生产级(keepalived)部署
什么是keepalived
- Keepalived是一种基于VRRP(虚拟路由冗余协议)的高可用解决方案软件,主要用于在Linux环境下提供负载均衡和故障转移功能。它通过使用虚拟IP地址(VIP)和健康检查机制来确保服务的连续性和可靠性。当主服务器出现故障时,Keepalived能够自动将VIP地址转移到备份服务器上,从而实现服务的无缝切换
keepalived的单播和多播模式
- 在Keepalived中,单播(Unicast)和多播(Multicast)是两种用于实现VRRP(虚拟路由冗余协议)路由器之间通信的机制。
单播模式
-
定义:单播模式是一种点对点的通信方式。在单播模式下,每个数据包都直接发送到目标主机的网络接口,而不会发送给网络中的其他主机。
-
工作原理:在Keepalived的单播模式配置中,需要关闭vrrp_strict选项,并指定源IP地址(unicast_src_ip)和目标IP地址(unicast_peer)。这样,VRRP数据包将只在这两个指定的主机之间进行传输,从而实现状态同步和故障切换。
-
优点:单播模式具有高度的针对性和可靠性。由于数据包仅在指定的源主机和目标主机之间传输,因此可以避免多播模式可能产生的网络干扰和冲突问题。此外,单播模式还适用于网络策略不允许组播的场景。
-
缺点:单播模式需要手动指定源主机和目标主机的IP地址,因此在配置上相对复杂一些。同时,由于每个数据包都需要单独传输,因此在大型网络中可能会产生较多的网络流量。
-
适用场景:单播模式更适用于需要高度可靠性和针对性的场景,如业务系统的热备切换、高可用性等。在这些场景中,通过单播模式可以确保数据准确地到达目标主机,避免网络干扰和冲突问题。
多播模式
-
定义:多播模式,又称组播,是一种网络通信方式,它允许一台发送者同时向多个接收者传输相同的数据,而只需复制一份数据包。
-
工作原理:在Keepalived中,多播模式通过向224.0.0.18的组播地址发送VRRP数据来实现路由器之间的状态同步和故障切换。所有运行VRRP协议并监听该组播地址的路由器都可以接收到这些数据包,并根据其中的信息来更新自己的状态。
-
优点:多播模式能够提高数据传送效率,减少骨干网络出现拥塞的可能性。由于多个接收者可以同时接收同一份数据包,因此可以显著降低网络带宽消耗。
-
缺点:多播模式也存在一些缺点。由于所有信息都向同一个组播地址发送,这可能会产生众多的无用信息,导致网络干扰和冲突。特别是在大型局域网中,当存在大量的Keepalived实例时,这种干扰和冲突可能会更加严重。此外,如果网络策略不允许组播,那么Keepalived的多播模式将无法正常工作。
-
适用场景:多播模式适用于需要向多个接收者同时发送相同数据的场景,如视频会议、在线直播等。在这些场景中,通过多播模式可以显著提高数据传送效率,降低网络带宽消耗。
keepalived 安装(需要有yum源)
-
ip规划
主机名 ip地址 VIP地址 keepalived模式 test01 192.168.1.105 192.168.1.110 单播模式 test02 192.168.1.106 192.168.1.110 单播模式 -
单播和组播说明
- 在组播模式下,keepalived将全部的心跳包信息都会向默认的224.0.0.18的组播地址发送,这样会产生众多的无用信息,这对于有多个keepalived实例时甚至会产生干扰和冲突,因此须要将组播模式改成单播默认是一种安全的做法,可以避免局域网内有大量的keepalived形成虚拟路由id的冲突。
-
keepalived 安装(依次在192.168.1.105、192.168.1.106)进行操作
[root@test01 ~]# yum -y install openssl-devel gcc gcc-c++ libnl libnl-devel wget
[root@test01 ~]# wget https://www.keepalived.org/software/keepalived-2.2.1.tar.gz --no-check-certificate
[root@test01 ~]# tar xvf keepalived-2.2.1.tar.gz
[root@test01 ~]# cd keepalived-2.2.1/
[root@test01 keepalived-2.2.1]# ./configure --prefix=/usr/local/keepalived
[root@test01 keepalived-2.2.1]# make -j 2
[root@test01 keepalived-2.2.1]# make install
[root@test01 keepalived-2.2.1]# cp keepalived/etc/init.d/keepalived /etc/init.d/
[root@test01 keepalived-2.2.1]# mkdir -p /etc/keepalived/
[root@test01 keepalived-2.2.1]# cp keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@test01 keepalived-2.2.1]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
[root@test01 keepalived-2.2.1]# cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@test01 keepalived-2.2.1]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@test01 keepalived-2.2.1]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead)
[root@test01 keepalived-2.2.1]# keepalived -v
Keepalived v2.2.1 (01/17,2021)
Copyright(C) 2001-2021 Alexandre Cassen, <acassen@gmail.com>
Built with kernel headers for Linux 3.10.0
Running on Linux 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022
Distro: CentOS Linux 7 (Core)
configure options: --prefix=/usr/local/keepalived
Config options: SYSTEMD LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING
System options: PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG EPOLL_CREATE1 IPV6_ADVANCED_API LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTA_VIA FRA_OIFNAME IFA_FLAGS IP_MULTICAST_ALL IPTABLES NET_LINUX_IF_H_COLLISION LIBIPVS_NETLINK VRRP_VMAC IFLA_LINK_NETNSID CN_PROC SOCK_NONBLOCK SOCK_CLOEXEC O_PATH GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE SO_MARK SCHED_RESET_ON_FORK
