2. 程式人生 > 其它 >keepalived(2)- keepalived安裝和配置

keepalived(2)- keepalived安裝和配置

阿新 發佈:2021-07-10
目錄

1. keepalived安裝配置

1.1 keepalived安裝環境

  • keepalived可以直接使用yum方式進行安裝:

    [root@nginx-lb01 ~]# yum install keepalived

[root@nginx-lb01 ~]# rpm -q keepalived 
keepalived-1.3.5-16.el7.x86_64

  • keepalived的程式檔案如下:

    [root@nginx-lb01 ~]# rpm -ql keepalived 
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
/usr/share/doc/keepalived-1.3.5
/usr/share/doc/keepalived-1.3.5/AUTHOR
/usr/share/doc/keepalived-1.3.5/CONTRIBUTORS
/usr/share/doc/keepalived-1.3.5/COPYING
/usr/share/doc/keepalived-1.3.5/ChangeLog
/usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt
/usr/share/doc/keepalived-1.3.5/README
/usr/share/doc/keepalived-1.3.5/TODO
/usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS
/usr/share/doc/keepalived-1.3.5/samples
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress
/usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync
/usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh
/usr/share/man/man1/genhash.1.gz
/usr/share/man/man5/keepalived.conf.5.gz
/usr/share/man/man8/keepalived.8.gz
/usr/share/snmp/mibs/KEEPALIVED-MIB.txt
/usr/share/snmp/mibs/VRRP-MIB.txt
/usr/share/snmp/mibs/VRRPv3-MIB.txt

    其中主要的檔案說明如下:

    • /etc/keepalived/keepalived.conf:keepalived的主配置檔案

    • /etc/sysconfig/keepalived:定義keepalived執行方式

    • /usr/lib/systemd/system/keepalived.service:keepalived的system unit file

    • /usr/sbin/keepalived:二進位制檔案

1.2 keepalived日誌檔案

預設keepalived的日誌存放在系統日誌:/var/log/messages下。

若需要把日誌單獨存放在/var/log/keepalived.log中:

  1. 修改/etc/sysconfig/keepalived

    把KEEPALIVED_OPTIONS="-D" 修改為:KEEPALIVED_OPTIONS="-D -d -S 0"

    [root@nginx-lb01 ~]# cat /etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# keepalived.conf(5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp               -P    Only run with VRRP subsystem.
# --check              -C    Only run with Health-checker subsystem.
# --dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.
# --dump-conf          -d    Dump the configuration data.
# --log-detail         -D    Detailed log messages.
# --log-facility       -S    0-7 Set local syslog facility (default=LOG_DAEMON)
#

KEEPALIVED_OPTIONS="-D -d -S 0"

  2. 在/etc/rsyslog.conf 末尾新增

    [root@nginx-lb01 ~]# vim /etc/rsyslog.conf
local0.*                         /var/log/keepalived.log

  3. 重啟日誌記錄服務和keepalived服務

    [root@nginx-lb01 ~]# systemctl restart rsyslog.service

1.3 keepalived配置檔案

keepalived的配置檔案格式如下:

global_defs {                        #全域性定義部分
   notification_email {              #設定警報郵箱
     [email protected]            #接收方郵箱地址
     [email protected]
     [email protected]
   }
   notification_email_from [email protected]      #設定發件人地址
   smtp_server 192.168.50.1    #設定smtp server地址
   smtp_connect_timeout 30     #設定smtp超時連線時間    以上引數可以不配置
   router_id LVS_DEVEL         #是Keepalived伺服器的路由標識在一個區域網內,這個標識(router_id)是唯一的
   vrrp_mcast_group4 224.0.100.19   #vrrp通告的組播地址,可以修改。
   script_user root
   enable_script_security
}

