keepalived主机配置
[root@centos7-1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.159.100:80 rr
-> 192.168.159.12:80 Route 1 0 0
-> 192.168.159.13:80 Route 1 0 0
[root@centos7-1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.159.10 netmask 255.255.255.0 broadcast 192.168.159.255
inet6 fe80::20c:29ff:fe99:5ef2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:99:5e:f2 txqueuelen 1000 (Ethernet)
RX packets 2091 bytes 194616 (190.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1756 bytes 148071 (144.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
ens33:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.159.100 netmask 255.255.255.0 broadcast 192.168.159.255
ether 00:0c:29:99:5e:f2 txqueuelen 1000 (Ethernet)
device interrupt 19 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:98:fb:a9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7-1 ~]# ipvsadm -c
Try `ipvsadm -h' or 'ipvsadm --help' for more information.
[root@centos7-1 ~]# ipvsadm -C
[root@centos7-1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@centos7-1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.159.10 netmask 255.255.255.0 broadcast 192.168.159.255
inet6 fe80::20c:29ff:fe99:5ef2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:99:5e:f2 txqueuelen 1000 (Ethernet)
RX packets 2162 bytes 200327 (195.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1807 bytes 154385 (150.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
ens33:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.159.100 netmask 255.255.255.0 broadcast 192.168.159.255
ether 00:0c:29:99:5e:f2 txqueuelen 1000 (Ethernet)
device interrupt 19 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:98:fb:a9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7-1 ~]# ifconfig ens33:2 down
[root@centos7-1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.159.10 netmask 255.255.255.0 broadcast 192.168.159.255
inet6 fe80::20c:29ff:fe99:5ef2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:99:5e:f2 txqueuelen 1000 (Ethernet)
RX packets 2207 bytes 203957 (199.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1843 bytes 159238 (155.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:98:fb:a9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7-1 ~]# cd /etc/keepalived
[root@centos7-1 keepalived]# ll
总用量 8
-rw-r--r-- 1 root root 3598 8月 13 04:37 keepalived.conf
-rw-r--r-- 1 root root 3598 12月 10 17:34 keepalived.conf.bak
[root@centos7-1 ~]# man 5 keepalived.conf
KEEPALIVED.CONF(5) File Formats Manual KEEPALIVED.CONF(5)
NAME
keepalived.conf - configuration file for Keepalived
DESCRIPTION
keepalived.conf is the configuration file which describes all the
Keepalived keywords. Keywords are placed in hierarchies of blocks and
subblocks, each layer being delimited by '{' and '}' pairs.
Comments start with '#' or '!' to the end of the line and can start
anywhere in a line.
KEEPALIVED.CONF(5) File Formats Manual KEEPALIVED.CONF(5)
NAME
keepalived.conf - configuration file for Keepalived
DESCRIPTION
keepalived.conf is the configuration file which describes all the
Keepalived keywords. Keywords are placed in hierarchies of blocks and
subblocks, each layer being delimited by '{' and '}' pairs.
Comments start with '#' or '!' to the end of the line and can start
anywhere in a line.
The keyword 'include' allows inclusion of other configuration files
from within the main configuration file.
PARAMETER SYNTAX
<BOOL> is one of on|off|true|false|yes|no
Manual page keepalived.conf(5) line 1 (press h for help or q to quit)...skipping...
KEEPALIVED.CONF(5) File Formats Manual KEEPALIVED.CONF(5)
NAME
keepalived.conf - configuration file for Keepalived
DESCRIPTION
keepalived.conf is the configuration file which describes all the
Keepalived keywords. Keywords are placed in hierarchies of blocks and
subblocks, each layer being delimited by '{' and '}' pairs.
Comments start with '#' or '!' to the end of the line and can start
anywhere in a line.
The keyword 'include' allows inclusion of other configuration files
KEEPALIVED.CONF(5) File Formats Manual KEEPALIVED.CONF(5)
NAME
keepalived.conf - configuration file for Keepalived
DESCRIPTION
keepalived.conf is the configuration file which describes all the
Keepalived keywords. Keywords are placed in hierarchies of blocks and
subblocks, each layer being delimited by '{' and '}' pairs.
Comments start with '#' or '!' to the end of the line and can start
anywhere in a line.
The keyword 'include' allows inclusion of other configuration files
from within the main configuration file.
PARAMETER SYNTAX
<BOOL> is one of on|off|true|false|yes|no
...skipping...
virtual_ipaddress {
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label
<LABEL>
192.168.200.17/24 dev eth1
192.168.200.18/24 dev eth2 label eth2:1
}
#VRRP IP excluded from VRRP
#optional.
#For cases with large numbers (eg 200) of IPs
#on the same interface. To decrease the number
#of packets sent in adverts, you can exclude
#most IPs from adverts.
#The IPs are add|del as for virtual_ipaddress.
# Can also be used if you want to be able to add
# a mixture of IPv4 and IPv6 addresses, since all
# addresses in virtual_ipaddress must be of the
# same family.
virtual_ipaddress_excluded {
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE>
...
}
# Set the promote_secondaries flag on the interface to stop other
# addresses in the same CIDR being removed when 1 of them is
removed
# For example if 10.1.1.2/24 and 10.1.1.3/24 are both configured on
an
# interface, and one is removed, unless promote_secondaries is set
on
# the interface the other address will also be removed.
prompte_secondaries
# routes add|del when changing to MASTER, to BACKUP.
# See static_routes for more details
virtual_routes {
# src <IPADDR> [to] <IPADDR>/<MASK> via|gw <IPADDR> [or
<IPADDR>] dev <STRING> scope <SCOPE> table <TABLE>
src 192.168.100.1 to 192.168.109.0/24 via 192.168.200.254 dev
eth1
192.168.110.0/24 via 192.168.200.254 dev eth1
192.168.111.0/24 dev eth2
192.168.112.0/24 via 192.168.100.254
192.168.113.0/24 via 192.168.200.254 or 192.168.100.254 dev
eth1
blackhole 192.168.114.0/24
0.0.0.0/0 gw 192.168.0.1 table 100 # To set a default gateway
into table 100.
