Keepalived基本设置及IPVS扩展
IP地址高可用
[root@node1 ~]# yum install keepalived -y (一般系统光盘就有)
[root@node2 ~]# yum install keepalived -y
[root@node1 ~]# rpm -q keepalived
keepalived-1.2.13-4.el6.x86_64
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@node1 keepalived]# vim keepalived.conf
global_defs {
notification_email {
root@node1.dragon.com (产生邮件时发邮件给谁)
root@node2.dragon.com (产生邮件时发邮件给谁)
}
notification_email_from kaadmin@dragon.com (发件人是谁)
smtp_server 127.0.0.1 (发件人IP地址)
smtp_connect_timeout 30 (超时时长)
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER (状态)
interface eth0 (网口)
virtual_router_id 101 (route_ID 0-255之间都可以)
priority 100 (优先级,优先级高的可成为主节点)
advert_int 1 (发通告的时间间隔)
authentication {
auth_type PASS (认证方式默认明文)
auth_pass 1111 (密钥,可以随意填写,只要两节点保持一致即可)
}
virtual_ipaddress { (使用的虚拟IP, 指定在哪个网卡上使用(可以省略))
172.16.18.51/16 dev eth0 label eth0:0
}
}
后面的内容暂时用不上。注释掉,配置Ipvs时使用。
:.,$s/^/# (vim小技巧:注释光标所在当前行后面的所有内容!)
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/ (把配置文件传给节点2一份)
[root@node1 keepalived]# date ;ssh node2 ‘date‘ (确保两台主机时间是一致的,如果不一致可以使用# ntpdate 172.16.0.1 命令同步时间,ntp服务器可以百度搜索)
[root@node2 ~]# cd /etc/keepalived/
[root@node2 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
state BACKUP (修改状态为备用)
interface eth0
virtual_router_id 101
priority 98 (修改优先级)
advert_int 1
authentication {
auth_type PASS
auth_pass qqadsdfsdfsdfsda
}
virtual_ipaddress {
172.16.18.51
}
}
[root@node2 keepalived]# service keepalived start
[root@node1 keepalived]# service keepalived start
[root@node1 keepalived]# tail/var/log/messages (日志文件路径)
[root@node1 keepalived]# ip addr show (查看虚拟IP是否启动,在node2查看是没有的,因为前面给其设置了备用节点)
2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 08:00:27:7e:05:55 brd ff:ff:ff:ff:ff:ff
inet 172.16.18.10/16 brd 172.16.255.255 scope global eth0
inet 172.16.18.51/32 scope global eth0
inet6 fe80::a00:27ff:fe7e:555/64 scope link
valid_lft forever preferred_lft forever
[root@node3 ~]# ping 172.16.18.51 (另找一台主机看是否能ping通)
PING 172.16.18.51 (172.16.18.51) 56(84)bytes of data.
