一、高可用集群KEEPALIVED
1.1 KEEPALIVED的出现
LVS ---> HAProxy ---> KEEPALIVED
LVS:
LVS:四层调度,IP地址,mac地址以及端口对后端进行调度。优点:速度快,对 LVS 的性能要求比较低。缺点:不能实现对后端服务器进行健康检测。因此出现了 haproxy。
HAProxy:
HAProxy:可以实现对后端服务器进行健康检测,支持七层,可以通过httpd报文,对报文数据进行分析,实现动静分离(ACL)。缺点:稳定性弱。因此需要主备,使用 KEEPALIVED 实现。
1.2 集群类型
- 负载均衡:LB。haproxy 和后端 realserver 共同组成的集群。流量通过不同的调度算法,调度到负载最小的主机上。
- 高可用集群:HA。集群在生产环境中,在线率越高,在线时长越长,高可用性能越好,例如:主备。解决单点故障问题
- 高性能集群:HPC。解决单个主机的运算能力达不到要求,将多台主机组合到一起。
1.3 高可用计算公式
A=MTBF/(MTBF+MTTR):MTBF(在线时间)、MTTR(平均故障处理时间)越小高可用效果更好
1.4 实现高可用
- 主 <---> 备
- 双主(主主:互为主备,提供不同的服务)
注:两台服务器之间都有心跳(服务器每隔一段时间发送信息给组播地址,组播地址收到后便认为该服务器是存活的)
1.5 VRRP
VRRP:虚拟路由冗余协议,解决静态网关单点风险,心跳。解决路由出现问题(主备两台路由器,同时发送组播信息,组播地址收不到信息,通过组播发现问题机,将vip地址进行切换,换成活动的(组播可以收到信息的)机器),如下图 。心跳基于该协议。
VRRP 对于路由和服务器的管理区别:
VRRP 用于虚拟路由:主要管理内部主机能够出去,访问互联网。
VRRP 用于keepalived:解决互联网的客户访问能够通过 vip 进入访问内部网络。
1.6 VRRP相关术语
虚拟路由器标识:VRID(0-255),唯一标识虚拟路由器
VIP:虚拟IP。VIP的切换,取决于路由的优先级
VMAC:虚拟MAC地址
物理路由器 :master:主设备backup:备用设备priority:优先级(在主备服务器中,谁优先级高vip就在哪里)通告:心跳。通过给组播发送存活信息。
工作方式:抢占式,非抢占式,延迟抢占(当宕机的机器恢复好后,抢占模式就会将 vip 抢回来,非抢占模式就会保持不变,延迟抢占是设定一定的时间,时间一到就将 vip 抢回来)
安全认证:信息的传输过程是否加密。
无认证简单字符认证:预共享密钥MD5工作模式:
主/备:单虚拟路由器主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)
二、keepalived部署
2.1 功能:
-
基于vrrp协议完成地址流动
-
为vip地址所在的节点生成ipvs规则(在配置文件中预先定义)
-
为ipvs集群的各RS做健康状态检测
-
基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务
2.2 用户空间核心组件:
vrrp stack:VIP消息通告
checkers:监测real server
system call:实现 vrrp 协议状态转换时调用脚本的功能
SMTP:邮件组件(当两端任意一方挂了后,负责通知)
IPVS wrapper:生成IPVS规则(当任意一方挂了后,从策略里面剔除)
Netlink Reflector:网络接口
WatchDog:监控进程
三、keepalived 基础配置实验
3.1 主备实验
环境准备:
四台主机
RHEL7备份:realserver1(172.25.254.110)、realserver2(172.25.254.120)、ka1(172.25.254.10)、ka2(172.25.254.20)(vip:172.25.254.100)
> 1个核心处理器,1G内存大小即可 <
代码部分:
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enabled --now httpd[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enabled --now httpd[root@ka1 ~]# yum install keepalived -y
[root@ka1 ~]# rpm -ql keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
1231234574@qq.com #keepalived 发生故障切换时邮件发送的目标邮箱
}
notification_email_from keepalived@company.org #发邮件的地址
smtp_server 127.0.0.1 #邮件服务器地址
smtp_connect_timeout 30 #邮件服务器连接timeout
router_id ka1.company.org #每个keepalived主机唯一标识
vrrp_skip_check_adv_addr #对所有通告报文都检查,会比较消耗性能
vrrp_strict #严格遵循vrrp协议
#启用此项后以下状况将无法启动服务:
#1.无VIP地址
#2.配置了单播邻居
#3.在VRRP版本2中有IPv6地址
#建议不加此项配置
vrrp_garp_interval 0 #报文发送延迟,0表示不延迟
vrrp_gna_interval 0 #消息发送延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围
}
#配置虚拟路由器
vrrp_instance VI_1 {
state MASTER
interface eth0 #绑定为当前虚拟路由器使用的物理接口
virtual_router_id 100 #每个虚拟路由器惟一标识,范围:0-255,每个虚拟路由器此值必须唯一
#否则服务无法启动
#同属一个虚拟路由器的多个keepalived节点必须相同
#务必要确认在同一网络中此值必须唯一
priority 100 #当前物理节点在此虚拟路由器的优先级,范围:1-254
#值越大优先级越高,每个keepalived主机节点此值不同
advert_int 1 #vrrp通告的时间间隔,默认1s
authentication { #认证机制
auth_type PASS #AH为IPSEC认证(不推荐),PASS为简单密码(建议使用)
auth_pass 1111 #预共享密钥,仅前8位有效。#同一个虚拟路由器的多个keepalived节点必须一样
}
virtual_ipaddress { #虚拟IP,生产环境可能指定上百个IP地址
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl enable --now keepalived.service
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
#抓包检测:
[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
#另开一台ka1测试
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# systemctl start keepalived.service[root@ka2 ~]# yum install keepalived -y
[root@ka2 ~]# rpm -ql keepalived
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
1231234574@qq.com
}
notification_email_from keepalived@company.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.company.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# systemctl enable --now keepalived.service测试:
但并不能实现对 vip 的访问
3.2 实现 vip 访问
代码部分:
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
global_defs {
notification_email {
1231234574@qq.com
}
notification_email_from keepalived@company.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.company.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service 
测试:
3.3 启用keepalived日志功能
代码部分:
[root@ka1 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
[root@ka1 ~]# vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl restart rsyslog.service
[root@ka1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 601 Aug 12 13:51 /var/log/keepalived.log3.4 独立子配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
#vrrp_instance VI_1 {
# state MASTER
# interface eth0
# virtual_router_id 100
# priority 100
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 172.25.254.100/24 dev eth0 label eth0:1
# }
#}
include "/etc/keepalived/conf.d/*.conf"
[root@ka1 ~]# mkdir -p /etc/keepalived/conf.d
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service 3.5 抢占模式和非抢占模式:
非抢占
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service #先重启da1的服务
[root@ka1 ~]# ifconfig [root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig 抢占延迟
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# systemctl restart keepalived.service
3.6 VIP单播配置
前提:
#vrrp_strict
#vrrp_iptables #注释这两个参数,与vip单播模式冲突
以上两行影响单播抢占效果
单播:一个IP到一个IP
组播:一个IP到多个IP
广播:一个IP到...(未知)
unicast_src_ip:源主机IP
unicast_peer:对端IP
代码部分:
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
[root@ka1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
[root@ka1 ~]# systemctl stop keepalived.service #停止服务后,去da2查看,发现有包达,vip过去了。重启后,vip又过来了,da1就又有了
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig
[root@ka2 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.1010:
global_defs {
notification_email {
1231234574@qq.com
}
notification_email_from keepalived@company.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.company.org
vrrp_skip_check_adv_addr
#vrrp_strict #注释此参数,与vip单播模式冲突
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
#vrrp_iptables #注释此参数,与vip单播模式冲突
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
20:
global_defs {
notification_email {
1231234574@qq.com
}
notification_email_from keepalived@company.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.company.org
vrrp_skip_check_adv_addr
#vrrp_strict #注释此参数,与vip单播模式冲突
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
#vrrp_iptables #注释此参数,与vip单播模式冲突
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}测试:
3.7 Keepalived通知脚本配置
前提:
需要使用QQ邮箱开启授权码:前往QQ邮箱的账号与安全中心进行设置
代码部分:
[root@ka1 ~]# yum install mailx -y
[root@ka1 ~]# vim /etc/mail.rc
#最后编写:
set from=1231234574@qq.com #编写自己可收邮箱的
set smtp=smtp.qq.com
set smtp-auth-user=1231234574@qq.com
set smtp-auth-password=ukjiwlpvufjtjj
set smtp-auth=login
set ssl-verify=ignore
[root@ka1 ~]# echo test| mail -s test 1231234574@qq.com
[root@ka1 ~]# vim /etc/keepalived/mail.sh
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
[root@ka1 ~]# /etc/keepalived/mail.sh master
#!/bin/bash
mail_dst="1231234574@qq.com"
send_message()
{
mail_sub="$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1" #date +%F\ %T:年月日时间 move移动
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl stop keepalived.service #da2自动发送
[root@ka1 ~]# systemctl restart keepalived.service #da1发送
[root@ka2 ~]# yum install mailx -y
[root@ka2 ~]# vim /etc/mail.rc
#最后编写:
set from=1231234574@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1231234574@qq.com
set smtp-auth-password=ukjiwlpvufjtjj
set smtp-auth=login
set ssl-verify=ignore
