KeepAlived故障轉(zhuǎn)移實(shí)現(xiàn)高可用

簡(jiǎn)介

上一篇文章學(xué)習(xí)了一些KeepAlive基礎(chǔ),了解到KeepAlive使用VRRP協(xié)議實(shí)現(xiàn)高可用,主要有兩個(gè)功能,分別是管理LVS的后端RealServer以及對(duì)Director的高可用,現(xiàn)在我們把這兩個(gè)功能分開(kāi),先來(lái)對(duì)KeepAlived的高可用做實(shí)驗(yàn)。另外說(shuō)下KeepAlived的常見(jiàn)工作模式。

  • 主/備模式:即單實(shí)例模式
  • 主/主模式:即多實(shí)例模式,也稱雙主模型, 即在配置文件中加入第二個(gè)虛擬IP,但是2個(gè)VIP所做的事情是一樣的,這樣的好處在于,能在實(shí)現(xiàn)高可用的同時(shí),還能實(shí)現(xiàn)負(fù)載均衡的目的。

單實(shí)例模型的高可用

拓?fù)鋱D

Keppalive的單實(shí)例高可用.png-7.4kB
Keppalive的單實(shí)例高可用.png-7.4kB

2臺(tái)KeepAlived的服務(wù)器共同維護(hù)一個(gè)實(shí)例,默認(rèn)A為MASTER,B為BACKUP當(dāng)A發(fā)生故障后,由B接替。

同步時(shí)間:

[root@dr1 ~]# vim /etc/chrony.conf
server ntp1.aliyun.com iburst   #修改為阿里云的時(shí)間服務(wù)器
server ntp2.aliyun.com iburst

[root@dr2 ~]# vim /etc/chrony.conf
server ntp1.aliyun.com iburst   #修改為阿里云的時(shí)間服務(wù)器
server ntp2.aliyun.com iburst

安裝keepalive

[root@dr1 ~]# yum install keepalived -y
[root@dr2 ~]# yum install keepalived -y

清空防火墻規(guī)則和關(guān)閉SELINUX

[root@dr1 ~]# iptables -F
[root@dr2 ~]# iptables -F

對(duì)默認(rèn)的配置文件先做一個(gè)備份

[root@dr1 keepalived]# cp keepalived.conf{,.bak}
[root@dr2 keepalived]# cp keepalived.conf{,.bak}

編輯配置文件
DR1的配置

! Configuration File for keepalived

global_defs {
   notification_email {     #報(bào)警郵件
     root@localhost     #收件人地址
   }
   notification_email_from keepalive@localhost  #發(fā)件人地址
   smtp_server 127.0.0.1        #smtp服務(wù)器
   smtp_connect_timeout 30      #超時(shí)時(shí)間
   router_id DR1                #用于標(biāo)識(shí)該機(jī)器的RID,應(yīng)當(dāng)是唯一的
    vrrp_garp_master_repeat 1   #當(dāng)轉(zhuǎn)換為MASTER狀態(tài)時(shí),在一組中一次發(fā)送的免費(fèi)ARP數(shù)量。默認(rèn)是5
    vrrp_mcast_group4 224.0.1.11    #用于發(fā)送和接受VRRP協(xié)議的組播地址
}



vrrp_instance VI_1 {
    state MASTER            #指定為MASTER
    interface ens33         #綁定在哪個(gè)網(wǎng)卡上
    virtual_router_id 51    #用于識(shí)別實(shí)例的VRID,同一實(shí)例中的VRID應(yīng)當(dāng)是相同的
    priority 100        #優(yōu)先級(jí)
    advert_int 1        #通告發(fā)送間隔
    authentication {    #認(rèn)證
        auth_type PASS
        auth_pass abc123
    }
    virtual_ipaddress {     #VIP設(shè)置
        172.16.1.99/24 dev ens33 label ens33:0
    }

}

DR2的配置

! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalive@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id DR2
   vrrp_garp_interval 0
   vrrp_gna_interval 0
    vrrp_mcast_group4 224.0.1.11
    vrrp_garp_master_repeat 1  
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 96
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass abc123
    }
    virtual_ipaddress {
        172.16.1.99/24 dev ens33 label ens33:0
    }


}

抓包分析

在BACKUP的節(jié)點(diǎn)上對(duì)組播IP地址抓包,能抓到MASTER發(fā)過(guò)來(lái)的報(bào)文

[root@dr2 keepalived]# tcpdump -i ens33 -nn host 224.0.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
16:13:24.656748 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
16:13:25.658750 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20

測(cè)試能否冗余

在MASTER上把KeepAlived服務(wù)停掉,查看故障轉(zhuǎn)移是否工作正常
未轉(zhuǎn)移前的狀態(tài)信息:

[root@dr2 keepalived]# systemctl status keepalived 
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; 