64 bytes from172.16.18.51: icmp_seq=2 ttl=64 time=0.799 ms
[root@node1 keepalived]# service keepalivedstop (尝试关掉主节点keepalived服务,)
[root@node2 keepalived]# ip addr show (到node2查看IP信息,已经变成主节点)
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.18.51/32 scope global eth0
[root@node1 keepalived]# service keepalivedstart (node1启动keepalived服务,会立即抢回主节点)
[root@node1 keepalived]# ip addr show
inet 172.16.18.51/32 scope global eth0
[root@node1 keepalived]# vimkeepalived.conf
vrrp_scriptchk_maintance_down {
script "[[ -f /etc/keepalived/down]] && exit 1 || exit 0" (若此文件存在返回1,不存在返回0)
intervarl 1 (检查频率每秒一次)
weight -5 (若有down这个文件,则权重-5)
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass qqadsdfsdfsdfsda
}
virtual_ipaddress {
172.16.18.51/16 dev eth0 label eth0:0
}
track_script { (调用)
chk_maintance_down
}
}
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/ (把配置文件传给node2)
[root@node2 keepalived]# vim keepalived.conf (修改node2配置文件)
vrrp_instance VI_1 {
state BACKUP (备用节点)
interface eth0
virtual_router_id 101
priority 98 (优先级)
[root@node2 keepalived]# service keepalived restart
[root@node1 keepalived]# service keepalived restart
[root@node1 keepalived]# touch down (创建down测试,找到down权限,权重-5)
[root@node1 keepalived]# ip addr show (vip已经去到node2节点)
[root@node1 keepalived]# rm down (删除down文件在尝试)
[root@node1 keepalived]# ip addr show (检测成功,vip又传递回ode1节点)
定义邮件脚本:
[root@node1 keepalived]# vim notify.sh (创建一个脚本)
#!/bin/bash
# Author: MageEdu<linuxedu@foxmail.com>
# description: An exampleof notify script
#
vip=172.16.18.51
contact=‘root@localhost‘
notify() {
mailsubject="`hostname` to be $1: $vipfloating"
mailbody="`date ‘+%F %H:%M:%S‘`: vrrptransition, `hostname` changed to be $1"
echo $mailbody | mail -s"$mailsubject" $contact
}
case "$1" in
master)
notify master
/etc/rc.d/init.d/nginx restart (当运行脚本时参数为master时重启nginx服务)
exit 0
;;
backup)
notify backup
/etc/rc.d/init.d/nginx restop (当运行脚本时参数为backup时重启nginx服务)
exit 0
;;
fault)
notify fault
/etc/rc.d/init.d/nginx stop
exit 0
;;
*)
echo ‘Usage: `basename $0`{master|backup|fault}‘
exit 1
;;
esac
[root@node1 keepalived]# chmod +x notify.sh(添加执行权限)
[root@node1 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass qqadsdfsdfsdfsda
}
virtual_ipaddress {
172.16.18.51/16 dev eth0 label eth0:0
}
track_script {
chk_maintance_down
}
notify_master"/etc/keepalived/notify.sh master" (如果变成主节点就执行这条)
notify_backup"/etc/keepalived/notify.sh backup" (如果变成备用节点就执行这条)
notify_fault"/etc/keepalived/notify.sh fault" (如果变成主节点就执行这条)
}
[root@node1 keepalived]# scp -p keepalived.conf notify.sh node2:/etc/keepalived/ (把文件传给node2)
[root@node2 keepalived]# vim keepalived.conf (修改node2状态和优先级)
vrrp_instance VI_1 {
stateBACKUP
interface eth0
virtual_router_id 101
priority 98
[root@node1 keepalived]# service keepalived restart ;ssh node2 ‘service keepalived restart‘ (重启keepalived服务)
[root@node1 keepalived]# mail (node1和node2状态有变化时都可以收到邮件了!!)
[root@node1 keepalived]# touch down (再次生成down文件测试成为备用节点)
[root@node1 keepalived]# mail (再次查看邮件,自己已经变成备用节点了)
基于上面的配置,实现高可用的nginx服务器
[root@node1 ~]# rpm -ivh nginx-1.6.2-1.el6.ngx.x86_64.rpm
[root@node1 ~]# scp nginx-1.6.2-1.el6.ngx.x86_64.rpm node2:/root
[root@node2 ~]# rpm -ivh nginx-1.6.2-1.el6.ngx.x86_64.rpm
[root@node2 ~]# vim /usr/share/nginx/html/index.html (编辑页面测试使用)
<h1>NODE2.DRAGON tonginx!</h1>
[root@node1 ~]# vim /usr/share/nginx/html/index.html
<h1>NODE1.DRAGONWelcome to nginx!</h1>
[root@node1 ~]# service nginx start ;sshnode2 ‘service nginx start‘
使用浏览器访问http://172.16.18.51/ 这时候主节点还是node2;
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# rm down (删除down文件,抢回主节点)
再次使用浏览器访问http://172.16.18.51/ 这时候主节点已经变成node1;
写一个脚本监控nginx服务,通过脚本判断nginx服务是否启动,如果没有启动那么权重-5,如果启动,那么权重不变
[root@node1 keepalived]# vim keepalived.conf
vrrp_script chk_maintance_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit0"
intervarl 1
weight -5
}
vrrp_script chk_nginx {
script "killall -0 nginx" (检查nginx服务是否能杀死,killall -0表示仅测试,并不执行)
interval 1 (每秒检查一次)
weight -5 (如果不能杀死那么权重-5)
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass qqadsdfsdfsdfsda
}
virtual_ipaddress {
172.16.18.51/16 dev eth0 label eth0:0
}
track_script {
chk_maintance_down
chk_nginx (调用chk_nginx,前面写的)
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/ (传递给node2)
[root@node2 keepalived]# vim keepalived.conf (修改node2状态和优先级)
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 101
priority 98
[root@node1 keepalived]# service keepalived restart ;ssh node2 ‘service keepalived restart‘ (重启服务)
现在尝试停止nginx服务vip会自动跳转到另外的服务器上!!!
