keepalived博客(Keepalived:不只是心跳检测,更是高可用性的秘密武器)
文章目录
- keepalived博客(**Keepalived:不只是心跳检测,更是高可用性的秘密武器**)
- keepalived介绍
- 概述
- 工作原理
- 核心模块
- 应用场景
- 配置与安装
- 总结
- keepalived基本配置
- ka1主机操作
- ka2主机操作
- realserver1主机操作
- realserver2主机操作
- client主机操作
- keepalived的日志定向管理
- ka1主机操作
- keepalived子配置文件的配置
- ka1主机操作
- keepalived的抢占模式与非抢占模式
- 默认抢占模式(preempt)
- 非抢占模式
- ks1主机操作
- keepalived的抢占延迟模式
- ks1主机操作
- ks2主机操作
- VIP单播通知配置
- ks1主机操作
- ks2主机操作
- 这里的tcpdump命令的作用:只有主机有VIP的时候才可以进行VRRP单播,有VIP的给对端主机说我有VIP我还存活着
- **实战案例:实现** **Keepalived** 状态切换的通知脚本
- ks1主机操作
- 邮箱测试
- ks2主机操作
- 邮箱测试
- 突发情况测试
- ka1主机操作
- 查看邮件
- ka2主机检查
- ka1主机操作
- 邮件检查
- **实现** **master/master** **的** **Keepalived** 双主架构
- ka1主机操作
- ka2主机操作
- keepalived实战案例1:实现单主的LVS-DR模式
- realserver1主机操作
- 永久关闭all和lo的arp功能(只接受,不发送,为了实现DR模式)
- 永久给lo接口配置VIP(环境为RHEL7.9)
- realserver2主机操作
- 永久关闭all和lo的arp功能(只接受,不发送,为了实现DR模式)
- ka1主机操作
- ka服务的基础配置
- ka服务的LVS-DR配置
- ka2主机操作
- ka服务的基础配置
- ka服务的LVS-DR配置(backup主机)
- client主机测试
- 正常测试
- 模拟ka1主机的ka服务故障,测试
- 模拟后端的realserver1主机故障,无法提供web服务,测试
- 后端realserver1主机恢复web服务后,测试
- keepalived-vrrp脚本控制vip(实战案例:利用脚本实现主从角色切换)
- ka1主机操作
- keepalived+haproxy的高可用集群
- ka1主机操作
- ka2主机操作
- client客户端测试
keepalived介绍
Keepalived是一个基于Linux平台的高可用性解决方案,它通过虚拟路由冗余协议(VRRP)来实现负载均衡和故障转移功能,确保在服务器发生故障时,服务能够无缝切换,保持高可用性。以下是对Keepalived的详细介绍:
概述
Keepalived主要提供以下功能:
- 高可用性:通过VRRP协议,Keepalived可以监控服务器的状态,并在主服务器故障时自动将服务切换到备份服务器,确保服务的连续性。
- 负载均衡:Keepalived支持多种负载均衡算法,如轮询、最小连接等,有助于分散流量,提高服务的可用性和性能。
- 健康检查:Keepalived能够定期对后端服务器进行健康检查,确保只有健康的服务器参与服务。
工作原理
Keepalived的工作原理可以分为两部分:VRRP和健康检查。
-
VRRP(Virtual Router Redundancy Protocol):
VRRP是一种选择协议,用于在多个路由器或服务器之间共享虚拟IP地址。在Keepalived中,通常有一个主服务器(Master)和一个或多个备份服务器(Backup)。主服务器负责处理所有通过虚拟IP地址的流量,而备份服务器处于待机状态。如果主服务器发生故障,备份服务器中的一个将被选举为新的主服务器,并接管虚拟IP地址,以确保服务的连续性。 -
健康检查:
Keepalived提供了多种健康检查机制,包括Layer3(基于IP地址的有效性)、Layer4(基于TCP端口的状态)和Layer5(基于HTTP GET请求的响应结果)等。通过这些检查机制,Keepalived能够实时评估后端服务器的健康状态,并在发现故障时及时将服务器从服务列表中剔除。
核心模块
Keepalived主要由以下三个模块组成:
- Core:负责主进程的启动、维护以及全局配置文件的加载和解析。
- Check:负责健康检查,包括常见的各种检查方式。
- VRRP Stack:实现VRRP协议,负责虚拟IP地址的管理和故障转移。
应用场景
Keepalived广泛应用于需要高可用性和负载均衡的场景中,如Web服务器集群、数据库集群、缓存集群等。通过合理配置Keepalived,可以显著提高系统的稳定性和可靠性,减少因单点故障导致的服务中断。
配置与安装
Keepalived的安装和配置相对简单,可以通过下载源代码编译安装或使用Linux发行版的包管理器进行安装。配置时,需要编写一个配置文件(通常为/etc/keepalived/keepalived.conf),其中包含了全局设置、VRRP实例定义、虚拟服务器设置等。
总结
Keepalived是一个功能强大的高可用性解决方案,它通过VRRP协议和健康检查机制,确保了关键服务在服务器故障时的连续性和可靠性。正确配置和使用Keepalived对于维护服务的稳定性和性能至关重要。无论是小型企业还是大型企业,都可以通过Keepalived来提升其IT基础设施的可靠性和可用性。
keepalived基本配置
环境准备:
| 主机名 | IP | 角色 | VMware网络硬件配置 |
|---|---|---|---|
| keepalived1 | 172.25.254.10 | 高可用主机1 | 一块NAT网卡 |
| keepalived2 | 172.25.254.20 | 高可用主机2 | 一块NAT网卡 |
| realserver1 | 172.25.254.110 | 真实服务器1 | 一块NAT网卡 |
| realserver2 | 172.25.254.120 | 真实服务器2 | 一块NAT网卡 |
| client | 172.25.254.50 | 客户端 | 一块NAT网卡 |
ka1主机操作
# 安装keepalived软件
[root@ka1 ~]# yum install keepalived.x86_64 -y
# 查看配置文件位置
[root@ka1 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
# 修改主配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
# 指定接收邮箱地址
123456@qq.com
}
# 发送邮件服务器
notification_email_from keepalived@shanxin.org
# 指定邮件服务器地址
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.shanxin.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# 指定组播地址
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
# 服务器的身份
state MASTER
interface eth0
# 负责虚拟路由器的id,需要保证唯一
virtual_router_id 100
# 优先级
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
# 配置虚拟VIP
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl enable --now keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 1709 bytes 145936 (142.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1158 bytes 156977 (153.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP(虚拟IP自动生成)
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 远程发送主配置文件,提高效率
[root@ka1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
# 通过tcpdump命令来访问访问组播地址
[root@ka1 ~]# yum install tcpdump.x86_64 -y
[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
