Keepalived之简单有效的配置

1、简介

官网地址：https://www.keepalived.org/

源码包下载地址：https://www.keepalived.org/download.html

Keepalived是一种高可用实现方案，以vrrp协议为实现基础，在N台具有相同的路由或服务器中选举一个master和多个backup，master和backup主要是由优先级来区分，优先级高者为master，master主机会产生一个VIP，并且定时向backup主机发送vrrp组播报文。当backup主机在指定时间内未收到报文则认为master主机宕机了，此时就会在所有的backup主机中根据vrrp协议来选举出新的master主机来保证服务的高可用性。

Keepalived三个主要模块：

• core：负责主进程的启动维护和全局配置文件的加载解析
• check：负责健康检查
• vrrp：实现vrrp协议

Keepalived的基本工作模式：

• 主备模式（抢占模式）：利用优先级priority和weight计算出优先级，优先级高的为master（产生VIP），其余为backup；master故障时选举优先级最高的backup暂时作为主工作（VIP漂移至此服务器），master恢复后直接强制接管工作，VIP漂移回master；
• 主主模式（双主模式）：几乎弃用，不做解释
• 非抢占模式：通过配置nopreempt实现，state都需要设置为backup，在此情况下，即在优先级高的主机故障后不会强制接管VIP，及时优先级最高也要等现任的VIP主机故障后才能接管VIP。由于生产环境只VIP漂移属于主打生产事故，所以生产上一般推荐使用非抢占模式。非抢占模式配置重点如下：
  
  两个节点的state都必须配置为BACKUP（master无法使nopreempt生效）；
  
  两个节点都必须配置 nopreempt；
  
  两个节点优先级不能一样。

2、实验环境级架构

两台操作系统centos7

关闭firewalld与setenforce

主机            服务                  state        模式        VIP
10.4.7.11      nginx+keepalived      backup      非抢占      10.4.7.10
10.4.7.12      nginx+keepalived      backup      非抢占

两台主机上部署nginx，通过keepalived对外提供VIP，keepalived模式才用非抢占模式，VIP漂移机制中加入nginx端口存活脚本来

本例使用yum安装keepalived；

• 主配置文件：/etc/keepalived/keepalived.conf
• 日志由systemd系统日志托管：/var/log/messages
• 主程序文件：/usr/sbin/keepalived

3、部署

两台主机上安装nginx+keepalived

[root@hdss7-11 ~]# yum -y install nginx keepalived
修改nginx端口为7443，可不做
启动nginx
[root@hdss7-11 ~]# systemctl start nginx && systemctl enable nginx
配置nginx检查脚本
[root@hdss7-11 ~]# vim /etc/keepalived/check_port.sh
#!/bin/bash
#keepalived监控端口脚本
#使用方法：
#在keepalived的配置文件中
#vrrp_script check_port{#创建一个vrrp_script脚本，检查配置
#       script "/etc/keepalived/check_port.sh 7443" #配置监听的端口
#       interval 2 #检查脚本的频率，单位（秒）
#}
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
        PORT_PROCESS=`ss -nlt|grep $CHK_PORT|wc -l`
        if [ $PORT_PROCESS -eq 0 ];then
                echo "Port $CHK_PORT Is Not Used,End"
                exit 1
        fi
else
        echo "Check Port Can Be Empty!"
fi
给执行权限
[root@hdss7-11 ~]# chmod +x /etc/keepalived/check_port.sh

配置keepalived主配置文件

10.4.7.11上

[root@hdss7-11 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id 10.4.7.11
    script_user root
    enable_script_security
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_port.sh 7443"
    interval 2
    weight -20
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    mcast_src_ip 10.4.7.11
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        10.4.7.10
    }
}

