引言
在集群中,LVS主机为后端真实主机进行流量调度等功能。LVS是基于四层的调度,可以根据IP、MAC地址和端口对后端真实主机进行调用,但LVS不能对后端真实主机的健康状态进行检测。所以在普通LVS的基础上部署了 HAProxy 。HAProxy 能够实现对后端真实服务器的健康状态进行检测,并且支持七层模型,能够对客户端发过来的报文对数据进行分析,通过 acl 的手段达到动静分离,让服务和资源彼此映射和调用,充分利用资源,提高服务效率。如果 LVS 主机挂掉,会影响整个集群的服务,所以还需要另外的主机对 LVS 进行主从备份。本篇文章讲解通过在 LVS 主从机上部署 Keepalived 来实现即使主从机通信的 vip 漂移,也不会影响客户机访问后端真实服务器的连续性和稳定性等一系列在高可用集群中的基本配置。
目录
3.1 实现 master/slave 的 Keepalived 单主架构
3.5 实现 master/master 的 Keepalived 双主架构
3.6.1.2 virtual server (虚拟服务器)的定义格式
1. 集群介绍
vip 的通信要稳定运行,需要借助高可用集群,实现高可用集群的最常用的方法就是 Keepalived 软件。
1.1 集群类型
- LB:Load Balance 负载均衡
LVS 和 realserver 共同组成的集群叫负载均衡。流量到达 LVS 后,LVS 通过调度算法把流量调度到负载最小的主机上。
- HA:High Availability 高可用集群
通过 LVS 主备机使集群在整个生产环境中在线率达到99.99%及以上,在线时间越长,高可用性能越好。高可用集群能够解决单点故障问题(SPoF: Single Point of Failure)
数据库、Redis
- HPC:High Performance Computing 高性能集群
解决单个主机运算能力达不到想要的需求,把多个主机组合到一起。
1.2 系统可用性
- SLA
Service-Level Agreement 服务等级协议。提供服务的企业与客户之间就服务的品质、水准、性能 等方面所达成的双方共同认可的协议或契约。
- 高可用使用量的计算方法
公式:A = MTBF / (MTBF+MTTR)。A = 在线时间(在线时间+平均故障处理时间)。A的值越大说明高可用性能越好。
示例:99.95%:(60*24*30)*(1-0.9995)=21.6分钟 #一般按一个月停机时间统计
指标 :99.9%, 99.99%, 99.999%,99.9999%
1.3 系统故障
- 出现故障的原因
硬件故障:设计缺陷、wear out(损耗)、非人为不可抗拒因素。
软件故障:设计缺陷 bug。
1.4 实现高可用
- 提升系统高用性的解决方案
降低MTTR- Mean Time To Repair(平均故障时间)。
- 解决方案
建立冗余机制。HEARTBEAT心跳,检测主从机或双主机健康状态的机制,如果检测到其中一方主机挂掉,就把服务迁移到存活的另一台主机上。
- active/passive 主/备
- active/active 双主
- active --> HEARTBEAT --> passive
- active <--> HEARTBEAT <--> active
1.5 VRRP
HEARTBEAT 依赖虚拟路由冗余协议(Virtual Router Redundancy Protocol)。如下图,两台路由器主机不断在网络中发送组播,组播地址收到它俩的信息以后,会判定它俩之间哪个信息是好的,这样的做法就叫做 VRRP 协议。
虚拟路由冗余协议能够解决路由器(静态网关)单点风险问题。VRRP 协议用在下图内部四台虚拟路由器上,主要管理流量出去。运用在Keepalived 上面,主要解决客户机通过访问201.1.1.3把流量放进来访问内部网络的问题。
虚拟路由冗余协议涉及到物理层(路由器、三层交换机)和软件层(Keepalived )。
上图中,IP地址201.1.1.3是路由器组真正上网的IP。假如201.1.1.3一开始在201.1.1.1路由器主机上,201.1.1.1出现问题,201.1.1.3就会迁移到201.1.1.2主机上。通过HEARTBEAT心跳,即VRRP协议判定两台路由器主机之间谁出了故障。
1.5.1 VRRP 相关术语
- Virtual Router
虚拟路由器。
- VRID(0-255)
虚拟路由器标识,唯一标识虚拟路由器。
- VIP
Virtual IP ,虚拟IP
- VMAC
Virutal MAC (00-00-5e-00-01-VRID),虚拟IP的MAC地址。
- 物理路由器
- master:主设备
- backup:备用设备
- priority:优先级
根据优先级来判定主机的主备关系,优先级较大的为主,较小的为从。VIP的漂移取决于哪台路由器主机优先级高。
1.5.2 VRRP 相关技术
- 通告
路由器默认通过组播向组播地址发送自己的信息,告知自己处于存活状态。通过心跳实现VIP的迁移,保证存活时间。
- 工作方式
- 抢占式:如上图,201.1.1.1和201.1.1.2都部署了 Keepalived,一开始默认 VIP 在201.1.1.1主机上,如果201.1.1.1挂掉,VIP则会因为 Keeplived 的部署迁移到201.1.1.2主机上。如果201.1.1.1主机设置的抢占模式,主机修复好后会把 VIP 抢占回来。前提是201.1.1.1的优先级高于201.1.1.2。
- 非抢占式:如上图,201.1.1.1和201.1.1.2都部署了 Keepalived,一开始默认 VIP 在201.1.1.1主机上,如果201.1.1.1挂掉,VIP则会因为 Keeplived 的部署迁移到201.1.1.2主机上。如果201.1.1.1主机设置的非抢占模式,主机修复好后不会把 VIP 抢占回来,VIP 仍然在201.1.1.2主机上。前提是201.1.1.1的优先级高于201.1.1.2。
- 延迟抢占:如上图,201.1.1.1和201.1.1.2都部署了 Keepalived,一开始默认 VIP 在201.1.1.1主机上,如果201.1.1.1挂掉,VIP则会因为 Keeplived 的部署迁移到201.1.1.2主机上。如果201.1.1.1主机设置的延迟抢占模式,主机修复好后会在达到延迟抢占时间后把 VIP 抢占回来。前提是201.1.1.1的优先级高于201.1.1.2。
- 安全认证
路由器主机通过通告来证明自己的存活性,通告的时候要把自己的信息发送到组播地址,发送过程中可以设置安全认证来选择是否对自己的信息进行加密。
认证方式:无认证;简单字符认证:预共享密钥;MD5。
- 工作模式
主/备:单虚拟路由器。存在资源浪费问题。
主/主:主/备(虚拟路由器1),备/主(虚拟路由器2)。互为主备。
2. Keepalived 部署
2.1 Keepalived 简介
Keepalived是vrrp 协议的软件实现,原生设计目的为了高可用 ipvs服务。
官网地址: http://keepalived.org/
功能:
- 基于vrrp协议完成地址流动,即 VIP 的漂移。
- 为vip地址所在的节点生成ipvs规则(在配置文件中预先定义),即根据执行情况自动生成 LVS 策略。
- 为ipvs集群的各RS做健康状态检测,跟 HAProxy 的检测方法不一样。
- 基于脚本调用接口完成脚本中定义的功能,进而影响集群事务,以此支持nginx、haproxy等服务。
2.2 Keepalived 架构
- 官方资料文档
https://keepalived.org/doc/
http://keepalived.org/documentation.html
- 架构图
- 用户空间核心组件
- VRRP stack:做心跳,VIP消息通告。
- checkers:监测real server 进行健康检测,可以检测 TCP、HTTP、SSL、MISC等协议。
- system call:实现 vrrp 协议状态转换时调用脚本的功能。
- SMTP:邮件组件,需要邮件服务器。
- IPVS wrapper:生成IPVS规则,为 LVS 准备的一个套件。比如 checkers 检测到有一台 realserver 挂掉了,这时使用 IPVS wrapper 对当前主机的 IPVS 规则进行操作,把挂掉的服务器主机从策略中清除。
- Netlink Reflector:网络接口。
