Keepalived案例一：Keepalived双机热备(HA)精讲

这里我们仅仅只利用Keepalive做双机热备，也就是保证服务器的高可用性，其他的不用管。可能您会说这样在实际应用中很少会这样用，这您可就错了，Keepalived仅仅做双机热备的情况还是有的，我就碰到过几次这样的案例，下面就我碰到的几个案例做个小结

一，Keepalived双机热备的应用场景

1，网站流量不高，压力不大，但是对服务器的可靠性要求极其高，例如实时在线OA系统，政府部门网站系统，医院实时报医系统，公安局在线报案系统，股市后台网站系统等等，他们的压力不是很大，但是对可靠性要求是非常高的

2，有钱没地方花的，典型的政府企业，公办学校等等

二，Keepalived双机热备的特性以及优缺点

特性：
1，至少需要两台服务器，其中一台为master始终提供服务，另外一台作为backup始终处于空闲状态，只有在主服务器挂掉的时候他就来帮忙了，这是典型的双击热备

2，能根据需求判断服务是否可用，在不可用的时候要即使切换
优缺点：

优点：数据同步非常简单，不像负载均衡对数据一致性要求非常高，实现起来相对复杂维护也颇为不便，双机热备用rsync就可以实现了操作和维护非常简单

缺点：服务器有点浪费，始终有一台处于空闲状态


三，Keepalived双机热备的配置
首先画个双机热备拓扑图吧：

这里我只写最终实现的配置，至于Keepalived的理论知识请参考《Keepalived原理与实战精讲》

1，本例通过Keepalived来实现两台LNMP(也就是linux+nginx+mysql+php)架构服务器的双机热备

LNMP的配置请参考：《Lnmp配置精讲第一版》

2，Keepalived配置双机安装配置

1》Keepalived安装

keepalived官方地址：http://www.keepalived.org/download.html，大家可以到这里下载最新版本的keepalived

操作系统：centos 5.5 32bit
系统安装：最小化安装，也就是去掉所有组件
环境配置：安装make 和 gcc openssl openssl-devel等等

1. yum -y install gcc make openssl openssl-devel wget kernel-devel
2. mkdir -p /usr/local/src/hasoft
3. cd /usr/local/src/hasoft
4. wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
5. tar -zxvf keepalived-1.2.2.tar.gz
6. cd keepalived-1.2.2
7. ./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.18-238.19.1.el5-i686/

复制代码

预编译后出现：

1. Keepalived configuration
2. ------------------------
3. Keepalived version       : 1.2.2
4. Compiler                 : gcc
5. Compiler flags           : -g -O2 -DETHERTYPE_IPV6=0x86dd
6. Extra Lib                : -lpopt -lssl -lcrypto
7. Use IPVS Framework       : Yes
8. IPVS sync daemon support : Yes
9. IPVS use libnl           : No
10. Use VRRP Framework       : Yes
11. Use Debug flags          : No

复制代码

1. make && make install

复制代码

这里注意哦，我上面是指通用的安装方法，如果你没有用到LVS可以把lvs去掉即
./configure --prefix=/usr/local/keepalived --with-kernel-dir=/usr/src/kernels/2.6.18-238.19.1.el5-i686/ --disable-lvs-syncd --disable-lvs

但这个没有影响，就按照我的来配置吧，不过如果你要是集成了LVS，那么就不可加这两个参数了哦

整理管理文件：
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/


建立配置文件目录(注意：keepalived的配置文件默认在/etc/keepalived/目录)
mkdir -p /etc/etc/keepalived/

两台服务器(两个节点)都这样安装即可

2》配置

节点A配置如下：
vi /etc/keepalived/keepalived.conf

1. global_defs
2. {
3. notification_email
4. {
5. admin@example.com
6. admin@ywlm.net
7. }
8. notification_email_from admin@example.com
9. smtp_server 127.0.0.1
10. stmp_connect_timeout 30
11. router_id lnmp_node1
12. }
14. vrrp_instance lnmp {
15. state MASTER
16. interface eth0
17. virtual_router_id 100
18. priority 200
19. advert_int 5
20. track_interface {
21. eth0
22. eth1
23. }
24. authentication {
25. auth_type PASS
26. auth_pass 123456
27. }
28. virtual_ipaddress {
29. 192.168.17.200
30. }
31. }

