下载文档原格式
Amoeba+keepalived+mysql高可用性方案注:未在生成环境实施过本方案主要针对amoeba和keepalived的配置与实施,有关mysql的部分,请自行参考其他文档!优点1:读写分离,支持水平分区,对开发透明2:amoeba实现对从库组灵活的负载均衡和故障自动转移,keepalived实现amoeba的主备切换、故障转移缺点不支持主库故障转移,依然存在主库的单点故障AMOEBA[安装篇]1、什么是Amoba?Amoeba(变形虫)项目,该开源框架于2008年开始发布一款Amoeba for Mysql软件。
这个软件致力于MySQL的分布式数据库前端代理层,它主要在应用层访问MySQL的时候充当SQL路由功能,专注于分布式数据库代理层(Database Proxy)开发。
座落与Client、DB Server(s)之间,对客户端透明。
具有负载均衡、高可用性、SQL过滤、读写分离、可路由相关的到目标数据库、可并发请求多台数据库合并结果。
通过Amoeba你能够完成多数据源的高可用、负载均衡、数据切片的功能,目前Amoeba已在很多企业的生产线上面使用。
2、Linux下安装AmobaA.JAVA环境安装Amoeba框架是基于Java SE1.5开发的,建议使用Java SE 1.5版本。
1.6的版本也可以。
准备Java安装包jdk-1_5_0_22-linux-i586-rpm.bin,上传二进制包至/usr/java(没有,请新建)。
cd /usr/java给予执行权限,chmodu+xjdk-1_5_0_22-linux-i586-rpm.binshjdk-1_5_0_22-linux-i586-rpm.bin或者./jdk-1_5_0_22-linux-i586-rpm.bin #执行接下来是LICENSE,空格跳过,最后按提示输入yes.设置java环境变量在/etc/profile尾部加入下面的内容export JAVA_HOME=/usr/java/jdk1.5.0_22export PATH=$JAVA_HOME/bin:$PATHexport CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jarsource /etc/profile 使环境变量生效java –version 验证javajava version "1.5.0_22"Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharingB 安装Amoeba去/projects/amoeba/files/下载最新版本的Amoaba2.0。
LVS+Keepalived实现高可用集群一、基础介绍 (2)二、搭建配置LVS-NA T模式 (2)三、搭建配置LVS-DR模式 (4)四、另外一种脚本方式实现上面LVS-DR模式 (6)五、keepalived + LVS(DR模式) 高可用 (8)六、Keepalived 配置文件详细介绍 (11)一、基础介绍(一)根据业务目标分成三类:High Availability 高可用Load Balancing 负载均衡High Performance 高性能(二)实现集群产品:HA类:rhcs、heartbeat、keepalivedLB类:haproxy、lvs、nginx、f5、piranhaHPC类:/index/downfile/infor_id/42(三)LVS 负载均衡有三种模式:LVS-DR模式(direct router)直接路由模式进必须经过分发器,出就直接出LVS-NAT模式(network address translation)进出必须都经过分发器LVS-TUN模式(ip tunneling)IP隧道模式服务器可以放到全国各地二、搭建配置LVS-NAT模式1 、服务器IP规划:DR服务器添加一张网卡eth1,一个网卡做DIP,一个网口做VIP。
设置DIP、VIP IP地址:DIP的eth1和所有RIP相连同一个网段CIP和DIP的eth0(Vip)相连同一个网段Vip eth0 192.168.50.200Dip eth1 192.168.58.4客户机IP:Cip 192.168.50.32台真实服务器IP:Rip1 192.168.58.2Rip2 192.168.58.32 、R ealServer1配置:mount /dev/xvdd /media/vi /var/www/html/index.html写入:this is realserver1启动httpdvi /etc/sysconfig/network-scripts/ifcfg-eth0设置RIP,子网掩码必须设置成DIPIPADDR=192.168.58.2NETMASK=255.255.255.0GA TEWAY=192.168.58.43 、R ealServer2 配置:vi /var/www/html/index.html写入:this is realserver2启动httpdvi /etc/sysconfig/network-scripts/ifcfg-eth0设置RIP,子网掩码必须设置成DIPIPADDR=192.168.58.3NETMASK=255.255.255.0GA TEWAY=192.168.58.44 、在DR服务器上做以下设置:开启IP数据包转发vi /etc/sysctl.confnet.ipv4.ip_forward = 0 ##0改成1 ,此步很重要查看是否开启:sysctl -p5 、安装LVS服务:ipvsadmyum -y install ipvsadmlsmod |grep ip_vsTurbolinux系统没有带rpm包,必须下载源码安装:#ln -s /usr/src/kernels/2.6.18-164.el5-x86_64/ /usr/src/linux##如果不做连接,编译时会包错#tar zxvf ipvsadm-1.24.tar.gz#cd ipvsadm-1.24#make && make install运行下ipvsadm ,就加到ip_vs模块到内核了lsmod | grep ip 可以看到有ip_vs模块了6 、配置DR服务器,添加虚拟服务ipvsadm -L -n 查询信息ipvsadm -A -t 192.168.50.200:80 -s rr #添加集群服务、调度算法,rr为调度算法ipvsadm -a -t 192.168.50.200:80 -r 192.168.58.2 -m -w 1 # -m代表net模式,-w代表权重ipvsadm -a -t 192.168.50.200:80 -r 192.168.58.3 -m -w 2ipvsadm -L -n 再次查看是就有了realserverservice ipvsadm save 保存配置iptables -L 关闭或者清空防火墙watch -n 1 'ipvsadm -L -n' 查看访问记录的数显示如下:-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.50.200:80 rr-> 192.168.58.2:80 Masq 1 0 13-> 192.168.58.3:80 Masq 2 0 12ActiveConn是活动连接数,也就是tcp连接状态的ESTABLISHED;InActConn是指除了ESTABLISHED以外的,所有的其它状态的tcp连接.7 、测试:http://192.168.58.200配完后若想修改算法:ipvsadm -E -t 192.168.58.200:80 -s wlc修改Rip的权重:ipvsadm -e -t 192.168.58.200:80 -r 192.168.58.2 -m -w 1ipvsadm -e -t 192.168.58.200:80 -r 192.168.58.3 -m -w 5三、搭建配置LVS-DR模式lo:1 回应客户端,lo:1上的IP跟机器有关,跟网卡没有关系arp_announce 对网络接口上本地IP地址发出的ARP回应作出相应级别的限制arp_ignore 定义对目标地址为本地IP的ARP询问不同的请求一、3台服务器IP配置规划:DIP:eth0:1 192.168.58.200/32 (VIP)eth0 192.168.58.3/24 (DIP)RIP1 lo:1 192.168.58.200/32 (VIP)eth0 192.168.58.4/24RIP2 lo:1 192.168.58.200/32 (VIP)eth0 192.168.58.5/24 .................................................................RIP n lo:1 192.168.58.200/32 (VIP)eth0 192.168.58.N/24二、每台realserver都加上下面四个步骤配置:1 、配置每台rip的IP、http,web页面2 、关闭每台rip服务器的ARP广播:echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignoreecho 2 > /proc/sys/net/ipv4/conf/lo/arp_announceecho 1 > /proc/sys/net/ipv4/conf/all/arp_ignoreecho 2 > /proc/sys/net/ipv4/conf/all/arp_announce3 、配置VIPifconfig lo:1 192.168.58.200 netmask 255.255.255.255 broadcast 192.168.58.200 up4 、配置网关route add -host 192.168.58.200 dev lo:1三、DR上的配置(DR模式下Dip不用开启转发):1 、配置DIP,在eth0上添加一个子VIP接口:添加VIP:ifconfig eth0:1 192.168.58.200 broadcast 192.168.58.200 netmask 255.255.255.255 up2 、配置网关:route add -host 192.168.58.200 dev eth0:1route -n3 、安装ipvsadm(方法见文档上面)yum -y install ipvsadmlsmod |grep ip_vs4 、配置LVS集群:ipvsadm -A -t 192.168.58.200:80 -s rr #添加集群服务、调度算法,rr为调度算法ipvsadm -a -t 192.168.58.200:80 -r 192.168.58.3 -g -w 1 # -g代表DR模式,-w代表权重ipvsadm -a -t 192.168.58.200:80 -r 192.168.58.2 -g -w 2service ipvsadm saveipvsadm -L -n 查看信息四、测试:http://192.168.58.200四、另外一种脚本方式实现上面LVS-DR模式IP规划:Dip eth0 192.168.58.139VIP:192.168.58.200RIP1:192.168.58.2RIP2:192.168.58.31 、D R服务器上安装ipvsadm#yum -y install ipvsadm#lsmod | grep ip_vs 查看没有输出#modprobe ip_vs 安装即可2 、配置DIP服务器、LVS这里也是个写脚本为了方便vim /etc/init.d/lvsdr#!/bin/bash#lvs of DRVIP=192.168.58.200RIP1=192.168.58.2RIP2=192.168.58.3case "$1" instart)echo "start lvs of DR"/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.0 up echo "1" > /proc/sys/net/ipv4/ip_forward/sbin/iptables -C/sbin/ipvsadm -A -t $VIP:80 -s rr/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -g/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -g/sbin/ipvsadm;;stop)echo "stop lvs of DR"echo "0" > /proc/sys/net/ipv4/ip_forward/sbin/ipvsadm -C/sbin/ifconfig eth0:0 down;;*)echo "Usage :$0 {start|stop}"exit1esacexit 0#chmod o+x /etc/init.d/lvsdr启动脚本:#service lvsdr start3 、2台RIP服务器都配置这里我们也都可以写成脚本开启2台RIP的httpd服务。
详解centos7中配置keepalived⽇志为别的路径keepalived 安装:cd <keepalived_sourcecode_path>./configure --prefix=/usr/local/keepalivedmake && make installmkdir /etc/keepalivedmkdir /etc/keepalived/scriptscp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/cp /root/keepalived-2.0.6/keepalived/etc/init.d/keepalived /etc/init.d/cp /usr/local/keepalived/sbin/keepalived /sbin/keepalivedcp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/chmod +x /etc/init.d/keepalived由于在默认状态下keepalived的⽇志会写⼊到/var/log/message中,我们需要将此剥离出来。