vrrp_instance VI_1 {      #VRRP例項定義名字VI_1
    state MASTER          #表示當前例項VI_1的角色狀態,這個狀態只能有MASTER和BACKUP兩種狀態,並且需要大寫這些字元,MASTER為主節點,BACKUP為備用的狀態
    interface eth0       #繫結為當前虛擬路由器使用的物理介面;
    virtual_router_id 51 #虛擬路由ID標識,這個標識最好是一個數字,在一個keepalived.conf配置中是唯一的, MASTER和BACKUP配置中相同例項的virtual_router_id必須是一致的.
    priority 100                #priority為優先順序 越大越優先,優先順序大的選舉為MASTER
    advert_int 1               #為同步通知間隔。MASTER與BACKUP之間通訊檢查的時間間隔,單位為秒,預設為1.
    authentication {           #authentication為許可權認證配置不要改動,同一vrrp例項的MASTER與BACKUP使用相同的密碼才能正常通訊。
        auth_type PASS
        auth_pass 1111         #密碼最長為8位,超過8位啟動取前8位作為密碼進行認證
    }
    virtual_ipaddress {         #設定虛擬IP地址
    	<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
   		192.168.200.17/24 dev eth1
    	192.168.50.16         #此格式ip addr命令顯示 ifconfig不顯示
    	192.168.50.17/24 dev eth0 label eth0:1    #繫結介面為eth0,別名為eth0:1
    }
	track_interface {  #配置要監控的網路介面,一旦其中任意接口出現故障,則keepalived轉為FAULT狀態,VIP進行切換;
		eth0
		eth1
		...
	}
	nopreempt:定義工作模式為非搶佔模式;
	preempt_delay 300:搶佔式模式下,節點上線後觸發新選舉操作的延遲時長;
定義通知指令碼:
	notify_master <STRING>|<QUOTED-STRING>:當前節點成為主節點時觸發的指令碼;
	notify_backup <STRING>|<QUOTED-STRING>:當前節點轉為備節點時觸發的指令碼;
	notify_fault <STRING>|<QUOTED-STRING>:當前節點轉為“失敗”狀態時觸發的指令碼;
	notify <STRING>|<QUOTED-STRING>:通用格式的通知觸發機制,一個指令碼可完成以上三種狀態的轉換時的通知;

script_user root

enable_script_security

以上兩條命令是配合vrrp_script指令碼使用,否則日誌中會報錯:

Jul  8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Jul  8 17:42:23 nginx-lb02 Keepalived_vrrp[2309]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.

2. keepalived配置

2.1 keepalived單示例配置

實驗環境規劃如下:

名稱 IP地址 角色 router_id 優先順序
nginx-lb01 192.168.20.19 MASTER keepalived01 120
nginx-lb02 192.168.20.20 BACKUP keepalived02 100
VIP 192.168.20.28 - - -

2.1.1 keepalived節點配置檔案

  • MASTER節點的配置檔案如下:

    [root@nginx-lb01 keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived01
   script_user root
   enable_script_security
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 120
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.20.28/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

  • BACKUP節點的配置檔案如下:

    [root@nginx-lb02 keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.20.28/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

  • 通知指令碼notify.sh如下:

    [root@nginx-lb01 keepalived]# cat notify.sh 
#!/bin/bash

contact='root@localhost'
notify() {
	    local mailsubject="$(hostname) to be $1, vip floating"
		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
	    echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
    notify master
	;;
backup)
	notify backup
    ;;
fault)
    notify fault
	;;
*)
	echo "Usage: $(basename $0) {master|backup|fault}"
	exit 1
	;;
esac

#增加執行許可權
[root@nginx-lb01 keepalived]# chmod +x notify.sh

2.1.2 啟動keepalived服務

  • 啟動keepalived服務:

    [root@nginx-lb01 keepalived]# systemctl start keepalived.service
[root@nginx-lb01 keepalived]# systemctl start keepalived.service

#檢視服務狀態:
[root@nginx-lb01 keepalived]# systemctl status keepalived.service 
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-07-08 17:27:56 CST; 21min ago
  Process: 2402 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 2403 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─2403 /usr/sbin/keepalived -D -d -S 0
           ├─2404 /usr/sbin/keepalived -D -d -S 0
           └─2405 /usr/sbin/keepalived -D -d -S 0

[root@nginx-lb01 keepalived]# ps -ef | grep keepalived
root       2403      1  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0
root       2404   2403  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0
root       2405   2403  0 17:27 ?        00:00:00 /usr/sbin/keepalived -D -d -S 0

  • MASTER節點的日誌如下:

    [root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
Jul  8 17:52:25 nginx-lb01 Keepalived_vrrp[2533]: VRRP sockpool: [ifindex(3), proto(112), unicast(0), fd(10,11)]
Jul  8 17:52:27 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Transition to MASTER STATE 
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Entering MASTER STATE  <==進入MASTER狀態
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) setting protocol VIPs. <==VIP部署在本機
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28 <==傳送免費ARP報文
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 17:52:30 nginx-lb01 Keepalived_vrrp[2533]: Opening script file /etc/keepalived/notify.sh   <==觸發通知指令碼

#notify.sh自動傳送的郵件資訊:
[root@nginx-lb01 keepalived]# mail
 N  3 root                  Thu Jul  8 17:52  18/712   "nginx-lb01 to be master, vip floating"
& 3
Message  3:
From [email protected]  Thu Jul  8 17:52:30 2021
Return-Path: <[email protected]>
X-Original-To: root@localhost
Delivered-To: [email protected]
Date: Thu, 08 Jul 2021 17:52:30 +0800
To: [email protected]
Subject: nginx-lb01 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R

2021-07-08 17:52:30: vrrp transition, nginx-lb01 changed to be master

  • BACKUP節點的日誌如下:

    [root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100 <==收到對方優先順序更高的報文
Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE  <==本機進入BACKUP狀態
Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs. <==移除本機VIP
Jul  8 17:52:27 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh  <==觸發通知指令碼

#notify.sh自動傳送的郵件資訊:
[root@nginx-lb02 keepalived]# mail
 N  2 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be backup, vip floating"
& 2
Message  2:
From [email protected]  Thu Jul  8 17:52:27 2021
Return-Path: <[email protected]>
X-Original-To: root@localhost
Delivered-To: [email protected]
Date: Thu, 08 Jul 2021 17:52:27 +0800
To: [email protected]
Subject: nginx-lb02 to be backup, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R

2021-07-08 17:52:27: vrrp transition, nginx-lb02 changed to be backup

  • 虛擬IP地址的使用情況:

    #VIP存在於MASTER節點中:
[root@nginx-lb01 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#BACKUP節點沒有VIP資訊:
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
       
#在其他節點檢視arp表資訊,VIP的MAC地址與MASTER節點的MAC地址相同:
[C:\~]$ arp -a
介面: 192.168.20.1 --- 0x8
  Internet 地址         實體地址              型別
  192.168.20.19         00-0c-29-33-71-d0     動態        
  192.168.20.20         00-0c-29-21-9d-5c     動態        
  192.168.20.28         00-0c-29-33-71-d0     動態

2.1.3 keepalived狀態切換

模擬MASTER節點故障

#1.停止MASTER節點的keepalived服務,模擬MASTER節點故障
[root@nginx-lb01 keepalived]# systemctl stop keepalived.service 
[root@nginx-lb01 keepalived]# ps aux | grep keepalived
root       2738  0.0  0.0 112808   968 pts/0    R+   19:07   0:00 grep --color=auto keepalived

#2.檢視MASTER節點日誌
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log 
Jul  8 19:07:36 nginx-lb01 Keepalived[2531]: Stopping
Jul  8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) sent 0 priority  <==傳送0優先順序報文
Jul  8 19:07:36 nginx-lb01 Keepalived_vrrp[2533]: VRRP_Instance(VI_1) removing protocol VIPs.  <==移除VIP
Jul  8 19:07:36 nginx-lb01 Keepalived_healthcheckers[2532]: Stopped
Jul  8 19:07:37 nginx-lb01 Keepalived_vrrp[2533]: Stopped
Jul  8 19:07:37 nginx-lb01 Keepalived[2531]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2

BACKUP節點的狀態如下:

#1.檢視日誌資訊
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log 
Jul  8 19:07:37 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Transition to MASTER STATE   <==切換為MASTER節點
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:40 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:07:45 nginx-lb02 Keepalived_vrrp[2309]: Sending gratuitous ARP on eth1 for 192.168.20.28

#2.檢視虛IP資訊:
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#3.觸發指令碼:
[root@nginx-lb02 keepalived]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 4 messages 4 new
>N  1 root                  Thu Jul  8 17:42  18/712   "nginx-lb02 to be backup, vip floating"
 N  2 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be backup, vip floating"
 N  3 root                  Thu Jul  8 17:52  18/712   "nginx-lb02 to be master, vip floating"
 N  4 root                  Thu Jul  8 19:07  18/712   "nginx-lb02 to be master, vip floating"
& 4
Message  4:
From [email protected]  Thu Jul  8 19:07:40 2021
Return-Path: <[email protected]>
X-Original-To: root@localhost
Delivered-To: [email protected]
Date: Thu, 08 Jul 2021 19:07:40 +0800
To: [email protected]
Subject: nginx-lb02 to be master, vip floating
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R