[root@ka1 ~]# echo test| mail -s test 1231234574@qq.com
[root@KA2 ~]# vim /etc/keepalived/mail.sh
[root@KA2 ~]# chmod +x /etc/keepalived/mail.sh
[root@ka2 ~]# /etc/keepalived/mail.sh master
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}3.8 多主模式:
前提:
双主:需要两个vip
代码部分:
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}测试:
3.9 实现IPVS的高可用性
可以实现一台机器宕机也不会影响轮询效果
前提:
110和120都需要vip
110:
ip a a 172.25.254.100/32 dev lo
代码部分:
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver1 ~]# cd /etc/sysconfig/network-scripts/
[root@realserver1 network-scripts]# vim ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 ~]# sysctl -a | grep arp
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
[root@realserver2 ~]# sysctl --system
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@realserver2 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.100:/etc/sysctl.d/arp.conf
[root@ka1 ~]# yum install ipvsadm -y
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@ka1 ~]# yum install ipvsadm -y
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ipvsadm -Lnvirtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}测试:
3.10 实现HAProxy高可用
代码部分:
[root@realserver1 ~]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@realserver1 ~]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
virbr0 0675fa0c-3989-45c3-bdf8-014f2e31edaf bridge virbr0
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet --
[root@realserver1 ~]# nmcli connection delete ens33 #删除没用的ens33
Connection 'ens33' (c96bc909-188e-ec64-3a96-6a90982b08ad) successfully deleted.
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# ip a #查看上个实验添加的环回地址是否还在,在就删除掉
[root@realserver1 ~]# ip a d 172.25.254.100/32 dev lo #删除环回
[root@realserver1 ~]# ip a
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
[root@realserver1 ~]# sysctl --system
#停止和启动ka1的服务,轮询依旧不变
[root@realserver1 ~]# while true; do curl 172.25.254.100;sleep 1; done[root@realserver2 ~]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@realserver2 ~]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
virbr0 6dd347bc-a380-4e1c-8272-86658279a412 bridge virbr0
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet --
[root@realserver2 ~]# nmcli connection delete ens33
Connection 'ens33' (c96bc909-188e-ec64-3a96-6a90982b08ad) successfully deleted.
[root@realserver2 ~]# systemctl restart network
[root@realserver2 ~]# ip a
[root@realserver2 ~]# ip a d 172.25.254.100/32 dev lo
[root@realserver2 ~]# ip a
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf [root@ka1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# yum install haproxy -y
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
#最后添加
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@ka1 ~]# systemctl enable --now haproxy.service
[root@ka1 ~]# netstat -antlupe | grep haproxy
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf #注释掉virtual_server的内容,增加内容如下图
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl restart haproxy.service
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# ifconfig
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig [root@ka2 ~]# vim /etc/sysctl.conf
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]# yum install haproxy -y
[root@ka2 ~]# vim /etc/haproxy/haproxy.cfg
[root@ka2 ~]# systemctl enable --now haproxy.service
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# vim /etc/keepalived/test.sh
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# systemctl restart haproxy.service
#关闭ka1的服务后,检查
[root@ka2 ~]# ifconfig
#开启ka2的服务后,检查
[root@ka2 ~]# ifconfig vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}测试:
