Monthly filing: March 2018

Keepalive dual network (internal and external network) fault asynchronous drift dual active dual main mode

Comment

preface:

In the production environment, both the public network and the intranet are independent, so they are called dual networks. The following configuration will avoid synchronous drift in case of intranet and public network failures, for example: Keepalived+LVS-DR Keepalived+Nginx Keepalived+HAProxy These do not need synchronous drift. in addition Keepalived+LVS-NAT Synchronous drift is required.

1. Schematic diagram:

  • The multicast IP address is 224.0.0.111.
  • The VIP internal and external networks of one machine are the main and standby.
 +------+ |Client| +------+ /\ +--------+    |Internet| +--------+ /\ +--------+   |NAT network| +--------+ /\ +----------------------+ |Intranet VIP1: 10.16.8.100| |Intranet VIP2: 10.16.8.101| +----------------------+ /                \ +-----------------------+      +-----------------------+ |KA+Lvs-DR/Nginx/HAProxy|      |KA+Lvs-DR/Nginx/HAProxy| |Intranet VIP1: Master (eth1) | | Intranet VIP1: BACKUP (eth1)| |Intranet VIP2: BACKUP (eth1) | | Intranet VIP2: Master (eth1)| |Intranet: 10.16.8.10 (eth1) |<-->| Intranet: 10.16.8.11 (eth1)| |-----------------------|Multicast IP|-----------------------| |Public VIP1: Master (eth2) |<-->| Public VIP1: BACKUP (eth2)| |Public VIP2: BACKUP (eth2) | | Public VIP2: Master (eth2)| |Public network: 172.16.8.10 (eth2) | | Public network: 172.16.8.11 (eth2)| +-----------------------+      +-----------------------+ \                / +-----------------------+	  |Public network VIP1: 172.16.8.100| |Public network VIP2: 172.16.8.101| +-----------------------+ \/ +------+ |Resource pool| +------+

2. ka67 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka67 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state BACKUP interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

3. ka68 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka68 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state MASTER interface eth2 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

Keepalive dual network (internal and external network) fault synchronous drift active standby single active mode

Comment

preface:

In the production environment, both the intranet and the public network are separate. To achieve synchronization drift between the intranet and the public network, such as the Keepalived+LVS-NAT mode, you need to set the vrrp_sync_group synchronization group. The difference is that the following configuration is only the active/standby mode, not the active/active mode.

1. Schematic diagram:

  • The multicast IP address is 224.0.0.111.
  • Master intranet and public network VIP belong to the same group.
  • The BACKUP intranet and public network VIP belong to the same group.
 +------+ |Client| +------+ /\ +--------+    |Internet| +--------+ /\ +--------+   |NAT network| +--------+ /\ +---------------------+ |Intranet VIP: 10.16.8.100| +---------------------+ /                \ +-----------------------+      +-----------------------+ |KA+Lvs/Nginx/HAProxy   |      |KA+Lvs/Nginx/HAProxy   | |Intranet VIP: Master (eth1) | | Intranet VIP: BACKUP (eth1)| |Intranet: 10.16.8.10 (eth1) |<-->| Intranet: 10.16.8.11 (eth1)| |-----------------------|Multicast IP|-----------------------| |Public network VIP: Master (eth2) |<-->| Public network VIP: BACKUP (eth2)| |Public network: 172.16.8.10 (eth2) | | Public network: 172.16.8.11 (eth2)| +-----------------------+      +-----------------------+ \                / +----------------------+	  |Public network VIP: 172.16.8.100| +----------------------+ \/ +------+ |Resource pool| +------+

2. ka67 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka67 vrrp_mcast_group4 224.0.0.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

3. ka68 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka68 vrrp_mcast_group4 224.0.0.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

Keepalive dual network (internal and external network) fault asynchronous drift active standby single active mode

Comment

preface:

In the production environment, the intranet and the public network are independent, so the intranet and the public network do not need to drift synchronously. For example, Keepalived+LVS-DR, Keepalived+Nginx, Keepalived+HAProxy do not need to drift synchronously.

Note: Keep alive+LVS-NAT mode is excluded.

1. Schematic diagram:

The multicast IP address is 224.0.0.111.

