keepalived(2)- keepalived安装和配置
目录
1. keepalived安装配置
1.1 keepalived安装环境
keepalived可以直接使用yum方式进行安装:
[root@nginx-lb01 ~]# yum install keepalived [root@nginx-lb01 ~]# rpm -q keepalived
keepalived-1.3.5-16.el7.x86_64
keepalived的程序文件如下:
[root@nginx-lb01 ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
/usr/share/doc/keepalived-1.3.5
/usr/share/doc/keepalived-1.3.5/AUTHOR
/usr/share/doc/keepalived-1.3.5/CONTRIBUTORS
/usr/share/doc/keepalived-1.3.5/COPYING
/usr/share/doc/keepalived-1.3.5/ChangeLog
/usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt
/usr/share/doc/keepalived-1.3.5/README
/usr/share/doc/keepalived-1.3.5/TODO
/usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS
/usr/share/doc/keepalived-1.3.5/samples
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync
/usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh
/usr/share/man/man1/genhash.1.gz
/usr/share/man/man5/keepalived.conf.5.gz
/usr/share/man/man8/keepalived.8.gz
/usr/share/snmp/mibs/KEEPALIVED-MIB.txt
/usr/share/snmp/mibs/VRRP-MIB.txt
/usr/share/snmp/mibs/VRRPv3-MIB.txt
其中主要的文件说明如下:
/etc/keepalived/keepalived.conf:keepalived的主配置文件
/etc/sysconfig/keepalived:定义keepalived运行方式
/usr/lib/systemd/system/keepalived.service:keepalived的system unit file
/usr/sbin/keepalived:二进制文件
1.2 keepalived日志文件
默认keepalived的日志存放在系统日志:/var/log/messages下。
若需要把日志单独存放在/var/log/keepalived.log中:
修改/etc/sysconfig/keepalived
把KEEPALIVED_OPTIONS="-D" 修改为:KEEPALIVED_OPTIONS="-D -d -S 0"
[root@nginx-lb01 ~]# cat /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
# KEEPALIVED_OPTIONS="-D -d -S 0"
在/etc/rsyslog.conf 末尾添加
[root@nginx-lb01 ~]# vim /etc/rsyslog.conf
local0.* /var/log/keepalived.log
重启日志记录服务和keepalived服务
[root@nginx-lb01 ~]# systemctl restart rsyslog.service
1.3 keepalived配置文件
keepalived的配置文件格式如下:
global_defs { #全局定义部分
notification_email { #设置警报邮箱
acassen@firewall.loc #接收方邮箱地址
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc #设置发件人地址
smtp_server 192.168.50.1 #设置smtp server地址
smtp_connect_timeout 30 #设置smtp超时连接时间 以上参数可以不配置
router_id LVS_DEVEL #是Keepalived服务器的路由标识在一个局域网内,这个标识(router_id)是唯一的
vrrp_mcast_group4 224.0.100.19 #vrrp通告的组播地址,可以修改。
script_user root
enable_script_security
}
vrrp_instance VI_1 { #VRRP实例定义名字VI_1
state MASTER #表示当前实例VI_1的角色状态,这个状态只能有MASTER和BACKUP两种状态,并且需要大写这些字符,MASTER为主节点,BACKUP为备用的状态
interface eth0 #绑定为当前虚拟路由器使用的物理接口;
virtual_router_id 51 #虚拟路由ID标识,这个标识最好是一个数字,在一个keepalived.conf配置中是唯一的, MASTER和BACKUP配置中相同实例的virtual_router_id必须是一致的.
priority 100 #priority为优先级 越大越优先,优先级大的选举为MASTER
advert_int 1 #为同步通知间隔。MASTER与BACKUP之间通信检查的时间间隔,单位为秒,默认为1.
authentication { #authentication为权限认证配置不要改动,同一vrrp实例的MASTER与BACKUP使用相同的密码才能正常通信。
auth_type PASS
auth_pass 1111 #密码最长为8位,超过8位启动取前8位作为密码进行认证
}
virtual_ipaddress { #设置虚拟IP地址
<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
192.168.200.17/24 dev eth1
192.168.50.16 #此格式ip addr命令显示 ifconfig不显示
192.168.50.17/24 dev eth0 label eth0:1 #绑定接口为eth0,别名为eth0:1
}
track_interface { #配置要监控的网络接口,一旦其中任意接口出现故障,则keepalived转为FAULT状态,VIP进行切换;
eth0
eth1
...
