高可用集群之keeplived

keepalived

字数统计: 2.9k阅读时长: 12 min

 2017/04/24   Share

高可用集群

负载均衡集群为我们提供了高并发能力，而高可用集群就是为我们提供了高可用性的能力，避免单点故障为整个集群事务带来的影响，在大型的业务架构中，单点故障是致命的，而这里我们所涉及的高可用框架可以很好的实现资源的转移，为出现故障的时刻程序实现动态漂移，使业务影响几乎为零。

高可用的实现方案

常见的有两种实现方法：

vrrp协议的实现：keepalived
als完备的HA集群：heartbeat，corosync，cman

这里我们想要先尝试是vrrp协议的实现，所以我们简单介绍下vrrp协议：

IETF（Internet Engineering Task Force）推出了VRRP（Virtual Router Redundancy Protocol）虚拟路由冗余协议，来解决局域网主机访问外部网络的可靠性问题。VRRP可以通过在一个路由器组(一个VRRP组)之间共享一个虚拟IP(VIP)，此时仅需要客户端以VIP作为其默认网关即可。可以认为VRRP是实现路由器高可用的协议，即将N台提供相同功能的路由器组成一个路由器组，这个组里面有一个MASTER和多个BACKUP，MASTER上有一个对外提供服务的VIP（该路由器所在局域网内其他机器的默认路由为该VIP），MASTER会发组播，当BACKUP收不到vrrp包时就认为MASTER宕掉了，这时就需要根据VRRP的优先级来选举一个BACKUP当MASTER，及时将业务切换到其它设备，从而保持通讯的连续性和可靠性，消除了静态路由配置的单点故障。

基本概念：

vrrp路由器：运行vrrp的设备，它属于一个或多个虚拟路由器
虚拟路由器：由vrrp管理的抽象设备，被当作一个共享局域网内主机的缺省网关，它包括一个虚拟路由器标识符和一组虚拟ip地址
虚拟ip地址：虚拟路由器的ip地址，一个路由器可以有多个地址
ip地址拥有着：如果一个vrrp路由器将虚拟路由器的ip地址作为真实的接口地址，则该设备的ip地址拥有者
虚拟mac地址：是虚拟路由器根据虚拟路由器ID生成MAC地址，一个虚拟路由器路由器拥有一个虚拟mac地址，格式为:00-00-5e-00-01-{vrid}。当虚拟路由器回应arp请求时，使用虚拟mac
主ip地址：从接口的真实ip地址中选出来的一个主用ip地址，通常选择配置的第一个ip地址，vrrp广播报文使用主ip地址作为ip报文的源地址
Master路由器：是承担转发报文或者应答arp请求的vrrp路由器，转发报文都是发送到虚拟ip地址
Backup路由器：一组没有承担转发任务的vrrp路由器，当Master设备出现故障时，它们将通过竞选成为新的Master
抢占模式：在抢占模式下，如果Backup的优先级比以前Master的优先级高，将主动将自己升级成Master

工作原理：

1、一个VRRP路由器有唯一的标识：
VRID，范围为0-255该路由器对外表现为唯一的虚拟MAC地址，地址的格式为00-00-5E-00-01-[VRID]主控路由器负责对ARP请求用该MAC地址做应答这样，无论如何切换，保证给终端设备的是唯一一致的IP和MAC地址，减少了切换对终端设备的影响。

2、VRRP控制报文只有一种：
VRRP通告(advertisement)它使用IP多播数据包进行封装，组地址为224.0.0.18，发布范围只限于同一局域网内。这保证了VRID在不同网络中可以重复使用。为了减少网络带宽消耗，只有主控路由器才可以周期性的发送VRRP通告报文，备份路由器在连续三个通告间隔内收不到VRRP或收到优先级为0的通告则启动新的一轮VRRP选举。

3、在VRRP路由器组中按优先级选举主控路由器：
VRRP协议中优先级范围是0-255。若VRRP路由器的IP地址和虚拟路由器的接口IP地址相同，则称该虚拟路由器作VRRP组中的IP地址所有者。IP地址所有者自动具有最高优先级：255。优先级0一般在IP地址所有者主动放弃主控者角色时使用。可配置的优先级范围为1-254，优先级的配置原则可以依据链路的速度、成本、路由器性能和可靠性以及其它管理策略来设定。在主控路由器的选举中，高优先级的虚拟路由器获胜，因此，如果在VRRP组中有IP地址所有者，则它总是作为主控路由的角色出现。对于相同优先级的候选路由器，则按照IP地址大小顺序选举。VRRP还提供了优先级抢占策略，如果配置了该策略，高优先级的备份路由器便会剥夺当前低优先级的主控路由器而成为新的主控路由器。