# 10回应
23:01:33.230222 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:01:34.231253 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:01:35.232175 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
#在使用client主机,远程连接并关闭了ks1主机的ks服务后
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 2298 bytes 192709 (188.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1971 bytes 247955 (242.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#VIP消失了
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 500 (500.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 500 (500.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
# 发现在ks1主机关闭ks服务后,ks2主机继续使用vip提供服务
23:02:23.369638 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
23:02:24.370100 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
23:02:25.370579 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
# 在恢复ks1主机的ks服务后,ks1主机抢回了VIP(默认开启了抢占功能)
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 2377 bytes 198985 (194.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2045 bytes 255723 (249.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ks1主机抢回了VIP
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:20:01.503392 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:20:02.504790 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
23:20:03.505912 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
ka2主机操作
# 安装keepalived软件
[root@ka2 ~]# yum install keepalived.x86_64 -y
# 查看配置文件位置
[root@ka1 ~]# rpm -qc keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
# 修改主配置文件
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
# 指定接收邮箱地址
123456@qq.com
}
# 发送邮件服务器
notification_email_from keepalived@shanxin.org
# 指定邮件服务器地址
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.shanxin.org
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
# 指定组播地址
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
# 服务器的身份
state BACKUP
interface eth0
# 负责虚拟路由器的id,需要保证唯一
virtual_router_id 100
# 优先级
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
# 配置虚拟VIP
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl enable --now keepalived.service
# 在ks1主机关闭ks服务后,ks2主机拿到了VIP继续提供服务
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 887 bytes 78413 (76.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 758 bytes 86912 (84.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 相同的VIP
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 500 (500.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 500 (500.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
realserver1主机操作
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo realserver1 - 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd
realserver2主机操作
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo realserver2 - 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd
client主机操作
# 访问web服务器测试
[root@client ~]# curl 172.25.254.110
realserver1 - 172.25.254.110
[root@client ~]# curl 172.25.254.120
realserver2 - 172.25.254.120
# 远程连接ks1主机,关闭其ks服务
[root@client ~]# ssh -l root 172.25.254.10
[root@ka1 ~]# systemctl stop keepalived.service
# 恢复ks1主机的ks服务
[root@ka1 ~]# systemctl start keepalived.service
keepalived的日志定向管理
ka1主机操作
注意:这里的日志等级一共有8级,为0~7级
[root@ka1 ~]# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6" # 日志的等级为6级
[root@ka1 ~]# vim /etc/rsyslog.conf
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# 日志的等级 # 这里添加日志的自定义位置
local6.* /var/log/keepalived.log
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl restart rsyslog.service
# 检查是否生成日志文件
[root@ka1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 13375 Aug 12 01:03 /var/log/keepalived.log
# 查看日志文件内容是否都是keepalived服务的
[root@ka1 ~]# cat /var/log/keepalived.log
Aug 12 01:02:19 ka1 Keepalived[1047]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
Aug 12 01:02:19 ka1 Keepalived[1047]: Opening file '/etc/keepalived/keepalived.conf'.
