Linux clusters for highly available--keepalived

High Availability:
LVS itself does not support high availability;

在lvs集群中，可能有两种故障：    1.Director故障不可用；        keepalived：原生的lvs的Director高可用解决方案；        heartbeat        corosync/pacemaker：通用的高可用解决方案；    2.后端RS故障不可用；        lvs的Director不考虑后端RS的可用与否，只是按照调度算法进行客户端请求调度；        完整的实现：周期性的对各个RS进行健康状态检测；            检测失败：应该从lvs集群服务中将对应的RS移除；            检测成功：将对应RS重新加入lvs集群服务中；重新创建lvs集群服务；            所有的RS检测均失败：临时删除lvs集群服务，并使调度器本地的web服务能够响应一个相对比较友好的错误页面，sorry_server；        检测方式：            网络层检测；ping            传输层检测：端口探测，nmap            应用层检测：文件资源的存在性检测；文件访问权限检测；文件内容有效性检测；        keepalived：后端RS的健康状态检测；可用性：    A=MTBF/(MTBF+MTTR)    A ∈ (0,1)    50%, 90%, 95%    99%, 99.9%, 99.99%, 99.999%    提高可用性的有效的方案：降低MTTR；        方法：冗余 + 自动故障倒换；高可用的内容：    服务高可用；    资源高可用；

HA Cluster Implementation scenarios:
Implementation based on the VRRP protocol:
Keepalived, a director dedicated to highly available LVS;

基于AIS的实现：完备的HA集群；    heartbeat    corosync + pacemaker

Keepalived:
VRRP protocol: Virtual redundancy Router Protocol, VPN redundancy protocol;
VRRP Technical Terms:
Virtual Router: The interface of the virtual router;
Vrid: The virtual router identifier, which describes the grouping of routers, and can determine the virtual MAC address of the virtual router, the value range is: 0-255 (00-FF);
MASTER: The owner of the virtual IP address can use the virtual IP address to receive the user request, and can complete the data forwarding function;
BACKUP: Do not participate in data forwarding, only the health status of the master;
Virtual IP Address: VIP, the IP address of the virtual router interface;
Virtual MAC address: Vmac,00-00-5e-00-01-{vrid}
Priority: The election becomes Master's main reference standard, the value range is: 0-255;
0: Waiver of the Master election;
255: The virtual IP address and the IP address of a router interface is the same, the router will automatically get 255 priority, thus directly become master;
1-254: The larger the more it is possible to become master;
Non-preemptive: If a master failure causes a change in status, all backup will re-elect the new master, and if the original master recovers from the failure, it becomes the backup state until after the current master failure. When all backup is re-elected master, it can be re-called the new master;
Preemption: If a master failure causes a change in status, all backup will re-elect the new master, and if the original master recovers from the failure, immediately announce its priority and start a new round of elections, then re-become master;

VRRP的认证方式：    无认证    简单字符串认证    MD5VRRP的工作模式：    单个实例：MASTER/BACKUP    多个实例：MASTER/BACKUP, MASTER/MASTER

Keepalived:
The application of VRRP protocol in Linux system is implemented; The original design was designed to be a highly available Ipvs scheduler; In some cases, it is called "ka";

keepalived通过调用内核中的系统调用接口完成ipvs的规则编写，从而可以用于管理lvs集群服务；所有的规则，都定义在其配置文件中；keepalived还可以对VIP地址进行浮动设置；keepalived还可以为后端各RS提供健康状态检测，可以基于传输层及应用层实现；keepalived还可以基于外部脚本调用接口完成脚本中定义的功能，甚至可以高可用其他的非lvs服务；keepalived在RHEL 6.4+或CentOS 6.4+的发行版本的操作系统中，被收录到官方系统光盘镜像之中，直接基于本地Base源使用yum命令完成安装即可；

Components of the keepalived:
Control Panel: Configuration file Analyzer;
memory management components;
IO multiplexer components;
Core components:
VRRP Stack: A component that implements the VRRP protocol function;
Checkers: Back-end RS for health status detection components;
SMTP: Invokes the SMTP protocol to send the message of the router state transition to the specified administrator mailbox in the form of a message;
Watch Dog: Monitors the working status of the checkers and VRRP stacks, and if the exception is responsible for restarting the keepalived process;
Ipvs Wrapper: Transfer Ipvs rules to the IPVS framework in the kernel for building, managing, and removing the LVS Cluster service and RS components in the cluster;
NetLink reflactor: Manage virtual Router interface;

