基于keepalived實(shí)現(xiàn)高可用集群

HA Cluster的實(shí)現(xiàn)方案

vrrp協(xié)議的實(shí)現(xiàn):keepalived
VRRP協(xié)議的目的就是為了解決靜態(tài)路由單點(diǎn)故障問題荒适;VRRP通過競選(election)協(xié)議來動(dòng)態(tài)的將路由任務(wù)交給LAN中虛擬路由器中的某臺(tái)VRRP路由器。

vrrp協(xié)議

(Virtual Redundant Routing Protocol):虛擬冗余路由協(xié)議

vrrp中的術(shù)語
VR 虛擬路由器
VRID 虛擬路由器的標(biāo)識(shí)號(0-255)
Master(Active) 主路由器(活動(dòng)節(jié)點(diǎn))
Backup(Passive) 備份路由器(被動(dòng)節(jié)點(diǎn))
VIP 虛擬IP地址址遇;流動(dòng)(浮動(dòng))IP
VMAC VIP對應(yīng)的虛擬MAC地址(48位)戴涝;00-00-5E-00-01-{VRID}
優(yōu)先級 初始化過程中就決定了優(yōu)先級
gracious arp 免費(fèi)arp廣播
vrrp工作方式
  • 搶占式:如果 Backup 路由器工作在搶占方式下滋戳,當(dāng)它收到 VRRP 報(bào)文后會(huì)將自己的優(yōu)先級與通告報(bào)文中的優(yōu)先級進(jìn)行比較。如果自己的優(yōu)先級比當(dāng)前的 Master 路由器的優(yōu)先級高就會(huì)主動(dòng)搶占成為 Master 路由器否則將保持 Backup 狀態(tài)啥刻。
  • 非搶占式:如果 Backup 路由器工作在非搶占方式下則只要 Master 路由器沒有出現(xiàn)故障Backup 路由器即使隨后被配置了更高的優(yōu)先級也不會(huì)成為Master 路由器奸鸯。
vrrp認(rèn)證方式與工作模式

認(rèn)證方式

  • 無認(rèn)證
  • 簡單字符串認(rèn)證:預(yù)共享密鑰
  • md5認(rèn)證

工作模式

  • master-backup模式
  • master-master模式
vrrp工作原理
  • 一個(gè)VRRP路由器有唯一的標(biāo)識(shí):VRID,范圍為0-255可帽,該路由器對外表現(xiàn)為唯一的虛擬MAC地址娄涩,地址的格式為00-00-5E- 00-01-[VRID],主控路由器負(fù)責(zé)對ARP請求用該MAC地址應(yīng)答蘑拯,保證給終端設(shè)備的是唯一一致的IP和MAC地址钝满,減少了切換對終端設(shè)備的影響兜粘。

  • VRRP控制報(bào)文只有一種:
    VRRP通告(advertisement)使用IP多播數(shù)據(jù)包進(jìn)行封裝申窘,組地址為224.0.0.18,發(fā)布范圍只限于同一局域網(wǎng)內(nèi)孔轴。這保證了VRID在不同網(wǎng)絡(luò)中可以重復(fù)使用剃法。

  • 在VRRP路由器組中按優(yōu)先級選舉主控路由器

  • 為了保證VRRP協(xié)議的安全性,提供了兩種安全認(rèn)證措施:明文認(rèn)證和IP頭認(rèn)證

vrrp優(yōu)勢
  • 負(fù)載共享:允許來自LAN客戶端的流量由多個(gè)路由器設(shè)備所共享路鹰;
  • 多VRRP組:在一個(gè)路由器物理接口上可配置多達(dá)255個(gè)VRRP組贷洲;
  • 搶占:在master故障時(shí)允許優(yōu)先級更高的backup成為master;
  • 通告協(xié)議:使用IANA所指定的組播地址224.0.0.18進(jìn)行VRRP通告晋柱;
  • VRRP追蹤:基于接口狀態(tài)來改變其VRRP優(yōu)先級來確定最佳的VRRP路由器成為master优构;
  • 冗余:可以使用多個(gè)路由器設(shè)備作為LAN客戶端的默認(rèn)網(wǎng)關(guān),大大降低了默認(rèn)網(wǎng)關(guān)成為單點(diǎn)故障的可能性雁竞;
  • 多IP地址:基于接口別名在同一個(gè)物理接口上配置多個(gè)IP地址钦椭,從而支持在同一個(gè)物理接口上接入多個(gè)子網(wǎng)拧额;