4、为了保证VRRP协议的安全性，提供了两种安全认证措施：
明文认证和IP头认证明文认证方式要求：在加入一个VRRP路由器组时，必须同时提供相同的VRID和明文密码适合于避免在局域网内的配置错误，但不能防止通过网络监听方式获得密码IP头认证的方式提供了更高的安全性，能够防止报文重放和修改等攻击

keepalived

Keepalived是基于VRRP协议实现的保证集群高可用的一个服务软件，运行在LVS之上，它的主要功能是实现真机的故障隔离及负载均衡器间的失败切换FailOver，可以防止单点故障。

WatchDog 负责监控checkers和VRRP进程的状况；
Checkers 负责真实服务器的健康检查healthchecking，是keepalived最主要的功能；
VRRP Stack负责负载均衡器之间的失败切换FailOver；
IPVS wrapper 用来发送设定的规则到内核ipvs代码；
Netlink Reflector 用来设定 vrrp 的vip地址等。

Keepalived正常运行时，会启动3个进程，分别是core、check和vrrp。

vrrp模块是来实现VRRP协议的；
check负责健康检查，包括常见的各种检查方式；
core模块为keepalived的核心，负责主进程的启动、维护以及全局配置文件的加载和解析。

Keepalived vip漂移

HA Cluster配置的前提：

（1）各节点时间同步
（2）确保iptables及selinux不会阻碍
（3）各节点之间可通过主机互相通信（对keepalived并非必须）
名称解析服务的解析结果必须于uname -n命令的结果一致
（4）各节点之间的root用户可以基于密钥认证的ssh通信(对keepalived非必须)

安装keepalived，centos6.4+，程序包由base源提供

主配置文件：/etc/keepalived/keepalived.conf

global_defs {
   notification_email {
    root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node1
   vrrp_mcast_group4 224.0.100.18    #组播通信，修改组播地址
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 100     #虚拟路由器id，范围0-255
    priority 100              #当前物理节点在虚拟路由器中的优先级
    advert_int 1              #通告的时间间隔
    authentication {          #认证
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {      #虚拟ip
        10.211.55.24/24 dev eth0 label eth0:0
    }
}

global_defs {
   notification_email {
    root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node2
   vrrp_mcast_group4 224.0.100.18    #组播通信，修改组播地址
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 100     #虚拟路由器id，范围0-255
    priority 95              #当前物理节点在虚拟路由器中的优先级
    advert_int 1              #通告的时间间隔
    authentication {          #认证
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {      #虚拟ip
        10.211.55.24/24 dev eth0 label eth0:0
    }
}

测试：

我们先启动backup

~]# systemctl start keepalived
~]# ]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.211.55.43  netmask 255.255.255.0  broadcast 10.211.55.255
        inet6 fe80::21c:42ff:fe37:1cae  prefixlen 64  scopeid 0x20<link>
        inet6 fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae  prefixlen 64  scopeid 0x0<global>
        ether 00:1c:42:37:1c:ae  txqueuelen 1000  (Ethernet)
        RX packets 8499  bytes 9736777 (9.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4880  bytes 476744 (465.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.211.55.24  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:1c:42:37:1c:ae  txqueuelen 1000  (Ethernet)
~]# tail -f /var/log/messages 
Apr 25 11:50:46 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
Apr 25 11:50:47 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 added
Apr 25 11:50:52 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
Apr 25 11:50:59 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
Apr 25 11:50:59 localhost Keepalived_vrrp[2579]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added

我们再启动master

~]# systemctl start keepalived
~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.211.55.39  netmask 255.255.255.0  broadcast 10.211.55.255
        inet6 fdb2:2c26:f4e4:0:21c:42ff:fe3f:7d43  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::21c:42ff:fe3f:7d43  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:42:3f:7d:43  txqueuelen 1000  (Ethernet)
        RX packets 25665  bytes 23612954 (22.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10777  bytes 1031019 (1006.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.211.55.24  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:1c:42:3f:7d:43  txqueuelen 1000  (Ethernet)

我们再看下backup的日志

]# tail -f /var/log/messages 
Apr 25 11:50:46 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Transition to MASTER STATE
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering MASTER STATE
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) setting protocol VIPs.
Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
Apr 25 11:50:47 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 added
Apr 25 11:50:52 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
Apr 25 11:50:59 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
Apr 25 11:50:59 localhost Keepalived_vrrp[2579]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
Apr 25 11:51:13 localhost systemd: Starting Cleanup of Temporary Directories...
Apr 25 11:51:13 localhost systemd: Started Cleanup of Temporary Directories.
Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Received higher prio advert
Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering BACKUP STATE
Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) removing protocol VIPs.
Apr 25 11:52:39 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 removed

