一定不能相同,取值范圍為0-255,默認(rèn)為51
????priority?100??????????#?該vrrp實(shí)例中本機(jī)的keepalived的優(yōu)先級(jí),優(yōu)先級(jí)最高的為master(可用范圍0-255)
???????????????????????????????#?該選項(xiàng)的優(yōu)先級(jí)高于state選項(xiàng),
???????????????????????????????#?即若state指定的是backup,但這里設(shè)置的值最高,則仍為master
????advert_int?1??????????#?心跳信息發(fā)送和接收時(shí)間間隔,單位為秒
????authentication?{??????#?認(rèn)證方式,同一實(shí)例中這個(gè)配置必須完全一樣才可通過(guò)認(rèn)證,只建議使用PASS認(rèn)證
????????auth_type?PASS?????????#?使用簡(jiǎn)單字符認(rèn)證的方式
????????auth_pass?1111?????????#?最多支持8字符,超過(guò)8字符將只取前8字符
????}
????virtual_ipaddress?{???#?設(shè)置的VIP,當(dāng)master出現(xiàn)故障后,VIP會(huì)故障轉(zhuǎn)移到backup
???????????????????????????????#?這些vip默認(rèn)配置在interface指定的接口別名上,可使用dev選項(xiàng)來(lái)指定配置接口
???????????????????????????????#?使用ip?add的方式添加,若要被ifconfig查看,在IP地址后加上label即可
???????192.168.200.16?label?eth0:1
???????192.168.200.17
???????192.168.200.19/24?dev?eth1
???????#?格式:/ brd dev scope label
????}
????#?使用非搶占模式
????nopreempt???
?????????
????#?使用延遲搶占模式
????preempt_delay??TIME?????
}
3)定義通知腳本
定義格式:可以通過(guò)notify參數(shù)來(lái)實(shí)現(xiàn)master和backup的切換,且可以附加執(zhí)行通知腳本
vrrp_instance?{
????...
????notify_master??| ??#?當(dāng)切換到master模式時(shí),執(zhí)行此腳本
????notify_backup??| ??#?當(dāng)切換到backup模式時(shí),執(zhí)行此腳本
????notify_fault??| ???#?當(dāng)切換到fault模式時(shí),執(zhí)行此腳本
????notify??|
}???定義示例
vrrp_instance?{
????...
????notify_master?"/etc/keepalived/notify.sh?master"
????notify_backup?"/etc/keepalived/notify.sh?backup"
????notify_fault?"/etc/keepalived/notify.sh?fault"
}腳本示例
#!/bin/bash
#?Author:?hgzerowzh
#?Description:?An?notify?script
#
contact='root@localhost'
notify()?{
????????mailsubject="$(hostname)?to?be?$1:?vip?floating"
????????mailbody="$(date?+'%F?%H:%M:%S'):?vrrp?transition,?$(hostname)?changed?to?be?$1"
????????echo?$mailbody?|?mail?-s?"$mailsubject"?$contact
}
case?$1?in
????master)
????notify?master
????exit?0
????;;
????backup)
????notify?backup
????exit?0
????;;
????fault)
????notify?fault
????exit?0
????;;
????*)
????echo?"Usage:?$(basename?$0)?{master|backup|fault}"
????exit?1
????;;
esac
3.5 雙主配置示例
1)配置圖示
?2)配置示例
###?node1:###
????vrrp_instance?VI_1?{
????????????state?MASTER
????????????interface?eno16777736
????????????virtual_router_id?101
????????????priority?100
????????????advert_int?1
????????????authentication?{
????????????????????auth_type?PASS
????????????????????auth_pass?ZPNnTQ6F
????????????}
????????????virtual_ipaddress?{
????????????????????172.16.100.9/16
????????????}
????}
????vrrp_instance?VI_2?{
????????????state?BACKUP
????????????interface?eno16777736
????????????virtual_router_id?102
????????????priority?99
????????????advert_int?1
????????????authentication?{
????????????????????auth_type?PASS
????????????????????auth_pass?IWyijM5Q
????????????}
????????????virtual_ipaddress?{
????????????????????172.16.100.10/16
????????????}
????}????????????????????????????????
????????????
