Keepalived implements Nginx load balancing highly available sample code
- 2020-05-24 06:48:03
- OfStack
Chapter 1: introduction to keepalived
VRRP agreement
The purpose is to solve the problem of static routing single point of failure
Chapter 2: how keepalived works
2.1 high availability as a system network service (failover)
The basic principle of the implementation of keepalived high availability function is as follows:
When both hosts have installed keepalived software and started the service at the same time, they will start to work normally
The role obtains all resources for the Master host and provides services to the user
The role of Backup host as the hot standby for Master host;
When a host with role Master fails or fails
The host with the Backup role will automatically take over all the work of the Master host, including taking over the VIP resources and the corresponding resource services
When the host fault of the role Master is fixed, it will automatically take over the original work
A host whose role is Backup also releases the work it took over when the Master host failed
At this point, the two hosts revert to their original roles and working states at startup
2.2 what is VRRP
VRRP, full name Virtual Router Redundancy Protocol, Chinese name is virtual routing redundancy protocol
VRRP is designed to solve the single point of failure of static routing
VRRP USES a campaign mechanism to delegate routing to an VRRP router.
VRRP implements the function of the virtual router through the campaign mechanism, and all protocol messages are sent through the IP multicast (Multicast) packet (the default multicast address is 224.0.0.18)
The virtual router is composed of VRID(range 0-255) and a group of IP addresses, which is represented as a well-known MAC address, which is: 00-00-5E-00-01 -{VRID}.
Therefore, in a virtual router, no matter who is Master, the external MAC and IP(called VIP) are the same.
The client hosts do not need to modify their routing configuration due to the change in Master; for them, the switch is transparent.
Of the 1 group of virtual routers, only the VRRP router, which is Master, will send the VRRP broadcast packet 1 directly, and Backup will not preempt Master
When Master is unavailable,Backup will no longer receive the broadcast packet from Master, and the router with the highest priority among Backup will preempt Master.
This preemption is very fast (perhaps as little as 1 second or less) to ensure service continuity, and for security reasons,VRRP packets are encrypted using the encryption protocol.
2.3 what did you say in the interview
Answer:
keepalived high availability pairs communicate via VRRP, so I'll start with VRRP.
1)VRRP, full name Virtual Router Reduancy Protocol, Chinese name is virtual router redundancy protocol,VRRP is to solve the static routing of a single point of failure,
2)VRRP assigns the routing task to an VRRP router through a campaign protocol.
3)VRRP USES IP multicast (default multicast address (224.0.0.18)) to realize communication between highly available pairs.
4) when working, the primary node issues the package and the standby node receives the package. When the standby node fails to receive the package from the primary node, the takeover program will be launched to take over the resources of the primary node.
5) VRRP USES the encryption protocol to encrypt data, but keepalived still recommends that the authentication type and password be configured in clear text.
After introducing VRRP, next I will introduce the working principle of keepalived service.
keepalived high availability to communication between by VRRP VRRP is through the campaign mechanism to determine the main case, the priority of the Lord above, therefore, are all preferential access to resources, as for nodes in a wait state, when hung up the Lord, for the node will take over the master node resources, and then replace the master node external services.
Between the keepalived service pair, only the primary server will send the VRRP broadcast package directly to the standby server, telling the standby server that it is still alive. At this time, the standby server will not preempt the host. When the host is unavailable, that is, the standby server cannot listen to the broadcast package sent by the host, the relevant service will start to take over the resource, so as to ensure the business continuity
Chapter 3: VRRP protocol
VRRP implements the function of virtual router through the campaign mechanism
All protocol messages are delivered via the IP multicast (Multicast) package
The default multicast address is 224.0.0.18
VIP prerequisites:
1. Virtual public network IP must be real
2. IP cannot be repeated
3. The multicast address must be communicable
Chapter 4: keepalived installation configuration
1. Install keepalived
yum install keepalived -y
2. Configuration file interpretation
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
3. lb01 configuration
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
4. lb02 configuration
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
5. Start
systemctl start keepalived
Test 6.
