文章目录
高可用集群Keepalived
简介
解决lvs调度单点失败问题
架构和安装
环境
[root@ka1 ~]#uname -r
3.10.0-1160.el7.x86_64
[root@ka1 ~]#cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
keepalived版本:keepalived-2.0.20
编译安装
安装依赖
yum install -y gcc curl openssl-devel libnl3-devel net-snmp-devel
下载源码包
curl -O https://keepalived.org/software/keepalived-2.0.20.tar.gz
解压缩
tar xvf keepalived-2.0.20.tar.gz -C /usr/local/src
预编译
cd /usr/local/src/keepalived-2.0.20/
./configure --prefix=/usr/local/keepalived --disable-fwmark
编译安装
make && make install
验证
[root@ka1 ~]#/usr/local/keepalived/sbin/keepalived -v
Keepalived v2.0.20 (01/22,2020)
Copyright(C) 2001-2020 Alexandre Cassen, <acassen@gmail.com>
Built with kernel headers for Linux 3.10.0
Running on Linux 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020
configure options: --prefix=/usr/local/keepalived
Config options: LVS VRRP VRRP_AUTH OLD_CHKSUM_COMPAT FIB_ROUTING
System options: PIPE2 SIGNALFD INOTIFY_INIT1 VSYSLOG EPOLL_CREATE1 IPV6_ADVANCED_API LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTA_VIA FRA_OIFNAME IFA_FLAGS IP_MULTICAST_ALL NET_LINUX_IF_H_COLLISION LIBIPTC_LINUX_NET_IF_H_COLLISION LIBIPVS_NETLINK VRRP_VMAC IFLA_LINK_NETNSID CN_PROC SOCK_NONBLOCK SOCK_CLOEXEC O_PATH GLOB_BRACE INET6_ADDR_GEN_MODE SO_MARK SCHED_RESET_ON_FORK
系统服务service配置
[root@ka1 ~]#cat /usr/lib/systemd/system/keepalived.service
[Unit]
Description=LVS and VRRP High Availability Monitor
After=network-online.target syslog.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived # keepalived选项配置环境文件
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
主配置文件
#创建主配置存放文件夹
[root@ka1 ~]#mkdir /etc/keepalived/
# 复制默认的配置文件到/etc/下
[root@ka1 ~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
子配置文件
# 创建子配置文件夹
mkdir /etc/keepalived/conf.d/ -pv
加载&启动系统服务
[root@ka1 ~]#systemctl daemon-reload
[root@ka1 ~]#systemctl start keepalived.service
配置独立日志
编写keepalived启动参数配置文件
[root@ka1 ~]#cat /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D -S 6"
配置rsyslog服务
# 为keepalived服务指定日志存放位置和日志等级
[root@ka1 ~]#sed -i '/local7.*/a\local6.* /var/log/keepalived.log' /etc/rsyslog.conf
# 重启日志服务
[root@ka1 ~]#systemctl restart rsyslog.service
# 查看日志是否生成
[root@ka1 ~]#tail -f /var/log/keepalived.log
Jun 8 13:10:39 ka1 Keepalived_vrrp[1899]: Sending gratuitous ARP on eth0 for 10.0.0.10
Jun 8 13:10:39 ka1 Keepalived_vrrp[1899]: Sending gratuitous ARP on eth0 for 10.0.0.10
Jun 8 13:10:39 ka1 Keepalived_vrrp[1899]: Sending gratuitous ARP on eth0 for 10.0.0.10
配置文件说明
组成:
- GLOBAL configuration
global definitions:定义邮件配置,route_id,vrrp配置等 - VRRP configuration
vrrp instance:定义每个vrrp虚拟路由器 - LVS configuration
virtual server group
virtual server LVS集群的VS和RS
主配置文件范例:
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
example@qq.com # keepalived服务发送的邮件目标邮箱
}
notification_email_from keepalived@localhost # 发邮件的地址
smtp_server 127.0.0.1 # 邮件服务地址
smtp_connect_timeout 30
router_id ka1.kktb.org #keepalived主机标识符
vrrp_skip_check_adv_addr #检查通告报文
#vrrp_strict # 严格遵循vrrp协议
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18 #指定组播IP地址范围 default 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf # 包含子配置文件路径
实例
单主架构Master/Slave
环境
主机ka1:
主机名:ka1
本机IP:10.0.0.27
主机ka2:
主机名:ka2
本机IP:10.0.0.17
ka1
主配置文件
[root@ka1 ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
example@qq.com
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf
子配置文件
[root@ka1 ~]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10 dev eth0 label eth0:0
}
}
ka2
主配置文件
[root@ka2 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka2.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
include /etc/keepalived/conf.d/*.conf
子配置文件
[root@ka2 ~]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10 dev eth0 label eth0:0
}
}
验证主备
ka1主机在广播
[root@ka1 ~]#tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:15:43.474946 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
10:15:44.475817 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
停止ka1主主节点的keepalived
[root@ka1 ~]#systemctl stop keepalived.service
抓包查看详细信息
[root@ka1 ~]#tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:18:45.915038 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
10:18:46.918003 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
10:18:46.958825 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 0, authtype simple, intvl 1s, length 20
10:18:47.648923 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
10:18:48.649229 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
# backup节点开始广播
恢复主节点