###?node2:###
????vrrp_instance?VI_1?{
????????????state?BACKUP
????????????interface?eno16777736
????????????virtual_router_id?101
????????????priority?99
????????????advert_int?1
????????????authentication?{
????????????????????auth_type?PASS
????????????????????auth_pass?ZPNnTQ6F
????????????}
????????????virtual_ipaddress?{
????????????????????172.16.100.9/16
????????????}
????}
????vrrp_instance?VI_2?{
????????????state?MASTER
????????????interface?eno16777736
????????????virtual_router_id?102
????????????priority?100
????????????advert_int?1
????????????authentication?{
????????????????????auth_type?PASS
????????????????????auth_pass?IWyijM5Q
????????????}
????????????virtual_ipaddress?{
????????????????????172.16.100.10/16
????????????}
????}????
4. keepalived中配置ipvs
4.1 ipvs配置語(yǔ)法格式
1)定義Virtual Server
virutal_server??vip??port??{??#?虛擬服務(wù)地址和端口,使用空格分隔,其中地址為VIP
???????...
}
virtual_server?fwmark?int??{??#?可以使用防火墻標(biāo)記來(lái)定義
????????...
}
????????
###?常用的參數(shù)?###
????delay_loop?????????????????????????#?對(duì)后端主機(jī)做檢測(cè),每隔多長(zhǎng)時(shí)間發(fā)一次請(qǐng)求
????lb_algo???rr|wrr|lc|wlc|lblc|sh|dh??????#?調(diào)度算法
????lb_kind???NAT|DR|TUN????????????????????#?集群類型
????persistence_timeout????????????????#?持久連接時(shí)長(zhǎng)
????protocol?TCP????????????????????????????#?1.3.0版本之前只支持TCP
????sorry_server??????????????#?當(dāng)所有的RS都掛掉,則使用這里定義的主機(jī)提供服務(wù)?????
2)定義Real Server & 健康狀態(tài)檢測(cè)
real_server????{
????###?常用的參數(shù)?###
????weight???????????????????????????#?權(quán)重
????notify_up??|???#?上線腳本
????notify_down??|?#?下線腳本
????...
????###?健康狀態(tài)檢測(cè)機(jī)制(web應(yīng)用層檢測(cè))
????HTTP_GET|SSL_GET
????{
?????????#?檢測(cè)參數(shù)
?????????url??{?????
?????????????????path??????????#?對(duì)哪個(gè)url做檢測(cè),使用path指明url
?????????????????status_code??????#?要獲得什么響應(yīng)碼才算正確
?????????????????digest????????#?獲取內(nèi)容的校驗(yàn)碼跟所期望的一樣?
?????????}
?????????nb_get_retry?????????????#?get請(qǐng)求的重試次數(shù)
?????????delay_before_retry???????#?兩次重試之間的時(shí)間間隔
?????????connect_timeout??????#?連接超時(shí)時(shí)長(zhǎng),默認(rèn)為5s
?????????warmup???????????????????#?健康狀態(tài)檢測(cè)延遲
????}
????
????###?傳輸層健康狀態(tài)檢測(cè)(tcp協(xié)議層)
????TCP_CHECK
????{
?????????#?檢測(cè)參數(shù)
?????????connect_timeout??????#?每次發(fā)起連接時(shí)的超時(shí)時(shí)間
?????????
?????????nb_get_retry?????????????#?get請(qǐng)求的重試次數(shù)
?????????delay_before_retry???????#?兩次重試之間的時(shí)間間隔
?????????connect_timeout??????#?連接超時(shí)時(shí)長(zhǎng),默認(rèn)為5s
?????????warmup???????????????????#?健康狀態(tài)檢測(cè)延遲
?????????
?????????#?其它參數(shù)
?????????connect_ip????????#?向哪個(gè)地址的哪個(gè)端口做檢測(cè)
?????????connect_port?
?????????bindto????????????#?自己使用固定的地址當(dāng)源地址發(fā)請(qǐng)求
?????????bind_port?
????}
}
4.2 keepalived + LVS(NAT)
1)主節(jié)點(diǎn)的配置
!?Configuration?File?for?keepalived
global_defs?{
???notification_email?{
[email protected]
[email protected]
???}
???notification_email_from?hgzero@localhost
???smtp_server?localhost
???smtp_connect_timeout?30
???router_id?c7_node_03
???vrrp_skip_check_adv_addr
???!?vrrp_strict
???vrrp_garp_interval?0
???vrrp_gna_interval?0
???vrrp_mcast_group4?225.0.0.18
}
vrrp_instance?VI_1?{
????state?MASTER
????interface?ens37
????virtual_router_id?66
????priority?100
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?niba
????}
????virtual_ipaddress?{??
???????172.168.1.99/24???#?這個(gè)虛擬ip是流動(dòng)網(wǎng)關(guān)地址
????}
}
vrrp_instance?VI_2?{
????state?MASTER
????interface?ens33
????virtual_router_id?67
????priority?100
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?taba
????}
????virtual_ipaddress?{
???????10.0.0.11/24??????#?這個(gè)虛擬ip是外網(wǎng)訪問(wèn)的浮動(dòng)ip
????}?
}
#?將VI_1和VI_2做成一個(gè)同步組,在這個(gè)節(jié)點(diǎn)上,VI_1和VI_2同進(jìn)退
vrrp_sync_group?VG_1?{???
????group?{
????????VI_1
????????VI_2
????}
}
#?虛擬服務(wù)地址和端口,使用空格分隔,其中地址為外網(wǎng)VIP
virtual_server??10.0.0.11?80?{??
????delay_loop?2??????????????#?健康檢查時(shí)間間隔
????lb_algo?rr????????????????#?定義負(fù)載均衡LB的算法,這里使用的是rr輪詢調(diào)度算法
????lb_kind?NAT???????????????#?lvs的模型,有NAT、DR、TUN三種
????!?persistence_timeout?3???#?持久會(huì)話保持時(shí)長(zhǎng)
????protocol?TCP??????????????#?監(jiān)控服務(wù)的協(xié)議類型,1.3.0版本之前只支持tcp,之后還支持udp
????real_server?172.168.1.101?80?{??#?定義后端的real_server部分,地址和端口使用空格分隔
????????weight?1??????????????#?lvs權(quán)重
????????HTTP_GET?{????????????#?監(jiān)控狀況檢查的檢查方式,常見(jiàn)的有HTTP_GET、SSL_GET、TCP_CHECK、MISC_CHECK
????????????url?{
??????????????path?/??????????#?指定http_get健康狀況檢查的路徑,例如檢查index.html是否正常
??????????????????status_code?200
?????????????????????????#?健康狀況需要狀態(tài)碼,可以是status_code、digest、或者digest+status_code
?????????????????????????#?digest值用keepalived的genhash命令生成,一般使用status_code即可
?????????????????????????#?curl??-s??http://172.168.0.6?|??md5sum
?????????????????????????#?genhash?-s?172.168.0.6?-p?80?-u?/index.html
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
????real_server?172.168.1.102?80?{
????????weight?1
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2?????#?表示3秒無(wú)響應(yīng)就超時(shí),即此realserver不健康,需重試連接
????????????nb_get_retry?3????????#?表示重試3次,3次之后都超時(shí)就是宕機(jī),防止誤傷(nb=number)
????????????delay_before_retry?1??#?重試的時(shí)間間隔
????????}?????????????????????????#?時(shí)間如果太久,應(yīng)改小
????}
}
2)備節(jié)點(diǎn)的配置
!?Configuration?File?for?keepalived
global_defs?{
???notification_email?{
[email protected]
[email protected]
???}
???notification_email_from?hgzero@localhost
???smtp_server?localhost
???smtp_connect_timeout?30
???router_id?c7_node_04
???vrrp_skip_check_adv_addr
???!?vrrp_strict
???vrrp_garp_interval?0
???vrrp_gna_interval?0
???vrrp_mcast_group4?225.0.0.18
}
vrrp_instance?VI_1?{
????state?BACKUP
????interface?ens37
????virtual_router_id?66
????priority?99
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?niba
????}
????virtual_ipaddress?{
???????172.168.1.99/24
????}
}
vrrp_instance?VI_2?{
????state?BACKUP
????interface?ens33
????virtual_router_id?67
????priority?99
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?taba
????}
????virtual_ipaddress?{
???????10.0.0.11/24
????}
}
vrrp_sync_group?VG_1?{
????group?{
????????VI_1
????????VI_2
????}????????