}
nopreempt:定义工作模式为非抢占模式;
preempt_delay 300:抢占式模式下,节点上线后触发新选举操作的延迟时长;
定义通知脚本:
notify_master <STRING>|<QUOTED-STRING>:当前节点成为主节点时触发的脚本;
notify_backup <STRING>|<QUOTED-STRING>:当前节点转为备节点时触发的脚本;
notify_fault <STRING>|<QUOTED-STRING>:当前节点转为“失败”状态时触发的脚本;
notify <STRING>|<QUOTED-STRING>:通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知;
script_user root
enable_script_security
以上两条命令是配合vrrp_script脚本使用,否则日志中会报错:
Jul 8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jul 8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
2. keepalived配置
2.1 keepalived单示例配置
实验环境规划如下:
| 名称 | IP地址 | 角色 | router_id | 优先级 |
|---|---|---|---|---|
| nginx-lb01 | 192.168.20.19 | MASTER | keepalived01 | 120 |
| nginx-lb02 | 192.168.20.20 | BACKUP | keepalived02 | 100 |
| VIP | 192.168.20.28 | - | - | - |
2.1.1 keepalived节点配置文件
MASTER节点的配置文件如下:
[root@nginx-lb01 keepalived]# cat keepalived.conf
! Configuration File for keepalived global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalived01
script_user root
enable_script_security
} vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 120
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.28/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}BACKUP节点的配置文件如下:
[root@nginx-lb02 keepalived]# cat keepalived.conf
! Configuration File for keepalived global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalived02
} vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.28/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
通知脚本notify.sh如下:
[root@nginx-lb01 keepalived]# cat notify.sh
#!/bin/bash contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
} case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac #增加执行权限
[root@nginx-lb01 keepalived]# chmod +x notify.sh
2.1.2 启动keepalived服务
启动keepalived服务:
[root@nginx-lb01 keepalived]# systemctl start keepalived.service
[root@nginx-lb01 keepalived]# systemctl start keepalived.service #查看服务状态:
[root@nginx-lb01 keepalived]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-07-08 17:27:56 CST; 21min ago
Process: 2402 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 2403 (keepalived)
CGroup: /system.slice/keepalived.service
├─2403 /usr/sbin/keepalived -D -d -S 0
├─2404 /usr/sbin/keepalived -D -d -S 0
└─2405 /usr/sbin/keepalived -D -d -S 0 [root@nginx-lb01 keepalived]# ps -ef | grep keepalived
root 2403 1 0 17:27 ? 00:00:00 /usr/sbin/keepalived -D -d -S 0
root 2404 2403 0 17:27 ? 00:00:00 /usr/sbin/keepalived -D -d -S 0
root 2405 2403 0 17:27 ? 00:00:00 /usr/sbin/keepalived -D -d -S 0
MASTER节点的日志如下:
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
Jul 8 17:52:25 nginx-lb01 Keepalived_vrrp[2533]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
Jul 8 17:52:27 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Entering MASTER STATE <==进入MASTER状态
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) setting protocol VIPs. <==VIP部署在本机
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28 <==发送免费ARP报文
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Opening script file /etc/keepalived/notify.sh <==触发通知脚本 #notify.sh自动发送的邮件信息:
[root@nginx-lb01 keepalived]# mail
N 3 root Thu Jul 8 17:52 18/712 "nginx-lb01 to be master, vip floating"
& 3
Message 3:
From root@nginx-lb01.localdomain Thu Jul 8 17:52:30 2021
Return-Path: <root@nginx-lb01.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Thu, 08 Jul 2021 17:52:30 +0800
To: root@localhost.localdomain
Subject: nginx-lb01 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@nginx-lb01.localdomain (root)
Status: R 2021-07-08 17:52:30: vrrp transition, nginx-lb01 changed to be masterBACKUP节点的日志如下:
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
Jul 8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100 <==收到对方优先级更高的报文
Jul 8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE <==本机进入BACKUP状态
Jul 8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs. <==移除本机VIP
Jul 8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh <==触发通知脚本 #notify.sh自动发送的邮件信息:
[root@nginx-lb02 keepalived]# mail
N 2 root Thu Jul 8 17:52 18/712 "nginx-lb02 to be backup, vip floating"
& 2
Message 2:
From root@nginx-lb02.localdomain Thu Jul 8 17:52:27 2021
Return-Path: <root@nginx-lb02.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Thu, 08 Jul 2021 17:52:27 +0800
To: root@localhost.localdomain
Subject: nginx-lb02 to be backup, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@nginx-lb02.localdomain (root)
Status: R 2021-07-08 17:52:27: vrrp transition, nginx-lb02 changed to be backup
虚拟IP地址的使用情况:
#VIP存在于MASTER节点中:
[root@nginx-lb01 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.28/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute
valid_lft forever preferred_lft forever #BACKUP节点没有VIP信息:
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute
valid_lft forever preferred_lft forever #在其他节点查看arp表信息,VIP的MAC地址与MASTER节点的MAC地址相同:
[C:\~]$ arp -a
接口: 192.168.20.1 --- 0x8
Internet 地址 物理地址 类型
192.168.20.19 00-0c-29-33-71-d0 动态
192.168.20.20 00-0c-29-21-9d-5c 动态
192.168.20.28 00-0c-29-33-71-d0 动态
2.1.3 keepalived状态切换
模拟MASTER节点故障
#1.停止MASTER节点的keepalived服务,模拟MASTER节点故障
[root@nginx-lb01 keepalived]# systemctl stop keepalived.service
[root@nginx-lb01 keepalived]# ps aux | grep keepalived
root 2738 0.0 0.0 112808 968 pts/0 R+ 19:07 0:00 grep --color=auto keepalived
#2.查看MASTER节点日志
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
Jul 8 19:07:36 nginx-lb01 Keepalived[2531]: Stopping
Jul 8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) sent 0 priority <==发送0优先级报文
Jul 8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) removing protocol VIPs. <==移除VIP
Jul 8 19:07:36 nginx-lb01 Keepalived_healthcheckers[2532]: Stopped
Jul 8 19:07:37 nginx-lb01 Keepalived_vrrp[2533]: Stopped
Jul 8 19:07:37 nginx-lb01 Keepalived[2531]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2
BACKUP节点的状态如下:
#1.查看日志信息
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
Jul 8 19:07:37 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Transition to MASTER STATE <==切换为MASTER节点
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
#2.查看虚IP信息:
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.28/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#3.触发脚本:
[root@nginx-lb02 keepalived]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 4 messages 4 new
>N 1 root Thu Jul 8 17:42 18/712 "nginx-lb02 to be backup, vip floating"
N 2 root Thu Jul 8 17:52 18/712 "nginx-lb02 to be backup, vip floating"
N 3 root Thu Jul 8 17:52 18/712 "nginx-lb02 to be master, vip floating"
N 4 root Thu Jul 8 19:07 18/712 "nginx-lb02 to be master, vip floating"
& 4
Message 4:
From root@nginx-lb02.localdomain Thu Jul 8 19:07:40 2021
Return-Path: <root@nginx-lb02.localdomain>
X-Original-To: root@localhost
Delivered-To: root@localhost.localdomain
Date: Thu, 08 Jul 2021 19:07:40 +0800
To: root@localhost.localdomain
Subject: nginx-lb02 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@nginx-lb02.localdomain (root)
Status: R
2021-07-08 19:07:40: vrrp transition, nginx-lb02 changed to be master
#4.查看其它节点arp信息,虚IP对应的MAC已经更改为BACKUP节点的MAC
[C:\~]$ arp -a
接口: 192.168.20.1 --- 0x8
Internet 地址 物理地址 类型
192.168.20.19 00-0c-29-33-71-d0 动态
192.168.20.20 00-0c-29-21-9d-5c 动态
192.168.20.28 00-0c-29-21-9d-5c 动态
再次恢复nginx-lb01节点,该节点的状态如下:
#1.查看日志情况,切换为MASTER状态,默认开启了抢占功能:
Jul 8 19:18:51 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul 8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul 8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul 8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul 8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
#2.查看VIP情况:
[root@nginx-lb01 ~]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.28/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
nginx-lb02节点情况如下:
#1.查看日志信息,收到优先级更高的vrrp报文,切换为BACKUP状态,移除VIP,触发通知脚本
[root@nginx-lb02 ~]# tail -f /var/log/keepalived.log
Jul 8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100
Jul 8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul 8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.1.4 配置keepalived的非抢占模式
通常master服务故障后backup会变成master,但是当master服务又恢复的时候,master会抢占VIP,这样就会发生两次切换,对业务繁忙的网站来说并不是太友好,此时我们可以配置keepalived为非抢占式(前提两台主机的硬件配置信息一致)。
配置非抢占式步骤如下*
两个节点的state都必须配置为BACKUP(官方建议,非必须)
