1、keepalived 的工作原理
Keepalived 高可用对之间通过vrrp协议通信,vrrp是通过竞选机制来确定主备关系,主的优先级高一备,因此工作时主会优先获得资源,备节点处于等待状态,当主服务器宕机时,备节点就会接管主节点的资源(即vip),然后顶替主节点对外提供服务。
在Keepalived服务对之间,只有作为主服务器会一直发送vrrp广播包,告诉备还活着,此时备服务器不会抢占vip,当主不可用时,即备服务器监听不到主服务器发过来的广播包时,备服务器会立马接管vip,保证业务不中断。
2、keepalived 安装
yum install keepalived -y
查看安装目录位置 rpm -ql keepalived
3、keepalived 配置文件
1 global_defs { #全局配置 2 notification_email { 定义报警邮件地址 3 acassen@firewall.loc 4 failover@firewall.loc 5 sysadmin@firewall.loc 6 } 7 notification_email_from Alexandre.Cassen@firewall.loc #定义发送邮件的地址 8 smtp_server 192.168.200.1 #邮箱服务器 9 smtp_connect_timeout 30 #定义超时时间10 router_id LVS_DEVEL #定义路由标识信息,相同局域网唯一11 } 12 vrrp_instance VI_1 { #定义实例13 state MASTER #状态参数 master/backup 只是说明14 interface eth0 #虚IP地址放置的网卡位置15 virtual_router_id 51 #同一家族要一直,同一个集群id一致16 priority 100 # 优先级决定是主还是备 越大越优先17 advert_int 1 #主备通讯时间间隔18 authentication { # ↓19 auth_type PASS #↓20 auth_pass 1111 #认证21 } #↑ 22 virtual_ipaddress { #↓23 192.168.200.16 设备之间使用的虚拟ip地址24 192.168.200.1725 192.168.200.1826 }27 }
4、 keepalived 配置双主nginx
1 ! Configuration File for keepalived 2 3 global_defs { 4 router_id lb01 5 } 6 7 vrrp_script chk_nginx { 8 script "/etc/keepalived/check_ng.sh" 9 interval 210 weight -211 }12 13 vrrp_instance VI_1 {14 state MASTER15 interface eth016 virtual_router_id 5117 priority 10018 advert_int 119 authentication {20 auth_type PASS21 auth_pass 111122 }23 virtual_ipaddress {24 172.30.7.150/24 dev eth0 label eth0:125 }26 track_script {27 chk_nginx28 }29 }30 31 vrrp_instance VI_2 {32 state BACKUP33 interface eth034 virtual_router_id 5235 priority 9936 advert_int 137 authentication {38 auth_type PASS39 auth_pass 111140 }41 virtual_ipaddress {42 172.30.7.151/24 dev eth0 label eth0:243 }44 }
1 ! Configuration File for keepalived 2 3 global_defs { 4 router_id lb02 5 } 6 7 vrrp_script chk_nginx { 8 script "/etc/keepalived/check_ng.sh" 9 interval 210 weight -211 }12 13 vrrp_instance VI_1 {14 state BACKUP15 interface eth016 virtual_router_id 5117 priority 9918 advert_int 119 authentication {20 auth_type PASS21 auth_pass 111122 }23 virtual_ipaddress {24 172.30.7.150/24 dev eth0 label eth0:125 }26 }27 28 vrrp_instance VI_2 {29 state MASTER30 interface eth031 virtual_router_id 5232 priority 10033 advert_int 134 authentication {35 auth_type PASS36 auth_pass 111137 }38 virtual_ipaddress {39 172.30.7.151/24 dev eth0 label eth0:240 }41 track_script {42 chk_nginx43 }44 }
1 #!/bin/bash2 #3 # Description: check-ng4 # Author: hequan5 # Date: 2018/6/206 7 if [ `ps -C nginx --no-header|wc -l` -eq 0 ];then8 exit 19 fi
5、keepalived 配置lvs dr模式
