Linux基礎知識點（十二）

一、KeepAlived 單主和雙主配置

1. 主配置文件：/etc/keepalived/keepalived.conf
   主程序文件：/usr/sbin/keepalived
   Unit File：/usr/lib/systemd/system/keepalived.service
   Unit File的環境配置文件：/etc/sysconfig/keepalived
2. 配置文件組成部分
   TOP HIERACHY
   ?? ??? ?GLOBAL CONFIGURATION
   ?? ??? ??? ?Global definitions
   ?? ??? ??? ?Static routes/addresses
   ?? ??? ?VRRPD CONFIGURATION
   ?? ??? ??? ?VRRP synchronization group(s)：vrrp同步組
   ?? ??? ??? ?VRRP instance(s)：即一個vrrp虛擬路由器
   ?? ??? ?LVS CONFIGURATION
   ?? ??? ??? ?Virtual server group(s)
   ?? ??? ??? ?Virtual server(s)：ipvs集群的 vs 和 rs
3. 配置語法
   vrrp_instance <STGING> {
   ??? ??? ?….
   }
   專用參數：
   state MASTER|BACKUP：當前節點在此虛擬路由器上的初始狀態；只能有一個是 MASTER，余下的都應該為BACKUP
   interface IFACE_NAME：綁定為當前虛擬路由器使用的物理接口
   virtual_router_id VRID：當前虛擬路由器惟一標識，范圍是0-255
   priority 100：當前物理節點在此虛擬路由器中的優先級，范圍1-254
   advert_int 1：vrrp通告的時間間隔，默認1s
   authentication { ?? ?#認證機制
   ?? ??? ??? ?auth_type AH|PASS
   ?? ??? ??? ?auth_pass 僅前8位有效
   }
   virtual_ipaddress { #虛擬IP
   ?? ??? ?? ? <IPADDR>/<MASK>?brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
   ?? ??? ??? ?192.168.200.17/24 dev eth1
   ?? ??? ??? ?192.168.200.18/24 dev eth2 label eth2:1
   }
   track_interface { ?? ?#配置監控網絡接口，一旦出現故障，則轉為FAULT狀態
   ?? ??? ??? ?實現地址轉移
   ?? ??? ??? ?eth0
   ?? ??? ??? ?eth1
   ?? ??? ??? ?…
   }
4. nopreempt：定義工作模式為非搶占模式
   preempt_delay 300：搶占式模式，節點上線后觸發新選舉操作的延遲時長，默認模式
   定義通知腳本：
   notify_master <STRING>|<QUOTED-STRING>： 當前節點成為主節點時觸發的腳本 notify_backup <STRING>|<QUOTED-STRING>： 當前節點轉為備節點時觸發的腳本
   notify_fault <STRING>|<QUOTED-STRING>： 當前節點轉為“失敗”狀態時觸發的腳本
   notify <STRING>|<QUOTED-STRING>： 通用格式的通知觸發機制，一個腳本可完成以上三種狀態的轉換時的通知
5. 單主配置文件示例
   ! Configuration File for keepalived
   global_defs {
   ?? ??? ?notification_email {
   ?? ??? ??? ??? ?root@localhost
   ?? ??? ?}
   ?? ??? ?notification_email_from keepalived@localhost
   ?? ??? ?smtp_server 127.0.0.1 #?即本機，配不配都無所謂
   ?? ??? ?smtp_connect_timeout 30
   ?? ??? ?router_id node1 ?? ?#主機名，在另一結點為node2=============
   ?? ??? ?vrrp_mcast_group4 224.0.100.100? #?多播?IPV4，找個沒人用的
   }
   vrrp_instance VI_1 {
   ?? ??? ?state MASTER ?? ??? ?# 在另一個結點上為BACKUP=============
   ?? ??? ?interface eth0
   ?? ??? ?virtual_router_id 6 ?? ?#多個節點必須相同
   ?? ??? ?priority 100 ?? ??? ?#在另一個結點上為90===================
   ?? ??? ?advert_int 1 ?? ??? ?#通告間隔1s
   ?? ??? ?authentication {
   ?? ??? ??? ??? ?auth_type PASS ?? ??? ?#預共享密鑰認證
   ?? ??? ??? ??? ?auth_pass 571f97b2
   ?? ??? ?}
   ?? ??? ?virtual_ipaddress {
   ?? ??? ??? ??? ?172.18.100.66/16
   ?? ??? ?}
   }
   然后在另一臺上配置上類似的配置文件，====標注的為需要修改的
6. 雙主配置示例
   ! Configuration File for keepalived
   global_defs {
   ?? ??? ??? ?notification_email {
