keepalived高可用lvs集群

實驗拓撲

keepalived高可用配置

HA01和HA02的keepalived安裝及配置（安裝及配置均相同）

~]# yum -y install keepalived

HA01和HA02做時間同步，crontab中添加時間同步腳本

~]# date; ssh 192.168.150.140 'date' 此命令可以同時查看兩臺時間快速進行比較

~]# crontab -l 添加對時服務

*/5 * * * * /sbin/ntpdate 10.53.1.9 &>/dev/null

確認防火墻規則及selinux

~]# iptables -vnL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

~]# getenforce

Disabled

keepalived的整個安裝包

~]# rpm -ql keepalived 配置文件，服務啟動模塊，執行文件，說明

/etc/keepalived

/etc/keepalived/keepalived.conf

/etc/sysconfig/keepalived

/usr/bin/genhash

/usr/lib/systemd/system/keepalived.service

/usr/libexec/keepalived

/usr/sbin/keepalived

/usr/share/doc/keepalived-1.2.13

/usr/share/doc/keepalived-1.2.13/AUTHOR

/usr/share/doc/keepalived-1.2.13/CONTRIBUTORS

/usr/share/doc/keepalived-1.2.13/COPYING

/usr/share/doc/keepalived-1.2.13/ChangeLog

/usr/share/doc/keepalived-1.2.13/NOTE_vrrp_vmac.txt

/usr/share/doc/keepalived-1.2.13/README

/usr/share/doc/keepalived-1.2.13/TODO

/usr/share/doc/keepalived-1.2.13/VERSION

/usr/share/doc/keepalived-1.2.13/keepalived.conf.SYNOPSIS

/usr/share/doc/keepalived-1.2.13/samples

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.HTTP_GET.port

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.IPv6

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SMTP_CHECK

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SSL_GET

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.fwmark

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.inhibit

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check_arg

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.quorum

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.sample

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.status_code

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.track_interface

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtual_server_group

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtualhost

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.localcheck

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.lvs_syncd

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.routes

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.scripts

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.static_ipaddress

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.sync

/usr/share/doc/keepalived-1.2.13/samples/sample.misccheck.smbcheck.sh

/usr/share/man/man1/genhash.1.gz

/usr/share/man/man5/keepalived.conf.5.gz

/usr/share/man/man8/keepalived.8.gz

/usr/share/snmp/mibs/KEEPALIVED-MIB.txt

keepalived.config配置

~]# cd /etc/keepalived/

keepalived]# ls

keepalived.conf

keepalived]# cp keepalived.conf{,.bak}

! Configuration File or keepalived

global_defs {

notification_email {

root@localhost

}

notification_email_from kaadmin@void.com

smtp_server 127.0.0.1 指定郵件網關

smtp_connect_timeout 30

router_id node1

vrrp_mcast_group4 224.0.0.18

}

vrrp_instance VI_1 { 配置vrrp

state MASTER

interface eno33554976

virtual_router_id 51

priority 100

advert_int 1

authentication {

auth_type PASS

auth_pass Iyd4q2Yg 生成一個隨機數進行密碼設置，兩邊設置一樣，長度為8位

加密時產生隨機密碼

~]# openssl rand -base64 10

}

virtual_ipaddress {

192.168.150.131 dev eno33554976 label eno33554976:0

}

notify_master "/etc/keepalived/notify.sh master" vrrp健康檢查腳本

notify_backup "/etc/keepalived/notify.sh backup"

notify_fault "/etc/keepalived/notify.sh fault"

}

virtual_server 192.168.150.131 80 { LVS配置

delay_loop 6

lb_algo rr

lb_kind DR

protocol TCP

sorry_server 127.0.0.1 80 sorry_sever指向本機

real_server 192.168.150.138 80 { real server指定

weight 1

HTTP_GET {

url {

path /

status_code 200

}

connect_timeout 3

nb_get_retry 3

delay_before_retry 3

}

}

real_server 192.168.150.139 80 {

weight 2

HTTP_GET {

url {

path /

status_code 200

}

connect_timeout 3

nb_get_retry 3

delay_before_retry 3

}

}

}

健康檢查腳本

keepalived]# cat notify.sh

#!/bin/bash

#

contact='root@localhost'

notify() {

mailsubject="$(hostname) to be $1: vip floating"

mailbody="$(date +'%F %T'):vrrp transation,$(hostname) change to be $1"

echo $mailbody | mail -s "$mailsubject" $contact

}

case $1 in

master)

notify master

;;

backup)

notify backup

;;

fault)

notify fault

;;

*)

echo "Usage: $(basename $0) {master|backup|fault}"

