Keepalived 配置详解与主备模式

网友投稿 1112 2022-09-27

Keepalived 配置详解与主备模式

Keepalived 配置详解与主备模式

keepalived 的几个进程

生产环境使用Keepalived正常运行,共启动3个进程,一个是父进程,负责监控其子进程,一个是VRRP子进程,另外一个是Checkers子进程。

两个子进程都被系统Watchlog看管,两个子进程各自负责自己的事,Healthcheck子进程检查各自服务器的健康状况,如果Healthcheck进程检查到Master上服务不可用了,就会通知本机上的VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态。

[root@localhost ~]# ps -ef | grep keepalived | grep -v greproot 16074 1 0 08:37 ? 00:00:00 /usr/sbin/keepalived -Droot 16075 16074 0 08:37 ? 00:00:00 /usr/sbin/keepalived -Droot 16076 16074 0 08:37 ? 00:00:04 /usr/sbin/keepalived -D

keepalived的配置文件结构

配置有两部分组成,全局配置和封装实例的部分

全局配置

global_defs { #第一部分是全局配置。global全局的意思,到加黑结束的地方是全局配置 notification_email {#这里面每一行就是一个接收邮箱,可以配置多个人的邮箱,那么出现故障就会发给多个人 support@test- 123@qq.com } #邮件从哪发出去的,即发送邮件的人,发给notification_email 里面的条目 notification_email_from luleihhh@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 #router_id表明该keep alived是做LVS的还是做nginx,只是一个标识而已,相当于标题,写上nginx就说明该leepalived和nginx有关,是实现nginx高可用的router_id nginx }

一般来说keepalived要实现报警不使用上面方式,使用zabbix方式来监控。所以上面部分不写也可以,所以最核心的内容是下面的vrrp

封装实例

上面是global端,第二部分是部分,vrrp段,vrrp_instance是vrrp实例,即要将该机器变为虚拟路由器,这个实例的名字叫VI_1

Stat有两种状态,有关是MASTER一个是BACKUP,要想该机器变为主就写MASTER。

Interface表示用户过来访问VIP走哪块网卡virtual_router_id 151,虚拟路由ID,代表虚拟集群它有一个标识,这个标识是唯一的,两台nginx做keepalived时候virtual_router_id的值要是一样的。priority 100:优先级,要保证master的优先级比backup的优先级要大,优先级越高即数字越大会成为masteradvert_int 5:组播发送的间隔时间,也就是master多长时间给组内的成员发送一个组播信息。可以设置为3,10,但是5秒不长不短。你设置为10,那么你宕机了10秒,即十秒内不发送组播,那么backup还以为master存活着。Authentication:加密,PASS代表通过密码类型加密,密码是1111virtual_ipaddress :绑定的虚拟VIP,这个IP是局域网内没有使用的IP,用户访问的是VIP不是宿主机的物理ip ,nginx的域名绑定了该VIP(VIP必须和宿主机在一个网段)

vrrp_script chk_nginx

如果nginx异常,仅仅keepalived保持正常,是无法完成系统的正常工作的,因此需要根据业务进程的运行状态决定是否需要进行主备切换。这个时候,我们可以通过编写脚本对业务进程进行检测监控。

keepalived master backup配置

主192.168.179.102

[root@localhost ~]# cat /etc/keepalived/keepalived.conf global_defs { router_id real-server1-nginx script_user root enable_script_security }vrrp_script chk_nginx { script "/data/shell/check_nginx_status.sh" interval 2}vrrp_instance VI_1 { state MASTER interface ens32 virtual_router_id 151 priority 100 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.179.199 } track_script { chk_nginx } }[root@localhost ~]# nginx[root@localhost ~]# systemctl start keepalived[root@localhost ~]# ip a | grep 199 inet 192.168.179.199/32 scope global ens32日志/var/log/messageNov 19 10:51:17 localhost Keepalived_vrrp[45924]: VRRP_Script(chk_nginx) succeededNov 19 10:51:22 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Transition to MASTER STATENov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Entering MASTER STATENov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) setting protocol VIPs.Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 10:51:27 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199