keepalived

Keepalived是基于VRRP協(xié)議實(shí)現(xiàn)的保證集群高可用的一個(gè)服務(wù)軟件,運(yùn)行在LVS之上彪腔,它的主要功能是實(shí)現(xiàn)真機(jī)的故障隔離及負(fù)載均衡器間的失敗切換FailOver侥锦,可以防止單點(diǎn)故障。LVS結(jié)合keepalived德挣,就實(shí)現(xiàn)了3層恭垦、4層、5/7層交換的功能

ka能夠根據(jù)配置文件中定義自動(dòng)生成ipvs規(guī)則(增格嗅、刪)番挺,并能夠?qū)Ω鱎S的健康狀態(tài)進(jìn)行檢測;
支持vrrp_script接口屯掖,vrrp_track建芙;
通過編寫vrrp腳本,通過vrrp_track跟蹤各種服務(wù)懂扼;

keepalived組件
keepalived架構(gòu)
  • 控制面板(組件):配置文件分析器禁荸,內(nèi)存管理,IO復(fù)用

  • 核心組件:vrrp stack阀湿,checker赶熟,ipvs wrapper,watch dog陷嘴,smtp接口

只支持簡單字符串認(rèn)證

組件
vrrp stack 實(shí)現(xiàn)vrrp協(xié)議
smtp 發(fā)送通知郵件映砖;可在地址流動(dòng)時(shí)發(fā)郵件,還可根據(jù)checkers檢查后把宕機(jī)從從ipvs規(guī)則中移除灾挨,發(fā)出此郵件
checkers 檢測后端RS健康狀態(tài)邑退,可基于tcp、htp劳澄、ssl地技、misc檢測;發(fā)現(xiàn)宕機(jī)就從ipvs規(guī)則中移除
watchdog 實(shí)現(xiàn)監(jiān)控vrrp stack和checkers的健康
ipvs wrapper checkers通過調(diào)用該包裝器秒拔,來實(shí)現(xiàn)在ipvs中添加莫矗、刪除或修改規(guī)則
HA Cluster配置的前提:(各調(diào)度器)

(1)各節(jié)點(diǎn)時(shí)間同步
基于ntp協(xié)議同步,chrony(centos 7)

(2)確保iptables及selinux不會(huì)阻礙
心跳信息傳遞:3種方式

  • 單播
  • 廣播
  • 組播:最佳使用方式砂缩;組播地址:224.0.0.0-239.0.0.0

(3)各節(jié)點(diǎn)之間可通過主機(jī)名相互通信(對ka并非必須作谚,ka是無所謂的)
名稱解析服務(wù)的解析結(jié)果必須與“uname -n”命令的結(jié)果一致;
如果是主機(jī)名通信庵芭,dns解析名必須與真實(shí)主機(jī)名一致妹懒;

(4)各節(jié)點(diǎn)之間的root用戶可以基于密鑰認(rèn)證的sh通信,(對ka并非必須双吆,ka無所謂)

配置示例

準(zhǔn)備兩臺(tái)centos7主機(jī)眨唬,先做時(shí)間同步:

[root@node1 ~]# ntpdate 172.18.0.1

創(chuàng)建自動(dòng)計(jì)劃任務(wù)滔悉,向時(shí)間服務(wù)器每5分鐘同步一次時(shí)間

[root@node1 ~]# crontab -e
*/5 * * * * /usr/sbin/ntpdate 172.18.0.1 &> /dev/null

安裝keepalived并配置

[root@node1 ~]# yum -y install keepalived
...
Complete!
[root@node1 ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service
/usr/libexec/keepalived
/usr/sbin/keepalived
...
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# cp keepalived.conf{,.bak}
[root@node1 keepalived]# vim /etc/keepalived/keepalived.conf
:set nohlsearch 
:.,$s/^/#/g
#先只配置全局段和虛擬路由實(shí)例段,其它都注釋单绑;
global_defs {  #全局配置段
   notification_email {  #接收通告郵件的地址回官,收件人
     root@localhost 
   }
   notification_email_from kaadmin@magedu.com  #發(fā)件人
   vrrp_iptables #不自動(dòng)生產(chǎn)iptables規(guī)則
   smtp_server 127.0.0.1  #配置郵件服務(wù)器,要求能在互聯(lián)網(wǎng)上正反解析搂橙;
   smtp_connect_timeout 30  #郵件服務(wù)器的超時(shí)時(shí)長
   router_id node1  #定義當(dāng)前路由器設(shè)備的ID號歉提,一般為主機(jī)名;
   vrrp_mcast_group4  224.0.11.18  #組播地址区转,默認(rèn)為224.0.0.18苔巨,但是集群里的所有節(jié)點(diǎn)都有使用此地址;表示同一個(gè)組播域废离;
}

vrrp_instance VI_1 {  #虛擬路由器配置段侄泽,實(shí)例名稱為VI_1,也可自定義蜻韭;
    state MASTER  #當(dāng)前節(jié)點(diǎn)在此虛擬路由器中的初始狀態(tài)悼尾;表示為主節(jié)點(diǎn);取值為:MASTER|BACKUP肖方;
    interface eno16777736  #表示vrrp發(fā)送通告的接口闺魏;
    virtual_router_id 11  #虛擬路由器ID,范圍0-255俯画;
    priority 100  #當(dāng)前物理節(jié)點(diǎn)在此虛擬路由器中的優(yōu)先級析桥;
    advert_int 1  #表示vrrp的通告的時(shí)間間隔;為1秒艰垂;
    authentication {  #認(rèn)證方式
        auth_type PASS  #使用簡單密碼認(rèn)證
        auth_pass vHFHLlTA  #隨機(jī)隨機(jī)字符串泡仗,可使用openssl rand -base64 10生成,前8位字符有效猜憎;娩怎;
    }
    virtual_ipaddress {  #定義虛擬IP,不指明則為前面的interface指明的接口地址拉宗;
        172.18.11.66  #網(wǎng)卡別名地址峦树,可寫為172.18.11.66 dev eno16777736 label eno16777736:0
    }
}

配置文件復(fù)制到另一調(diào)度器172.18.11.121上

[root@node1 ~]# scp keepalived.conf root@172.18.11.121:/etc/keepalived

在172.18.11.121編輯該配置文件

[root@node2 ~]# vim /etc/keepalived/keepalived.conf
修改:
state BACKUP #修改為備用
priority 50 #修改小優(yōu)先級;
#密碼旦事、router_id、vrrp_mcast_group4要保存一致急灭;

在兩個(gè)調(diào)度器上開啟keepalived服務(wù)

[root@node1 ~]# systemctl start keepalived.service
[root@node2 ~]# systemctl start keepalived.service

分別查看兩個(gè)調(diào)度器姐浮,VIP地址是否自動(dòng)在主服務(wù)器的接口別名上:

[root@node1 ~]# ip addr l
[root@node2 ~]# ip addr l
[root@node1 ~]# tail /var/log/messages
[root@node2 ~]# tail /var/log/messages

手動(dòng)使172.18.11.111主用服務(wù)器停止keepalived服務(wù),再查看

[root@node1 ~]# ip addr l]# systemctl stop keepalived.service

用另一終端查看日志信息不退出

[root@centos7 ~]# tail -f /var/log/messages
顯示部分內(nèi)容:
May 10 05:25:01 localhost systemd: Stopping LVS and VRRP High Availability Monitor...
May 10 05:25:01 localhost Keepalived_vrrp[4258]: VRRP_Instance(VI_1) sending 0 priority 發(fā)送優(yōu)先級為0的報(bào)文葬馋;
May 10 05:25:01 localhost Keepalived_vrrp[4258]: VRRP_Instance(VI_1) removing protocol VIPs. 移除VIP的協(xié)議
May 10 05:25:01 localhost Keepalived_healthcheckers[4257]: Netlink reflector reports IP 172.18.11.66 removed 移除VIP
May 10 05:25:01 localhost systemd: Stopped LVS and VRRP High Availability Monitor

