keepalived实战
1、keepalived安装
yum安装:
yum install keepalived -y
源码安装:
wget https://www.keepalived.org/software/keepalived-2.2.7.tar.gz --no-check-certificate #--no-check-certificate 不检查证书
tar -zxvf keepalived-2.2.7.tar.gz #解压源码
cd /root/data/keepalived-2.2.7/ && ./configure --prefix=/usr/local/keepalived-2.2.7/ #--prefix=安装目录
make && make install #编译安装
cp /root/data/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/keepalived #复制源码目录中启动文件到initial.d
chmod 755 /etc/init.d/keepalived #赋权
chkconfig --add keepalived #添加系统服务
systemctl enable keepalived.service #添加开机启动
#源码安装、需将可执行文件和配置文件软连接到启动脚本默认目录
ln -s /usr/local/keepalived-2.2.7/etc/sysconfig/keepalived /etc/sysconfig/keepalived
ln -s /usr/local/keepalived-2.2.7/sbin/keepalived /usr/sbin/keepalived
mkdir -p /etc/keepalived
cp /usr/local/keepalived-2.2.7/etc/keepalived/keepalived.conf.sample /usr/local/keepalived-2.2.7/etc/keepalived/keepalived.conf
ln -s /usr/local/keepalived-2.2.7/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
2、keepalived配置–vrrp_instance
配置文件:
/etc/keepalived/keepalived.conf
日志文件
/var/log/messages
主备配置文件对比:
master:
! Configuration File for keepalived
#全局定义模块
#配置邮件信息
global_defs {
#smtp_connect_timeout 30 #邮件超时时间
router_id LVS_DEVEL_01 #一般为hostname或者ip
}
#VRRP实例定义块
vrrp_instance VI_1 {
state MASTER #状态只有MASTER和BACKUP两种,并且要大写,MASTER为工作状态,BACKUP是备用状
interface ens33 #网卡名称
virtual_router_id 51 #虚拟路由标识,同一个vrrp_instance的MASTER和BACKUP的id相同
priority 100 #优先级,同一个vrrp_instance的MASTER优先级必须比BACKUP高。
advert_int 1 #MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位为秒。
authentication {
auth_type PASS #验证authentication。包含验证类型和验证密码。类型主要有PASS、AH 两种,通常使用的类型为PASS
auth_pass 1111 #验证密码为明文,同一vrrp实例MASTER 与BACKUP 使用相同的密码才能正常通信。
}
#VIP,可以有多VIP,每个地址占一行,不需要子网掩码,同时这个ip 必须与我们在lvs 客户端设定的vip 相一致!
virtual_ipaddress {
192.168.121.200/24
}
}
backup:
! Configuration File for keepalived
#全局定义模块
#配置邮件信息
global_defs {
#smtp_connect_timeout 30 #邮件超时时间
router_id LVS_DEVEL_02 #一般为hostname或者ip
}
#VRRP实例定义块
vrrp_instance VI_1 {
state BACKUP #状态只有MASTER和BACKUP两种,并且要大写,MASTER为工作状态,BACKUP是备用状
interface ens33 #网卡名称
virtual_router_id 51 #虚拟路由标识,同一个vrrp_instance的MASTER和BACKUP的id相同
priority 99 #优先级,同一个vrrp_instance的MASTER优先级必须比BACKUP高。
advert_int 1 #MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位为秒。
#nopreempt #不抢占、一般backup设置
authentication {
auth_type PASS #验证authentication。包含验证类型和验证密码。类型主要有PASS、AH 两种,通常使用的类型为PASS
auth_pass 1111 #验证密码为明文,同一vrrp实例MASTER 与BACKUP 使用相同的密码才能正常通信。
}
virtual_ipaddress { #虚拟ip地址,可以有多个地址,每个地址占一行,不需要子网掩码,同时这个ip 必须与我们在lvs 客户端设定的vip 相一致!
192.168.121.200/24
}
}
3、启动并验证keepalived
#master
systemctl start keepalived.service
ip addr #查看master实例网卡上是否有vip生效
systemctl stop keepalived.service #关闭master keepalived服务,查看backup ip信息
#backup
ip addr #vip生效则keepalived配置成功
问题记录
(1)同时出现两个vip
若同时启动keepalived后两台服务器上都发现了vip,可通过抓包查看
tcpdump -i ens33 vrrp -n
正常情况只会有一个ip向组播地址发送vrrp报文、如下图
出现这种情况一般是防火墙问题导致
#开启路由转发
echo "1" > /proc/sys/net/ipv4/ip_forward
#iptables放行vrrp协议
iptables -I INPUT -p vrrp -j ACCEPT
#firewalld-cmd放行vrrp协议
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --protocol vrrp -j ACCEPT
firewall-cmd --reload
配置完防火墙后重启keepalive即可