- WatchDog:监控进程,对服务器的健康状况进行检测,检测出问题立即进行调整。
- 控制组件
提供 Keepalived.conf 的解析器,让 Keepalived 正常运行,完成对 Keepalived 配置的读取等操作。
- IO复用器
针对网络目的而优化的自己的线程抽象,负责 IO 调度。
- 内存管理组件
对于 Keeplived 使用过程当中对内存的使用和调度。为某些通用的内存管理功能(例如分配,重新分配,发布等)提供访问权限。
2.3 Keepalived 实验环境配置
整个集群服务基于四台 RedHat7 的虚拟机来实现。
注意事项:
- 各节点时间必须同步:ntp, chrony
- 关闭防火墙及SELinux
- 各节点之间可通过主机名互相通信:非必须
- 建议使用/etc/hosts文件实现:非必须
- 各节点之间的root用户可以基于密钥认证的ssh服务完成互相通信:非必须
- RHEL7中可能会遇到的bug
systemctl restart keepalived #新配置可能无法生效
systemctl stop keepalived;systemctl start keepalived #无法停止进程,需要 kill 停 止
- 创建母盘虚拟机
创建好一台 RedHat 虚拟机之后,开启虚拟机,查看 DHCP 默认分配的IP地址。
用默认分配的 IP 地址连接 xshell 。
[C:\~]$ ssh root@172.25.254.131
Connecting to 172.25.254.131:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 10:56:12 2024
配置本地仓库。
[root@localhost ~]# vi /etc/yum.repos.d/rpm.repo
[BaseOS]
name=BaseOS
baseurl=file:///mnt
gpgcheck=0
挂载。
[root@localhost ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
下载基本软件测试仓库是否配置成功。
[root@localhost ~]# yum install bash-com* net-tools lrz* vim -y
重置网卡信息。
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.131 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::9c18:abfe:4a44:947e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:a0:d4:52 txqueuelen 1000 (Ethernet)
RX packets 1435 bytes 107634 (105.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1410 bytes 1180897 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# grubby --update-kernel ALL --args net.ifnames=0
[root@localhost ~]# reboot
虚拟机里登录,配置网卡信息。
建立快照后创建四台链接交换机配置实验环境。
- 链接虚拟机——Keepalived1
改主机名
[C:\~]$ ssh root@172.25.254.132
Connecting to 172.25.254.132:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:05:51 2024
[root@localhost ~]# hostnamectl set-hostname kp1.timinglee.org
[root@localhost ~]# exit
logoutConnection closed.
Disconnected from remote host(172.25.254.132:22) at 12:14:34.
Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.132
Connecting to 172.25.254.132:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:08:37 2024 from 172.25.254.1[root@kp1 ~]# hostnamectl
Static hostname: kp1.timinglee.org
Icon name: computer-vm
Chassis: vm
Machine ID: 2dcb62aa5c5644e982163a59d116ee42
Boot ID: ad3a1103d1424ca8afd594759f09e112
Virtualization: vmware
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.9:GA:server
Kernel: Linux 3.10.0-1160.el7.x86_64
Architecture: x86-64
配置静态IP。
[root@kp1 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.10/24 ipv4.method manual connection.autoconnect yes
[root@kp1 ~]# nmcli connection up eth0
配置 DNS 和网关。
[root@kp1 ~]# nmcli connection modify eth0 ipv4.dns 172.25.254.2 ipv4.gateway 172.25.254.2 ipv4.method manual connection.autoconnect yes
[root@kp1 ~]# nmcli connection up eth0
[C:\~]$ ssh root@172.25.254.10
Connecting to 172.25.254.10:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:14:40 2024 from 172.25.254.1
[root@kp1 ~]#
[root@kp1 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@kp1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.4G 49G 3% /
/dev/sda1 1014M 150M 865M 15% /boot
/dev/mapper/rhel-home 47G 33M 47G 1% /home
tmpfs 182M 0 182M 0% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /mnt
[root@kp1 ~]# systemctl stop firewalld.service
[root@kp1 ~]# setenforce 0
- 链接虚拟机——Keepalived2
Xshell 7 (Build 0164)
Copyright (c) 2020 NetSarang Computer, Inc. All rights reserved.Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.133
Connecting to 172.25.254.133:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:16:46 2024
[root@localhost ~]# hostnamectl set-hostname kp2.timinglee.org
[root@localhost ~]# exit
logoutConnection closed.
Disconnected from remote host(172.25.254.133:22) at 12:19:07.
Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.133
Connecting to 172.25.254.133:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:18:32 2024 from 172.25.254.1
[root@kp2 ~]# hostnamectl
Static hostname: kp2.timinglee.org
Icon name: computer-vm
Chassis: vm
Machine ID: 2dcb62aa5c5644e982163a59d116ee42
Boot ID: 99b04509b09d41788e8b07ab91267e92
Virtualization: vmware
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.9:GA:server
Kernel: Linux 3.10.0-1160.el7.x86_64
Architecture: x86-64
[root@kp2 ~]#
[root@kp2 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.20/24 ipv4.method manual connection.autoconnect yes
[root@kp2 ~]# nmcli connection up eth0
[root@kp2 ~]# nmcli connection modify eth0 ipv4.dns 172.25.254.2 ipv4.gateway 172.25.254.2 ipv4.method manual connection.autoconnect yes
[root@kp2 ~]# nmcli connection up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[C:\~]$ ssh root@172.25.254.20
Connecting to 172.25.254.20:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:19:12 2024 from 172.25.254.1
[root@kp2 ~]#
[root@kp2 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@kp2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.4G 49G 3% /
/dev/mapper/rhel-home 47G 33M 47G 1% /home
/dev/sda1 1014M 150M 865M 15% /boot
tmpfs 182M 0 182M 0% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /mnt
[root@kp2 ~]# systemctl stop firewalld.service
[root@kp2 ~]# setenforce 0
- 链接虚拟机——realserver1
Xshell 7 (Build 0164)
Copyright (c) 2020 NetSarang Computer, Inc. All rights reserved.Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.134
Connecting to 172.25.254.134:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:19:52 2024
[root@localhost ~]# hostnamectl set-hostname realserver1.timinglee.org
[root@localhost ~]# exit
logoutConnection closed.
Disconnected from remote host(172.25.254.134:22) at 12:21:31.
Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.134
Connecting to 172.25.254.134:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:20:59 2024 from 172.25.254.1
[root@realserver1 ~]# hostnamectl
Static hostname: realserver1.timinglee.org
Icon name: computer-vm
Chassis: vm
Machine ID: 2dcb62aa5c5644e982163a59d116ee42
Boot ID: 14fec4bba5f34b7bbe6eb87ba915622a
Virtualization: vmware
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.9:GA:server
Kernel: Linux 3.10.0-1160.el7.x86_64
Architecture: x86-64
[root@realserver1 ~]#
[root@realserver1 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.110/24 ipv4.method manual
[root@realserver1 ~]# nmcli connection up eth0
[C:\~]$ ssh root@172.25.254.110
Connecting to 172.25.254.110:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:21:35 2024 from 172.25.254.1
[root@realserver1 ~]#
[root@realserver1 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@realserver1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.4G 49G 3% /
/dev/mapper/rhel-home 47G 33M 47G 1% /home
/dev/sda1 1014M 150M 865M 15% /boot
tmpfs 182M 0 182M 0% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /mnt
[root@realserver1 ~]# systemctl stop firewalld.service
[root@realserver1 ~]# setenforce 0
- 链接虚拟机——realserver2
Xshell 7 (Build 0164)
Copyright (c) 2020 NetSarang Computer, Inc. All rights reserved.Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.135
Connecting to 172.25.254.135:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:22:06 2024
[root@localhost ~]# hostnamectl set-hostname realserver2.timinglee.org
[root@localhost ~]# exit
logoutConnection closed.
Disconnected from remote host(172.25.254.135:22) at 12:23:51.
Type `help' to learn how to use Xshell prompt.
[C:\~]$ ssh root@172.25.254.135
Connecting to 172.25.254.135:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:23:16 2024 from 172.25.254.1
[root@realserver2 ~]# hostnamectl
Static hostname: realserver2.timinglee.org
Icon name: computer-vm
Chassis: vm
Machine ID: 2dcb62aa5c5644e982163a59d116ee42
Boot ID: 2ad23fc0685947269f7d8b6dba4f30fd
Virtualization: vmware
Operating System: Red Hat Enterprise Linux Server 7.9 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.9:GA:server
Kernel: Linux 3.10.0-1160.el7.x86_64
Architecture: x86-64
[root@realserver2 ~]#
[root@realserver2 ~]# nmcli connection modify eth0 ipv4.addresses 172.25.254.120/24 ipv4.method manual
[root@realserver2 ~]# nmcli connection up eth0
[C:\~]$ ssh root@172.25.254.120
Connecting to 172.25.254.120:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Mon Aug 12 12:23:55 2024 from 172.25.254.1
[root@realserver2 ~]#
[root@realserver2 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@realserver2 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 898M 0 898M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.6M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 50G 1.4G 49G 3% /
/dev/mapper/rhel-home 47G 33M 47G 1% /home
/dev/sda1 1014M 150M 865M 15% /boot
tmpfs 182M 0 182M 0% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /mnt
[root@realserver2 ~]# systemctl stop firewalld.service
[root@realserver2 ~]# setenforce 0
-
环境测试
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# systemctl start httpd.service
[root@realserver1 ~]# echo 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# systemctl start httpd.service
[root@realserver2 ~]# echo 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@kp1 ~]# curl 172.25.254.110
172.25.254.110
[root@kp1 ~]# curl 172.25.254.120
172.25.254.120
2.4 Keepalived 相关文件
- 软件包名:keepalived
- 主程序文件:/usr/sbin/keepalived
- 主配置文件:/etc/keepalived/keepalived.conf
- 配置文件示例:/usr/share/doc/keepalived/
- Unit File:/lib/systemd/system/keepalived.service
- Unit File的环境配置文件:/etc/sysconfig/keepalived
2.5 Keepalived 安装
dnf install keepalived -y
systemctl start keepalived
ps axf | grep keepalived
2.6 KeepAlived 配置说明
2.6.1 配置文件组成部分
- 配置文件
/etc/keepalived/keepalived.conf
- 配置文件组成
Keepalived 的配置分为以下三步:
- GLOBAL CONFIGURATION 全局配置。Global definitions:定义邮件配置,route_id,vrrp配置,多播地址等。
- VRRP CONFIGURATION 虚拟路由配置。VRRP instance(s):定义每个vrrp虚拟路由器
- LVS CONFIGURATION 最终访问内容的配置。Virtual server group(s) ;Virtual server(s):LVS集群的VS和RS
2.6.2 配置语法说明
查看帮助文档。
man keepalived.conf
2.6.2.1 全局配置
! Configuration File for keepalived
global_defs {
notification_email {
594233887@qq.com #keepalived 发生故障切换时邮件发送的目标邮箱,可以按行区
分写多个
timiniglee-zln@163.com
}
notification_email_from keepalived@KA1.timinglee.org #发邮件的地址
smtp_server 127.0.0.1 #邮件服务器地址
smtp_connect_timeout 30 #邮件服务器连接timeout
router_id KA1.timinglee.org #每个keepalived主机唯一标识
#建议使用当前主机名,但多节点
重名不影响
vrrp_skip_check_adv_addr #对所有通告报文都检查,会比较消耗性能
#启用此配置后,如果收到的通告报文和上一
个报文是同一 #个路由器,则跳过检查,默认
值为全检查
vrrp_strict #严格遵循vrrp协议
#启用此项后以下状况将无法启动服务:
#1.无VIP地址
#2.配置了单播邻居
#3.在VRRP版本2中有IPv6地址
#建议不加此项配置
vrrp_garp_interval 0 #报文发送延迟,0表示不延迟
vrrp_gna_interval 0 #消息发送延迟
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围:
}
2.6.2.2 配置虚拟路由器
- 配置讲解:
vrrp_instance VI_1 {
state MASTER
interface eth0 #绑定为当前虚拟路由器使用的物理接口,如:eth0,可以和VIP不在一
