首页 keepalived英文用户手册

keepalived英文用户手册

举报
开通vip

keepalived英文用户手册 Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 1 Keepalived for LVS User Guide Alexandre Cassen http://www.keepalived.org � acassen@linux-vs.org Copyrig...

keepalived英文用户手册
Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 1 Keepalived for LVS User Guide Alexandre Cassen http://www.keepalived.org � acassen@linux-vs.org Copyright © Alexandre Cassen – Linux Virtual Server OpenSource p LicenceLicenceLicenceLicence This document is copyright 2001, 2002 Alexandre Cassen. It is released under the terms of the GNU General Public Licence. You can redistribute it and/or modify it under the terms of the GNU General Public Licence as published by the Free Software Foundation; either version 2 of the Licence, or (at your option) any later version. roject 2 Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 3 CONTENTSCONTENTSCONTENTSCONTENTS CONTENTS ..............................................................................................................................3 I. INTRODUCTION.................................................................................................................4 II. TERMINOLOGY................................................................................................................4 III. SOFTWARE ARCHITECTURE.....................................................................................5 3.1 GLOBAL VIEW AND LOCALIZATION .....................................................................................5 3.2 SOFTWARE DESIGN ............................................................................................................6 IV. HEALTHCHECK FRAMEWORK .................................................................................7 V. FAILOVER FRAMEWORK : VRRP FRAMEWORK ..................................................7 VI. INSTALLING KEEPALIVED .........................................................................................8 VII. KEEPALIVED CONFIGURATION SYNOPSIS .........................................................9 7.1 GLOBAL DEFINITIONS SYNOPSIS ........................................................................................9 7.2 VIRTUAL SERVER DEFINITIONS SYNOPSIS...........................................................................9 7.3 VRRP INSTANCE DEFINITIONS SYNOPSIS ........................................................................11 VIII. KEEPALIVED PROGRAMS SYNOPSIS .................................................................12 8.1 KEEPALIVED DAEMON.......................................................................................................12 8.2 GENHASH UTILITY ............................................................................................................12 8.3 RUNING KEEPALIVED DAEMON .........................................................................................12 IX. CASE STUDY : HEALTHCHECK ...............................................................................14 9.1 MAIN ARCHITECTURE COMPONENTS.................................................................................14 9.2 SERVER POOL SPECIFICATIONS ........................................................................................14 9.3 KEEPALIVED CONFIGURATION..........................................................................................15 X. CASE STUDY : FAILOVER USING VRRP..................................................................18 10.1 ARCHITECTURE SPECIFICATION .....................................................................................19 10.2 KEEPALIVED CONFIGURATION........................................................................................19 XI. CASE STUDY : MIXING HEALTHCHECK & FAILOVER ....................................21 11.1 KEEPALIVED CONFIGURATION........................................................................................21 Cop I. IntroductionI. IntroductionI. IntroductionI. Introduction Load balancing is a good solution for service virtualization. When you design a load balanced topology one must take special care of: • Real server availability using health-checks. • Load balancer availability using failover protocol. Load balancing real services, provides a global Highly Available virtual service. To increase the load balanced service availability we need to monitor each real server node. This problem is mainly handled using a health-check framework manipulating a real server pool. On the other hand, when using a load balancer director we introduce a Single Point Of Failure for the virtual service. So