在centos 6下可以:(1)⾸先修改/etc/sysconfig/keepalived⽂件,注释掉如下,添加如下:#KEEPALIVED_OPTIONS="-D"KEEPALIVED_OPTIONS="-D -d -S 0"(2)其次修改 /etc/rsyslog.conf ⽂件,添加如下:local0.* /var/log/keepalived.log在centos 7 下,还需要修改/lib/systemd/system/keepalived.service ⽂件:centos 7使⽤。
centos7安装配置LVS+keepalived⾼可⽤Centos7-Lvs+Keepalived架构LVS+Keepalived介绍1 、 LVSLVS 是⼀个开源的软件,可以实现 LINUX 平台下的简单负载均衡。
LVS 是 Linux Virtual Server 的缩写,意思是 Linux 虚拟服务器。
⽬前有三种 IP 负载均衡技术( VS/NAT 、 VS/TUN 和 VS/DR );⼋种调度算法( rr,wrr,lc,wlc,lblc,lblcr,dh,sh )。
2 、 keepalivedKeepalived 是运⾏在 lvs 之上,是⼀个⽤于做双机热备( HA )的软件,它的主要功能是实现真实机的故障隔离及负载均衡器间的失败切换,提⾼系统的可⽤性。
运⾏原理keepalived 通过选举(看服务器设置的权重)挑选出⼀台热备服务器做 MASTER 机器, MASTER 机器会被分配到⼀个指定的虚拟 ip ,外部程序可通过该 ip 访问这台服务器,如果这台服务器出现故障(断⽹,重启,或者本机器上的 keepalived crash 等), keepalived 会从其他的备份机器上重选(还是看服务器设置的权重)⼀台机器做 MASTER 并分配同样的虚拟 IP ,充当前⼀台 MASTER 的⾓⾊。
选举策略选举策略是根据,完全按照权重⼤⼩,权重最⼤( 0 ~ 255 )的是 MASTER 机器,下⾯⼏种情况会触发选举。
1. keepalived 启动的时候;2. master 服务器出现故障(断⽹,重启,或者本机器上的 keepalived crash 等,⽽本机器上其他应⽤程序 crash 不算);3. 有新的备份服务器加⼊且权重最⼤。
配置实例lvs_vip : 172.16.10.188lvs1+keepalived 主: 172.16.10.102lvs2+keepalived 备: 172.16.10.142nginx1 : 172.16.10.162nginx2 : 172.16.10.167安装 ipvsadm 和 keepalived# yum -y install ipvsadm keepalived修改 keepalived 主的配置# vim/etc/keepalived/keepalived.confglobal_defs{notification_email{******@ #报警接收⼈,多个写多⾏}notification_email_from ******@ #报警发件⼈smtp_server #发送email时使⽤的smtp服务器地址smtp_connect_timeout 30 #smtp超时时间router_id LVS1 #表⽰运⾏keepalived服务器的⼀个标识,发邮件时显⽰在邮件主题的信息}#不使⽤SYNCGroup的话,如果路由有2个⽹段,⼀个内⽹,⼀个外⽹,每个⽹段开启⼀个VRRP实例,假设VRRP配置为检查内⽹,那么当外⽹出现问题时,VRRP会认为⾃⼰是健康的,则不会发送Master和Backup的切换,从⽽导致问题,SyncGroup可以把两个实例都放⼊SyncGroup,这样的话,Group⾥任何⼀个实例出现问题都会发⽣切换vrrp_sync_grouptest {group{loadbalance}}vrrp_instanceloadbalance {state MASTER #指定keepalived的⾓⾊,MASTER表⽰此主机是主服务器,BACKUP表⽰此主机是备⽤服务器interface eno16777736 #指定HA监测⽹络的接⼝lvs_sync_daemon_inteface eno16777736 #负载均衡器之间的监控接⼝,类似于HA HeartBeat的⼼跳线virtual_router_id 38 #虚拟路由标识,这个标识是⼀个数字,同⼀个vrrp实例使⽤唯⼀的标识。
Keepalived 工作原理详解1. 什么是 KeepalivedKeepalived 是一个开源的软件,用于实现高可用性和负载均衡。
它可以确保在一个集群中的多台服务器之间实现故障转移,以确保服务的持续可用性。
Keepalived 可以通过 VRRP(虚拟路由冗余协议)来实现故障转移,并提供了一种简单且高效的方式来监控和管理服务器的状态。
2. Keepalived 的基本原理Keepalived 的基本原理是通过使用 VRRP 协议来实现故障转移。
VRRP 是一种用于冗余路由器的协议,它允许一组路由器共享一个虚拟 IP 地址,并自动选择其中一台路由器作为活动路由器,其他路由器则作为备份路由器。
当活动路由器出现故障时,备份路由器会接管虚拟 IP 地址,并继续提供服务。
在 Keepalived 中,每个服务器都运行着一个 Keepalived 进程,这些进程通过VRRP 协议进行通信。
其中一台服务器被选为主服务器(Master),其他服务器则作为备份服务器(Backup)。
主服务器负责提供服务,备份服务器则监控主服务器的状态,并在主服务器发生故障时接管服务。
3. Keepalived 的工作流程下面是 Keepalived 的工作流程:步骤 1:配置首先,需要在每台服务器上配置 Keepalived。
配置文件包括以下几个关键部分:•VRRP 实例配置:定义虚拟路由冗余协议的实例,包括实例 ID、优先级等。
•虚拟 IP 地址配置:定义共享的虚拟 IP 地址。
•路由器 ID 配置:定义每台服务器的唯一标识。
步骤 2:选举主服务器当所有服务器启动 Keepalived 进程后,它们会通过 VRRP 协议进行通信,并选举出一台主服务器。
选举的原则是根据配置文件中定义的优先级来确定,优先级越高的服务器越有可能成为主服务器。
如果主服务器发生故障或离线,备份服务器会重新选举主服务器。
步骤 3:监控主服务器一旦选举出主服务器,备份服务器会定期发送 VRRP 通告消息到主服务器,以确保主服务器的正常运行。
三.keepalived介绍及⼯作原理⼀、keepalived的介绍Keepalived软件起初是专为LVS负载均衡软件设计的,⽤来管理并监控LVS集群系统中各个服务节点的状态,后来⼜加⼊了可以实现⾼可⽤的VRRP功能。
因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的⾼可⽤解决⽅案软件。
Keepalived软件主要是通过VRRP协议实现⾼可⽤功能的。
VRRP是Virtual Router Redundancy Protocol(虚拟路由器冗余协议)的缩写,VRRP出现的⽬的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个⽹络可以不间断地运⾏。
所以,Keepalived⼀⽅⾯具有配置管理LVS的功能,同时还具有对LVS下⾯节点进⾏健康检查的功能,另⼀⽅⾯也可实现系统⽹络服务的⾼可⽤功能。
keepalived:vrrp协议:Virtual Router Redundancy Protocol术语:虚拟路由器:Virtual Router虚拟路由器标识:VRID(0-255),唯⼀标识虚拟路由器物理路由器:master:主设备backup:备⽤设备priority:优先级VIP:Virtual IPVMAC:Virutal MAC (00-00-5e-00-01-VRID)通告:⼼跳,优先级等;周期性⼯作⽅式:抢占式,⾮抢占式安全⼯作:认证:⽆认证简单字符认证:预共享密钥MD5⼯作模式:主/备:单虚拟路径器主/主:主/备(虚拟路径器1),备/主(虚拟路径器2)⼆、Keepalived服务的重要功能1、管理LVS负载均衡软件早期的LVS软件,需要通过命令⾏或脚本实现管理,并且没有针对LVS节点的健康检查功能。
为了解决LVS的这些使⽤不便的问题,Keepalived就诞⽣了,可以说,Keepalived软件起初是专为解决LVS的问题⽽诞⽣的。
keepalived 日志规则1. 什么是 keepalived?keepalived 是一个用于高可用性的软件,主要用于负载均衡和故障转移。
它可以确保服务器集群中的一个或多个服务器在主服务器故障时能够自动接管主服务器的功能,并保持服务的连续性。
2. keepalived 日志的重要性在 keepalived 中,日志是非常重要的,它可以帮助我们了解系统运行的情况,排查问题,诊断错误。
通过分析日志,我们可以及时发现异常情况,做出相应的处理,确保系统的稳定性和可靠性。
3. keepalived 日志的配置在 keepalived 中,日志的配置是通过修改配置文件来实现的。
一般来说,日志的配置参数包括日志级别、日志文件路径等。
3.1 日志级别在 keepalived 中,日志级别分为以下几种:•debug:最详细的日志级别,用于调试和排查问题。
它会输出大量的调试信息,对于正常运行的系统来说,通常不建议使用该级别。
•info:默认的日志级别,用于正常的运行情况。
它会输出一些重要的运行信息,如启动、停止、故障转移等。
•notice:用于输出一些比较重要的信息,但不需要立即处理的情况。
•warning:用于输出一些警告信息,表示可能存在潜在的问题。
•error:用于输出一些错误信息,表示系统出现了一些错误。
•crit:用于输出一些严重错误信息,表示系统出现了无法继续运行的错误。
我们可以根据实际需求来配置日志级别,一般来说,建议使用 info 或 notice 级别。
3.2 日志文件路径在 keepalived 中,可以通过配置文件指定日志文件的路径。
一般来说,我们可以将日志文件保存在指定的目录下,以便后续查看和分析。
4. keepalived 日志的格式keepalived 的日志格式包括以下几个字段:•时间戳:表示日志记录的时间,通常以年-月-日时:分:秒的格式显示。
•主机名:表示记录日志的主机名。
•进程名:表示记录日志的进程名。
keepalived原理及nginx+keepalived⼀、keepalived⾼可⽤简介keepalived是⼀个类似与layer3、4和7交换机制的软件,keepalived软件有两种功能,分别是监控检查、VRRP(虚拟路由器冗余协议) keepalived的作⽤是检测Web服务器的状态,⽐如有⼀台Web服务器、MySQL服务器宕机或⼯作出现故障,keepalived检测到后,会将故障的Web服务器或者MySQL服务器从系统中剔除,当服务器⼯作正常后keepalived⾃动将服务器加⼊到服务器群中,这些⼯作全部⾃动完成,不需要⼈⼯⼲涉,需要⼈⼯做的值是修复故障的Web和MySQL服务器。
layer3、4、7⼯作在TCP/IP协议栈的IP层、传输层、应⽤层,实现原理为:layer3:keepalived使⽤layer3的⽅式⼯作时,keepalived会定期向服务器群中的服务器发送⼀个ICMP数据包,如果发现某台服务的IP地址⽆法ping通,keepalived便报告这台服务器失效,并将它从服务器集群中剔除。
layer3的⽅式是以服务器的IP地址是否有效作为服务器⼯作是否正常的标准layer4:layer4主要以TCP端⼝的状态来决定服务器⼯作是否正常。
例如Web服务端⼝⼀般为80,如果keepalived检测到80端⼝没有启动,则keepalived把这台服务器从服务器集群中剔除layer7:layer7⼯作在应⽤层,keepalived将根据⽤户的设定检查服务器的运⾏是否正常,如果与⽤户的设定不相符,则keepalived将把服务器从服务器集群中剔除⼆、nginx+keepalived集群1、原理及环境Nginx负载均衡⼀般位于整个架构的最前端或者中间层,如果为最前端时单台nginx会存在单点故障,⼀台nginx宕机,会影响⽤户对整个⽹站的访问。
如果需要加⼊nginx备份服务器,nginx主服务器与备份服务器之间形成⾼可⽤,⼀旦发现nginx主宕机,能够快速将⽹站切换⾄备份服务器。
第03章集群利器Keepalived本章主要了解开源高可用负载均衡集群利器Keepalived,掌握Keepalived的安装,运用Keepalived配置高可用集群,并能够实现Keepalived与负均衡集群LVS的完美组合。
一、Keepalived概述1、什么是Keepalived?keepalived是一个类似于layer3, 4 & 5交换机制的软件,也就是我们平时说的第3层、第4层和第5层交换。