Turn off any one and see if VIP drifts
Restore MASTER and see if VIP of BACKUP disappears
Chapter 5: splitting of the brain
1. Install the grab tool
yum install tcpdump -y
2.lb02 grab the bag and check it
tcpdump -nn -i any host 224.0.0.18
3.lb02 open a new terminal, then open the firewall
systemctl start firewalld.service
4.lb02 observed the phenomenon of bag catching
See if there is VIP on both sides
5. Add release rules
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface eth0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface eth1 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
systemctl reload firewalld
6.lb02 observed the phenomenon of bag catching
See if you have VIP on both sides
Chapter 6: keepalived double main experiment
1.lb01 configuration file
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
10.0.0.4
}
}
2.lb02 configuration file
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
3. Restart keepalived and observe the phenomenon
systemctl restart keepalived
Chapter 7: keepalived combined with nginx reverse agent load balancing
Nginx configuration for lb server:
Attention! The Nginx configuration for both lb servers is 1 module 1
1. Back up the original configuration
mkdir /backup
cd /etc/nginx/conf.d
mv * /backup
2. Write the Nginx configuration file
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
3. Test and restart nginx
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
keepalived configuration for lb server:
1. keepalived configuration for lb01
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
2. keepalived configuration for lb02
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
web server configuration:
Attention! Two web servers are configured in model 1
1. nginx configuration
[root@web01 ~]# cat /etc/nginx/conf.d/www.conf
server {
listen 80;
server_name www.mysun.com;
location / {
root /code;
index www.html;
}
}
2. Write to the test file
echo "$(hostname)" >/code/index.html
Chapter 8: anti-crack brain scripts
1. Problem phenomena:
1.nginx is dead, but keep is still alive
2. VIP on both sides
2. :
Fixed the problem of nginx hanging:
1. Write a script
2.keepalived calls this script on a regular basis
3. Implementation:
1. How are commands implemented
global_defs {
router_id lb01 # Set the routing ID Each host is not 1 sample
}
vrrp_instance VI_1 { # Set up the VRRP The group name, the same 1 The group name is the same
state MASTER # Set the role state, divided into MASTER BACKUP
interface eth0 #VIP Binding network card
virtual_router_id 50 # Virtual routing id And the same 1 group 1 sample
priority 150 # Weight, the higher the weight, the higher the priority
advert_int 1 # Send the multicast interval
authentication { # Set the password to clear text
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { # Virtual setting IP , this virtual IP Must be present, legal and unused.
10.0.0.3
}
}
2. Check the nginx process
[root@lb01 ~]# ps -ef|grep nginx|grep -v "grep"
root 1210 1 0 11:21 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 1211 1210 0 11:21 ? 00:00:00 nginx: worker process
[root@lb01 ~]# ps -ef|grep nginx|grep -v "grep"|wc -l
2
[root@lb01 ~]# ps -ef|grep nginx|grep -v "grep"|wc -l
0
Script content:
[root@lb01 ~]# cat check_web.sh
!/bin/bash
nginx_status=$(ps -C nginx --no-header|wc -l)
if [[ ${nginx_status} == 0 ]]
then
systemctl start nginx &> /dev/null
sleep 1
nginx_status=$(ps -C nginx --no-header|wc -l)
if [[ ${nginx_status} == 0 ]]
then
systemctl stop keepalived
fi
fi
keepalived call script:
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb01
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 5
weight 50
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check_web
}
}
4. The second problem: split brain
You have VIP on both sides
Phenomenon:
VIP on both sides
Both sides of Nginx are alive
Nginx of MASTER opposite is still alive
curl -I -s -w "%{http_code}\n" -o /dev/null 10.0.0.5
But I have VIP again
ip a |grep "10.0.0.3"|wc -l
I'll kill myself
systemctl stop nginx
systemctl stop keepalived
Script content:
[root@lb02 /server/scripts]# cat check_vip.sh
#!/bin/bash
master_status=$(curl -I -s -w "%{http_code}\n" -o /dev/null 10.0.0.5)
my_vip=$(ip a |grep "10.0.0.3"|wc -l)
if [ ${master_status} == 200 -a ${my_vip} == 1 ]
then
systemctl stop nginx
systemctl stop keepalived
fi
keepalived configuration:
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
router_id lb02
}
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 5
weight 50
}
vrrp_script check_vip {
script "/server/scripts/check_vip.sh"
interval 5
weight 50
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
track_script {
check_web
check_vip
}
}