一，keepalived介紹

keepalived是一個可以實現(xiàn)某些資源高可用的開源軟件，其主要的組件包括core，check，vrrp，libipfwc，libipvs，這里說下各個組件的功能。

core：keepalived的核心組件，負責(zé)主進程的啟動和維護以及加載解析配置文件等。

check：負責(zé)healthchecker,負責(zé)各種健康檢查方式，和對應(yīng)的配置解析以及LVS的配置解析。

vrrp：vrrpd的子進程。

libipfwc：結(jié)合iptables的ipchains庫來使用。

libipvs：結(jié)合LVS使用。

keepalived啟動后會生成3個進程，master主進程，VRRP子進程，healthchecker子進程。

VRRP協(xié)議是實現(xiàn)keepalived高可用的一個基礎(chǔ)，下面說一下VRRP的實現(xiàn)原理：

VRRP虛擬路由(VRRP router)，VRRP是一個“選舉”協(xié)議，它能夠動態(tài)地將一個虛擬路由器的責(zé)任指定至同一個VRRP組中的其它路由器上，VRRP的優(yōu)勢：

冗余：可以使用多個路由器設(shè)備作為LAN客戶端的默認網(wǎng)關(guān)，大大降低了默認網(wǎng)關(guān)成為單點故障的可能性；

負載共享：允許來自LAN客戶端的流量由多個路由器設(shè)備所共享；

多VRRP組：在一個路由器物理接口上可配置多達255個VRRP組；

多IP地址：基于接口別名在同一個物理接口上配置多個IP地址，從而支持在同一個物理接口上接入多個子網(wǎng)；

搶占：在master故障時允許優(yōu)先級更高的backup成為master；

通告協(xié)議：使用IANA所指定的組播地址224.0.0.18進行VRRP通告；

VRRP追蹤：基于接口狀態(tài)來改變其VRRP優(yōu)先級來確定最佳的VRRP路由器成為master；

二，實驗環(huán)境：

192.168.30.116 OS：Centos 6.4 x86_64 ? master.luojianlong.com

192.168.30.117 OS：Centos 6.4 x86_64 ? backup.luojianlong.com

keepalived版本：keepalived-1.2.7

首先，分別在2臺服務(wù)器上，安裝keepalived,haproxy，由于系統(tǒng)版本是Centos 6.4，這2個軟件已經(jīng)被整合在內(nèi)部了，所以使用yum來安裝

[root@master ~]# yum -y install keepalived haproxy [root@backup ~]# yum -y install keepalived haproxy

接下來，先配置master與backup服務(wù)器的優(yōu)先級，virtual_router_id（同一個實例2臺服務(wù)器必須相同），編輯配置文件:

[root@master ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@backup ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@master ~]# vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVEL } vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.30.230} } [root@backup ~]# vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVEL } vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 51priority 99advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.30.230} }

global_defs：全局配置標識破；

notification_email：表示告警時發(fā)送的郵件地址；

notification_email_from：表示發(fā)送郵件的源地址；

smtp_server：發(fā)送郵件的smtp服務(wù)器地址；

router_id：機器標識；

vrrp_instance：定義一個vrrp實例；

state：state指定instance(Initial)的初始狀態(tài)，就是說在配置好后，這臺服務(wù)器的初始狀態(tài)就是這里指定的，但這里指定的不算，還是得要通過競選通過優(yōu)先級來確定，里如果這里設(shè)置為master，但如若他的優(yōu)先級不及另外一臺，那么這臺在發(fā)送通告時，會發(fā)送自己的優(yōu)先級，另外一臺發(fā)現(xiàn)優(yōu)先級不如自己的高，那么他會就回搶占為master；

interface：實例綁定的網(wǎng)卡，因為在配置虛擬IP的時候必須是在已有的網(wǎng)卡上添加的；

virtual router id：這里設(shè)置VRID，這里非常重要，相同的VRID為一個組，他將決定多播的MAC地址；

priority 100：設(shè)置本節(jié)點的優(yōu)先級，優(yōu)先級高的為master；

advert int：檢查間隔，默認為1秒；

virtual ipaddress：這里設(shè)置的就是VIP，也就是虛擬IP地址，他隨著state的變化而增加刪除，當(dāng)state為master的時候就添加，當(dāng)state為backup的時候刪除，這里主要是有優(yōu)先級來決定的，和state設(shè)置的值沒有多大關(guān)系，這里可以設(shè)置多個IP地址；

authentication：這里設(shè)置認證；

auth type：認證方式，可以是PASS或AH兩種認證方式；

auth pass：認證密碼；

啟動倆臺服務(wù)器的keepalived

[root@master ~]# service keepalived start Starting keepalived: [ OK ] [root@backup ~]# service keepalived start Starting keepalived: [ OK ] [root@master ~]# tail -f /var/log/messages Jan 10 11:40:56 localhost Keepalived_healthcheckers[19368]: Using LinkWatch kernel netlink reflector... Jan 10 11:40:56 localhost Keepalived_vrrp[19369]: Opening file '/etc/keepalived/keepalived.conf'. Jan 10 11:40:56 localhost Keepalived_vrrp[19369]: Configuration is using : 63019 Bytes Jan 10 11:40:56 localhost Keepalived_vrrp[19369]: Using LinkWatch kernel netlink reflector... Jan 10 11:40:56 localhost Keepalived_vrrp[19369]: VRRP sockpool: [ifindex(2), proto(112), fd(10,11)] Jan 10 11:40:57 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 11:40:58 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 10 11:40:58 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 10 11:40:58 localhost Keepalived_healthcheckers[19368]: Netlink reflector reports IP 192.168.30.230 added Jan 10 11:40:58 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 11:41:03 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 11:41:14 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Received lower prio advert, forcing new election Jan 10 11:41:14 localhost Keepalived_vrrp[19369]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 [root@master ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host loinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:f3:fc:ba brd ff:ff:ff:ff:ff:ffinet 192.168.30.116/24 brd 192.168.30.255 scope global eth0inet 192.168.30.230/32 scope global eth0inet6 fe80::20c:29ff:fef3:fcba/64 scope linkvalid_lft forever preferred_lft forever

發(fā)現(xiàn)剛才定義的virtual ipaddress在master服務(wù)器上，因為優(yōu)先級較高

停止master服務(wù)器的keepalived服務(wù)器，看IP會不會轉(zhuǎn)移到backup

[root@master ~]# service keepalived stop Stopping keepalived: [ OK ] [root@backup ~]# tail -f /var/log/messages Jan 10 12:12:46 localhost Keepalived_vrrp[18581]: Opening file '/etc/keepalived/keepalived.conf'. Jan 10 12:12:46 localhost Keepalived_vrrp[18581]: Configuration is using : 63017 Bytes Jan 10 12:12:46 localhost Keepalived_vrrp[18581]: Using LinkWatch kernel netlink reflector... Jan 10 12:12:46 localhost Keepalived_healthcheckers[18580]: Opening file '/etc/keepalived/keepalived.conf'. Jan 10 12:12:46 localhost Keepalived_healthcheckers[18580]: Configuration is using : 7324 Bytes Jan 10 12:12:46 localhost Keepalived_healthcheckers[18580]: Using LinkWatch kernel netlink reflector... Jan 10 12:12:46 localhost Keepalived_vrrp[18581]: VRRP sockpool: [ifindex(2), proto(112), fd(10,11)] Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Received higher prio advert Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Entering BACKUP STATE Jan 10 12:16:27 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 10 12:16:28 localhost Keepalived_healthcheckers[18580]: Netlink reflector reports IP 192.168.30.230 added Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 12:16:33 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 [root@backup ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host loinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:5b:50:f9 brd ff:ff:ff:ff:ff:ffinet 192.168.30.117/24 brd 192.168.30.255 scope global eth0inet 192.168.30.230/32 scope global eth0inet6 fe80::20c:29ff:fe5b:50f9/64 scope linkvalid_lft forever preferred_lft forever

發(fā)現(xiàn)IP已經(jīng)轉(zhuǎn)移到backup服務(wù)器

下面重新啟動master的keepalived

[root@master ~]# service keepalived start Starting keepalived: [ OK ] [root@backup ~]# tail -f /var/log/messages Jan 10 12:12:46 localhost Keepalived_vrrp[18581]: VRRP sockpool: [ifindex(2), proto(112), fd(10,11)] Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Received higher prio advert Jan 10 12:12:47 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Entering BACKUP STATE Jan 10 12:16:27 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 10 12:16:28 localhost Keepalived_healthcheckers[18580]: Netlink reflector reports IP 192.168.30.230 added Jan 10 12:16:28 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 12:16:33 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 12:18:20 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Received higher prio advert Jan 10 12:18:20 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) Entering BACKUP STATE Jan 10 12:18:20 localhost Keepalived_vrrp[18581]: VRRP_Instance(VI_1) removing protocol VIPs. Jan 10 12:18:20 localhost Keepalived_healthcheckers[18580]: Netlink reflector reports IP 192.168.30.230 removed [root@master ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host loinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:f3:fc:ba brd ff:ff:ff:ff:ff:ffinet 192.168.30.116/24 brd 192.168.30.255 scope global eth0inet 192.168.30.230/32 scope global eth0inet6 fe80::20c:29ff:fef3:fcba/64 scope linkvalid_lft forever preferred_lft forever

