Keepalived deployment and configuration

Posted by frost on Fri, 28 Jan 2022 07:53:20 +0100

I introduce

Keepalived The software was originally designed for LVS load balancing software to manage and monitor the status of each service node in LVS cluster system. Later, VRRP function which can realize high availability was added. Therefore, in addition to managing LVS software, Keepalived can also be used as high availability solution software for other services (such as Nginx, Haproxy, MySQL, etc.).

Keepalived software mainly realizes the high availability function through VRRP protocol. VRRP is the abbreviation of virtual router redundancy protocol. The purpose of VRRP is to solve the problem of single point of failure of static routing. It can ensure that the whole network can run continuously when individual nodes are down.

Therefore, on the one hand, kept has the function of configuring and managing LVS, and also has the function of health inspection for the nodes under LVS. On the other hand, it can also realize the high availability of system network services.

function

Manage LVS load balancing software
In the health check of LVS cluster nodes
High availability as a system network service (failover)

principle

Failover between Keepalived high availability service pairs is realized through VRRP (Virtual Router Redundancy Protocol).

When the Keepalived service works normally, the primary Master node will continuously send heartbeat messages (in the form of multicast) to the standby node to tell the standby Backup node that it is still alive. When the primary Master node fails, it cannot send heartbeat messages, and the standby node cannot continue to detect the heartbeat from the primary Master node, so it calls its own takeover program, Take over the IP resources and services of the Master node. When the primary Master node recovers, the standby Backup node will release the IP resources and services taken over by itself when the primary node fails and restore to the original standby role.

VRRP, the full name of which is Virtual Router Redundancy Protocol, is called virtual routing redundancy protocol in Chinese. The emergence of VRRP is to solve the problem of static single point of failure. VRRP gives the routing task to a VRRP router through a campaign mechanism.

Working principle of VRRP:

  1. The emergence of VRRP is to solve the single point of failure of static routing
  2. VRRP gives the routing task to a VRRP router through a competitive protocol mechanism
  3. VRRP uses P multicast (default multicast address (224.0_0.18)) to realize the communication between high availability pairs
  4. When working, the master node sends out the contract and the standby node receives the package. When the standby node cannot receive the data package sent by the master node, it starts the takeover program to take over the open source of the master node. There can be more than one standby node, which can compete through priority, but generally, there is a pair in the operation and maintenance of the Keepalived system
  5. VRRP uses encryption protocol to encrypt data, but Keepalived officials still recommend configuring authentication type and password in plaintext

How Keepalived works:
The kept high availability pair communicates with each other through VRRP. VRRP determines the active and standby through the election mechanism. The priority of the primary is higher than that of the standby. Therefore, when working, the primary will give priority to obtaining all resources. The standby node is in a waiting state. When the primary hangs up, the standby node will take over the resources of the primary node and then provide services on behalf of the primary node.

Between Keepalived service pairs, only the master server will always send VRRP broadcast packets and tell the standby server that it is still alive. At this time, the standby server will not occupy the master. When the master is unavailable, that is, when the standby server cannot monitor the broadcast packets sent by the master, it will start relevant services to take over resources to ensure business continuity The fastest takeover speed can be less than 1 second.

II deploy

Environmental statement

[web-server-1]
    host name = host-1
    system = centos-7.3
    address = 192.168.2.37
    Software = keepaliveed-1.3.5
           httpd-2.4
[web-server-2]
    host name = host-1
    system = centos-7.3
    address = 192.168.2.149
    Software = keepaliveed-1.3.5
          httpd-2.4

Deploy software

(all machines operate)
1. Install keepavlied

yum install keepalived -y
#file
/etc/keepalived/keepalived.conf     #keepalived service master profile
/etc/rc.d/init.d/keepalived         #Service startup script
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/libexec/keepalived
/usr/sbin/keepalived

2. Deploy httpd (example)

yum -y install httpd
systemctl start httpd

3. Test and verify to see whether the return corresponds

(host-1 Operation)
echo "37" >> /var/ww/html/index.html
curl http://192.168.2.37

(host-2 Operation)
echo "149" >> /var/ww/html/index.html
curl http://192.168.2.149

III Configure keepalived

Change it to the following, and delete the redundant part. See the detailed explanation of the keepalived configuration file for the specific meaning

(host-1 operation)
1. Take host-1 as the main machine and modify the configuration
vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs { #Global configuration
   router_id lb01 #Routing id number, cannot be duplicate
}
vrrp_instance VI_1 { #Define an instance
    state MASTER #The status parameter master/backup is only a description, depending on the priority
    interface enp0s8 #The location of the network card where the virtual IP address is placed
    virtual_router_id 51 #Same cluster id
    priority 100 #The priority determines whether it is the primary or standby. The larger the priority, the higher the priority
    advert_int 1 #Time interval between active and standby communication
    authentication {
        auth_type PASS
        auth_pass 1111 #The authentication number should be consistent in the cluster
    }
    virtual_ipaddress {
        192.168.2.99 #The virtual ip used should not conflict with the ip in the network segment
    }
}

(host-2 operation)
2. Use host-2 as the slave machine to modify the configuration

! Configuration File for keepalived
global_defs {
   router_id lb02 #change
}
vrrp_instance VI_1 {
    state BACKUP #As backup
    interface enp0s8
    virtual_router_id 51
    priority 90 #Lower priority
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.2.99
    }
}

(all machines operate)
3. Start service
systemctl start keepalived

IV test

1. Check and test whether it is connected
ip addr
ping 192.168.2.99

2. Visit the web server to check whether the information is the same

3. Turn off the keepalived service of the master node to see the effect

4. Turning it on again indicates that the priority has taken effect. Keepalived can only turn off its own service mode to switch ip. It can write a script. When httpd hangs up, it will take the initiative to turn off keepalived

Topics: Linux keepalived