}
# rules add|del when changing to MASTER, to BACKUP
# See static_rules for more details
virtual_rules {
from 192.168.2.0/24 table 1
to 192.168.2.0/24 table 1
}
# VRRPv3 has an Accept Mode to allow the virtual router when not
the address owner to
# receive packets addressed to a VIP. This is the default setting
unless strict mode is set.
# As an extension, this also works for VRRPv2 (RFC 3768 doesn't
define an accept mode).
accept # Accept packets to non address-owner
no_accept # Drop packets to non address-owner.
# VRRP will normally preempt a lower priority
# machine when a higher priority machine comes
# online. "nopreempt" allows the lower priority
# machine to maintain the master role, even when
# a higher priority machine comes back online.
# NOTE: For this to work, the initial state of this
# entry must be BACKUP.
nopreempt
preempt # for backwards compatibility
# See description of global vrrp_skip_check_adv_addr, which
# sets the default value. Defaults to vrrp_skip_check_adv_addr
skip_check_adv_addr [on|off|true|false|yes|no] # Default on if
no word specified
# See description of global vrrp_strict
# If vrrp_strict is not specified, it takes the value of
vrrp_strict
# If strict_mode without a parameter is specified, it defaults to
on
strict_mode [on|off|true|false|yes|no]
# Seconds after startup or seeing a lower priority master until
preemption
# (if not disabled by "nopreempt").
# Range: 0 (default) to 1000
# NOTE: For this to work, the initial state of this
# entry must be BACKUP.
preempt_delay 300 # waits 5 minutes
# Debug level, not implemented yet.
debug <LEVEL> # LEVEL is a number in the range 0 to 4
# notify scripts, alert as above
notify_master <STRING>|<QUOTED-STRING> [username [groupname]]
notify_backup <STRING>|<QUOTED-STRING> [username [groupname]]
notify_fault <STRING>|<QUOTED-STRING> [username [groupname]]
notify_stop <STRING>|<QUOTED-STRING> [username [groupname]] #
executed when stopping vrrp
notify <STRING>|<QUOTED-STRING> [username [groupname]]
smtp_alert
}
# Parameters used for SSL_GET check.
# If none of the parameters are specified, the SSL context will be
auto generated.
SSL {
password <STRING> # password
ca <STRING> # ca file
certificate <STRING> # certificate file
key <STRING> # key file
}
LVS CONFIGURATION
contains subblocks of Virtual server group(s) and Virtual server(s)
The subblocks contain arguments for ipvsadm(8). Knowledge of
ipvsadm(8) will be helpful here.
Virtual server group(s)
# optional
# this groups allows a service on a real_server
# to belong to multiple virtual services
# and to only be health checked once.
# Only for very large LVSs.
virtual_server_group <STRING> {
#VIP port
<IPADDR> <PORT>
<IPADDR> <PORT>
...
#
# <IPADDR RANGE> has the form
# XXX.YYY.ZZZ.WWW-VVV eg 192.168.200.1-10
# range includes both .1 and .10 address
<IPADDR RANGE> <PORT># VIP range VPORT
<IPADDR RANGE> <PORT>
...
fwmark <INT> # fwmark
fwmark <INT>
... }
Virtual server(s)
A virtual_server can be a declaration of one of
vip vport (IPADDR PORT pair)
fwmark <INT>
(virtual server) group <STRING>
#setup service
virtual_server IP port |
virtual_server fwmark int |
virtual_server group string
{
# delay timer for service polling
delay_loop <INT>
# LVS scheduler
lb_algo rr|wrr|lc|wlc|lblc|sh|dh
# Enable hashed entry
hashed
# Enable flag-1 for scheduler (-b flag-1 in ipvsadm)
flag-1
# Enable flag-2 for scheduler (-b flag-2 in ipvsadm)
flag-2
# Enable flag-3 for scheduler (-b flag-3 in ipvsadm)
flag-3
# Enable sh-port for sh scheduler (-b sh-port in ipvsadm)
sh-port
# Enable sh-fallback for sh scheduler (-b sh-fallback in
ipvsadm)
sh-fallback
# Enable One-Packet-Scheduling for UDP (-O in ipvsadm)
ops
# LVS forwarding method
lb_kind NAT|DR|TUN
# LVS persistence engine name
persistence_engine <STRING>
# LVS persistence timeout in seconds, default 6 minutes
persistence_timeout [<INT>]
# LVS granularity mask (-M in ipvsadm)
persistence_granularity <NETMASK>
# L4 protocol
protocol TCP|UDP|SCTP
# If VS IP address is not set,
# suspend healthchecker's activity
ha_suspend
lvs_sched # synonym for lb_algo
lvs_method # synonym for lb_kind
# VirtualHost string for HTTP_GET or SSL_GET
# eg virtualhost www.firewall.loc
virtualhost <STRING>
# On daemon startup assume that all RSs are down
# and healthchecks failed. This helps to prevent
# false positives on startup. Alpha mode is
# disabled by default.
alpha
# On daemon shutdown consider quorum and RS
# down notifiers for execution, where appropriate.
# Omega mode is disabled by default.
omega
# Minimum total weight of all live servers in
# the pool necessary to operate VS with no
# quality regression. Defaults to 1.
quorum <INT>
# Tolerate this much weight units