發(fā)現(xiàn)IP已經(jīng)重新轉(zhuǎn)移到master服務(wù)器

現(xiàn)在編寫haproxy狀態(tài)檢測腳本，來實現(xiàn)haproxy的健康檢測：

[root@master ~]# cat haproxy_pid.sh #!/bin/bash while : do haproxypid=`ps -C haproxy --no-header | wc -l` if [ $haproxypid -eq 0 ];thenservice haproxy startsleep 5haproxypid=`ps -C haproxy --no-header | wc -l`echo $haproxypidif [ $haproxypid -eq 0 ];then/etc/init.d/keepalived stopfi fi sleep 5 done # 啟動backup的haproxy [root@backup ~]# service haproxy start Starting haproxy: [ OK ]

模擬故障，先讓httpd進程開啟，修改haproxy監(jiān)聽端口為80，使得haproxy進程無法啟動，看資源會不會轉(zhuǎn)移到backup服務(wù)器

[root@master ~]# vi /etc/haproxy/haproxy.cfg frontend main *:5000 改為frontend main *:80 # 啟動httpd進程 [root@master ~]# scp -pr /etc/haproxy/haproxy.cfg root@192.168.30.117:/etc/haproxy/ [root@master ~]# service httpd start Starting httpd: httpd: apr_sockaddr_info_get() failed for master.luojianlong.com httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName[ OK ] [root@master ~]# netstat -antpl | grep :80 tcp 0 0 :::80 :::* LISTEN 19965/httpd #運行狀態(tài)檢測腳本 [root@master ~]# nohup /root/haproxy_pid.sh & [root@master ~]# scp -pr haproxy_pid.sh root@192.168.30.117:/root/ [root@bakcup ~]# nohup /root/haproxy_pid.sh & [root@master ~]# tail -f /var/log/messages Jan 10 12:02:29 localhost Keepalived_vrrp[19849]: VRRP sockpool: [ifindex(2), proto(112), fd(10,11)] Jan 10 12:02:29 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) Transition to MASTER STATE Jan 10 12:02:30 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) Entering MASTER STATE Jan 10 12:02:30 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) setting protocol VIPs. Jan 10 12:02:30 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 12:02:30 localhost Keepalived_healthcheckers[19848]: Netlink reflector reports IP 192.168.30.230 added Jan 10 12:02:35 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.30.230 Jan 10 12:14:49 localhost Keepalived[19847]: Stopping Keepalived v1.2.7 (02/21,2013) Jan 10 12:14:49 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) sending 0 priority Jan 10 12:14:49 localhost Keepalived_vrrp[19849]: VRRP_Instance(VI_1) removing protocol VIPs. [root@master ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host loinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:f3:fc:ba brd ff:ff:ff:ff:ff:ffinet 192.168.30.116/24 brd 192.168.30.255 scope global eth0inet6 fe80::20c:29ff:fef3:fcba/64 scope linkvalid_lft forever preferred_lft forever [root@backup ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWNlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host loinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:5b:50:f9 brd ff:ff:ff:ff:ff:ffinet 192.168.30.117/24 brd 192.168.30.255 scope global eth0inet 192.168.30.230/32 scope global eth0inet6 fe80::20c:29ff:fe5b:50f9/64 scope linkvalid_lft forever preferred_lft forever [root@backup ~]# ps aux | grep haproxy haproxy 19054 0.0 0.0 18688 1280 ? Ss 12:47 0:00 /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid root 19097 0.0 0.0 103248 828 pts/0 S+ 12:58 0:00 grep haproxy

發(fā)現(xiàn)IP已經(jīng)轉(zhuǎn)移到backup服務(wù)器，實現(xiàn)了keepalived對于haproxy故障的高可用。

keepalived常見的啟動報錯：

5913 May 16 15:26:04 localhost Keepalived_vrrp: ip address associated with VRID not present in received packet : 192.168.57.75 5914 May 16 15:26:04 localhost Keepalived_vrrp: one or more VIP associated with VRID mismatch actual MASTER advert 5915 May 16 15:26:04 localhost Keepalived_vrrp: bogus VRRP packet received on eth0 !!! 5916 May 16 15:26:04 localhost Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received advertisment... 5917 May 16 15:26:05 localhost Keepalived_vrrp: ip address associated with VRID not present in received packet : 192.168.57.75 5918 May 16 15:26:05 localhost Keepalived_vrrp: one or more VIP associated with VRID mismatch actual MASTER advert 5919 May 16 15:26:05 localhost Keepalived_vrrp: bogus VRRP packet received on eth0 !!! 5920 May 16 15:26:05 localhost Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received advertisment.

解決方法：

在同一網(wǎng)段內(nèi)virtual_router_id 值不能相同，如果相同會在messages中收到VRRP錯誤包 ，所以需要更改 virual_router_id。

轉(zhuǎn)載于:https://blog.51cto.com/luojianlong/1389249

創(chuàng)作挑戰(zhàn)賽新人創(chuàng)作獎勵來咯，堅持創(chuàng)作打卡瓜分現(xiàn)金大獎

總結(jié)

以上是生活随笔為你收集整理的keepalived实现haproxy高可用详解的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。