! Configuration File for keepalived
global_defs {
notification_email { #通知的email,需要系统支持发送email
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1 #用于发送通知电子邮件的远程SMTP服务器。
smtp_connect_timeout 30 #SMTP服务器连接超时(以秒为单位)。
router_id LVS_DEVEL #标识信息,一个名字而已
vrrp_mcast_group4 224.0.0.18 #用于IPv4 VRRP广告的组播组,默认值:224.0.0.18
vrrp_mcast_group6 ff02 :: 12 #用于IPv6 VRRP广告的组播组,默认值:ff02 :: 12
vrrp_garp_master_refresh 60 #在MASTER期间刷新免费ARP的最小时间间隔,默认值:0,不刷新
vrrp_garp_master_refresh_repeat 2 #在MASTER时一次发送的免费ARP消息数,默认值:1
vrrp_garp_interval 0.001 #接口发送免费ARP报文的时间间隔(毫秒)十进制,秒(分辨率usecs) 默认值:0)
vrrp_gna_interval 0.000001 #接口上主动发送的NA消息之间的延迟时间(毫秒)十进制,秒(分辨率usecs)(默认值:0)。
# Checking all the addresses in a received VRRP advert can be time
# consuming. Setting this flag means the check won't be carried out
# if the advert is from the same master router as the previous advert
# received.
# (default: don't skip)
vrrp_skip_check_adv_addr
# Enforce strict VRRP protocol compliance. This will prohibit:
# 0 VIPs
# unicast peers
# IPv6 addresses in VRRP version 2
# 通过ip addr可以看到vip已经顺利挂载,但是无法ping通,并且防火墙都已关闭:
#原因是keepalived.conf配置中默认vrrp_strict 打开了,需要把它注释掉。
# 重启keepalived即可ping通。
vrrp_strict
# The following options can be used if vrrp, checker or bfd processes
# are timing out. This can be seen by a backup vrrp instance becoming
# master even when the master is still running because the master or
# backup system is too busy to process vrrp packets.
# --
# Set the vrrp child process priority (Negative values increase priority)
vrrp_priority <-20 to 19>
# Set the checker child process priority
checker_priority <-20 to 19>
# Set the BFD child process priority
bfd_priority <-20 to 19>
# Set the default VRRP version to use
# (default: 2 , but IPv6 instances will use version 3)
vrrp_version <2 or 3>
}
vrrp_instance VI_1 {
state MASTER #角色是master
interface ens6 #vip 绑定端口
virtual_router_id 51 #让master 和backup在同一个虚拟路由里,id 号必须相同;
priority 100 #优先级,谁的优先级高谁就是master ;
advert_int 1 #心跳间隔时间
authentication {
auth_type PASS #认证方式
auth_pass 1111 #密码
}
virtual_ipaddress { #虚拟ip,可以多个
192.168.200.16
}
}
LVS的配置:
LVS配置后面再来补充