Keepalived单双主模型配置
Keepalived单主配置实例:
一、安装keepalived包
[root@keepalived-1 ~]# hostnamectl set-hostname keepalived-1
[root@keepalived-1 ~]# yum install keepalived.x86_64
主配置文件:/etc/keepalived/keepalived.conf
主程序文件:/usr/sbin/keepalived
二、进行配置主配置文件:
主keepalived服务器:
[root@keepalived-1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #定义收件人地址
}
notification_email_from keepalived@localhost #邮件发件人地址
smtp_server 127.0.0.1 #发送邮件服务器地址
smtp_connect_timeout 5 #连接邮件服务器的超时时间
router_id 10.10.10.101 #当前路由的id信息网络中的节点标识(物理IP地址或主机名)
vrrp_mcast_group4 224.0.122.22 #组播地址
}
vrrp_instance VI_1 { #一个虚拟路由器的标识,
state MASTER #重要选项,初始或状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface ens33 # 绑定为当前虚拟路由器使用的物理接口;一般为网卡地址;
virtual_router_id 11 #当前虚拟路由器的惟一标识(相同组的两台机器必须一致)
priority 100 #当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1 #vrrp通告的时间间隔;心跳间隔时间。
authentication { #认证方式为:域共享密钥
auth_type PASS
auth_pass 11112222 #最多不要超过8位
}
virtual_ipaddress {
10.10.1.1/16 dev ens33 #(接口辅助地址,vip地址,虚拟地址)
}
}
备服务器:
更改项如下:
[root@keepalived-2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {} 中:
router_id 10.10.10.101 #当前路由的id信息网络中的节点标识(物理IP地址或主机名)
vrrp_instance VI_1 {} 中:
state BACKUP #重要选项,初始或状态;只能有一个是MASTER,余下的都应该为BACKUP;
priority 98 #当前主机在此虚拟路径器中的优先级;范围1-254
三、启动服务查看日志:
命令参考如下:
启动服务器
[root@keepalived-2 ~]# systemctl start keepalived.service
停止服务
[root@keepalived-1 ~]# systemctl stop keepalived.service
查看服务状态和日志信息
[root@keepalived-1 ~]# systemctl status keepalived.service
查看ip地址信息
[root@keepalived-1 ~]# ip a l
装包工具使用:
[root@localhost etc]# tcpdump -i ens33 host 224.0.122.22
1、先启动备keepalived-server抓包并查看日志信息
抓包结果如下:
13:39:51.734593 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:39:52.737100 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
日志结果如下:
May 25 13:39:57 keepalived-2 Keepalived_vrrp[1742]: Sending gratuitous ARP on ens33 for 10.10.1.1
May 25 13:39:57 keepalived-2 Keepalived_vrrp[1742]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on en....1.1 #<--
May 25 13:39:57 keepalived-2 Keepalived_vrrp[1742]: Sending gratuitous ARP on ens33 for 10.10.1.1
ip 信息
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:92:37:53 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33#<--
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe92:3753/64 scope link
再启动主keepalived-server抓包并查看日志信息
抓包结果如下:
13:47:53.028784 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:47:54.030591 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:47:55.032137 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:47:56.033873 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:47:56.033883 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20#<--
13:47:57.040529 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
13:47:58.041992 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
13:47:59.043760 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
日志结果如下:
主:
May 25 13:41:31 keepalived-1 Keepalived_vrrp[1872]: Sending gratuitous ARP on ens33 for 10.10.1.1
May 25 13:41:31 keepalived-1 Keepalived_vrrp[1872]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.10.1.1#<--
May 25 13:41:31 keepalived-1 Keepalived_vrrp[1872]: Sending gratuitous ARP on ens33 for 10.10.1.1
备:
May 25 13:41:25 keepalived-2 Keepalived_vrrp[1761]: VRRP_Instance(VI_1) Received advert with higher priority 100, ours 98
May 25 13:41:25 keepalived-2 Keepalived_vrrp[1761]: VRRP_Instance(VI_1) Entering BACKUP STATE
May 25 13:41:25 keepalived-2 Keepalived_vrrp[1761]: VRRP_Instance(VI_1) removing protocol VIPs.
