系统环境

标题 版本 备注
系统版本 ubuntu 22.04.3 LTS (Jammy Jellyfish) -
内核版本 5.15.0-88-generic #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux -
Keepalived v2.2.8 -

Keepalived 简介

Keepalived 官方地址: https://www.keepalived.org/index.html

Keepalived是一个基于vrrp协议来实现的服务器高可用解决方案,可以利用其实现避免IP单点故障,类似的工具还有heartbeat、corosync。不过其不会单独出现,而是搭配着 LVS、Nginx、HAproxy,一起协同工作达到高可用的目的。

工作原理

Keepalived本质就是为ipvs服务的,它也不需要共享存储。IPVS其实就是一些规则,Keepalived主要的任务就是去调用ipvsadm命令,来生成规则,并自动实现将用户需要访问的地址转移到可用LVS节点实现。所以keepalive的高可用是属于具有很强针对性的高可用,它和corosync这种通用性HA方案不同。

Keepalived的主要目的就是它自身启动为一个服务,它工作在多个LVS主机节点上,当前活动的节点叫做Master备用节点叫做Backup,Master会不停的向Backup节点通告自己的心跳,这种通告是基于VRRP协议的。Backup节点一旦接收不到Master的通告信息,它就会把LVS的VIP拿过来,并且把ipvs的规则也拿过来,在自己身上生效,从而替代Master节点。

Keepalived除了可以监控和转移LVS资源之外,它还可以直接配置LVS而不需要直接使用ipvsadm命令,因为它可以调用,也就是说在LVS+KEEPALIVED模型中,你所有的工作在Keepalived中配置就可以了,而且它还有对后端应用服务器健康检查的功能。

直接一句话Keepalived就是VRRP协议的实现,该协议是虚拟冗余路由协议。

VRRP协议

VRRP全称 Vritual Router Redundancy Protocol,虚拟路由冗余协议。通过把几台提供路由功能的设备组成一个虚拟路由设备,使用一定的机制保证虚拟路由的高可用,从而达到保持业务的连续性与可靠性。

在配置组成的一个虚拟路由器中,有MASTER和BACKUP之分。MASTER是主节点,在一个虚拟路由器中,只能有一个MASTER,但可以有多个BACKUP,BACKUP是备用节点,也就是当master挂掉之后,BACKUP接管MASTER节点的所有资源,当有多个BACKUP节点时,根据其priority(优先级)的值的大小,来选举谁作为MASTER的替代者。当BACKUP节点的优先级值相同时,根据其IP地址的大小,来决定。

Keepalived 安装

先决条件

  • 节点之间的时间必须同步。
  • 确保Firewalld及SELinux不会成为阻碍。
  • 各节点用于集群服务的网络接口必须支持MULTICAST(多播)<可以使用 ifconfig 命令查看。如果未开启,则可以使用命令 ip link set multicast on dev ens33 进行开启>通信。采用D类地址(224-239)。多播地址建议手动定义,因为若有多个集群服务都使用默认的,虽有认证机制,但仍会互发信息,可能会影响性能,更会产生无用日志信息。
  • 安装必要的依赖包。
    1
    sudo apt install -y gcc libssl-dev make libnl-3-dev libnl-utils

安装 keepalived

1.点击这里下载 keepalived 源码包到服务器的 /usr/local/src/ 目录下:

1
$ sudo wget -O /usr/local/src/keepalived-2.2.8.tar.gz https://www.keepalived.org/software/keepalived-2.2.8.tar.gz

2.解压下载的源码包至下载目录:

1
$ sudo tar -zxf /usr/local/src/keepalived-2.2.8.tar.gz -C /usr/local/src/

3.进入解压目录:

1
$ cd /usr/local/src/keepalived-2.2.8

4.配置编译参数:

1
$ sudo ./configure --prefix=/usr/local/keepalived

5.编译及安装:

1
2
3
$ sudo make 

$ sudo make install

6.在 /etc/profile.d/ 目录下创建 keepalived 环境脚本文件 keepalived.sh,内容如下:

1
2
3
sudo sh -c 'cat << EOF > /etc/profile.d/keepalived.sh
PATH=\$PATH:/usr/local/keepalived/bin:/usr/local/keepalived/sbin
EOF'

7.执行 source /etc/profile.d/keepalived.sh 命令,加载下 keepalived 的环境:

1
source /etc/profile.d/keepalived.sh

8.执行命令 keepalived --version 验证下 keepalived 是否安装成功(能正确输出版本号):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ keepalived --version
Keepalived v2.2.8 (04/04,2023), git commit v2.2.7-154-g292b299e+

Copyright(C) 2001-2023 Alexandre Cassen, <[email protected]>

Built with kernel headers for Linux 5.15.143
Running on Linux 5.15.0-100-generic #110-Ubuntu SMP Wed Feb 7 13:27:48 UTC 2024
Distro: Ubuntu 22.04.3 LTS

configure options: --prefix=/usr/local/keepalived

Config options:  LVS VRRP VRRP_AUTH VRRP_VMAC OLD_CHKSUM_COMPAT INIT=systemd

System options:  VSYSLOG MEMFD_CREATE IPV6_MULTICAST_ALL IPV4_DEVCONF RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_IPVLAN IFLA_LINK_NETNSID GLOB_BRACE GLOB_ALTDIRFUNC INET6_ADDR_GEN_MODE VRF SO_MARK

9.复制 keepalived 源码目录下的 keepalived 启动脚本文件到 /lib/systemd/system/ 目录下:

1
sudo cp /usr/local/src/keepalived-2.2.8/keepalived/keepalived.service /lib/systemd/system/