备 192.168.179.103  只需要修改两个地方,state BACKUP  priority 80

[root@localhost ~]# cat /etc/keepalived/keepalived.conf global_defs { router_id real-server2-nginx script_user root enable_script_security }vrrp_script chk_nginx { script "/data/shell/check_nginx_status.sh" interval 2}vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 151 priority 50 advert_int 5 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.179.199 } track_script { chk_nginx } }[root@localhost ~]# nginx[root@localhost ~]# systemctl start keepalived日志如下:Nov 19 11:00:29 localhost Keepalived[7824]: Opening file '/etc/keepalived/keepalived.conf'.Nov 19 11:00:29 localhost Keepalived[7825]: Starting Healthcheck child process, pid=7826Nov 19 11:00:29 localhost Keepalived[7825]: Starting VRRP child process, pid=7827Nov 19 11:00:29 localhost systemd: Started LVS and VRRP High Availability Monitor.Nov 19 11:00:29 localhost Keepalived_healthcheckers[7826]: Opening file '/etc/keepalived/keepalived.conf'.Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering Kernel netlink reflectorNov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering Kernel netlink command channelNov 19 11:00:29 localhost Keepalived_vrrp[7827]: Registering gratuitous ARP shared channelNov 19 11:00:29 localhost Keepalived_vrrp[7827]: Opening file '/etc/keepalived/keepalived.conf'.Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) removing protocol VIPs.Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: Using LinkWatch kernel netlink reflector...Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering BACKUP STATENov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Nov 19 11:00:29 localhost Keepalived_vrrp[7827]: VRRP_Script(chk_nginx) succeededNov 19 11:01:02 localhost systemd: Started Session 12 of user root.Nov 19 11:01:02 localhost systemd: Starting Session 12 of user root.

现在两台配置keepalived算基本配置完毕,只有当backup收不到master的主播包以后才会进行切换,现在master和backup就变成VRRP集群了。(注意这个和nginx没有半毛钱关系,这个高可用是对主机做的,只不过用户访问nginx不是通过宿主机IP去访问nginx,而是通过VIP去访问nginx)

keeplaived故障转移测试

master直接把nginx干掉

[root@localhost ~]# pkill nginx日志如下Nov 19 11:04:59 localhost Keepalived[45922]: StoppingNov 19 11:04:59 localhost systemd: Stopping LVS and VRRP High Availability Monitor...Nov 19 11:04:59 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) sent 0 priorityNov 19 11:04:59 localhost Keepalived_vrrp[45924]: VRRP_Instance(VI_1) removing protocol VIPs.Nov 19 11:04:59 localhost Keepalived_healthcheckers[45923]: StoppedNov 19 11:05:00 localhost Keepalived_vrrp[45924]: Stopped

backup观察现象

#backup日志Nov 19 11:05:00 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Transition to MASTER STATENov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering MASTER STATENov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) setting protocol VIPs.Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:05 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199可以看到VIP飘移到backup上面了[root@localhost ~]# ip a | grep 199 inet 192.168.179.199/32 scope global ens32

现在将master起来

[root@localhost ~]# nginx[root@localhost ~]# systemctl start keepalived日志如下:Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: Opening file '/etc/keepalived/keepalived.conf'.Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) removing protocol VIPs.Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: Using LinkWatch kernel netlink reflector...Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]Nov 19 11:11:47 localhost Keepalived_vrrp[49324]: VRRP_Script(chk_nginx) succeededNov 19 11:11:50 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Transition to MASTER STATENov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Entering MASTER STATENov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) setting protocol VIPs.Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens32 for 192.168.179.199Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:11:55 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:12:00 localhost Keepalived_vrrp[49324]: Sending gratuitous ARP on ens32 for 192.168.179.199[root@localhost ~]# ip a | grep 199 inet 192.168.179.199/32 scope global ens32

再去查看backup状态( #可以看到backup上是不存在VIP的)

Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:05:10 localhost Keepalived_vrrp[7827]: Sending gratuitous ARP on ens32 for 192.168.179.199Nov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 50#可以看到接收到优先级100比自己高的,自己优先级是50,自动退变为backupNov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) Entering BACKUP STATENov 19 11:11:50 localhost Keepalived_vrrp[7827]: VRRP_Instance(VI_1) removing protocol VIPs.[root@localhost ~]# ip a | grep 199[root@localhost ~]#

如果你的两台nginx上面都有VIP的存在,那么就是防火墙的问题了,防火墙阻挡了。因为master收不到backup的主播(在配置配置文件的时候注意括号和空格)

版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:Nginx http_sub_module 替换网站响应内容
下一篇:Kubernetes calio,dashboard,Kuboard 部署
相关文章

 发表评论

暂时没有评论,来抢沙发吧~