注意以下实验在rhel7版本上做;代码均测试成功:可直接用
1、全局配置:master/slave的 Keepalived 单主架构
###ka1:配置MASTER端:ip:172.25.254.10
yum install -y keepalived
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
1836540069@qq.com
}
notification_email_from keepalived@ka1.org
smtp_server 127.0.0.0.1
smtp_connect_timeout 30
router_id ka1.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
#测试是否配置成功
[root@localhost ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
###ka2:配置BACKUP端 ip:172.25.254.20
scp /etc/keepalived/keepalived.conf root@172.25.254.10:/etc/keepalived/keepalived.conf
state BACKUP #MASTER改成BACKUP
interface eth0
virtual_router_id 20
priority 80 #优先级与MASTER不同
#测试
#默认抢占模式:关闭MASTER的keepalived
#10端
systemctl stop keepalived
#20端
[root@localhost ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
####测试
####两端keepalived都开启
tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:10:48.549151 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20
07:10:49.550985 IP 172.25.254.10 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20
#VRRPv2即正常
###关闭ka1:10端keepalived
[root@localhost ~]# tcpdump -i eth0 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:09:10.446149 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 80, authtype simple, intvl 1s, length 20
07:09:11.447443 IP 172.25.254.20 > 224.0.0.18: VRRPv2, Advertisement, vrid 20, prio 80, authtype simple, intvl 1s, length 20
#VRRPv2即正常
2、启用keepalived日志功能
#ka1-10端
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
systemctl restart rsyslog.service
systemctl restart keepalived.service
tail -f /var/log/keepalived.log
Aug 13 07:30:30 ka1-10 Keepalived_healthcheckers[11960]: Error connecting server [192.168.200.2]:1358.
Aug 13 07:30:30 ka1-10 Keepalived_healthcheckers[11960]: Check on service [192.168.200.2]:1358 failed after 3 retry.
2.6.2.4 实现独立子配置文件
#ka1-10端
[root@ka1-10 ~]# mkdir /etc/keepalived/conf.d
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
1836540069@qq.com
}
notification_email_from keepalived@ka1.org
smtp_server 127.0.0.0.1
smtp_connect_timeout 30
router_id ka1.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
include /etc/keepalived/conf.d/*.conf #子配置文件
[root@ka1-10 ~]# /etc/keepalived/conf.d/ka1.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
3.2 抢占模式和非抢占模式
3.2.1 非抢占模式 nopreempt
1、默认为抢占模式preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,这样会使vip在KA主机中来回漂移,造成网络抖动,
2、建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的master角色
非抢占模块下,如果原主机down机, VIP迁移至的新主机, 后续也发生down时,仍会将VIP迁移回原主机
注意:要关闭 VIP抢占,必须将各 keepalived 服务器state配置为BACKUP
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 100 #高优先级
advert_int 1
nopreempt #非抢占模式
[root@ka2-20 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 80 #低优先级
advert_int 1
nopreempt #非抢占模式
###用处:一个宕机后另一个工作;宕机修好后不会直接抢去工作;而是等另一个宕机再接管工作
测试:关闭高优先级的keepalived eth0:1: 自动迁移到低优先级主机上
再开启高优先级的keepalived eth0:1: 还是在低优先级主机上 不会抢占
3.2.2 抢占延迟模式 preempt_delay
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间(默认300s)再抢回VIP
只能高优先级抢低优先级的
注意:需要各keepalived服务器state为BACKUP,并且不要启用 vrrp_strict
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP #KA1设置为BACKUP模式
interface eth0
virtual_router_id 20 #同一个路由
priority 100 #高优先级
advert_int 1
preempt_delay 10s #抢占延迟10s
#宕机修好后延迟10s后再抢占
#测试:10s后看是否IP过来
[root@localhost ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
3.3 VIP单播配置
默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量
注意:启用 vrrp_strict 时,不能启用单播
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
#vrrp_strict #注释此参数,与vip单播模式冲突
global_defs {
notification_email {
1836540069@qq.com
}
notification_email_from keepalived@ka1.org
smtp_server 127.0.0.0.1
smtp_connect_timeout 30
router_id ka1.org
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER ##
interface eth0
virtual_router_id 20 #一样
priority 100 #一样
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
unicast_src_ip 172.25.254.10 #本机IP
unicast_peer {
172.25.254.20 #对方IP
}
}
[root@ka1-20 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP ##BACKUP
interface eth0
virtual_router_id 20 #一样