[root@ka1 ~]#systemctl start keepalived
# 主节点自动抢占
[root@ka1 ~]#tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:21:53.095765 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
10:21:54.096250 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
10:21:54.653016 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
10:21:55.653664 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
双主架构
ka1
[root@ka1 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xxxx@xx.com
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf
[root@ka1 ~]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
#nopreempt
preempt_delay 60
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.27
unicast_peer {
10.0.0.17
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:0
}
}
验证
[root@ka1 ~]#hostname -I
10.0.0.27 10.0.0.10
ka2
[root@ka2 ~]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
xxx@xxx.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka2.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf
[root@ka2 ~]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.17
unicast_peer {
10.0.0.27
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:1
}
}
验证
[root@ka2 ~]#hostname -I
10.0.0.17 10.0.0.20
验证主主
模拟主机ka1 down掉
[root@ka1 ~]#killall keepalived
# 检查IP,浮动IP消失
[root@ka1 ~]#hostname -I
10.0.0.27
查看ka2主机
[root@ka2 ~]#hostname -I
10.0.0.17 10.0.0.20 10.0.0.10
主机ka1上线
[root@ka1 ~]#systemctl restart keepalived.service
[root@ka1 ~]#hostname -I
10.0.0.27 10.0.0.10
脑裂现象
脑裂:在一个高可用的系统中,本来为一个整体的系统因为两个节点间连接断开而分裂为两个独立的整体,各自抢占共享资源。
使用iptbales规则模拟脑裂现象实现
单个主机脑裂现象
[root@ka1 ~]#hostname -I
10.0.0.27 10.0.0.10
[root@ka1 ~]#iptables -A INPUT -s 10.0.0.17 -j DROP;sleep 6 && hostname -I
10.0.0.27 10.0.0.10 10.0.0.20
# 资源已经被ka1主机抢占
# 查看ka2主机
[root@ka2 ~]#hostname -I
10.0.0.17 10.0.0.20
同时脑裂
# 主机ka1
[root@ka1 ~]#iptables -A INPUT -s 10.0.0.17 -j DROP;sleep 6 && hostname -I
10.0.0.27 10.0.0.10 10.0.0.20
# 主机ka2
[root@ka2 ~]#iptables -A INPUT -s 10.0.0.27 -j REJECT
[root@ka2 ~]#hostname -I
10.0.0.17 10.0.0.20 10.0.0.10
单主LVS-DR模型
图示:
ka1
[root@ka1 ~]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
#nopreempt
#preempt_delay 60
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.27
unicast_peer {
10.0.0.17
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.6 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.9 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
ka2
[root@ka2 conf.d]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.17
unicast_peer {
10.0.0.27
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.6 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.9 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
RS1&2
编写了脚本帮助部署后端测试RS
测试
[root@centos7 ~]#curl 10.0.0.10
<h1>router<h1>
[root@centos7 ~]#curl 10.0.0.10
<h1>backup<h1>
主节点故障
[root@ka1 ~]#systemctl stop keepalived
查看float IP是否浮动至备节点
[root@ka2 conf.d]#hostname -I
10.0.0.17 10.0.0.10
访问服务
[root@centos7 ~]#curl 10.0.0.10
<h1>router<h1>
[root@centos7 ~]#curl 10.0.0.10
<h1>backup<h1>
后端rs故障
[root@backup ~]#systemctl stop httpd ;sleep 20 && systemctl start httpd
[root@router ~]#systemctl stop httpd ;sleep 20 && systemctl start httpd
sorry server上线
[root@centos7 ~]#curl 10.0.0.10
Sorry Server on
Sorry Server on ka1.kktb.org
双主LVS-DR模型
ka1
[root@ka1 conf.d]#cat instance1.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
#nopreempt
#preempt_delay 60
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.27
unicast_peer {
10.0.0.17
}
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.6 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.9 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.0.0.20 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.8 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.11 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
查看调度状态
[root@ka1 conf.d]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.10:80 rr
-> 10.0.0.6:80 Route 1 0 0
-> 10.0.0.9:80 Route 1 0 0
TCP 10.0.0.20:80 rr
-> 10.0.0.8:80 Route 1 0 0
-> 10.0.0.11:80 Route 1 0 0
[root@ka1 conf.d]#cat back.conf
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 88
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:0
}
}
ka2
[root@ka2 conf.d]#cat /etc/keepalived/conf.d/instance1.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:0
}
unicast_src_ip 10.0.0.17
unicast_peer {
10.0.0.27
}
}
virtual_server 10.0.0.10 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.6 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.9 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