2021-07-08 19:07:40: vrrp transition, nginx-lb02 changed to be master

#4.檢視其它節點arp資訊,虛IP對應的MAC已經更改為BACKUP節點的MAC
[C:\~]$ arp -a
介面: 192.168.20.1 --- 0x8
  Internet 地址         實體地址              型別
  192.168.20.19         00-0c-29-33-71-d0     動態        
  192.168.20.20         00-0c-29-21-9d-5c     動態        
  192.168.20.28         00-0c-29-21-9d-5c     動態

再次恢復nginx-lb01節點,該節點的狀態如下:

#1.檢視日誌情況,切換為MASTER狀態,預設開啟了搶佔功能:
Jul  8 19:18:51 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Transition to MASTER STATE
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Entering MASTER STATE
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) setting protocol VIPs.
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: Sending gratuitous ARP on eth1 for 192.168.20.28
Jul  8 19:18:54 nginx-lb01 Keepalived_vrrp[2818]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on eth1 for 192.168.20.28

#2.檢視VIP情況:
[root@nginx-lb01 ~]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

nginx-lb02節點情況如下:

#1.檢視日誌資訊,收到優先順序更高的vrrp報文,切換為BACKUP狀態,移除VIP,觸發通知指令碼
[root@nginx-lb02 ~]# tail -f /var/log/keepalived.log 
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Received advert with higher priority 120, ours 100
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: VRRP_Instance(VI_1) removing protocol VIPs.
Jul  8 19:18:51 nginx-lb02 Keepalived_vrrp[2309]: Opening script file /etc/keepalived/notify.sh

[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.1.4 配置keepalived的非搶佔模式

通常master服務故障後backup會變成master,但是當master服務又恢復的時候,master會搶佔VIP,這樣就會發生兩次切換,對業務繁忙的網站來說並不是太友好,此時我們可以配置keepalived為非搶佔式(前提兩臺主機的硬體配置資訊一致)。

配置非搶佔式步驟如下*

  • 兩個節點的state都必須配置為BACKUP(官方建議,非必須)

  • 兩個節點都在vrrp_instance中新增nopreempt引數

  • 其中一個節點的優先順序必須要高於另外一個節點的優先順序。

兩臺伺服器都角色狀態啟用nopreempt後,必須修改角色狀態統一為BACKUP,唯一的區分就是優先順序。

配置檔案示例如下:

Master節點:
vrrp_instance VI_1 {
	state BACKUP 
	priority 150 
	nopreempt
} 

Backup節點:
vrrp_instance VI_1 { 
	state BACKUP 
	priority 100 
	nopreempt
}

2.2. keepalived多例項配置

keepalived多例項指的是在一組keepalived叢集中存在多個vrrp_instance,每個例項對應一個虛IP,每個虛IP都對應後端一個不同的叢集,實現負載均衡裝置的分流互備。

也可以把這些虛IP多對應一個叢集,通過路由或者DNS輪詢的方式讓客戶端的訪問分散到這兩個虛IP上,也可以實現負載均衡的分流互備,提高裝置利用率。

實驗環境說明:

節點名稱 裝置真實IP vrrp示例1角色/優先順序 vrrp示例1虛IP vrrp示例2角色/優先順序 vrrp示例2虛IP
nginx-lb01 192.168.20.19 MASTER/120 192.168.20.28 BACKUP/100 192.168.20.29
nginx-lb02 192.168.20.20 BACKUP/100 192.168.20.28 MASTER/120 192.168.20.29

  • nginx-lb01的keepalived配置檔案如下:

    [root@nginx-lb01 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 120
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.20.28/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth1
    virtual_router_id 52
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 2222
    }
    virtual_ipaddress {
        192.168.20.29/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