Keepalived的作用是检测web服务器的状态,如果有一台web服务器死机,或工作出现故障,Keepalived将检测到,并将有故障的web服务器从系统中剔除,当web服务器工作正常后Keepalived自动将web服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web服务器2、keepalived理论工作原理Layer3,4&5工作在IP/TCP协议栈的IP层,TCP层,及应用层,原理分别如下:Layer3:Keepalived使用Layer3的方式工作式时,Keepalived会定期向服务器群中的服务器发送一个ICMP的数据包(既我们平时用的Ping程序),如果发现某台服务的IP地址没有激活,Keepalived便报告这台服务器失效,并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。
Layer3的方式是以服务器的IP地址是否有效作为服务器工作正常与否的标准。
Layer4:主要以TCP端口的状态来决定服务器工作正常与否。
如web server的服务端口一般是80,如果Keepalived检测到80端口没有启动,则Keepalived将把这台服务器从服务器群中删除。
Layer5:Layer5就是工作在具体的应用层了,比Layer3,Layer4要复杂一点,在网络上占用的带宽也要大一些。
Keepalived将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则Keepalived将把服务器从服务器群中剔除。
Centos7.4安装配置haproxy和Keepalived补充内容补充⽐较杂1、当master服务恢复正常之后,backup机器收到消息,然后让出vip下⾯是master机器服务恢复正常后,backup机器的Keepalived⽇志收到master的消息通知,对⽅优先级是150,⾃⼰的是100,然后进⼊backup状态,移除vip1 2 3 4 5 6Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100 Apr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) Entering BACKUP STATEApr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) removing protocol VIPs.2、启动Keepalived服务,可以看到3个进程1 2 3 4 5 6 7[root@data-1-1 ~]# ps -ef |grep keeproot 6592 1 0 Apr12 ? 00:00:01 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6593 6592 0 Apr12 ? 00:00:01 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6594 6592 0 Apr12 ? 00:00:13 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6664 6020 0 Apr12 pts/200:00:01 tail-F /var/log/keepalived.logroot 19467 5979 0 10:45 pts/100:00:00 grep--colour=auto keep[root@data-1-1 ~]#3、cat追加内容和覆盖内容,以及内容含有$变量符号的处理⽅式(1)覆盖⽅式11 2 3 4 5 6 7#!/bin/bashcat<< EOF > /root/test.txt Hello!My site is My site is Test for cat and EOF! EOF ⽅式2我喜欢这种1 2 3 4 5 6 7#!/bin/bashcat> /root/test.txt <<EOF Hello!My site is My site is Test for cat and EOF! EOF(2)追加覆盖的写法基本和追加⼀样,不同的是单重定向号变成双重定向号⽅式11 2 3 4 5 6 7#!/bin/bashcat<< EOF >> /root/test.txt Hello!My site is My site is Test for cat and EOF! EOF7⽅式21 2 3 4 5 6 7#!/bin/bashcat>> /root/test.txt <<EOF Hello!My site is My site is Test for cat and EOF! EOF需要注意的是,不论是覆盖还是追加,在涉及到变量操作时是需要进⾏转义的,例如: 1 2 3 4 5 6 7 8 9#!/bin/bashcat<<EOF>> /root/a.txtPATH=\$PATH:\$HOME/binexport ORACLE_BASE=/u01/app/oracleexport ORACLE_HOME=\$ORACLE_BASE/10.2.0/db_1 export ORACLE_SID=yqptexport PATH=\$PATH:\$ORACLE_HOME/binexport NLS_LANG="AMERICAN_AMERICA.AL32UTF8" EOF4、正常安装之后的Keepalived服务启动⽇志可以看到启动读取的配置⽂件和根据配置⽂件打印的详细信息有些配置不在配置⽂件中写,它会⾃动按照默认配置补充上去配置⽂件是单播的启动⽇志下⾯可以看到已经涉及单播了 VRRP check unicast_src = falsevrrp_check_unicast_src:在单播模式中,开启对VRRP数据包的源地址做检查,源地址必须是单播邻居之⼀12345678910111213 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6453]: StoppedApr 12 16:27:12 data-1-2 Keepalived[6451]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2Apr 12 16:27:12 data-1-2 Keepalived[6602]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2Apr 12 16:27:12 data-1-2 Keepalived[6602]: Unable to resolve default script username 'keepalived_script'- ignoringApr 12 16:27:12 data-1-2 Keepalived[6602]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived[6603]: Starting Healthcheck child process, pid=6604Apr 12 16:27:12 data-1-2 Keepalived_healthcheckers[6604]: Initializing ipvsApr 12 16:27:12 data-1-2 Keepalived[6603]: Starting VRRP child process, pid=6605Apr 12 16:27:12 data-1-2 Keepalived_healthcheckers[6604]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering Kernel netlink reflectorApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering Kernel netlink command channelApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering gratuitous ARP shared channelApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Instance(VI_1) removing protocol VIPs.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: WARNING - script `killall` resolved by path search to `/usr/bin/killall`. Please specify full path. Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< Global definitions >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Router ID = Haproxy_2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server = 127.0.0.128 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server = 127.0.0.1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server port = 25Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp HELO name = data-1-2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server connection timeout = 3Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Email notification from = Haproxy_KeepAlived@ Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Email notification = 525031638@Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Default interface = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: LVS flush = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP IPv4 mcast group = 224.0.0.18Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP IPv6 mcast group = ff02::12Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh timer = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive lower priority advert = trueApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive higher priority advert = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP interval = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous NA interval = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP default protocol version = 2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Iptables input chain = INPUTApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP check unicast_src = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP skip check advert addresses = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP strict mode = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP process priority = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP don't swap = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Checker process priority = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Checker don't swap = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Network namespace = (default)Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Script security disabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Default