环境准备
| 主机名 | IP | 虚拟IP(VIP) | 功能 |
| ka1 | 172.25.254.10 | 172.25.254.100 | keepalived服务 |
| ka2 | 172.25.254.20 | 172.25.254.100 | keepalived服务 |
| realserver1 | 172.25.254.110 | web服务 | |
| realserver2 | 172.25.254.120 | web服务 |
注意一定要关闭selinux,和防火墙,不然在后面配置vrrp时不起作用
#在realserver1上配置
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo realserver1 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
#在realserver2上配置
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo realserver2 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
#在ka上面测试能否访问
[root@ka1 ~]# curl 172.25.254.110
realserver1 172.25.254.110
[root@ka1 ~]# curl 172.25.254.120
realserver2 172.25.254.120
[root@ka2 ~]# curl 172.25.254.110
realserver1 172.25.254.110
[root@ka2 ~]# curl 172.25.254.120
realserver2 172.25.254.120
在ka1,ka2上面配置keepalived:
[root@ka1 ~]# yum install keepalived -y
[root@ka1 ~]# systemctl enable --now keepalived
[root@ka2 ~]# yum install keepalived -y
[root@ka2 ~]# systemctl enable --now keepalived
keepalived基本配置
keepalived的主配置文件为/etc/keepalived/keepalived.conf,我们主要是在这里面进行配置
在ka1上面的配置
首先打开配置文件,找到global_defs(全局配置),vrrp_instance VI_1 (配置虚拟子接口)进行如下配置:
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2787013485@qq.com
}
notification_email_from keepalived@xie.com
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.xie.com
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
其优先级为100,其作为主服务器。
然后我们要重启keepalived服务,进行测试,其就出现VIP来供我们使用。
[root@ka1 ~]# systemctl restart keepalived
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe67:d0cc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:67:d0:cc txqueuelen 1000 (Ethernet)
RX packets 5119 bytes 363815 (355.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9498 bytes 713779 (697.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:67:d0:cc txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 8 bytes 600 (600.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 600 (600.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ka1 ~]# 如下图所示
修改ka2
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2787013485@qq.com
}
notification_email_from keepalived@xie.com
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.xie.com
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
vrrp_iptables
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
重启测试,然后就发现ka2上是没有VIP的。
抓包测试
[root@ka1 ~]# tcpdump -i eth0 -nn host 224.0.0.18
首先是172.25.254.10为主在发送数据。
然后关闭ka1的keepalived服务再查看该走向,其VIP就会到ka2上面
然后再重启ka1的keepalived服务,再查看,发现又出现了。
使得ka1,ka2能够ping vip
最开始ping VIP172.25.254.100是ping不通的,想要ping通有以下两种方法
1.加上vrrp_iptables
在配置文件里面加上vrrp_iptables,就可以实现了。-----注意ka1,ka2都要设置,这样才能都实现
测试界面如下:
2.注释掉 vrrp_strict
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2787013485@qq.com
}
notification_email_from keepalived@xie.com
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.xie.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2787013485@qq.com
}
notification_email_from keepalived@xie.com
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.xie.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
#测试注释掉 # vrrp_strict ping 172.25.254.100 能否ping通
[root@ka1 ~]# systemctl restart keepalived
[root@ka1 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.011 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.054 ms
64 bytes from 172.25.254.100: icmp_seq=4 ttl=64 time=0.037 ms
#测试注释掉 # vrrp_strict ping 172.25.254.100 能否ping通
[root@ka2 ~]# systemctl restart keepalived
[root@ka2 ~]# ping 172.25.254.100
PING 172.25.254.100 (172.25.254.100) 56(84) bytes of data.
64 bytes from 172.25.254.100: icmp_seq=1 ttl=64 time=0.309 ms
64 bytes from 172.25.254.100: icmp_seq=2 ttl=64 time=0.750 ms
64 bytes from 172.25.254.100: icmp_seq=3 ttl=64 time=0.613 ms
^C
--- 172.25.254.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.309/0.557/0.750/0.185 ms
[root@ka2 ~]#
启用keepalived日志
[root@ka1 ~]# vim /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D -S 6"
[root@ka1 ~]# vim /etc/rsyslog.conf
#-----------------------------------------省略---------------------------------------------
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local6.* /var/log/keepalived
#-----------------------------------------省略-------------------------------------------
[root@ka1 ~]# systemctl restart rsyslog.service
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ll /var/log/keepalived.log
-rw------- 1 root root 4005 Aug 17 16:07 /var/log/keepalived.log
[root@ka1 ~]# tail -f /var/log/keepalived.log
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Timeout connecting server [192.168.201.100]:443.