个网卡
virtual_router_id 51 #每个虚拟路由器惟一标识,范围:0-255,每个虚拟路由器此值必须唯一
#否则服务无法启动
#同属一个虚拟路由器的多个keepalived节点必须相同
#务必要确认在同一网络中此值必须唯一
priority 100 #当前物理节点在此虚拟路由器的优先级,范围:1-254
#值越大优先级越高,每个keepalived主机节点此值不同
advert_int 1 #vrrp通告的时间间隔,默认1s
authentication { #认证机制
auth_type AH|PASS #AH为IPSEC认证(不推荐),PASS为简单密码(建议使用)
uth_pass 1111 #预共享密钥,仅前8位有效
#同一个虚拟路由器的多个keepalived节点必须一样
}
virtual_ipaddress { #虚拟IP,生产环境可能指定上百个IP地址
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
172.25.254.100 #指定VIP,不指定网卡,默认为eth0,注意:不指定/prefix,默认32
172.25.254.101/24 dev eth1
172.25.254.102/24 dev eth2 label eth2:1
}
}
- 实验示例:
安装 Keepalived。
[root@kp1 ~]# yum install keepalived -y
[root@kp1 ~]# systemctl enable --now keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@kp2 ~]# yum install keepalived -y
[root@kp2 ~]# systemctl enable --now keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
查看 Keepalived 文件。
[root@kp2 ~]# rpm -ql keepalived
/etc/keepalived #配置目录
/etc/keepalived/keepalived.conf #主配置文件,即服务工作守则
/etc/sysconfig/keepalived #对启用进程做设定
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service #启动服务的脚本
/usr/libexec/keepalived #执行命令
/usr/sbin/keepalived
/usr/share/doc/keepalived-1.3.5
....
安装完成后查看帮助文档。
[root@kp2 ~]# man 5 keepalived.conf
进入配置文件。
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
配置虚拟路由。
注解:
notification_email{} #通知邮件,出了问题把错误通过邮件的形式发送到其中填写的邮箱。
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 2246 bytes 188924 (184.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1698 bytes 189740 (185.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 36 bytes 3028 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 3028 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
The authenticity of host '172.25.254.20 (172.25.254.20)' can't be established.
ECDSA key fingerprint is SHA256:8T2ZMNJ/afi+WS9PtVUjgstkK8kaBtk1gNoARjrCmEU.
ECDSA key fingerprint is MD5:4c:2c:5d:ba:dd:7b:78:55:6d:5b:3c:49:3c:b3:d9:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.20' (ECDSA) to the list of known hosts.
root@172.25.254.20's password:
keepalived.conf 100% 3552 5.1MB/s 00:00
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 2280 bytes 190083 (185.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1473 bytes 173969 (169.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 72 bytes 6060 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6060 (5.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# yum install tcpdump -y
[root@kp1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
[root@realserver1 ~]# ssh -l root 172.25.254.10
The authenticity of host '172.25.254.10 (172.25.254.10)' can't be established.
ECDSA key fingerprint is SHA256:8T2ZMNJ/afi+WS9PtVUjgstkK8kaBtk1gNoARjrCmEU.
ECDSA key fingerprint is MD5:4c:2c:5d:ba:dd:7b:78:55:6d:5b:3c:49:3c:b3:d9:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.10' (ECDSA) to the list of known hosts.
root@172.25.254.10's password:
Last login: Mon Aug 12 12:29:52 2024 from 172.25.254.1
[root@kp1 ~]# systemctl stop keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 2987 bytes 233197 (227.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1600 bytes 182891 (178.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 72 bytes 6060 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6060 (5.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
realserver1 远程登录开启 kp1 的服务 。
[root@kp1 ~]# systemctl start keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 3049 bytes 237157 (231.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1633 bytes 186327 (181.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 72 bytes 6060 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6060 (5.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 3607 bytes 303666 (296.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3798 bytes 389306 (380.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 72 bytes 6064 (5.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6064 (5.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
虚拟路由的通讯设定
[root@kp1 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
^C
--- 172.25.254.100 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms
[root@kp1 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 match-set keepalived dstChain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.027 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.030 ms
64 bytes from 172.25.254.100: icmp_seq=4 ttl=64 time=0.033 ms
64 bytes from 172.25.254.100: icmp_seq=5 ttl=64 time=0.034 ms
^C
--- 172.25.254.100 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3998ms
rtt min/avg/max/mdev = 0.019/0.028/0.034/0.008 ms
[root@kp1 ~]#
[root@kp1 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destinationChain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destinationChain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@kp1 ~]# ping 172.25.254.100
2.6.2.3 启用 Keepalived 日志功能
- 日志分离实验示例
[root@kp1 ~]# vim /etc/sysconfig/keepalived
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# vim /etc/rsyslog.conf
[root@kp1 ~]# systemctl restart rsyslog.service
[root@kp1 ~]# ll /var/log/keepalived.log
-rw-------. 1 root root 5040 Aug 13 01:58 /var/log/keepalived.log
2.6.2.4 实现独立子配置文件
当生产环境复杂时, /etc/keepalived/keepalived.conf 文件中内容过多,不易管理 将不同集群的配置,比如:不同集群的VIP配置放在独立的子配置文件中利用include 指令可以实现包含子配置文件 。
格式:
include /path/file
- 实验示例:
[root@kp1 ~]# mkdir -p /etc/keepalived/con.d
[root@kp1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
3. Keepalived 企业应用示例
3.1 实现 master/slave 的 Keepalived 单主架构
3.1.1 MASTER 配置
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
594233887@qq.com
}
notification_email_from keepalived@KA1.timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
#添加此选项无法访问vip,可以用nft list ruleset查看
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0}
}
3.1.2 BACKUP 配置
#配置文件和master基本一致,只需修改三行
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
594233887@qq.com
}
notification_email_from keepalived@timinglee.org
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2.timinglee.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
#相同id管理同一个虚拟路由
#低优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
抓包观察。
tcpdump -i eth0 -nn host 224.0.0.18
3.2 抢占模式和非抢占模式
3.2.1 非抢占模式 nopreempt
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色, 这样会使vip在KA主机中来回漂移,造成网络抖动, 建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色 非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。
注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKUP。
- 实验示例