1 global_defs { 2 router_id LVS_DEVEL # 设置lvs的id,在一个网络内应该是唯一的 3 } 4 vrrp_instance VI_1 { 5 state MASTER #指定Keepalived的角色,MASTER为主,BACKUP为备 6 interface eth0 #指定Keepalived的角色,MASTER为主,BACKUP为备 7 virtual_router_id 51 #虚拟路由编号,主备要一致 8 priority 100 #定义优先级,数字越大,优先级越高,主DR必须大于备用DR 9 advert_int 1 #检查间隔,默认为1s10 authentication { 11 auth_type PASS 12 auth_pass 1111 13 } 14 virtual_ipaddress { 15 172.30.7.150/24 dev eht0 label eth0:1 #定义虚拟IP(VIP)为192.168.2.33,可多设,每行一个16 } 17 } 18 # 定义对外提供服务的LVS的VIP以及port19 virtual_server 172.30.7.150 80 { 20 delay_loop 6 # 设置健康检查时间,单位是秒 21 lb_algo wrr # 设置负载调度的算法为wlc 22 lb_kind DR # 设置LVS实现负载的机制,有NAT、TUN、DR三个模式 23 nat_mask 255.255.255.0 24 persistence_timeout 0 25 protocol TCP 26 real_server 172.30.7.181 80 { # 指定real server1的IP地址27 weight 3 # 配置节点权值,数字越大权重越高 28 TCP_CHECK { 29 connect_timeout 10 30 nb_get_retry 3 31 delay_before_retry 3 32 connect_port 80 33 } 34 } 35 real_server 172.30.7.182 80 { # 指定real server2的IP地址36 weight 3 # 配置节点权值,数字越大权重越高 37 TCP_CHECK { 38 connect_timeout 10 39 nb_get_retry 3 40 delay_before_retry 3 41 connect_port 80 42 } 43 } 44 }
1 #!/bin/bash 2 # 3 4 SNS_VIP=172.30.7.150 5 . /etc/rc.d/init.d/functions 6 case "$1" in 7 start) 8 ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP 9 /sbin/route add -host $SNS_VIP dev lo:010 echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore11 echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce12 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore13 echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce14 sysctl -p >/dev/null 2>&115 echo "RealServer Start OK"16 ;;17 stop)18 ifconfig lo:0 down19 route del $SNS_VIP >/dev/null 2>&120 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore21 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce22 echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore23 echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce24 echo "RealServer Stoped"25 ;;26 *)27 echo "Usage: $0 {start|stop}"28 exit 129 esac30 exit 0
6、iptables 开通规则
-A INPUT -p vrrp -j ACCEPT
7、内网通信,公网浮动网卡配置
1 DEVICE=eth02 TYPE=Ethernet3 ONBOOT=yes4 NM_CONTROLLED=no5 BOOTPROTO=none
8、keepalived 路由浮动配置
1 vrrp_instance IN_1 { 2 state MASTER 3 interface eth0 4 virtual_router_id 71 5 priority 99 6 advert_int 1 7 authentication { 8 auth_type PASS 9 auth_pass aaaa10 }11 virtual_ipaddress {12 #42.123.110.37/24 dev eth0 label eth0:013 42.123.110.37/27 dev eth114 }15 virtual_routes {16 default via 42.123.110.3317 #172.16.0.0/12 via 10.210.214.118 #192.168.1.0/24 via 192.168.1.1 dev eth119 } ## 设置默认网关为 123.123.123.120 track_script {21 chk_nginx #引用上面的vrrp_script定义的脚本名称22 }23 }
9、keepalived 单播通信配置
1 priority 992 unicast_src_ip 10.51.96.208 ##(本地IP地址)3 unicast_peer {4 10.51.96.209 ##(对端IP地址)此地址一定不能忘记5 }
10、tcpdump 抓包
tcpdump -nn -i any net 224.0.0.0/8