Keepalived installation, use and quick start

Related links of common middleware ：
nginx Installation, use and quick start ： https://blog.csdn.net/qq_41822345/article/details/121973966
zookeeper Installation, use and quick start ： https://blog.csdn.net/qq_41822345/article/details/118862232
kafka Installation, use and quick start ： https://blog.csdn.net/qq_41822345/article/details/118874681
rocketmq Installation, use and quick start ： https://blog.csdn.net/qq_41822345/article/details/118636458

One 、keepalived The past and this life

Keepalived At first it was for LVS The design of the —— Its function is Check the status of the server 【 according to TCP/IP The third part of the reference model 、 The fourth level 、 Layer 5 switch mechanism detects the state of each service node 】, If there is one web Server down , Or work breakdown ,Keepalived Will detect , And remove the faulty server from the system , At the same time, use other servers to replace the work of this server , When the server is working Keepalived Automatically add servers to the server cluster , All this work is done automatically , There is no need for human intervention , All you need to do is fix the failed server .

Keepalived Later I joined in VRRP The function of ,VRRP（Vritrual Router Redundancy Protocol, Virtual routing redundancy protocol ) What's the purpose of this Solve the problem of single point of failure in static routing , adopt VRRP It can realize the continuous and stable operation of the network , therefore Keepalvied On the one hand, it has Server status detection and fault isolation function , On the other hand, there are also HAcluster function .

summary ： Health check and fail over are keepalived The two core functions of . So-called health examination , Is to adopt tcp Three handshakes ,icmp request ,http request ,udp echo Request to the actual server behind the load balancer ( It's usually the server that carries the real business ) Keep alive ; and Failed to switch It is mainly applied to load balancers configured with active and standby modes , utilize VRRP Maintain the heartbeat of the active / standby load balancer , When there is a problem with the primary load balancer , The standby load balancer carries the corresponding service , So as to minimize the flow loss , And provide the stability of the service .

Two 、keepalived function

A single point of failure ：keepalived Service in short , It is used to prevent single point of failure . The so-called single point of failure is , master server After hanging up From the server Act as the master server , After the original primary server is restored , When used from the server , Ensure high availability of services .

1、 Realize to LVS Cluster node health check function （healthcheck）

Usually ,keepalived and LVS Load balancing software appears together , be used for Manage and monitor the node status of the entire cluster .

Keepalived It can be achieved by keepalived.conf File configuration LVS The node of IP And related parameters LVS Direct management of ; besides , When LVS When one or even several node servers in the cluster fail at the same time and cannot provide services ,Keepalived The service will automatically remove the failed node from the server LVS Cleared from the normal forwarding queue , And schedule the request to other normal node servers , So as to ensure that the access of end users is not affected ; When the failed node server is repaired ,Keepalived The service will automatically add them to the normal forwarding queue , Provide services to customers .

2、 High availability function for system network service

Keepalived The simple principle of high availability function implementation is , Two hosts are installed at the same time Keepalived The software and start the service , At the beginning of normal operation , The role is Master The host obtains all resources and provides services to users , The role of Backup Host as Master Hot standby of the host ; When the role is Master When the host fails or fails , The role of Backup Your host will automatically take over Master All the work of the host , Including nozzle VIP Resources and corresponding resource services ; And when the role is Master After the host fault is repaired , It will automatically take over the work it originally handled , The role of Backup The host is released at the same time Master When the host fails, it takes over the work , here , The two hosts will return to their original roles and working states at the time of initial startup .

3、Keepalived High availability failover principle

Keepalived Failover between pairs of highly available services , It's through VRRP（Virtual Router Redundancy Protocol, Virtual router redundancy protocol ） To achieve .

principle ： stay Keepalived When the service is working , Lord Master The node will continuously send （ The way of multicasting ） Heartbeat message , To inform for Backup Node is still alive , When the Lord Master When a node fails , Can't send a heartbeat message , Therefore, the standby node cannot continue to detect the arrival of autonomy Master Node's heartbeat , So call your own receiver , Take over the master Master Node IP Resources and services . and When the Lord Master When the node recovers , To prepare Backup The node will release its own takeover when the primary node fails IP Resources and services , Return to the original standby role .

3、 ... and 、keepalived Communication principle

1、 In the network , The communication between hosts is through the configuration of static routing or ( The default gateway ) To complete , Once the router between hosts fails , The service will be interrupted , So in this communication mode , The router becomes a single point bottleneck , To solve this problem , It's introduced VRRP agreement .

2、VRRP The protocol is a fault-tolerant active standby mode protocol , Ensure that when the next hop route of the host fails , Another router works instead of the faulty one , adopt VRRP When the network fails, the device can be switched transparently without affecting the data communication between hosts .

3、VRRP It's through a kind of campaign for （election） Protocol mechanism To give the routing task to a certain station VRRP The router .

4、 When working, the main node is contracted , Prepare node connection package , When the standby node cannot receive the packets sent by the primary node , Start a takeover program to take over the resources of the master node . There can be multiple standby nodes , Through a priority campaign .

5、VRRP There are three states during the operation of the router ：
a、Initialize state ： After the system starts, it enters Initialize, The router is not right in this state VRRP The message does any processing ;
b、Master state ; Generally, the main router is in Master state .
c、 Backup state ; The backup router is in Backup state .

6、VRRP The election mechanism

• a、VRRP Match in group IP The owner . If virtual IP Address and VRRP One of the groups VRRP Router IP The address is the same , The router is IP Address owner , This router will be positioned as the main router .
• b、 Compare priorities . without IP Address owner , Then compare the priority of the router , The priority range is 0~255, The higher priority router is used as the primary router .
• c、 Compare IP Address . In the absence of Ip Where the address owner and priority are the same ,IP The big address is the main router .