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 31670 bytes 1977261 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4128 bytes 360380 (351.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14464 (14.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14464 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 7809 bytes 637490 (622.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33886 bytes 2354691 (2.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 296 bytes 24888 (24.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 296 bytes 24888 (24.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 7831 bytes 639052 (624.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33961 bytes 2360759 (2.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 328 bytes 27576 (26.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 27576 (26.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 31750 bytes 1982189 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4165 bytes 363714 (355.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14464 (14.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14464 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# systemctl stop keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 31803 bytes 1986137 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4265 bytes 371778 (363.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14464 (14.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14464 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 7929 bytes 645092 (629.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33997 bytes 2363953 (2.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 328 bytes 27576 (26.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 27576 (26.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# systemctl start keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 31870 bytes 1991505 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4311 bytes 376988 (368.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 204 bytes 17152 (16.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 204 bytes 17152 (16.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 7935 bytes 645550 (630.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34066 bytes 2369327 (2.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 328 bytes 27576 (26.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 27576 (26.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.2.2 抢占延迟模式 preempt_delay
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回 VIP
preempt_delay # #指定抢占延迟时间为#s,默认延迟300s
- 注意:
需要各keepalived服务器state为BACKUP,并且不要启用 vrrp_strict
- 实验示例:
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 7935 bytes 645550 (630.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34066 bytes 2369327 (2.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 328 bytes 27576 (26.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 27576 (26.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
间隔5秒查看IP。
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 8320 bytes 675574 (659.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34766 bytes 2425613 (2.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 360 bytes 30264 (29.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 360 bytes 30264 (29.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl stop keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 32763 bytes 2048617 (1.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4490 bytes 394996 (385.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 236 bytes 19840 (19.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 236 bytes 19840 (19.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl start keepalived.service
间隔5秒查看IP。
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 8441 bytes 684426 (668.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35044 bytes 2446183 (2.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 392 bytes 32952 (32.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 392 bytes 32952 (32.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 恢复抢占模式
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
3.3 VIP单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量。
- 注意:
启用 vrrp_strict 时,不能启用单播
#在所有节点vrrp_instance语句块中设置对方主机的IP,建议设置为专用于对应心跳线网络的地址,而非使用业务网络
unicast_src_ip <IPADDR> #指定发送单播的源IP
unicast_peer {
<IPADDR>
#指定接收单播的对方目标主机IP
......
}
#启用 vrrp_strict 时,不能启用单播,否则服务无法启动,并在messages文件中记录下面信息
Jun 16 17:50:06 centos8 Keepalived_vrrp[23180]: (m44) Strict mode does not
support authentication. Ignoring.
Jun 16 17:50:06 centos8 Keepalived_vrrp[23180]: (m44) Unicast peers are not
supported in strict mode
Jun 16 17:50:06 centos8 Keepalived_vrrp[23180]: Stopped - used 0.000606 user
time, 0.000000 system time
Jun 16 17:50:06 centos8 Keepalived[23179]: Keepalived_vrrp exited with permanent
error CONFIG. Terminating
Jun 16 17:50:06 centos8 systemd[1]: keepalived.service: Succeeded.
Jun 16 17:50:06 centos8 Keepalived[23179]: Stopped Keepalived v2.0.10
(11/12,2018)
- 实验示例:
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
抓包查看数据。
[root@kp1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
03:07:17.798095 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
03:07:18.799424 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
03:07:19.800437 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
03:07:20.801802 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
[root@realserver1 ~]# ssh -l root 172.25.254.10
root@172.25.254.10's password:
Last login: Tue Aug 13 01:27:32 2024 from 172.25.254.1
[root@kp1 ~]# systemctl stop keepalived.service
[root@kp2 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
03:12:28.556465 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
03:12:29.556797 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
03:12:30.557075 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
03:12:31.557870 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
[root@kp1 ~]# systemctl start keepalived.service
[root@kp2 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
03:14:42.684261 ARP, Reply 172.25.254.20 is-at 00:0c:29:bb:50:10, length 28
3.4 Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户 默认以用户keepalived_script身份执行脚本。如果此用户不存在,以root执行脚本可以用下面指令指定脚本执行用户的身份。
global_defs { ...... script_user ...... }
3.4.1 通知脚本类型
当前节点成为主节点时触发的脚本。
notify_master <STRING>|<QUOTED-STRING>
当前节点转为备节点时触发的脚本。
notify_backup <STRING>|<QUOTED-STRING>
当前节点转为“失败”状态时触发的脚本。
notify_fault <STRING>|<QUOTED-STRING>
通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知。
notify <STRING>|<QUOTED-STRING>
当停止VRRP时触发的脚本。
notify_stop <STRING>|<QUOTED-STRING>
3.4.2 脚本的调用方法
在 vrrp_instance VI_1 语句块的末尾加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
3.4.3 邮件配置
- 实验示例:
[root@kp1 ~]# yum install mailx -y
[root@kp2 ~]# yum install mailx -y
发送邮件失败。
[root@kp1 ~]# echo hello world | mail -s test 1422047192@qq.com
[root@kp1 ~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
44A14200C9B5 440 Tue Aug 13 03:24:30 root@kp1.timinglee.org
(Host or domain name not found. Name service error for name=qq.com type=MX: Host not found, try again)
1422047192@qq.com-- 0 Kbytes in 1 Request.