script uid:gid 0:0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< VRRP Topology >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP Instance = VI_1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using VRRPv2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Want State = BACKUPApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Running on device = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Skip checking advert IP addresses = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Enforcing strict VRRP compliance = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using src_ip = 10.0.1.62Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh timer = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive lower priority advert = trueApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive higher priority advert = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Virtual Router ID = 80Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Priority = 100Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Advert interval = 5 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Accept enabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Promote_secondaries disabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Authentication type= SIMPLE_PASSWORDApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Password = ha_keepApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Tracked scripts = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: chk_haproxy weight 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Unicast Peer = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: 10.0.1.61Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Virtual IP = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: 10.0.1.63/24dev eth0 scope globalApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< VRRP Scripts >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP Script = chk_haproxyApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Command = /usr/bin/killall-0 haproxyApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Interval = 3 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Timeout = 0 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Weight = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Rise = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Fall = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Insecure = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Status = INITApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< NIC >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Name = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: index = 2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: IPv4 address = 10.0.1.62Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: IPv6 address = ::Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: MAC = 00:50:56:9d:50:d7Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: is UPApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: is RUNNINGApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: MTU = 1500Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: HW Type = ETHERNETApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using LinkWatch kernel netlink reflector...Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Instance(VI_1) Entering BACKUP STATEApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)]96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)]Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Script(chk_haproxy) succeededApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: ------< Global definitions >------Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Router ID = Haproxy_2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server = 127.0.0.1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server port = 25Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp HELO name = data-1-2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server connection timeout = 3Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Email notification from = Haproxy_KeepAlived@ Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Email notification = 525031638@Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Default interface = eth0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: LVS flush = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP IPv4 mcast group = 224.0.0.18Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP IPv6 mcast group = ff02::12Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP delay = 5Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP repeat = 5Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP refresh timer = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP lower priority delay = 4294Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP lower priority repeat = -1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Send advert after receive lower priority advert = true Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Send advert after receive higher priority advert = false Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP interval = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous NA interval = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP default protocol version = 2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Iptables input chain = INPUTApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP check unicast_src = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP skip check advert addresses = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP strict mode = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP process priority = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP don't swap = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Checker process priority = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Checker don't swap = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Network