Aug 12 01:02:19 ka1 Keepalived[1076]: Starting Healthcheck child process, pid=1080
Aug 12 01:02:19 ka1 Keepalived[1076]: Starting VRRP child process, pid=1081
keepalived子配置文件的配置
ka1主机操作
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
# 注释之前的配置内容
#vrrp_instance VI_1 {
# state MASTER
# interface eth0
# virtual_router_id 100
# priority 100
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 172.25.254.100/24 dev eth0 label eth0:1
# }
#}
#
# 添加下面这行,表示包含加载/etc/keepalived/conf.d/*.conf
include "/etc/keepalived/conf.d/*.conf"
# 建立子配置目录
[root@ka1 ~]# mkdir /etc/keepalived/conf.d/
# 编辑子配置目录的子配置文件
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.10.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 验证服务是否正常允许,VIP是否存在
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 1788 bytes 145001 (141.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2202 bytes 214924 (209.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP存在
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 210 bytes 15992 (15.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 210 bytes 15992 (15.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tips:有一些服务它会自己存在子配置目录,但如果不存在,就像上述服务一样,可以自己建立子配置目录,只需要include关键字就可以了
keepalived的抢占模式与非抢占模式
默认抢占模式(preempt)
非抢占模式
ks1主机操作
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
# 这里需要修改为BACKUP
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# 添加这个参数
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 关闭ks服务,然后重新开启ks服务
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# systemctl start keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 7680 bytes 588719 (574.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14354 bytes 1102234 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 这里VIP没有抢占回来
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 877 bytes 67132 (65.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 877 bytes 67132 (65.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
keepalived的抢占延迟模式
ks1主机操作
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
# 这里仍然是BACKUP
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
# 添加这个参数
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 8566 bytes 652039 (636.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15074 bytes 1169574 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 982 bytes 75128 (73.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 982 bytes 75128 (73.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# systemctl start keepalived.service
# 过了2s,还没有VIP
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 8593 bytes 654117 (638.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15090 bytes 1172348 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 982 bytes 75128 (73.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 982 bytes 75128 (73.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# ifconfig
# 过了5s后,VIP回来了
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 8600 bytes 654613 (639.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15101 bytes 1174058 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 982 bytes 75128 (73.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 982 bytes 75128 (73.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ks2主机操作
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
# 添加这个参数
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
VIP单播通知配置
**注意:需要注释掉vrrp_strict参数 **
ks1主机操作
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456@qq.com
}
notification_email_from keepalived@shanxin.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.shanxin.org
vrrp_skip_check_adv_addr
# 一定要禁止掉这个参数
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
# 本机IP
unicast_src_ip 172.25.254.10
unicast_peer {
# 对方主机IP
172.25.254.20
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 单播测试
[root@ka1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
# 这边的是ICMP,单播失败,因为VIP没有在这里面
02:54:33.322475 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
02:54:34.324013 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
02:54:35.325598 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
02:54:36.327135 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
02:54:37.328259 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
ks2主机操作
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456@qq.com
}
notification_email_from keepalived@shanxin.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.shanxin.org
