Keepalived入门

 　Keepalived通过VRRP协议（Virtual Router Redundancy Protocol，虚拟路由器冗余协议）实现高可用功能，解决静态路由单点故障问题，保证个别节点宕机时，整个网络能不间断地运行。

1 安装和基本操作

1.1 准备

1.2 安装

 　安装Keepalived，将Keepalived安装包上传至Linux服务器，解压：

[root@keepalived1 ~]# tar -zxvf keepalived-2.0.8.tar.gz [root@keepalived1 ~]# cd keepalived-2.0.8 

 　检查配置：

[root@keepalived1 keepalived-2.0.8]# ./configure --prefix=/usr/local/keepalived 

configure: error: !!! OpenSSL is not properly installed on your system. !!! !!! Can not include OpenSSL headers files. !!! 

 　该报错由于缺少openssl-devel包导致，安装可解决：

yum install openssl-devel 

 　检查通过后，编译并安装：

[root@keepalived1 keepalived-2.0.8]# make [root@keepalived1 keepalived-2.0.8]# make install 

1.3 配置

! Configuration File for keepalived global_defs { # 标识本节点的名称，用以告警时进行区分 router_id SERVER_146 } vrrp_instance VI_1 { # 初始状态，有MASTER和BACKUP两种状态，需全部大写，其中MASTER为工作状态，BACKUP为备用状态 state MASTER # 对外提供服务的网卡接口，即虚拟IP绑定的网卡接口，在选择网卡接口时，要核实清楚，可通过ifconfig指令查看本机的网卡情况 interface ens32 # 虚拟路由的ID号，每组中各个节点设置必须一样，可选择IP最后一段使用，相同的 VRID 为一个组，他将决定多播的 MAC 地址 virtual_router_id 148 # 节点优先级，取值范围0～254，MASTER要比BACKUP高 priority 100 # MASTER与BACKUP节点间同步检查的时间间隔，单位为秒 advert_int 1 # 虚拟IP地址池，可以有多个IP，每个IP占一行，不需要指定子网掩码 virtual_ipaddress { 192.168.197.148 } } 

 　keepalived2服务器：

! Configuration File for keepalived global_defs { router_id SERVER_147 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 148 priority 90 advert_int 1 virtual_ipaddress { 192.168.197.148 } } 

1.4 启动停止

 　进入安装目录的sbin文件夹，直接运行keepalived启动：

[root@keepalived1 sbin]# keepalived 

 　或使用服务命令启动：

service keepalived start 

[root@keepalived1 sbin]# keepalived -f /usr/local/keepalived/etc/keepalived/keepalived.conf 

 　停止Keepalived：

pkill keepalived 

 　Keepalived启停过程中，可在Linux的系统日志/var/log/messages中查看相关日志信息。启动时加上“-D”参数，会记录更详细的日志：

[root@keepalived1 sbin]# keepalived -D -f /usr/local/keepalived/etc/keepalived/keepalived.conf 

2 常用配置

2.1 非抢占模式

! Configuration File for keepalived global_defs { router_id SERVER_146 } vrrp_instance VI_1 { state BACKUP # 非抢占模式 nopreempt interface ens32 virtual_router_id 148 priority 100 advert_int 1 virtual_ipaddress { 192.168.197.148 } } 

 　服务器keepalived2：

! Configuration File for keepalived global_defs { router_id SERVER_147 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 148 priority 90 advert_int 1 virtual_ipaddress { 192.168.197.148 } } 

2.2 密码验证

! Configuration File for keepalived global_defs { router_id SERVER_146 } vrrp_instance VI_1 { state BACKUP nopreempt interface ens32 virtual_router_id 148 priority 100 advert_int 1 virtual_ipaddress { 192.168.197.148 } authentication { auth_type PASS # 密码无需设置过长，Keepalived只会用到前8个字符 auth_pass abc123 } } 

 　服务器keepalived2：

! Configuration File for keepalived global_defs { router_id SERVER_147 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 148 priority 90 advert_int 1 virtual_ipaddress { 192.168.197.148 } authentication { auth_type PASS auth_pass abc123 } } 

 　可自行验证，两台服务器密码不一致的情况。

2.3 监控脚本

#!/bin/bash ping -c 1 192.168.197.137 exit $? 

! Configuration File for keepalived global_defs { router_id SERVER_146 # 执行脚本使用的用户 script_user root } # 声明脚本 vrrp_script check { # 执行的脚本的路径 script "/usr/local/keepalived/script/check.sh" # 执行脚本的时间间隔，单位秒，每隔10秒执行一次脚本 interval 10 # 执行脚本的超时时间，单位秒，脚本执行超过10秒视为失败 timeout 10 # 脚本执行失败后，本节点优先级减小值 weight -20 } vrrp_instance VI_1 { state BACKUP # 采用抢占模式 # nopreempt interface ens32 virtual_router_id 148 priority 100 advert_int 1 authentication { auth_type PASS auth_pass abc123 } virtual_ipaddress { 192.168.197.148 } # 声明监控的脚本，脚本只有被监控时才会定时运行 track_script { check } } 