priority 100 #一样
advert_int 1
#nopreempt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
unicast_src_ip 172.25.254.20
unicast_peer {
172.25.254.10
}
}
#测试配置
#抓包查看单播效果
#由于10是MASTER所有10到20是通的
[root@ka2-20 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:06:18.906529 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20
09:06:19.908340 IP 172.25.254.10 > 172.25.254.20: VRRPv2, Advertisement, vrid 20, prio 100, authtype simple, intvl 1s, length 20
#由于10是MASTER所有20到10是不通的
[root@ka1-10 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
[root@ka1-10 ~]# systemctl stop keepalived.service ###当服务关闭出现ICMP10到20不正常
[root@ka1-10 ~]# tcpdump -i eth0 -nn src host 172.25.254.10 and dst 172.25.254.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:08:08.733285 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
09:08:09.734476 IP 172.25.254.10 > 172.25.254.20: ICMP 172.25.254.10 protocol 112 unreachable, length 48
###当ka1-10服务关闭出现 ; ka2-20抢占 ;这时20到10正常
[root@ka1-10 ~]# tcpdump -i eth0 -nn src host 172.25.254.20 and dst 172.25.254.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:17:35.384372 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 20, prio 80, authtype simple, intvl 1s, length 20
09:17:36.386180 IP 172.25.254.20 > 172.25.254.10: VRRPv2, Advertisement, vrid 20, prio 80, authtype simple, intvl 1s, length 20
3.4 Keepalived 通知脚本配置
3.4.4 邮件配置
[root@ka1-10 ~]# dnf install mailx -y
#QQ邮箱配置
[root@ka1-10 ~]# vim /etc/mail.rc
#######mail set##########
set from=1828287722@qq.com #自己的qq邮箱
set smtp=smtp.qq.com
set smtp-auth-user=1828287722@qq.com #自己的qq邮箱
set smtp-auth-password=isjatjwmcxtxbefj #设置看下图;填直接复制过来的
set smtp-auth=login
set ssl-verify=ignore
扫码
通知脚本:实现 Keepalived 状态切换就通知
#10和20都设置
[root@ka1+ka20 ~]# vim /etc/keepalived/mail.sh
#!/bin/bash
mail_dest='1836540069@qq.com'
mail_send() {
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@ka1+ka20 ~]chmod +x /etc/keepalived/mail.sh
[root@ka1+ka20 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
notify_master "/etc/keepalived/mail.sh master"
notify_backup "/etc/keepalived/mail.sh backup"
notify_fault "/etc/keepalived/mail.sh fault"
}
[root@ka1+ka20 ~]# systemctl restart keepalived.service
看收件收到信息即成功
3.5 实现 master/master 的 Keepalived 双主架构
1、master/slave的单主架构,同一时间只有一个Keepalived对外提供服务,此主机繁忙,而另一台主机却很空闲,利用率低下,可以使用master/master的双主架构,解决此问题。
2、master/master 的双主架构:
即将两个或以上VIP分别运行在不同的keepalived服务器,以实现服务器并行提供web访问的目的,提高服务器资源利用率
#ka1
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 20
priority 100
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 30
priority 80
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
}
#ka2
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 20
priority 80
advert_int 1
#nopreempt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:0
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 30
priority 100
advert_int 1
#nopreempt
#preempt_delay 10s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.200/24 dev eth0 label eth0:1
}
}
测试
#测试
[root@ka1-10 ~]# ifconfig
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)
[root@ka2-20 ~]# ifconfig
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:40:b6:df txqueuelen 1000 (Ethernet)
3.6 实现IPVS的高可用性
3.6.2.1 实战案例1:实现单主的 LVS-DR 模式
准备web服务器并使用脚本绑定VIP至web服务器lo网卡
#准备两台后端RS主机
#rs1主机上
[root@rs1-110 ~]# ip a a 172.25.254.100/32 dev lo
[root@rs1-110 ~]# yum install -y httpd
[root@rs1-110 ~]# echo RS1 - 172.25.254.110 > /var/www/html/index.html
[root@rs1-110 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@rs1-110 ~]# sysctl --system
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
#rs2主机上
[root@rs2-120 ~]# ip addr add 172.25.254.100/32 dev lo
[root@rs2-120 ~]# yum install -y httpd
[root@rs2-120 ~]# echo RS1 - 172.25.254.120 > /var/www/html/index.html
[root@rs2-120 ~]# vim /etc/sysctl.d/arp.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
net.ipv4.conf.lo.arp_announce=2
[root@rs2-120 ~]# sysctl --system
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
* Applying /etc/sysctl.conf ...