10.执行命令 systemctl daemon-reload 加载下启动脚本

1
sudo systemctl daemon-reload

到此,keepalived 安装已经完成

keepalived 配置

1.重命名 /usr/local/keepalived/etc/keepalived/keepalived.conf.sample/usr/local/keepalived/etc/keepalived/keepalived.conf

1
$ sudo cp /usr/local/keepalived/etc/keepalived/keepalived.conf.sample /usr/local/keepalived/etc/keepalived/keepalived.conf

2.编辑 /usr/local/keepalived/etc/keepalived/keepalived.conf ,配置说明如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
! Configuration File for keepalived

## 全局配置
global_defs {   

   # 通知邮件相关配置                                        
   notification_email {

     # 邮件发送目标地址                                   
     [email protected]                                 
   }

   # 发件人
   notification_email_from [email protected]   

   # 使用本机邮件服务        
   smtp_server 127.0.0.1   

   # 设置链接 smtp server 的超时时间                             
   smtp_connect_timeout 30    

   # 标识当前节点唯一,节点间不能相同                          
   router_id LVS_DEVEL                                 
   
   # 检查vrrp报文中的所有地址比较耗时
   # 设置此标志的意思是如果接收的到报文和上一个报文来至同一个路由器,则不执行检查。默认是跳过检查
   vrrp_skip_check_adv_addr true

   # 严格执行VRRP协议规范,此模式不支持节点单播                         
   vrrp_strict

   # 小数类型,单位秒。
   # 在一个网卡上每组gratuitous arp消息之间的延迟时间。
   # 默认为0,一个发送的消息=n组 arp报文
   vrrp_garp_interval 0

   # 小数类型,单位秒
   # 在一个网卡上每组na消息之间的延迟时间,默认为0
   vrrp_gna_interval 0
}

## 此区域是VRRP配置,含两个子配置块:vrrp_sync_group/vrrp_instance,主要对外提供服务VIP区域及其相关属性
# VRRP实例
vrrp_instance VI_1 {

    # 只能有一个是MASTER,余下的都应该为BACKUP;
    state MASTER

    # 对外提供网络的接口
    interface enp1s0:

    # 虚拟路由id标识,数字,必须和backup里相同
    virtual_router_id 51

    # 优先级,数字必须比backup大
    priority 100

    # 组播信息发送间隔,两个节点设置必须一样,秒
    advert_int 1

    # 设置验证信息,两个节点必须一致(明文)
    authentication {
        auth_type PASS
        auth_pass 1111
    }

    # 虚拟地址,即Floating IP
    virtual_ipaddress {
        192.168.3.222
    }
}

## 此区域是LVS配置。若用Keepalived+LVS,需要这段配置,若用其他,例如:Keepalived+Nginx,则无需配置。
# LVS包含两个子配置块:virtual_server_group/virtual_server
# virtual_server:虚拟服务器。每个虚拟服务器里面包含多个真实服务器real_server。
# 虚拟IP 监听 443 端口
virtual_server 192.168.3.222 443 {

    # 健康检查时间间隔,秒
    delay_loop 6

    # 负载调度算法,常见使用wlc或rr
    lb_algo rr

    # LVS负载转发规则,DR,NAT,TUN等
    lb_kind NAT

    # 会话保持时间,秒
    persistence_timeout 50

    # 转发协议一般有tcp和udp两种
    protocol TCP

    # 配置真实服务器的地址与端口
    real_server 192.168.201.100 443 {

        # 权重
        weight 1
        SSL_GET {
            url {
              # 健康检查的页面
              path /

              # 计算出的MD5值
              digest ff20ad2481f97b1754ef3e12ecd3a9cc
            }
            url {
              path /mrtg/
              digest 9b3a0c85a887a256d6939da88aabd8cd
            }

            # 连接超时时间,秒
            connect_timeout 3

            # 失败重试次数,超过后移除
            retry 3

            # 失败重试间隔,秒
            delay_before_retry 3
        }
    }
}

报错及解决方法

configure 错误:

错误一:no acceptable C compiler found in $PATH

报错信息:

1
2
3
4
5
6
7
8
9
checking whether make sets $(MAKE)... no
checking whether make supports nested variables... no
checking whether make supports nested variables... (cached) no
checking for pkg-config... no
checking for gcc... no
checking for cc... no
configure: error: in `/usr/local/src/keepalived-2.2.8':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details

解决方法:

安装 gcc

1
$ sudo apt install -y gcc

报错二:!!! OpenSSL is not properly installed on your system. !!!

报错信息:

1
2
3
4
checking for openssl/ssl.h... no
configure: error: 
  !!! OpenSSL is not properly installed on your system. !!!
  !!! Can not include OpenSSL headers files.            !!!

解决方法:

安装 libssl-dev

1
$ sudo apt install -y libssl-dev

报错三:Something went wrong bootstrapping makefile fragments for automatic dependency tracking

报错信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
hecking for sphinx-build... No
checking for rpm... No
./configure: line 14168: --variable=systemdsystemunitdir: command not found
./configure: line 14201: --exists: command not found
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
config.status: error: in `/usr/local/src/keepalived-2.2.8':
config.status: error: Something went wrong bootstrapping makefile fragments
    for automatic dependency tracking.  If GNU make was not used, consider
    re-running the configure script with MAKE="gmake" (or whatever is
    necessary).  You can also try re-running configure with the
    '--disable-dependency-tracking' option to at least be able to build
    the package (albeit without support for automatic dependency tracking).
See `config.log' for more details

解决方法:

安装 make 

1
$ sudo apt intall -y make

报错四:WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

报错信息:

1
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

解决方法:

安装 libnl-3-dev

1
$ sudo apt install -y libnl-3-dev libnl-utils