Pre-preparation for configuring HA cluster:
1. The time between each node host must be synchronized, can use time server, such as NTP or chrony;
2. Ensure that the rules of iptables and SELinux do not hinder data communication prior to each node;
3. Each node hosts need to communicate with each other via host name (not required for KA);
4. For security reasons, each node host can be the root user, based on the key authentication method of ssh communication (for Ka non-essential);

Keepalived Installation:
in CentOS 7.2, use the CD directly to mirror the Yum repository and install it using the Yum install keepalived;

Program Environment: Master Profile:/etc/keepalived/keepalived.conf Main program file:/usr/sbin/keepalived Unit File:/usr/lib/systemd/system/keepaliv               Ed.service structure of the master configuration file: Global configuration Global Definitions Global_defs {notification_email { [email protected]//Configure the email address to receive email notifications;} Notification_email_from [email protected] Smtp_ Server 127.0.0.1//Set up a mail server for sending e-mails; smtp_connect_timeout # Integer, Seconds router_id my_hostname Set the router ID only to distinguish between different devices, and if not modified, it will not affect the keepalived service itself; vrrp_mcast_group4 224.0.0.18//Set the destination multicast communication address to send VRRP protocol            must ensure that all parameters of the selected router must have the same multicast communication address;} VRRPD CONFIGURATION vrrp_instance inside_network {//define VRRP instance and instance name;            State MASTER//Specifies the initial status of the current device, interface eno16777736//Specifies the network interface that is bound by the VRRP protocol, that is, the network interface that sends VRRP through the information; VIRTUAL_ROUTER_ID 51//Specifies the virtual router identity for determining the VRRP backup group; priority 100//Specifies the precedence of the current node, the specified range is: 1-254; advert_         int 1//Send VRRP through the time interval, unit is seconds;   Authentication {Auth_type Pass//Set authentication method between each node of VRRP protocol, pass means simple password Auth_pass MTUWPBJD//Set Authentication Password, no more than 8 characters;} virtual_ipaddress {<IPADDR>/<MASK> brd <IPADDR> dev <STRING> Scope <SCOPE> Label <LABEL>}//Set the private context of the virtual IP address nopreempt//Set the current node to non-preemption mode, default            Consider preemption mode; preempt_delay 300//delay time before start of preemption mode; Notify_master <STRING>|<QUOTED-STRING>                Notify_backup <STRING>|<QUOTED-STRING> Notify_fault <STRING>|<QUOTED-STRING>    Sets the path and related parameters of the script file that is triggered when the current server state changes; track_script {Script_name}} LVS CONFIGURATION Virtual Server VIP Vport | Fwmark <INT> {delay_loop <INT>//service polling interval set; Lb_algo RR|WRR|LC|WLC|LBLC|SH|DH//load is specified Lb_kind nat| dr| TUN//Specifies the type of load balancer cluster; Persistence_timeout <int> Enable persistent connections and set time-outs; protocol TCP//load balancer supported protocols; currently only TCP is supported; Sorry_server <IPADDR> <PORT>//IF                Back-end Rs are all unavailable, you need to temporarily remove the LVS Cluster service and set the local HTTP service to Sorry-server, providing a friendly error page; Real_server <IPADDR> <PORT> { Weight <INT>//Specify the weight of the current RS; notify_up <STRING>|<QUOTED-STRING> Noti Fy_down <STRING>|<QUOTED-STRING>//When the status of RS is changed to up or down, the script path and parameter settings used to send the notification are sent; HTTP_ Get|                        Ssl_get {URL {path <STRING>//Specifies the URL address of the backend RS health state detection;                    Digest <STRING>//Compare whether the MD5 value of the detected resource is changed; Status_code <INT>//The health status detection of the back-end RS based on the status code of the response message; } nb_get_retry <INT>//Specify the maximum number of times to retry the health check on the back-end RS; delay_before _retry <INT>//delay time before each retry; connect_ip <ip address> connect_port <por             T>           Which IP address of the back-end RS and which port issued the health status detection request; BindTo <ip address> bind_port <po                Rt>//back end RS emits the source IP address and the source port number of the health status detection request; Connect_timeout <INTEGER>//connection timeout time; } tcp_check {connect_ip <ip address> Connect_po                    RT <PORT>//Which IP address of the back end RS and which port issued the health status detection request; BindTo <ip address>  Bind_port <PORT>//back end RS emits the source IP address and source port number of the health status detection request; connect_timeout <INTEGER>//connection time-out;}}}

Linux cluster implements highly available--keepalived