一.高可用集群
1.1集群类型
1. 负载均衡(Load Balance, LB)
负载均衡是指将负载(工作任务)进行平衡、分摊到多个操作单元上进行运行,如FTP服务器、Web服务器、企业核心应用服务器等,从而协同完成工作任务。Keepalived支持的负载均衡技术包括:
- LVS(Linux Virtual Server):四层负载均衡,工作在OSI模型的传输层,通过IP地址和端口号进行请求的转发。
- HAProxy:支持七层和四层负载均衡,能够处理大量并发连接,并且具有灵活的负载均衡策略。
- Nginx:主要用于七层负载均衡,通过http/upstream和stream/upstream模块实现。
2. 高可用(High Availability, HA)
高可用集群旨在减少服务中断时间,通过保护用户的业务程序对外不间断提供的服务,把因软件、硬件或人为造成的故障对业务的影响降低到最小程度。当集群中的某个节点失效时,其备援节点会在短时间内接管其职责,确保服务的连续性。Keepalived通过VRRP(Virtual Router Redundancy Protocol)协议实现高可用集群的搭建。
3. 解决单点故障(Single Point of Failure, SPoF)
单点故障是指系统中一旦出现故障就会导致整个系统或服务不可用的单一组件。Keepalived通过构建高可用集群,可以有效地解决单点故障问题,确保系统的稳定性和可靠性。
4. 高性能集群(High Performance Computing, HPC)
虽然Keepalived本身主要关注高可用性和负载均衡,但高性能集群(HPC)是另一种重要的集群类型,它专注于通过并行处理来提高计算性能。虽然Keepalived不直接提供高性能计算功能,但它可以在构建高性能集群时用于确保关键服务的高可用性和负载均衡。
5. 集群实现高可用性的方式
- active/passive(主/备):在这种模式下,只有主设备对外提供服务,备设备处于待机状态。当主设备发生故障时,备设备接管服务。
- active/active(双主):两台或多台设备都同时对外提供服务,并且相互备份。这种模式提高了系统的整体性能和可用性。
- active --> HEARTBEAT --> passive:通过心跳机制监测主设备的状态,一旦主设备故障,备设备接管服务。
- active <--> HEARTBEAT <--> active:在双主模式下,两台设备通过心跳机制相互监测,确保服务的连续性和可靠性。
二、VRRP概述
VRRP是一种选择协议,它可以把一个虚拟路由器的责任动态地“分配”给局部路由器中的一台。控制VRRP的路由器被称作MASTER路由器(主路由器),它负责转发数据包到这些虚拟IP地址。一旦MASTER路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的IP地址可以作为终端主机的默认第一跳路由器。
三、VRRP工作原理
VRRP协议的工作原理依赖于其三种状态机:Initialize(初始化状态)、Master(活动状态)和Backup(备份状态)。Master设备定期发送VRRP通告报文,告知其它设备其工作正常。如果Master设备出现故障,Backup设备会根据优先级选举出新的Master设备,继续提供网络连接。这种选举机制确保了网络在设备故障时能够迅速恢复服务,而不会导致长时间的中断。
四、VRRP在Keepalived中的应用
Keepalived是一个开源的、可靠的高可用和故障切换解决方案,主要用于Linux系统。它通过VRRP协议,实现主服务器和备份服务器之间的无缝切换,确保服务的高可用性。具体实现方式包括:
- 虚拟IP地址:Keepalived可以为每个服务创建多个虚拟IP地址(VIP)。当主服务器宕机时,备份服务器可以接管这些虚拟IP地址,继续提供服务。
- 健康检查:Keepalived通过心跳(heartbeat)机制,定期检查主服务器和备份服务器的健康状况。如果发现主服务器宕机,备份服务器可以立即接管。
- 故障切换:当主服务器宕机时,Keepalived可以自动将流量重定向到备份服务器,实现故障切换。
- 负载均衡:虽然Keepalived的主要功能是高可用性和故障切换,但它也可以配置为负载均衡模式,将流量均匀分配给主服务器和备份服务器,提高系统的处理能力。
配置文件组成部分
配置文件:/etc/keepalived/keepalived.conf
配置文件的组成:
GLOBAL CONFIGURATION
Global definitions:定义邮件配置,route_id,vrrp配置,多播地址等
VRRP CONFIGURATION
VRRP instance(s):定义每个vrrp虚拟路由器
LVS CONFIGURATION
Virtual server group(s)
Virtual server(s):LVS集群的VS和RS
环境配置
ka1
[root@ka1 ~]# yum install keepalived -y
[root@ka1 ~]# systemctl stop firewalld.service
[root@ka1 ~]# setenforce 0
ka2
[root@ka2 ~]# yum install keepalived -y
[root@ka2 ~]# systemctl stop firewalld.service
[root@ka2 ~]# setenforce 0
realserver1
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo hehehe > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd
[root@realserver1 ~]# systemctl stop firewalld.service
[root@realserver1 ~]# setenforce 0
realserver2
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo hehehe > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd
[root@realserver2 ~]# systemctl stop firewalld.service
[root@realserver2 ~]# setenforce 0
实验
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived.lanjinli.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
......
