摘要:基于協(xié)議來實(shí)現(xiàn)的服務(wù)高可用方案��,可以利用其來避免單點(diǎn)故障���。這樣的話就可以保證路由器的高可用了。于安全性考慮����,包使用了加密協(xié)議進(jìn)行加密。是需要同步漂移的�����。
博文參考
http://lanlian.blog.51cto.com/6790106/1303195/
http://blog.csdn.net/tantexian/article/details/50056229
http://www.yulongjun.com/linux/20170904-01-keepalived-introduction/
Keepalived簡介
core模塊:為keepalived的核心組件�,負(fù)責(zé)主進(jìn)程的啟動(dòng)、維護(hù)以及全局配置文件的加載和解析;
check:負(fù)責(zé)健康檢查�����,包括常見的各種檢查方式�;
VRRP模塊:是來實(shí)現(xiàn)VRRP協(xié)議的。
keepalived
基于VRRP協(xié)議來實(shí)現(xiàn)的LVS服務(wù)高可用方案�����,可以利用其來避免單點(diǎn)故障��。一個(gè)LVS服務(wù)會(huì)有2臺(tái)服務(wù)器運(yùn)行Keepalived����,一臺(tái)為主服務(wù)器(MASTER),一臺(tái)為備份服務(wù)器(BACKUP)����,但是對外表現(xiàn)為一個(gè)虛擬IP,主服務(wù)器會(huì)發(fā)送特定的消息給備份服務(wù)器��,當(dāng)備份服務(wù)器收不到這個(gè)消息的時(shí)候�,即主服務(wù)器宕機(jī)的時(shí)候, 備份服務(wù)器就會(huì)接管虛擬IP�,繼續(xù)提供服務(wù)��,從而保證了高可用性��。Keepalived是VRRP的完美實(shí)現(xiàn)�����。
啟動(dòng)后三個(gè)進(jìn)程
父進(jìn)程:內(nèi)存管理�����,子進(jìn)程管理等等
子進(jìn)程:VRRP子進(jìn)程
子進(jìn)程:healthchecker子進(jìn)程
VRRP協(xié)議簡介
VRRP全稱Virtual Router Redundancy Protocol�����,即虛擬路由冗余協(xié)議。
虛擬路由冗余協(xié)議���,可以認(rèn)為是實(shí)現(xiàn)路由器高可用的協(xié)議���,即將N臺(tái)提供相同功能的路由器組成一個(gè)路由器組,這個(gè)組里面有一個(gè)master和多個(gè)backup�,master上面有一個(gè)對外提供服務(wù)的vip(該路由器所在局域網(wǎng)內(nèi)其他機(jī)器的默認(rèn)路由為該vip),master會(huì)發(fā)組播�����,當(dāng)backup收不到vrrp包時(shí)就認(rèn)為master宕掉了,這時(shí)就需要根據(jù)VRRP的優(yōu)先級來選舉一個(gè)backup當(dāng)master����。這樣的話就可以保證路由器的高可用了。于安全性考慮����,VRRP包使用了加密協(xié)議進(jìn)行加密。
keepalived配置介紹
keepalived只有一個(gè)配置文件keepalived.conf���,里面主要包括以下幾個(gè)配置區(qū)域:
global_defs主要是配置故障發(fā)生時(shí)的通知對象以及機(jī)器標(biāo)識(shí)
static_ipaddress和static_routes區(qū)域配置的是是本節(jié)點(diǎn)的IP和路由信息
vrrp_script用來做健康檢查的�����,當(dāng)時(shí)檢查失敗時(shí)會(huì)將vrrp_instancepriority減少相應(yīng)的值
vrrp_instance用來定義對外提供服務(wù)的VIP區(qū)域及其相關(guān)屬性
vrrp_rsync_group用來定義vrrp_intance組�,使得這個(gè)組內(nèi)成員動(dòng)作一致
全局配置
全局配置又包括兩個(gè)子配置:
全局定義(global definition)
靜態(tài)路由配置(static ipaddress/routes)
VRRPD配置
VRRPD配置包括三個(gè)類:
VRRP同步組(synchroization group)
VRRP實(shí)例(VRRP Instance)
VRRP腳本
keepalived單活雙活配置
單活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
雙活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VG_2 {
state BACKUP
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance VG_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VG_2 {
state MASTER
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
內(nèi)外雙網(wǎng)絡(luò)(非同步)單活模式漂移配置
一個(gè)內(nèi)網(wǎng)網(wǎng)絡(luò)����,一個(gè)外網(wǎng)網(wǎng)絡(luò),內(nèi)網(wǎng)網(wǎng)絡(luò)和外網(wǎng)網(wǎng)絡(luò)不用同步漂移�,比如Keepalived+LVS-DR、Keepalived+Nginx����、Keepalived+HAProxy�����,都是不用同步漂移的�。(Keepalived+LVS-NAT是需要同步漂移的����。)
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_instance External_1 {
state MASTER
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_instance External_1 {
state BACKUP
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
內(nèi)外雙網(wǎng)絡(luò)(同步)雙活模式漂移配置
一個(gè)內(nèi)網(wǎng)網(wǎng)絡(luò),一個(gè)外網(wǎng)網(wǎng)絡(luò)���,而且內(nèi)網(wǎng)網(wǎng)絡(luò)和外網(wǎng)網(wǎng)絡(luò)要實(shí)現(xiàn)同步漂移�����,比如Keepalived+LVS-NAT模式�,那么就用到vrrp_sync_group來設(shè)置同步漂移組����,如果要做雙活���,那么就分別兩端加兩個(gè)vip��,互為主備����。
Ka1配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_sync_group VG_2 {
group {
External_2
Internal_2
}
}
vrrp_instance External_1 {
state MASTER
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance External_2 {
state BACKUP
interface eth1
virtual_router_id 172
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 9d3d15d5
}
virtual_ipaddress {
172.16.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state MASTER
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_2 {
state BACKUP
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
Ka2配置
/etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from ka1@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_mcast_group4 224.111.111.111
}
vrrp_sync_group VG_1 {
group {
External_1
Internal_1
}
}
vrrp_sync_group VG_2 {
group {
External_2
Internal_2
}
}
vrrp_instance External_1 {
state BACKUP
interface eth1
virtual_router_id 171
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1402b1b5
}
virtual_ipaddress {
172.16.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance External_2 {
state MASTER
interface eth1
virtual_router_id 172
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 9d3d15d5
}
virtual_ipaddress {
172.16.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_1 {
state BACKUP
interface eth2
virtual_router_id 191
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 0702f7ab
}
virtual_ipaddress {
192.168.111.100
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance Internal_2 {
state MASTER
interface eth2
virtual_router_id 192
priority 95
advert_int 1
authentication {
auth_type PASS
auth_pass 85c9a27b
}
virtual_ipaddress {
192.168.111.200
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為�,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/40581.html