   ?? ??? ??? ??? ??? ?root@localhost
   ?? ??? ??? ?}
   ?? ??? ??? ?notification_email_from keepalived@localhost
   ?? ??? ??? ?smtp_server 127.0.0.1
   ?? ??? ??? ?smtp_connect_timeout 30
   ?? ??? ??? ?router_id node1? ? #?===================
   ?? ??? ??? ?vrrp_mcast_group4 224.0.100.100
   }
   vrrp_instance VI_1 {
   ?? ??? ??? ?state MASTER? ?#===================
   ?? ??? ??? ?interface eth0
   ?? ??? ??? ?virtual_router_id 6
   ?? ??? ??? ?priority 100? ?#===================
   ?? ??? ??? ?advert_int 1
   ?? ??? ??? ?authentication {
   ?? ??? ??? ??? ??? ?auth_type PASS
   ?? ??? ??? ??? ??? ?auth_pass 571f97b2
   ?? ??? ??? ?}
   ?? ??? ??? ?virtual_ipaddress {
   ?? ??? ??? ??? ??? ?172.16.0.10/16
   ?? ??? ??? ?}
   }
   vrrp_instance VI_2 {
   ?? ??? ??? ?state BACKUP? ?#===================
   ?? ??? ??? ?interface eth0
   ?? ??? ??? ?virtual_router_id 8
   ?? ??? ??? ?priority 80? ?#?===================
   ?? ??? ??? ?advert_int 1
   ?? ??? ??? ?authentication {
   ?? ??? ??? ??? ??? ?auth_type PASS
   ?? ??? ??? ??? ??? ?auth_pass 578f07b2
   ?? ??? ??? ?}
   ?? ??? ??? ?virtual_ipaddress {
   ?? ??? ??? ??? ??? ?172.16.0.11/16
   ?? ??? ??? ?}
   }
   然后在另一臺上配置上類似的配置文件，====標注的為需要修改的
7. 示例通知腳本
   #!/bin/bash
   contact=’root@localhost’
   notify() {
   ?? ??? ??? ?mailsubject=”$(hostname) to be $1, vip floating”
   ?? ??? ??? ?mailbody=”$(date +’%F %T’): vrrp transition, $(hostname) changed to be $1″
   ?? ??? ??? ?echo “$mailbody” | mail -s “$mailsubject” $contact
   }
   case $1 in
   master)
   ?? ??? ??? ?notify master
   ?? ??? ??? ?;;
   backup)
   ?? ??? ??? ?notify backup
   ?? ??? ??? ?;;
   fault)
   ?? ??? ??? ?notify fault
   ?? ??? ??? ?;;
   *)
   ?? ??? ??? ?echo “Usage: $(basename $0) {master|backup|fault}”
   ?? ??? ??? ?exit 1
   ?? ??? ??? ?;;
   esac
   腳本的調用方法：
   notify_master “/etc/keepalived/notify.sh master”
   notify_backup “/etc/keepalived/notify.sh backup”
   notify_fault “/etc/keepalived/notify.sh fault”

二、keepalived + lvs 實現配置

1. 先在兩臺 RS服務器 上執行?RS?的腳本
2. 常用參數
   delay_loop <INT>：檢查后端服務器的時間間隔
   lb_algo rr|wrr|lc|wlc|lblc|sh|dh：定義調度方法
   lb_kind NAT|DR|TUN：集群的類型
   persistence_timeout <INT>：持久連接時長
   protocol TCP：服務協議，僅支持TCP
   sorry_server <IPADDR> <PORT>：所有RS故障時，備用服務器地址
   real_server <IPADDR> <PORT> {
   ?? ??? ??? ?weight <INT>? ?#RS權重
   ?? ??? ??? ?notify_up <STRING> | <QUOTED-STRING>? ? ?#RS 上線通知腳本
   ?? ??? ??? ?notify_down?<STRING> | <QUOTED-STRING>? #RS?下線通知腳本
   ?? ??? ??? ?HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHECK { … }：# 定義當前主機的健康狀態檢測方法
   }
   HTTP_GET|SSL_GET：應用層檢測
   ?? ??? ??? ?HTTP_GET|SSL_GET {
   ?? ??? ??? ??? ??? ?url {
