Fork me on GitHub

Keepalived安装配置

发表于 | 分类于 | | 阅读次数
| 字数统计 1,296 | 阅读时长预计 6

本文主要介绍了Keepalived安装配置。

1. 简介

Keepalived provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on well-known and widely used Linux Virtual Server (IPVS) kernel module providing Layer4 load-balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage load-balanced server pool according their health. Keepalived also implements the VRRPv2 protocol to achieve high-availability with director failover.

keepalived是集群管理中保证集群高可用的一个服务软件,其功能类似于heartbeat,用来防止单点故障。

keepalived是以VRRP协议为实现基础的,VRRP全称Virtual Router Redundancy Protocol,即虚拟路由冗余协议

虚拟路由冗余协议,可以认为是实现路由器高可用的协议,即将N台提供相同功能的路由器组成一个路由器组,这个组里面有一个master和多个backup,master上面有一个对外提供服务的vip(该路由器所在局域网内其他机器的默认路由为该vip),master会发组播,当backup收不到vrrp包时就认为master宕掉了,这时就需要根据VRRP的优先级选举一个backup当master。这样的话就可以保证路由器的高可用了。

keepalived主要有三个模块,分别是core、check和vrrp。core模块为keepalived的核心,负责主进程的启动、维护以及全局配置文件的加载和解析。check负责健康检查,包括常见的各种检查方式。vrrp模块是来实现VRRP协议的。

2. 安装

yum 安装

1
2
yum install keepalived
systemctl enable keepalived

3. Enable IP forwarding

1
2
3
# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# sysctl -p
net.ipv4.ip_forward = 1

4. 防火墙配置

Add firewall rules to allow VRRP communication using the multicast IP address 224.0.0.18 and the VRRP protocol (112) on each network interface that Keepalived will control, for example:

VRRP communication between routers uses multicast IP address 224.0.0.18[1] and IP protocol number 112[2].

Thus, you only need to allow incoming and outgoing traffic with these specific parameters for VRRP to work correctly. The firewall rules that are usually mentioned are redundant and unnecessarily widely formulated.

记得改掉网卡名称,此处我绑定的是enp0s3,其他的不需要改

1
2
3
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s3 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s3 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload

5. 编辑/etc/keepalived/keepalived.conf

默认的配置文件/etc/keepalived/keepalived.conf

6. 例子Configuring Simple Virtual IP Address Failover Using Keepalived

默认情况下由节点A提供服务,当节点A不可用时,由节点B提供服务(即虚拟IP漂移至节点B)。

节点 IP
主节点 192.168.0.104
备节点 192.168.0.105
VIP 192.168.0.106

节点A上的配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from  root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id maxscale001
}
vrrp_instance VI_1 {
    state MASTER      #指定A节点为主节点 备用节点上设置为BACKUP即可
    interface enp0s3   #绑定虚拟IP的网络接口
    virtual_router_id 51   #VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组
    priority 100   #主节点的优先级(1-254之间),备用节点必须比主节点优先级低
    advert_int 1    #组播信息发送间隔,两个节点设置必须一样
    nopreempt
    authentication {   #设置验证信息,两个节点必须一致
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {   #指定虚拟IP, 两个节点设置必须一样
        192.168.0.106/24
    }
}

节点B上的配置文件(router_id 、state 、priority 不同),其它项不必修改。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id maxscale002
}
vrrp_instance VI_1 {
    state BACKUP
    interface enp0s3
    virtual_router_id 51
    priority 99
    advert_int 1
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.0.106/24
    }
}

节点A启动keepalived后,查看IP

1
2
3
4
5
6
7
[root@mysql001 keepalived]# ip addr show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:54:b1:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.104/24 brd 192.168.0.255 scope global dynamic enp0s3
       valid_lft 85696sec preferred_lft 85696sec
    inet 192.168.0.106/24 scope global secondary enp0s3
       valid_lft forever preferred_lft forever

节点B启动keepalived后,查看IP

1
2
3
4
5
[root@mysql002 keepalived]# ip addr show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:6d:87:72 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.105/24 brd 192.168.0.255 scope global dynamic enp0s3
       valid_lft 85484sec preferred_lft 85484sec

测试及验证:拔掉节点A的网线,就发现虚拟IP已经绑定到节点B上,再恢复A节点的网线,虚拟IP又绑定回节点A之上。

说明:

  1. 默认的配置文件中,使用第三方smtp服务器,但这在现实中几乎没有意义(需要验证的原因),我们将其指定为localhost, 将通知信息的发送交给本地sendmail服务处理。通过alias发送给接收人
  2. 虚拟IP需要指定子网掩码,否则会默认使用255.255.255.255,可能导致无法从其它机器访问虚拟IP
  3. 在配置keepalived vrrp instance时, 有一个nopreempt的选项, 如果配置了nopreempt, 表示进入BACKUP状态的路由器不会在Master还活着的情况下, 抢占MASTER的位置(即使BACKUP路由器的优先级更高)

参考

Installing and Configuring Keepalived

http://tools.ietf.org/html/rfc5798#section-5.1.1.2

http://tools.ietf.org/html/rfc5798#section-5.1.1.4

https://serverfault.com/questions/634903/vip-not-dropping-from-backup-keepalived

Keepalived配置及典型应用案例

keepalived工作原理和配置说明

详解keepalived配置和使用

好记性不如烂笔头,生命不息,学习不止!

分享