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Check on service [192.168.201.100]:443 failed after 3 retry.
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Removing service [192.168.201.100]:443 from VS [192.168.200.100]:443
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Lost quorum 1-0=1 > 0 for VS [192.168.200.100]:443
Aug 17 16:07:38 ka1 Keepalived_healthcheckers[55872]: Remote SMTP server [172.0.0.1]:25 connected.
Aug 17 16:07:53 ka1 Keepalived_healthcheckers[55872]: Error reading data from remote SMTP server [172.0.0.1]:25.
实现独立子配置文件
将原来的主配置文件的虚拟路由部分注释掉,添 include"/etc/keepalived/conf.d/*.conf",重新写一个子配置文件
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
2787013485@qq.com
}
notification_email_from keepalived@xie.com
smtp_server 172.0.0.1
smtp_connect_timeout 30
router_id ka1.xie.com
vrrp_skip_check_adv_addr
# vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
# vrrp_iptables
}
#vrrp_instance VI_1 {
# state MASTER
# interface eth0
# virtual_router_id 100
# priority 100
# advert_int 1
# authentication {
# auth_type PASS
# auth_pass 1111
# }
# virtual_ipaddress {
# 172.25.254.100/24 dev eth0 label eth0:1
# }
#}
include "/etc/keepalived/conf.d/*.conf"
[root@ka1 ~]# mkdir -p /etc/keepalived/conf.d
[root@ka1 ~]# vim /etc/keepalived/conf.d/172.25.254.100.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
#测试
[root@ka1 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.10 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::20c:29ff:fe67:d0cc prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:67:d0:cc txqueuelen 1000 (Ethernet)
RX packets 35127 bytes 2447462 (2.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 71612 bytes 7215886 (6.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:67:d0:cc txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 35 bytes 2896 (2.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 2896 (2.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
keepalived企业应用实例
抢占模式和非抢占模式
非抢占模式
nopreempt
默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,这样会使vip在KA主机中来回漂移,造成网络抖动,建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色。
非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机。
注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKUP
ka1上主配置文件的配置:添加nopreempt,并修改BACKUP。
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #改为BACKUP
interface eth0
virtual_router_id 100
priority 100
nopreempt #添加非抢占模式
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# systemctl restart keepalived
抢占延迟模式 preempt_delay
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回 VIP ,而是延迟一段时间(默认 300s)再抢回 VIP
