Chapter 1 Introduction to Keepalived
Keepalived software was originally designed for LVS load balancing software to manage and monitor the status of each service node in the LVS cluster system. Later, it added VRRP function to realize high availability. Therefore, besides managing LVS software, Keepalived can also be used as a highly available solution software for other services (such as nginx, Haproxy, MySQL, etc.).
Keepalived software mainly achieves high availability through VRRP protocol. VRRP is the abbreviation of Virtual Router Redundancy Protocol (VRRP). The purpose of VRRP is to solve the single point fault problem of static routing. It can ensure that the whole network can run uninterruptedly when other nodes are down. So Keepalived not only has the function of configuration management of LVS, but also has the function of checking the health of the nodes under LVS. On the other hand, it can also realize the high availability of network services.
Chapter 2 Three Important Functions of Keepalived Service
1. Management of LVS Load Balancing Software
Early LVS software needed to be managed by command line or script, and there was no health check function for LVS nodes. In order to understand these inconveniences of LVS, Keepalived was born. It can be said that Keepalived software was originally designed to solve the problems of LVS. So Keepalived and LVS are deeply emotional and can work closely and happily. Keepalived can directly manage the configuration of LVS and control the start and stop of service by reading its own configuration file, which makes the application of LVS more simple and convenient.
2. Implementing health check for LVS cluster nodes
Keepalived can directly manage LVS by configuring the node IP and related parameters of LVS in its keepalived.conf file; in addition, when one or even several node servers in the LVS cluster fail simultaneously and fail to provide services, Keepalived service will automatically clear the failed node servers from the normal forwarding queue of LVS and convert them to other positive ones. Keepalived services automatically add them to the normal forwarding queue to provide services to customers when the failed node servers are repaired.
3. failover as a system service
Chapter III Working Principle of VRRP
- VRRP protocol, full name Virtual Router Redundancy Protocol, Chinese name virtual routing redundancy protocol, VRRP appears to solve the single fault of static routing point.
- VRRP is a campaign protocol mechanism to transfer routing tasks to a VRRP router.
- VRRP uses IP multicast (default multicast address 224.0.0.18) to achieve high-availability pair-to-pair communication.
- At work, the primary node sends packets and the standby node receives them. When the standby node can not receive the data packets sent by the primary node, it starts the takeover program to take over the resources of the primary node. Standby nodes can be multiple, through priority election, but the general Keepalived system operation and maintenance work is a pair.
- VRRP uses encryption protocols to encrypt data, but Keepalived officials still recommend plaintext to configure authentication types and passwords.
Chapter 4 Installation of Keepalived Environment
1. Download using yum source
yum install keepalived -y! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 { ##Main backup preparedness
state MASTER ##Main backup preparedness
interface ens33 ##Group Name Family Name
virtual_router_id 51 ##weight is equivalent to weighting principal is greater than standby is generally 100
priority 150 ##Delivery interval 1s
advert_int 1
authentication {
auth_type PASS ##Authentication type password
auth_pass 1111 ##Password
}
virtual_ipaddress {
10.0.0.1/24 dev ens33 label ens33:0 ##vip Address Virtual IP Address
}
}
Chapter 5 LB01/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
Chapter 6 LB02/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
Chapter VII Causes of Brain Fissure
- The failure of heartbeat link between high availability servers leads to the failure of normal communication, such as 1) broken heartbeat (including broken, aging), 2) broken network card and related drivers, IP configuration and conflict problems (network card direct connection), 3) equipment failure of heartbeat connection (network card switch, etc.).
- The high availability server opens the iptables firewall to block heartbeat message transmission.
- High availability servers have incorrect configuration of information such as the address of the upper heartbeat network card, which leads to the failure of sending heartbeat.
- Other reasons, such as different heartbeat modes, heartbeat broadcast conflicts, software BUG, etc.
It is suggested that the inconsistency between the two configurations of the unified VRRPVirtual_router_id parameter in the keepalived configuration may also lead to the occurrence of fissure problems.
Chapter 8 Configuration File LB01LB02 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream server_pools {
server 10.0.0.7:80 weight=4 max_fails=3 fail_timeout=30s;
server 10.0.0.8:80 weight=4 max_fails=3 fail_timeout=30s;
# server 10.0.0.9:80 weight=4 max_fails=3 fail_timeout=30s;
}
server {
listen 80;
server_name www.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
proxy_pass http://server_pools;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
Chapter 9: web01 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main;
}
}
Chapter 10 web02 nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 80;
server_name www.etiantian.org;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/access_www.log main;
}
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root html/bbs;
index index.html index.htm;
}
access_log logs/access_bbs.log main;
}
}
Chapter 11 Keeping alived dual master mode configuration file
1. LB01 configuration keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
}
2. LB02 configuration keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
}
Chapter 12 Monitors ip Modification Kernel Parameters of Network Cards Not Used on the Local Machine
echo 'net.ipv4.ip_nonlocal_bind = 1' >> /etc/sysctl.conf
sysctl -p
Chapter 13 Execute the monitoring script nginx to close and stop keeping alived
cat /server/scripts/chk_web_proxy.sh
if [ `ss -lntup|grep nginx|wc -l` -ne 1 ];then
/etc/init.d/keepalived stop
fi
chmod +x /server/scripts/chk_web_proxy.sh
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_web_proxy { #<== Define vrrp scripts to detect HTTP ports.
script "/server/script/chk_web_proxy.sh" #<== Execute the script, and when the nginx service has problems, stop the keepalived service.
interval 2 #<== 2 seconds interval
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
chk_web_proxy #<== Triggered Check
}
}