目录
1 keepalived部署与环境准备
1.1 Keepalived 实验环境准备
1.2 Keepalived 相关文件
1.3 Keepalived 安装
1.4 KeepAlived 配置说明
1.5 配置语法说明
2 企业应用示例与配置
2.1 主从架构
2.1.1 启用keepalived日志功能
2.1.2 vrrp_iptables 参数
2.1.3 实现独立子配置文件
2.1.4 主从架构示例
2.2 抢占模式和非抢占模式
2.3 抢占延迟模式 preempt_delay
2.4 VIP单播配置
2.5 Keepalived 通知脚本配置
1 keepalived部署与环境准备
1.1 Keepalived 实验环境准备
- 各节点时间必须同步:ntp, chrony
- 关闭防火墙及SELinux
- 各节点之间可通过主机名互相通信:非必须
- 建议使用/etc/hosts文件实现:非必须
- 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信:非必须
1.2 Keepalived 相关文件
- 软件包名:keepalived
- 主程序文件:/usr/sbin/keepalived
- 主配置文件:/etc/keepalived/keepalived.conf
- 配置文件示例:/usr/share/doc/keepalived/
- Unit File:/lib/systemd/system/keepalived.service
- Unit File的环境配置文件:/etc/sysconfig/keepalived
1.3 Keepalived 安装
[root@keep01 ~]# yum install keepalived -y
[root@keep01 ~]# systemctl start keepalived
[root@keep02 ~]# yum install keepalived -y
[root@keep02 ~]# systemctl start keepalived
1.4 KeepAlived 配置说明
配置文件组成部分
配置文件:/etc/keepalived/keepalived.conf
配置文件组成
- GLOBAL CONFIGURATION
Global definitions: 定义邮件配置,route_id,vrrp配置,多播地址等
- VRRP CONFIGURATION
VRRP instance(s): 定义每个vrrp虚拟路由器
- LVS CONFIGURATION
Virtual server group(s) Virtual server(s): LVS集群的VS和RS
1.5 配置语法说明
帮助
man keepalived.conf
keepalived.conf实现IP接管部分参数说明
# Configuration File for keepalived
global_defs { # 全局定义部分
notification_email { # 邮件通知设置
acassen@firewall.loc # 收件人1
failover@firewall.loc # 收件人2
sysadmin@firewall.loc # 收件人3
}
notification_email_from Alexandre.Cassen@firewall.loc # 发件人地址
smtp_server 192.168.200.1 # SMTP 服务器地址
smtp_connect_timeout 30 # SMTP 连接超时时间(秒)
router_id LVS_DEVEL # 路由器标识符
vrrp_skip_check_adv_addr # 忽略 VRRP 广播地址检查
vrrp_strict # 严格模式,禁止非 VRRP 主机接收 VRRP 报文
vrrp_garp_interval 0 # GARP(Gratuitous ARP)广播间隔为 0(关闭此功能)
vrrp_gna_interval 0 # GNA通告间隔为 0(关闭此功能)
}这个配置文件中的全局定义部分包含了邮件通知的相关设置,包括收件人的邮箱地址、发件人的邮箱地址、SMTP 服务器地址以及超时时间等。这些设置可以帮助 Keepalived 在发生故障时发送通知给管理员。
配置虚拟路由器参数说明
vrrp_instance VI_1 { # 定义一个 VRRP 实例,名称为 VI_1
state MASTER # MASTER或者BACKUP 必须为大写
interface eth0 # 使用 eth0 网络接口
virtual_router_id 51 #虚拟路由器 ID
#每个虚拟路由器惟一标识,范围:0-255,每个虚拟路由器此值必须唯一
#否则服务无法启动
#相同id管理同一个虚拟路由
#同属一个虚拟路由器的多个keepalived节点必须相同
#务必要确认在同一网络中此值必须唯一
priority 100 #当前物理节点在此虚拟路由器的优先级,范围:1-254
#值越大优先级越高,每个keepalived主机节点此值不同
advert_int 1 # 广告间隔(秒)
authentication { # 认证设置
auth_type PASS # 认证类型为密码认证
auth_pass 1111 # 密码
}
virtual_ipaddress { # 虚拟 IP 地址列表
192.168.200.16 #指定VIP,不指定网卡,默认为eth0,注意:不指定/prefix,默认32
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2:1
}
}这个配置告诉 Keepalived 使用 eth0 接口,并且设置了虚拟路由器 ID、优先级、广告间隔、认证方式和密码等参数。同时,它也指定了三个虚拟 IP 地址,这些 IP 地址将在主节点和备节点之间进行切换。
不抢占模式
nopreempt 设置的是高可用集群中的不抢占功能。 在一个 HA 集群中, 如果主节点死机了, 备用节点会进行接管, 主节点再次正常启动后一般会自动接管服务。 对于实时性和稳定性要求不高的业务系统来说, 这种来回切换的操作还是可以接受的。 而对于稳定性和实时性要求很高的业务系统来说, 不建议来回切换, 毕竟服务的切换存在一定的风险和不稳定性, 在这种情况下, 就需要设置 nopreempt 这个选项。 设置 nopreempt 可以实现主节点故障恢复后不再切回到主节点, 让服务一直在备用节点下工作, 直到备用节点出现故障才会进行切换。 在使用不抢占功能时, 只能在“state” 状态为 “BACKUP” 的节点上设置, 而且这个节点的优先级必须高于其他节点
抢占延迟模式
抢占延迟模式(preempt_delay)是 Keepalived 中的一个特性,用于控制主节点在从故障中恢复后是否立即重新成为主节点。如果启用了抢占延迟模式,主节点会在从故障中恢复后等待一段时间再重新成为主节点,以确保备用节点能够正常工作。