keepalived配置文件
- 主配置文件(A服务器)
[root@test01 keepalived]# more keepalived.conf
! Configuration File for keepalived
global_defs {
router_id nginx
vrrp_cpu_affinity 1
vrrp_priority -20
checker_priority -20
vrrp_rt_priority 99
vrrp_garp_master_refresh 15
vrrp_no_swap
checker_no swap
enable_script_security
vrrp_skip_check_adv_addre
}
vrrp_script chk_jincheng {
script "/etc/keepalived/jincheng_check.sh"
interval 5
fall 2
rise 1
user root
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s3
virtual_router_id 136
nopreempt
advert_int 1
unicast_src_ip 192.168.1.105
unicast_peer {
192.168.1.106
}
authentication {
auth_type PASS
auth_pass nginx
}
virtual_ipaddress {
192.168.1.110
}
track_script {
chk_jincheng
}
notify_master /etc/keepalived/to_master.sh
}
- 检查脚本(A服务器)
[root@test01 keepalived]# more jincheng_check.sh
#!/bin/bash
#check nginx
pid_num=$(ps -ef|grep 'nginx|grep -v grep| wc -l)
if [ $pid_num -eq 0 ];then
exit 1;
else
exit 0;
fi
- 切换主节点时,需要执行脚本,例如C#写的程序;
- 初始化绑定:C#程序在启动时会创建一个或多个网络套接字(Socket),并将其绑定到特定的IP地址和端口号上。这个绑定操作是在程序启动时的初始化阶段完成的,并且在整个程序运行过程中保持不变,除非显式地修改并重新绑定。
- 缺乏动态更新能力:与一些专门的网络服务软件不同,C#程序本身没有内置的机制来动态监测网络配置的变化,如VIP地址的更改。因此,当VIP地址发生变化时,程序无法自动感知并进行相应的调整
[root@test01 keepalived]# more to_master.sh
#!/bin/bash
mv /etc/keepalived/scripts/jincheng_check.sh /etc/keepalived/scripts/chk.sh.bak
su - ccodrunner << EOF
cd /home/test/Platform
./start.sh -r test1
exit
EOF
mv /etc/keepalived/scripts/jincheng_check.sh.bak /etc/keepalived/scripts/chk.sh
- 主配置文件(B服务器)
[root@test02 keepalived]# more keepalived.conf
! Configuration File for keepalived
global_defs {
router_id nginx
vrrp_cpu_affinity 1
vrrp_priority -20
checker_priority -20
vrrp_rt_priority 99
vrrp_garp_master_refresh 15
vrrp_no_swap
checker_no swap
enable_script_security
vrrp_skip_check_adv_addre
}
vrrp_script chk_jincheng {
script "/etc/keepalived/jincheng_check.sh"
interval 5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s3
virtual_router_id 136
nopreempt
advert_int 1
unicast_src_ip 192.168.1.106
unicast_peer {
192.168.1.105
}
authentication {
auth_type PASS
auth_pass nginx
}
virtual_ipaddress {
192.168.1.110
}
track_script {
chk_jincheng
}
notify_master /etc/keepalived/to_master.sh
}
验证keepalived
- 检查脚本(B服务器)
[root@test02 keepalived]# more jincheng_check.sh
#!/bin/bash
#check nginx
pid_num=$(ps -ef|grep 'nginx|grep -v grep| wc -l)
if [ $pid_num -eq 0 ];then
exit 1;
else
exit 0;
fi
- 查看vip是否成功监听
[root@test01 sbin]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2024-01-12 17:21:57 CST; 7s ago
Process: 361207 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 361208 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─361208 /usr/sbin/keepalived -D
├─361209 /usr/sbin/keepalived -D
└─361210 /usr/sbin/keepalived -D
1月 12 17:21:57 test01 Keepalived_vrrp[361210]: VRRP_Script(chk_jincheng) succeeded
1月 12 17:22:00 test01 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) Transition to MASTER STATE
1月 12 17:22:01 test01 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) Entering MASTER STATE
1月 12 17:22:01 test01 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) setting protocol VIPs.