vrrp_skip_check_adv_addr
# 一定要禁止掉这个参数
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
# 本机IP
unicast_src_ip 172.25.254.20
unicast_peer {
# 对方主机IP
172.25.254.10
}
}
[root@ka2 ~]# systemctl restart keepalived.service
# 单播成功
# 对端ip来问我是否存活,如果挂了,则抢占我的VIP
[root@ka2 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:55:41.512719 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
02:55:42.514330 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
02:55:43.515938 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 12497 bytes 844782 (824.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12111 bytes 936737 (914.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 423 bytes 32248 (31.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 423 bytes 32248 (31.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
这里的tcpdump命令的作用:只有主机有VIP的时候才可以进行VRRP单播,有VIP的给对端主机说我有VIP我还存活着
实战案例:实现 Keepalived 状态切换的通知脚本
ks1主机操作
[root@ka1 ~]# yum install mailx -y
[root@ka1 ~]# vim /etc/mail.rc
set from=# 这里填入自己的qq号码
set smtp=smtp.qq.com
set smtp-auth-user=# 这里填入自己的qq号码
# 这里的授权码需要去qq邮箱官网获取
set smtp-auth-password=qewrtyuiop
set smtp-auth=login
set ssl-verify=ignore
# 发送邮件,确认邮箱配置成功可以使用
[root@ka1 ~]# echo test message |mail -s test # 自己的qq号码
[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='自己的qq号码'
mail_send() {
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1 ;;
esac
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
[root@ka1 ~]# ll /etc/keepalived/mail.sh
-rwxr-xr-x 1 root root 350 Aug 12 03:52 /etc/keepalived/mail.sh
# 编写主配置文件,添加执行脚本的参数以及时机
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
# 添加以下几行
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@ka1 ~]# systemctl restart keepalived.service
邮箱测试
ks2主机操作
[root@ka2 ~]# yum install mailx -y
[root@ka2 ~]# vim /etc/mail.rc
set from=# 这里填入自己的qq号码
set smtp=smtp.qq.com
set smtp-auth-user=# 这里填入自己的qq号码
# 这里的授权码需要去qq邮箱官网获取
set smtp-auth-password=qwertyuiop
set smtp-auth=login
set ssl-verify=ignore
# 发送邮件,确认邮箱配置成功可以使用
[root@ka2 ~]# echo test message |mail -s test # 这里填入自己的qq号码
[root@ka2 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='这里填入自己的qq号码'
mail_send() {
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1 ;;
esac
[root@ka2 ~]# chmod +x /etc/keepalived/mail.sh
[root@ka2 ~]# ll /etc/keepalived/mail.sh
-rwxr-xr-x 1 root root 380 Aug 12 04:05 /etc/keepalived/mail.sh
# 编写主配置文件,添加执行脚本的参数以及时机
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
# 添加以下几行
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@ka2 ~]# systemctl restart keepalived.service
邮箱测试
突发情况测试
这里把ka1主机的ks服务关闭掉,看邮箱情况
ka1主机操作
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 19118 bytes 1480548 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31619 bytes 2525557 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1402 bytes 107112 (104.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1402 bytes 107112 (104.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 停止ka服务
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 19229 bytes 1489248 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31720 bytes 2535465 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1402 bytes 107112 (104.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1402 bytes 107112 (104.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看邮件
邮件及时提醒了,ka2主机变成了master,说明ka1挂了,因为ka1主机卡掉了,所以发送不了邮件
ka2主机检查
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 23150 bytes 1580683 (1.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21224 bytes 1696488 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 633 bytes 48240 (47.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 633 bytes 48240 (47.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ks2主机有了VIP
ka1主机操作
[root@ka1 ~]# systemctl start keepalived.service
# VIP回来了
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 19649 bytes 1520938 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32216 bytes 2574957 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1507 bytes 115108 (112.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1507 bytes 115108 (112.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
邮件检查
ka2主机又变成了backup,ka1主机变成了master
实现 master/master 的 Keepalived 双主架构
ka1主机操作
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