2 企业应用示例与配置
2.1 主从架构
实现MASTER/BACKUP的 Keepalived 单主架构
# MASTER配置
# Configuration File for keepalived
global_defs { # 全局定义部分
notification_email { # 邮件通知设置
1282318338@qq.com # 收件人1
}
notification_email_from wawa@shuyan.com # 发件人地址
smtp_server 127.0.0.1 # SMTP 服务器地址
smtp_connect_timeout 30 # SMTP 连接超时时间(秒)
router_id keep1.shuyan.com # 路由器标识符
vrrp_skip_check_adv_addr # 忽略 VRRP 广播地址检查
vrrp_strict # 严格模式,禁止非 VRRP 主机接收 VRRP 报文
vrrp_garp_interval 0 # GARP 广播间隔为 0(关闭此功能)
vrrp_gna_interval 0 # GNA 通告间隔为 0(关闭此功能)
vrrp_mcast_group4 224.0.0.18 # VRRP 组播组地址
# vrrp_garp_interval 0 :
# GARP(Gratuitous ARP)广播间隔,用于更新本地 ARP 表。
# 默认情况下,VRRP 主机会周期性地发送 GARP 包来更新本地 ARP 表,
# 以便让其他主机知道虚拟 IP 地址现在属于哪个物理机器。将其设置为 0 将禁用此功能。
# vrrp_gna_interval 0 :
# GNA(Gratuitous Neighbor Advertisement)通告间隔,
# 用于更新本地 NDP 表。类似地,默认情况下,
# VRRP 主机会周期性地发送 GNA 包来更新本地 NDP 表,
# 以便让其他主机知道虚拟 IP 地址现在属于哪个物理机器。将其设置为 0 将禁用此功能。
}
vrrp_instance VI_1 { # 定义一个 VRRP 实例,名称为 VI_1
state MASTER # 当前节点状态为主节点
interface eth0 # 使用 eth0 网络接口
virtual_router_id 100 # 虚拟路由器 ID
priority 100 # 优先级,数值越大优先级越高
advert_int 1 # 指定 VRRP 报文的发送间隔,单位是秒。
# VRRP 报文是用来告知其他节点当前节点的状态变化的,
# 例如从 Master 切换到 Backup 或者从 Backup 切换到 Master。
# 这个值越小,其他节点收到状态变化信息的速度就越快,
# 但是也会增加网络负担。一般来说,这个值应该设置得足够大,
# 以便减少不必要的报文传输,但也不能太大以至于影响到故障恢复的时间。
authentication { # 认证设置
auth_type PASS # 认证类型为密码认证
auth_pass 1111 # 密码
}
virtual_ipaddress { # 虚拟 IP 地址列表
192.168.239.100/24 dev eth0 label eth0:1 # 虚拟 IP 地址及网络接口
}
# BACKUP 配置
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_mcast_group4 224.0.0.18
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100 # 同一VIP,必须要和MASTER一样
priority 80 # 优先级改为80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}使用tcpdump来查看发送vrrp包的情况
keep01
[root@keep01 ~]# tcpdump -i eth0 -nn host 224.0.0.18
停止keepalived服务
[root@keep01 ~]# systemctl stop keepalived.service
再次使用tcpdump查看vrrp发送的情况 --这个时候就出现了地址漂移,在keep02上查看发现VIP从keep01已经移动到了keep02机子上
keep01上重启服务由于优先度高并且是master 地址就被抢占回来了
2.1.1 启用keepalived日志功能
[root@keep01 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@keep01 ~]# vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
[root@keep01 ~]# systemctl restart rsyslog.service
[root@keep01 ~]# systemctl restart keepalived.service
# 查看日志是否生成
[root@keep01 ~]# ll /var/log/ | grep keepalive
-rw-------. 1 root root 833349 8月 12 21:49 keepalived.log
2.1.2 vrrp_iptables 参数
如果没有使用 vrrp_iptables 选项,那么在 VRRP 主机之间 ping 通虚拟 IP 地址可能会出现问题。这是因为默认情况下,VRRP 使用内核模块来更新 IP 路由表,而不是使用 iptables 规则。 在截图中,可以看到 iptables 输出中的 FORWARD 链中有两条规则,其中一条是拒绝所有流量的规则。这条规则可能会阻止 VRRP 主机之间的通信,因为它们试图通过虚拟 IP 地址进行通信。 要解决这个问题,可以使用 vrrp_iptables 选项来启用 iptables 更新 IP 路由表的功能。这样,VRRP 就可以在两个 VRRP 主机之间建立正确的 IP 路由表条目,从而使它们能够相互 ping 通虚拟 IP 地址。
[root@keep01 ~]# vim /etc/keepalived/keepalived.conf
实现效果
2.1.3 实现独立子配置文件
当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理
将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中利用include 指令可以实现包含子配置文件
格式:
include /etc/keepalived/conf.d/*.conf
[root@keep01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