}
virtual_server??10.0.0.11?80?{
????delay_loop?2
????lb_algo?rr
????lb_kind?NAT
????!?persistence_timeout?3
????protocol?TCP
????real_server?172.168.1.101?80?{
????????weight?1
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
????real_server?172.168.1.102?80?{
????????weight?1
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
}
4.3 keepalived + LVS(DR)
1)主節(jié)點(diǎn)的配置
!?Configuration?File?for?keepalived
global_defs?{
???notification_email?{
[email protected]
[email protected]
???}
???notification_email_from?hgzero@localhost
???smtp_server?localhost
???smtp_connect_timeout?30
???router_id?c7_node_03
???vrrp_skip_check_adv_addr
???!?vrrp_strict
???vrrp_garp_interval?0
???vrrp_gna_interval?0
???vrrp_mcast_group4?225.0.0.16
}
vrrp_instance?VI_1?{
????state?MASTER
????interface?ens33
????virtual_router_id?66
????priority?100
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?niba
????}
????virtual_ipaddress?{
???????10.0.0.10
????}
}
virtual_server??10.0.0.10?80?{
????delay_loop?2
????lb_algo?wrr
????lb_kind?DR
????!?persistence_timeout?3
????protocol?TCP
????real_server?10.0.0.205?80?{
????????weight?2
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
????real_server?10.0.0.206?80?{
????????weight?1
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
}
2)備節(jié)點(diǎn)的配置
!?Configuration?File?for?keepalived
global_defs?{
???notification_email?{
[email protected]
[email protected]
???}
???notification_email_from?hgzero@localhost
???smtp_server?localhost
???smtp_connect_timeout?30
???router_id?c7_node_04
???vrrp_skip_check_adv_addr
???!?vrrp_strict
???vrrp_garp_interval?0
???vrrp_gna_interval?0
???vrrp_mcast_group4?225.0.0.16
}
vrrp_instance?VI_1?{
????state?BACKUP
????interface?ens33
????virtual_router_id?66
????priority?99
????advert_int?1
????authentication?{
????????auth_type?PASS
????????auth_pass?niba
????}
????virtual_ipaddress?{
???????10.0.0.10
????}
}
virtual_server??10.0.0.10?80?{
????delay_loop?2
????lb_algo?wrr
????lb_kind?DR
????!?persistence_timeout?3
????protocol?TCP
????real_server?10.0.0.205?80?{
????????weight?2
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
????real_server?10.0.0.206?80?{
????????weight?1
????????HTTP_GET?{
????????????url?{
??????????????path?/
??????????????status_code?200
????????????}
????????????connect_timeout?2
????????????nb_get_retry?3
????????????delay_before_retry?1
????????}
????}
}
3)在DR模式中各個(gè)Real Server上的自定義腳本
要在每個(gè)Real Server上執(zhí)行此腳本
#!/bin/bash
vip=10.0.0.10
mask='255.255.255.255'
case?$1?in
start)
????echo?1?>?/proc/sys/net/ipv4/conf/all/arp_ignore
????echo?1?>?/proc/sys/net/ipv4/conf/lo/arp_ignore
????echo?2?>?/proc/sys/net/ipv4/conf/all/arp_announce
????echo?2?>?/proc/sys/net/ipv4/conf/lo/arp_announce
????ifconfig?lo:0?$vip?netmask?$mask?broadcast?$vip?up
????route?add?-host?$vip?dev?lo:0
????;;
stop)
????ifconfig?lo:0?down
????echo?0?>?/proc/sys/net/ipv4/conf/all/arp_ignore
????echo?0?>?/proc/sys/net/ipv4/conf/lo/arp_ignore
????echo?0?>?/proc/sys/net/ipv4/conf/all/arp_announce
????echo?0?>?/proc/sys/net/ipv4/conf/lo/arp_announce
????;;
*)?
????echo?"Usage?$(basename?$0)?start|stop"
????exit?1
????;;
esac
5. keepalived高可用nginx
5.1 keepalived高可用其他服務(wù)
1)原理
keepalived調(diào)用外部的輔助腳本進(jìn)行資源監(jiān)控,并根據(jù)監(jiān)控的結(jié)果狀態(tài)能實(shí)現(xiàn)優(yōu)先動(dòng)態(tài)調(diào)整
2)步驟
定義一個(gè)腳本
vrrp_script??777中国盗摄偷拍0000 | 午夜成人精品視频 | 人人操人人摸人人 | 国产盗摄成人一区二区 | 大香蕉福利视频 |<kbd id="afajh"><form id="afajh"></form></kbd> <strong id="afajh"><dl id="afajh"></dl></strong> <del id="afajh"><form id="afajh"></form></del> <th id="afajh"><progress id="afajh"></progress></th> <b id="afajh"><abbr id="afajh"></abbr></b> <th id="afajh"><progress id="afajh"></progress></th>