# 初始配置是BACKUP，进入备机状态 Nov 16 21:47:50 keepalived1 Keepalived_vrrp[3825]: (VI_1) Entering BACKUP STATE (init) # 发现服务器keepalived2的优先级较低 Nov 16 21:47:51 keepalived1 Keepalived_vrrp[3825]: (VI_1) received lower priority (90) advert from 192.168.197.147 - discarding # 成为主机 Nov 16 21:47:54 keepalived1 Keepalived_vrrp[3825]: (VI_1) Entering MASTER STATE # ...关闭服务器192.168.197.137 # 执行脚本超时（因为ping不通） Nov 16 21:55:47 keepalived1 Keepalived_vrrp[4160]: VRRP_Script(check_network) timed_out # 执行脚本失败，根据配置，优先级减少20，变为80 Nov 16 21:55:47 keepalived1 Keepalived_vrrp[4160]: (VI_1) Changing effective priority from 100 to 80 # 发现备机的优先级更高 Nov 16 21:55:51 keepalived1 Keepalived_vrrp[4160]: (VI_1) Master received advert from 192.168.197.147 with higher priority 90, ours 80 # 进入备机状态，原备机成为主机 Nov 16 21:55:51 keepalived1 Keepalived_vrrp[4160]: (VI_1) Entering BACKUP STATE 

! Configuration File for keepalived global_defs { router_id SERVER_147 script_user root } vrrp_script check { script "/usr/local/keepalived/script/check.sh" interval 10 timeout 10 weight -20 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 148 priority 90 advert_int 1 virtual_ipaddress { 192.168.197.148 } authentication { auth_type PASS auth_pass abc123 } track_script { check } } 

2.4 网卡监控

! Configuration File for keepalived global_defs { router_id SERVER_146 script_user root } vrrp_script check { script "/usr/local/keepalived/script/check.sh" interval 10 timeout 10 weight -20 } vrrp_instance VI_1 { state BACKUP # nopreempt interface ens32 virtual_router_id 148 priority 100 advert_int 1 authentication { auth_type PASS auth_pass abc123 } virtual_ipaddress { 192.168.197.148 } track_script { check } # 列出所监控的网卡 track_interface { ens32 lo } } 

 　keepalived2服务器配置：

! Configuration File for keepalived global_defs { router_id SERVER_147 script_user root } vrrp_script check { script "/usr/local/keepalived/script/check.sh" interval 10 timeout 10 weight -20 } vrrp_instance VI_1 { state BACKUP interface ens32 virtual_router_id 148 priority 90 advert_int 1 virtual_ipaddress { 192.168.197.148 } authentication { auth_type PASS auth_pass abc123 } track_script { check } track_interface { ens32 lo } } 

 　这里在track_interface中列出了ens32，实际上，即使这里不列出，对于vrrp_instance中使用的网卡，连接不通后也会进入FAULT状态。在测试改设置的效果时，可使用本地回环接口lo：

# 断开网卡 [root@keepalived1 ~]# ifdown lo # 连接网卡 [root@keepalived1 ~]# ifup lo 

 　断开本地回环接口lo后，可以看到keepalived1的日志：

Nov 19 10:45:51 keepalived1 Keepalived_vrrp[6652]: Netlink reports lo down Nov 19 10:45:51 keepalived1 Keepalived_vrrp[6652]: (VI_1) Entering FAULT STATE Nov 19 10:45:51 keepalived1 Keepalived_vrrp[6652]: (VI_1) sent 0 priority Nov 19 10:45:51 keepalived1 Keepalived_vrrp[6652]: Netlink: error: data remnant size 1148 Nov 19 10:45:51 keepalived1 avahi-daemon[675]: Withdrawing address record for 192.168.197.148 on ens32. 

 　keepalived1由于lo断开，进入了FAULT状态，优先级变为0。查看keepalived2的日志可以看到，由于keepalived1的优先级已低于keepalived2，keepalived2成为了主机：

Nov 19 10:45:51 keepalived2 Keepalived_vrrp[4161]: (VI_1) Backup received priority 0 advertisement Nov 19 10:45:51 keepalived2 Keepalived_vrrp[4161]: (VI_1) Backup received priority 0 advertisement Nov 19 10:45:52 keepalived2 Keepalived_vrrp[4161]: (VI_1) Entering MASTER STATE 

2.5 通知脚本

! Configuration File for keepalived global_defs { router_id SERVER_146 script_user root } vrrp_script check { script "/usr/local/keepalived/script/check.sh" interval 10 timeout 10 weight -20 } vrrp_instance VI_1 { state BACKUP # nopreempt interface ens32 virtual_router_id 148 priority 100 advert_int 1 authentication { auth_type PASS auth_pass abc123 } virtual_ipaddress { 192.168.197.148 } track_script { check } track_interface { ens32 lo } # 当前服务器进入主机状态时运行的脚本 notify_master "/usr/local/keepalived/script/notify_master.sh" # 当前服务器进入备机状态时运行的脚本 notify_backup "/usr/local/keepalived/script/notify_backup.sh" # 当前服务器进入失败状态时运行的脚本 notify_fault "/usr/local/keepalived/script/notify_fault.sh" # 当前服务器Keepalived停止时运行的脚本 notify_stop "/usr/local/keepalived/script/notify_stop.sh" # 该脚本在任何状态切换后都会运行，且在以上脚本运行完毕后运行，以下3个参数会自动传入脚本中：$1=GROUP|INSTANCE，表示切换的是VRRP实例组或VRRP实例；$2=VRRP实例（组）的名称；$3=MASTER|BACKUP|FAULT，为切换的目标状态 notify "/usr/local/keepalived/script/notify.sh" }