7月 02 16:25:20 dr2 Keepalived_vrrp[16878]: Registering gratuitous ARP shared channel
7月 02 16:25:20 dr2 Keepalived_vrrp[16878]: Opening file '/etc/keepalived/keepalived.conf'.
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) removing protocol VIPs.
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: Using LinkWatch kernel netlink reflector...
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Entering BACKUP STATE
7月 02 16:25:30 dr2 Keepalived_vrrp[16878]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]

把MASTER停止后,BACKUP的狀態(tài)信息

7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Entering MASTER STATE   #轉(zhuǎn)換為MASTER狀態(tài)

7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) setting protocol VIPs.  #設(shè)置VIP
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: Sending gratuitous ARP on ens33 for 172.16.1.99    
7月 02 16:30:26 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for....1.99 #在ens33上發(fā)送免費(fèi)ARP
7月 02 16:30:31 dr2 Keepalived_vrrp[16878]: Sending gratuitous ARP on ens33 for 172.16.1.99
7月 02 16:30:31 dr2 Keepalived_vrrp[16878]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for....1.99
Hint: Some lines were ellipsized, use -l to show in full.

轉(zhuǎn)換時(shí)的抓包信息

[root@dr2 ~]# tcpdump -i ens33 -nn host 224.0.1.11
#以下是MASTER發(fā)出的VRRP通告,priorty為100
16:30:21.716547 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
#當(dāng)STOP掉MASTER的KeepAlived后,MASTER發(fā)出一個(gè)優(yōu)先級(jí)為0的通告
16:30:25.026892 IP 192.168.30.99 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 1s, length 20
#隨即,BACKUP就會(huì)搶掉該實(shí)例的MASTER位置
16:30:25.653251 IP 192.168.30.98 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 96, authtype simple, intvl 1s, length 20
#轉(zhuǎn)為MASTER后,一直發(fā)出通告,此時(shí)priorty為96
16:30:26.655380 IP 192.168.30.98 > 224.0.1.11: VRRPv2, Advertisement, vrid 51, prio 96, authtype simple, intvl 1s, length 20

自定義報(bào)警腳本

腳本內(nèi)容:

#!/bin/bash 
#
sendto=root@localhost

notify() {
subject="$(hostname) to be $1 ,vip floating"
body="$(date +%F" "%T):VRRP transition $(hostname) to be $1"
echo "$body" | mail -s "$subject" $sendto
}




case $1 in 
master)
    notify master 
    ;;
backup)
    notify backup
    ;;
fault)
    notify fault
    ;;
*)
    echo "Usage: $(basename $0) {master|backup|fault}"
    exit 1
    ;;
esac

寫(xiě)好后,在vrrp實(shí)例中調(diào)用。

[root@dr1 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
notify_master "/etc/keepalived master"
notify_backup "/etc/keepalived backup"
notify_fault "/etc/keepalived fault"
}

當(dāng)發(fā)生狀態(tài)切換時(shí),能夠能夠發(fā)送郵件

[root@dr1 keepalived]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 3 messages 2 unread
>U  1 root                  Mon Jul  2 17:36  19/667   "dr1 to be master ,vip floating"
 U  2 root                  Mon Jul  2 17:38  19/667   "dr1 to be backup ,vip floating"
    3 root                  Mon Jul  2 17:40  19/668   "dr1 to be master ,vip floating"

使用腳本更好的調(diào)試KeepAlived

在調(diào)試中,可能需要對(duì)KeepAlived進(jìn)行多次轉(zhuǎn)移操作,此時(shí)可以預(yù)先設(shè)置一個(gè)腳本,如果腳本返回非0值,則減少該實(shí)例的優(yōu)先級(jí),可以讓BACKUP搶占。

首先定義一個(gè)腳本

[root@dr1 keepalived]# vim chk_down.sh 
#!/bin/bash
[ -f /etc/keepalived/down ] && exit 1 || exit 0
#此腳本的作用就是檢查/etc/keepalived/是否存在down這個(gè)文件,如果存在則返回1,如果不存在此文件則返回0

在配置中定義一個(gè)腳本,并調(diào)用(單獨(dú)一個(gè)新的上下文定義)

[root@dr1 keepalived]# vim keepalived.conf

vrrp_script chk_down {
    script "/etc/keepalived/chk_down.sh"     #檢查/etc/keepalived/是否有down文件,如果有,則返回exit1,如果不存在則返回0
    interval 1  #檢查間隔
    weight -5   #當(dāng)檢查失敗,腳本返回非0值,即-5的優(yōu)先級(jí)
    }


定義好后,在實(shí)例中啟用腳本

vrrp_instance VI_1 {
 track_script {     #追蹤此腳本
       chk_down
        }


}

當(dāng)在當(dāng)前節(jié)點(diǎn)上面的/etc/keepalived目錄下創(chuàng)建了一個(gè)叫down的文件,keepalived在執(zhí)行腳本的時(shí)候?qū)?huì)檢查出,并且根據(jù)事先定義好的腳本規(guī)則,把優(yōu)先級(jí)-5,小于BACKUP的優(yōu)先級(jí),BACKUP將會(huì)搶占該實(shí)例的MASTER位置;同理,如果刪除該文件后,優(yōu)先級(jí)將會(huì)+5,這時(shí),就會(huì)搶回MASTER位置。

