1、keepalived单实例
1)实验环境为VMware虚拟机,两台centos7.2,主机1IP地址为10.1.252.55,主机2IP地址为10.1.252.34,虚拟路由IP为10.1.252.246, 2)确保iptables和selinux不影响实验
(1)确保两台主机的时间同步
[root@localhost ~]# vim /etc/chrony.conf server 10.1.0.1 iburst (这个是我们局域网内的NTP服务器,读者可自行安装NTP服务器;若虚拟机可以上网(NAT模式),可以用公共的NTP服务器同步时间) [root@localhost ~]# chronyc sources 506 Cannot talk to daemon (chrony服务没有启动) [root@localhost ~]# systemctl start chronyd [root@localhost ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? 10.1.0.1 0 7 0 10y +0ns[ +0ns] +/- 0ns [root@localhost ~]# ntpdate 10.1.0.1 (手动强行同步时间)
(2)基于ssh服务通信(非必要步骤,可跳过此步)
[root@localhost ~]# ssh-keygen -t rsa -P '' Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: bc:8f:ee:48:47:30:fc:9c:ac:49:d6:eb:48:16:80:ef root@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ | | | . . | | . . + | | . . O . | | . + S | | . o = o | | E * + | | + = o | | oo= . | +-----------------+ [root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.252.34 (复制到主机2) /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.1.252.34's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.1.252.34'" and check to make sure that only the key(s) you wanted were added. [root@node1 ~]# ssh 10.1.252.34 'pwd' (在主机1上可以不用密码执行主机2上的命令) /root [root@node1 ~]# date;ssh 10.1.252.34 'date' Mon Oct 31 19:58:47 CST 2016 Mon Oct 31 19:58:47 CST 2016
(3)主机1上安装并配置keepalived
1)注意网卡要支持多播功能
[root@localhost keepalived]# ip a ... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 .... MULTICAST:表示支持多播功能
2)安装keepalived
[root@node1 ~]# yum -y install keepalived
3)配置keepalived.conf
[root@node1 ~]# cd /etc/keepalived/ [root@node1 keepalived]# cp keepalived.conf{,.bak} (备份原文件) [root@node1 keepalived]# vim keepalived.conf (配置内容如下) ! Configuration File for keepalived global_defs { notification_email { (接收信息的邮箱地址,真实环境中填写公开的邮箱,如@163.com) root@localhost } notification_email_from keepalived@localhost (邮件发送者) smtp_server 127.0.0.1 (提供邮件服务的服务器) smtp_connect_timeout 30 (邮件连接超时时长) router_id node1 (路由节点ID标识) vrrp_mcast_group4 224.0.100.51 (组播地址) } vrrp_instance VI_51 { (VI_51表示实例的ID,是唯一的) state MASTER (指定那个为master,那个为backup,如果设置了nopreempt这个值不起作用,主备考priority决定) interface eno16777736 (指定当前实例绑定的网卡) virtual_router_id 210 (当前虚拟路由的唯一标识,范围是0-255) priority 100 (指定优先级,范围1-254) advert_int 1 (通告的时间间隔) authentication { (验证方式) auth_type PASS auth_pass e8c59269 } virtual_ipaddress { (虚拟路由IP地址) 10.1.252.246/16 dev eno16777736 } }
(4)主机2上安装并配置keepalived
1)安装keepalived
[root@node1 ~]# yum -y install keepalived
2)在主机1中拷贝配置好的keepalived.conf文件到主机2
[root@node1 ~]# /etc/keepalived [root@node1 keepalived]# scp keepalived.conf 10.1.252.34:/etc/keepalived/ keepalived.conf
3)修改拷贝过来的keepalived.conf文件
只需修改下两项,其他的不变 state MASTER 改为 state BACKUP priority 100 改为 priority 98
(5)测试 ###
1)主机1中启动 keepalived服务,可看到如下情况
[root@node1 keepalived]# systemctl start keepalived.service [root@node1 keepalived]# ip a l ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0e:27:cd brd ff:ff:ff:ff:ff:ff inet 10.1.252.55/16 brd 10.1.255.255 scope global dynamic eno16777736 valid_lft 54812sec preferred_lft 54812sec inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0e:27cd/64 scope link valid_lft forever preferred_lft forever ......