配置keepalived
#ks1
[root@ka1-10 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ka1-10 ~]# systemctl restart keepalived.service
#ks2
[root@ka2-20 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 172.25.254.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
#persistence_timeout 50
protocol TCP
#sorry_server 172.25.254.30 #填上服务起不来
real_server 172.25.254.110 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 172.25.254.120 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ka2-20 ~]# systemctl restart keepalived.service
#测试
[root@ka1-10 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@ka2-20 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.110:80 Route 1 0 0
-> 172.25.254.120:80 Route 1 0 0
[root@rs1-110 ~]# curl 172.25.254.100
110
[root@rs1-110 ~]# curl 172.25.254.100
120
[root@rs1-110 ~]# curl 172.25.254.100
110
[root@rs1-110 ~]# curl 172.25.254.100
120
测试:模拟故障
#第一台RS1故障,自动切换至RS2
[root@rs1-110 ~]# systemctl stop httpd #当RS1故障
C:\~]$ curl 172.25.254.100
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4 100 4 0 0 1490 0 --:--:-- --:--:-- --:--:-- 2000
120
[C:\~]$ curl 172.25.254.100
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4 100 4 0 0 1456 0 --:--:-- --:--:-- --:--:-- 2000
120
[C:\~]$ curl 172.25.254.100
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4 100 4 0 0 1481 0 --:--:-- --:--:-- --:--:-- 2000
120
[root@ka1-10 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.120:80 Route 1 0 0
[root@ka2-20 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.25.254.100:80 wrr
-> 172.25.254.120:80 Route 1 0 0
#后端RS服务器都故障,启动Sorry Server
[C:\~]$ curl 172.25.254.100
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 107 0 107 0 0 43058 0 --:--:-- --:--:-- --:--:-- 53500
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
3.6.2.2 实战案例2:实现双主的 LVS-DR 模式
3.7 实现其它应用的高可用性 VRRP Script
3.7.2 实战案例:利用脚本实现主从角色切换
注:代码尽量ai整理
####核心代码
vrrp_script check_lee {
script "/mnt/check_lee.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
track_script {
check_lee
}
#rs1主机上
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_lee {
script "/mnt/check_lee.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_lee
}
}
vim /mnt/check_lee.sh
#!/bin/bash
[ ! -f "/mnt/lee" ]
chmod +x /mnt/check_lee.sh
#############测试一
#测试ka1上
systemctl restart keepalived.service
ifconfig #查看
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)
#ka2上
ifconfig #查看没有 eth0:1:
###############测试二
#ka1上
touch /mnt/lee
ifconfig #查看没有 eth0:1:
#ka2上
ifconfig #查看
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)
3.7.3 实战案例:实现HAProxy高可用
###核心代码:
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
track_script {
check_haproxy
}
[root@ka1 & ka2 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 172.25.254.100:80
server web1 172.25.254.101:80 check
server web2 172.25.254.102:80 check
#在两个ka1和ka2两个节点启用内核参数
[root@ka1 & ka2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@ka1 & ka2 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
#在ka1中编写检测脚本
[root@ka1 ~]# vim /etc/keepalived/scripts/haproxy.sh
#!/bin/bash
killall -0 haproxy
#在ka1中编写
vim /etc/keepalived/keepalived.conf
vrrp_script check_haproxy {
script "/etc/keepalived/scripts/haproxy.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
#nopreempt
#preempt_delay 6s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.254.100/24 dev eth0 label eth0:1
}
unicast_src_ip 172.25.254.10
unicast_peer {
172.25.254.20
}
track_script {
check_haproxy
}
}
###################测试一
root@ka1 ~]# systemctl satrt haproxy.service
systemctl restart keepalived
root@ka1 ~]# ifconfig
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)
#ka2上查看
root@ka2 ~]#ifconfig #没有eth0:1:
#####################测试二
root@ka1 ~]# systemctl stop haproxy.service
root@ka1 ~]#ifconfig #没有eth0:1:
#ka2上查看
root@ka2 ~]#ifconfig
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:85:2b:17 txqueuelen 1000 (Ethernet)