# 添加VIP200的backup
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 1318 bytes 111048 (108.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1557 bytes 144966 (141.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 有100的VIP
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 105 bytes 7996 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 7996 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 当关闭ka2主机的ks服务后
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 1367 bytes 114366 (111.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1627 bytes 150858 (147.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
# 200VIP过来了
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 105 bytes 7996 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 7996 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ka2主机操作
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
# 配置200VIP的MASTER
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 1302 bytes 99204 (96.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1019 bytes 94558 (92.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 105 bytes 7996 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 7996 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 关闭ka2主机的ks服务器测试
[root@ka2 ~]# systemctl stop keepalived.service
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 1418 bytes 107364 (104.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1100 bytes 102418 (100.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 105 bytes 7996 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 7996 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
keepalived实战案例1:实现单主的LVS-DR模式
原理:使用keepalied来对LVS后端真实主机进行健康检测,以及自动的对ipvs策略的编写以及实时更新
realserver1主机操作
永久关闭all和lo的arp功能(只接受,不发送,为了实现DR模式)
# 永久关闭all和lo的arp功能(只接受,不发送,为了实现DR模式)
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
# 使刚才的操作生效
[root@realserver1 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
# 在这里
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
# 直接将配置文件传输给realserver2主机
[root@realserver1 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.120:/etc/sysctl.d/arp.conf
永久给lo接口配置VIP(环境为RHEL7.9)
[root@realserver1 ~]# cd /etc/sysconfig/network-scripts/
[root@realserver1 network-scripts]# ls
ifcfg-ens33 ifdown-ippp ifdown-sit ifup-bnep ifup-plusb ifup-TeamPort
ifcfg-eth0 ifdown-ipv6 ifdown-Team ifup-eth ifup-post ifup-tunnel
ifcfg-lo ifdown-isdn ifdown-TeamPort ifup-ippp ifup-ppp ifup-wireless
ifdown ifdown-post ifdown-tunnel ifup-ipv6 ifup-routes init.ipv6-global
ifdown-bnep ifdown-ppp ifup ifup-isdn ifup-sit network-functions
ifdown-eth ifdown-routes ifup-aliases ifup-plip ifup-Team network-functions-ipv6
# 删除掉不需要的网络连接配置文件
[root@realserver1 network-scripts]# rm -f ifcfg-ens33
[root@realserver1 network-scripts]# vim ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
# 主要使这两行,添加VIP
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
# 重启网络,使其刚修改的配置文件生效
[root@realserver1 network-scripts]# systemctl restart network
# 检查VIP是否添加成功
[root@realserver1 network-scripts]# ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
# 添加成功
inet 172.25.254.100/32 brd 172.25.254.100 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
# 将lo的网络连接配置文件传输给realserver2主机
[root@realserver1 network-scripts]# scp ifcfg-lo root@172.25.254.120:/etc/sysconfig/network-scripts/ifcfg-lo
realserver2主机操作
永久关闭all和lo的arp功能(只接受,不发送,为了实现DR模式)
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
[root@realserver2 ~]# cd /etc/sysconfig/network-scripts/
[root@realserver2 network-scripts]# ls
ifcfg-ens33 ifdown-ippp ifdown-sit ifup-bnep ifup-plusb
ifcfg-eth0 ifdown-ipv6 ifdown-Team ifup-eth ifup-post
ifcfg-lo ifdown-isdn ifdown-TeamPort ifup-ippp ifup-ppp
ifdown ifdown-post ifdown-tunnel ifup-ipv6 ifup-route
ifdown-bnep ifdown-ppp ifup ifup-isdn ifup-sit
ifdown-eth ifdown-routes ifup-aliases ifup-plip ifup-Team
[root@realserver2 network-scripts]# rm -f ifcfg-ens33
[root@realserver2 network-scripts]# vim ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver2 network-scripts]# systemctl restart network
[root@realserver2 network-scripts]# ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOW
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.254.100/32 brd 172.25.254.100 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
ka1主机操作
ka服务的基础配置
[root@ka1 ~]# yum install keepalived.x86_64 -y
[root@ka1 ~]# systemctl enable --now keepalived.service
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456@qq.com
}
notification_email_from shanxin.org.