load balancer high availability must also be handled, using dedicated routing protocols for director failover/virtualization. Keepalived tries to address these two problems by adding, on the one hand, a strong & robust health-check framework, and on the other hand, implementing a Hot Standby protocol. These two frameworks can deal with the Linux Virtual Server (LVS) framework to manipulate LVS real server pools by adding or removing real servers based on health-checks’ decisions. II. TerminologyII. TerminologyII. TerminologyII. Terminology In LV WAN LVS Router WAN Interface LVS stands for “Linux Virtual Server“. LVS is a patched Linux kernel that adds a load balancing facility. For more information on LVS, please refer to the project homepage: http://www.linux-vs.org. LVS acts as a network bridge (using NAT) to load balance TCP/UDP stream. The LVS router components are: • WAN Interface: Ethernet Network Interface Controller that will be accessed by all the yright © Alexandre Cassen – Linux Virtual Server OpenSource project 4 this document, we will use the following keywords: S component: • VIP: The Virtual IP is the IP address that will be accessed by all the clients. The clients only access this IP address. • Real server: A real server hosts the application accessed by client requests. WEB SERVER 1 & WEB SERVER 2 in our synopsis. • Server pool: A farm of real servers. Hub / SWITCH WEB SERVER 1 WEB SERVER 2 LAN Interface clients. • LAN Interface: Ethernet Network Interface Controller to manage all the load balanced servers. • Linux kernel: The kernel is patched with the latest LVS and is used as a router OS. • Virtual server: The access point to a Server pool. • Virtual Service: A TCP/UDP service associated with the VIP. VRRP component: • VRRP: The protocol implemented for the directors’ failover/virtualization. • VRRP Instance: A thread manipulating VRRPv2 specific set of IP addresses. A VRRP Instance may backup one or more VRRP Instance. In our “Case study: Failover”, we are dealing with 4 VRRP Instances. One owning (VIP1,VIP2), one owning (VIP3,VIP4), one owning (DIP1) and one owning (DIP2). It may participate in one or more virtual routers. • IP Address owner: The VRRP Instance that has the IP address(es) as real interface address(es). This is the VRRP Instance that, when up, will respond to packets addressed to one of these IP address(es) for ICMP, TCP connections, … • MASTER state: VRRP Instance state when it is assuming the responsibility of forwarding packets sent to the IP address(es) associated with the VRRP Instance. This state is illustrated on “Case study: Failover” by a red line. • BACKUP state: VRRP Instance state when it is capable of forwarding packets in the event Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 5 that the current VRRP Instance MASTER fails. • Real Load balancer: An LVS director running one or many VRRP Instances. • Virtual Load balancer: A set of Real Load balancers. • Synchronized Instance: VRRP Instance with which we want to be synchronized. This provides VRRP Instance monitoring. • Advertisement: The name of a simple VRRPv2 packet sent to a set of VRRP Instances while in the MASTER state. III. Software ArchitectureIII. Software ArchitectureIII. Software ArchitectureIII. Software Architecture 3.1 Global View and localization Pool de serveurs WAN Hub LoadBalancer Linux Virtual Server Server 1 Server 2 Server 3 Server 4 Kernel Space User Space Routing Decision FORWARD RULES Incomnig IP Packet ProcessINPUTRULES OUTPUT RULES VS Rules Table VS Connection Hash Table setsockopt proc filesystem Firewall FrameWork VS Schedule Controle Module Outgoing IP Packet VIP setsockopt proc filesystem NETLINK Multicast HealthCheck Framework VRRP Framework Cop Our software architecture deals with 4 Linux kernel components: • LVS kernel framework: Using the setsockopt call for kernel 2.2 and the setsockopt netfilter call for kernel 2.4. • IPCHAINS framework: For kernel 2.2 in LVS NAT architecture we use an internal IPCHAINS wrapper to send MASQ chains to the kernel. This is only used when running Linux 2.2 kernel. On kernel 2.4 IPVS code handles specific NAT rules using the netfilter call. • NETLINK Interface: For the Hot Standby protocol (VRRP), we use the NETLINK interface to set/remove VRRP VIP. • MULTICAST: For the VRRP part, advertisements are sent to a MULTICAST group. 