[root@kp1 ~]# mail
No mail for root
主机配置邮件服务器,windows 设置邮件代理。登录qq邮箱后。
绑定手机号后。
扫码发送短信后。
授权码生成。
[root@kp1 ~]# vim /etc/mail.rc
set from=1422047192@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1422047192@qq.com
set smtp-auth-password=lfddeiyukmjbgggc
set smtp-auth=login
set ssl-verify=ignore
[root@kp1 ~]# echo hello world | mail -s test 1422047192@qq.com
[root@kp2 ~]# vim /etc/mail.rc
set from=1422047192@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1422047192@qq.com
set smtp-auth-password=lfddeiyukmjbgggc
set smtp-auth=login
set ssl-verify=ignore
[root@kp2 ~]# echo test | mail -s test 1422047192@qq.com
3.4.5 实现 Keepalived 状态切换的通知脚本
[root@kp1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="1422047192@qq.com"
send_message()
{
mail_sub-"$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
[root@kp1 ~]# chmod +x /etc/keepalived/mail.sh
[root@kp2 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dst="1422047192@qq.com"
send_message()
{
mail_sub-"$HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move $HOSTNAME chage $1"
echo $mail_msg | mail -s "$mail_sub" $mail_dst
}case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
[root@kp2 ~]# chmod +x /etc/keepalived/mail.sh
脚本调用。
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/mail.sh masyer"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/mail.sh masyer"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 109006 bytes 8215144 (7.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 184299 bytes 13352696 (12.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2888 bytes 452448 (441.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2888 bytes 452448 (441.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 3837121 bytes 285262990 (272.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7661721 bytes 538540867 (513.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 91885 bytes 7714421 (7.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 91885 bytes 7714421 (7.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.5 实现 master/master 的 Keepalived 双主架构
master/slave的单主架构:同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却 很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
master/master 的双主架构: 即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高服务器资源利用率。
#ha1主机配置
[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf
@@@@ 内容省略 @@@@
vrrp_instance VI_1 {
state MASTER
#主
interface ens33
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.50 dev ens33 label ens33:0
}
}
vrrp_instance VI_60 {
state BACKUP
}
#备
interface ens33
virtual_router_id 60
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.60 dev ens33 label ens33:1
}
#ka2主机配置,和ka1配置只需五行不同[root@rhel7-ka2 ~]# vim /etc/keepalived/keepalived.conf
@@@@ 内容省略 @@@@
vrrp_instance VI_1 {
state BACKUP
#备
interface ens33
virtual_router_id 50
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.50 dev ens33 label ens33:0
}
}
vrrp_instance VI_60 {
state MASTER
}
#主
interface ens33
virtual_router_id 60
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.60 dev eth0 label eth0:1
}
-
实战案例:三个节点的三主架构实现
#第一个节点ka1配置:
Vrrp instance 1:MASTER,优先级100
Vrrp instance 2:BACKUP,优先级80
Vrrp instance 3:BACKUP,优先级60
#第二个节点ka2配置:
Vrrp instance 1:BACKUP,优先级60
Vrrp instance 2:MASTER,优先级100
Vrrp instance 3:BACKUP,优先级80
#第三个节点ka3配置:
Vrrp instance 1:BACKUP,优先级80
Vrrp instance 2:BACKUP,优先级60
Vrrp instance 3:MASTER,优先级100
3.6 实现IPVS的高可用性
3.6.1 IPVS相关配置
3.6.1.1 虚拟服务器配置结构
virtual_server IP port {
...
real_server {
...
}
real_server {
...
}
…
}
3.6.1.2 virtual server (虚拟服务器)的定义格式
virtual_server IP port
#定义虚拟主机IP地址及其端口
virtual_server fwmark int #ipvs的防火墙打标,实现基于防火墙的负载均衡集群
virtual_server group string #使用虚拟服务器组
3.6.1.3 虚拟服务器配置
virtual_server IP port {
delay_loop <INT>
#VIP和PORT
#检查后端服务器的时间间隔
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #定义调度方法
lb_kind NAT|DR|TUN
#集群的类型,注意要大写
persistence_timeout <INT>
protocol TCP|UDP|SCTP
sorry_server <IPADDR> <PORT>
real_server <IPADDR> <PORT> {
weight <INT>
notify_up <STRING>|<QUOTED-STRING>
#持久连接时长
#指定服务协议,一般为TCP
#所有RS故障时,备用服务器地址
#RS的IP和PORT
#RS权重
#RS上线通知脚本
notify_down <STRING>|<QUOTED-STRING> #RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { ... } #定义当前主机健康状
态检测方法
}
}
#注意:括号必须分行写,两个括号写在同一行,如: }} 会出错
3.6.1.4 应用层监测
应用层检测:HTTP_GET|SSL_GET
HTTP_GET|SSL_GET {
url {
path <URL_PATH>
status_code <INT>
#定义要监控的URL
#判断上述检测机制为健康状态的响应码,一般为 200
}
connect_timeout <INTEGER> #客户端请求的超时时长, 相当于haproxy的timeout server
nb_get_retry <INT>
#重试次数
delay_before_retry <INT> #重试之前的延迟时长
connect_ip <IP ADDRESS>
connect_port <PORT>
bindto <IP ADDRESS>
bind_port <PORT>
}
#向当前RS哪个IP地址发起健康状态检测请求
#向当前RS的哪个PORT发起健康状态检测请求
#向当前RS发出健康状态检测请求时使用的源地址
#向当前RS发出健康状态检测请求时使用的源端口
3.6.1.5 TCP 监测
传输层检测:TCP_CHECK
TCP_CHECK {
connect_ip <IP ADDRESS>
connect_port <PORT>
bindto <IP ADDRESS>
bind_port <PORT>
connect_timeout <INTEGER>
}
#向当前RS的哪个IP地址发起健康状态检测请求
#向当前RS的哪个PORT发起健康状态检测请求
#发出健康状态检测请求时使用的源地址
#发出健康状态检测请求时使用的源端口
#客户端请求的超时时长
#等于haproxy的timeout server
3.6.2 实战案例
3.6.2.1 实战案例1:实现单主的 LVS-DR 模式
- 实验示例
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver1 ~]# cd /etc/sysconfig/network-scripts/
[root@realserver1 network-scripts]# ls
ifcfg-ens33 ifdown-ippp ifdown-sit ifup-bnep ifup-plusb ifup-TeamPort
ifcfg-eth0 ifdown-ipv6 ifdown-Team ifup-eth ifup-post ifup-tunnel
ifcfg-lo ifdown-isdn ifdown-TeamPort ifup-ippp ifup-ppp ifup-wireless
ifdown ifdown-post ifdown-tunnel ifup-ipv6 ifup-routes init.ipv6-global
ifdown-bnep ifdown-ppp ifup ifup-isdn ifup-sit network-functions
ifdown-eth ifdown-routes ifup-aliases ifup-plip ifup-Team network-functions-ipv6
[root@realserver1 network-scripts]# vim ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
IPADDR1=172.25.254.100
NETMASK1=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 network-scripts]# rm -rf ifcfg-ens33
[root@realserver1 network-scripts]# systemctl restart network
[root@realserver1 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.254.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:00:74:ab brd ff:ff:ff:ff:ff:ff
inet 172.25.254.110/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::6e41:186b:f99c:9a4b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::929:2f3f:51e2:42d2/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::633d:9cc5:e987:b127/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
[root@realserver2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 172.25.254.100/32 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:2b:71:71 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.120/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::6e41:186b:f99c:9a4b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::929:2f3f:51e2:42d2/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::633d:9cc5:e987:b127/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@realserver1 network-scripts]# sysctl -a | grep arp
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
dev.parport.default.spintime = 500
dev.parport.default.timeslice = 200
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.eth0.arp_accept = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_notify = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
[root@realserver2 ~]# vim /etc/sysctl.conf/arp.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@realserver2 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
[root@realserver2 ~]# scp /etc/sysctl.d/arp.conf root@172.25.254.110:/etc/sysctl.d/arp.conf
The authenticity of host '172.25.254.110 (172.25.254.110)' can't be established.