 +------+ |Client| +------+ /\ +--------+    |Internet| +--------+ /\ +--------+   |NAT network| +--------+ /\ +---------------------+ |Intranet VIP: 10.16.8.100| +---------------------+ /                \ +-----------------------+      +-----------------------+ |KA+Lvs/Nginx/HAProxy   |      |KA+Lvs/Nginx/HAProxy   | |Intranet VIP: Master (eth1) | | Intranet VIP: BACKUP (eth1)| |Intranet: 10.16.8.10 (eth1) |<-->| Intranet: 10.16.8.11 (eth1)| |-----------------------|Multicast IP|-----------------------| |Public network VIP: Master (eth2) |<-->| Public network VIP: BACKUP (eth2)| |Public network: 172.16.8.10 (eth2) | | Public network: 172.16.8.11 (eth2)| +-----------------------+      +-----------------------+ \                / +----------------------+	  |Public network VIP: 172.16.8.100| +----------------------+ \/ +------+ |Resource pool| +------+

2. ka67 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka67 vrrp_mcast_group4 224.0.0.111 } vrrp_sync_group VG_1 { group { External_1 Internal_1 } } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

3. ka68 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka68 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1     authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth2 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

Keepalive single network dual active dual master configuration mode

Comment

preface:

Generally, this mode does not require a relatively complex configuration. Compared with the single network and single master mode, it has an additional active mode. It mainly realizes single network double main fault drift mode.

1. Architecture diagram:

The multicast IP address is 224.0.0.111.
NAT network can be configured according to the actual situation.

 +------+ |Client| +------+ /\ +--------+    |Internet| +--------+ /\ +--------+   |NAT network| +--------+ /\ +-----------------------+	  |Public network VIP1: 172.16.8.100| |Public network VIP2: 172.16.8.101| +-----------------------+ /                \ +-----------------------+      +-----------------------+ | KA+Lvs/Nginx/HAProxy  |      | KA+Lvs/Nginx/HAProxy  | |                       |<---->|                       | |VIP1: Master (eth1) | Multicast IP | VIP1: BACKUP (eth1)| | VIP2:BACKUP    (eth1) |<---->| VIP2:Master    (eth1) | | IP1:172.16.8.10(eth1) |      | IP1:172.16.8.11(eth1) | +-----------------------+      +-----------------------+ \                / +-----------------------+	  |Public network VIP1: 172.16.8.100| |Public network VIP2: 172.16.8.101| +-----------------------+ \/ +------+ |Resource pool| +------+

2. ka67 configuration file:

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka67 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VG_1 { state MASTER interface eth0 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           } vrrp_instance VG_2 { state BACKUP interface eth0 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           }

3. ka68 configuration file:

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka68 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VG_1 { state BACKUP interface eth0 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"   } vrrp_instance VG_2 { state MASTER interface eth0 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }

Keepalive single network active/standby/single active configuration mode (actual combat)

Comment

preface:

The following is described in Keepalived The simplest active/standby mode is configured in. Later, I will talk about the fault drift mode from the simple single network single active/standby mode to the dual network dual active/dual synchronous mode.

about Keepalived Introduction. It will not be described here. Please refer to the previous article:

Keep alive source code compilation, installation and configuration file explanation 》。

Architecture diagram:

The multicast IP address is 224.0.0.111.
NAT network can be configured according to the actual situation.

 +------+ |Client| +------+ /\ +--------+ |Internet| +--------+ /\ +--------+ |NAT network| +--------+ /\ +-----------------------+ |Public network VIP1: 172.16.8.100| +-----------------------+ /                \ +-----------------------+      +-----------------------+ | KA+Lvs/Nginx/HAProxy  |      | KA+Lvs/Nginx/HAProxy  | |VIP1: Master (eth1) | Multicast IP | VIP1: BACKUP (eth1)| | IP1:172.16.8.10(eth1) |      | IP1:172.16.8.11(eth1) | +-----------------------+      +-----------------------+ \                / +-----------------------+ |Public network VIP1: 172.16.8.100| +-----------------------+ \/ +------+ |Resource pool| +------+

Environmental Science:

MASTER:172.16.8.10
BACKUP:172.16.8.11
VIP:172.16.8.100
OS:CentOS Linux release 7.4.1708 (Core)

precondition:

  • Time synchronization.
  • set up SELinux And firewalls.
  • Between each other /etc/hosts Add the opposite host name to the file (optional).
  • Confirm that the interface supports multicast (multicast) by default.