[root@nginx-lb01 keepalived]# cat /etc/keepalived/notify.sh 
#!/bin/bash

contact='root@localhost'
notify() {
	        local mailsubject="$(hostname) to be $1, vip floating"
		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
	        echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
        notify master
	;;
backup)
	notify backup
        ;;
fault)
        notify fault
	;;
*)
	echo "Usage: $(basename $0) {master|backup|fault}"
	exit 1
	;;
esac

  • nginx-lb02的keepalived配置檔案如下:

    [root@nginx-lb02 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id keepalived02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.20.28/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

vrrp_instance VI_2 {
    state MASTER
    interface eth1
    virtual_router_id 52
    priority 120
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 2222
    }
    virtual_ipaddress {
        192.168.20.29/24 dev eth1
    }

    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

[root@nginx-lb02 keepalived]# cat /etc/keepalived/notify.sh 
#!/bin/bash

contact='root@localhost'
notify() {
	        local mailsubject="$(hostname) to be $1, vip floating"
		local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
	        echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
        notify master
	;;
backup)
	notify backup
        ;;
fault)
        notify fault
	;;
*)
	echo "Usage: $(basename $0) {master|backup|fault}"
	exit 1
	;;
esac

  • 重啟keepalived服務,觀察虛IP情況:

    #1.兩臺節點重啟keepalived服務
[root@nginx-lb01 keepalived]# systemctl restart keepalived.service

[root@nginx-lb02 keepalived]# systemctl restart keepalived.service 

#2.檢視nginx-lb01節點的日誌:
[root@nginx-lb01 keepalived]# tail -f /var/log/keepalived.log
Jul  8 23:00:09 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_2) Entering BACKUP STATE
Jul  8 23:00:12 nginx-lb01 Keepalived_vrrp[3323]: VRRP_Instance(VI_1) Transition to MASTER STATE

#3.檢視nginx-lb02節點的日誌:
[root@nginx-lb02 keepalived]# tail -f /var/log/keepalived.log
Jul  8 22:59:59 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jul  8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) Entering MASTER STATE
Jul  8 23:00:05 nginx-lb02 Keepalived_vrrp[3152]: VRRP_Instance(VI_2) setting protocol VIPs.

#4.檢視虛IP地址192.168.20.28的MASTER為nginx-lb01節點
[root@nginx-lb01 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:33:71:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.19/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.28/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#5.檢視虛IP地址192.168.20.29的MASTER為nginx-lb02節點
[root@nginx-lb02 keepalived]# ip add show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:21:9d:5c brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.20/24 brd 192.168.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 192.168.20.29/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::52b0:737b:a3cb:c6a5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2.2.1 解決多組Keepalived伺服器在一個區域網的衝突問題

當在同一個區域網內部署了多組Keepalived伺服器對,而又未使用專門的心跳線通訊時,可能會發生高可用接管的嚴重故障問題。之前已經講解過Keepalived高可用功能是通過VRRP協議實現的,VRRP協議預設通過IP多播的形式實現高可用對之間的通訊,如果同一個區域網記憶體在多組Keepalived伺服器對,就會造成IP多播地址衝突問題,導致接管錯亂,不同組的Keepalived都會使用預設的224.0.0.18作為多播地址。此時的解決辦法是,在同組的Keepalived伺服器所有的配置檔案裡指定獨一無二的多播地址,配置如下:

global_defs {                   #全域性配置
router_id LVS_19                #服務標識
vrrp_mcast_group4 224.0.0.19   #這個就是指定多播地址的配置
}

#提示:

1)不同例項的通訊認證密碼也最好不同,以確保接管正常。

相關推薦

keepalived2- keepalived安裝配置

目錄1. keepalived安裝配置1.1 keepalived安裝環境1.2 keepalived日誌檔案1.3 keepalived配置檔案2. keepalived配置2.1 keepalived單示例配置2.1.1 keepalived節點配置檔案2.1.2 啟動keepalived服務2.1.3 keepaliv

容器網路如何安裝配置 Rex-Ray?【69】

如何安裝配置 Rex-Ray? Rex-Ray 是一個優秀的 Docker volume driver,本節將演示其安裝配置方法。

阿里雲伺服器ECSCentos8安裝配置python3.8

1.安裝依賴包: yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel libffi-devel

Git自學2-- Git安裝後首次配置與第一次使用GitGithub管理自己的程式碼超詳細純小白圖文教程

文章目錄 0、寫在前面:一、註冊Github1、註冊Github:2、登入3、建立倉庫 二、安裝Git三、配置(Git安裝好後首次使用需要配置完成後才可以使用1、開啟Git Bash2、顯示命令列介面:3、配置Git4、開啟GitH

