Keepalived 配置详解与主备模式
keepalived 的几个进程
生产环境使用Keepalived正常运行,共启动3个进程,一个是父进程,负责监控其子进程,一个是VRRP子进程,另外一个是Checkers子进程。
两个子进程都被系统Watchlog看管,两个子进程各自负责自己的事,Healthcheck子进程检查各自服务器的健康状况,如果Healthcheck进程检查到Master上服务不可用了,就会通知本机上的VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态。
[root@localhost ~]# ps -ef | grep keepalived | grep -v grep
root 16074 1 0 08:37 ? 00:00:00 /usr/sbin/keepalived -D
root 16075 16074 0 08:37 ? 00:00:00 /usr/sbin/keepalived -D
root 16076 16074 0 08:37 ? 00:00:04 /usr/sbin/keepalived -D
keepalived的配置文件结构
配置有两部分组成,全局配置和封装实例的部分
全局配置
global_defs { #第一部分是全局配置。global全局的意思,到加黑结束的地方是全局配置
notification_email {
#这里面每一行就是一个接收邮箱,可以配置多个人的邮箱,那么出现故障就会发给多个人
support@test.net
123@qq.com
}
#邮件从哪发出去的,即发送邮件的人,发给notification_email 里面的条目
notification_email_from luleihhh@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
#router_id表明该keep alived是做LVS的还是做nginx,只是一个标识而已,相当于标题,写上nginx就说明该leepalived和nginx有关,是实现nginx高可用的
router_id nginx
}一般来说keepalived要实现报警不使用上面方式,使用zabbix方式来监控。所以上面部分不写也可以,所以最核心的内容是下面的vrrp
封装实例
上面是global端,第二部分是部分,vrrp段,vrrp_instance是vrrp实例,即要将该机器变为虚拟路由器,这个实例的名字叫VI_1
Stat有两种状态,有关是MASTER一个是BACKUP,要想该机器变为主就写MASTER。
- Interface表示用户过来访问VIP走哪块网卡
- virtual_router_id 151,虚拟路由ID,代表虚拟集群它有一个标识,这个标识是唯一的,两台nginx做keepalived时候virtual_router_id的值要是一样的。
- priority 100:优先级,要保证master的优先级比backup的优先级要大,优先级越高即数字越大会成为master
- advert_int 5:组播发送的间隔时间,也就是master多长时间给组内的成员发送一个组播信息。可以设置为3,10,但是5秒不长不短。你设置为10,那么你宕机了10秒,即十秒内不发送组播,那么backup还以为master存活着。
- Authentication:加密,PASS代表通过密码类型加密,密码是1111
- virtual_ipaddress :绑定的虚拟VIP,这个IP是局域网内没有使用的IP,用户访问的是VIP不是宿主机的物理ip ,nginx的域名绑定了该VIP(VIP必须和宿主机在一个网段)
vrrp_script chk_nginx
如果nginx异常,仅仅keepalived保持正常,是无法完成系统的正常工作的,因此需要根据业务进程的运行状态决定是否需要进行主备切换。这个时候,我们可以通过编写脚本对业务进程进行检测监控。
keepalived master backup配置
主192.168.179.102
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id real-server1-nginx
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/data/shell/check_nginx_status.sh"
interval 2
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 151
priority 100
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.179.199
}
track_script {
chk_nginx
}
}
[root@localhost ~]# nginx
[root@localhost ~]# systemctl start keepalived
[root@localhost ~]# ip a | grep 199
inet 192.168.179.199/32 scope global ens32
日志/var/log/message
Nov 19 10:51:17 localhost Keepalived_vrrp[45924]: VRRP_Script(chk_nginx) succeeded
Nov 19 10:51:22 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199备 192.168.179.103 只需要修改两个地方,state BACKUP priority 80
[root@localhost ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id real-server2-nginx
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/data/shell/check_nginx_status.sh"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens32
virtual_router_id 151
priority 50
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.179.199
}
track_script {
chk_nginx
}
}
[root@localhost ~]# nginx
[root@localhost ~]# systemctl start keepalived
日志如下:
Nov 19 11:00:29 localhost Keepalived[7824]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 19 11:00:29 localhost Keepalived[7825]: Starting Healthcheck child process, pid=7826
Nov 19 11:00:29 localhost Keepalived[7825]: Starting VRRP child process, pid=7827
Nov 19 11:00:29 localhost systemd: Started LVS and VRRP High Availability Monitor.
Nov 19 11:00:29 localhost Keepalived_healthcheckers[7826]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering Kernel netlink reflector
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering Kernel netlink command channel
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering gratuitous ARP shared channel
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) removing protocol VIPs.
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Using LinkWatch kernel netlink reflector...
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Script(chk_nginx) succeeded
Nov 19 11:01:02 localhost systemd: Started Session 12 of user root.
Nov 19 11:01:02 localhost systemd: Starting Session 12 of user root.现在两台配置keepalived算基本配置完毕,只有当backup收不到master的主播包以后才会进行切换,现在master和backup就变成VRRP集群了。(注意这个和nginx没有半毛钱关系,这个高可用是对主机做的,只不过用户访问nginx不是通过宿主机IP去访问nginx,而是通过VIP去访问nginx)
keeplaived故障转移测试
master直接把nginx干掉
[root@localhost ~]# pkill nginx
日志如下
Nov 19 11:04:59 localhost Keepalived[45922]: Stopping
Nov 19 11:04:59 localhost systemd: Stopping LVS and VRRP High Availability Monitor...
Nov 19 11:04:59 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) sent 0 priority
Nov 19 11:04:59 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) removing protocol VIPs.
Nov 19 11:04:59 localhost Keepalived_healthcheckers[45923]: Stopped
Nov 19 11:05:00 localhost Keepalived_vrrp[45924]: Stoppedbackup观察现象
#backup日志
Nov 19 11:05:00 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199
可以看到VIP飘移到backup上面了
[root@localhost ~]# ip a | grep 199
inet 192.168.179.199/32 scope global ens32现在将master起来
[root@localhost ~]# nginx
[root@localhost ~]# systemctl start keepalived
日志如下:
Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) removing protocol VIPs.
Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: Using LinkWatch kernel netlink reflector...
Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP_Script(chk_nginx) succeeded
Nov 19 11:11:50 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Transition to MASTER STATE
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Entering MASTER STATE
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) setting protocol VIPs.
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:12:00 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199
[root@localhost ~]# ip a | grep 199
inet 192.168.179.199/32 scope global ens32再去查看backup状态( #可以看到backup上是不存在VIP的)
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199
Nov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 50
#可以看到接收到优先级100比自己高的,自己优先级是50,自动退变为backup
Nov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering BACKUP STATE
Nov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) removing protocol VIPs.
[root@localhost ~]# ip a | grep 199
[root@localhost ~]# 如果你的两台nginx上面都有VIP的存在,那么就是防火墙的问题了,防火墙阻挡了。因为master收不到backup的主播(在配置配置文件的时候注意括号和空格)
目录 返回
首页