   ?? ??? ??? ??? ??? ??? ??? ?path <URL_PATH> ：定義要監控的URL
   ?? ??? ??? ??? ??? ??? ??? ?status_code <INT>：判斷上述檢測機制為健康狀態的響應碼
   ?? ??? ??? ??? ??? ??? ??? ?digest <STRING>：判斷為健康狀態的響應的內容的校驗碼
   ?? ??? ??? ??? ??? ?}
   ?? ??? ??? ?connect_timeout <INTEGER>：連接請求的超時時長
   ?? ??? ??? ?nb_get_retry <INT>：重試次數
   ?? ??? ??? ?delay_before_retry <INT>：重試之前的延遲時長
   ?? ??? ??? ?connect_ip <IP ADDRESS>：向當前RS哪個IP地址發起健康狀態檢測請求
   ?? ??? ??? ?connect_port <PORT>：向當前RS的哪個PORT發起健康狀態檢測請求
   ?? ??? ??? ?bindto <IP ADDRESS>：發出健康狀態檢測請求時使用的源地址
   ?? ??? ??? ?bind_port <PORT> ：發出健康狀態檢測請求時使用的源端口
   }
   TCP_CHECK {
   ?? ??? ??? ?connect_ip <IP ADDRESS>：向當前RS的哪個IP地址發起健康狀態檢測請求
   ?? ??? ??? ?connect_port <PORT>：向當前RS的哪個PORT發起健康狀態檢測請求
   ?? ??? ??? ?bindto <IP ADDRESS>：發出健康狀態檢測請求時使用的源地址
   ?? ??? ??? ?bind_port <PORT>：發出健康狀態檢測請求時使用的源端口
   ?? ??? ??? ?connect_timeout <INTEGER>：連接請求的超時時長
   }
3. 兩臺?VS?服務器上配置示例
   ! Configuration File for keepalived
   global_defs {
   ?? ??? ??? ?notification_email {
   ?? ??? ??? ??? ??? ?root@localhost
   ?? ??? ??? ?}
   ?? ??? ??? ?notification_email_from keepalived@localhost
   ?? ??? ??? ?smtp_server 127.0.0.1
   ?? ??? ??? ?smtp_connect_timeout 30
   ?? ??? ??? ?router_id node1? ? #?===================
   ?? ??? ??? ?vrrp_mcast_group4 224.0.100.100
   }
   vrrp_instance VI_1 {
   ?? ??? ??? ?state MASTER? ?#===================
   ?? ??? ??? ?interface eth0
   ?? ??? ??? ?virtual_router_id 6
   ?? ??? ??? ?priority 100? ?#===================
   ?? ??? ??? ?advert_int 1
   ?? ??? ??? ?authentication {
   ?? ??? ??? ??? ??? ?auth_type PASS
   ?? ??? ??? ??? ??? ?auth_pass 571f97b2
   ?? ??? ??? ?}
   ?? ??? ??? ?virtual_ipaddress {
   ?? ??? ??? ??? ??? ?172.16.0.10/16
   ?? ??? ??? ?}
   ?? ??? ???#? notify_master “/etc/keepalived/notify.sh master”
   ?? ??? ?? #? notify_backup “/etc/keepalived/notify.sh backup”
   ?? ??? ?? #??notify_fault “/etc/keepalived/notify.sh fault”
   }
   virtual_server?172.16.0.10 80 {
   ????delay_loop 6
   ????lb_algo rr
   ????lb_kind?DR
   ????protocol TCP
   ????sorry_server?172.16.0.10 80? #?記得把本機上的先配置好即可
   ????real_server 192.168.8.27 80 {
   ????????weight 1
   ????????HTTP_GET {
   ????????????url {
   ??????????????path /
   ? ? ? ? ? ? ? status_code 200
   ????????????}
   ????????????connect_timeout 3
   ????????????nb_get_retry 3
   ????????????delay_before_retry 3
   ????????}
   ????}
   ?? ?real_server 192.168.8.6 80 {
   ????????weight 1
   ????????HTTP_GET {
   ????????????url {
   ??????????????path /
   ? ? ? ? ? ? ? status_code 200
   ????????????}
   ????????????connect_timeout 3
   ????????????nb_get_retry 3
   ????????????delay_before_retry 3
   ????????}
   ????}
   }
   然后在另一臺上配置上類似的配置文件，====標注的為需要修改的