keepalived配置多vip及实现双主模式

keepalived配置多vip及实现双主模式


安装keepalived

1:实验准备

  • 各节点同步时时间
  • 各节点关闭selinux

2:安装keepalived (本地yum源安装)

1
2
3
4
5
6
7
8
9
10
~]# yum info keepalived
Version : 1.3.5

~]# yum install keepalived -y

~]# rpm -ql keepalived
/etc/keepalived/keepalived.conf #主配置文件
/etc/sysconfig/keepalived #环境初始化的配置文件
/usr/lib/systemd/system/keepalived.service #程序启动的脚本
/usr/sbin/keepalived #可执行程序

3:keepalived配置文件解析

  • keepalived的所有的配置文件都在一个配置文件中设置,支持的配置项也比较多。但分为三类

    • 1:全局配置(Global Configuration)
    • 2: VRRP 配置
    • 3:LVS配置
  • 很明显,全局配置就是对整个keepalived起效的配置,不管是否使用LVS,VRRPD是keepalived的核心,LVS配置只在要使用的keepalived来配置和管理LVS时需要使用,如果仅使用Keepalived来做HA,LVS的配置完全是不需要的

  • 配置文件都是以块(block)形式组织的,每隔块都在{和}包围的范围内,#和开头的行都是注释行

使用mailx发送邮件测试

1
2
~]# yum install mailx
~]# echo "hellow" | mail -s "biaoti" 1284808408@qq.com


4:养成良好的习惯,编辑服务的配置文件之前就要备份配置文件及解析配置文件

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
}

vrrp_instance VRRP-V1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8
}
}

解析配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
备份配置文件
~]# cd /etc/keepalived/
keepalived]# cp keepalived.conf keepalived.conf.bak

编辑配置文件
! Configuration File for keepalived #提示注释的信息可以使用!/#添加注释信息
global_defs { #全局配置段
notification_email { #定义接收邮件的邮箱
1284808408@qq.com
}
notification_email_from #定义通知邮箱发件人的地址
smtp_server 127.0.0.1 #定义邮件服务器的地址
smtp_connect_timeout 30
router_id #此处不用定义,默认为本机的主机名称
#vrrp_mcast_group4 224.0.0.18 #默认组播地址 224.0.0.0~239.255.255.255
vrrp_skip_check_adv_addr #如果收到的报文和上一个报文是同一个路由器则跳过检查报文中的源地址
vrrp_strict #严格遵守VRRP协议,不允许状态 :1.没有VIP地址,2.单播邻居,3.在VRRP版本2中有IPV6地址
vrrp_garp_interval 0 #ARP报文发送延迟,一般设置为0表示不延迟
vrrp_gna_interval 0 #消息发送延迟一般设置为0表示不延迟
}
vrrp_instance 自定义实例的名称 { #VRRP相关的配置
state MASTER #当前的初始状态 MASTER | BACKUP 主/备份
interface eth0 #指定当前keepalived在启动以后监听的网卡,组播会从此网卡发出
virtual_router_id 51 #定义ID 地址范围为0-255 ID号不能冲突
priority 100 #定义优先级,数字越大优先级越高,一般master的优先级一定是高于backup的,会将VIP绑定在优先级比较高的keepalived服务器上,一般建议将master的优先级要高于backup50个数值,实际上高出一个数值就可以
advert_int 1 #探测信息,默认一秒发送一个广播包,此包是发送到组播中的
authentication { #定义认证的方式(PASS|AH)
auth_type PASS #简单的密码认证
auth_pass 66666666 #指定认证的密码 ,默认的密码为1111,仅支持前8位密码
}
virtual_ipaddress { #VIP相关的配置 ,定义的VIP地址一定是和指定interface 网卡在相同的网段中
172.18.135.8
}
}

5:此节点上启动HA节点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
启动节点的keepalived

~]# systemctl start keepalived
~]# systemctl enable keepalived

查看进程的状态

~]# ps -ef | grep keepalived
root 6412 1 0 15:03 ? 00:00:00 /usr/sbin/keepalived -D
root 6413 6412 0 15:03 ? 00:00:00 /usr/sbin/keepalived -D
root 6414 6412 0 15:03 ? 00:00:00 /usr/sbin/keepalived -D
root 6508 6466 0 15:06 pts/0 00:00:00 grep --color=auto keepalived

查看VIP

~] # ip addr
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:4d:6c brd ff:ff:ff:ff:ff:ff
inet 172.18.135.1/24 brd 172.18.135.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 172.18.135.8/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::4587:5c47:4c05:570b/64 scope link noprefixroute
valid_lft forever preferred_lft forever

6:启动keepalived会默认生成访问墙的规则

1
2
3
4
5
6
7
8
9
10
~]# iptables -L
Chain INPUT (policy ACCEPT) #拒绝从任何地址到VIP地址的访问
target prot opt source destination
DROP all -- anywhere anywhere match-set keepalived dst

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

7:解决yum安装的keepalived启动时默认生成的防火墙额规则的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
方法一:

直接清空防火墙
~]# iptables -F


可以在keepalived启动时跳过生成防火墙的规则
编辑配置文件
global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
vrrp_iptables #不生成防火墙策略
}
....

