keepalived官网:http://keepalived.org/
环境准备
KA1:172.25.254.10
KA2:172.25.254.20
realserver1:172.25.254.110
realserver2:172.25.254.120
VIP:172.25.254.100
四台服务器均关闭防火墙,SELINUX
一、全局设定
realserver
以realserver1为例
[root@realserver1 ~]# yum install httpd
[root@realserver1 ~]# systemctl start httpd[root@realserver1 ~]# echo realserver1 - 172.25.254.110 > /var/www/html/index.html
KA1
[root@KA1 ~]# yum install keepalived -y
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl start keepalived.service[root@KA1 ~]# ip a
#将KA1的keepalived配置文件复制到KA2中
[root@KA1 ~]# scp /etc/keepalived/keepalived.conf root@172.25.254.20:/etc/keepalived/keepalived.conf
KA2
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
[root@KA2 ~]# systemctl start keepalived.service
默认为抢占模式,使用抓包工具查看网络流量,可以看待master角色被优先级高的KA1抢占
[root@KA1 ~]# tcpdump -i ens33 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
18:13:56.979829 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
18:13:57.995352 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
18:13:59.007589 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
18:14:00.019645 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
18:14:01.031760 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
18:14:02.044090 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
关闭KA1的keepalived服务后,VIP被KA2抢占
[root@KA1 ~]# systemctl stop keepalived
[root@KA1 ~]# tcpdump -i ens33 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
18:37:36.636150 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
18:37:37.649512 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
18:37:38.661318 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
18:37:39.674246 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 100, prio 80, authtype simple, intvl 1s, length 20
二、开启VIP通信功能
以KA1为例
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived.service
三、启动keepalived日志功能
以KA1为例
[root@KA1 ~]# vim /etc/sysconfig/keepalived
[root@KA1 ~]# vim /etc/rsyslog.conf
[root@KA1 ~]# systemctl restart rsyslog.service
[root@KA1 ~]# systemctl restart keepalived
[root@KA1 ~]# ll /var/log/keepalived
-rw------- 1 root root 8352 Aug 14 18:55 /var/log/keepalived
四、独立子配置文件
以KA1为例
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
[root@KA1 ~]# mkdir -p /etc/keepalived/conf.d
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
五、配置非抢占模式
非抢占模式(一台主机正常状态下,即使另一台主机优先级高也无法抢占VIP)
以KA1为例
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
测试
关闭KA1的keepalived服务后,VIP迁移到KA2中
重启KA1的keepalived服务,VIP并没有被KA1抢占
六、配置抢占延迟模式
以KA1为例
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
测试
重启KA1的keepalived服务,5秒后VIP被KA1重新抢占
七、VIP单播模式配置
默认keepalived主机之间利用多播相互通告信息,会造成网络拥塞,可以使用VIP单播配置,减少网络流量。
KA1
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
#注释vrr_strict参数,与单播模式冲突
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
KA2
[root@KA2 ~]# vim /etc/keepalived/conf.d/keepalived.conf
#注释vrr_strict参数,与单播模式冲突
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
[root@KA2 ~]# systemctl restart keepalived.service
查看数据收发信息
[root@KA1 ~]# tcpdump -i ens33 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
19:35:44.910180 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
19:35:45.911867 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
19:35:46.913820 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 100, prio 100, authtype simple, intvl 1s, length 20
八、邮件工具
KA1和KA2之间什么时候master角色切换我们并不知道,可以使用邮件功能来通知我们
登录邮箱,在邮箱上生成授权码
以KA1为例
[root@KA1 ~]# vim /etc/mail.rc
测试邮箱功能
[root@KA1 ~]# echo hello world | mail -s test 32......73@qq.com
编写邮件通知脚本
[root@KA1 ~]# vim /etc/keepalived/mail.sh
[root@KA1 ~]# chmod +x /etc/keepalived/mail.sh
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
测试
关闭KA1的keepalived服务,收到邮件通知
[root@KA1 ~]# systemctl stop keepalived
九、keepalived双主架构
KA1
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived
KA2
[root@KA2 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA2 ~]# systemctl restart keepalived.service
查看VIP,KA1的为172.25.254.100,KA2的为172.25.254.200
十、实现ipvs的高可用性
单主的LVS-DR模式
realserver
以realserver1为例
[root@realserver1 ~]# ip a a dev lo 172.25.254.100/32
[root@realserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@realserver1 ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@realserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@realserver1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce[root@realserver1 ~]# sysctl -p
KA
以KA1为例
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived#查看IPVS策略
[root@KA1 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
测试
十一、实现HAproxy高可用性
realserver
以realserver1为例
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@realserver1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@realserver1 ~]# ip a d dev lo 172.25.254.100/32
KA
以KA1为例
#注释IPVS策略
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# yum install haproxy -y
#编辑HAproxy配置文件
[root@KA1 ~]# vim /etc/haproxy/haproxy.cfg
#启用内核参数
[root@KA2 ~]# vim /etc/sysctl.conf
[root@KA2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1#启用服务并检测haproxy状态
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# systemctl start haproxy
[root@KA1 ~]# killall -0 haproxy
[root@KA1 ~]# echo $?
0
利用脚本检测
#编写检测脚本
[root@KA1 ~]# vim /etc/keepalived/test.sh
[root@KA1 ~]# chmod +x /etc/keepalived/test.sh#编辑keepalived配置文件
[root@KA1 ~]# vim /etc/keepalived/conf.d/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived.service
测试
关闭KA1haproxy服务,VIP转移到KA2上