Keep alive source code compilation, installation and configuration file explanation 》The above prerequisites have been completed.

1. Single network active/standby configuration file

MASTER configuration file:

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka67 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VG_1 { state MASTER interface eth0 virtual_router_id 103 priority one hundred advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           }

BACKUP configuration file:

 global_defs { notification_email { root@localhost } notification_email_from  ka68@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ka68 vrrp_mcast_group4 224.0.0.111 } vrrp_instance VG_1 { state BACKUP interface eth0 virtual_router_id 103 priority ninety-five advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"              }

2. General script

The following is notfiy.sh Common detection script:

 $ cat /usr/local/keepalived/etc/keepalived/notify.sh
 #!/ bin/bash contact=' root@localhost ' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master    ;; backup) notify backup    ;; fault) notify fault     ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac

3. Active/standby test

Test MASTER

Before starting keepalived, check the network card information:

 [ root@ka67  keepalived]# ip a
 ... eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever

After starting keepalived, check the network card information again:

 [ root@ka67  keepalived]# ip a
 ... eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100 /32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever

VIP 172.16.8.100 has been successfully added.

Test MASTER

Start keepalived:

 [ root@ka68  keepalived]# systemctl start keepalived

Now stop MASTER and see if it will drift to BACKUP:

 [ root@ka67  keepalived]# systemctl stop keepalived

To view the BACKUP running log:

 [ root@ka68  keepalived]# cat /cat /var/log/messages
 ... Keepalived_vrrp[1451]: VRRP_Instance(VG_1) Transition to MASTER STATE Keepalived_vrrp[1451]: VRRP_Instance(VG_1) Entering MASTER STATE Keepalived_vrrp[1451]: VRRP_Instance(VG_1) setting protocol VIPs. Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 ...

Successfully drifted to BACKUP host.

Restart MASTER:

 [ root@ka67  keepalived]# systemctl start keepalived

To view the BACKUP Keepalived service status:

 [ root@ka68  keepalived]# systemctl status keepalived
 keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active ( running ) since Tue 2018-03-02 22:13:14 EST;  15min ago Process: 1448 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1449 (keepalived) CGroup: /system.slice/keepalived.service ├─1449 /usr/local/keepalived/sbin/keepalived -D ├─1450 /usr/local/keepalived/sbin/keepalived -D └─1451 /usr/local/keepalived/sbin/keepalived -D Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: VRRP_Instance(VG_1) Sending/queueing gratuitous ARPs on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: Sending gratuitous ARP on eth0 for 172.16.8.100 Keepalived_vrrp[1451]: VRRP_Instance(VG_1) Entering BACKUP STATE Keepalived_vrrp[1451]: VRRP_Instance(VG_1) removing protocol VIPs. Keepalived_vrrp[1451]: Opening script file /usr/local/keepalived/etc/keepalived/notify.sh

The above status indicates that when MASTER resumes service, BACKUP's Keepalived will automatically drift to MASTER. Because the weight value of MASTER is higher than BACKUP. The above is the drift from BACKUP to MASTER.

Keep alive source code compilation, installation and configuration file explanation

Comment

What is Keepalived?

Keepalived is a server high availability solution based on the vrrp protocol. It can be used to avoid a single point of IP failure. Similar tools include heartbeat and corosync. However, it does not appear alone, but works together with LVS, Nginx and HAproxy to achieve high availability.

What is the VRRP protocol?

Full name of VRRP Vritual Router Redundancy Protocol , virtual routing redundancy protocol. By combining several devices that provide routing functions into a virtual routing device, a certain mechanism is used to ensure the high availability of virtual routing, so as to maintain business continuity and reliability.