ECDSA key fingerprint is SHA256:8T2ZMNJ/afi+WS9PtVUjgstkK8kaBtk1gNoARjrCmEU.
ECDSA key fingerprint is MD5:4c:2c:5d:ba:dd:7b:78:55:6d:5b:3c:49:3c:b3:d9:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.110' (ECDSA) to the list of known hosts.
root@172.25.254.110's password:
arp.conf 100% 134 75.5KB/s 00:00
[root@realserver1 ~]# cat /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
[root@realserver1 ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/arp.conf ...
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
[root@kp1 ~]# yum install ipvsadm -y
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# systemctl start httpd
[root@kp2 ~]# curl 172.25.254.110/
172.25.254.110
[root@realserver1 ~]# echo test > /var/www/html/index.html
[root@realserver1 ~]# curl 172.25.254.110
test
[root@realserver1 ~]# curl 172.25.254.110/
test
[root@kp2 ~]# yum install ipvsadm -y
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.200:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50[root@kp1 ~]# ipvsadm -C
[root@kp1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@kp1 ~]# systemctl restart keepalived.service[root@kp1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.100:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.2:1358 Masq 1 0 0
-> 192.168.200.3:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
-> 192.168.200.4:1358 Masq 1 0 0
-> 192.168.200.5:1358 Masq 1 0 0
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# watch -n 1 ipvsadm -Ln
[root@realserver1 ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-08-13 12:50:14 CST; 38min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 8786 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 9247 (httpd)
Status: "Total requests: 2; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─9247 /usr/sbin/httpd -DFOREGROUND
├─9248 /usr/sbin/httpd -DFOREGROUND
├─9249 /usr/sbin/httpd -DFOREGROUND
├─9250 /usr/sbin/httpd -DFOREGROUND
├─9251 /usr/sbin/httpd -DFOREGROUND
└─9252 /usr/sbin/httpd -DFOREGROUNDAug 13 12:50:14 realserver1.timinglee.org systemd[1]: Starting The Apache HTTP Server...
Aug 13 12:50:14 realserver1.timinglee.org systemd[1]: Started The Apache HTTP Server.[root@realserver1 ~]# systemctl stop httpd.service
[root@realserver1 ~]# systemctl start httpd.service
[root@kp2 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
TCP 10.10.10.2:1358 rr persistent 50
-> 192.168.200.200:1358 Masq 1 0 0
TCP 10.10.10.3:1358 rr persistent 50
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 82676 bytes 6497822 (6.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 45382 bytes 4240352 (4.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 320 bytes 26804 (26.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 320 bytes 26804 (26.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl stop keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 82754 bytes 6505272 (6.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 45465 bytes 4247718 (4.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 320 bytes 26804 (26.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 320 bytes 26804 (26.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl start keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 43403 bytes 3823386 (3.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 102559 bytes 8042993 (7.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3087 bytes 266940 (260.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3087 bytes 266940 (260.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 83299 bytes 6559640 (6.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46129 bytes 4298020 (4.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 320 bytes 26804 (26.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 320 bytes 26804 (26.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vip 漂移不影响 realserver 访问。
3.6.2.2 实战案例2:实现双主的 LVS-DR 模式
- 实验示例:
[root@kp1 ~]# vim /etc/keepalived/test.sh
#!bin/bash
[ ! -f /opt/lee ]
[root@kp1 ~]# chmod +x /etc/keepalived/test.sh
[root@kp1 ~]# sh /etc/keepalived/test.sh
[root@kp1 ~]# echo $?
0
[root@kp1 ~]# touch /opt/lee
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# ls /opt/lee
/opt/lee
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 51562 bytes 4712284 (4.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 116866 bytes 9134223 (8.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3087 bytes 266940 (260.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3087 bytes 266940 (260.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 93849 bytes 7575050 (7.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 56492 bytes 5107130 (4.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 320 bytes 26804 (26.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 320 bytes 26804 (26.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst host 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:21:41.818762 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:21:42.819672 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:21:43.820676 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:21:44.821224 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:21:45.822251 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
15:21:46.823200 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@kp1 ~]# rm -rf /opt/lee
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 53233 bytes 4869448 (4.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118424 bytes 9261585 (8.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3087 bytes 266940 (260.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3087 bytes 266940 (260.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst host 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:25:49.151047 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
15:25:50.151801 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
15:25:51.152893 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
15:25:52.153415 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
15:25:53.154498 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel
当脚本存在时返回值为非零,weight生效, 100-30=70<80,所以VIP就到KP2上了 。
3.7 实现其它应用的高可用性 VRRP Script
keepalived利用 VRRP Script 技术,可以调用外部的辅助脚本进行资源监控,并根据监控的结果实现优先 动态调整,从而实现其它应用的高可用性功能。
参考配置文件:/usr/share/doc/keepalived/keepalived.conf.vrrp.localcheck
3.7.1 VRRP Script 配置
分两步实现:
- 定义脚本
vrrp_script:自定义资源监控脚本,vrrp实例根据脚本返回值,公共定义,可被多个实例调用,定 义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后。 通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至 低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点。
vrrp_script <SCRIPT_NAME> {
script <STRING>|<QUOTED-STRING> #此脚本返回值为非0时,会触发下面OPTIONS执行
OPTIONS
}
- 调用脚本
track_script:调用vrrp_script定义的脚本去监控资源,定义在VRRP实例之内,调用事先定义的 vrrp_script
track_script {
SCRIPT_NAME_1
SCRIPT_NAME_2
}
3.7.1.1 定义 VRRP script
vrrp_script <SCRIPT_NAME> { #定义一个检测脚本,在global_defs 之外配置
script <STRING>|<QUOTED-STRING> #shell命令或脚本路径
interval <INTEGER> #间隔时间,单位为秒,默认1秒
timeout <INTEGER> #超时时间
weight <INTEGER:-254..254> #默认为0,如果设置此值为负数,
#当上面脚本返回值为非0时
#会将此值与本节点权重相加可以降低本节点权重,
#即表示fall.
