摘要:基于協(xié)議來實現(xiàn)的服務高可用方案,可以利用其來避免單點故障。這樣的話就可以保證路由器的高可用了。于安全性考慮,包使用了加密協(xié)議進行加密。是需要同步漂移的。
博文參考
http://lanlian.blog.51cto.com/6790106/1303195/ http://blog.csdn.net/tantexian/article/details/50056229 http://www.yulongjun.com/linux/20170904-01-keepalived-introduction/Keepalived簡介
core模塊:為keepalived的核心組件,負責主進程的啟動、維護以及全局配置文件的加載和解析;
check:負責健康檢查,包括常見的各種檢查方式;
VRRP模塊:是來實現(xiàn)VRRP協(xié)議的。
keepalived基于VRRP協(xié)議來實現(xiàn)的LVS服務高可用方案,可以利用其來避免單點故障。一個LVS服務會有2臺服務器運行Keepalived,一臺為主服務器(MASTER),一臺為備份服務器(BACKUP),但是對外表現(xiàn)為一個虛擬IP,主服務器會發(fā)送特定的消息給備份服務器,當備份服務器收不到這個消息的時候,即主服務器宕機的時候, 備份服務器就會接管虛擬IP,繼續(xù)提供服務,從而保證了高可用性。Keepalived是VRRP的完美實現(xiàn)。
啟動后三個進程父進程:內存管理,子進程管理等等
子進程:VRRP子進程
子進程:healthchecker子進程
VRRP全稱Virtual Router Redundancy Protocol,即虛擬路由冗余協(xié)議。 虛擬路由冗余協(xié)議,可以認為是實現(xiàn)路由器高可用的協(xié)議,即將N臺提供相同功能的路由器組成一個路由器組,這個組里面有一個master和多個backup,master上面有一個對外提供服務的vip(該路由器所在局域網內其他機器的默認路由為該vip),master會發(fā)組播,當backup收不到vrrp包時就認為master宕掉了,這時就需要根據VRRP的優(yōu)先級來選舉一個backup當master。這樣的話就可以保證路由器的高可用了。于安全性考慮,VRRP包使用了加密協(xié)議進行加密。keepalived配置介紹
keepalived只有一個配置文件keepalived.conf,里面主要包括以下幾個配置區(qū)域:
global_defs主要是配置故障發(fā)生時的通知對象以及機器標識
static_ipaddress和static_routes區(qū)域配置的是是本節(jié)點的IP和路由信息
vrrp_script用來做健康檢查的,當時檢查失敗時會將vrrp_instancepriority減少相應的值
vrrp_instance用來定義對外提供服務的VIP區(qū)域及其相關屬性
vrrp_rsync_group用來定義vrrp_intance組,使得這個組內成員動作一致
全局配置
全局配置又包括兩個子配置:
全局定義(global definition)
靜態(tài)路由配置(static ipaddress/routes)
VRRPD配置
VRRPD配置包括三個類:
VRRP同步組(synchroization group)
VRRP實例(VRRP Instance)
VRRP腳本
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_instance VG_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_instance VG_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }雙活配置
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_instance VG_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VG_2 { state BACKUP interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_instance VG_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VG_2 { state MASTER interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }內外雙網絡(非同步)單活模式漂移配置
一個內網網絡,一個外網網絡,內網網絡和外網網絡不用同步漂移,比如Keepalived+LVS-DR、Keepalived+Nginx、Keepalived+HAProxy,都是不用同步漂移的。(Keepalived+LVS-NAT是需要同步漂移的。)
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }內外雙網絡(同步)雙活模式漂移配置
一個內網網絡,一個外網網絡,而且內網網絡和外網網絡要實現(xiàn)同步漂移,比如Keepalived+LVS-NAT模式,那么就用到vrrp_sync_group來設置同步漂移組,如果要做雙活,那么就分別兩端加兩個vip,互為主備。
Ka1配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_sync_group VG_2 { group { External_2 Internal_2 } } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 9d3d15d5 } virtual_ipaddress { 172.16.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state BACKUP interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
Ka2配置
/etc/keepalived/keepalived.conf
global_defs { notification_email { root@localhost } notification_email_from ka1@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka1 vrrp_mcast_group4 224.111.111.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_sync_group VG_2 { group { External_2 Internal_2 } } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1402b1b5 } virtual_ipaddress { 172.16.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 9d3d15d5 } virtual_ipaddress { 172.16.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 0702f7ab } virtual_ipaddress { 192.168.111.100 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state MASTER interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass 85c9a27b } virtual_ipaddress { 192.168.111.200 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉載請注明本文地址:http://m.specialneedsforspecialkids.com/yun/40581.html
閱讀 7649·2023-04-25 14:36
閱讀 1756·2021-11-22 09:34
閱讀 2152·2019-08-30 15:55
閱讀 3148·2019-08-30 11:19
閱讀 1307·2019-08-29 15:17
閱讀 551·2019-08-29 12:47
閱讀 2992·2019-08-26 13:38
閱讀 2626·2019-08-26 11:00