配置keepalived双主模型!
[root@node1 keepalived]# vim keepalived.conf (添加一个实例,并略做修改)
:.,46y (vim编辑器小技巧,复制光标所在当前行到四十六行)
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1igdfkg111
}
virtual_ipaddress {
172.16.18.51/16 dev eth0 label eth0:0
}
track_script {
chk_maintance_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 { (添加一个实例,名字修改一下)
state BACKUP (如果第一个实例这里是主节点,那第二个实例就是备用节点)
interface eth0
virtual_router_id 111 (路由ID记得修改,不能一样)
priority 98 (备用节点比主节点的优先级要低!)
advert_int 1
authentication {
auth_type PASS
auth_pass dDD1igdfkg111 (认证密钥可以修改,也可以不修改)
}
virtual_ipaddress {
172.16.18.52/16 dev eth0 label eth0:1 (vip记得修改,并且不使用同一个虚拟端口)
}
track_script { (后面的脚本仍然可以继续使用)
chk_maintance_down
chk_nginx
}
notify_master"/etc/keepalived/notify.sh master"
notify_backup"/etc/keepalived/notify.sh backup"
notify_fault"/etc/keepalived/notify.sh fault"
}
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/ (把配置文件传给node2节点)
[root@node2 keepalived]# vim keepalived.conf (在node2修改部分配置文件)
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 101
priority 98
……
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 111
priority 100
……
[root@node1 keepalived]# service keepalived restart ; ssh node2 ‘service keepalived restart‘ (重启两节点的keepalived服务)
[root@node1 keepalived]# rm down (记得把node1的down文件删除,如果有down文件的话那两个VIP都在node2节点)
在上面的基础上实现 Keepalived为IPVS提供高可用!
[root@node1 keepalived]# cp keepalived.conf keepalived.conf.2bak (再备份现有配置文件!)
[root@node1 keepalived]# vim keepalived.conf (只需要一个实例,先删除第二个实例,删除NGINX相关角本及调用)
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 101
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1igdfkg111
}
virtual_ipaddress {
172.16.18.53/32 brd 172.16.18.53 deveth0 label eth:0 (广播地址)
}
track_script {
chk_maintance_down
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
[root@node3 ~]# vim rs.sh (在node3编辑一个角本)
#!/bin/bash
#
vip=172.16.18.53
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 $vip broadcast $vipnetmask 255.255.255.255 up
route add -host $vip dev lo:0
;;
stop)
echo 0 >/proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 >/proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig lo:0 down
route del -host $vip dev lo:0
;;
Esac
(关于上面的角本一两句也说不清楚,下面是我百度关于arp_ignore和arp_ignore的内容)
arp_announce
默认为0
对网络接口上本地IP地址发出的ARP回应作出相应级别的限制:
确定不同程度的限制,宣布对来自本地源IP地址发出Arp请求的接口
0 - (默认) 在任意网络接口上的任何本地地址
1 -尽量避免不在该网络接口子网段的本地地址. 当发起ARP请求的源IP地址是被设置应该经由路由达到此网络接口的时候很有用.此时会检查来访IP是否为所有接口上的子网段内ip之一.如果改来访IP不属于各个网络接口上的子网段内,那么将采用级别2的方式来进行处理.
