Keepalived Configuration Instance

Keepalived is a lightweight HA cluster application, it is designed to do the LVs cluster ha, that is, to detect LVS health, so that the main backup switch, not only, but also to detect the LVS agent's back-end host health status, dynamic modification of the LVS forwarding rules.

When the LVS in the main standby switch, the external service of the IP is how to do the switch it? This relies on the VRRP protocol applied by keepalived, the virtual reduntant Routing Protocol, the virtualized redundant routing protocol. In short, this protocol is to set the IP on the virtual interface, according to certain rules to implement IP on the physical host flow, that is, which host can occupy the IP.

And Keepalived has a script-calling interface that can be scripted to extend functionality.

1.Keepalived Terminology:Virtual Router: Virtual Router: Vrid (0-255) Physical router: Master: Primary device Backup: Standby Device priority: Vip:virtual IP vmac:virutal MAC ( 00-00-5E-00-01-VRID) Notification content: heartbeat, priority, etc.; periodicity;each host advertises to communicate in a multicast manner, sending packets only to hosts within the group because they are sent according to the multicast MAC address,The multicast MAC address is corresponding to the multicast IP address. The IANA (Internet assigned number Authority) stipulates thatMulticastThe high 24bit of the MAC address is the low 23bit of the 0X01005E,MAC address for the low 23bit of the multicast IP address. corresponding toThe NIC needs to be set to support multicast. Preemptive type, non-preemptive type;

Default is preemption. When a host with a high priority returns to its normal state, it will retake the IP and become master again.

Security Authentication: No authentication simple character authentication #一般采用此方式MD5工作模式: Master/Standby: Single virtual path, master/master: Master/Standby (virtual path 1), Standby/Master (virtual path 2)Assuming that two hosts A and b do ha, you can do two virtual interfaces and Flow 2 IPs. In interface 1, a device priority setting is high, Master, interface 2, B device priority is high, is master.

Such two hosts can work simultaneously with two external IPs. This is the main main mode.

Components: Core components: VRRP Stackipvs wrappercheckers Control Components: Profile Analyzer IO multiplexer memory management component ha cluster configuration prerequisites: (1) Each node time must be synchronized; (2) Ensure that iptables and selinux do not become impediments; 2. What to know before keepalived configuration

The environment shown in this article is centos7.2. keepalived Software Installation, configuration of Yum Source, package has been included in the base warehouse.

# yum Install keepalived

Program Environment: Network card support Multicast configuration file:/etc/keepalived/keepalived.conf Main program:/usr/sbin/keepalivedunit File:keepalived.service configuration file Component section: Common configuration structure

TOP hierachy

GLOBAL Configurationglobal definitionsstatic ROUTES/ADDRESSESVRRPD CONFIGURATIONVRRP synchronization Group (s) VRRP Instance (s) LVS configurationvirtual server group (s) virtual server (s) configuration syntax: Configure a virtual router: part of the vrrp_instance that implements IP flow <string > {...} Special parameters: State master| BACKUP: The initial state of the current node on this virtual router; only one is master and the rest should be backup;interface Iface_name: Bind to the physical interface used by the current virtual router; virtual_router_id Vrid: The unique identity of the current virtual router, the range is 0-255;priority 100: The current host priority in this virtual Pathfinder, the range 1-254;advert_int 1:VRRP the time interval of the advertisement; authentication {Auth_ Type ah| Passauth_pass <password>}virtual_ipaddress {<ipaddr>/<mask> brd <IPADDR> Dev <STRING> Scope <SCOPE> label <label>192.168.200.17/24 Dev eth1192.168.200.18/24 Dev eth2 label Eth2:1}track_ interface {Eth0eth1 ...} Configure the network interface to be monitored, once the interface fails, it becomes fault state; Nopreempt: Defines the mode of operation as non-preemptive, Preempt_delay 300: Preemptive mode, the delay of triggering a new election operation after the node is on-line; defining the notification script: Notify_ Master <string>|<quoted-string>: The script that fires when the current node becomes the primary node; Notify_backup <STRING>|<QUOTED-STRING> : The script that fires when the current node is converted to a node; Notify_fault <STRING>|<quoted-string&gt: The script that fires when the current node transitions to a "failed" state; notify <string>|<quoted-string>: Notification triggering mechanism in general format, A script can be used to complete the notification of the conversion of the above three states;  3.keepalived dual-Master Virtual routing configuration Instance

Pre-presentation instructions:

2 centos7.2 Console: node-00,node-01

vip1:10.1.38.19 Scheduled node-00 possession

vip2:10.1.38.20 Scheduled node-01 possession

2 hosts after installing keepalived, start editing the configuration file.

