keepalived相關配置示例(一)

配置前提：

(1) 各節點時間必須同步

(2) 確保iptables及selinux不會成為阻礙

(3) 各節點之間可通過主機名互相通信（對KA并非必須）

        建議使用/etc/hosts文件實現

(4) 確保各節點的用于集群服務的接口支持MULTICAST通信

單主配置實例：  node1為主     node2為從

node1

[root@node1 ~]#ntpdate 172.16.0.1  各節點時間必須同步
[root@node1 ~]#vim /etc/chrony.conf

[root@node1 ~]#systemctl restart chronyd.service
[root@node1 ~]#systemctl enable chronyd.service 開機啟動chronyd.service
[root@node1 ~]#vim /etc/hosts   各節點之間可通過主機名互相通信

[root@node1 ~]#ping node2
[root@node1 ~]#ip link set multicast on dev ens33    確保各節點的用于集群服務的接口支持MULTICAST通信
[root@node1 ~]#yum install keepalived -y
[root@node1 /etc/keepalived]#cp keepalived.conf{,.bak}
[root@node1 /etc/keepalived]#vim keepalived.conf

global_defs {
   notification_email {
        root@localhost  #設置報警郵件地址，可以設置多個，每行一個。需要開啟sendmail服務。
   }    
   notification_email_from keepalived@localhost #設置郵件的發送地址
   smtp_server 127.0.0.1    #設置SMTP Server地址
   smtp_connect_timeout 30  #設置SMTP Server的超時時間
   router_id node1   #表示運行Keepalived服務器的一個標識。發郵件時顯示大郵件主題中的信息
   vrrp_mcast_group4 224.1.101.33
}  
 
vrrp_instance VI_1 {    #vrrp 實例定義部分
    state MASTER    #指定Keepalived的角色，MASTER表示些主機是主服務器。BACKUP表示此主機是備用服務器
    interface ens33 #指定HA監測網絡的接口
    virtual_router_id 33 #虛擬路由標識，這個標識是一個數字，同一個vrrp實例使用唯一的標識，即同一個vrrp_instance下MASTER與BACKUP必須是一致的
    priority 100    #定義優先級，數字越大，優先級越高
    advert_int 1
    authentication {
        auth_type PASS  #設置驗證類型和密碼，MASTER和BACKUP必須使用相同的密碼才能正常通信
        auth_pass Nl9OliUQ  # openssl rand -base64 7  得出隨機八位數
    }   
    virtual_ipaddress { #設置虛擬IP地址，可以設置多個虛擬IP地址，每行一個
        172.16.0.99/16 dev ens33 label ens33:0
    }
}   
[root@node1 /etc/keepalived]#scp keepalived.conf node2:/etc/keepalived/ 傳到node2中
[root@node2 /etc/keepalived]#systemctl start keepalived.service 啟動時，由于優先級高于node2，所以node2關閉
[root@node2 /etc/keepalived]#systemctl status keepalived.service 查看日志

node2
[root@node2 ~]#ntpdate 172.16.0.1   各節點時間必須同步
[root@node2 ~]#vim /etc/chrony.conf

[root@node2 ~]#systemctl restart chronyd.service
[root@node2 ~]#systemctl enable chronyd.service 開機啟動chronyd.service
[root@node2 ~]#vim /etc/hosts   各節點之間可通過主機名互相通信

[root@node2 ~]#ping node1
[root@node2 ~]#ip link set multicast on dev ens33 確保各節點的用于集群服務的接口支持MULTICAST通信
[root@node2 ~]#yum install keepalived -y
[root@node2 /etc/keepalived]#vim keepalived.conf
global_defs {
   notification_email {
        root@localhost  #設置報警郵件地址，可以設置多個，每行一個。需要開啟sendmail服務。
   }    
   notification_email_from keepalived@localhost #設置郵件的發送地址
   smtp_server 127.0.0.1    #設置SMTP Server地址
   smtp_connect_timeout 30  #設置SMTP Server的超時時間
   router_id node2   #表示運行Keepalived服務器的一個標識。發郵件時顯示大郵件主題中的信息
   vrrp_mcast_group4 224.1.101.33
}  
 
