Shulou(Shulou.com)06/02 Report--

I. brief introduction

Keepalived is a free and open source, written in C similar to layer3, 4-7 switching mechanism software, with what we usually call layer 3, layer 4 and layer 7 switch functions. Mainly provide loadbalancing (load balancing) and high-availability (high availability) functions, load balancing implementation needs to rely on Linux virtual service kernel module (ipvs), and high availability is to achieve the failover service between multiple machines through the VRRP protocol.

The figure above shows the functional architecture of Keepalived, which is roughly divided into two layers: user space (user space) and kernel space (kernel space).

Kernel space: it mainly includes two parts: IPVS (IP virtual server, which is used for load balancing of network services) and NETLINK (which provides advanced routing and other related network functions).

User space:

WatchDog: load monitoring the status of checkers and VRRP processes VRRP Stack: failed switching FailOver between load balancers. If only one load balancer is used, VRRP is not required. Checkers: responsible for health check healthchecking of real servers, which is the most important function of keepalived. In other words, there can be no VRRP Stack, but there must be a health check-up healthchecking. IPVS wrapper: the user sends the set rules to the kernel ipvs code Netlink Reflector: used to set the vip address of the vrrp, etc.

All the functions of Keepalived are implemented by configuring keepalived.conf files.

II. Installation and configuration

Download the latest version of keepalived from the official website. This article takes the current version 1.2.24 as an example.

2.1 installation

Shell > cd / usr/local/srcshell > wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gzshell> tar-zxvf keepalived-1.2.24.tar.gzshell > cd keepalived-1.2.24shell >. / configure-- prefix=/usr/local/keepalivedshell > make & & make install

2.2 configuration

After the installation is complete, go to the etc directory of the installation directory and copy the corresponding configuration file of keepalived to the corresponding directory of the system. When keepalived starts, it looks for the keepalived.conf configuration file from the / etc/keepalived directory, and uses the default configuration if it is not found. The / etc/keepalived directory is not installed by default and needs to be created manually. The configuration file directory structure is as follows:

Shell > tree-1 / usr/local/keepalived/etc-- keepalived | |-- keepalived.conf | `--samples | |-- keepalived.conf.status_code | |-- keepalived.conf.track_interface | |-- keepalived.conf.vrrp | |--. | |-- rc.d | `--init.d |`-- keepalived`-- sysconfig `--keepalived |

Correspond to the system directory (ignore the samples directory):

/ etc/keepalived/keepalived.conf/etc/rc.d/init.d/keepalived/etc/sysconfig/keepalived

Copy the configuration file to the directory corresponding to the system:

Shell > mkdir / etc/keepalivedshell > cp / usr/local/keepalived/etc/keepalived.conf / etc/keepalived/keepalived.confshell > cp / usr/local/keepalived/etc/rc.d/init.d/keepalived / etc/rc.d/init.d/keepalivedshell > cp / usr/local/keepalived/etc/sysconfig/keepalived / etc/sysconfig/keepalived

Set the keepalived service to boot:

Shell > chkconfig keepalived onshell > service keepalived start # start service shell > service keepalived stop # stop service shell > service keepalived restart # restart service

It is also important to note that keepalived does not check whether the syntax of the configuration file is correct when it starts, so we should be very careful when writing the configuration file so as not to make mistakes, otherwise something unexpected will occur.

When starting a service with the service keepalived start command, the KEEPALIVED_OPTIONS parameter in the / etc/sysconfig/keepalived file is taken as the parameter when the keepalived service is started by default, and the keepalived.conf configuration file is loaded from the / etc/keepalived/ directory, or the location of the configuration file is specified with the-f parameter.

# Options for keepalived. See `keepalived-- help' output and keepalived (8) and# keepalived.conf (5) man pages for a list of all options. Here are the most# common ones: # #-vrrp-P Only run with VRRP subsystem.#-check-C Only run with Health-checker subsystem.#-dont-release-vrrp-V Dont remove VRRP VIPs & VROUTEs on daemon stop.#-dont-release-ipvs-I Dont remove IPVS topology on daemon stop.#-dump-conf-d Dump the configuration data.#-log-detail-D Detailed log messages. The default log output is in the / var/log/message file #-- log-facility-S 0-7 Set local syslog facility (default=LOG_DAEMON) # KEEPALIVED_OPTIONS= "- D"

Run keepalived-- help to view the optional parameters at startup, all of which can be configured in the KEEPALIVED_OPTIONS option in the / etc/sysconfig/keepalived file as parameters for service startup.

After keepalived is running properly, three processes are started, one of which is the parent process, which is responsible for monitoring its child processes. One is the vrrrp child process, and the other is the checkers child process.

Shell > ps-ef | grep keepalivedroot 831 10 11:22? 00:00:00 keepalived-Droot 840 831 0 11:22? 00:00:00 keepalived-Droot 841 831 10 11:22? 00:00:00 keepalived-D

At this point, the keepalived installation is complete.