#如果是正数,当脚本返回值为0,
#会将此值与本节点权重相加可以提高本节点权重
#即表示 rise.通常使用负值
fall <INTEGER> #执行脚本连续几次都失败,则转换为失败,建议设为2以上
rise <INTEGER> #执行脚本连续几次都成功,把服务器从失败标记为成功
user USERNAME [GROUPNAME] #执行监测脚本的用户或组
init_fail #设置默认标记为失败状态,监测成功之后再转换为成功状态
}
3.7.1.2 调用 VRRP script
vrrp_instance test {
... ...
track_script {
check_down
}
}
3.7.2 实战案例:利用脚本实现主从角色切换
[root@rhel7-ka1 ~]# vim /mnt/check_lee.sh
#!/bin/bash
[ ! -f "/mnt/lee" ]
[root@rhel7-ka1 ~]# chmod +x /mnt/check_lee.sh
[root@rhel7-ka1 ~]# vim /etc/keepalived/keepalived.conf
@@@@ 省略内容 @@@@
vrrp_script check_lee {
script "/mnt/check_lee.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance web {
state MASTER
interface ens33
virtual_router_id 50
priority 100
advert_int 1
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100 dev ens33 label ens33:0
}
track_script {
check_lee
}
[root@rhel7-ka1 ~]# touch /mnt/lee
[root@rhel7-ka1 ~]# tail -f /var/log/messages
3.7.3 实战案例:实现HAProxy高可用
- 实验示例:
[root@kp1 ~]# yum install haproxy -y
[root@kp1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@kp1 ~]# systemctl --system
[root@kp1 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@kp2 ~]# yum install haproxy -y
[root@kp2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@kp2 ~]# systemctl --system
[root@kp2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@kp1 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@kp1 ~]# systemctl restart haproxy.service
[root@kp1 ~]# systemctl enable --now haproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.[root@kp1 ~]# netstat -antlupe | grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 0 231795 20873/haproxy
tcp 0 0 172.25.254.100:80 0.0.0.0:* LISTEN 0 231797 20873/haproxy
tcp 0 0 172.25.254.10:43254 172.25.254.120:80 ESTABLISHED 188 280560 20873/haproxy
tcp 0 0 172.25.254.10:50600 172.25.254.110:80 ESTABLISHED 188 280561 20873/haproxy
udp 0 0 0.0.0.0:42800 0.0.0.0:* 0 231796 20872/haproxy
[root@kp2 ~]# vim /etc/haproxy/haproxy.cfg
listen webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
[root@kp2 ~]# systemctl restart haproxy.service
[root@kp2 ~]# systemctl enable --now haproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.[root@kp2 ~]# netstat -antlupe | grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 0 163640 3987/haproxy
tcp 0 0 172.25.254.100:80 0.0.0.0:* LISTEN 0 163642 3987/haproxy
tcp 0 0 172.25.254.20:54826 172.25.254.110:80 ESTABLISHED 188 193297 3987/haproxy
tcp 0 0 172.25.254.20:35368 172.25.254.120:80 ESTABLISHED 188 193296 3987/haproxy
udp 0 0 0.0.0.0:58451 0.0.0.0:* 0 163641 3986/haproxy
[root@realserver1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-lo
DEVICE=lo
IPADDR0=127.0.0.1
NETMASK0=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@realserver1 ~]# systemctl restart network
[root@realserver1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:00:74:ab brd ff:ff:ff:ff:ff:ff
inet 172.25.254.110/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::6e41:186b:f99c:9a4b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::929:2f3f:51e2:42d2/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::633d:9cc5:e987:b127/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
[root@realserver2 ~]# ip a d 172.25.254.100/32 dev lo
[root@realserver2 ~]# systemctl restart network
[root@realserver2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:2b:71:71 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.120/24 brd 172.25.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::6e41:186b:f99c:9a4b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::929:2f3f:51e2:42d2/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::633d:9cc5:e987:b127/64 scope link tentative noprefixroute
valid_lft forever preferred_lft forever[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0[root@realserver2 ~]# systemctl --system
[root@kp1 ~]# curl 172.25.254.110
172.25.254.110
[root@kp1 ~]# curl 172.25.254.120
172.25.254.120
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp1 ~]# killall -0 haproxy
haproxy: no process found
[root@kp1 ~]# echo $?
1
[root@kp2 ~]# pkill -0 haproxy
[root@kp2 ~]# echo $?
0
[root@kp2 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
pkill -0 haproxy
[root@kp1 ~]# vim /etc/keepalived/keepalived.conf
[root@kp1 ~]# systemctl restart keepalived.service
[root@kp2 ~]# vim /etc/keepalived/keepalived.conf
[root@kp2 ~]# systemctl restart keepalived.service
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 572492 bytes 42344424 (40.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1140517 bytes 79905942 (76.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 4990 bytes 252478 (246.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4990 bytes 252478 (246.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@kp2 ~]# systemctl status haproxy.service
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-08-13 16:27:39 CST; 20min ago
Main PID: 1113 (haproxy-systemd)
CGroup: /system.slice/haproxy.service
├─1113 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy...
├─1121 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hap...
└─1133 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/hap...Aug 13 16:27:39 kp2.timinglee.org systemd[1]: Started HAProxy Load Balancer.
Aug 13 16:27:39 kp2.timinglee.org haproxy-systemd-wrapper[1113]: haproxy-sy...
Hint: Some lines were ellipsized, use -l to show in full.
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 1980320 bytes 147773348 (140.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3968936 bytes 278998517 (266.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24701 bytes 1433328 (1.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24701 bytes 1433328 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 779392 bytes 57644428 (54.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1553253 bytes 108802034 (103.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 6838 bytes 353920 (345.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6838 bytes 353920 (345.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp1 ~]# systemctl stop haproxy.service
[root@kp1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ed:46:2d txqueuelen 1000 (Ethernet)
RX packets 83207 bytes 6133956 (5.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 163422 bytes 11484148 (10.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 992 bytes 65114 (63.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 992 bytes 65114 (63.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@kp2 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.20 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::6e41:186b:f99c:9a4b prefixlen 64 scopeid 0x20<link>
inet6 fe80::929:2f3f:51e2:42d2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)
RX packets 234289 bytes 17304396 (16.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 463533 bytes 33895032 (32.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:bb:50:10 txqueuelen 1000 (Ethernet)lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2548 bytes 134148 (131.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2548 bytes 134148 (131.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0