这样的ip资源自动漂移，我们也可以做较多的事情了，在一个局域网内，当vip进行漂移的时候，会自动放出免费arp包来确保整个局域网的mac通信的正常，我们知道keepalived原生是为了高可用lvs而设计，keepalive能够配置文件的定义生成ipvs规则，并能够对各rs的健康状态进行检测。

原文作者：Zhang Jusene

原文链接：http://jusene.github.io/2017/04/24/keepalived/

发表日期：April 24th 2017, 4:16:44 pm

更新日期：November 30th 2019, 1:54:24 am

Next Post

高可用负载均衡集群 keepalived+lvs
Previous Post

负载均衡集群之lvs持久连接

CATALOG

1. 高可用集群



1	global_defs {
2	notification_email {
3	root@localhost
4	}
5	notification_email_from keepalived@localhost
6	smtp_server 127.0.0.1
7	smtp_connect_timeout 30
8	router_id node1
9	vrrp_mcast_group4 224.0.100.18 #组播通信，修改组播地址
10	}
11
12	vrrp_instance VI_1 {
13	state MASTER
14	interface eth0
15	virtual_router_id 100 #虚拟路由器id，范围0-255
16	priority 100 #当前物理节点在虚拟路由器中的优先级
17	advert_int 1 #通告的时间间隔
18	authentication { #认证
19	auth_type PASS
20	auth_pass 1111
21	}
22	virtual_ipaddress { #虚拟ip
23	10.211.55.24/24 dev eth0 label eth0:0
24	}
25	}

1	~]# systemctl start keepalived
2	~]# ]# ifconfig
3	eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
4	inet 10.211.55.43 netmask 255.255.255.0 broadcast 10.211.55.255
5	inet6 fe80::21c:42ff:fe37:1cae prefixlen 64 scopeid 0x20<link>
6	inet6 fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae prefixlen 64 scopeid 0x0<global>
7	ether 00:1c:42:37:1c:ae txqueuelen 1000 (Ethernet)
8	RX packets 8499 bytes 9736777 (9.2 MiB)
9	RX errors 0 dropped 0 overruns 0 frame 0
10	TX packets 4880 bytes 476744 (465.5 KiB)
11	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
12
13	eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
14	inet 10.211.55.24 netmask 255.255.255.0 broadcast 0.0.0.0
15	ether 00:1c:42:37:1c:ae txqueuelen 1000 (Ethernet)
16	~]# tail -f /var/log/messages
17	Apr 25 11:50:46 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Transition to MASTER STATE
18	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering MASTER STATE
19	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) setting protocol VIPs.
20	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
21	Apr 25 11:50:47 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 added
22	Apr 25 11:50:52 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
23	Apr 25 11:50:59 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
24	Apr 25 11:50:59 localhost Keepalived_vrrp[2579]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added

1	~]# systemctl start keepalived
2	~]# ifconfig
3	eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
4	inet 10.211.55.39 netmask 255.255.255.0 broadcast 10.211.55.255
5	inet6 fdb2:2c26:f4e4:0:21c:42ff:fe3f:7d43 prefixlen 64 scopeid 0x0<global>
6	inet6 fe80::21c:42ff:fe3f:7d43 prefixlen 64 scopeid 0x20<link>
7	ether 00:1c:42:3f:7d:43 txqueuelen 1000 (Ethernet)
8	RX packets 25665 bytes 23612954 (22.5 MiB)
9	RX errors 0 dropped 0 overruns 0 frame 0
10	TX packets 10777 bytes 1031019 (1006.8 KiB)
11	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
12
13	eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
14	inet 10.211.55.24 netmask 255.255.255.0 broadcast 0.0.0.0
15	ether 00:1c:42:3f:7d:43 txqueuelen 1000 (Ethernet)

1	]# tail -f /var/log/messages
2	Apr 25 11:50:46 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Transition to MASTER STATE
3	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering MASTER STATE
4	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) setting protocol VIPs.
5	Apr 25 11:50:47 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
6	Apr 25 11:50:47 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 added
7	Apr 25 11:50:52 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 10.211.55.24
8	Apr 25 11:50:59 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
9	Apr 25 11:50:59 localhost Keepalived_vrrp[2579]: Netlink reflector reports IP fdb2:2c26:f4e4:0:21c:42ff:fe37:1cae added
10	Apr 25 11:51:13 localhost systemd: Starting Cleanup of Temporary Directories...
11	Apr 25 11:51:13 localhost systemd: Started Cleanup of Temporary Directories.
12	Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Received higher prio advert
13	Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) Entering BACKUP STATE
14	Apr 25 11:52:39 localhost Keepalived_vrrp[2579]: VRRP_Instance(VI_1) removing protocol VIPs.
15	Apr 25 11:52:39 localhost Keepalived_healthcheckers[2578]: Netlink reflector reports IP 10.211.55.24 removed