Keepalived for High Availability
Keepalived for High Availability
Reference:
1. keepaliveduser guide: http://www.keepalived.org/pdf/UserGuide.pdf
2. Installation documentation: INSTALL documentation in the source code extraction package
This article involves keepalived installation, simple configuration, and high availability for haproxy.
I. Environment preparation 1. Operating System
CentOS-7-x86_64-Everything-1511
2. Keepalived version
As of February 22, the keepalived version is 1.3.5:
Http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
3. Topology
1) two servers node1/2 virtualized by VMware ESXi are used. The frontend access address is 10.11.4.151/152 and the backend address is 192.168.4.151/2;
2) The Web1 Server is a server generated using docker technology. nginx and php services have been installed and started with the IP address 192.168.4.171;
3) Web2/3 is the same as Web1 server, with the IP address 192.168.4.172/173;
4) We plan to deploy keepalive & haproxy on node1/2 and use keepalived to virtualize vip: 10.11.4.150 for high availability;
5) for more information about Haproxy configurations, see configure;
6) Take web1 as an example. Set the test page to facilitate subsequent viewing of the verification results.
Ii. install and configure Keepalived
The following process is completed at Node 1. For Node 2, see Node 1 for proper modification.
1. Dependent Software
- [Root @ elk-node1 ~] # Yum install openssl-devel libnl3-devel ipset-devel iptables-devel libnfnetlink-devel popt-static popt-devel gcc kernel-headers kernel-devel net-snmp-devel-y
# Upgrade or install the relevant software, not required to install once, but the general libnl3-devel ipset-develiptables-devel libnfnetlink-devel popt-static popt-devel and so on is not pre-installed to the system, net-snmp-devel is required only when related functions are enabled.
2. Download
- [Root @ elk-node1 ~] # Cd/usr/local/src/
- [Root @ elk-node1 src] # wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
3. Compile and install
- [Root @ elk-node1 src] # tar-zxvf keepalived-1.3.5.tar.gz
- [Root @ elk-node1 src] # cd keepalived-1.3.5
- [Root @ elk-node1 keepalived-1.3.5] #./configure -- prefix =/usr/local/keepalived
- [Root @ elk-node1] # make
- [Root @ elk-node1] # make install
# You can use "./configure -- help" to view relevant compilation parameters before compilation;
# This compilation does not contain the "-- with-kernel-dir" parameter, which is generally considered to be "-- with-kernel-dir =/usr/src/kernels/(version) "It is better to specify the kernel. My environment may be relatively simple and there is no obvious problem after actual use. This is not specified because centos7 cannot find" linux/netlink. h "header file, even if the corresponding header file can be found in the corresponding directory, no corresponding solution is found.
4. Configure startup 1) Startup commands
- [Root @ elk-node1 ~] # Cd/usr/local/keepalived/
- [Root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/etc/sysconfig/
- [Root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/sbin/keepalived/usr/sbin/
# Soft link.
2) configuration file
- [Root @ elk-node1 keepalived] # mkdir-p/etc/keepalived
- [Root @ elk-node1 keepalived] # ln-s/usr/local/keepalived/etc/keepalived. conf/etc/keepalived/
# Soft link.
3) boot
- [Root @ elk-node1 keepalived] # touch/etc/rc. d/init. d/keepalived
- [Root @ elk-node1 keepalived] # chmod + x/etc/rc. d/init. d/keepalived
- [Root @ elk-node1 keepalived] # vim/etc/rc. d/init. d/keepalived
- #! /Bin/sh
- #
- # Keepalived High Availability monitor built upon LVS and VRRP
- #
- # Chkconfig:-86 14
- # Description: Robust keepalive facility to the Linux Virtual Server project \
- # With multilayer TCP/IP stack checks.
- ### BEGIN INIT INFO
- # Provides: keepalived
- # Required-Start: $ local_fs $ network $ named $ syslog
- # Required-Stop: $ local_fs $ network $ named $ syslog
- # Shocould-Start: smtpdaemon httpd
- # Shocould-Stop: smtpdaemon httpd
- # Default-Start:
- # Default-Stop: 0 1 2 3 4 5 6
- # Short-Description: High Availability monitor built upon LVS and VRRP
- # Description: Robust keepalive facility to the Linux Virtual Server
- # Project with multilayer TCP/IP stack checks.
- ### END INIT INFO
- # Source function library.
- ./Etc/rc. d/init. d/functions
- Exec = "/usr/sbin/keepalived"
- Prog = "keepalived"
- Config = "/etc/keepalived. conf"
- [-E/etc/sysconfig/$ prog] &./etc/sysconfig/$ prog
- Lockfile =/var/lock/subsys/keepalived
- Start (){
- [-X $ exec] | exit 5
- [-E $ config] | exit 6
- Echo-n $ "Starting $ prog :"
- Daemon $ exec $ KEEPALIVED_OPTIONS
- Retval =$?