In a virtual router composed of configurations, there are MASTER and BACKUP. MASTER is the primary node. In a virtual router, there can only be one MASTER, but there can be multiple BACKUP nodes. BACKUP is the standby node. That is, after the master node fails, BACKUP takes over all resources of the MASTER node. When there are multiple BACKUP nodes priority (priority) to elect who is the substitute of MASTER. When the priority value of the BACKUP node is the same, it is determined according to the size of its IP address.

precondition:

  • The time between nodes must be synchronized.
  • ensure Firewalld and SELinux It will not become an obstacle.
  • The network interface used by each node for cluster service must support MULTICAST (Multicast) communication. Use Class D address (224-239). It is recommended to define the multicast address manually, because if multiple cluster services use the default, although there is an authentication mechanism, they will still send messages to each other, which may affect the performance and generate useless log information.

1. Time synchronization

See《 Centos 7 Chrony Set Server Cluster System Time Synchronization 》。

2. Firewall configuration

 $ firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface eth0 --destination 224.0.0.111 --protocol vrrp -j ACCEPT $ firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface eth0 --destination 224.0.0.111 --protocol vrrp -j ACCEPT $ firewall-cmd --reload

3. Enable route forwarding

 $ echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf $ echo 1 > /proc/sys/net/ipv4/ip_forward

4. Install keepalived

 $ cd /tmp $ wget //www.keepalived.org/software/keepalived-1.3.9.tar.gz $ tar xvf keepalived-1.3.9.tar.gz $ cd keepalived-1.3.9 $ ./ configure --prefix=/usr/local/keepalived $ make && make install $ ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin $ mkdir /etc/keepalived/ $ ln -s /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

The following errors may occur during installation:

Possible error 1:

 checking for gcc...  no checking for cc... no checking for cl.exe...  no configure: error: in `/tmp/keepalived-1.3.9': configure: error: no acceptable C compiler found in $PATH See `config.log' for more details

Solution:

 $ yum install gcc -y

Possible error 2:

 configure: error: !!!  OpenSSL is not properly installed on your system. !!! !!!  Can not include OpenSSL headers files.            !!!

Solution:

 $ yum install openssl-devel -y

Possible error 3:

 *** WARNING - this build will not support IPVS with IPv6.  Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

Solution:

 $ yum install libnl-devel

Possible error 4:

 checking libnfnetlink/libnfnetlink.h usability...  no checking libnfnetlink/libnfnetlink.h presence...  no checking for libnfnetlink/libnfnetlink.h... no configure: error: libnfnetlink headers missing

Solution:

 $ yum install libnfnetlink-devel -y

Installation summary:

For a Centos 7 system with minimal installation, when compiling and installing keepalived source code, first install the following dependency packages, and then compile and install keepalived, the above errors will not occur.

Install dependent packages:

 $ yum install gcc openssl-devel libnl-devel libnfnetlink-devel ipvsadm -y

5. Explanation of keepalived configuration file

 #Global configuration, including two sub configuration blocks: global definition and static address and route. !  Configuration File for keepalived Global_defs {# Global definition Notification_email {# Notification email related settings acassen@firewall.loc #Mail destination address } notification_email_from  rwl@renwole.com #From Smtp_server 127.0.0.1 # Use the local mail service Smtp_connect_timeout 30 # Set the timeout for connecting to the smtp server Router_id LVS_LEVEL # Identifies that the current node is unique and cannot be the same between nodes #It is time-consuming to check all addresses in the vrrp message #Setting this flag means that if the received message and the previous message come from the same router, the check will not be performed. Skip check by default vrrp_skip_check_adv_addr Vrrp_strict # Strictly implement the VRRP protocol specification. This mode does not support node unicast #Decimal type, in seconds. #The delay time between each group of Gratuitous arp messages on a network card. #The default value is 0. One sent message=n groups of arp messages vrrp_garp_interval 0 #Decimal type, in seconds #The delay time between each group of na messages on a network card is 0 by default vrrp_gna_interval 0 } #This area is VRRP configuration, including two sub configuration blocks: vrrp_sync_group/vrrp_instance, which is mainly used to provide external service VIP area and its related attributes Vrrp_instance VI_1 {# VRRP instance State MASTER # There can only be one MASTER, and the rest should be BACKUP; Interface eth1 # External network interface Virtual_router_id 65 # virtual route ID ID, number, must be the same as in backup Priority 100 # priority, the number must be greater than backup Advert_int 1 # Multicast message sending interval. The settings of the two nodes must be the same, in seconds Authentication {# Set the authentication information. The two nodes must be consistent (clear text) auth_type PASS auth_pass 1111 } #Virtual address, i.e. Floating IP Virtual_ipadress {# can be abbreviated to a single address, and the system will calculate the mask and device by default 172.16.28.65 # 172.16.28.65/24 # 172.16.28.65/24 dev eth1 } #Define notification script (add another) notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } #This area is LVS configuration. If Keepalived+LVS is used, this configuration is required. If others are used, such as Keepalived+Nginx, no configuration is required. #LVS contains two sub configuration blocks: virtual_server_group/virtual_server #Virtual_server: Virtual server. Each virtual server contains multiple real servers real_servers. Virtual_server 172.16.28.65 80 {# Virtual IP listens to port 80 Delay_loop 6 # Health check interval, seconds Lb_algo rr # Load scheduling algorithm, usually using wlc or rr Lb_kind NAT # LVS load forwarding rules, DR, NAT, TUN, etc Persistence_timeout 50 # Session duration, seconds Protocol TCP # There are two forwarding protocols: tcp and udp Real_server 172.16.28.65 80 {# Configure the address and port of the real server Weight 1 # Weight SSL_GET { url { Path/# Health check page Digest ff20ad2481f97b1754ef3e12ecd3a9cc # MD5 value calculated } url { path /mrtg/ digest 9b3a0c85a887a256d6939da88aabd8cd } Connect_timeout 3 # Connection timeout, seconds Nb_get_retry 3 # Number of failed retries, remove after exceeding Delay_before_retry 3 # Failure retry interval, seconds } } } ...

6. Start keepalived

After the keepalived.conf is correctly configured, you can start keepalived and join the boot auto start service.

 $ systemctl start keepalived $ systemctl enable keepalived

The compilation and installation of keepalived source code is completed.

Note: This article mainly introduces what is keepalived and how to install the keepalived and annotation keepalived configuration files. There is no specific experimental or production configuration.

To learn about the various modes of keepalived in the production environment, please refer to the following articles:

Keepalive single network active/standby/single active configuration mode (actual combat)
Keepalive single network dual active dual master configuration mode
Keepalive dual network (internal and external network) fault asynchronous drift active standby single active mode
Keepalive dual network (internal and external network) fault synchronous drift active standby single active mode
Keepalive dual network (internal and external network) fault asynchronous drift dual active dual main mode
Keepalive dual network (internal and external network) fault synchronous drift dual active dual main mode

Centos 7 Chrony Set Server Cluster System Time Synchronization

2 replies

What is Chrony?

Chrony It is an open source free software, such as CentOS 7 Or based on RHEL 7 The operating system is already the default service, and the default configuration file is in /etc/chrony.conf It can keep the system time synchronized with the time server (NTP), so that the time is always synchronized. be relative to NTP Time synchronization software has a great advantage. Its usage is also very simple.

Chrony has two core components:

chronyd : is a daemon, which is mainly used to adjust the system time running in the kernel and synchronize the time server. It determines the rate at which the computer increases or decreases time, and adjusts and compensates for this.

chronyc : Provides a user interface for monitoring performance and diverse configurations. It can be used in chronyd It can also work on a different remote computer.

OS environment:

10.28.204.65 Client
10.28.204.66 Server

CentOS Linux release 7.4.1708 (Core)

Situation description: Both machines are intranet, so two hundred and four point six six As an NTP time server, two hundred and four point six five Synchronize time on this machine.

1. Install Chrony

The system has been installed by default. If not, please execute the following command to install:

 $ yum install chrony -y

2. Start and add the auto start

 $ systemctl enable chronyd.service $ systemctl restart chronyd.service $ systemctl status chronyd.service

3. Firewalld settings

 $ firewall-cmd --add-service=ntp --permanent $ firewall-cmd --reload

Due to NTP use 123/UDP Port protocol, so NTP service is allowed.