雙主模型

Keppalive的雙主模型.png-11.3kB
Keppalive的雙主模型.png-11.3kB

簡(jiǎn)介

雙主模型簡(jiǎn)單來(lái)說(shuō)就是增加多一個(gè)實(shí)例,使用不同的VIP,如圖所示,在實(shí)例1(VIP1)中,A為主(MASTER)B為備(BACKUP),在實(shí)例2(VIP2)中,A為備,B為主。

配置

在ServerA上增加一個(gè)實(shí)例,設(shè)置為備

[root@dr1 keepalived]# vim keepalived.conf

vrrp_instance VI_2 {
    state BACKUP        #設(shè)置為BACKUP
    interface ens33     #一個(gè)網(wǎng)卡能綁定多個(gè)實(shí)例。
    virtual_router_id 52    #VRID不同實(shí)例不能一樣
    priority 96         #優(yōu)先級(jí)
    advert_int 1        #VRRP報(bào)文的通告間隔
    authentication {    #認(rèn)證相關(guān)
        auth_type PASS
        auth_pass ABC123
    }


    virtual_ipaddress {     #設(shè)置虛擬IP
        172.16.1.98/24 dev ens33 label ens33:1
    }


track_script {
        chk_down
}

#notify_master "/etc/keepalived/notify.sh master"
##notify_backup "/etc/keepalived/notify.sh backup"
#notify_fault "/etc/keepalived/notify.sh fault"
}

把配置復(fù)制到ServerB上,修改相應(yīng)配置

[root@dr2 ~]# vim /etc/keepalived/keepalived.conf

vrrp_instance VI_2 {
    state MASTER
    interface ens33
    virtual_router_id 52
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ABC123
    }


    virtual_ipaddress {
        172.16.1.98/24 dev ens33 label ens33:1
    }


track_script {
        chk_down
}

#notify_master "/etc/keepalived/notify.sh master"
##notify_backup "/etc/keepalived/notify.sh backup"
#notify_fault "/etc/keepalived/notify.sh fault"
}

重啟服務(wù)

[root@dr1 ~]# systemctl restart keepalived
[root@dr2 ~]# systemctl restart keepalived

分別查看ServerA和ServerB的IP情況

[root@dr1 keepalived]# ifconfig     #ServerA
...
ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.1.99  netmask 255.255.255.0  broadcast \
        
        
        
[root@dr2 ~]# ifconfig      #ServerB
ens33:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.1.98  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:1e:7a:1a  txqueuelen 1000  (Ethernet)

測(cè)試

先來(lái)檢查ServerA的172.16.1.99故障轉(zhuǎn)移能否工作
在前面已經(jīng)指定了腳本,在此目錄下一旦有名字down的文件,優(yōu)先級(jí)將會(huì)減少5。此時(shí)BACKUP會(huì)搶占MASTER位置
在ServerA的/etc/keepalived/目錄下新建down文件

[root@dr1 keepalived]# touch down

此時(shí),實(shí)例1的VIP已經(jīng)轉(zhuǎn)移到了ServerB上

[root@dr2 ~]# tail -n 10 /var/log/messages 
Jul  2 22:40:46 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul  2 22:40:47 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  2 22:40:47 node1 Keepalived_vrrp[21878]: VRRP_Instance(VI_1) setting protocol VIPs.

把ServerA的down文件刪除,此時(shí)ServerA會(huì)重新?lián)屨紝?shí)例1 MASTER的位置

[root@dr1 keepalived]# tail -n 10 /var/log/messages 
Jul  2 22:43:37 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul  2 22:43:38 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  2 22:43:38 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul  2 22:43:38 node1 Keepalived_vrrp[24055]: Sending gratuitous ARP on ens33 for 172.16.1.99

接下來(lái)再來(lái)檢查ServerB的172.16.1.98故障轉(zhuǎn)移能否工作。
在ServerB的/etc/keepalived/目錄下新建down文件

[root@dr2 keepalived]# touch down

此時(shí),實(shí)例2的VIP已經(jīng)轉(zhuǎn)移到了ServerA上

[root@dr1 keepalived]# tail /var/log/messages

Jul  2 22:46:12 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) forcing a new MASTER election
Jul  2 22:46:13 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) Transition to MASTER STATE
Jul  2 22:46:14 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) Entering MASTER STATE
Jul  2 22:46:14 node1 Keepalived_vrrp[24055]: VRRP_Instance(VI_2) setting protocol VIPs.
Jul  2 22:46:14 node1 Keepalived_vrrp[24055]: Sending gratuitous ARP on ens33 for 172.16.1.98
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容