复制代码

节点B配置如下：
vi /etc/keepalived/keepalived.conf

1. global_defs
2. {
3. notification_email
4. {
5. admin@example.com
6. admin@ywlm.net
7. }
8. notification_email_from admin@example.com
9. smtp_server 127.0.0.1
10. stmp_connect_timeout 30
11. router_id lnmp_node1
12. }
14. vrrp_instance lnmp {
15. state MASTER
16. interface eth0
17. virtual_router_id 100
18. priority 150
19. advert_int 5
20. track_interface {
21. eth0
22. eth1
23. }
24. authentication {
25. auth_type PASS
26. auth_pass 123456
27. }
28. virtual_ipaddress {
29. 192.168.17.200
30. }
31. }

复制代码

四，启动调试
在节点A上启动
/usr/local/keepalived/sbin/keepalived

启动日志：
Sep  8 18:26:02 centosa Keepalived_vrrp: Registering Kernel netlink reflector
Sep  8 18:26:02 centosa Keepalived_vrrp: Registering Kernel netlink command channel
Sep  8 18:26:02 centosa Keepalived_vrrp: Registering gratutious ARP shared channel
Sep  8 18:26:02 centosa Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Sep  8 18:26:02 centosa Keepalived_vrrp: Configuration is using : 36076 Bytes
Sep  8 18:26:02 centosa Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Sep  8 18:26:02 centosa Keepalived: Starting VRRP child process, pid=5606
Sep  8 18:26:07 centosa Keepalived_vrrp: VRRP_Instance(lnmp) Transition to MASTER STATE
Sep  8 18:26:12 centosa Keepalived_vrrp: VRRP_Instance(lnmp) Entering MASTER STATE
Sep  8 18:26:12 centosa avahi-daemon[2528]: Registering new address record for 192.168.17.200 on eth0.


在节点B上启动
/usr/local/keepalived/sbin/keepalived

开机自动启动
echo /usr/local/keepalived/sbin/keepalived >> /etc/rc.local

启动日志：
Sep  8 18:30:02 centosb Keepalived: Starting Keepalived v1.2.2 (09/08,2011)
Sep  8 18:30:02 centosb Keepalived: Starting Healthcheck child process, pid=5837
Sep  8 18:30:02 centosb Keepalived_vrrp: Registering Kernel netlink reflector
Sep  8 18:30:02 centosb Keepalived_vrrp: Registering Kernel netlink command channel
Sep  8 18:30:02 centosb Keepalived_vrrp: Registering gratutious ARP shared channel
Sep  8 18:30:02 centosb Keepalived: Starting VRRP child process, pid=5839
Sep  8 18:30:02 centosb kernel: IPVS: Registered protocols (TCP, UDP, AH, ESP)
Sep  8 18:30:02 centosb kernel: IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
Sep  8 18:30:02 centosb kernel: IPVS: ipvs loaded.
Sep  8 18:30:02 centosb Keepalived_healthcheckers: Registering Kernel netlink reflector
Sep  8 18:30:02 centosb Keepalived_healthcheckers: Registering Kernel netlink command channel
Sep  8 18:30:02 centosb Keepalived_healthcheckers: Opening file '/etc/keepalived/keepalived.conf'.
Sep  8 18:30:02 centosb Keepalived_vrrp: Opening file '/etc/keepalived/keepalived.conf'.
Sep  8 18:30:02 centosb Keepalived_vrrp: Configuration is using : 36252 Bytes
Sep  8 18:30:02 centosb Keepalived_vrrp: Using LinkWatch kernel netlink reflector...
Sep  8 18:30:02 centosb Keepalived_healthcheckers: Configuration is using : 6271 Bytes
Sep  8 18:30:02 centosb Keepalived_healthcheckers: Using LinkWatch kernel netlink reflector...
Sep  8 18:30:02 centosb Keepalived_vrrp: VRRP_Instance(lnmp) Entering BACKUP STATE

从日志可以看出，启动都没有问题，并且安装我给的优先级完成了竞选，各自成就了各自的状态

关闭节点A的网卡测试切换是否正常
ifdown eth0

观察节点B的日志：
Sep  8 18:32:55 centosb Keepalived_vrrp: VRRP_Instance(lnmp) Transition to MASTER STATE
Sep  8 18:33:00 centosb Keepalived_vrrp: VRRP_Instance(lnmp) Entering MASTER STATE
Sep  8 18:33:00 centosb avahi-daemon[2531]: Registering new address record for 192.168.17.200 on eth0.