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 把ks服务的基础配置传输给ks2主机
[root@ka1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
# 检查配置是否成功
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 1875 bytes 153742 (150.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1985 bytes 206904 (202.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 有VIP了,配置成功
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 500 (500.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 500 (500.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ka服务的LVS-DR配置
# 下载ipvsadm软件,为了后续的方便检测查看ka服务是否自动配置ipvs服务
[root@ka1 ~]# yum install ipvsadm.x86_64 -y
# ka服务配置LVS-DR服务
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
# 配置虚拟服务集群
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
##############################################
# 配置真实服务器以及健康检测功能
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
#############################################
# 配置真实服务器以及健康检测功能
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
} 31,0-1 22%
##############################################
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
# 这里自动配置添加了ipvs策略
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 7
-> 172.25.254.120:80 Route 1 0 7
TCP 192.168.200.100:443 rr persistent 50
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.200:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
ka2主机操作
ka服务的基础配置
[root@ka2 ~]# yum install keepalived.x86_64 -y
[root@ka2 ~]# systemctl enable --now keepalived.service
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
123456@qq.com
}
notification_email_from shanxin.org.
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived.service
ka服务的LVS-DR配置(backup主机)
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
##############################################
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
############################################
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
} 31,0-1 22%
############################################
[root@ka2 ~]# systemctl restart keepalived.service
client主机测试
正常测试
# 访问成功,负载均衡成功
[root@client ~]# for i in {1..10}
> do
> curl 172.25.254.100
> done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
模拟ka1主机的ka服务故障,测试
# 关闭ka1主机的ks服务,模拟故障
[root@ka1 ~]# systemctl stop keepalived.service
# VIP转移到了ka2主机上
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 4938 bytes 395511 (386.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4271 bytes 376024 (367.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 20 bytes 1000 (1000.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1000 (1000.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# client端访问测试,访问正常,客户端感受不到变化
[root@client ~]# for i in {1..10}; do curl 172.25.254.100; done
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
模拟后端的realserver1主机故障,无法提供web服务,测试
[root@realserver1 network-scripts]# systemctl stop httpd
# 关闭1s后,ka1主机的ipvs策略
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 10
-> 172.25.254.120:80 Route 1 0 10
TCP 192.168.200.100:443 rr persistent 50
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.200:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
# 关闭3s后,ka1主机的ipvs策略
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActC
TCP 172.25.254.100:80 wrr
# 这里ka服务自动进行后端健康检测,检测到110主机故障后,经过访问测试后,将110主机从集群中删除
-> 172.25.254.120:80 Route 1 0 10
TCP 192.168.200.100:443 rr persistent 50
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.200:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
# client客户端访问测试
[root@client ~]# for i in {1..10}; do curl 172.25.254.100; done
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
后端realserver1主机恢复web服务后,测试
# 恢复realserver1主机的web服务
[root@realserver1 network-scripts]# systemctl start httpd
# client客户端测试,访问恢复,负载均衡
[root@client ~]# for i in {1..10}; do curl 172.25.254.100; done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
keepalived-vrrp脚本控制vip(实战案例:利用脚本实现主从角色切换)
创建的test.sh脚本文件的含义为如果文件不存在,则返回0,如果文件存在,则返回1
返回0,VRRP_Script脚本不执行,会恢复优先级
返回1,VRRP_Script脚本执行,会进行降低优先级的行为
ka1主机操作
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
[ ! -f /mnt/lee ]
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
[root@ka1 ~]# ll /mnt/lee
ls: cannot access /mnt/lee: No such file or directory
[root@ka1 ~]# /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
0
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_lee {
# 真实脚本的位置(绝对路径)
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
track_script {
# 这里要填写上面配置段的名称
check_lee
}
}
[root@ka1 ~]# systemctl restart keepalived.service
# 测试
# /mnt/lee文件不存在时,脚本的返回值为0,无动作
[root@ka1 ~]# /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
0
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 17455 bytes 1684551 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26992 bytes 2232725 (2.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 38 bytes 1900 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 1900 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# /mnt/lee文件存在时,脚本的返回值为1,将执行降低优先级的操作
[root@ka1 ~]# touch /mnt/lee
[root@ka1 ~]# ll /mnt/lee
-rw-r--r-- 1 root root 0 Aug 14 06:54 /mnt/lee
[root@ka1 ~]# /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
1
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.2
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<li
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 17680 bytes 1700599 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27262 bytes 2256651 (2.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP不见了
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 38 bytes 1900 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 1900 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fef1:57fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
RX packets 19054 bytes 1647354 (1.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17537 bytes 1447092 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP出现在了ka2主机中
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f1:57:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 32 bytes 1600 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 1600 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#/mnt/lee文件被删除后,脚本的返回值为0,将恢复优先级
[root@ka1 ~]# rm -f /mnt/lee
[root@ka1 ~]# ll /mnt/lee
ls: cannot access /mnt/lee: No such file or directory
[root@ka1 ~]# /etc/keepalived/test.sh
[root@ka1 ~]# echo $?