the NODE-00 is configured as follows

! Configuration File for keepalivedglobal_defs {   notification_email {    [email protected]   }   notification _email_from [email protected]           #定义来信人   smtp_server 127.0.0.1   smtp_connect_timeout   node-00   vrrp_mcast_group4 224.0.38.12}vrrp_instance vi_1 {State    MASTER    interface Team0    Virtual_ router_id    advert_int 1    authentication {        auth_type PASS        auth_pass x1er44q    }    virtual_ipaddress {        10.1.38.19/16 dev team0    }    smtp_alert            #状态切换, use mail notification}vrrp_instance vi_2 { State    BACKUP    interface team0    virtual_router_id-    advert_int 1    Authentication {        Auth_type PASS        auth_pass x1er44q    }    virtual_ipaddress {        10.1.38.20/16 dev Team0    }    Smtp_alert}

Copy to delete the remark

The NODE-01 is configured as follows

! Configuration File for keepalivedglobal_defs {   notification_email {    [email protected]   }   notification _email_from [email protected]    smtp_server 127.0.0.1   smtp_connect_timeout-   router_id node-01   vrrp_ Mcast_group4 224.0.38.12}vrrp_instance vi_1 {State    BACKUP    interface bond0    virtual_router_id    Priority    Advert_int 1    authentication {        auth_type PASS        auth_pass x1er44q    }    Virtual_ IPAddress {        10.1.38.19/16 dev bond0    }    smtp_alert}vrrp_instance vi_2 {State    MASTER    Interface bond0    virtual_router_id-    advert_int 1    authentication {        Auth_type PASS        auth_pass x1er44q    }    virtual_ipaddress {        10.1.38.20/16 dev bond0    }    Smtp_alert}

When the configuration is complete, start the service

#systemctl Start keepalived

Use IP commands to view IP address conditions

#ip Address Show

node-00 situation

node-01 situation

At this point, we simulate the node-00 outage, the node-00 keepalived service is stopped, then 10.1.38.19 this IP will flow to node-01

#systemctl Stop keepalived

This section is now complete.

4.Keepalived Ipvs High Availability cluster configuration instance configuration instructions for the same first science

Virtual Server:
Configuration structure:
Virtual_server IP port or virtual_server fwmark int
{
...
Real_server {
...
}
...
}

Common parameters:
Delay_loop <int>: Time interval for service polling;
Lb_algo RR|WRR|LC|WLC|LBLC|SH|DH: Define the scheduling method;
Lb_kind nat| dr| TUN: type of cluster;
Persistence_timeout <int>: directed scheduling duration;
Protocol TCP: Service protocol, TCP only supported;
Sorry_server <IPADDR> <port&gt: Alternate server address, and when the backend host fails, this host provides a friendly prompt page.
Real_server <IPADDR> <PORT>
{
Weight <INT>
Notify_up <STRING>|<QUOTED-STRING>
Notify_down <STRING>|<QUOTED-STRING>
Http_get| Ssl_get| tcp_check| smtp_check| Misc_check {...} : Defines the current host's health state detection method;
}

Http_get| Ssl_get {
URL {
Path <url_path>: Defines the URL to be monitored;
Status_code <int>: The response code to determine the health status of the above detection mechanism;
Digest <string>: Check code for the content of the response of the above detection mechanism for health status;
}
Nb_get_retry <int>: Retry count;
Delay_before_retry <int>: Delay time before retrying;
Connect_ip <ip Address>: A health state detection request to which IP address of the current RS
Connect_port <port&gt: To which port of the current RS is initiating a health state detection request
BindTo <ip Address>: The source address used when issuing the health status detection request;
Bind_port <port>: The source port used when issuing the health status detection request;
Connect_timeout <integer>: The timeout of connection request is long;
}

Tcp_check {
Connect_ip <ip Address>: A health state detection request to which IP address of the current RS
Connect_port <port&gt: To which port of the current RS is initiating a health state detection request
BindTo <ip Address>: The source address used when issuing the health status detection request;
Bind_port <port>: The source port used when issuing the health status detection request;
Connect_timeout <integer>: The timeout of connection request is long;
}

Start Demo Instance

Demo Description:

Node-00,node-01 as Ipvs host, do ha. The external service IP is 10.1.38.15, which is the VIP.

NODE-02,NODE-03 serves as a back-end host for Web services.

Node-02 ip:10.1.38.13

node-03 ip:10.1.38.14

The node-00 is configured as follows

! Configuration File for Keepalivedglobal_defs {notification_email {[email protected]} notification_email_f Rom [email protected] smtp_server 127.0.0.1 smtp_connect_timeout router_id node-00 vrrp_mcast_group4 224.    0.38.12}vrrp_instance vi_1 {State MASTER interface Team0 virtual_router_id 1 Authentication {auth_type PASS auth_pass x1er44q} virtual_ipaddress {10.1.38.15/16 dev Team 0} smtp_alert}virtual_server 10.1.38.15 {delay_loop 3 Lb_algo RR lb_kind DR protocol TCP sorry_s            erver 127.0.0.1 real_server 10.1.38.13 {weight 1 http_get {url {path/ Status_code connect_timeout 1 Nb_get_retry 3 delay_before_retry 1}} r        Eal_server 10.1.38.14 {weight 1 http_get {URL {path/status_code 200 } connect_tImeout 1 Nb_get_retry 3 delay_before_retry 1}} 