2)主机2中启动 keepalived服务,可看到如下情况
[root@localhost ~]# systemctl start keepalived [root@localhost ~]# ip a l ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:e8:7c:bc brd ff:ff:ff:ff:ff:ff inet 10.1.252.34/16 brd 10.1.255.255 scope global dynamic eno16777736 valid_lft 53649sec preferred_lft 53649sec inet6 fe80::20c:29ff:fee8:7cbc/64 scope link valid_lft forever preferred_lft forever ......
3)主机1关闭keepalived服务,则主机2看到网卡情况如下,表示keepalived配置成功了
[root@node1 keepalived]# ip a l (10.1.252.246切换到主机2中) ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0e:27:cd brd ff:ff:ff:ff:ff:ff inet 10.1.252.55/16 brd 10.1.255.255 scope global dynamic eno16777736 valid_lft 54812sec preferred_lft 54812sec inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0e:27cd/64 scope link valid_lft forever preferred_lft forever
2、keepalived双主模式实例
基于实例1,只需修改两个主机的主配文件,即在实例1主配文件后面再添加一个vrrp_instance
1)主机1上的操作
[root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.51 } vrrp_instance VI_51 { state MASTER interface eno16777736 virtual_router_id 210 priority 100 advert_int 1 authentication { auth_type PASS auth_pass e8c59269 } virtual_ipaddress { 10.1.252.246/16 dev eno16777736 } } vrrp_instance VI_52 { state BACKUP interface eno16777736 virtual_router_id 212 priority 98 advert_int 1 authentication { auth_type PASS auth_pass e8c58268 } virtual_ipaddress { 10.1.252.248/16 dev eno16777736 } }
2)主机2的配置
[root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.51 } vrrp_instance VI_51 { state BACKUP interface eno16777736 virtual_router_id 210 priority 98 advert_int 1 authentication { auth_type PASS auth_pass e8c59269 } virtual_ipaddress { 10.1.252.246/16 dev eno16777736 } } vrrp_instance VI_52 { state MASTER interface eno16777736 virtual_router_id 212 priority 100 advert_int 1 authentication { auth_type PASS auth_pass e8c58268 } virtual_ipaddress { 10.1.252.248/16 dev eno16777736 } }
3)测试
主机1启动keepalived服务,查看日志和IP地址变化
[root@localhost keepalived]# systemctl start keepalived.service [root@localhost keepalived]# tail -20 /var/log/messages Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Netlink reflector reports IP fe80::20c:29ff:fe0e:27cd added Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Registering Kernel netlink reflector Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Registering Kernel netlink command channel Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Opening file '/etc/keepalived/keepalived.conf'. Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Configuration is using : 7931 Bytes Oct 31 23:15:04 localhost Keepalived_healthcheckers[3986]: Using LinkWatch kernel netlink reflector... Oct 31 23:15:05 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_51) Transition to MASTER STATE Oct 31 23:15:05 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_52) Transition to MASTER STATE Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_51) Entering MASTER STATE Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_51) setting protocol VIPs. Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_51) Sending gratuitous ARPs on eno16777736 for 10.1.252.246 Oct 31 23:15:06 localhost Keepalived_healthcheckers[3986]: Netlink reflector reports IP 10.1.252.246 added Oct 31 23:15:06 localhost avahi-daemon[819]: Registering new address record for 10.1.252.246 on eno16777736.IPv4. Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_52) Entering MASTER STATE Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_52) setting protocol VIPs. Oct 31 23:15:06 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_52) Sending gratuitous ARPs on eno16777736 for 10.1.252.248 Oct 31 23:15:06 localhost Keepalived_healthcheckers[3986]: Netlink reflector reports IP 10.1.252.248 added Oct 31 23:15:06 localhost avahi-daemon[819]: Registering new address record for 10.1.252.248 on eno16777736.IPv4. Oct 31 23:15:11 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_51) Sending gratuitous ARPs on eno16777736 for 10.1.252.246 Oct 31 23:15:11 localhost Keepalived_vrrp[3987]: VRRP_Instance(VI_52) Sending gratuitous ARPs on eno16777736 for 10.1.252.248 [root@localhost keepalived]# ip a l ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0e:27:cd brd ff:ff:ff:ff:ff:ff inet 10.1.252.55/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.248/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0e:27cd/64 scope link valid_lft forever preferred_lft forever .......