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived@whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
......
#重启服务
[root@ka2 ~]# systemctl restart keepalived.service
[root@realserver1 ~]# tcpdump -i [root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4da5:5424:6c11:6bc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
RX packets 30159 bytes 4025655 (3.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43306 bytes 3358755 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1450 bytes 111001 (108.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1450 bytes 111001 (108.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
RX packets 38254 bytes 5109536 (4.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41709 bytes 3230481 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1535 bytes 117492 (114.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1535 bytes 117492 (114.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
非抢占模式
[root@realserver1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
...
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived.whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
#state MASTER
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
...
[root@ka2 ~]# cat /etc/keepalived/keepalived.conf
...
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived@whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.lanjinli.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 70
advert_int 1
nopreemprt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
...
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4da5:5424:6c11:6bc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
RX packets 6284 bytes 562318 (549.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7751 bytes 615356 (600.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 319 bytes 24414 (23.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 319 bytes 24414 (23.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka2 ~]# systemctl stop keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
RX packets 7801 bytes 656054 (640.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7540 bytes 642736 (627.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 525 bytes 40131 (39.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 525 bytes 40131 (39.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
抢占延时模式
[root@realserver1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
...
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived.whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
#state MASTER
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
...
[root@ka2 ~]# cat /etc/keepalived/keepalived.conf
...
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived@whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 70
advert_int 1
#nopreemprt
preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
...
[root@ka1 ~]# systemctl stop keepalived.service
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4da5:5424:6c11:6bc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
RX packets 9507 bytes 804739 (785.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10743 bytes 875796 (855.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 739 bytes 56521 (55.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 739 bytes 56521 (55.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka2 ~]#
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
RX packets 9964 bytes 831383 (811.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11441 bytes 941439 (919.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1050 bytes 80278 (78.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1050 bytes 80278 (78.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]#
Keepalived 通知脚本配置
global_defs {
...
script_user <USER>
...
}
通知脚本类型:
notify_master <STRING>|<QUOTED-STRING> #当前节点成为主节点时触发脚本
notify_backup <STRING>|<QUOTED-STRING> #当前节点转为备节点时触发脚本
notfy_fault <STRING>|<QUOTED-STRING> #当前节点转为失败状态时触发的脚本
notfy <STRING>|<QUOTED-STRING> #通用格式的通知触发机制,一个脚本可以完成以上三种状态的转换的通知
notify_stop <STRING>|<QUOTED-STRING> #当停止VRRP时触发的脚本
脚本的调用方法:
在vrrp_instance VI_1语句块的末尾加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
[root@ka1 ~]# yum install mailx -y
[root@ka2 ~]# yum install mailx -y
生成授权码
[root@ka1 ~]# cat /etc/mail.rc
#在文件最后加入
...
set from=2593466@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2593466@qq.com
set smtp-auth-password=ajdiwefndwnes
set smtp-auth=login
set ssl-verify=ignore
#测试
[root@ka1 ~]# echo hello world | mail -s test 2593466@qq.com
实现 master/master 的 Keepalived 双主架构
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
...
vrrp_instance VI_1 {
state MASTER
#state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
#state MASTER
state BACKUP
interface eth0
virtual_router_id 200
priority 50
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
#重启服务
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka2 ~]# cat /etc/keepalived/keepalived.conf
...
vrrp_instance VI_1 {
state BACKUP
#state MASTER
interface eth0
virtual_router_id 100
priority 70
advert_int 1
#nopreemprt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
#state BACKUP
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#nopreemprt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
...
#重启服务
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
RX packets 19514 bytes 1558959 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28926 bytes 2270962 (2.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:92:51:bd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1869 bytes 142905 (139.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1869 bytes 142905 (139.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]#
#ka2
[root@ka2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::435f:2ba:94d2:582 prefixlen 64 scopeid 0x20<link>
inet6 fe80::4da5:5424:6c11:6bc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
RX packets 25352 bytes 1940929 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24099 bytes 1946973 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:ef:05 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1689 bytes 129040 (126.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1689 bytes 129040 (126.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:6b:1d:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka2 ~]#
实现单主机的LVS-DR模式
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 ~]#
[root@realserver1 ~]# systemctl restart network
Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
[root@realserver1 ~]# rm -rf /etc/sysconfig/network-scripts/ifcfg-
ifcfg-ens33 ifcfg-lo
[root@realserver1 ~]# rm -rf /etc/sysconfig/network-scripts/ifcfg-ens33
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# cat /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver1 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
[root@realserver1 ~]#
[root@realserver1 ~]# systemctl stop firewalld.service
[root@realserver1 ~]# setenforce 0
[root@realserver1 ~]# systemctl restart httpd.service
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver2 ~]# cat /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
[root@realserver2 ~]#
[root@realserver2 ~]# systemctl stop firewalld.service
[root@realserver2 ~]# setenforce 0
[root@realserver2 ~]# systemctl restart httpd.service
[root@ka1 ~]# yum install ipvsadm -y
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
...
vrrp_instance VI_1 {
state MASTER
#state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
#include "/etc/keepalived/conf.d/*.conf"
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
...