0
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 18522 bytes 1759469 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27769 bytes 2305643 (2.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP又回到了ka1主机
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 42 bytes 2100 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 2100 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
keepalived+haproxy的高可用集群
原理:通过修改虚拟路由的优先级,来实现VIP的漂移,让服务不中断
ka1主机操作
[root@ka1 ~]# yum install keepalived.x86_64 -y
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
[root@ka1 ~]# systemctl enable --now keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 950 bytes 89280 (87.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 704 bytes 100060 (97.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# yum install haproxy -y
#开启这个内核参数
[root@ka1 ~]# vim /etc/sysctl.conf
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
# 直接放在最后面就可以
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 3 rise 5
server web2 172.25.254.120:80 check inter 3 fall 3 rise 5
[root@ka1 ~]# systemctl enable --now haproxy.service
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
/usr/bin/killall -0 haproxy
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
[root@ka1 ~]# ll /etc/keepalived/test.sh
-rwxr-xr-x 1 root root 41 Aug 14 21:17 /etc/keepalived/test.sh
# 将test.sh脚本传输至ka2主机
[root@ka1 ~]# scp /etc/keepalived/test.sh root@172.25.254.20:/etc/keepalived/test.sh
#下载killall命令的软件包
[root@ka1 ~]# yum install psmisc -y
# 测试命令的返回值
[root@ka1 ~]# killall -0 haproxy
[root@ka1 ~]# echo $?
0
[root@ka1 ~]# systemctl stop haproxy.service
[root@ka1 ~]# killall -0 haproxy
haproxy: no process found
[root@ka1 ~]# echo $?
1
ka2主机操作
[root@ka2 ~]# yum install keepalived.x86_64 -y
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
# ==这里的script {} 后面必须有一个空格,否则配置不生效==
track_script {
check_haproxy
}
}
[root@ka2 ~]# systemctl enable --now keepalived.service
[root@ka2 ~]# yum install haproxy -y
#开启这个内核参数
[root@ka2 ~]# vim /etc/sysctl.conf
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]# vim /etc/haproxy/haproxy.cfg
# 直接放在最后面就可以
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 3 rise 5
server web2 172.25.254.120:80 check inter 3 fall 3 rise 5
[root@ka2 ~]# systemctl enable --now haproxy.service
# 下载killall命令的软件包
[root@ka2 ~]# yum install psmisc -y
[root@ka2 ~]# ll /etc/keepalived/test.sh
-rwxr-xr-x 1 root root 41 Aug 14 21:17 /etc/keepalived/test.sh
client客户端测试
# client客户端不间断的进行访问测试,测试服务时候会发生失败以及会不会受到影响
[root@client ~]# while true; do curl 172.25.254.100; sleep 0.5; done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
# 模拟故障,停止掉ka1主机的haproxy服务
[root@ka1 ~]# systemctl stop haproxy
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 517487 bytes 38299299 (36.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1029341 bytes 72180054 (68.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP漂移到了ka2主机上
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 5850 bytes 329118 (321.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5850 bytes 329118 (321.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# client客户端的访问不受影响
[root@client ~]# while true; do curl 172.25.254.100; sleep 0.5; done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
# 重启ka1主机的haproxy服务
[root@ka1 ~]# systemctl start haproxy.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe95:6fbb prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
RX packets 510724 bytes 37812045 (36.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1017398 bytes 71334432 (68.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# VIP回到了ka1主机上
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:95:6f:bb txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 5742 bytes 318224 (310.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5742 bytes 318224 (310.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# client客户端的访问不受影响
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
# 如果ka1主机的keepalived服务出现问题了呢,那也给关系,只要两台主机没有一起挂掉,在ka1主机的keepalived服务挂掉之后,VIP也会自动的漂移到ka2主机上面