启动节点A的网卡测试切换是否正常
ifup eth0
观察节点B的日志：
Sep  8 18:33:31 centosb Keepalived_vrrp: VRRP_Instance(lnmp) Received higher prio advert
Sep  8 18:33:31 centosb Keepalived_vrrp: VRRP_Instance(lnmp) Entering BACKUP STATE
Sep  8 18:33:31 centosb avahi-daemon[2531]: Withdrawing address record for 192.168.17.200 on eth0.

Received higher prio advert：表示接收到更高优先级的公告(advert公告的意思)
Withdrawing：撤回的意思，可以看出切换过程一目了然


OK，到这里我们的安装部分完成，下面我们来看看如何监控服务吧，我们这里仅仅是监控了网络故障和keepalived本身进程，在网络或者keepalived进程出现问题的时候会切换，但是我的节点A里面还有很多服务呢，例如nginx，PHP，mysql进程出问题或高负载的时候相应过慢怎么办，怎么切换的呢，这时就要用到脚本了，下面我们来看看keepalived是如何控制脚本来实现对服务器的监控和切换的

写个脚本来实时监控三个服务，若有一个出现问题遍切换mkdir /root/shell/
cd /root/shell
vi keepcheck.sh

1. #!/bin/bash
2. while  :
3. do
4. mysqlcheck=`/usr/local/lnmp/mysql/bin/mysqladmin -uroot ping 2>&1`
5. mysqlcode=`echo $?`
6. phpcheck=`ps -C php-fpm --no-header | wc -l`
7. nginxcheck=`ps -C nginx --no-header | wc -l`
8. keepalivedcheck=`ps -C keepalived --no-header | wc -l`
9. if [ $nginxcheck -eq 0 ]|| [ $phpcheck -eq 0 ]||[ $mysqlcode -ne 0 ];then
10.                 if [ $keepalivedcheck -ne 0 ];then
11.                    killall -TERM keepalived
12.                 else
13.                    echo "keepalived is stoped"
14.                 fi
15.         else
16.                 if [ $keepalivedcheck -eq 0 ];then
17.                    /etc/init.d/keepalived start
18.                 else
19.                    echo "keepalived is running"
20.                 fi
21. fi
22. sleep 5
23. done

复制代码

注意，用/etc/init.d/keepalived start如果起不来，可以用/usr/local/keepalived/sbin/keepalived二进制文件直接执行启动即可
启动脚本：

1. chmod +x /root/shell/keepcheck.sh
2. nohup sh /root/shell/keepcheck.sh &

复制代码

节点B也用这个脚本

写入/etc/rc.local开机自动启动

1. echo "nohup sh /root/shell/keepcheck.sh &" >> /etc/rc.loal

复制代码

可以测试了

开了防火墙之后双节点都变成master了，日志如下
Sep 13 21:21:27 centosb avahi-daemon[2528]: Withdrawing address record for fe80::20c:29ff:fede:99ab on eth1.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Withdrawing address record for 192.168.27.212 on eth1.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Withdrawing address record for fe80::20c:29ff:fede:99a1 on eth0.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Withdrawing address record for 192.168.17.212 on eth0.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Host name conflict, retrying with <centosb-48>
Sep 13 21:21:27 centosb avahi-daemon[2528]: Registering new address record for fe80::20c:29ff:fede:99ab on eth1.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Registering new address record for 192.168.27.212 on eth1.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Registering new address record for fe80::20c:29ff:fede:99a1 on eth0.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Registering new address record for 192.168.17.200 on eth0.
Sep 13 21:21:27 centosb avahi-daemon[2528]: Registering new address record for 192.168.17.212 on eth0.

解决方法如下：(一般使用第二种情况）

第一种情况，如果用的是默认防火墙
只需要添加：iptables -I RH-Firewall-1-INPUT -d 224.0.0.18 -j ACCEPT

第二种情况：如果是自己用脚本设置的防火墙，只需要添加西门规则即可
iptables -A OUTPUT -o eth0 -d 224.0.0.18 -j ACCEPT
iptables -A OUTPUT -o eth0  -s 224.0.0.18 -j ACCEPT
iptables -A INPUT -i eth0 -d 224.0.0.18 -j ACCEPT
iptables -A INPUT -i eth0  -s 224.0.0.18 -j ACCEPT

修改完后，记得使用/etc/rc.d/init.d/iptables save 保存修改的规则，并会将规则写入/etc/sysconfig/iptables文件中去，否则重启后会失效。

在/etc/sysconfig/iptables文件中，要将INPUT链和OUTPUT链中的REJECT规则放到最后，否则会影响上面设置的功能。

最后，使用service iptables restart ，重启iptables使规则生效。

转自 http://bbs.nanjimao.com/thread-855-1-1.html