3.2 Software design The following figure illustrates the Keepalived internal software implementation components. Keepalived uses a fully multithreaded framework based on a central I/O multiplexer. The 2 main components are: • Health-checker worker threads: Each health-check is registered to our global scheduling framework. These workers perform health-checks using on the Keepalived health-check Th VRRP Bootstrap Socket Pool thread Global scheduling framework I/O multiplexer VRRP Packet Dispatcher thread VRRP state handler Kernel Space User Space VRRP Instance VI_1 VRRP Instance VI_2 VRRP Instance VI_n LOW LEVEL PRIMITIVES Netlink Multicast SIOCGIF SMTP Notification IPVS framework Multilayer HealthCheck Framework MISC CHECKER External Forked process call TCP CONNECT THREAD HTTP GET send SSL GET send MD5SUM over HTML content THREAD Layer 4 Layer 5/6/7 DAEMON INITIALIZATION HealthCheckers Workers thread registration yright © Alexandre Cassen – Linux Virtual Server OpenSource project 6 framework. The health-check frameworks currently implements 3 checkers : o TCP CHECK: Performing a LAYER3 check. o HTTP GET: Checking a remote HTTP server html content integrity. o SSL GET: Checking a remote SSL server html content integrity. o MISC CHECK: Performing user defined integrity checks. • VRRP Packet Dispatcher: Demultiplexing specific I/O to handle VRRP Instance corresponding. ese 2 main components use the following low-level primitives: • SMTP notification: An SMTP wrapper using asynchronous stream process. This primitive enables Keepalived to send email notifications. Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 7 • IPVS framework: The LVS kernel interface for real server pool manipulation. All the IPVS load balancing methods are implemented eg: LVS NAT, DR & TUN. • Netlink: Kernel routing interface for the VRRP part. Provides VRRP VIP manipulation. • Multicast: For sending VRRP adverts we use multicast (need to handle multicast binding to specific interface, …) • IPCHAINS framework: This is only used if running Linux kernel 2.2 to automatically set MASQ chains. This part is obsolete for newer kernel since LVS natively deals with MASQ rules as it is a NETFILTER module. Only implemented for compatibility purpose. • SYSLOG: All daemon notification messages are logged using the syslog daemon. IV. Healthcheck frameworkIV. Healthcheck frameworkIV. Healthcheck frameworkIV. Healthcheck framework As described in the global Keepalived software design, the current multilayer health-check framework implements the following checker modules: • TCP_CHECK: Working at layer4. To ensure this check, we use a TCP Vanilla check using nonblocking/timed-out TCP connections. If the remote server does not reply to this request (timed-out), then the test is wrong and the server is removed from the server pool. • HTTP_GET: Working at layer5. Performs a GET HTTP to a specified URL. The get result is then summed using the MD5 algorithm. If this sum does not match with the expected value, the test is wrong and the server is removed from the server pool. This module implements a multi-URL get check on the same service. This functionality is useful if you are using a server hosting more than one application server. This functionality gives you the ability to check if an application server is working properly. The MD5 digests are generated using the genhash utility (included in the keepalived package). • SSL_GET: Same as HTTP_GET but uses a SSL connection to the remote webservers. • MISC_CHECK: This check allows a user defined script to be run as the health checker. The result must be 0 or 1. The script is run on the director box and this is an ideal way to test in- house applications. Scripts that can be run without arguments can be called using the full path (i.e. /path_to_script/script.sh). Those requiring arguments need to be enclosed in double quotes (i.e. “/path_to_script/script.sh arg1 … argn”) The goal for Keepalived is to define a generic framework easily extensible for adding new checkers modules. If you are interested into checkers development, you can read the HackingGuide which exposes the internal software implementation and style guide used (this guide is currently under writing process). V. Failover framework: VRRP frameworkV. Failover framework: VRRP frameworkV. Failover framework: VRRP frameworkV. Failover framework: VRRP framework For director failover Keepalived implements the VRRP protocol. To quickly describe this protocol : “VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.” [rfc2338]. Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 8 NB: This framework is LVS independent, so you can use it for LVS director failover, even for other Linux routers needing a Hot-Standby protocol. This framework has been completely integrated in the Keepalived daemon for design & robustness reasons. The main functionalities provided by this framework are: • Failover: The native VRRP protocol purpose, based on a roaming set of VRRP VIPs. • VRRP Instance synchronization: We can specify a state monitoring between 2 VRRP Instances. It guarantees that 2 VRRP Instances remain in the same state. The synchronized instances monitor each other. • Nice Fallback • Advert Packet integrity: Using IPSEC-AH ICV. • System call: During a VRRP state transition, an external script/program can be called. VIVIVIVI. Installing Keepalived. Installing Keepalived. Installing Keepalived. Installing Keepalived Before installing Keepalived, any previously installed version should be removed. 1. Download the latest Keepalived source code from the web site and unzip/untar it. In order to compile Keepalived you need to have the following libraries installed: • OpenSSL, : This library is needed for MD5 and SSL support. • popt, : Used for command line parsing. You will also need the Linux kernel source with the ipvs patches if you intend to use Keepalived with LVS. 2. Then simply compile the daemon and the genhash utility. 3. All the binary and template configuration file are installed. You may need to create a call to the keepalived daemon in your rc file. If you are using RedHat Linux, an example initialization setup would be: If you are running Debian Linux this would be: Note: The link should be added in your default run level directory. [root@lvs keepalived]# ./configure [root@lvs keepalived]# make [root@lvs keepalived]# make install [root@lvs keepalived]# ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived [root@lvs keepalived]# ln -s /etc/init.d/keepalived.init /etc/rc2.d/S99keepalived Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 9 VII. Keepalived configuration synopsisVII. Keepalived configuration synopsisVII. Keepalived configuration synopsisVII. Keepalived configuration synopsis The Keepalived configuration file uses the following synopsis (configuration keywords are Bold/Italic): 7.1 Global definitions synopsis Keyword Definition Type global_defs identify the global def configuration block notification_email email accounts that will receive the notification mail List notification_email_from email to use when processing “MAIL FROM:” SMTP command List smtp_server remote SMTP server to use for sending mail notifications alphanum smtp_connection_timeout specify a timeout for SMTP stream processing numerical lvs_id specify the name of the LVS director alphanum Email type: Is a string using charset as specified into the SMTP RFC eg: “user@domain.com” 7.2 Virtual server definitions synopsis global_defs { notification_email { email email } notification_email_from email smtp_server host smtp_connect_timeout num lvs_id string } virtual_server (@IP PORT)|(fwmark num) { delay_loop num lb_algo rr|wrr|lc|wlc|sh|dh|lblc lb_kind NAT|DR|TUN (nat_mask @IP) persistence_timeout num persistence_granularity @IP virtualhost string protocol TCP|UDP sorry_server @IP PORT real_server @IP PORT { weight num TCP_CHECK { connect_port num connect_timeout num } } real_server @IP PORT { weight num MISC_CHECK { misc_path /path_to_script/script.sh (or misc_path “/path_to_script/script.sh ”) } } } real_server @IP PORT { weight num HTTP_GET|SSL_GET { url { # You can add multiple url block path alphanum digest alphanum } connect_port num connect_timeout num nb_get_retry num delay_before_retry num } } } Copyright © Alexandre Cassen – Linux Virtual Server OpenSource project 10 Keyword Definition Type virtual_server identify a virtual server definition block fwmark specify that virtual server is a FWMARK delay_loop specify in seconds the interval between checks numerical lb_algo select a specific scheduler (rr|wrr|lc|wlc…) string lb_kind select a specific forwarding method (NAT|DR|TUN) string persistence_timeout specify a timeout value for persistent connections numerical persistence_granularity specify a granularity mask for persistent connections Virtualhost specify a HTTP virtualhost to use for HTTP|SSL_GET alphanum protocol specify the protocol kind (TCP|UDP) numerical sorry_server server to be added to the pool if all real servers are down real_server specify a real server member Weight specify the real server weight for load balancing decisions numerical TCP_CHECK check real server availability using TCP connect MISC_CHECK check real server availability using user defined scr
本文档为【keepalived英文用户手册】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑, 图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。
下载需要: 免费 已有0 人下载
最新资料
资料动态
专题动态
is_400479
暂无简介~
格式:pdf
大小:579KB
软件:PDF阅读器
页数:23
分类:互联网
上传时间:2012-01-05
浏览量:56