namespace = (default)Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Script security disabledApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Default script uid:gid 0:0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: ------< SSL definitions >------Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Using autogen SSL context5、配置单播和组播通信区别配置两个节点之间为单播⽅式,backup收到的数据包是下⾯形式1 2 3 4 5 6 7 8 9 10 11 12 13[root@data-1-2 keepalived]# tcpdump -vvv -i any host 10.0.1.61tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes13:11:21.084843 IP (tos 0xc0, ttl 255, id3, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" 13:11:26.085600 IP (tos 0xc0, ttl 255, id4, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" 13:11:31.086772 IP (tos 0xc0, ttl 255, id5, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" ^C3 packets captured3 packets received by filter0 packets dropped by kernel[root@data-1-2 keepalived]#配置两个节点为组播,backup机器收到的数据包是下⾯形式可以看到是1 2 3 4 5 6 7 8 9 10 11 12 13[root@data-1-2 keepalived]# tcpdump -vvv -i any host 10.0.1.61tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes13:08:15.571761 IP (tos 0xc0, ttl 255, id1455, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"13:08:20.572496 IP (tos 0xc0, ttl 255, id1456, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"13:08:25.573351 IP (tos 0xc0, ttl 255, id1457, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"^C3 packets captured3 packets received by filter0 packets dropped by kernel[root@data-1-2 keepalived]#6、查看Keepalived编译参数⼤部分⽤不到123456789 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46[root@data-1-1 tools]# tar xfz keepalived-1.3.5.tar.gz[root@data-1-1 tools]# cd keepalived-1.3.5[root@data-1-1 keepalived-1.3.5]# ./configure --help`configure' configures Keepalived 1.3.5 to adapt to many kinds of systems. Usage: ./configure[OPTION]... [VAR=VALUE]...To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets.Configuration:-h, --help display this help and exit--help=short display options specific to this package--help=recursive display the short help of all the included packages -V, --version display version information and exit-q, --quiet, --silent do not print `checking ...' messages--cache-file=FILE cache test results in FILE [disabled]-C, --config-cache alias for`--cache-file=config.cache'-n, --no-create do not create output files--srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories:--prefix=PREFIX install architecture-independent files in PREFIX[/usr/local]--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX]By default, `make install' will install all the files in`/usr/local/bin', `/usr/local/lib'etc. You can specifyan installation prefix other than `/usr/local' using `--prefix',for instance `--prefix=$HOME'.For better control, use the options below.Fine tuning of the installation directories:--bindir=DIR user executables [EPREFIX/bin]--sbindir=DIR system admin executables [EPREFIX/sbin]--libexecdir=DIR program executables [EPREFIX/libexec]--sysconfdir=DIR read-only single-machine data [PREFIX/etc]47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]--localstatedir=DIR modifiable single-machine data [PREFIX/var]--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]--libdir=DIR object code libraries [EPREFIX/lib]--includedir=DIR C header files [PREFIX/include]--oldincludedir=DIR C header files for non-gcc[/usr/include]--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]--datadir=DIR read-only architecture-independent data [DATAROOTDIR]--infodir=DIR info documentation [DATAROOTDIR/info]--localedir=DIR locale-dependent data [DATAROOTDIR/locale]--mandir=DIR man documentation [DATAROOTDIR/man]--docdir=DIR documentation root [DATAROOTDIR/doc/keepalived]--htmldir=DIR html documentation [DOCDIR]--dvidir=DIR dvi documentation [DOCDIR]--pdfdir=DIR pdf documentation [DOCDIR]--psdir=DIR ps documentation [DOCDIR]Program names:--program-prefix=PREFIX prepend PREFIX to installed program names--program-suffix=SUFFIX append SUFFIX to installed program names--program-transform-name=PROGRAM run sed PROGRAM on installed program names Optional Features:--disable-option-checking ignore unrecognized --enable/--with options--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)--enable-FEATURE[=ARG] include FEATURE [ARG=yes]--enable-silent-rules less verbose build output (undo: "make V=1")--disable-silent-rules verbose build output (undo: "make V=0")--disable-lvs-syncd do not use LVS synchronization daemon--disable-lvs do not use the LVS framework--disable-lvs-64bit-statsdo not use the LVS 64-bit stats--disable-vrrp do not use the VRRP framework--disable-fwmark compile without SO_MARK support--enable-snmp compile with SNMP support--enable-snmp-vrrp compile with SNMP vrrp support--enable-snmp-keepalivedobsolete - use --enable-snmp-vrrp--enable-snmp-checker compile with SNMP checker support--enable-snmp-rfc compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527(VRRPv3) support--enable-snmp-rfcv2 compile with SNMP RFC2787 (VRRPv2) support--enable-snmp-rfcv3 compile with SNMP RFC6257 (VRRPv3) support--disable-snmp-reply-v3-for-v2disable RFC6257 responses for VRRPv2 instances--enable-dbus compile with dbus support--enable-dbus-create-instancecompile with dbus support for creating instances--enable-sha1 compile with SHA1 support--disable-vrrp-auth compile without VRRP authentication--disable-routes compile without ip rules/routes--enable-dynamic-linkingcompile with/without dynamically linkedlibiptc/libipset--enable-libiptc-dynamiccompile with libiptc dynamically linked--disable-libipset-dynamiccompile with libipset statically linked--enable-libxtables-dynamiccompile with libxtables dynamically linked--enable-libnl-dynamic compile with libnl dynamically linked--disable-libiptc compile without libiptc--disable-libipset compile without libipset--disable-libnl compile without libnl--enable-mem-check compile