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@ka1 ~]#
[root@ka2 ~]# yum install ipvsadm -y
[root@ka2 ~]# cat /etc/keepalived/keepalived.conf
...
vrrp_instance VI_1 {
state BACKUP
#state MASTER
interface eth0
virtual_router_id 100
priority 70
advert_int 1
#nopreemprt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
...
[root@ka2 ~]# systemctl restart keepalived.service
[root@ka2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.200.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@ka2 ~]#
VRRP Script配置
定义脚本
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING>
OPTIONS
}
调用脚本
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
定义VRRP script
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING>
interval <INTEGER>
timeout <INTEGER>
weight <INTEGER:-254..254>
fall <INTEGER>
rise <INTEGER>
user USERNAME [GROUPNAME]
init_fail
}
调用VRRP script
vrrp_instance test {
... ...
track_script {
check_down
}
}
keepalived结合HAProxy高可用
[root@ka1 ~]# yum install haproxy -y
[root@ka2 ~]# yum install haproxy -y
[root@realserver1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
#IPADDR1=172.25.254.100
#NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:54:22:6a brd ff:ff:ff:ff:ff:ff
inet 172.25.254.110/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::4da5:5424:6c11:6bc/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::435f:2ba:94d2:582/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::d318:4046:600c:390c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:6b:1d:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:6b:1d:b7 brd ff:ff:ff:ff:ff:ff
[root@realserver1 ~]# cat /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
[root@realserver1 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
* Applying /etc/sysctl.conf ...
[root@realserver1 ~]#
#realserver2
[root@realserver2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
#IPADDR1=172.25.254.100
#NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver2 ~]# systemctl restart network
[root@realserver2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:69:b5:ed brd ff:ff:ff:ff:ff:ff
inet 172.25.254.120/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::4da5:5424:6c11:6bc/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::435f:2ba:94d2:582/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::d318:4046:600c:390c/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:6b:1d:b7 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:6b:1d:b7 brd ff:ff:ff:ff:ff:ff
[root@realserver2 ~]# cat /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
[root@realserver2 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
* Applying /etc/sysctl.conf ...
[root@realserver2 ~]#
[root@ka1 ~]# cat /etc/sysctl.conf
...
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]#
[root@ka1 ~]# cat /etc/haproxy/haproxy.cfg
...
listen webserver
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@ka1 ~]# systemctl enable --now haproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@ka1 ~]# netstat -antlupe | grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 0 1269940 18519/haproxy
tcp 0 0 172.25.254.100:80 0.0.0.0:* LISTEN 0 1269942 18519/haproxy
udp 0 0 0.0.0.0:40148 0.0.0.0:* 0 1269941 18517/haproxy
[root@ka1 ~]#
#ka2
[root@ka2 ~]# cat /etc/sysctl.conf
...
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@ka2 ~]#
[root@ka2 ~]# cat /etc/haproxy/haproxy.cfg
...
listen webserver
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@ka2 ~]# systemctl enable --now haproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
[root@ka2 ~]# netstat -antlupe | grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 0 748750 8584/haproxy
tcp 0 0 172.25.254.100:80 0.0.0.0:* LISTEN 0 748752 8584/haproxy
udp 0 0 0.0.0.0:57756 0.0.0.0:* 0 748751 8581/haproxy
[root@ka2 ~]#
[root@ka1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived.whuan.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_whuan {
script "/mnt/check_whuan.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
#state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_lanjinli
}
}
vrrp_instance VI_2 {
#state MASTER
state BACKUP
interface eth0
virtual_router_id 200
priority 50
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
#include "/etc/keepalived/conf.d/*.conf"
virtual_server 172.25.254.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ka1 ~]#
#ka2
[root@ka2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2593466@qq.com
}
notification_email_from keepalived@lanjinli.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2.whuan.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
#state MASTER
interface eth0
virtual_router_id 100
priority 70
advert_int 1
#nopreemprt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
#state BACKUP
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 1
#nopreemprt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
virtual_server 172.25.254.200 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ka2 ~]#
测试
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]#
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]# curl 172.25.254.100
egeee
[root@client ~]# curl 172.25.254.100
xdxxx
[root@client ~]#