启动主机2的keepalived服务,查看日志和ip地址变化
[root@localhost keepalived]# systemctl start keepalived.service [root@localhost keepalived]# tail -20 /var/log/messages Oct 31 23:22:36 localhost Keepalived_healthcheckers[11286]: Using LinkWatch kernel netlink reflector... Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Netlink reflector reports IP 10.1.252.34 added Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Netlink reflector reports IP 192.168.122.1 added Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Netlink reflector reports IP fe80::20c:29ff:fee8:7cbc added Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Registering Kernel netlink reflector Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Registering Kernel netlink command channel Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Registering gratuitous ARP shared channel Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Opening file '/etc/keepalived/keepalived.conf'. Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Configuration is using : 67091 Bytes Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: Using LinkWatch kernel netlink reflector... Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_51) Entering BACKUP STATE Oct 31 23:22:36 localhost Keepalived_vrrp[11287]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] Oct 31 23:22:36 localhost systemd: Started LVS and VRRP High Availability Monitor. Oct 31 23:22:37 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_52) Transition to MASTER STATE Oct 31 23:22:37 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_52) Received lower prio advert, forcing new election Oct 31 23:22:38 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_52) Entering MASTER STATE Oct 31 23:22:38 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_52) setting protocol VIPs. Oct 31 23:22:38 localhost Keepalived_vrrp[11287]: VRRP_Instance(VI_52) Sending gratuitous ARPs on eno16777736 for 10.1.252.248 Oct 31 23:22:38 localhost avahi-daemon[798]: Registering new address record for 10.1.252.248 on eno16777736.IPv4. Oct 31 23:22:38 localhost Keepalived_healthcheckers[11286]: Netlink reflector reports IP 10.1.252.248 added [root@localhost keepalived]# ip a l ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:e8:7c:bc brd ff:ff:ff:ff:ff:ff inet 10.1.252.34/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.248/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fee8:7cbc/64 scope link valid_lft forever preferred_lft forever ......
再次查看主机1的IP地址(可以在两台主机间多次启动和关闭服务,多次测试)。
[root@localhost keepalived]# ip a ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0e:27:cd brd ff:ff:ff:ff:ff:ff inet 10.1.252.55/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0e:27cd/64 scope link valid_lft forever preferred_lft forever ......
3、创建通知脚本示例
以下操作主机1和主机2都一样操作
1)在主机1的/etc/keepalived/目录中新建一个脚本notify.sh,内容如下
[root@localhost keepalived]# vim notify.sh #!/bin/bash # contact='root@localhost' notify() { mailsubject="$(hostname) to be $1, vip floating" mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac [root@localhost keepalived]# chmod +x notify.sh (给脚本执行权限)
2)在keepalived.conf文件中设置脚本调用
[root@localhost keepalived]# vim keepalived.conf ...... (省略部分重复内容,以免篇幅过长) vrrp_instance VI_51 { ...... } virtual_ipaddress { 10.1.252.246/16 dev eno16777736 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } ......
