Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to deploy Keepalived under Linux. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Keepalived is the next lightweight and highly available solution for Linux. High Avalilability,HA actually has two different meanings: in a broad sense, it refers to the high availability line of the whole system, and in a narrow sense, it refers to the redundancy and takeover of the host.

VRRP (if you have studied TCP\ IP, this piece is easy to understand):

Virtual Router redundancy Protocol (VRRP) is a selection protocol that dynamically assigns the responsibility of a virtual router to one of the VRRP routers on the local area network. The VRRP router that controls the IP address of the virtual router is called the master router and is responsible for forwarding packets to these virtual IP addresses. Once the primary router is unavailable, this selection process provides a dynamic failover mechanism, which allows the IP address of the virtual router to be the default first-hop router for the end host. The advantage of using VRRP is that there is a higher availability of default paths without the need to configure dynamic routing or route discovery protocols on each end host. VRRP packets are encapsulated and sent in IP packets.

VRRP priority:

VRRP each node has its own priority, the general priority is from 0 to 255. the larger the number, the higher the priority, so it can be defined as this: if you want to have an initialization state, in which one node has a priority of 100 and another node has a priority of 99, then there is no doubt that whoever has the highest priority is that all the nodes of the master node are in backup state just after startup, and the master needs to be selected by election. Promote yourself to master if other nodes do not respond

Notification mechanism: if the master between nodes fails, it will automatically transfer the current role. At this time, our administrator should know that keepalived supports mail sending mechanism. If its status changes, it can be sent to the administrator by e-mail, so that the administrator can check its activity status immediately, which is convenient for the later operation and maintenance work.

The implementation of 1.vrrp, the core component of keepalived, 2.virtual_server: based on vrrp as the so-called notification mechanism, 3.vrrp_script: detection by external script

Installation of KeepAlived:

[root@Nginx-one ~] # tar zxf keepalived-1.2.13.tar.gz [root@Nginx-one ~] # cd keepalived-1.2.13 [root@Nginx-one keepalived-1.2.13] # yum install kernel-devel openssl-devel libnl-devel [root@Nginx-one keepalived-1.2.13] #. / configure-- prefix=/-- mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/2.6.32- 431.el6.x86_64/ [root @ Nginx-one keepalived-1.2.13] # make & & make installKeepalived configuration----Keepalived version: 1.2.13 # # version##Compiler: gcc # # compilation tool # # Compiler flags:-g-O2 # # Parameter # # ExtraLib:-lssl-lcrypto-lcrypt # # extended library # # Use IPVS Framework:Yes # # LVS Core Code Framework Disable-lvs##IPVS sync daemon support: Yes # # IPVS synchronization process can be compiled without LVS, depending on whether IPVS FRAMEWORK###IPVS use libnl: Yes # # uses the libnl library # # fwmark socket support: Yes # # socket framework # # Use VRRP Framework:Yes # # VRRP framework Keepalived core process vrrpd##Use VRRP VMAC: Yes # # VRRP Virtual mac##SNMP support: NoSHA1 support: NoUseDebug flags: No [root@Nginx-one keepalived-1.2.13] # make & & make install

All configurations of KeepAlived are set in one configuration file, and the supported configurations can be divided into the following three categories:

1. Global configuration (global configure) 2, VRRPD configuration 3, LVS configuration

Obviously, the global configuration is the configuration that takes effect for the entire keepalived, regardless of whether or not using LVS,VRRPD is the core of keepalived, LVS configuration is only used when you want to use keepalived to configure and manage LVS, and if you only use keepalived for HA,LVS, you don't need to configure it. Configuration files are organized in blocks (block), each within the {} range, # and! Represents a comment.

Global definition (global definition)

Global_defs {notification_email {# # specifies the object to which keepalived needs to send Email in the event of an event (such as switching). Multiple write multiple lines # # itchenyi@gmail.com} notification_email_from itchenyi@gmail.com smtp_server 127.0.0.1##SMTP server # # smtp_connect_timeout 30 times # Link timeout # # router_id Nginx-one # # routing identification, here with hostname # #}

VRRPD configuration (VRRP synchronization group (syncchroization group) and VRRP instance (VRRP instance))

If you do not use SYNC Group, if the route has two network segments, one internal network and one external network, and one VRRP instance is enabled for each network segment, assuming that VRRP is configured to check the internal network, then when there is a problem in the public network, VRRPD will think that it is healthy, and the switch between Master and Backup will not be sent, which leads to problems. Sync Group can put both instances into Sync Group. A switch occurs when there is a problem with any instance in the Group.