with memory alloc checking--enable-mem-check-log compile with memory alloc checking wriging to syslog--enable-debug compile with debugging flags--enable-stacktrace compile with stacktrace support--enable-profile compile with profiling flags--enable-conversion-checkscompile with conversion warnings if sensible--enable-force-conversion-checkscompile with conversion warnings--enable-Werror compile with warnings being errors--enable-dependency-trackingdo not reject slow dependency extractors--disable-dependency-trackingspeeds up one-time build115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150Optional Packages:--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-kernel-dir=DIR path to linux kernel source directory--with-init=(upstart|systemd|SYSV|SUSE|openrc)specify init type--with-systemdsystemunitdir=DIRDirectory for systemd service filesSome influential environment variables:PKG_CONFIG path to pkg-config utilityPKG_CONFIG_PATHdirectories to add to pkg-config's search pathPKG_CONFIG_LIBDIRpath overriding pkg-config's built-in search pathCC C compiler commandCFLAGS C compiler flagsLDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in anonstandard directory <lib dir>LIBS libraries to pass to the linker, e.g. -l<library>CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> ifyou have headers in a nonstandard directory <include dir>CPP C preprocessorUse these variables to override the choices made by `configure' or to helpit to find libraries and programs with nonstandard names/locations.Report bugs to <keepalived-devel@>.Keepalived home page: </>.[root@data-1-1 keepalived-1.3.5]#7、Keepalived修改⽇志⽂件输出路径keepalived默认输出的⽇志在/var/log/messages这⾥修改,让它输出到/var/log/keepalived.log编译安装的1.3.5版本看到启动脚本默认读取的是/application/keepalived-1.3.5/etc/sysconfig/keepalived这个⽂件但是别的⼀些默认读取的是/etc/sysconfig/keepalived都改了最下⾯添加⼀⾏-S指定⼀个syslog设备接收,0表⽰local0设备-D是详细⽇志-d是dump配置⽂件内容到⽇志中1 2sed-i s#'KEEPALIVED_OPTIONS="-D"'#'KEEPALIVED_OPTIONS="-D -d -S 0"'#g /etc/sysconfig/keepalived /bin/cp/application/keepalived/etc/sysconfig/keepalived/etc/sysconfig/配置完毕后需要在syslog.conf⽂件⾥添加⼀⾏,如下上⾯配置⽂件表⽰syslog让local0接收,local0接收后往后⾯的/var/log/keepalived.log⾥⾯接收.* 表⽰所有状态都打1 2 3 4 5cat>> /etc/rsyslog.conf << EOF#keepalivedlocal0.* /var/log/keepalived.log EOF67 8 9 10[root@data-1-1 keepalived]# tail -2 /etc/rsyslog.conf #keepalivedlocal0.* /var/log/keepalived.log[root@data-1-1 keepalived]#重启rsyslog服务1 2[root@data-1-1 keepalived]# systemctl restart rsyslog [root@data-1-1 keepalived]#8、安装⼀些⼯具安装tcpdump,它是个抓包⼯具,有时候会⽤到安装psmisc包,安装之后多了 fuser, killall,pstree等命令,Keepalived的配置⽂件中健康检查能⽤到它1 2yum install tcpdump -y yum install psmisc -y9、为同⼀个虚拟IP服务的实例,虚拟路由id必须⼀致同⼀集群的keepalived的主、备机的virtual_router_id 必须相同,取值0-255但是同⼀内⽹中不应有相同virtual_router_id的集群10、多实例的Keepalived配置⽂件参考这样两个机器都在⼯作,不⾄于类似单实例有资源浪费的情况机器1的Keepalived配置VI_1是master,VI_2是backup12345 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28! Configuration File for keepalivedglobal_defs {notification_email {12345@}notification_email_from Alexandre.Cassen@firewall.loc smtp_server 10.0.0.1smtp_connect_timeout 30router_id LVS_1}vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 51priority 150advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.136/2410.0.0.137/2410.0.0.138/24}}29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44vrrp_instance VI_2 { state BACKUPinterface eth0virtual_router_id 52 priority 50advert_int 1authentication {auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.140/24 10.0.0.141/24 }}机器2的Keepalived配置VI_1是backup,VI_2是master 12345 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44! Configuration File for keepalivedglobal_defs {notification_email {12345@}notification_email_from Alexandre.Cassen@firewall.loc smtp_server 10.0.0.1smtp_connect_timeout 30router_id LVS_2}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.136/2410.0.0.137/2410.0.0.138/24}}vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 52priority 150advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.140/2410.0.0.141/24}}11、编译Keepalived中出现如下warning不⽤理会系统出现警告信息“*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.”,具体⽇志如下1234 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35Keepalived configuration------------------------Keepalived version : 1.3.5Compiler : gccPreprocessor flags :Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2Linker flags :Extra Lib : -lcrypto -lsslUse IPVS Framework : YesIPVS use libnl : NoIPVS syncd attributes : NoIPVS 64 bit stats : Nofwmark socket support : YesUse VRRP Framework : YesUse VRRP VMAC : YesUse VRRP authentication : YesWith ip rules/routes: YesSNMP vrrp support : NoSNMP checker support : NoSNMP RFCv2 support : NoSNMP RFCv3 support : NoDBUS support : NoSHA1 support : NoUse Debug flags : NoStacktrace support : NoMemory alloc check : Nolibnl version : NoneUse IPv4 devconf : NoUse libiptc : NoUse libipset : Noinit type: upstartBuild genhash : YesBuild documentation : No*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3dev libraries to support IPv6 with IPVS.很多⼈通过安装下⾯依赖解决它,我觉得没必要,因为压根⽤不到ipv6的东西解决⽅案⼀:(在线安装)执⾏yum命令yum -y install libnl libnl-devel解决上述警告问题执⾏yum命令yum install -y libnfnetlink-devel解决上述错误问题12、阿⾥云下载镜像得路径注意下,是isos。