;;

esac

安裝httpd服務,并開啟，創建一個簡單的saysorry頁面

~]# yum -y install httpd

~]# cat /var/www/html/index.html

<h1>sorry server1</h1>

~]# systemctl start httpd.service

~]# ss -tnl

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 128 *:22 *:*

LISTEN 0 100 127.0.0.1:25 *:*

LISTEN 0 128 :::80 :::*

LISTEN 0 128 :::22 :::*

LISTEN 0 100 ::1:25 :::*

將相關配置一并copy至HA02的對應目錄，配合當中state改為BACKUP，優先級改為98

keepalived]# scp keepalived.conf 192.168.150.140:/etc/keepalived/

root@192.168.150.140's password:

keepalived.conf 100% 1299 1.3KB/s 00:00

兩臺開啟keepalived配置

keepalived]# systemctl start keepalived.service

keepalived]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)

RX packets 37718 bytes 18787553 (17.9 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 47265 bytes 21013002 (20.0 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0

ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 35 bytes 3063 (2.9 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 35 bytes 3063 (2.9 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

DR模式的LVS集群，RS之前已經有配置，拿來使用即可

實驗測試：

HA01宕機后HA02可以正常接管

模擬HA01宕機

keepalived]# systemctl stop keepalived.service

此時客戶端訪問無任何影響

~]# curl http://192.168.150.131

<h1>RS2</h1>

~]# curl http://192.168.150.131

<h1>RS1</h1>

HA01上的狀態，serviceIP已經漂移至HA02上

[root@localhost keepalived]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)

RX packets 46766 bytes 19985732 (19.0 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 62940 bytes 22209972 (21.1 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 271 bytes 21439 (20.9 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 271 bytes 21439 (20.9 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

此時HA02上狀態 service已經至此服務器上

~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.140 netmask 255.255.255.0 broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe85:df69 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)

RX packets 48744 bytes 19388076 (18.4 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 21722 bytes 1924405 (1.8 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0

ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 222 bytes 15909 (15.5 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 222 bytes 15909 (15.5 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 192.168.150.138:80 Route 1 0 0

-> 192.168.150.139:80 Route 2 0 0

查看監控檢查郵件預警機制正常

~]# mail

Heirloom Mail version 12.5 7/5/10. Type ? for help.

"/var/spool/mail/root": 20 messages 20 new

>N 1 root Fri Dec 2 18:54 18/730 "localhost.localdomain to be backup: vip floating"

HA01恢復正常后服務恢復至HA01

~]# systemctl start keepalived.service 模擬HA01正?；謴?/p>
HA01狀態

~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.137 netmask 255.255.255.0 broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe87:41fd prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)

RX packets 46963 bytes 20002522 (19.0 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 63078 bytes 22223988 (21.1 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eno33554976:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.131 netmask 255.255.255.255 broadcast 0.0.0.0

ether 00:0c:29:87:41:fd txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 273 bytes 21543 (21.0 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 273 bytes 21543 (21.0 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

~]# mail

Heirloom Mail version 12.5 7/5/10. Type ? for help.

"/var/spool/mail/root": 13 messages 13 new

>N 1 root Fri Dec 2 18:55 18/730

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 192.168.150.138:80 Route 1 0 0

-> 192.168.150.139:80 Route 2 0 0

客戶端無任何影響

HA02狀態

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 192.168.150.138:80 Route 1 0 0

-> 192.168.150.139:80 Route 2 0 0

您在 /var/spool/mail/root 中有新郵件

~]# ifconfig

eno33554976: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.150.140 netmask 255.255.255.0 broadcast 192.168.150.255

inet6 fe80::20c:29ff:fe85:df69 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:85:df:69 txqueuelen 1000 (Ethernet)

RX packets 49491 bytes 19470170 (18.5 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 22457 bytes 1988047 (1.8 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 0 (Local Loopback)

RX packets 224 bytes 16015 (15.6 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 224 bytes 16015 (15.6 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

RS單臺宕機HA的狀態

~]# systemctl stop httpd.service RS2模擬宕機

客戶端訪問，只能訪問其余一臺

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

HA01狀態 RS主機只剩一臺

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 192.168.150.138:80 Route 1 0 5

HA02狀態

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 192.168.150.138:80 Route 1 0 0

RS宕機后 sorry_server是否可行

~]# systemctl stop httpd.service RS模擬宕機

客戶端訪問已指向sorry_server，HA主機http服務

~]# curl http://192.168.150.131

<h1>sorry server1</h1>

此時HA01狀態

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 127.0.0.1:80 Route 1 0 3

HA02狀態

~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.150.131:80 rr

-> 127.0.0.1:80 Route 1 0 0

RS恢復后是否可正?；謴退袪顟B

~]# systemctl start httpd.service RS恢復

客戶端請求全部恢復正常

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS2</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS1</h1>

[root@localhost ~]# curl http://192.168.150.131

<h1>RS2</h1>