- Echo
- [$ Retval-eq 0] & touch $ lockfile
- Return $ retval
- }
- Stop (){
- Echo-n $ "Stopping $ prog :"
- Killproc $ prog
- Retval =$?
- Echo
- [$ Retval-eq 0] & rm-f $ lockfile
- Return $ retval
- }
- Restart (){
- Stop
- Start
- }
- Reload (){
- Echo-n $ "Reloading $ prog :"
- Killproc $ prog-1
- Retval =$?
- Echo
- Return $ retval
- }
- Force_reload (){
- Restart
- }
- Rh_status (){
- Status $ prog
- }
- Rh_status_q (){
- Rh_status &>/dev/null
- }
- Case "$1" in
- Start)
- Rh_status_q & exit 0
- $1
- ;;
- Stop)
- Rh_status_q | exit 0
- $1
- ;;
- Restart)
- $1
- ;;
- Reload)
- Rh_status_q | exit 7
- $1
- ;;
- Force-reload)
- Force_reload
- ;;
- Status)
- Rh_status
- ;;
- Condrestart | try-restart)
- Rh_status_q | exit 0
- Restart
- ;;
- *)
- Echo $ "Usage: $0 {start | stop | status | restart | condrestart | try-restart | reload | force-reload }"
- Exit 2
- Esac
- Exit $?
- [Root @ elk-node1 keepalived] # chkconfig -- add keepalived
- [Root @ elk-node1 keepalived] # chkconfig -- level 35 keepalived on
# In the centos7 compilation and installation directory, no "etc/rc. d/init. d/keepalived file, that is, the self-starting script, must be manually configured, provided that the startup commands, configuration files, and other directories defined by the script are placed.
5. Keepalived configuration file
- [Root @ elk-node1 ~] # Vim/usr/local/keepalived/etc/keepalived. conf
- #===================================================== ====================
- # Keepalived. conf configuration
- #------------------------------------------------------------
- #1. The Keepalived configuration file is organized as a block. Each block content is included in {}
- #2. "#", "!" Initial behavior comment
- #3. keepalived is configured in three types:
- # (1) Global configuration: configuration that takes effect for the entire keepalived
- # (2) VRRPD configuration: Core configuration, mainly to achieve high availability of keepalived
- # (3) LVS Configuration
- #===================================================== ====================
- ! Configuration File for keepalived
- ########################
- # Global configuration
- ########################
- # Global_defs global configuration identifier;
- Global_defs {
- # Icationication_email is used to set alarm email addresses. You can set multiple email addresses and one email address per line. To set mail alarms, enable the Sendmail service on the local machine.
- Notification_email {
- Root@localhost.local
- }
- # Set the mail sending Address, smtp server address, and smtp sever connection timeout
- Notification_email_from root@localhost.local
- Smtp_server 10.11.4.151
- Smtp_connect_timeout 30
- # Indicates the ID of the running keepalived server. The information displayed in the topic during mail sending
- Router_id Haproxy_DEVEL
- }
- ######################
- # Service detection Configuration
- ######################
- # Service detection. If che_haproxy returns 0 for the service name, the service is normal.
- Vrrp_script chk_haproxy {
- Script "/usr/local/keepalived/etc/chk_haproxy.sh"
- # Test once every 1 second
- Interval 1
- # Haproxy online, weighted by 2
- # Weight 2
- }
- ######################
- # VRRPD Configuration
- ######################
- # VRRPD configuration identifier. VI_1 is the Instance name.
- Vrrp_instance VI_1 {
- # Specify the Keepalvied role. The MASTER (in uppercase) indicates that the host is the MASTER server, and the BACKUP indicates the BACKUP server;
- # Because the non-preemptible mode is configured, nopreempt only applies to BACKUP, and both hosts are configured as BACKUP
- State BACKUP
- # Specify the HA Monitoring Network Interface
- Interface eth0
- # Virtual route ID, which must be 1;
- # The same VRRP instance uses a unique identifier, MASTER_ID = BACKUP_ID
- Virtual_router_id 51
- # Define the node priority. A larger number indicates a higher node priority;
- # MASTE_PRIORITY> BACKUP_PRIORITY under one VRRP_instance
- Priority100
- # Interval between the MASTER and BACKUP hosts for synchronization check, in seconds
- Advert_int 1
- # From the Perspective of actual application, we recommend that you configure the non-preemption mode to prevent frequent network switching and fluctuation.
- Nopreempt
- # Set the Communication Verification type and password between nodes. The verification types include PASS and AH;
- # The same vrrp_instance, MASTER verification password and BACKUP are consistent
- Authentication {
- Auth_type PASS
- Auth_pass 987654
- }
- # Set a virtual IP address (VIP), also known as a drifting IP address;
- # You can set multiple entries in one line;
- # Keepalived add the VIP to the system using the "ip address add" command
- Virtual_ipaddress {
- 10.11.4.150
- }
- # Script tracking, corresponding service detection
- Track_script {
- Chk_haproxy
- }
- }
- ######################################## ######
- # LVS configuration. Here, keepalived only performs High Availability instead of lvs.
