Keepalived for high availability and keepalived

Keepalived for high availability and keepalived

Originally published on cu:

Reference:

This article involves keepalived installation, simple configuration, and high availability for haproxy.

I. Environment preparation 1. Operating System

CentOS-7-x86_64-Everything-1511

2. Keepalived version

As of February 22, the keepalived version is 1.3.5:

Http://www.keepalived.org/software/keepalived-1.3.5.tar.gz

3. Topology

Ii. install and configure Keepalived

The following process is completed at Node 1. For Node 2, see Node 1 for proper modification.

1. Dependent Software

# Install the software once instead of once; # General libnl3-devel ipset-devel iptables-devel libnfnetlink-devel popt-static popt-devel and so on are not pre-installed into the system; # net-snmp-devel is required to enable the relevant functions need [root @ elk-node1 ~] # Yum install openssl-devel libnl3-devel ipset-devel iptables-devel libnfnetlink-devel popt-static popt-devel gcc kernel-headers kernel-devel net-snmp-devel-y

2. Download

[root@elk-node1 ~]# cd /usr/local/src/[root@elk-node1 src]#wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz 

3. Compile and install

# Run ". /configure -- help "to view related compilation parameters; # The" -- with-kernel-dir "parameter is not included in this compilation, it is generally considered that "-- with-kernel-dir =/usr/src/kernels/(version)" is used to specify that the kernel works better, and the environment here is relatively simple, there is no obvious problem after actual use; # It is not specified here because centos7 cannot find "linux/netlink. h "header file, even if the corresponding header file can be found in the corresponding directory, I found the corresponding solution does not find the corresponding [root @ elk-node1 src] # tar-zxvf keepalived-1.3.5.tar.gz [root @ elk-node1 src] # cd keepalived-1.3.5 [root @ elk-node1 keepalived-1.3.5] #. /configure -- prefix =/usr/local/keepalived [root @ elk-node1 keepalived-1.3.5] # make [root @ elk-node1 keepalived-1.3.5] # make install

4. Configure startup 1) Startup commands

# Soft link [root @ elk-node1 ~] # Cd/usr/local/keepalived/[root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/etc/sysconfig/[root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/sbin/keepalived/usr/sbin/

2) configuration file

# Soft link [root @ elk-node1 keepalived] # mkdir-p/etc/keepalived [root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/etc/keepalived. conf/etc/keepalived/

3) boot

# In the centos7 compilation and installation directory, no "/etc/rc by default. d/init. d/keepalived file, that is, the self-starting script, requires manual configuration, provided that the startup commands, configuration files, and other directories defined by the script are placed; # during startup, you may need to run: systemctl daemon-reload restart keepalived [root @ elk-node1 keepalived] # touch/etc/rc. d/init. d/keepalived [root @ elk-node1 keepalived] # chmod + x/etc/rc. d/init. d/keepalived [root @ elk-node1 keepalived] # vim/etc/rc. d/init. d/keepalived #! /Bin/sh # keepalived High Availability monitor built upon LVS and VRRP # chkconfig:-86 14 # description: robust keepalive facility to the Linux Virtual Server project \ # with multilayer TCP/IP stack checks. ### begin init info # Provides: keepalived # Required-Start: $ local_fs $ network $ named $ syslog # Required-Stop: $ local_fs $ network $ named $ syslog # shocould-Start: smtpdaemon httpd # shocould-Stop: smtpd Aemon httpd # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: High Availability monitor built upon LVS and VRRP # Description: robust keepalive facility to the Linux Virtual Server # project with multilayer TCP/IP stack checks. ### end init info # Source function library .. /etc/rc. d/init. d/functionsexec = "/usr/sbin/keepalived" prog = "keepalived" config = "/etc/keepalived. conf "[-e /Etc/sysconfig/$ prog] &. /etc/sysconfig/$ proglockfile =/var/lock/subsys/keepalivedstart () {[-x $ exec] | exit 5 [-e $ config] | exit 6 echo-n $ "Starting $ prog:" daemon $ exec $ KEEPALIVED_OPTIONS retval = $? Echo [$ retval-eq 0] & touch $ lockfile return $ retval} stop () {echo-n $ "Stopping $ prog:" killproc $ prog retval =$? Echo [$ retval-eq 0] & rm-f $ lockfile return $ retval} restart () {stop start} reload () {echo-n $ "Reloading $ prog: "killproc $ prog-1 retval =$? Echo return $ retval} force_reload () {restart} rh_status () {status $ prog} rh_status_q () {rh_status &>/dev/null} case "$1" in start) rh_status_q & exit 0 $1; stop) rh_status_q | exit 0 $1; restart) $1; reload) rh_status_q | exit 7 $1 ;; force-reload) force_reload; status) rh_status; condrestart | try-restart) rh_status_q | exit 0 restart; *) echo $ "Usage: $0 {start | stop | status | restart | c Ondrestart | try-restart | reload | force-reload} "exit 2 esacexit $? # Set boot [root @ elk-node1 keepalived] # chkconfig -- add keepalived [root @ elk-node1 keepalived] # chkconfig -- level 35 keepalived on [root @ elk-node1 keepalived] # vim/usr/lib /systemd/system/keepalived. service # modify PIDFile as follows: PIDFile =/var/run/keepalived. pid