Vrrp_instance VI_1 {# # Virtual Route ID # # state MASTER # # initial state. By default, it can be upgraded to Master only after election. It is clearly defined here as the ID number of Master##interface eth2 # # electing a virtual route through that network card interface # # virtual_router_id 10 # #, which is generally no more than 255. optional IP last segment uses # # priority 100 # # initial priority. The basis for judgment in the election process is the same as the concept of routing # # advert_int 1 # # check interval, default 1s##authentication {# # authentication mechanism # # auth_type PASS # # authentication method, PASS is plaintext # # auth_pass ipython # # authentication password # #} virtual_ipaddress {# # virtual address pool # # 1.1.100}}

Configure Backup configuration as follows:

[root@nginx-two keepalived-1.2.13] # cat / software/keepalived/etc/keepalived/keepalived.conf2.! Configuration File for keepalived3.4.global_defs {5. Notification_email {6. Itchenyi@gmail.com7. } 8. Notification_email_from itchenyi@gmail.com9. Smtp_server 127.0.0.110. Smtp_connect_timeout 3011. Router_id nginx-two12.} 13.14.vrrp_instance VI_1 {15. State BACKUP16. Interface eth217. Virtual_router_id 2018. Priority 5019. Advert_int 120. Authentication {21. Auth_type PASS22. Auth_pass ipython23. } 24. Virtual_ipaddress {25. 1.1.1.10026. } 27. 28.29.additional configuration: # 30. Nopreempt is set to non-preemptive, this configuration can only be set on nodes where state is BACKUP, and the priority of this machine must be 31. 5% higher than that of the other. Preempt_delay preemption delay, default is 5 minutes 32. Debug debug level 33. Script executed when notify_master switches to Master: 34.35.##start## 36.[ root @ Nginx-one keepalived-1.2.13] # service keepalived start37.Starting keepalived: [OK] 38.39.observe its log file # 40.[ root @ Nginx-one keepalived-1.2.13] # tail-f / var/log/messages41.Aug 3 00:02:12 Nginx-one Keepalived [8177]: Starting Keepalived v1.2.13 ( 42.Aug 3 00:02:12 Nginx-one Keepalived [8178]: Starting Healthcheck child process Pid=818043.Aug 3 00:02:12 Nginx-one Keepalived [8178]: Starting VRRP child process Pid=818144.#### 's current IP address # 45.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Netlink reflector reports IP 1.1.1.10 added46.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added47.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Registering Kernel netlink reflector48.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Registering Kernel netlink command channel49.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Netlink reflector reports IP 1.1.1.10 added50.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Netlink reflector reports IP fe80::20c:29ff:fecb:90a2 added51.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Registering Kernel netlink reflector52.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Registering gratuitous ARP shared channel53.Aug 3 00:02: 13 Nginx-one Keepalived_healthcheckers [8180]: Registering Kernel netlink command channel54.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Opening file'/ etc/keepalived/keepalived.conf'.55.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Configuration is using: 62834 Bytes56.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: Using LinkWatch kernel netlink reflector...57.Aug 3 00:02:13 Nginx-one Keepalived_vrrp [8181]: VRRP sockpool: [ifindex (2) Proto (112), unicast (0) Fd (10Magazine 11)] 58.upload # Open and load the configuration file # 59.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Opening file'/ etc/keepalived/keepalived.conf'.60.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Configuration is using: 7377 Bytes61.Aug 3 00:02:13 Nginx-one Keepalived_healthcheckers [8180]: Using LinkWatch kernel netlink reflector...62.#### switches to Master status # # # # 63.Aug 3 00:02:14 Nginx-one Keepalived_vrrp [8181]: VRRP_Instance (VI_1) Transition to MASTER STATE64.Aug 3 00:02:15 Nginx-one Keepalived_vrrp [8181]: VRRP_Instance (VI_1) Entering MASTER STATE65.Aug 3 00:02:15 Nginx-one Keepalived_vrrp [8181]: VRRP_Instance (VI_1) setting protocol VIPs.66.#### add VIP###67.Aug 3 00:02:15 Nginx-one to the interface Keepalived_vrrp [8181]: VRRP_Instance (VI_1) Sending gratuitous ARPs on eth2 for 1.1.1.10068.Aug 3 00:02:15 Nginx-one Keepalived_healthcheckers [8180]: Netlink reflector reports IP 1.1.1.100 added69.Aug 3 00:02:20 Nginx-one Keepalived_vrrp [8181]: VRRP_Instance (VI_1) Sending gratuitous ARPs on eth2 for 1.1.1.10070.71.72.check whether to add VIP### 73.[ root @ Nginx-one keepalived-1.2.13] # ip a show | awk'/ inet\ /'74. Inet 127.0.0.1/8 scope host lo75. Inet 1.1.1.10/8 brd 1.255.255.255 scope global eth276. Inet 1.1.1.100/32 scope global eth277.78. Stop MASTER View the status transition of BACKUP 79.[ root @ Nginx-one keepalived-1.2.13] # service keepalived stop80.Stopping keepalived: [OK] 81.82.83. [root@nginx-two keepalived-1.2.13] # tail-f / var/log/messages84.Aug 3 00:05:01 nginx-two Keepalived_vrrp [5148]: Using LinkWatch kernel netlink reflector...85.Aug 3 00:05 01 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) Entering BACKUP STATE86.Aug 3 00:05:01 nginx-two Keepalived_healthcheckers [5147]: Using LinkWatch kernel netlink reflector...87.Aug 3 00:05:01 nginx-two Keepalived_vrrp [5148]: VRRP sockpool: [ifindex (2) Proto (112), unicast (0) Fd (10Entering MASTER STATE90.Aug 11)] 88.Aug 3 00:05:40 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) Transition to MASTER STATE89.Aug 3 00:05:41 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) Entering MASTER STATE90.Aug 3 00:05:41 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) setting protocol VIPs.91.Aug 3 00:05:41 nginx-two Keepalived_healthcheckers [5147]: Netlink reflector reports IP 1. 1.1.100 added92.Aug 3 00:05:41 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) Sending gratuitous ARPs on eth2 for 1.1.1.10093.Aug 3 00:05:46 nginx-two Keepalived_vrrp [5148]: VRRP_Instance (VI_1) Sending gratuitous ARPs on eth2 for 1.1.1.10094.95.routing protocols are the same as routing protocols When MASTER is detected to preempt VIP online, it is conceivable that Keepalived also supports non-preemptive mode. Only when BACKUP goes down after it becomes MASTER will VIP be transferred. Why is it so roundabout?