The NODE-01 is configured as follows

! Configuration File for Keepalivedglobal_defs {notification_email {[email protected]} notification_email_f Rom [email protected] smtp_server 127.0.0.1 smtp_connect_timeout router_id node-01 vrrp_mcast_group4 224.    0.38.12}vrrp_instance vi_1 {State BACKUP interface bond0 virtual_router_id the priority Advert_int 1     Authentication {auth_type PASS auth_pass x1er44q} virtual_ipaddress {10.1.38.15/16 dev bond0 } smtp_alert}virtual_server 10.1.38.15 {delay_loop 3 Lb_algo RR lb_kind DR protocol TCP Sorry_se            RVer 127.0.0.1 real_server 10.1.38.13 {weight 1 http_get {url {path/ Status_code connect_timeout 1 Nb_get_retry 3 delay_before_retry 1}} RE        Al_server 10.1.38.14 {weight 1 http_get {URL {path/status_code 200 } Connect_tiMeout 1 Nb_get_retry 3 delay_before_retry 1}} 

Two back-end hosts do the LVS Dr Mode cluster setup and open the Web service. Start Ipvs two host keepalived service.

Under normal circumstances, at this time node-00 has VIP, use other host to access 10.1.38.15

Test 1:

#for i in {1..6};d o Curl 10.1.38.15;done

Polling schedule is normal.

　　Test 2:

Stop node-00 keepalived Service, simulate downtime, test redundancy

The normal results are still polled normally.

　　Test 3:

Two Ipvs hosts run normally, stop node-02 Web services, simulate back-end host downtime, test keepalived dynamically adjust backend host list functions

　　

Test results, the front-end scheduler only dispatches the service to node-03.

Start the NODE-02 Web service again, and then test

　　

The results show that normal polling is resumed and the keepalived dynamic adjustment capability is tested.

In fact, the above results, and then Ipvs host Direct view of the LVS rules can also be seen

#ipvsadm-ln

5.Keepalived make Nginx High availability cluster configuration instance

To learn a new knowledge, the script calls

Keepalived calls the external auxiliary script to monitor the resource, and realizes the priority dynamic adjustment according to the monitoring result status.

Two steps: (1) Define a script first, (2) Call this script;

Vrrp_script <SCRIPT_NAME> {
Script "" #定义一个判定语句, if the exit status code is not 0, perform a minus-priority operation.
Interval INT #测试间隔
Weight-int #降低优先级, is its release VIP ownership
}

Track_script {
Script_name_1 #检测的脚本列表
Script_name_2
...
}

Start Demo Instance

Demo Description:

node-00,node-01 for Nginx server, proxy backend Web server, use keepalived to do ha cluster.

Node-02,node-03 is a back-end Web server.

The node-00 is configured as follows

! Configuration File for keepalivedglobal_defs {   notification_email {    [email protected]   }   notification _email_from [email protected]    smtp_server 127.0.0.1   smtp_connect_timeout-   router_id node-00   vrrp_ Mcast_group4 224.0.38.12}    vrrp_script check_ngx {           #脚本在引用前定义好        script "killall-0 nginx" #探测nginx服务是否正常 C11/>interval    1        weight  -5    }vrrp_instance vi_1 {State    MASTER    interface Team0    virtual_router_id    advert_int 1    authentication {        Auth_type PASS        auth_pass x1er44q    }    virtual_ipaddress {        10.1.38.15/16 dev team0    }    track_script {#在路由实例中引用自定义脚本        Check_ngx    }    Smtp_alert}

The NODE-01 is configured as follows

! Configuration File for keepalivedglobal_defs {   notification_email {    [email protected]   }   notification _email_from [email protected]    smtp_server 127.0.0.1   smtp_connect_timeout-   router_id node-01   vrrp_ Mcast_group4 224.0.38.12}    vrrp_script check_ngx {        script "killall-0 nginx"        interval    1        weight  -5    } Vrrp_instance vi_1 {State    BACKUP    interface bond0    virtual_router_id    int 1    Authentication {        auth_type PASS        auth_pass x1er44q    }    virtual_ipaddress {        10.1.38.15/16 Dev bond0    }    track_script {        check_ngx    }    Smtp_alert}

node-00,node-01 Start the Nginx service, and have set up the proxy two back-end Web servers; start the keepalived service.

node-02,node-03 start the Web service.

If configured correctly, the following results are available.

Test 1: use another host to access the VIP, poll response results are normal, VIP in node-00.

Test 2: Stop node-00 nginx service, simulate Nginx service exception, Access VIP, poll response result is normal, VIP in node-01.

Test 3: Restore node-00 nginx service, VIP flow back to node-00.

Finish ~

　　

Keepalived Configuration Instance