8:其他节点ping keepalived VIP地址测试

1
2
3
4
5
~]# ping 172.18.135.8
PING 172.18.135.8 (172.18.135.8) 56(84) bytes of data.
64 bytes from 172.18.135.8: icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from 172.18.135.8: icmp_seq=2 ttl=64 time=0.106 ms
64 bytes from 172.18.135.8: icmp_seq=3 ttl=64 time=0.090 ms


将VIP在HA主机上设置一个单独的子接口

1:编辑keepalived的配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}

vrrp_instance VRRP-V1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8 dev ens37 label ens37:1 #定义lable,也可以在地址后面添加掩码
}
}

2:重新启动查看网卡接口

1
~]# systemctl restart keepalived


高可用集群部署

1:node1配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}

vrrp_instance VRRP-V1 {
state MASTER #主
interface ens37
virtual_router_id 51
priority 100 #100优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8/24 dev ens37 label ens37:01
}
}

2:启动keepalived

1
~]# systemctl start keepalived

3:node2 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
~]# yum install keepalived -y

~]# vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}

vrrp_instance VRRP-V1 {
state BACKUP #备
interface ens37
virtual_router_id 51
priority 90 #90优先级要低于MASTER
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8/24 dev ens37 label ens37:01
}
}

4:node2 启动keepalived

1
2
~]# systemctl start keepalived
~]# systemctl enable keepalived

5:测试在node1节点上ens37网卡断掉,是否会将vip飘到node2上(可以查看日志信息)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
node1

~]# ifconfig ens37 down

node2

~]# ip addr
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:97:a5:a7 brd ff:ff:ff:ff:ff:ff
inet 172.18.135.2/24 brd 172.18.135.255 scope global ens37
valid_lft forever preferred_lft forever
inet 172.18.135.8/24 scope global secondary ens37:01
valid_lft forever preferred_lft forever
inet6 fe80::8aad:e002:aea0:6f27/64 scope link
valid_lft forever preferred_lft forever


如果node1节点挂掉了,node2可以继续对外提供服务,但是node1的优先级要高于node2 如果node1恢复则vip会继续飘回node1上


指定当主节点VIP宕机时自动发送报警邮件信息

1:编辑keepalived配置文件(node1 和node2 配置文件相同)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
  notify_master
#当前节点成为主节点时触发的脚本
notify_backup
#当前节点转为备份节点时触发的脚本
notify_fault
#当前节点转为“失败”状态时触发的脚本

定义报警时触发的脚本

~]# vim /etc/keepalived/notify.sh
#!/bin/bash
#
contact='1284808408@qq.com'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac

~]# chmod +x /etc/keepalived/notify.sh

编辑keepalived配置文件调用脚本
~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
#vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}

vrrp_instance VRRP-V1 {
state MASTER
interface ens37
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8/24 dev ens37 label ens37:01 #可配置多个VIP地址
172.18.135.9/24 dev ens37 label ens37:02
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}

重启服务

~]# systemctl restart keepalived


keepalived 双主模式

  • 互为主备
  • VIP: 172.18.135.8 - KP_server1 MASTER - KP_server2 BACKUP
  • VIP: 172.18.135.9 - KP_server2 MASTER - KP_server1 BACKUP

KP_server1配置文件(主VIP : 172.18.135.8 备VIP :172.18.135.9)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
~]# vim /etc/keepalived/keepalived.conf

}
notification_email_from root@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
}
virtual_ipaddress {
172.18.135.8/24 dev ens37 label ens37:01

}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}

vrrp_instance VRRP-V2 {
state BACKUP
interface ens37
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.9/24 dev ens37 label ens37:01

}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}

KP_server2配置文件(主VIP : 172.18.135.9 备VIP :172.18.135.8)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
~]# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived

global_defs {
notification_email {
1284808408@qq.com
state BACKUP
interface ens37
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.8/24 dev ens37 label ens37:01
}
}
vrrp_instance VRRP-V2 {
state MASTER
interface ens37
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 11111111
}
virtual_ipaddress {
172.18.135.9/24 dev ens37 label ens37:01
}
}

两个节点的重新启动keepalived服务

KP_server1

1
2
3
4
5
6
7
8
9
~]# systemctl restart keepalived

~]# ip addr
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:14:4d:6c brd ff:ff:ff:ff:ff:ff
inet 172.18.135.1/24 brd 172.18.135.255 scope global noprefixroute ens37
valid_lft forever preferred_lft forever
inet 172.18.135.8/24 scope global secondary ens37:01
valid_lft forever preferred_lft forever

KP_server2

1
2
3
4
5
6
7
8
9
~]# systemctl restart keepalived

~]# ip addr
ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:97:a5:a7 brd ff:ff:ff:ff:ff:ff
inet 172.18.135.2/24 brd 172.18.135.255 scope global ens37
valid_lft forever preferred_lft forever
inet 172.18.135.9/24 scope global secondary ens37:01
valid_lft forever preferred_lft forever

-------------------码字不易尊重原创转载标注不胜感激-------------------
Yes or no?
0%