2 - 对查询目标使用最适当的本地地址.在此模式下将忽略这个IP数据包的源地址并尝试选择与能与该地址通信的本地地址.首要是选择所有的网络接口的子网中外出访问子网中包含该目标IP地址的本地地址. 如果没有合适的地址被发现,将选择当前的发送网络接口或其他的有可能接受到该ARP回应的网络接口来进行发送
all/ 和{interface}/ 下两者同时比较,取较大一个值生效.
arp_ignore
默认为0
定义对目标地址为本地IP的ARP询问不同的应答模式
0 - (默认值): 回应任何网络接口上对任何本地IP地址的arp查询请求(比如eth0=192.168.0.1/24,eth1=10.1.1.1/24,那么即使eth0收到来自10.1.1.2这样地址发起的对10.1.1.1的arp查询也会回应--而原本这个请求该是出现在eth1上,也该有eth1回应的)
1 - 只回答目标IP地址是来访网络接口本地地址的ARP查询请求(比如eth0=192.168.0.1/24,eth1=10.1.1.1/24,那么即使eth0收到来自10.1.1.2这样地址发起的对192.168.0.1的查询会回答,而对10.1.1.1的arp查询不会回应)
[root@node3 ~]# bash -n rs.sh (测试语法是否有误)
[root@node3 ~]# bash rs.sh start
[root@node3 ~]# ifconfig (可以看到lo:0的IP地址了)
lo:0 Link encap:Local Loopback
inet addr:172.16.18.53 Mask:255.255.255.255
[root@node3 ~]# service httpd start
[root@node3 ~]# vim /var/www/html/index.html
<h1>node3</h1>
[root@node1 keepalived]# vim keepalived.conf (在实例1后添加虚拟主机)
virtual_server172.16.18.53 80 { (虚拟服务器IP及端口)
delay_loop 6
lb_algo rr (负载均衡调度算法)
protocol TCP (使用协议)
lb_kind DR (负载均衡类型)
sorry_server 127.0.0.1 80 (错误就显示自已的nginx页面)
real_server 172.16.18.30 80 (提供页面的服务器IP)
weight 1 (权重)
HTTP_GET { (Http定义了与服务器交互的不同方法GET)
url {
path /
status_code 200
}
connect_timeout 2 (超时时间)
nb_get_retry 3 (重试次数)
delay_before_retry1 (表示每次连接重试的间隔,这里的间隔是1秒.)
}
}
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/
[root@node2 keepalived]# vim keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 101
priority 98
[root@node1 keepalived]# service keepalivedrestart ; ssh node2 ‘service keepalived restart‘
[root@node1 keepalived]# ip addr show
inet 172.16.18.53/32 brd 172.16.18.53 scope global eth:0
[root@node1 keepalived]# yum install -yipvsadm (安装IPVSADM)
[root@node2 keepalived]# yum install -y ipvsadm
[root@node1 keepalived]# touch down
[root@node2 keepalived]# ipvsadm -L –n (查看 )
IP Virtual Server version1.2.1 (size=4096)
Prot LocalAddress:PortScheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.18.53:80 rr
-> 172.16.18.30:80 Route 1 0 0
[root@node2 keepalived]# ipvsadm –C (删除规则)
[root@node1 keepalived]# rm down
现在访问http://172.16.18.53/ 会显示node3的页面;
关闭node3的httpd服务[root@node3 ~]# service httpd stop
再次访问,http://172.16.18.53/ 就会显示node1的页面!
[root@node1 keepalived]# touch down (创建DOWN文件,现在节点是node2)
再次访问,http://172.16.18.53/ 就会显示node2的页面!
[root@node3 ~]# service httpd start (启用httpd服务)
[root@node1 keepalived]# rm -f down (删除down文件)
原文:http://dragondragon.blog.51cto.com/6170889/1605164