注释：

router_id 10.4.7.11：本服务器的一个id（可选）
script_user root：检查vrrp_script 中的脚本所使用的用户（可选，默认为root）
interval 2：每2s检查执行一次脚本.
weight -20：脚本执行结果为1则本服务器主机优先级降低20，其余则不变
interface ens33：写成自己的网卡
virtual_router_id 51：两台服务器必须一样的，表明是一组的
mcast_src_ip 10.4.7.11：发送报文使用的ip（可选，双网卡的时候就需要配置了）
priority 100：配置的优先级（优先级=priority+weight）
nopreempt：设置为非抢占模式
authentication ：组内通信的密码，两台主机必须一样
track_script：与vrrp_script呼应
virtual_ipaddress：设置的VIP

10.4.7.12上

[root@hdss7-12 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    router_id 10.4.7.12
    script_user root
    enable_script_security
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_port.sh 7443"
    interval 2
    weight -20
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    mcast_src_ip 10.4.7.12
    priority 90
    nopreempt
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        10.4.7.10
    }
}

4、测试

启动两台主机上的keepalived

[root@hdss7-11 ~]# systemctl start keepalived && systemctl enable keepalived
查看VIP
[root@hdss7-11 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ca:98:73 brd ff:ff:ff:ff:ff:ff
    inet 10.4.7.11/24 brd 10.4.7.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 10.4.7.10/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::66c4:334d:3cb1:9096/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

关闭10.4.7.11上的nginx

[root@hdss7-11 ~]# systemctl stop nginx
[root@hdss7-11 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:ca:98:73 brd ff:ff:ff:ff:ff:ff
    inet 10.4.7.11/24 brd 10.4.7.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::66c4:334d:3cb1:9096/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
查看日志，发现脚本执行状态为1，所以优先级从100变成了80，removing protocol VIPs.
[root@hdss7-11 ~]# tailf /var/log/messages
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: Using LinkWatch kernel netlink reflector...
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 11 22:29:19 hdss7-11 systemd: Started LVS and VRRP High Availability Monitor.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Jul 11 22:29:19 hdss7-11 Keepalived_healthcheckers[29368]: Opening file '/etc/keepalived/keepalived.conf'.
Jul 11 22:29:19 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:29:20 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Changing effective priority from 100 to 80

发现10.47.12日志显示被选为master，VIP漂移只10.4.7.12上
root@hdss7-12 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:96:e2:af brd ff:ff:ff:ff:ff:ff
    inet 10.4.7.12/24 brd 10.4.7.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 10.4.7.10/32 scope global ens33

[root@hdss7-12 ~]# tailf /var/log/messages
Jul 11 22:29:19 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: Sending gratuitous ARP on ens33 for 10.4.7.10
Jul 11 22:29:20 hdss7-12 Keepalived_vrrp[28524]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.4.7.10

启动10.4.7.11上的nginx后，优先级变回100，但是VIP还是没有回来

[root@hdss7-11 ~]# tailf /var/log/messages
Jul 11 22:37:34 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:36 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:38 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:40 hdss7-11 Keepalived_vrrp[29369]: /etc/keepalived/check_port.sh 7443 exited with status 1
Jul 11 22:37:41 hdss7-11 systemd: Starting The nginx HTTP and reverse proxy server...
Jul 11 22:37:41 hdss7-11 nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 11 22:37:41 hdss7-11 nginx: nginx: configuration file /etc/nginx/nginx.conf test is successful
Jul 11 22:37:41 hdss7-11 systemd: Started The nginx HTTP and reverse proxy server.
Jul 11 22:37:42 hdss7-11 Keepalived_vrrp[29369]: VRRP_Script(chk_nginx) succeeded
Jul 11 22:37:42 hdss7-11 Keepalived_vrrp[29369]: VRRP_Instance(VI_1) Changing effective priority from 80 to 100

由于是非抢占模式，此时只有重启10.4.7.12上的keepailved，VIP才会回到10.4.7.11上

5、参考文档

关于vrrp_script详可以参考下面这篇文章：

https://www.cnblogs.com/arjenlee/p/9258188.html