include /etc/keepalived/conf.d/*.conf # 增加这一行,并删除实例
[root@keep01 ~]# mkdir -p /etc/keepalived/conf.d
# 在子配置文件中添加实例
[root@keep01 ~]# vim /etc/keepalived/conf.d/router.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
2.1.4 主从架构示例
# MASTER
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
# BACKUP
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_mcast_group4 224.0.0.18
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
# 抓包观察
[root@keep01 ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:19:31.578997 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:32.580005 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:33.581029 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:34.582014 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:35.583065 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:36.584233 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:37.585250 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:38.586526 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:39.587776 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
22:19:40.588296 IP 192.168.239.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 202.2 抢占模式和非抢占模式
非抢占模式 nopreempt
- 默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,
- 这样会使vip在KA主机中来回漂移,造成网络抖动。
- 建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色
- 非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
keep01与keep02均需要增加
############## MASTER ################################
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100 # 优先级高
nopreempt #非抢占模式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
########################### BACKUP ##############################
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_mcast_group4 224.0.0.18
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 # 优先级低
nopreempt # 非抢占模式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
使用tcpdump查看vrrp
[root@keep01 ~]# tcpdump -i eth0 -nn host 224.0.0.18
将keep01的keepalived服务停止,这个时候VIP就到keep02上了
启动keep01的keepalived服务发现优先级高的keep01并没有抢占VIP变成192.168.239.10
2.3 抢占延迟模式 preempt_delay
preempt_delay # #指定抢占延迟时间为#s,默认延迟300s注意:需要各keepalived服务器state为BACKUP,并且不要启用 vrrp_strict
示例:
####################### MASTER ################################
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100 # 高优先级
advert_int 1
# nopreempt
preempt_delay 10s # 延迟抢占
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
####################### BACKUP ################################
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_mcast_group4 224.0.0.18
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 # 低优先级
advert_int 1
# nopreempt
preempt_delay 10s # 延迟抢占
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
}
以下是动图效果
2.4 VIP单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量
注意:启用 vrrp_strict 时,不能启用单播
#在所有节点vrrp_instance语句块中设置对方主机的IP,建议设置为专用于对应心跳线网络的地址,而非使
用业务网络
unicast_src_ip <IPADDR> #指定发送单播的源IP
unicast_peer {
<IPADDR> #指定接收单播的对方目标主机IP
......
