目录
?
基础掌握
服务安装
# yum -y install keepalived
# rpm -qa keepalived
keepalived-1.2.13-7.el7.x86_64
启动说明
# systemctl start keepalived.service
# ps -ef |grep keep|grep -v grep
root 11959 1 0 05:21 ? 00:00:00 /usr/sbin/keepalived -D
root 11961 11959 0 05:21 ? 00:00:00 /usr/sbin/keepalived -D
root 11962 11959 0 05:21 ? 00:00:00 /usr/sbin/keepalived -D
提示:启动后有3个keepalived进程表示安装正确
# ip a |grep 192.168.200
inet 192.168.200.16/32 scope global eth0
inet 192.168.200.17/32 scope global eth0
inet 192.168.200.18/32 scope global eth0
提示:默认情况下启动三个VIP地址
配置说明
global_defs?{?#全局配置
???notification_email?{?#通知邮件的收件人
?????root@localhost?#收件人邮箱
?????failover@firewall.loc?#收件人邮箱
?????sysadmin@firewall.loc?#收件人邮箱
???}
???notification_email_from?sendmail@local.loc?#通知邮件的发件人邮箱
???smtp_server?127.0.0.1?#邮件服务器地址?
???smtp_connect_timeout?30?#和邮件服务器连接的超时时间
???router_id?LVS_DEVEL?#路由器标识
}
vrrp_instance?VI_1?{?#虚拟路由的标识符
????state?MASTER?#状态为主节点
????interface?eth0?#通信所使用的网络接口
????virtual_router_id?51?#虚拟路由的ID号,是虚拟路由MAC的最后一位地址
????priority?100?#此节点的优先级,主节点的优先级需要比其他节点高
????advert_int?1?#通告的间隔时间
????authentication?{?#认证配置
????????auth_type?PASS?#认证机制,默认是明文
????????auth_pass?1111?#随机字符串
????}
????virtual_ipaddress?{?#虚拟IP地址,VIP
????????192.168.200.16
????????192.168.200.17
????????192.168.200.18
????}
virtual_server?192.168.200.100?443?{?#集群所使用的VIP和端口
????delay_loop?6?#
????lb_algo?rr?#使用的负载均衡算法
????lb_kind?NAT?#类型
????nat_mask?255.255.255.0?#VIP掩码
????persistence_timeout?50?#持久连接时间
????protocol?TCP?#使用的协议
????real_server?192.168.201.100?443?{?#节点服务器使用的IP及端口
????????weight?1?#权重
????????HTTP_GET?{?#健康检测方式,可选有?SSL_GET、TCP_CHECK
????????????url?{?#基于url检查
??????????????path?/?#检查的url路径
??????????????digest?ff20ad2481f97b1754ef3e12ecd3a9cc?#需要检查到的内容
??status_code?200?#需要返回的状态码
????????????}
????????????url?{
??????????????path?/mrtg/
??????????????digest?9b3a0c85a887a256d6939da88aabd8cd
????????????}
????????????connect_timeout?3?#连接超时时间
????????????nb_get_retry?3?#检测尝试几次
????????????delay_before_retry?3?#检测的时间间隔
????????}
? ?
????}
}
高可用单实例
功能实现
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
?
global_defs {
notification_email {
1668759118-@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb01
}
?
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.88/24 dev eth0 label eth0:1
}
}
[root@lb01 ~]# systemctl stop keepalived.service
[root@lb01 ~]# systemctl start keepalived.service
[root@lb01 ~]# ip a |grep 88
inet 192.168.10.88/24 scope global secondary eth0:1
提示:出现vip88表示lb01的keepalived服务单实例配置成功;
?
[root@lb02 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
?
global_defs {
notification_email {
1668759118-@qq.com
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb02
}
?
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.88/24 dev eth0 label eth0:1
}
}
[root@lb02 ~]# systemctl stop keepalived.service
[root@lb02 ~]# systemctl start keepalived.service
[root@lb02 ~]# ip a |grep 88
提示:无任何结果返回表示lb02单实例配置成功,因为lb02是备节点,主节点存在时,不接管VIP;
?
申明
????当主备节点同时出现VIP,说明高可用出现了脑裂现象(由于某些原因致两台服务器在指定时间内无法互相检测到对方心跳信息,则各自取的资源及服务器的所有权,将导致同一个ip存在两台服务器上而发生冲突),排查方向:
+ 主备服务器通信是否正常(iptables、SELinux);
+ 配置文件是否错误;特别注意virtual_router_id配置是否不一致;
功能测试
停止主服务器Keepalived服务或关闭服务器,可在备服务器上看到vip的出现,当主服务器恢复正常时,vip从备服务器转移回主服务器。
双实例双主模式
环境:
lb1 192.168.10.12
lb2 192.168.10.13
vip1 192.168.10.88
vip2 192.168.10.99
?
????以下是双主模式配置文件,vip1在lb1上为主,lb2上为从;vip2在lb1上为从,lb2上为主,当某台服务器上keepalived出现异常,2个vip将自动跳转至同一台服务器;
[root@lb1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
?
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
?
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
????????192.168.10.88/24 dev eth0 label eth0:1
}
}
?
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 56
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
????????192.168.10.99/24 dev eth0 label eth0:2
}
}
[root@lb2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
?
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
?
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
????????192.168.10.88/24 dev eth0 label eth0:1
}
}
?
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 56
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
????????192.168.10.99/24 dev eth0 label eth0:2
}
}