⾼可⽤服务之Keepalived基础⼊门 keepalived相对corosync+pacemaker这种⾼可⽤集群,它要轻量很多;它的⼯作原理就是vrrp的实现;vrrp(Virtual Router Redundancy Protocol,虚拟路由冗余协议),设计之初它主要⽤于对LVS集群的⾼可⽤,同时它也能够对LVS后端real server做健康状态检测;它主要功能有基于vrrp协议完成地址流动,从⽽实现服务的故障转移;为VIP地址所在的节点⽣成ipvs规则;为ipvs集群的各RS做健康状态检测;基于脚本调⽤接⼝通过执⾏脚本完成脚本中定义的功能,进⽽影响集群事务; keepalved架构 提⽰:keepalived的主要由vrrp stack、checkers、ipvs wrapper以及控制组件配置⽂件分析器,IO复⽤器,内存管理这些组件组成,其中vrrp stack 是⽤来实现vip的⾼可⽤;checkers⽤于基于不同协议对后端服务做检测,它两都是基于系统调⽤和SMTP协议来完成对vip的转移,以及故障转移后的邮件通知,以及vip和后端服务的检测;ipvs wrapper主要⽤于⽣成ipvs规则;⽽对于keepalved的核⼼组件vrrp stack 和checkers是由watchdog进程⼀直监控着,⼀旦vrrp stack 或者checkers宕掉,watchdog会⽴即启动⼀个新的vrrp stack或checkers,从⽽保证了keepalived⾃⾝的组件的⾼可⽤; keepalived实现 环境说明 准备两台keepalived服务器,各server必须满⾜时间同步,确保iptables及selinux都是关闭着;如果有必要可以配置各节点通过hosts⽂件解析以及各节点的ssh互信,后⾯的主机名解析和ssh互信不是必须的; 提⽰:如果⽹卡没有启动多播功能需要⽤ip link set multicast on dev ⽹卡名称即可; 安装keepalived程序包yum install keepalived -y 提⽰:两节点都要安装; 查看keepalived的程序环境[root@node01 ~]# rpm -ql keepalived/etc/keepalived/etc/keepalived/keepalived.conf/etc/sysconfig/keepalived/usr/bin/genhash/usr/lib/systemd/system/keepalived.service/usr/libexec/keepalived/usr/sbin/keepalived/usr/share/doc/keepalived-1.3.5/usr/share/doc/keepalived-1.3.5/AUTHOR/usr/share/doc/keepalived-1.3.5/CONTRIBUTORS/usr/share/doc/keepalived-1.3.5/COPYING/usr/share/doc/keepalived-1.3.5/ChangeLog/usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt/usr/share/doc/keepalived-1.3.5/README/usr/share/doc/keepalived-1.3.5/TODO/usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS/usr/share/doc/keepalived-1.3.5/samples/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync/usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh/usr/share/man/man1/genhash.1.gz/usr/share/man/man5/keepalived.conf.5.gz/usr/share/man/man8/keepalived.8.gz/usr/share/snmp/mibs/KEEPALIVED-MIB.txt/usr/share/snmp/mibs/VRRP-MIB.txt/usr/share/snmp/mibs/VRRPv3-MIB.txt[root@node01 ~]# 提⽰:主配置⽂件是/etc/keepalived/keepalived.conf;主程序⽂件/usr/sbin/keepalived;unit file 是/usr/lib/systemd/system/keepalived.service;unit file的环境配置⽂件是/etc/sysconfig/keepalived; keepalived默认配置[root@node01 ~]# cat /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 192.168.200.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0}vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.200.16192.168.200.17192.168.200.18}}virtual_server 192.168.200.100 443 {delay_loop 6lb_algo rrlb_kind NATpersistence_timeout 50protocol TCPreal_server 192.168.201.100 443 {weight 1SSL_GET {url {path /digest ff20ad2481f97b1754ef3e12ecd3a9cc}url {path /mrtg/digest 9b3a0c85a887a256d6939da88aabd8cd}connect_timeout 3nb_get_retry 3delay_before_retry 3}}}virtual_server 10.10.10.2 1358 {delay_loop 6lb_algo rrlb_kind NATpersistence_timeout 50protocol TCPsorry_server 192.168.200.200 1358real_server 192.168.200.2 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.200.3 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c }url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334c }connect_timeout 3nb_get_retry 3delay_before_retry 3}}}virtual_server 10.10.10.3 1358 {delay_loop 3lb_algo rrlb_kind NATpersistence_timeout 50protocol TCPreal_server 192.168.200.4 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.200.5 1358 {weight 1HTTP_GET {url {path /testurl/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl2/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }url {path /testurl3/test.jspdigest 640205b7b0fc66c1ea91c463fac6334d }connect_timeout 3nb_get_retry 3delay_before_retry 3}}}[root@node01 ~]# 提⽰:keepalived的配置⽂件主要由global configuration、vrrpdconfiguration、LVS configuration这三部分配置段组成;其中global配置段主要定义全局属性以及静态路由和地址相关配置;vrrp配置段主要定义VRRP实例或vrrp同步组相关配置;LVS配置段主要定义IPVS集群和LVS后端各real server相关的配置; keepalived配置说明 全局配置常⽤指令说明 global_defs {...}:⽤于定义全局配置段,在这个配置段⾥可以配置全局属性,以及邮件通知相关配置; notification_email {...}:该配置段是globald_defs配置段的⼀个⼦配置段⽤于配置当集群发⽣状态变化时,接受通知的邮箱; notification_email_from:⽤于指定发送邮件的发件⼈邮箱地址; smtp_server:⽤于指定邮件服务器地址; smtp_connect_timeout:⽤于指定邮件服务器连接超时时间; router_id:集群节点ID,通常这个ID是唯⼀的,不和其他节点相同; vrrp_skip_check_adv_addr:忽略检查通告vrrp通告和上⼀次接收的vrrp是同master地址的通告; vrrp_strict:严格遵守VRRP协议; vrrp_garp_interval:设定同⼀接⼝的两次arp⼴播的延迟时长,默认为0表⽰不延迟; vrrp_gna_interval:设定同⼀接⼝的两次na消息延迟时长,默认为0表⽰不延迟; vrrp_mcast_group4:设定组播ip地址,默认是224.0.0.18;组播地址是⼀个D类地址,它的范围是224.0.0.0-239.255.255.255; vrrp_iptables:关闭⽣成iptables规则; vrrp实例常⽤指令 vrrp_instance:指定⼀个vrrp⽰例名称,并引⽤⼀个配置实例上下⽂配置段⽤⼤括号括起来; state:⽤于定义该vrrp实例的⾓⾊,常⽤的有MASTER和BACKUP两个⾓⾊,并且多个节点上同虚拟路由id的实例,只能有⼀个MASTER⾓⾊且优先级是最⾼的,其他的都为BACKUP优先级都要略⼩于MASTER⾓⾊的优先级; interface:⽤于指定vrrp实例的⽹卡名称,就是把vip配置在那个接⼝上; virtual_router_id:虚拟路由ID取值范围是0-255; advert_int:指定发送⼼跳间隔时长,默认是1秒; priority:指定该实例的优先级; authentication {...}:⽤于定义认证信息; auth_type:指定认证类型,常⽤认证类型有PASS和AH,PASS指简单的密码认证,AH指IPSEC认证;如果使⽤PASS类型,默认只会取前8个字符作为认证密码; auth_pass:指定认证密码; virtual_ipaddress {..}:⽤于设定虚拟ip地址的配置,⽤⼤括号括起来;定义虚拟ip的语法格式为:<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>;其中brd⽤于指定⼴播地址,dev⽤于指定接⼝名称,scope⽤于指定作⽤域,label⽤于指定别名;可以配置多个虚拟ip,通常⼀个实例中只配置⼀个虚拟ip; ⽰例:在node01和node02利⽤keepalived配置vip192.168.0.33 node01上的配置! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from node01_keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id node01vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.12.132}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 12345678}virtual_ipaddress {192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1}}View Code node02上的配置! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from node02_keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id node02vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.12.132}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 12345678}virtual_ipaddress {192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1}}View Code 启动node01和node02上的keepalived 提⽰:可以看到把node01上的keepalived启动起来以后,vip就配置在外⾯指定的ens33接⼝上; 提⽰:可以看到node02上的keepalived启动起来以后,vip并没有从node01上抢过来,并且在node02上看keepalived的状态信息,清楚的看到node02以backup⾓⾊运⾏着,这意味着只有当master宕机以后,它才会有可能把vip抢过来; 在node02上抓包,看看⼼跳信息是否是我们指定1秒⼀个呢?是否是在我们指定的组播域? 提⽰:可以看到node01(MASTER节点)⼀秒⼀个⼼跳报⽂给指定的组播域发送通告信息,只要在组播域内地主机能够收到MASTER的通告,它们都认为MASTER还活着,⼀旦master没有发通告,那么backup节点就会触发重新争夺VIP; 验证:把master keepalived停掉,看看VIP是否飘到node02上呢? 提⽰:可以看到当把node01上的keepalived停掉以后,对应vip会飘到node02上,并且node02会向组播域⼀直通告⾃⼰的vrrid 优先级 验证:把node01的keepalived启动起来,vip是否会被node01抢过去呢? 提⽰:默认我们没有指定是否⼯作在抢占模式,默认就为抢占模式,意思是只要对应的组播域有⽐当前VIP所在节点上的优先级⾼的通告,拥有VIP的节点会⾃动把vip让出来,让其优先级⾼的节点应⽤; 在node02上查看keepalived的状态以及ip地址信息 提⽰:从node02的keepalived的状态信息可以看到,它接收到更⾼优先级的通告,然后⾃⼰⾃动移除了VIP ,iptables规则,并⼯作为BACKUP⾓⾊; ⽰例:配置keepalived的双主模型 node01上的配置! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from node01_keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id node01vrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.12.132}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 12345678}virtual_ipaddress {192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1}}vrrp_instance VI_2 {state BACKUPinterface ens33virtual_router_id 52priority 90advert_int 1authentication {auth_type PASSauth_pass 87654321}virtual_ipaddress {192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2}}View Code node02上的配置! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from node02_keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id node02vrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0vrrp_mcast_group4 224.0.12.132}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 12345678}virtual_ipaddress {192.168.0.33/24 brd 192.168.0.255 dev ens33 label ens33:1}}vrrp_instance VI_2 {state MASTERinterface ens33virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 87654321}virtual_ipaddress {192.168.0.34/24 brd 192.168.0.255 dev ens33 label ens33:2}}View Code 提⽰:定义双主模型,通常我们会利⽤两个vrrp实例来配置,中⼼思想就是利⽤两个节点的两个vrrp实例,把两个实例分别在node01和node02上各配置⼀个实例为MASTER,对应剩下节点就为BACKUP;这样配置以后,重启keepalived,如果node01和node02都正常在线,那么对于两个vip他们会各⾃占⼀个,如果其中⼀台server宕机,他们都会把⾃⾝为MASTER⾓⾊的vip转移到另外的节点; 验证:重启node01和node02上的keepalived,看看对应vip是否都会在两个节点各⾃⼀个呢? 提⽰:可以看到重启两个节点上的keepalived后,根据我们配置的初始化⾓⾊各⾃都占⽤了⼀个vip;这样我们只需在把对位的域名(如果是web服务)的A记录解析分别解析到这两个vip后,这两个vip就可以各⾃承担⼀部分请求,从⽽实现两个keepalived都在⼯作; 验证:把node01宕机以后,看看192.168.0.33这个地址是否会飘到node02上呢? 提⽰:可以看到当node01宕机以后,node02就把原来在node01上的vip抢过来应⽤在⾃⾝节点上;这样⼀来就实现了把原来访问192.168.0.33的流量转移到node02上了;同样的道理我们把node02宕机,在node02上的VIP也会转移到node01上;。
keepalived 日志规则摘要:一、keepalived日志规则概述二、keepalived日志级别及意义三、keepalived日志配置方法四、keepalived日志查看与分析五、keepalived日志在故障排查中的应用六、总结与建议正文:keepalived是一款高性能的负载均衡器,广泛应用于服务器、网络设备等领域。
keepalived日志记录了keepalived组件在运行过程中的各种信息,对于故障排查、性能优化等方面具有重要的参考价值。
本文将详细介绍keepalived日志规则、日志级别及意义、日志配置方法,以及在故障排查中的应用。
一、keepalived日志规则概述keepalived日志遵循一定的规则进行记录,这些规则包括:1.日志级别:keepalived日志分为debug、info、warning、error、crit 五大级别,级别越高,日志信息重要性越高。
2.日志输出:keepalived日志默认输出到syslog,也可以自定义日志输出目标,如文件、网络服务器等。
3.日志时间格式:keepalived日志时间格式为“YYYY-MM-DDHH:MM:SS”。
4.日志条目格式:每条日志条目包括日志级别、时间、组件名称、日志信息等内容。
二、keepalived日志级别及意义1.debug:详细信息,用于调试程序。
:一般性信息,表示keepalived组件正常运行。
3.warning:警告信息,提示可能存在的问题,需关注。
4.error:错误信息,表示keepalived组件运行出现故障。
5.crit:严重错误信息,严重影响keepalived组件正常运行。
三、keepalived日志配置方法1.修改配置文件:编辑keepalived的配置文件(如/etc/keepalived/keepalived.conf),设置日志相关参数,如日志级别、输出目标等。
2.修改日志级别:根据实际需求,调整各个组件的日志级别,使其更加符合故障排查和性能优化的需求。
LVS + KEEPALIVED + NAT模式详解相信大家对LVS + KEEPALIVED已经很熟悉了。
LVS即Linux Virtual Server;KEEPALIVED是为LVS设计的,主要提供了VRRP功能,解决静态路由的单点故障的问题,并且还能够检测每个服务节点的健康状态,当出现故障节点,keepalived能够剔除该节点,当故障节点回复后,又能够重新加入集群。
本实验是LVS+KEEPALIVED +NAT模式,在企业里这种模式用的比较少,适合小的访问量。
正因如此,此方面的正式文档比较少,这也是我写此博客的原因。
NAT模式所有的数据量都需要通过LD,所以LD得负载比较大,为减少LD的负载,可以选择使用TUN模式。
实验架构简图如下:LD:station1 :外网IP eth0 172.16.1.11内网IP eth1 192.168.1.11Station2:外网IP eth0 172.16.1.12内网:IP eth1 192.168.1.12浮动IP 172.16.1.100网关浮动IP 192.168.1.254Realserver Apache1 192.168.1.13Apache2 192.168.1.14在station1上安装keepalived-1.2.7yum -y install gcc make openssl-devel openssl net-snmp net-snmp-devel popt popt-devel./configure --prefix=/usr/local/keepalived –enable-snmpmake && make installln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalivedln -s /usr/local/keepalived/etc/keepalived.conf /etc/keepalived.conf修改主配置文件:! Configuration File for keepalivedglobal_defs {router_id KL_HOST1}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 51priority 150nopreemptadvert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {172.16.1.100/24}}vrrp_instance VI_2 {state BACKUPinterface eth1nopreemptvirtual_router_id 52priority 150advert_int 1authentication {auth_type PASSauth_pass 2222}virtual_ipaddress {192.168.1.254/24}}vrrp_sync_group VG_1 {group {VI_1VI_2}}virtual_server 172.16.1.100 80 {delay_loop 6lb_algo rrlb_kind NATnat_mask 255.255.255.0persistence_timeout 50protocol TCP# sorry_server 192.168.200.200 1358real_server 192.168.1.13 80 {weight 1HTTP_GET {url {path /urltest/test.htmldigest 37dba1d9a3c103df127b4e957c9de188 }connect_timeout 3nb_get_retry 3delay_before_retry 3}}real_server 192.168.1.14 80 {weight 2HTTP_GET {url {path /urltest/test.htmldigest 37dba1d9a3c103df127b4e957c9de188}connect_timeout 3nb_get_retry 3delay_before_retry 3}}}这里面的md5值是使用如下命令生成的。
keepalived的日志Keepalived的日志文件默认位置为 /var/log/keepalived.log。
Keepalived日志文件包含了Keepalived组件的运行状态、健康检查结果、VIP地址切换等相关信息。
日志文件中的内容可以帮助诊断和解决Keepalived的配置和运行问题。
以下是Keepalived日志文件中可能包含的一些常见日志条目:- "Starting Keepalived":表示Keepalived启动成功。
- "VRRP_Instance(VI_X) Sending gratuitous ARPs on ens160 for<Virtual IP>.":表示Keepalived正在发送虚拟IP地址的gratuitous ARP 请求,用于通告其他主机该虚拟IP地址已切换至当前主机。
- "VRRP_Instance(VI_X) Entered MASTER state":表示Keepalived从BACKUP状态切换至了MASTER状态。
- "VRRP_Instance(VI_X) Entering BACKUP state":表示Keepalived从MASTER状态切换至了BACKUP状态。
- "VRRP_Script(script_name) failed":表示Keepalived监测到一个自定义脚本执行失败。
- "Checking script on node1":表示Keepalived正在检查自定义脚本是否在主节点上执行成功。
- "Stopping Keepalived":表示Keepalived正在停止运行。
通过查看Keepalived日志文件,可以了解Keepalived的运行状态和事件信息,帮助调试和排查问题。
科普描述双机热备是指两台机器都在运行,但并不是两台机器都同时在提供服务。
当提供服务的一台出现故障的时候,另外一台会马上自动接管并且提供服务,而且切换的时间非常短。
MySQL双主复制,即互为Master-Slave(只有一个Master提供写操作),可以实现数据库服务器的热备,但是一个Master宕机后不能实现动态切换。
使用Keepalived,可以通过虚拟IP,实现双主对外的统一接口以及自动检查、失败切换机制,从而实现MySQL数据库的高可用方案。
Keepalived看名字就知道,保持存活,在网络里面就是保持在线了,也就是所谓的高可用或热备,用来防止单点故障(单点故障是指一旦某一点出现故障就会导整个系统架构的不可用)的发生,那说到keepalived不得不说的一个协议不是VRRP协议,可以说这个协议就是keepalived实现的基础。
1)Keepalived的工作原理是VRRP(Virtual Router Redundancy Protocol)虚拟路由冗余协议。
在VRRP中有两组重要的概念:VRRP路由器和虚拟路由器,主控路由器和备份路由器。
2)VRRP路由器是指运行VRRP的路由器,是物理实体,虚拟路由器是指VRRP协议创建的,是逻辑概念。
一组VRRP路由器协同工作,共同构成一台虚拟路由器。
Vrrp中存在着一种选举机制,用以选出提供服务的路由即主控路由,其他的则成了备份路由。
当主控路由失效后,备份路由中会重新选举出一个主控路由,来继续工作,来保障不间断服务。
环境服务器:•DB102:172.20.20.102 、centos6.5、mysql5.7、hostname:DB102•DB105:172.20.20.105 、centos6.5、mysql5.7、hostname:DB105•vip:172.20.20.110 (虚拟)•101:172.20.20.101 (用来远程调用vip 测试)组件包:•keepalived-1.1.20.tar.gz(/download.html)•ipvsadm-1.26-1.src.rpm(/software/ipvs.html)•popt-static-1.13-7.el6.x86_64.rpm(https:///download/popt-static)•libnl-1.1.4.tar.gz(/~tgr/libnl/)主从复制原理架构图•第一步就是master记录二进制日志。