4. Configure Chrony

The following is the system default configuration file, which I will explain:

 $ cat /etc/chrony.conf
 #Use the public server in the pool.ntp.org project. Start with server. Theoretically, you can add as many servers as you want. # Please consider joining the pool (//www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst #Calculate the increase/decrease time ratio of the server according to the actual time, and record it in a file. After the system restarts, make the best time compensation adjustment for the system. driftfile /var/lib/chrony/drift #Chronyd adjusts the time of slowing down or accelerating according to the demand, #In some cases, the system clock may drift too fast, resulting in too long time adjustment. #This command forces chronod to adjust the system clock step by step when it is greater than a certain threshold. #It takes effect only when there are no more clock updates because the chronyd start time exceeds the specified limit (the limit can be disabled by using a negative value). makestep 1.0 3 #A kernel mode will be enabled, in which the system time will be copied to the real-time clock (RTC) every 11 minutes. rtcsync # Enable hardware timestamping on all interfaces that support it. #Enable hardware timestamps by using the hwtimestamp directive #hwtimestamp eth0 #hwtimestamp eth1 #hwtimestamp *

 # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 #Specify a host, subnet, or network to allow or deny NTP to connect to the machine that acts as the clock server #allow 192.168.0.0/16 #deny 192.168/16
 # Serve time even if not synchronized to a time source. local stratum 10 #Specify the file containing the NTP authentication key. #keyfile /etc/chrony.keys #Specifies the directory of the log file. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking

5. Set time zone

To view the current system time zone:

 $ timedatectl Local time: Fri 2018-2-29 13:31:04 CST Universal time: Fri 2018-2-29 05:31:04 UTC RTC time: Fri 2018-2-29 08:17:20 Time zone: Asia/Shanghai (CST, +0800) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: n/a

If your current time zone is incorrect, please set it as follows.

View all available time zones:

 $ timedatectl list-timezones

Filter to view the available time zone in Shanghai opened in Asia:

 $ timedatectl list-timezones |  grep  -E "Asia/S.*" Asia/Sakhalin Asia/Samarkand Asia/Seoul Asia/Shanghai Asia/Singapore Asia/Srednekolymsk

Set the current system as Asia/Shanghai Shanghai Time Zone:

 $ timedatectl set-timezone Asia/Shanghai

After setting the time zone, force the system clock to synchronize:

 $ chronyc -a makestep 200 OK

6. System time synchronization between server clusters

In the production environment, the networks are all intranet structures. How can the intranet ensure time synchronization between servers? In fact, this problem is very simple. You only need to set up an intranet time server, and then let all computers go to the server( 10.28.204.66 )Desynchronize the time.

Specific steps: Note the following contents on the server side:

 #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst

And add the following contents: (indicates the synchronization time with the local machine)

 server 10.28.204.66 iburst

In this way, the required intranet time server has been configured.

Also comment out others on the client server , and on the client side( 10.28.204.65 )Add the following:

 server 10.28.204.66 iburst

The synchronization of system time has been completed by now. If there are multiple machines, the same is true for operation.

7. Common commands

To view the time synchronization source:

 $ chronyc sources -v

To view the status of the time synchronization source:

 $ chronyc sourcestats -v

Set hardware time

The hardware time defaults to UTC:

 $ timedatectl set-local-rtc 1

Enable NTP time synchronization:

 $ timedatectl set-ntp yes

Calibrate the time server:

 $ chronyc tracking

Finally, it should be noted that the configuration is complete /etc/chrony.conf Restart is required after chrony Service, otherwise it may not take effect.

mount: unknown filesystem type ‘LVM2_member’

Comment

To solve the hard disk mount error:

mount: unknown filesystem type 'LVM2_member'
mount: you must specify the filesystem type

Description:

The server managed by the client goes to the computer room, and the system is Linux, which cannot be started, and can only be used for system recovery. After inquiry, we learned that:

  • The data disk has data. Not all spaces.
  • The customer is Xiaobai and doesn't understand Linux at all. (Do not know how to manage)?

My solution (to be on the safe side):

A new 500G hard disk is used as the Linux system. Attach the previous disk, and then copy the data.

Let's begin.