5. Keepalived configuration file

[Root @ elk-node1 ~] # Vim/usr/local/keepalived/etc/keepalived. conf #===================================================== ==================## keepalived. conf configuration # ---------------------------------------------------------- #1. The Keepalived configuration file is organized in blocks. Each block contains content in {} #2, "#", "!" Initial behavior comment #3. keepalived configuration is classified into three types: # (1) Global configuration: configuration that takes effect for the entire keepalived # (2) VRRPD configuration: Core configuration, mainly implements the keepalived High Availability function # (3) LVS configuration #================================================= ====================! Configuration File for keepalived ######################### global Configuration ######### ############### global configuration ID of global_defs; global_defs {# icationication_email is used to set the alarm email address; you can set multiple, one per line; set the mail alarm to enable the local Sendmail service icationication_email {root@localhost.local} # Set the mail sending Address, smtp server address, connection smtp sever timeout interval icationication_email_from root@localhost.local smtp_server 10.11.4.151 smtp_connect_timeout 30 # indicates running the keepalived server identifier, router_id Haproxy_DEVEL }############################# service detection configuration ## ##################### service detection, chk_haproxy returns 0 for the service name, indicating that the service is a normal vrrp_script chk_haproxy {script "/usr/local/keepalived/etc/chk_haproxy.sh" # interval 1 # haproxy is detected online every one second, weight addition 2 # weight 2 }###################### VRRPD configuration ######## ############## VRRPD configuration identifier, VI_1 is the Instance name vrrp_instance VI_1 {# specifies the Keepalvied role. MASTER (in uppercase) indicates that the host is the MASTER server, and BACKUP indicates the BACKUP server. # here, because the configuration is not preemptible, nopreempt only acts on BACKUP. Both hosts are configured as BACKUP state BACKUP # specify the interface eth0 of the HA Monitoring Network # virtual route ID, which is a number and can be selected from 1; # The same VRRP instance uses a unique identifier. MASTER_ID = BACKUP_ID virtual_router_id 51 # defines the node priority. A larger number indicates a higher node priority. # In the same VRRP_instance, MASTE_PRIORITY> BACKUP_PRIORITY priority 100 # interval between the MASTER and BACKUP hosts for synchronization check, measured in seconds advert_int 1 # From the Perspective of actual application, we recommend that you configure the non-preemption mode, prevents frequent network switching and nopreempt # sets the Communication Verification type and password between nodes. The verification types include PASS and AH. # The same vrrp_instance, the MASTER verification password must be consistent with the BACKUP authentication {auth_type PASS auth_pass 987654} # sets the virtual IP address (VIP), also known as the drifting IP address; # You can set multiple, one line; # keepalived add the VIP to the system virtual_ipaddress {10.11.4.150} using the "ip address add" command # script tracking, corresponding service detection track_script {chk_haproxy }}################################ ############## LVS configuration, here, keepalived only performs high availability, without lvs ##################################### ######### virtual_server LVS configuration ID # format: virtual_server VIP port [separated by spaces between IP and port] # virtual_server 10.11.4.150 443 {# Set the Health Check Interval in seconds # delay_loop 6 # Set the load scheduling algorithm. Common scheduling algorithms are: rr, wlc, and # lb_algo rr # Set the LVS mechanism for load balancing, such as lc, lblc, sh, and dh, available in NAT, TUN, and DR modes # lb_kind NAT # session persistence time, which is very useful for dynamic web pages and provides a good solution for seesion sharing in the cluster system; # Your requests are distributed to a service node until the session persistence time is exceeded (maximum no response timeout time ), # That is, if no operation is performed on the user's dynamic page within 50 s, the page will be distributed to another node # persistence_timeout 50 # forwarding protocol type # protocol TCP # Set the identifier starting from the real server segment [IP true IP address] # format: real_server realIP port [separated by spaces between IP addresses and ports] # real_server 192.168.201.100 443 {# weight of the real server Node. The value size is represented by a number. The larger the number, higher weight # weight 1 # Health Check SSL_GET # SSL_GET {# specify the URL Information of the SSL check, you can specify multiple # url {# detailed URL path # path/index.html # summary information after the SSL check, which can be obtained using the genhash command tool. The command is as follows: # [root @ elk-node1 bin] #/usr/local/keepalived/bin/genhash-s 192.168.4.171-p 80-u/index.html # digest restart #}# url {# path/mrtg /# digest 9b3a0c85a887a256d6939da88aabd8cd #}# no response timeout, unit: seconds # connect_timeout 3 # Number of Retries # nb_get_retry 3 # Retry Interval # delay_before_retry 3 #}#}#}