两个节点都在vrrp_instance中添加nopreempt参数
其中一个节点的优先级必须要高于另外一个节点的优先级。
两台服务器都角色状态启用nopreempt后,必须修改角色状态统一为BACKUP,唯一的区分就是优先级。
配置文件示例如下:
Master节点:
vrrp_instance VI_1 {
state BACKUP
priority 150
nopreempt
}
Backup节点:
vrrp_instance VI_1 {
state BACKUP
priority 100
nopreempt
}
2.2. keepalived多实例配置
keepalived多实例指的是在一组keepalived集群中存在多个vrrp_instance,每个实例对应一个虚IP,每个虚IP都对应后端一个不同的集群,实现负载均衡设备的分流互备。
也可以把这些虚IP多对应一个集群,通过路由或者DNS轮询的方式让客户端的访问分散到这两个虚IP上,也可以实现负载均衡的分流互备,提高设备利用率。
实验环境说明:
| 节点名称 | 设备真实IP | vrrp示例1角色/优先级 | vrrp示例1虚IP | vrrp示例2角色/优先级 | vrrp示例2虚IP |
|---|---|---|---|---|---|
| nginx-lb01 | 192.168.20.19 | MASTER/120 | 192.168.20.28 | BACKUP/100 | 192.168.20.29 |
| nginx-lb02 | 192.168.20.20 | BACKUP/100 | 192.168.20.28 | MASTER/120 | 192.168.20.29 |
nginx-lb01的keepalived配置文件如下:
[root@nginx-lb01 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalived01
} vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 120
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.28/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
} vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 52
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.20.29/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
} [root@nginx-lb01 keepalived]# cat /etc/keepalived/notify.sh
#!/bin/bash contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
} case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
nginx-lb02的keepalived配置文件如下:
[root@nginx-lb02 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepalived02
} vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.28/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
} vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 52
priority 120
advert_int 3
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.20.29/24 dev eth1
} notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
} [root@nginx-lb02 keepalived]# cat /etc/keepalived/notify.sh
#!/bin/bash contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
} case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac重启keepalived服务,观察虚IP情况:
#1.两台节点重启keepalived服务
[root@nginx-lb01 keepalived]# systemctl restart keepalived.service [root@nginx-lb02 keepalived]# systemctl restart keepalived.service #2.查看nginx-lb01节点的日志:
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
Jul 8 23:00:09 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_2) Entering BACKUP STATE
Jul 8 23:00:12 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_1) Transition to MASTER STATE #3.查看nginx-lb02节点的日志:
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
Jul 8 22:59:59 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul 8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) Entering MASTER STATE
Jul 8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) setting protocol VIPs. #4.查看虚IP地址192.168.20.28的MASTER为nginx-lb01节点
[root@nginx-lb01 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.28/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute
valid_lft forever preferred_lft forever #5.查看虚IP地址192.168.20.29的MASTER为nginx-lb02节点
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.20.29/24 scope global secondary eth1
valid_lft forever preferred_lft forever
inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2.2.1 解决多组Keepalived服务器在一个局域网的冲突问题
当在同一个局域网内部署了多组Keepalived服务器对,而又未使用专门的心跳线通信时,可能会发生高可用接管的严重故障问题。之前已经讲解过Keepalived高可用功能是通过VRRP协议实现的,VRRP协议默认通过IP多播的形式实现高可用对之间的通信,如果同一个局域网内存在多组Keepalived服务器对,就会造成IP多播地址冲突问题,导致接管错乱,不同组的Keepalived都会使用默认的224.0.0.18作为多播地址。此时的解决办法是,在同组的Keepalived服务器所有的配置文件里指定独一无二的多播地址,配置如下:
global_defs { #全局配置
router_id LVS_19 #服务标识
vrrp_mcast_group4 224.0.0.19 #这个就是指定多播地址的配置
}
#提示:
1)不同实例的通信认证密码也最好不同,以确保接管正常。
keepalived(2)- keepalived安装和配置的更多相关文章
- LVS + Keepalived + Nginx安装及配置
1.概述 上篇文章<架构设计:负载均衡层设计方案(6)——Nginx + Keepalived构建高可用的负载层>(http://blog.csdn.net/yinwenjie/artic ...
- 架构设计:负载均衡层设计方案(7)——LVS + Keepalived + Nginx安装及配置
1.概述 上篇文章<架构设计:负载均衡层设计方案(6)——Nginx + Keepalived构建高可用的负载层>(http://blog.csdn.net/yinwenjie/artic ...
- LVS+Nginx(LVS + Keepalived + Nginx安装及配置)
(也可以每个nginx都挂在上所有的应用服务器) nginx大家都在用,估计也很熟悉了,在做负载均衡时很好用,安装简单.配置简单.相关材料也特别多. lvs是国内的章文嵩博士的大作,比nginx被广 ...