Define the detection mechanism of Keepalived

# A simple script to determine whether nginx is working # [root@nginx-two ~] # cat nginxaccountcheck.shemale binbinbinBHAHAve = `netstat-pant | awk'/ 0.0.0.0 handler80 paddle LISTENLever'| wc-l`if [$alive-eq 1] Then exit 0else exit 1fi### adds keepalived configuration # vrrp_script nginx_check {script "/ root/nginx_check.sh" interval 1 # Detection interval 1s### weigh-60 # if the condition holds Add track_script block to instance configuration block # track_script {nginx_check} [root@Nginx-one ~] # service keepalived restartStopping keepalived: [OK] Starting keepalived: [OK] # No doubt, as long as port 80 of nginx is listening normally The master is still the master # # [root@Nginx-one ~] # ip a show | awk'/ inet\ / 'inet 127.0.0.1 scope global eth2 inet 8 scope host lo inet 1.1.1.10 brd 1.255.255.255 scope global eth2 inet 1.1.1.100 brd 32 scope global eth2### stop the Nginx service # [root@Nginx-one ~] # service nginx stopStopping nginx: [OK] # look at the log # Aug300:52 : 13Nginx-one Keepalived_vrrp [8490]: VRRP_Script (nginx_check) failedAug300:52:14Nginx-one Keepalived_vrrp [8490]: VRRP_Instance (VI_1) Entering FAULT STATEAug300:52:14Nginx-one Keepalived_vrrp [8490]: VRRP_Instance (VI_1) removing protocol VIPs.Aug300:52:14Nginx-one Keepalived_vrrp [8490]: VRRP_Instance (VI_1) Nowin FAULT stateAug300:52:14Nginx-one Keepalived_healthcheckers [8489]: Netlink reflector reports IP 1.1.1.100 removed# # # Backup machine becomes Master # [root@nginx-two ~] # ip a show | awk'/ inet\ / 'inet 127.0.0.1 and 8 scope host lo inet 1.1.1.20 scope global eth2 inet 8 brd 1.255.255.255 scope global eth2 inet 1.1.1.100 32 scope global eth2 about "how to deploy Keepalived under Linux" ends here Hope that the above content can be helpful to you, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.