6. Keepalived detection script

# Check whether the haproxy service is normal, if not, try to pull up, if the attempt fails to restart the keepalived service, switch the keepalived vip [root @ elk-node1 ~] # Touch/usr/local/keepalived/etc/chk_haproxy.sh [root @ elk-node1 ~] # Chmod 755/usr/local/keepalived/etc/chk_haproxy.sh [root @ elk-node1 ~] # Vim/usr/local/keepalived/etc/chk_haproxy.sh #! /Bin/bash # check haproxy process, if there isn't any process, try to start the process once, # check it again after 3 s, if there isn't any process still, restart keepalived process, change state. #2017-03-22 v0.1 if [$ (ps-C haproxy -- no-header | wc-l)-eq 0]; then/etc/rc. d/init. d/haproxy start sleep 3 if [$ (ps-C haproxy -- no-header | wc-l)-eq 0]; then/etc/rc. d/init. d/keepalived restart fi Fi # another method to check haproxy process # killall-0 haproxy # if [$? -Ne 0]; then #/etc/rc. d/init. d/keepalived restart # fi

Iii. Verification 1. Start

[root@elk-node1 ~]# service keepalived start[root@elk-node2 ~]# service keepalived start 

2. View logs 1) Node1

[root@elk-node1 ~]# tailf /var/log/messages

2) Node2

[root@elk-node2 ~]# tailf /var/log/messages

3. VIP

# Use "ip address add" to add the vip to the system, because the "ifconfig" command does not see the effect [root @ elk-node1 ~] # Ip address show eth0

The network adapter eth0 of Node1 has obtained the vip 10.11.4.150.

4. Failover 1) Haproxy fault pulling

[root@elk-node1 ~]# date ; service haproxy stop[root@elk-node1 ~]# date ; service haproxy status

2) Node1 log

 

3) Node2 logs

4) Node2 VIP

[root@elk-node2 ~]# ip address show eth0

The eth0 of Node2 has obtained the vip 10.11.4.150.