III. Keepalived.conf configuration file description

After the keepalived service installation is complete, the main task behind is to configure HA and load balancing in the keepalived.conf file. A more complete function of the commonly used keepalived configuration file, mainly contains three blocks: global definition block, VRRP instance definition block and virtual server definition block. Global block definition is required, and if keepalived is only used for ha, the virtual server is optional. The following is a fully functional profile template:

# Global definition block global_defs {# email notification configuration notification_email {email1 email2} notification_email_from email smtp_server host smtp_connect_timeout num lvs_id string router_id string # # identifies the string of this node Usually hostname} # VRRP instance definition block vrrp_sync_group string {group {string string}} vrrp_instance string {state MASTER | BACKUP virtual_router_id num interface string mcast_src_ip @ IP priority num advert_int num nopreempt smtp_alert lvs_sync_daemon_interface string authentication {auth_type PASS | AH auth_pass string} virtual_ipaddress {# Block limited to 20 IP addresses @ IP @ IP @ IP} # Virtual server definition block virtual_server (@ IP PORT) | ( Fwmark num) {delay_loop num lb_algo rr | wrr | lc | wlc | sh | dh | lblc lb_kind NAT | DR | UDP real_server @ IP PORT {weight num notify_down / path/script.sh TCP_CHECK {connect_port num connect_timeout num}} real_server @ IP PORT {weight num MISC_CHECK {misc_path / path_to_script/script.sh (or misc_path "/ path_to_script/script.sh")} real_server @ IP PORT { Weight num HTTP_GET | SSL_GET {url {# You can add multiple url block path alphanum digest alphanum} connect_port num connect_timeout num nb_get_retry num delay_before_retry num}

Global definition block

1. Email notification (notification_email, smtp_server, smtp_connect_timeout): it is used to send an email alarm when there is something wrong with the service. Optional, not recommended. If you need the system to enable sendmail service, it is recommended to use the third independent monitoring service, such as nagios comprehensive monitoring instead.

2. Lvs_id:lvs load balancer identifies that its value should be unique within a network.

3. Router_id: the user identifies the name of this node, usually hostname

4. Curly braces {}: used to separate definition blocks, must appear in pairs. If the write is omitted, the keepalived runtime will not get the expected results. Because of the nesting of definition blocks, it is easy to miss the curly braces at the end, which requires special attention.

VRRP instance definition block

Vrrp_sync_group: synchronous vrrp level, used to determine the number of routing instances included in a failed handover (FailOver). That is, in a scenario with two load balancers, once a load balancer fails, you need to automatically switch to which group of another load balancer is: to include at least one vrrp instance, the vrrp instance name and the consistent vrrp_instance:vrrp instance name defined by vrrp_instance must be 1 > state: instance status, there are only MASTER and BACKUP statuses, and all capitalization is required. In preemption mode, MASTER is working and BACKUP is standby. When the server where MASTER is located fails, the service that BACKUP resides automatically changes its state from BACKUP to MASTER. When the service of the failed MASTER is restored, the BACKUP returns from the MASTER to the BACKUP state. 2 > interface: the interface of the network card that provides services, that is, the interface of the network card bound by VIP. Such as: eth0,eth2. At present, mainstream servers have two or more interfaces (corresponding to the external network and the internal network respectively). When choosing the interface of the network card, you must verify it clearly. 3 > mcast_src_ip: native IP address 4 > virtual_router_id: the ID number of the virtual route. The setting of each node must be the same. You can choose the last segment of IP to use. The same VRID is a group, and it will determine the MAC address of the multicast. 5 > priority: node priority. The range of values is 0: 254 master is higher than BACKUP. 6 > the time interval between advert_int:MASTER and BACKUP nodes for synchronization check, in seconds 7 > lvs_sync_daemon_inteface: the monitoring interface between load balancers, similar to the heartbeat line of HA HeartBeat. But its mechanism is better than Heartbeat, because it does not have the problem of "brain crack", it uses the mechanism of priority to avoid this trouble. In DR mode, lvs_sync_daemon_inteface uses the same network interface as the service interface interface 8 > authentication: authentication type and authentication password. There are two main types: PASS and AH, and PASS is usually used. It is said that there are problems with the use of AH. Verify that the password is in clear text, and the same vrrp instance MASTER and BACKUP use the same password to communicate normally. 9 > smtp_alert: whether to activate email notification in case of failure 10 > nopreempt: preemption is prohibited. By default, when the MASTER service is hung up, BACKUP is automatically upgraded to MASTER and takes over its task. When the MASTER service is restored, the BACKUP service upgraded to MASTER is automatically reduced to BACKUP, handing over the work rights to the original MASTER. When nopreempt,MASTER is configured to hang up to restore, the service is no longer preempted. 11 > virtual_ipaddress: virtual IP address pool, which can have multiple IP, each IP on a line, without the need to specify a subnet mask. Note: this IP must be consistent with our set vip.

Virtual server virtual_server definition block

Virtual_server: define a virtual server, this ip is one of the defined in virtual_ipaddress, followed by a space, and then add the port number of the virtual service. 1 > delay_loop: interval between health checks (in seconds 2 > lb_algo): load balancer scheduling algorithm. Common methods for Internet applications are wlc or rr3 > lb_kind: load balancer forwarding rules. Including DR, NAT, TUN 3, generally use routing (DR) forwarding rules. 4 > persistence_timeout:http service session persistence time, unit: 5 seconds > protocol: forwarding protocol, divided into TCP and UDP real_server: real server IP and port, you can define multiple 1 > weight: load weight, the higher the value, the higher the forwarding priority 2 > notify_down: script 3 > TCP_CHECK: service validity detection connect_port: service connection port connect_timeout: service connection timeout length Unit: second nb_get_retry: service connection failed retry number delay_before_retry: retry connection interval, unit: second

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.