To view the disk:

 [ root@renwole-com  ~]# fdisk -l Disk /dev/sda: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000a9411 Device Boot      Start         End      Blocks   Id  System /dev/sda1   *           1          26      204800   83  Linux Partition 1 does not end on cylinder boundary. /dev/sda2              26        6553    52428800   83  Linux /dev/sda3            6553        7075     4194304   82  Linux swap / Solaris /dev/sda4            7075       60802   431557656    5  Extended /dev/sda5            7076       60802   431556608   83  Linux Disk /dev/sdb: 500.1 GB, 500107862016 bytes 255 heads, 63 sectors/track, 60801 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xa154a154 Device Boot      Start         End      Blocks   Id  System /dev/sdb1   *           1          64      512000   83  Linux Partition 1 does not end on cylinder boundary. /dev/sdb2              64       60802   487873536   8e  Linux LVM Disk /dev/mapper/VolGroup-lv_root: 53.7 GB, 53687091200 bytes 255 heads, 63 sectors/track, 6527 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/mapper/VolGroup-lv_home: 441.8 GB, 441765068800 bytes 255 heads, 63 sectors/track, 53708 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 ...

explain: The red part is the old disk that was broken before.

Install lvm2:

 [ root@renwole-com  ~]# yum install lvm2 -y

To view a physical volume:

 [ root@renwole-com  ~]# pvs PV         VG       Fmt  Attr PSize   PFree /dev/sdb2  VolGroup lvm2 a--u 465.27g    0

To view a volume group:

 [ root@renwole-com  ~]# lvdisplay --- Logical volume --- LV Path                /dev/VolGroup/lv_root LV Name                lv_root VG Name                VolGroup LV UUID                3Y5UYD-x0H9-F25h-foUz-rm0O-cgzl-pE8FbF LV Write Access        read/write LV Creation host, time localhost.localdomain, 2015-07-20 17:29:35 +0800 LV Status              available # open                 0 LV Size                50.00 GiB Current LE             12800 Segments               1 Allocation             inherit Read ahead sectors     auto - currently set to     256 Block device           253:0 --- Logical volume --- LV Path                /dev/VolGroup/lv_home LV Name                lv_home VG Name                VolGroup LV UUID                Eu7UKx-LPkM-RDQ6-ACym-KOOW-t2RC-oVq0Zn LV Write Access        read/write LV Creation host, time localhost.localdomain, 2015-07-20 17:29:56 +0800 LV Status              available # open                 1 LV Size                411.43 GiB Current LE             105325 Segments               1 Allocation             inherit Read ahead sectors     auto - currently set to     256 Block device           253:1 --- Logical volume --- LV Path                /dev/VolGroup/lv_swap LV Name                lv_swap VG Name                VolGroup LV UUID                PBkdrg-lhsO-vkde-RvC0-ryUh-p0pf-aMnBds LV Write Access        read/write LV Creation host, time localhost.localdomain, 2015-07-20 17:32:40 +0800 LV Status              available # open                 0 LV Size                3.84 GiB Current LE             984 Segments               1 Allocation             inherit Read ahead sectors     auto - currently set to     256 Block device           253:2

Activate volume group:

 [ root@renwole-com  ~]# vgchange -ay /dev/VolGroup 3 logical volume(s) in volume group "VolGroup" now active

Attach the hard disk:

 [ root@renwole-com  ~]# mount /dev/VolGroup/lv_home /apps/

/Apps is my new directory.

Check the mount status:

 [ root@renwole-com  ~]# df -h Filesystem                    Size  Used Avail Use% Mounted on /dev/sda2                      50G  2.1G   45G   5% / tmpfs                         3.9G     0  3.9G   0% /dev/shm /dev/sda1                     194M   34M  151M  19% /boot /dev/sda5                     406G  199M  385G   1% /home /dev/mapper/VolGroup-lv_home  405G  199M  385G   1% /apps

Enter the apps directory and look, wow; The data is still there. Congratulations.

In addition: if the mount error is reported:

mount: you must specify the filesystem type

You can use the following methods to view the disk format type, and then add parameters -t The specified format can be attached.

 [ root@renwole-com  ~]# file -s /dev/sda1 /dev/sda1: Linux rev 1.0 ext4 filesystem data (needs journal recovery) (extents) (huge files)

Important Note:

Do not delete the partition of the hard disk before finding a suitable solution, or the data will be damaged.
Even if the mount is successful, do not use the mv or rm command, but use the cp command.
Special note: Under Linux, it is almost unrealistic to use software to recover data.