使用ip a l 命令查看ip地址
主
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:98:88:45 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.101/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe98:8845/64 scope link
备
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:92:37:53 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/16 brd 10.10.255.255 scope global ens33#<--
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe92:3753/64 scope link
再次停止主keepalived-server查看
日志:
May 25 13:48:29 keepalived-2 Keepalived_vrrp[1781]: Sending gratuitous ARP on ens33 for 10.10.1.1
May 25 13:48:29 keepalived-2 Keepalived_vrrp[1781]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 10.10.1.1 #<--
May 25 13:48:29 keepalived-2 Keepalived_vrrp[1781]: Sending gratuitous ARP on ens33 for 10.10.1.1
抓包:
13:48:22.073929 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
13:48:22.701737 IP 10.10.10.101 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 0, authtype simple, intvl 1s, length 20#<--
13:48:23.320348 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
13:48:24.321473 IP 10.10.10.102 > 224.0.122.22: VRRPv2, Advertisement, vrid 11, prio 98, authtype simple, intvl 1s, length 20
Ip地址信息:
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:92:37:53 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33#<--
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe92:3753/64 scope link
实验结果:(抢占模式分析)
备keepalived先启动是会发起arp免费广播,当局域网中已有且只有它一个的话,他会将模式更改为:MASTER,将ip地址添加到自己的路由中,同时也会继续向局域中发送arp广播,(只在组播地址中发送,抓包监听也只能监听组播地址。)
当主keepalived-server开启服务器后(宕机恢复后也是如此),同时也接受道备keepalived发送的ARP广播中附带的优先级的值98,与自己的优先级进行比对,自己的优先级高于备keepalived-server的优先级,发送arp广播,他会向组播网络中发送免费的arp广播并附带优先级100的值,备keepalived-server收到后,与自己的优先级比对,没有100高则转换模式进入BACKUP模式;主keepalived-server开始发起免费的ARP广播;模式切换完成。
当主keepalived-server宕机或关闭是会发送一个优先级为0的arp广播,备keepalived-server接收到主keepalived的广播后,发起arp广播并将自己的模式改为MASTER模式(如果组内拥有三台以上主机优先级最低的不会发起arp广播,也没有日志信息。只有所有高于最低优先级的keepalived-server都宕机了,才会抢占,否则不会。)
非抢占模式:优先级高的主机宕机恢复后,不会抢占,只有当现运行的keepalived-server出现宕机,它才会抢占MASTER,称为主keepalived-server,(一般不设置此模式,)
如果主server的性能高于备server,建议设置成抢占模式或配置成双主,非抢占模式不适用双主模式。
Keepalived双主配置实例:
Keepalived-server1上配置:在上边单主模型基础上添加添置:
下边为单主模型的配置,只是copy一份,没有更改。
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #定义收件人地址
}
notification_email_from keepalived@localhost #邮件发件人地址
smtp_server 127.0.0.1 #发送邮件服务器地址
smtp_connect_timeout 5 #连接邮件服务器的超时时间
router_id 10.10.10.101 #当前路由的id信息网络中的节点标识(物理IP地址或主机名)
vrrp_mcast_group4 224.0.122.22 #组播地址
}
vrrp_instance VI_1 { #一个虚拟路由器的标识,
state MASTER #重要选项,初始或状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface ens33 # 绑定为当前虚拟路由器使用的物理接口;一般为网卡地址;
virtual_router_id 11 #当前虚拟路由器的惟一标识(相同组的两台机器必须一致)
priority 100 #当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1 #vrrp通告的时间间隔;心跳间隔时间。
authentication { #认证方式为:域共享密钥
auth_type PASS
auth_pass 11112222 #最多不要超过8位
}
virtual_ipaddress {
10.10.1.1/16 dev ens33 #(接口辅助地址,vip地址,虚拟地址)
}
}
Keepalived-server1配置,下边为新添加配置:
vrrp_instance VI_2 { #一个虚拟路由器的标识,
state BACKUP # 重要选项,初始或状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface ens33 # 绑定为当前虚拟路由器使用的物理接口;一般为网卡地址;
virtual_router_id 21 #当前虚拟路由器的惟一标识(相同组的两台机器必须一致)
priority 98 #当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1 #vrrp通告的时间间隔;心跳间隔时间。
authentication { #认证方式为:域共享密钥
auth_type PASS
auth_pass 22221111· #最多不要超过8位
}
virtual_ipaddress {
10.10.1.2/16 dev ens33 #(接口辅助地址,vip地址,虚拟地址)
}
}
Keepalived-server2上配置:在上边单主模型基础上添加添置:
vrrp_instance VI_2 { #一个虚拟路由器的标识,
state MASTER # 重要选项,初始或状态;只能有一个是MASTER,余下的都应该为BACKUP;
interface ens33 # 绑定为当前虚拟路由器使用的物理接口;一般为网卡地址;
virtual_router_id 21 #当前虚拟路由器的惟一标识(相同组的两台机器必须一致)
priority 100 #当前主机在此虚拟路径器中的优先级;范围1-254;
advert_int 1 #vrrp通告的时间间隔;心跳间隔时间。
authentication { #认证方式为:域共享密钥
auth_type PASS
auth_pass 22221111· #最多不要超过8位
}
virtual_ipaddress {
10.10.1.2/16 dev ens33 #(接口辅助地址,vip地址,虚拟地址)
}
}
启动时查看地址:
先开启server-2(两个地址都在server2上)
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:72:5b:f2 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.2/16 scope global secondary ens33 #<--
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33 #<--
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe72:5bf2/64 scope link
再开启server-1(server-1将1.1的地址抢占回去,server1和server2每个设备上各一个地址,互为主同时也互为备)
Server-1:
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:98:88:45 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.101/16 brd 10.10.255.255 scope global ens33 #<--
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe98:8845/64 scope link
Server-2:
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:72:5b:f2 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.2/16 scope global secondary ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe72:5bf2/64 scope link
关闭server-2(当server2关闭服务器,两个地址全都在server1上。)
ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:98:88:45 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.101/16 brd 10.10.255.255 scope global ens33
valid_lft forever preferred_lft forever
inet 10.10.1.1/16 scope global secondary ens33 #<--
valid_lft forever preferred_lft forever
inet 10.10.1.2/16 scope global secondary ens33 #<--
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe98:8845/64 scope link
结果:
先开启server-2(两个地址都在server2上)
再开启server-1(server-1将1.1的地址抢占回去,server1和server2每个设备上各一个地址,互为主同时也互为备)
关闭server-2(当server2关闭服务器,两个地址全都在server1上。)
转载于:https://blog.51cto.com/12105235/2125059