Four 、 actual combat ： build Keepalived+Nginx High availability cluster

• install nginx

step1： Install first. nginx：https://blog.csdn.net/qq_41822345/article/details/121973966

step2： Edit again nginx Of index.html file

#  In the machine 1 On 192.168.168.101
vim /usr/local/nginx/html/index.html
#  The input is as follows ：
hello,i am k8s101,my ip is 192.168.168.101.

#  In the machine 2 On 192.168.168.102
vim /usr/local/nginx/html/index.html
#  The input is as follows ：
hello,i am k8s102,my ip is 192.168.168.102.

step3： start-up nginx

#  Start on both machines 
cd /usr/local/nginx/sbin
./nginx
ps -ef|grep nginx
#  Output is as follows , Indicating successful startup 
root       24447       1  0 20:26 ?        00:00:00 nginx: master process ./nginx
nobody     24448   24447  0 20:26 ?        00:00:00 nginx: worker process

step4： verification , visit http://192.168.168.101/ and http://192.168.168.102/

step5： Add detection nginx Health script

vim /usr/local/nginx/nginx_check.sh
##  The script is as follows 
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
    /usr/local/nginx/sbin/nginx
    sleep 2
    if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
        killall keepalived
    fi
fi

##  Add execution rights to the script 
chmod +x /usr/local/nginx/nginx_check.sh

• install keepalived

step1： On both machines

yum install keepalived -y

step2： Machine configuration 1 [192.168.168.101]

[[email protected] ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[[email protected] ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    
   notification_email {
    
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    
    state MASTER         ##  Lord ,VIP It will be bound to the master first 
    interface ens33      ##  Bound network card 
    virtual_router_id 51 ##  route id, The main and backup must be consistent 
    priority 150         ##  priority [0~255], The master must be greater than the slave 
    advert_int 1
    authentication {
    
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    
        192.168.168.110/24 dev ens33 label ens33:1  ## VIP
    }
}
... ...

step3： Machine configuration 2 [192.168.168.102]

[[email protected] ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[[email protected] ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
    
   notification_email {
    
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_2 {
    
    state BACKUP          ##  To prepare , When the master hangs up ,VIP Will be bound to the standby 
    interface ens33       ##  Bound network card 
    virtual_router_id 51  ##  route id, The main and backup must be consistent 
    priority 100          ##  priority [0~255], The standby must be smaller than the primary 
    advert_int 1
    authentication {
    
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    
       192.168.168.110/24 dev ens33 label ens33:1  ## VIP
    }
}
......

step4： Start the machine 1 And machines 2 On keepalived service

[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[[email protected] ~]# systemctl start keepalived
[[email protected] ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since  3、 ... and  2022-06-15 21:05:46 CST; 1s ago
  Process: 118831 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 118832 (keepalived)
    Tasks: 3
   Memory: 6.1M
   CGroup: /system.slice/keepalived.service
           ├─118832 /usr/sbin/keepalived -D
           ├─118833 /usr/sbin/keepalived -D
           └─118834 /usr/sbin/keepalived -D

6 month  15 21:05:46 k8s101 Keepalived_healthcheckers[118833]: Activating healthchecker for service [192.168.200.100]:443
6 month  15 21:05:46 k8s101 Keepalived_healthcheckers[118833]: Activating healthchecker for service [10.10.10.2]:1358
6 month  15 21:05:46 k8s101 Keepalived_healthcheckers[118833]: Activating healthchecker for service [10.10.10.2]:1358
6 month  15 21:05:46 k8s101 Keepalived_healthcheckers[118833]: Activating healthchecker for service [10.10.10.3]:1358
6 month  15 21:05:46 k8s101 Keepalived_healthcheckers[118833]: Activating healthchecker for service [10.10.10.3]:1358
6 month  15 21:05:46 k8s101 Keepalived_vrrp[118834]: VRRP_Instance(VI_1) removing protocol VIPs.
6 month  15 21:05:46 k8s101 Keepalived_vrrp[118834]: VRRP_Instance(VI_1) removing protocol iptable drop rule
6 month  15 21:05:46 k8s101 Keepalived_vrrp[118834]: Using LinkWatch kernel netlink reflector...
6 month  15 21:05:46 k8s101 Keepalived_vrrp[118834]: VRRP_Instance(VI_1) Entering BACKUP STATE
6 month  15 21:05:46 k8s101 Keepalived_vrrp[118834]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
[[email protected] ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:79:7a:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.168.101/24 brd 192.168.168.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.168.110/24 scope global secondary ens33:1       ## VIP 192.168.168.110【 It will be displayed after a while , The description is network card ens33 binding VIP success , But in the machine 2 Cannot be observed VIP】
       valid_lft forever preferred_lft forever
    inet6 fe80::4b54:3c90:6b87:162e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

step5： visit VIP http://192.168.168.110/

step6： Shut down the machine 1 Upper keepalived, Continue to visit http://192.168.168.110/

[[email protected] ~]# systemctl stop keepalived

[[email protected] sbin]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:34:21:6f brd ff:ff:ff:ff:ff:ff
    inet 192.168.168.102/24 brd 192.168.168.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet 192.168.168.110/24 scope global secondary ens33:1   ## VIP 192.168.168.110【VIP From the machine 1 Floating to the machine 2, explain VIP No problem 】
       valid_lft forever preferred_lft forever
    inet6 fe80::a5ca:1450:a012:aa1f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Note appended , For master-slave mode keepalived, You can close a keepalived service , The imitation machine is dead , You can only access the services of one machine .

however , For main mode [ That is, the two machines are main and standby to each other ] Of keepalived, Close a keepalived service , You can still access the services of two machines .