vrrp_instance VI_1 {    #vrrp 實例定義部分
    state BACKUP    #指定Keepalived的角色，MASTER表示些主機是主服務器。BACKUP表示此主機是備用服務器
    interface ens33 #指定HA監測網絡的接口
    virtual_router_id 33 #虛擬路由標識，這個標識是一個數字，同一個vrrp實例使用唯一的標識，即同一個vrrp_instance下MASTER與BACKUP必須是一致的
    priority 80 #定義優先級，數字越大，優先級越高
    advert_int 1
    authentication {
        auth_type PASS  #設置驗證類型和密碼，MASTER和BACKUP必須使用相同的密碼才能正常通信
        auth_pass Nl9OliUQ  # openssl rand -base64 7  得出隨機八位數
    }   
    virtual_ipaddress { #設置虛擬IP地址，可以設置多個虛擬IP地址，每行一個
        172.16.0.99/16 dev ens33 label ens33:0
    }
}   
測試：
[root@node2 /etc/keepalived]#systemctl start keepalived.service
[root@node2 /etc/keepalived]#systemctl status keepalived.service 查看日志
[root@node2 /etc/keepalived]#tcpdump -i ens33 -nn host 224.1.101.33 node1開啟時
08:25:13.748659 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
[root@node2 /etc/keepalived]#tcpdump -i ens33 -nn host 224.1.101.33 node1關閉時
08:26:20.811002 IP 172.16.252.245 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 80, authtype simple, intvl 1s, length 20

雙主模型實例：

node1
[root@node1 /etc/keepalived]#vim keepalived.conf
vrrp_instance VI_1 {
    interface ens33
    authentication {
        auth_type PASS
        auth_pass NcxCHRPP
    }
    virtual_ipaddress {
        172.16.0.99/16 dev ens33
    }
}
 
vrrp_instance VI_2 {
    state BACKUP
    priority 90
    interface ens33
    virtual_router_id 34
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass AcxRHRQP
    }
    virtual_ipaddress {
        172.16.0.88/16 dev ens33
    }
}

node2
[root@node2 /etc/keepalived]#vim keepalived.conf
vrrp_instance VI_1 {
    state BACKUP
    priority 80
    interface ens33
    virtual_router_id 33
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass NcxCHRPP
    }   
    virtual_ipaddress {
        172.16.0.99/16 dev ens33
    }   
}   
 
vrrp_instance VI_2 {
    state MASTER
    priority 100
    interface ens33
    virtual_router_id 34
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass AcxRHRQP
    }   
    virtual_ipaddress {
        172.16.0.88/16 dev ens33
    }   
}   
測試：
[root@node1 /etc/keepalived]#systemctl stop keepalived.service
[root@node1 /etc/keepalived]#systemctl stop keepalived.service
[root@node1 /etc/keepalived]#systemctl start keepalived.service
[root@node2 /etc/keepalived]#systemctl start keepalived.service
[root@node2 ~]#tcpdump -i ens33 -nn host 224.1.101.33
09:07:18.318146 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
09:07:18.725960 IP 172.16.252.245 > 224.1.101.33: VRRPv2, Advertisement, vrid 34, prio 100, authtype simple, intvl 1s, length 20
09:07:19.319033 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
[root@node1 /etc/keepalived]#systemctl stop keepalived.service
09:09:58.514319 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
09:09:58.969318 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 34, prio 96, authtype simple, intvl 1s, length 20
09:09:59.515444 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 33, prio 100, authtype simple, intvl 1s, length 20
09:09:59.970398 IP 172.16.250.149 > 224.1.101.33: VRRPv2, Advertisement, vrid 34, prio 96, authtype simple, intvl 1s, length 20

通知腳本的使用方式:

[root@node1 /etc/keepalived]#vim notify.sh
#!/bin/bash
#
contact='root@localhost'
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
 
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
[root@node1 /etc/keepalived]#chmod +x notify.sh
[root@node1 /etc/keepalived]#bash -n notify.sh
[root@node1 /etc/keepalived]#bash -x notify.sh master 腳本調用
[root@node1 /etc/keepalived]#bash -x notify.sh backup 腳本調用
[root@node1 /etc/keepalived]#bash -x notify.sh fault 腳本調用
[root@node1 /etc/keepalived]#scp -p notify.sh node2:/etc/keepalived/ 保留權限復制到node2
[root@node1 /etc/keepalived]#cp keepalived.conf{,.dual}
[root@node1 /etc/keepalived]#vim keepalived.conf 將雙主模型刪除
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 33
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass r6SYByVN
    }
    virtual_ipaddress {
    172.16.0.99/16 dev ens33 lable ens33:0
    }
 
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}   
[root@node2 /etc/keepalived]#cp keepalived.conf{,.dual}
[root@node2 /etc/keepalived]#vim keepalived.conf 做node1同樣的操作