NNU_從零開始瞭解一個WebGISVue + Spring2、資料庫安裝配置MySQL

資料庫:Mysql 5.5 1下載: 1進入MySql官網,選擇Downloads頁面。 2此處有幾種MySQL可以選擇:

javaSE學習筆記:類與物件2——成員變數成員方法

成員變數 成員變數是指在類中定義的變數,成員變數被分為類變數例項變數兩種,定義成員變數時沒有用static修飾的就是例項變數,用static修飾的就是類變數。

死亡筆記之2--vue-router安裝配置方式

vue-router是vue.js官方路由外掛,它vue.js是深度整合的,適合用於構建單頁面應用

Java基礎系列2- JDK安裝

一、JAVA_HOME、PATH、CLASSPATH詳解 1.1 JAVA_HOME 指向jdk安裝目錄,該目錄下有bin、lib目錄。Eclipse/NetBeans/Tomcat等軟體就是通過搜尋JAVA_HOME變數來找到並使用安裝好的jdk。

clickhouse mysql引擎_ClickHouse他的朋友們2MySQL ProtocolRead呼叫棧

技術標籤:clickhouse mysql引擎 原文出處:https://bohutang.me/2020/06/07/clickhouse-and-friends-mysql-protocol-read-stack/

python學習筆記2—— 資料型別變數

轉載自:廖雪峰個人網站 python學習筆記2—— 資料型別變數 1 Python基礎1.1 小結

keepalived1- keepalived叢集概述

目錄1. 高可用叢集概述2. keepalived概述2.1 keepalived介紹2.2 keepalived體系架構2.3 keepalived實現原理2.4 keepalived配置準備工作

RabbitMQ——RabbitMQ安裝使用

RabbitMQ安裝使用 RabbitMQ安裝 一、下載RabbitMQ安裝erlang語言環境 二、上傳到linux系統root目錄下的/opt目錄

NVIDIA Jetson Xavier NX入門2——開機設定遠端登入

1 開機設定 如果系統映象燒錄成功的話,插入SD卡後,NVIDIA Jetson Xavier NX就可以直接運行了。系統是定製的Ubuntu18.04,開機後同意協議,一直點選continue就可以了。語言建議選擇English,避免後期因為語言出現什

CentOS 7 下GeoServer 2.18.0 安裝配置

1、安裝之前要先確保Linux上已經安裝了Java JDK,如下圖所示: 2、在/usr/share目錄下建立geoserver目錄,如下圖所示:

尚矽谷Docker筆記2-- Docker安裝

一、前提說明 CentOS Docker安裝 Docker支援以下的CentOS版本: CentOS 7 (64-bit) CentOS 6.5 (64-bit)或更高的版本

【HTMl】筆記2--- 背景顏色背景圖片;圖片img標籤;超連結/熱連結;列表

通過超連結可以向伺服器傳送請求,瀏覽器向伺服器傳送資料請求:request;伺服器向瀏覽器傳送資料響應:response......

開源OA:手把手教你搭建OA辦公系統1伺服器安裝資料初始化

​  如何下載O2OA辦公系統的開原始碼?   O2OA辦公平臺以及其所有原始碼,都是可以免費獲取的,主要有以下兩種方式:

WPF備忘錄2WPF獲取設定滑鼠位置與progressbar的使用方法

一、WPF 中獲取設定滑鼠位置   方法一:WPF方法 Point p = Mouse.GetPosition(e.Source as FrameworkElement);

Pyqt5學習筆記1_安裝初步使用

PyQt5 1、PyQt5、Pyinstaller安裝配置 1.1安裝 #安裝pyqt5拓展工具的的包 pip install PyQt5 -i https://pypi.douban.com/simple

Cacti1.2.16最新版安裝配置Shell一鍵安裝

一、Cacati一鍵安裝指令碼介紹 如果你對系統操作不是很熟悉,剛開始安裝這種軟體可能會比較麻煩,手動安裝各個步驟一不小心經常出錯,但是出於為了熟悉環境,還是建議手動安裝一次兩次,這樣可以熟悉各個元件的安