实验拓扑
keepalived高可用配置
HA01和HA02的keepalived安装及配置(安装及配置均相同)
~]# yum -y install keepalived
HA01和HA02做时间同步,crontab中添加时间同步脚本
~]# date; ssh 192.168.150.140 'date' 此命令可以同时查看两台时间快速进行比较
~]# crontab -l 添加对时服务
*/5 * * * * /sbin/ntpdate 10.53.1.9 &>/dev/null
确认防火墙规则及selinux
~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
~]# getenforce
Disabled
keepalived的整个安装包
~]# rpm -ql keepalived 配置文件,服务启动模块,执行文件,说明
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
/usr/share/doc/keepalived-1.2.13
/usr/share/doc/keepalived-1.2.13/AUTHOR
/usr/share/doc/keepalived-1.2.13/CONTRIBUTORS
/usr/share/doc/keepalived-1.2.13/COPYING
/usr/share/doc/keepalived-1.2.13/ChangeLog
/usr/share/doc/keepalived-1.2.13/NOTE_vrrp_vmac.txt
/usr/share/doc/keepalived-1.2.13/README
/usr/share/doc/keepalived-1.2.13/TODO
/usr/share/doc/keepalived-1.2.13/VERSION
/usr/share/doc/keepalived-1.2.13/keepalived.conf.SYNOPSIS
/usr/share/doc/keepalived-1.2.13/samples
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.HTTP_GET.port
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.IPv6
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SMTP_CHECK
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SSL_GET
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.fwmark
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.inhibit
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check_arg
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.quorum
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.sample
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.status_code
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.track_interface
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtual_server_group
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtualhost
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.localcheck
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.lvs_syncd
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.routes
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.scripts
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.static_ipaddress
/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.sync
/usr/share/doc/keepalived-1.2.13/samples/sample.misccheck.smbcheck.sh
/usr/share/man/man1/genhash.1.gz
/usr/share/man/man5/keepalived.conf.5.gz
/usr/share/man/man8/keepalived.8.gz
/usr/share/snmp/mibs/KEEPALIVED-MIB.txt
keepalived.config配置
~]# cd /etc/keepalived/
keepalived]# ls
keepalived.conf
keepalived]# cp keepalived.conf{,.bak}
! Configuration File or keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from [email protected]
smtp_server 127.0.0.1 指定邮件网关
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 { 配置vrrp
state MASTER
interface eno33554976
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass Iyd4q2Yg 生成一个随机数进行密码设置,两边设置一样,长度为8位
加密时产生随机密码
~]# openssl rand -base64 10
}
virtual_ipaddress {
192.168.150.131 dev eno33554976 label eno33554976:0
}
notify_master "/etc/keepalived/notify.sh master" vrrp健康检查脚本
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
virtual_server 192.168.150.131 80 { LVS配置
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80 sorry_sever指向本机
real_server 192.168.150.138 80 { real server指定
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.150.139 80 {
weight 2
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
健康检查脚本
keepalived]# cat notify.sh
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1: vip floating"
mailbody="$(date +'%F %T'):vrrp transation,$(hostname) change to be $1"
echo $mailbody | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
;;
esac
安装httpd服务,并开启,创建一个简单的saysorry页面
~]# yum -y install httpd
~]# cat /var/www/html/index.html
<h1>sorry server1</h1>
~]# systemctl start httpd.service
~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
将相关配置一并copy至HA02的对应目录,配合当中state改为BACKUP,优先级改为98
keepalived]# scp keepalived.conf 192.168.150.140:/etc/keepalived/
[email protected]'s password:
keepalived.conf 100% 1299 1.3KB/s 00:00
两台开启keepalived配置
keepalived]# systemctl start keepalived.service
keepalived]# ifconfig
eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)
RX packets 37718 bytes 18787553 (17.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47265 bytes 21013002 (20.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 35 bytes 3063 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 3063 (2.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
DR模式的LVS集群,RS之前已经有配置,拿来使用即可
实验测试:
HA01宕机后HA02可以正常接管
模拟HA01宕机
keepalived]# systemctl stop keepalived.service
此时客户端访问无任何影响
~]# curl http://192.168.150.131
<h1>RS2</h1>
~]# curl http://192.168.150.131
<h1>RS1</h1>
HA01上的状态,serviceIP已经漂移至HA02上
[root@localhost keepalived]# ifconfig
eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)
RX packets 46766 bytes 19985732 (19.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62940 bytes 22209972 (21.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 271 bytes 21439 (20.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 271 bytes 21439 (20.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
此时HA02上状态 service已经至此服务器上
~]# ifconfig
eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.140 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::20c:29ff:fe85:df69 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)
RX packets 48744 bytes 19388076 (18.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21722 bytes 1924405 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 222 bytes 15909 (15.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 222 bytes 15909 (15.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 192.168.150.138:80 Route 1 0 0
-> 192.168.150.139:80 Route 2 0 0
查看监控检查邮件预警机制正常
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 20 messages 20 new
>N 1 root Fri Dec 2 18:54 18/730 "localhost.localdomain to be backup: vip floating"
HA01恢复正常后服务恢复至HA01
~]# systemctl start keepalived.service 模拟HA01正常恢复
HA01状态
~]# ifconfig
eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)
RX packets 46963 bytes 20002522 (19.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 63078 bytes 22223988 (21.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0
ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 273 bytes 21543 (21.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 273 bytes 21543 (21.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 13 messages 13 new
>N 1 root Fri Dec 2 18:55 18/730
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 192.168.150.138:80 Route 1 0 0
-> 192.168.150.139:80 Route 2 0 0
客户端无任何影响
HA02状态
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 192.168.150.138:80 Route 1 0 0
-> 192.168.150.139:80 Route 2 0 0
您在 /var/spool/mail/root 中有新邮件
~]# ifconfig
eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.150.140 netmask 255.255.255.0 broadcast 192.168.150.255
inet6 fe80::20c:29ff:fe85:df69 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)
RX packets 49491 bytes 19470170 (18.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22457 bytes 1988047 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 224 bytes 16015 (15.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 224 bytes 16015 (15.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
RS单台宕机HA的状态
~]# systemctl stop httpd.service RS2模拟宕机
客户端访问,只能访问其余一台
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
HA01状态 RS主机只剩一台
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 192.168.150.138:80 Route 1 0 5
HA02状态
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 192.168.150.138:80 Route 1 0 0
RS宕机后 sorry_server是否可行
~]# systemctl stop httpd.service RS模拟宕机
客户端访问 已指向sorry_server,HA主机http服务
~]# curl http://192.168.150.131
<h1>sorry server1</h1>
此时HA01状态
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 127.0.0.1:80 Route 1 0 3
HA02状态
~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.150.131:80 rr
-> 127.0.0.1:80 Route 1 0 0
RS恢复后是否可正常恢复所有状态
~]# systemctl start httpd.service RS恢复
客户端请求 全部恢复正常
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS2</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS1</h1>
[root@localhost ~]# curl http://192.168.150.131
<h1>RS2</h1>
原创文章,作者:N23-苏州-void,如若转载,请注明出处:http://www.178linux.com/62861
评论列表(1条)
赞,有拓扑图也有实战的例子,不错的文章~~加油!