preempt_delay # # 指定抢占延迟时间为 #s ,默认延迟 300s
注意:需要各 keepalived 服务器 state 为 BACKUP, 并且不要启用 vrrp_strict
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
# KA1主机配置抢占延迟模式
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
# KA2上的非抢占模式与KA1相同,加上preempt_delay 5s参数即可
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 100
advert_int 1
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
}
然后我们可以 通过stop再进行restart keepalived
查看VIP,间隔时间为抢占延时时间。做完这个实验之后建议删掉或者注释·此配置。
VIP单播配置
默认 keepalived 主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量。
注意:启用 vrrp_strict 时,不能启用单播
# KA1配置组播变单播
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
# KA2配置组播变单播
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
此时VIP在KA1上,利用抓包工具抓到从KA1传给KA2的流量
现在关掉KA1再做测试
此时VIP跑到KA2上,重新开启KA1后,VIP又会重新回到KA1上
keepalived通知脚本配置
邮件配置
安装邮件发送工具mailx,KA1和KA2都需要安装
[root@ka1 ~]# yum install mailx -y
QQ邮箱配置
[root@ka1 ~]# vim /etc/mail.rc
# For Linux and BSD, this should be set.
set bsdcompat
set from=2787013485@qq.com #自己的QQ邮箱
set smtp=smtp.qq.com
set smtp-auth-user=2787013485@qq.com
set smtp-auth-password=umyqzzecpjhqddbc #在网页QQ邮箱中申请自己的授权码
set smtp-auth=login
set ssl-verify=ignore
[root@ka1 ~]# vim /etc/mail.rc
[root@ka1 ~]# echo hello world | mail -s test 2787013485@qq.com
测试发送邮箱:
[root@ka1 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='2787013485@qq.com'
send_message()
{
mail_subj="$HOSTNAME to be $1 vip move"
mail_mess="`date +%F\ %T`: vrrp move $HOSTNAME change $1"
echo "$mail_mess" | mail -s "$mail_sub" $mail_dest
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
# 给脚本赋予权限
[root@ka1 ~]# chmod +x /etc/keepalived/mail.sh
# 执行脚本观察QQ邮箱
[root@ka1 ~]# /etc/keepalived/mail.sh master
# 编辑配置文件实行脚本的调用
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
=================省略==================
# 重启服务
[root@ka1 ~]# systemctl restart keepalived.service
#KA2也需要跟KA1做同样的操作,如果不想写可以直接复制
[root@ka2 keepalived]# scp -v 172.25.254.10:/etc/keepalived/mail.sh /etc/keepalived/
# 最后停掉KA1的keepalived,然后在自己的QQ邮箱中查看是否发了邮件
实现master/master的Keepalived双主架构
双主架构用途:
master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高服务器资源利用率。
# KA1主机
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
=================省略==================
#KA2上
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
#advert_int 1
#nopreempt
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
=================省略==================
此时两台Keepalived主机上都分别有一个VIP
# 在两台后端RealServer上安装httpd
[root@realserver1 ~]# yum install httpd -y
[root@realserver1 ~]# echo realserver1 - 172.25.254.110 > /var/www/html/index.html
[root@realserver1 ~]# systemctl enable --now httpd.service
# 配置环回IP地址
[root@realserver1 ~]# ip a a 172.25.254.100/32 dev lo
# 禁止ARP响应
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --p
[root@realserver2 ~]# sysctl --system
# RealServer2也做同样的配置
[root@realserver2 ~]# yum install httpd -y
[root@realserver2 ~]# echo realserver2 - 172.25.254.120 > /var/www/html/index.html
[root@realserver2 ~]# systemctl enable --now httpd.service
# 配置环回IP地址
[root@realserver2 ~]# ip a a 172.25.254.100/32 dev lo
# 禁止ARP响应
[root@realserver2 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@realserver2 ~]# sysctl --p
[root@realserver2 ~]# sysctl --systemKeepalived+LVS
# 在两台Keepalived主机上安装ipvsadm
#KA1
[root@ka1 ~]# yum install ipvsadm -y
# 在Keepalived配置文件中配置Keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
------------省略--------------
# KA2
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 2
delay_before_retry 2
}
}
}
=================省略==================
# 重启服务,在测试端进行访问测试结果
# 检查一下lvs策略
[root@ka1 ~]# systemctl restart keepalived.service
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@test ~]# while true; do curl 172.25.254.100; sleep 0.5; done
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
realserver1 - 172.25.254.110
realserver2 - 172.25.254.120
# 模拟故障
#第一台RS1故障,自动切换至RS2
[root@realserver1 ~]# systemctl stop httpd #当RS1故障
[root@realserver1 ~]# while true; do curl 172.25.254.100; sleep 0.5; done
#全部流浪被定向到RS2中
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
realserver2 - 172.25.254.120
#RS1策略被踢出保留RS2的lvs策略
[root@ka1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.120:80 Route 1 0 0
keepalived和haproxe的高可用
# 在两台后端RealServer上删掉环回地址
[root@realserver1 ~]# ip a d 172.25.254.100/32 dev lo
# 开启ARP响应
[root@realserver1 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=0
net.ipv4.conf.all.arp_announce=0
net.ipv4.conf.lo.arp_ignore=0
net.ipv4.conf.lo.arp_announce=0
# 注释掉在Keepalived主机上的LVS策略部分
# 两台keepalived主机上安装HAProxy
[root@ka1 ~]# yum install haproxy -y
#在两个ka1和ka2两个节点启用内核参数
[root@ka1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 ~]# sysctl -p
# 在两个ka1和ka2实现haproxy的配置
[root@ka1 ~]# vim /etc/haproxy/haproxy.cfg
=================省略==================
isten webcluster
bind 172.25.254.100:80
mode http
balance roundrobin
server web1 172.25.254.110:80 check inter 3 fall 2 rise 5
server web2 172.25.254.120:80 check inter 3 fall 2 rise 5
# 编写脚本监测HAProxy状态
[root@ka1 ~]# vim /etc/keepalived/test.sh
#!/bin/bash
killall -0 haproxy
# 给脚本执行权限
[root@ka1 ~]# chmod +x /etc/keepalived/test.sh
# 在ka1中配置keepalived
[root@ka1 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
}
=================省略==================
# 在KA2上配置Keepalived
[root@ka2 ~]# vim /etc/keepalived/keepalived.conf
=================省略==================
vrrp_script check_haproxy {
script "/etc/keepalived/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 100
priority 80
advert_int 1
#nopreempt
#preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
#advert_int 1
#nopreempt
preempt_delay 5s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:2
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
track_script {
check_haproxy
}
}
=================省略==================
# 重启服务进行测试
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