virtual_server 10.0.0.20 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.8 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.0.0.11 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@ka2 conf.d]#cat /etc/keepalived/conf.d/master.conf
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 88
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
10.0.0.20/24 dev eth0 label eth0:1
}
}
RS1&2&3&4
[root@backup ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.10/32 scope global lo:1
valid_lft forever preferred_lft forever
inet 10.0.0.20/32 scope global lo:2
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f4:1d:6e brd ff:ff:ff:ff:ff:ff
inet 10.0.0.6/24 brd 10.0.0.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef4:1d6e/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@centos8 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.0.0.10/32 scope global lo:1
valid_lft forever preferred_lft forever
inet 10.0.0.20/32 scope global lo:2
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:36:59:07 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe36:5907/64 scope link
valid_lft forever preferred_lft forever
测试
[root@centos7 ~]#curl 10.0.0.10
<h1>router<h1>
[root@centos7 ~]#curl 10.0.0.10
<h1>backup<h1>
[root@centos7 ~]#curl 10.0.0.20
<h1>localhost.localdomain<h1>
<h1>web4<h1>
[root@centos7 ~]#curl 10.0.0.20
<h1>centos8.magedu.org<h1>
VRRP Script
使用script来检测keepalived高可用性
ka1
[root@ka1 keepalived]#vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka1.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
track_script {
check_down
}
}
include /etc/keepalived/conf.d/*.conf
ka2
[root@ka2 ~]#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka2.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
track_script {
check_down
}
}
include /etc/keepalived/conf.d/*.conf
测试
[root@ka1 keepalived]#touch /etc/keepalived/down
日志
8 ka1 Keepalived_vrrp[4678]: Script `check_down` now returning 1
0 ka1 Keepalived_vrrp[4678]: VRRP_Script(check_down) failed (exited with status 1)
ka1 Keepalived_vrrp[4678]: (VI_1) Changing effective priority from 100 to 70
4 ka1 Keepalived_vrrp[4678]: (VI_1) Master received advert from 10.0.0.17 with higher priority 80, ours 70
4 ka1 Keepalived_vrrp[4678]: (VI_1) Entering BACKUP STATE
ka1 Keepalived_vrrp[4678]: (VI_1) removing VIPs.
基于VRRP Script实现HAProxy高可用
ka1
haproxy搭建
使用脚本一键部署
haproxy配置文件
[root@ka1 keepalived]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen magedu_http
bind 10.0.0.10:80
server web1 10.0.0.6:80 check
server web2 10.0.0.9:80 check
listen stats
mode http
bind 10.0.0.27:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
keepalived配置
[root@ka1 keepalived]#cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka1.kktb.org
preempt_delay
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_proxy.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
track_script {
check_haproxy
}
}
include /etc/keepalived/conf.d/*.conf
ka2
haproxy配置
[root@ka2 keepalived]#cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /apps/haproxy
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local2 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen magedu_http
bind 10.0.0.10:80
server web1 10.0.0.6:80 check
server web2 10.0.0.9:80 check
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
keepalived配置
[root@ka2 keepalived]#cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id ka2.kktb.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_script check_haproxy {
script "/etc/keepalived/check_proxy.sh"
interval 1
weight -30
fall 3
rise 2
timeout 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 66
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.10/24 dev eth0 label eth0:1
}
track_interface {
eth0
}
track_script {
check_haproxy
}
}
include /etc/keepalived/conf.d/*.conf
测试
[root@ka1 keepalived]#cat /root/check_proxy.sh
#!/bin/bash
/usr/bin/killall haproxy
[root@ka1 keepalived]#chmod +x /root/check_proxy.sh
[root@ka1 keepalived]#mv /root/check_proxy.sh /etc/keepalived/
抓包测试
[root@centos7 ~]#tcpdump -i ens33 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
14:19:56.842647 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 70, authtype simple, intvl 1s, length 20
14:19:57.845958 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 70, authtype simple, intvl 1s, length 20
14:19:58.846370 IP 10.0.0.27 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 70, authtype simple, intvl 1s, length 20
14:19:59.531778 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
