摘要:基于协议来实现的服务高可用方案,可以利用其来避免单点故障。这样的话就可以保证路由器的高可用了。于安全性考虑,包使用了加密协议进行加密。是需要同步漂移的。
博文参考
http://lanlian.blog.51cto.com/6790106/1303195/ http://blog.csdn.net/tantexian/article/details/50056229 http://www.yulongjun.com/linux/20170904-01-keepalived-introduction/Keepalived简介
core模块:为keepalived的核心组件,负责主进程的启动、维护以及全局配置文件的加载和解析;
check:负责健康检查,包括常见的各种检查方式;
VRRP模块:是来实现VRRP协议的。
keepalived基于VRRP协议来实现的LVS服务高可用方案,可以利用其来避免单点故障。一个LVS服务会有2台服务器运行Keepalived,一台为主服务器(MASTER),一台为备份服务器(BACKUP),但是对外表现为一个虚拟IP,主服务器会发送特定的消息给备份服务器,当备份服务器收不到这个消息的时候,即主服务器宕机的时候, 备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性。Keepalived是VRRP的完美实现。
启动后三个进程父进程:内存管理,子进程管理等等
子进程:VRRP子进程
子进程:healthchecker子进程
VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议。
虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级来选举一个backup当master。这样的话就可以保证路由器的高可用了。于安全性考虑,VRRP包使用了加密协议进行加密。
keepalived配置介绍
keepalived只有一个配置文件keepalived.conf,里面主要包括以下几个配置区域:
global_defs主要是配置故障发生时的通知对象以及机器标识
static_ipaddress和static_routes区域配置的是是本节点的IP和路由信息
vrrp_script用来做健康检查的,当时检查失败时会将vrrp_instancepriority减少相应的值
vrrp_instance用来定义对外提供服务的VIP区域及其相关属性
vrrp_rsync_group用来定义vrrp_intance组,使得这个组内成员动作一致
全局配置
全局配置又包括两个子配置:
全局定义(global definition)
静态路由配置(static ipaddress/routes)
VRRPD配置
VRRPD配置包括三个类:
VRRP同步组(synchroization group)
VRRP实例(VRRP Instance)
VRRP脚本
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
双活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VG_2 {
state BACKUP
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VG_2 {
state MASTER
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
内外双网络(非同步)单活模式漂移配置
一个内网网络,一个外网网络,内网网络和外网网络不用同步漂移,比如Keepalived+LVS-DR、Keepalived+Nginx、Keepalived+HAProxy,都是不用同步漂移的。(Keepalived+LVS-NAT是需要同步漂移的。)
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_instance External_1 {
state MASTER
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance External_1 {
state BACKUP
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
内外双网络(同步)双活模式漂移配置
一个内网网络,一个外网网络,而且内网网络和外网网络要实现同步漂移,比如Keepalived+LVS-NAT模式,那么就用到vrrp_sync_group来设置同步漂移组,如果要做双活,那么就分别两端加两个vip,互为主备。
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_sync_group VG_2 {
group {
External_2
Internal_2
}
}
vrrp_instance External_1 {
state MASTER
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance External_2 {
state BACKUP
interface eth1
virtual_router_id 172
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 9d3d15d5
}
virtual_ipaddress {
172.16.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_2 {
state BACKUP
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_sync_group VG_2 {
group {
External_2
Internal_2
}
}
vrrp_instance External_1 {
state BACKUP
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance External_2 {
state MASTER
interface eth1
virtual_router_id 172
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 9d3d15d5
}
virtual_ipaddress {
172.16.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_2 {
state MASTER
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/40581.html
阅读 7495·2023-04-25 14:36
阅读 1721·2021-11-22 09:34
阅读 2120·2019-08-30 15:55
阅读 3093·2019-08-30 11:19
阅读 1281·2019-08-29 15:17
阅读 532·2019-08-29 12:47
阅读 2971·2019-08-26 13:38
阅读 2607·2019-08-26 11:00