1月 12 17:22:01 test01 Keepalived_vrrp[361210]: Sending gratuitous ARP on eth0 for 192.168.1.110
- 停止nginx服务,keepalived检测停止keepalived进程
[root@test01 sbin]# ./nginx -s stop
您在 /var/spool/mail/root 中有新邮件
[root@test01 sbin]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 五 2024-01-12 17:23:46 CST; 755ms ago
Process: 361207 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 361208 (code=exited, status=0/SUCCESS)
Tasks: 0
CGroup: /system.slice/keepalived.service
1月 12 17:22:06 test01 Keepalived_vrrp[361210]: Sending gratuitous ARP on eth0 for 192.168.127.10
1月 12 17:22:06 test01 Keepalived_vrrp[361210]: Sending gratuitous ARP on eth0 for 192.168.127.10
1月 12 17:23:45 test01 systemd[1]: Stopping LVS and VRRP High Availability Monitor...
1月 12 17:23:45 test01 Keepalived[361208]: Stopping
1月 12 17:23:45 test01 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) sent 0 priority
1月 12 17:23:45 test01 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) removing protocol VIPs.
1月 12 17:23:45 test01 Keepalived_healthcheckers[361209]: Stopped
1月 12 17:23:46 test01 Keepalived_vrrp[361210]: Stopped
1月 12 17:23:46 test01 Keepalived[361208]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
1月 12 17:23:46 test01 systemd[1]: Stopped LVS and VRRP High Availability Monitor.
- vip是否漂移到B服务器
[root@test01 sbin]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2024-01-12 17:23:46 CST; 7s ago
Process: 361207 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 361208 (keepalived)
Tasks: 3
CGroup: /system.slice/keepalived.service
├─361208 /usr/sbin/keepalived -D
├─361209 /usr/sbin/keepalived -D
└─361210 /usr/sbin/keepalived -D
1月 12 17:23:46 test02 Keepalived_vrrp[361210]: VRRP_Script(chk_jincheng) succeeded
1月 12 17:23:46 test02 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) Transition to MASTER STATE
1月 12 17:23:46 test02 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) Entering MASTER STATE
1月 12 17:23:46 test02 Keepalived_vrrp[361210]: VRRP_Instance(VI_1) setting protocol VIPs.
1月 12 17:23:46 test02 Keepalived_vrrp[361210]: Sending gratuitous ARP on eth0 for 192.168.1.110
问题记录virtual_router_id重复了怎么办
- 身份识别混乱:
virtual_router_id是用于标识虚拟路由器实例的唯一标识符。如果在一个多播网络中存在多个具有相同virtual_router_id的设备,会导致这些设备无法正确识别彼此的身份和角色,从而影响 VRRP 的正常工作。 - 多播情况下,当
virtual_router_id出现重复时,这通常意味着在网络中有两个或多个设备被配置了相同的虚拟路由器ID。可能会导致vip地址,发生切换,使用tcpdump抓包来分析源ip是那个。 tcpdump -nn -i any net 224.0.0.0/8 | grep "VRID 40"
评论区