14:20:00.535590 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
14:20:01.538121 IP 10.0.0.17 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
其他
记录过程中出现的一次错误日志
nb_get_retry is deprecated - please use ‘retry’ 关键字nb_get_retry已经被弃用,请使用retry
Jun 11 11:55:36 ka1 Keepalived[3151]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 11 11:55:36 ka1 Keepalived[3151]: (Line 13) number '0' outside range [1e-06, 4294]
Jun 11 11:55:36 ka1 Keepalived[3151]: (Line 13) vrrp_garp_interval '0' is invalid
Jun 11 11:55:36 ka1 Keepalived[3151]: (Line 14) number '0' outside range [1e-06, 4294]
Jun 11 11:55:36 ka1 Keepalived[3151]: (Line 14) vrrp_gna_interval '0' is invalid
Jun 11 11:55:36 ka1 Keepalived[3151]: Opening file '/etc/keepalived/conf.d/lvs_mysql.conf'.
Jun 11 11:55:36 ka1 Keepalived[3151]: Opening file '/etc/keepalived/conf.d/lvs_web1.conf'.
Jun 11 11:55:36 ka1 Keepalived[3151]: Opening file '/etc/keepalived/conf.d/mysql_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived[3151]: Opening file '/etc/keepalived/conf.d/web1_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived[3152]: Starting Healthcheck child process, pid=3153
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 11 11:55:36 ka1 Keepalived[3152]: Starting VRRP child process, pid=3154
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Opening file '/etc/keepalived/conf.d/lvs_mysql.conf'.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: (/etc/keepalived/conf.d/lvs_mysql.conf:10) Unknown keyword 'nb_get_retry'
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: (/etc/keepalived/conf.d/lvs_mysql.conf:19) Unknown keyword 'nb_get_retry'
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Registering Kernel netlink reflector
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Opening file '/etc/keepalived/conf.d/lvs_web1.conf'.
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Registering Kernel netlink command channel
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: (/etc/keepalived/conf.d/lvs_web1.conf:15) nb_get_retry is deprecated - please use 'retry'
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: (/etc/keepalived/conf.d/lvs_web1.conf:23) Unknown keyword 'nb_get_retry'
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Opening file '/etc/keepalived/conf.d/mysql_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Opening file '/etc/keepalived/conf.d/web1_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Virtual server [10.0.0.10]:tcp:80: no scheduler set, setting default 'wlc'
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Initializing ipvs
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Opening file '/etc/keepalived/conf.d/lvs_mysql.conf'.
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Opening file '/etc/keepalived/conf.d/lvs_web1.conf'.
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Opening file '/etc/keepalived/conf.d/mysql_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Opening file '/etc/keepalived/conf.d/web1_vip.conf'.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Gained quorum 1+0=1 <= 2 for VS [10.0.0.20]:tcp:3306
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Assigned address 10.0.0.27 for interface eth0
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Assigned address fe80::20c:29ff:fe45:a84d for interface eth0
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: Registering gratuitous ARP shared channel
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: (mysql) removing VIPs.
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: (web1) removing VIPs.
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Gained quorum 1+0=1 <= 2 for VS [10.0.0.10]:tcp:80
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Activating healthchecker for service [10.0.0.6]:tcp:3306 for VS [10.0.0.20]:tcp:3306
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Activating healthchecker for service [10.0.0.9]:tcp:3306 for VS [10.0.0.20]:tcp:3306
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Activating healthchecker for service [10.0.0.6]:tcp:80 for VS [10.0.0.10]:tcp:80
Jun 11 11:55:36 ka1 Keepalived_healthcheckers[3153]: Activating healthchecker for service [10.0.0.9]:tcp:80 for VS [10.0.0.10]:tcp:80
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: (mysql) Entering BACKUP STATE (init)
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: (web1) Entering BACKUP STATE (init)
Jun 11 11:55:36 ka1 Keepalived_vrrp[3154]: VRRP sockpool: [ifindex(2), family(IPv4), proto(112), unicast(0), fd(11,12)]