- ######################################## ######
- # Virtual_server LVS configuration ID
- # Format: virtual_server VIP port [separated by spaces between IP addresses and ports]
- # Virtual_server 10.11.4.150 443 {
- # Set the Health Check Interval in seconds
- # Delay_loop 6
- # Set the load scheduling algorithm. Common scheduling algorithms include rr, wlc, and lc, lblc, sh, and dh.
- # Lb_algo rr
- # Set LVS to implement load balancing. Three modes are available: NAT, TUN, and DR.
- # Lb_kind NAT
- # Session persistence time, which is very useful for dynamic web pages and provides a good solution for seesion sharing in the cluster system;
- # Your requests are distributed to a service node until the session persistence time is exceeded (maximum no response timeout time ),
- # That is, if the user's operation dynamic page does not perform any operation within 50 s, it will be distributed to another node
- # Persistence_timeout 50
- # Forwarding protocol type
- # Protocol TCP
- # Set the identification starting from the real server segment [IP address as the real IP address]
- # Format: real_server realIP port [IP and port are separated by spaces]
- # Real_server 192.168.201.100 443 {
- # The value of the real server node. The value size is represented by a number. The larger the number, the higher the weight.
- # Weight 1
- # Health Check SSL_GET
- # SSL_GET {
- # Specify the URL Information for the SSL check. You can specify multiple
- # Url {
- # Detailed URL path
- # Path/index.html
- # The summary information after the SSL check can be obtained using the genhash command tool. The command is as follows:
- # [Root @ elk-node1 bin] #/usr/local/keepalived/bin/genhash-s 192.168.4.171-p 80-u/index.html
- # Digest ff20ad2481f97b1754ef3e12ecd3a9cc
- #}
- # Url {
- # Path/mrtg/
- # Digest 9b3a0c85a887a256d6939da88aabd8cd
- #}
- # No response timeout time, in seconds
- # Connect_timeout 3
- # Number of Retries
- # Nb_get_retry 3
- # Retry Interval
- # Delay_before_retry 3
- #}
- #}
- #}
6. Keepalived detection script
- [Root @ elk-node1 ~] # Touch/usr/local/keepalived/etc/chk_haproxy.sh
- [Root @ elk-node1 ~] # Chmod 755/usr/local/keepalived/etc/chk_haproxy.sh
- [Root @ elk-node1 ~] # Vim/usr/local/keepalived/etc/chk_haproxy.sh
- #! /Bin/bash
- # Check haproxy process, if there isn't any process, try to start the process once,
- # Check it again after 3 s, if there isn't any process still, restart keepalived process, change state.
- #2017-03-22 v0.1
- If [$ (ps-C haproxy -- no-header | wc-l)-eq 0]; then
- /Etc/rc. d/init. d/haproxy start
- Sleep 3
- If [$ (ps-C haproxy -- no-header | wc-l)-eq 0]; then
- /Etc/rc. d/init. d/keepalived restart
- Fi
- Fi
- # Another method to check haproxy process
- # Killall-0 haproxy
- # If [[$? -Ne 0]; then
- #/Etc/rc. d/init. d/keepalived restart
- # Fi
# Check whether the haproxy service is running normally. If not, try to pull it up. If the attempt fails, restart the keepalived service and switch the keepalived vip.
Iii. Verification 1. Start
- [Root @ elk-node1 ~] # Service keepalived start
- [Root @ elk-node2 ~] # Service keepalived start
2. View logs 1) Node1
- [Root @ elk-node1 ~] # Tailf/var/log/messages
1) Start in BACKUP mode;
2) switch to MASTER mode;
3) Get the vip 10.11.4.150 and start sending free arp notices.
2) Node2
- [Root @ elk-node2 ~] # Tailf/var/log/messages
1) Start two related sub-processes;
2) Start and enter the BACKUP mode.
3. VIP
- [Root @ elk-node1 ~] # Ip address show eth0
The network adapter eth0 of Node1 has obtained the vip 10.11.4.150.
# The "ifconfig" command does not work because "ip address add" is used to add the vip to the system.
4. Failover 1) Haproxy fault pulling
- [Root @ elk-node1 ~] # Date; service haproxy stop
- [Root @ elk-node1 ~] # Date; service haproxy status
1) manually stop the haproxy service;
2) because the keepalived configuration file defines the script for pulling the haproxy service, we can see that the haproxy service is running again within 1 s.
2) Node1 log
1) The log shows that the haproxy service is pulled up after it is stopped;
2) Keepalived enters the FAULTSTATE and then changes to the backup state;
3) the vip address of the eth0 Nic of Node1 is deleted.
3) Node2 logs
1) Switch Node2 to MASTERSTATE;
2) Node2 receives vip10.11.4.150 and starts issuing free arp notices.
4) Node2 VIP
- [Root @ elk-node2 ~] # Ip address show eth0
The eth0 of Node2 has obtained the vip 10.11.4.150.