Linux Nine Yin Canon of the Great Voldemort Fist fragment 6 keepalived

keepalived Introduction

The Keepalived software was designed for the LVS load balancer software to manage and monitor the status of the various service nodes in the LVs zone system, and later added the VRRP functionality that can be used to achieve high availability. In addition to managing LVS software, keepalived can also be used as a high-availability solution software for other services (e.g. Nginx, Haproxy, MySQL, etc.).

Keepalived software is mainly implemented through the VRRP protocol for high-availability functions. The VRRP is the abbreviation for Virtual Router redundancy Protocol, the VRRP protocol, which is designed to solve the problem of static routing single point failure. It ensures that when individual nodes are down, the entire network can run uninterrupted. Therefore, keepalived on the one hand has the function of configuration management LVS, but also has the function of health check on the node under LVS, on the other hand can also realize the high available function of the System Network Service.

High-availability failover principle

VRRP (Virtual Router redundancy Protocol, VM Redundancy Protocol), VRRP is to resolve the high availability of static routes. Basic architecture of VRRP
A virtual router consists of multiple routers, each with its own IP and a common Vrid (0-255), where a VRRP router becomes master, occupies a VIP, provides routing services externally, and others become backup, Master sends the VRRP protocol package in IP multicast (multicast address: 224.0.0.18), maintains a heartbeat connection with backup, and if Master is not available (or backup does not receive the VRRP protocol package), backup generates a new master through the campaign and continues to provide routing services to is now highly available. Failover: Failover, that is, the primary node of a resource failure, the transfer of resources to other nodes of the operation; failback: The failure to move back, that is, the primary node of a resource after the failure to modify the line, the transfer of resources to other nodes to re-cut back the process;

The official site of the Keepalived software is http://www.keepalived.org

VRRP related terms

虚拟路由器：Virtual Router 虚拟路由器标识：VRID(0-255)物理路由器：        master  ：主设备        backup  ：备用设备        priority：优先级        VIP：Virtual IP 

Operating mode:

主/备：单虚拟路径器；主/主：主/备（虚拟路径器），备/主（虚拟路径器）

Type of work:

抢占式：当出现比现有主服务器优先级高的服务器时，会发送通告抢占角色成为主服务器非抢占式：


keepalived核心组件

Implementation of VRRP STACK:VRRP protocol Ipvs wrapper: Generate Ipvs rules for all nodes within a clusterCheckers: Check the health status of each RS in the Ipvs clusterControl Components: Profile analyzer for profiling and loading IO multiplexers for configuration filesmemory management components for managing keepalived High Availability Yes memory management

Installation

Starting with CentOS 6.4, keepalived is available with the system base warehouse yun install keepalived  and can be used for installation.

Configuration file:

主配置文件：/etc/keepalived/keepalived.conf 

主程序文件：/usr/sbin/keepalived

提供校验码：/usr/bin/genhash Unit File：keepalived.service

Unit File的环境配置文件：/etc/sysconfig/keepalived

detailed configuration file modules

global_defs {(Global default configuration, most do not need to change) Notification_email {(mail settings) [email protected] (Send mail when primary node fails) [email protected] [email protected]} Notification_email_from [email p Rotected] (send e-mail address, with little meaning) smtp_server 192.168.200.1 smtp_connect_timeout router_id lvs_devel (Router ID, information Not particularly critical. Vrrp_skip_check_adv_addr vrrp_strict Vrrp_garp_interval 0 vrrp_pmcast_group4 224.0.44.44 (add multicast address,                                    Prevent other machines in the same segment from being multicast affected) Vrrp_gna_interval 0 vrrp_iptables (this option can be added to the default global option to prevent the master node from generating iptables rules after a reboot)} (primary node re-enable failed) Vrrp_instance Vi_1 {(Setting of virtual IP address) state MASTER (set as primary node) interface Eth0 (on which physical NIC is acting) virtual_router_id 51 (Router number customization, number between 0-255) priority 100 (precedence value 0         -255 The higher the number the higher the priority) Advert_int 1 (own heartbeat information; every few seconds outward release in order) authentication {(certified) Auth_type PASS   (Authentication method: Password Authentication) Auth_pass 1111            (Enter a password; The maximum number of characters and digits is eight)} 

virtual_ipaddress {    192.168.200.16          #虚拟路由IP地址，以辅助地址方式设置 192.168.200.18/24 dev eth2 label eth2:1 #以别名的方式设置 }

track_interface {      #配置要监控的网络接口，一旦接口出现故障，则转为FAULT状态；
        eth0        eth1}                      

nopreempt                   #定义工作模式为非抢占模式；

preempt_delay 300 #抢占式模式下，节点上线后触发新选举操作的延迟时长；

192.168.200.100443 {    #LVS配置段 ，设置LVS的VIP地址和端口

delay_loop #服务轮询的时间间隔；检测RS服务器的状态。

lb_algo rr #调度算法，可选rr|wrr|lc|wlc|lblc|sh|dh。

lb_kind NAT #集群类型。

nat_mask 255.255.255.0 #子网掩码，可选项。

persistence_timeout 50 #是否启用持久连接，连接保存时长

protocol TCP #协议，只支持TCP

sorry_server <IPADDR> <PORT> #备用服务器地址，可选项

real_server 192.168.201.100 443 { #配置RS服务器的地址和端口

1                        #权重

SSL_GET {                      #检测RS服务器的状态，发送请求报文

url {              path /                    #请求的URL

digest ff20ad2481f97b1754ef3e12ecd3a9cc  #对请求的页面进行hash运算，然后和这个hash码进行比对, if the hash code is the same, it means the state is OK

 status_code <INT>         #判断上述检测机制为健康状态的响应码,和digest二选一即可。

 }                           #这个hash码可以使用genhash命令请求这个页面生成

3           #连接超时时间

nb_get_retry 3              #超时重试次数

Delay_before_retry3 #每次超时过后多久再进行连接Connect_ip <ip address>#向当前RS的哪个IP地址发起健康状态检测请求Connect_port <PORT>#向当前RS的哪个PORT发起健康状态检测请求BindTo <ip address>#发出健康状态检测请求时使用的源地址;Bind_port <PORT>#发出健康状态检测请求时使用的源端口;}

Add Virtual Server configuration parameters

Virtual_server10.10.10.2 1358{Delay_loop6(time interval for service polling) Lb_algo RR (defines the scheduling method; The RR for the LVS|wrr|lc|wlc|lblc|sh|dh) lb_kind NAT (model NAT for LVS| dr|TUN) Persistence_timeout -(persistent connection duration) Protocol TCP (Service protocol, TCP only) Sorry_server192.168.200.200 1358(Alternate server address: A server that provides a sorry interface when all background Web is down) real_server192.168.200.3 1358{(IP address of background Web server) weight1(set weight) http_get {url {path/testurl/test.jsp (defines the URL to monitor) digest 640205b7b0fc66c1ea91c463fac6334c} URL {path/testurl2/test.jsp Digest 640205b7b0fc66c1ea91c463fac6334c} connect_timeout3Nb_get_retry3Delay_before_retry3 } } }

Linux Nine Yin Canon of the Great Voldemort Fist fragment 6 keepalived