}
#启用 vrrp_strict 时,不能启用单播,否则服务无法启动
两台机子都需要加
####################### MASTER ################################
! Configuration File for keepalived
global_defs {
notification_email {
1282318338@qq.com
}
notification_email_from wawa@shuyan.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# vrrp_mcast_group4 224.0.0.18 # 组播注释掉
# vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# nopreempt
preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.10 # 自己的地址,源地址
unicast_peer {
192.168.239.20 # 目的地址
}
}
####################### BACKUP ################################
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep2.shuyan.com
vrrp_skip_check_adv_addr
# vrrp_strict # 注释此参数,与单播冲突
# vrrp_mcast_group4 224.0.0.18 # 组播注释掉
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80 # 低优先级
advert_int 1
# nopreempt
# preempt_delay 10s # 延迟抢占
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.239.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.239.20 # 自己的地址,源地址
unicast_peer {
192.168.239.10 # 发给对方的地址
}
}
查看单播效果
[root@keep01 ~]# tcpdump -i eth0 -nn src host 192.168.239.10 and dst 192.168.239.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:54:22.124492 ARP, Reply 192.168.239.10 is-at 00:0c:29:6f:17:68, length 28
23:54:28.122100 IP 192.168.239.10 > 192.168.239.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:54:29.123921 IP 192.168.239.10 > 192.168.239.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:54:30.125550 IP 192.168.239.10 > 192.168.239.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:54:31.126694 IP 192.168.239.10 > 192.168.239.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
# 停止keep01 之后 keep02就能发送组播了,优先度 priority
[root@keep01 ~]# systemctl stop keepalived
[root@keep02 ~]# tcpdump -i eth0 -nn src host 192.168.239.20 and dst 192.168.239.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:01:22.033415 ARP, Reply 192.168.239.20 is-at 00:0c:29:45:d5:b6, length 28
01:01:47.708026 IP 192.168.239.20 > 192.168.239.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
01:01:48.710298 IP 192.168.239.20 > 192.168.239.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
01:01:49.711593 IP 192.168.239.20 > 192.168.239.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
01:01:50.713440 IP 192.168.239.20 > 192.168.239.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
01:01:51.714853 IP 192.168.239.20 > 192.168.239.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
01:01:52.715121 ARP, Request who-has 192.168.239.10 tell 192.168.239.20, length 282.5 Keepalived 通知脚本配置
邮件配置
安装邮件发送工具
[root@keep01 ~]# yum install mailx -y
[root@keep02 ~]# yum install mailx -yQQ邮箱设置
[root@keep01 ~]# vim /etc/mail.rc
set bsdcompat
set from=1282318338@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1282318338@qq.com
set smtp-auth-password=qweqweqweqwecfqwf # 乱填的,这个得自己找自己的认证码
set smtp-auth=login
set ssl-verify=ignore
[root@keep02 ~]# vim /etc/mail.rc
set bsdcompat
set from=1282318338@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1282318338@qq.com
set smtp-auth-password=pzmdvotmwnwagaea
set smtp-auth=login
set ssl-verify=ignore
授权码获取
# 格式:
echo 内容 | mail -s 标题 1282318338@qq.com
[root@keep01 ~]# echo hello word | mail -s shuyan 1282318338@qq.com
Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
默认以用户keepalived_script身份执行脚本
如果此用户不存在,以root执行脚本可以用下面指令指定脚本执行用户的身份
global_defs {
......
script_user <USER>
......
}通知脚本类型
当前节点成为主节点时触发的脚本
notify_master <STRING>|<QUOTED-STRING>
当前节点转为备节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>
当前节点转为“失败”状态时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>
通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
notify <STRING>|<QUOTED-STRING>
当停止VRRP时触发的脚本
notify_stop <STRING>|<QUOTED-STRING> 1
脚本的调用方法
在 vrrp_instance VI_1 语句块的末尾加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"创建通知脚本--keep01和keep02都要创建
# 第一种方法 case
[root@keep02 keepalived]# vim /etc/keepalived/mail.sh
#!/bin/bash
dest='1282318338@qq.com'
function mail_send(){
mail_sub="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_sub" $dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
# 第二种if elif
[root@keep01 keepalived]# vim /etc/keepalived/mail.sh
#!/bin/bash
dest='1282318338@qq.com'
mail_send()
{
mail_sub="`date +%F\ %T ` $HOSTNAME to be $1 have vip "
mail_time_mess="`date +%F\ %T `:vrrp 转移,$HOSTNAME 变为 $1"
echo "$mial_time_mess" | mail -s "$mail_sub" $dest
}
if [[ $1 == master ]];then
mail_send master
elif [[ $1 == backup ]];then
mail_send backup
elif [[ $1 == fault ]];then
mail_send fault
else
exit 1
fi
# 重启服务
[root@keep01 ~]# systemctl restart keepalived.service
[root@keep02 ~]# systemctl restart keepalived.service 模拟master出故障
[root@keep01 ~]# systemctl stop keepalived
重启master主机
[root@keep01 ~]# systemctl start keepalived