- CentOS 6.5 下Nginx服务的安装与配置
参考网站: http://www.cnblogs.com/zhuhongbao/archive/2013/06/04/3118061.html http://www.cnblogs.com/jilia ...
- Keepalived 安装与配置
下载:http://www.keepalived.org/ what is keepalived? Keepalived is a routing software written in C. The ...
- Keepalived高可用软件的安装与配置
监听和替换多台服务器之间的来回切换 一.安装tar zxvf keepalived-1.1.15.tar.gzcd keepalived-1.1.15./configure --prefix=/usr ...
- Linux下Keepalived 安装与配置
Keepalived 安装与配置 一.环境说明 1.操作系统内核版本:2.6.9-78.ELsmp 2.Keepalived软件版本:keepalived-1.1.20.tar.gz 二.环境配置 1 ...
- Keepalived安装与配置
下载并解压Keepalived安装包到两台nginx所在的服务器 192.168.200.1 192.168.200.2 执行编译安装(安装目录设置为 /usr/local/kee ...
- Keepalived + HAProxy 搭建【第二篇】Keepalived 安装与配置
第一步:准备 1. 简介 本文搭建的是利用 Keepalived 实现 HAProxy 的热备方案,即两台主机上的 HAProxy 实例同时运行,其中全总较高的实例为 MASTER,MASTER出现异 ...
- Nginx+Keepalived 主备高可用 安装与配置
环境说明:操作系统:CentOS6.7 x86_64Nginx版本:nginx-1.9.7Keepalived版本:keepalived-1.2.24 主nginx + Keepalived :10. ...
随机推荐
- el-table边框颜色修改—骨灰级
一.前言说明 1. 网上很多都是通过上下左右边框方式,如: .el-table { border-bottom: 1px solid black; border-right: 1px solid bl ...
- OpenHarmony技术日全面解读3.1 Release版本,系统基础能力再升级
4 月 25 日,OpenAtom OpenHarmony(以下简称"OpenHarmony")技术日在深圳举办,对 OpenHarmony 3.1 Release 版本核心技术进 ...
- SQline安装
SQLite 安装 SQLite 的一个重要的特性是零配置的,这意味着不需要复杂的安装或管理.本章将讲解 Windows.Linux 和 Mac OS X 上的安装设置. 在 Windows 上安装 ...
- C# sqlclient数据库事务BeginTransaction()详解
重载 重载 BeginTransaction() 开始数据库事务. BeginTransaction(IsolationLevel) 以指定的隔离级别启动数据库事务. BeginTransaction ...
- Python语言Numpy包之Meshgrid 函数
Meshgrid 函数的基本用法 在 Numpy 的官方文章里, meshgrid 函数的英文描述也显得文绉绉的,理解起来有些难度.可以这么理解, meshgrid 函数用两个坐标轴上的点在平面上画网 ...
- 【鸿蒙生态千帆起】HarmonyOS系统级地图与位置服务,赋能广大开发者
在"与HarmonyOS同行,开放生态,共赢未来"为主题的HUAWEI Developer Day(简称HDD)沙龙中,Petal Maps为开发者们带来了在HarmonyOS下 ...
- HarmonyOS自定义抽奖转盘开发(ArkTS)
介绍 本篇Codelab是基于画布组件.显式动画,实现的一个自定义抽奖圆形转盘.包含如下功能: 1. 通过画布组件Canvas,画出抽奖圆形转盘. 2. 通过显式动画启动抽奖功能. 3. 通 ...
- Unity性能优化——托管堆/GC
了解托管堆 许多 Unity 开发者面临的另一个常见问题是托管堆的意外扩展.在 Unity 中,托管堆的扩展比收缩容易得多.此外,Unity 的垃圾收集策略往往会使内存碎片化,因此可能阻止大型堆的收缩 ...
- Javscript数组的常用方法有哪些?
数组基本操作可以归纳为 增.删.改.查,需要留意的是哪些方法会对原数组产生影响,哪些方法不会 下面对数组常用的操作方法做一个归纳 增 下面前三种是对原数组产生影响的增添方法,第四种则不会对原数组产生影 ...
- Web Audio API 第5章 音频的分析与可视化
到目前为止,我们仅讨论了音频的合成与处理,但这仅是 Web Audio API 提供的一半功能.另一半功能则是音频的分析,它播放起来应该是什么样子的.它最典型的例子就是音频可视化,但其实有更多的其它应 ...