自此,通知脚本及配置完成,之后keepalived服务的启动和关闭都会有邮件通知管理员了。
补充:以lvs-dr模式用keepalived做一个高可用的nginx服务
实验环境VMware虚拟机,K1和K2是cento 7,W1和W2是centos 6.8,自行按照拓扑图,给每台主机配置好IP地址,并且要保证K1和K2的时间同步
1、director内主机的配置
(1)K1主机(master)的设置
1)keepalived.conf文件的配置如下
[root@node1 ~]# yum -y install keepalived (安装keepalived) [root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.51 } vrrp_script chk_nginx { script "killall -0 nginx && exit 0 || exit 1" interval 1 weight -5 } vrrp_instance VI_51 { state MASTER interface eno16777736 virtual_router_id 210 priority 100 advert_int 1 authentication { auth_type PASS auth_pass e8c59269 } virtual_ipaddress { 10.1.252.246/16 dev eno16777736 } track_script { chk_nginx } }
2)按照nginx并配置反代功能
安装:
[root@localhost ~]# rpm -ih nginx-1.10.0-1.el7.ngx.x86_64.rpm (nginx的RPM包可自行下载) warning: nginx-1.10.0-1.el7.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY ################################# [100%] Updating / installing... ################################# [100%] ---------------------------------------------------------------------- Thanks for using nginx! Please find the official documentation for nginx here: * http://nginx.org/en/docs/ Commercial subscriptions for nginx are available on: * http://nginx.com/products/ ----------------------------------------------------------------------
配置:
[root@localhost ~]# cd /etc/nginx/ [root@localhost nginx]# vim nginx.conf http { ...... (在http段添加以下内容) upstream websrvs { server 10.1.252.146; server 10.1.252.148; } ...... } [root@localhost nginx]# vim conf.d/default.conf ...... location / { root /usr/share/nginx/html; proxy_pass http://websrvs; (在第一个location中添加此行内容) index index.html index.htm; } ......
启动:
[root@localhost ~]# systemctl start nginx
3)安装ipvsadm
[root@localhost ~]# yum -y install ipvsadm
(2)K2主机(backup)的配置
1)keepalived.conf文件的配置如下
[root@node1 ~]# yum -y install keepalived (安装keepalived) [root@localhost keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id node1 vrrp_mcast_group4 224.0.100.51 } vrrp_script chk_nginx { script "killall -0 nginx && exit 0 || exit 1" interval 1 weight -5 } vrrp_instance VI_51 { state BACKUP interface eno16777736 virtual_router_id 210 priority 98 advert_int 1 authentication { auth_type PASS auth_pass e8c59269 } virtual_ipaddress { 10.1.252.246/16 dev eno16777736 } track_script { chk_nginx } }
后面的2、3步的配置同K1一样
2、web服务器的配置
(1)W1的配置
1)安装httpd服务
[root@localhost ~]# yum -y install httpd
2)新建一个网页
[root@localhost ~]# vim /var/www/html/index.html web server 1
3)启动httpd服务
[root@localhost ~]# service httpd start [root@localhost ~]# curl 10.1.252.146 web server 1 (测试正常)
4)修改内核参数,禁止广播响应
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
(2)W2的配置
1)安装httpd服务
[root@localhost ~]# yum -y install httpd
2)新建一个网页
[root@localhost ~]# vim /var/www/html/index.html web server 2
3)启动httpd服务
[root@localhost ~]# service httpd start [root@localhost ~]# curl 10.1.252.148 web server 2 (测试正常)
4)修改内核参数,禁止广播响应
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@localhost ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
3、测试
1)先启动W2主机的keepalived服务,查看IP地址,并访问
[root@localhost ~]# systemctl start keepalived.service [root@localhost ~]# ip a l ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:e8:7c:bc brd ff:ff:ff:ff:ff:ff inet 10.1.252.34/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fee8:7cbc/64 scope link valid_lft forever preferred_lft forever ...... [root@localhost ~]# for i in {0..9};do curl http://10.1.252.246 ;done (正常访问) web server 2 web server 1 web server 2 web server 1 web server 2 web server 1 web server 2 web server 1 web server 2 web server 1
2)关闭W2主机的keepalived服务,并启动W1主机的keepalived服务,查看IP地址并访问
[root@localhost keepalived]# ip a ...... eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:0e:27:cd brd ff:ff:ff:ff:ff:ff inet 10.1.252.55/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet 10.1.252.246/16 scope global secondary eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe0e:27cd/64 scope link valid_lft forever preferred_lft forever ...... [root@localhost ~]# for i in {0..9};do curl http://10.1.252.246 ;done (依然正常访问) web server 2 web server 1 web server 2 web server 1 web server 2 web server 1 web server 2 web server 1 web server 2 web server 1
原创文章,作者:pao,如若转载,请注明出处:http://www.178linux.com/56834