在另一調(diào)度器172.18.11.121上卖鲤,查看日志

[root@node2 ~]# tail  /var/log/messages
May  9 08:09:21 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Transition to MASTER STATE 稱為主用服務(wù)器
May  9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Entering MASTER STATE 確認(rèn)主用狀態(tài)
May  9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) setting protocol VIPs. 設(shè)置
May  9 08:09:22 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eno16777736 for 172.18.11.66 發(fā)送免費(fèi)ARP報(bào)文
May  9 08:09:22 localhost Keepalived_healthcheckers[3880]: Netlink reflector reports IP 172.18.11.66 added 獲得VIP地址
May  9 08:09:27 localhost Keepalived_vrrp[3881]: VRRP_Instance(VI_1) Sending gratuitous ARPs on eno16777736 for 172.18.11.66
May  9 08:10:01 localhost systemd: Started Session 58 of user root.
May  9 08:10:01 localhost systemd: Starting Session 58 of user root.
May  9 08:10:01 localhost systemd: Started Session 59 of user root.
May  9 08:10:01 localhost systemd: Starting Session 59 of user root.

再手動(dòng)使172.18.11.111主用服務(wù)器上線:

[root@node1 ~]# systemctl start keepalived.service
#默認(rèn)工作在搶占模式肾扰;優(yōu)先級高的會(huì)自動(dòng)成為主用服務(wù)器;

這就是keepalived自動(dòng)完成地址浮動(dòng)蛋逾;

修改兩個(gè)調(diào)度器的VIP別名:

[root@node1 ~]# vim /etc/keepalived/keepalived.conf
virtual_ipaddress{
172.18.11.66 dev eno16777736 label eno16777736:0
}

把兩個(gè)調(diào)度器停止keepalived服務(wù):
先啟動(dòng)優(yōu)先級低的服務(wù)器:172.18.11.121:

[root@node2 ~]# systemctl start keepalived.service

此時(shí)使用ifconfig命令集晚,engine查看網(wǎng)卡別名,已經(jīng)自動(dòng)加上了区匣;

再啟動(dòng)優(yōu)先級高的服務(wù)器:172.18.11.111:

[root@node1 ~]# systemctl start keepalived.service

vrrp有兩種工作模型:主/備偷拔,主/主
為了提高利用率,就使用主/主工作模型亏钩;
即A主B從莲绰,B主A從;這樣AB都能發(fā)揮作用姑丑;在外部都稱為主時(shí)蛤签,可在前端dns配置A記錄把兩個(gè)ip都配置在一個(gè)主機(jī)名上即可;
但在有些場景中栅哀,AB都稱為主時(shí)不是配置在同一網(wǎng)卡上的兩個(gè)不同的別名诵闭,而是分別配置在兩塊網(wǎng)卡上馏鹤;
AB每個(gè)主機(jī)都有兩塊網(wǎng)卡,一塊網(wǎng)卡面向外網(wǎng),一塊網(wǎng)卡面向內(nèi)網(wǎng)通信贸宏;期望通信時(shí),這兩個(gè)地址都是VIP驾凶,只不過铛碑,前面外網(wǎng)是虛擬路由器1,內(nèi)網(wǎng)是虛擬路由器2竞帽;
里面的別名配置在內(nèi)網(wǎng)網(wǎng)卡上扛施,外面的別名配置在外網(wǎng)網(wǎng)卡上;當(dāng)外網(wǎng)其中一個(gè)線路掉線時(shí)屹篓,可自動(dòng)切換到另一個(gè)外網(wǎng)網(wǎng)卡的服務(wù)器上疙渣,要求而也要內(nèi)網(wǎng)同樣要切換;要求內(nèi)外通信使用VIP堆巧,所以沒有必要切換的內(nèi)網(wǎng)也要切換妄荔;
這種把兩個(gè)虛擬路由器,配置為只能對一個(gè)設(shè)備是主服務(wù)器谍肤,同進(jìn)同退啦租,這種就叫做一個(gè)同步組;

安裝keepalived
  • Centos6.4+荒揣,程序包已經(jīng)在base源中提供篷角;

  • centos 7
    主配置文件:/etc/keepalived/keepalived.conf
    Unit file:/usr/lib/systemd/system/keepalived.service
    配置文件:/etc/sysconfig/keepalived

配置文件內(nèi)容塊:

GLOBAL CONFIGURATION 
#全局配置段,對所有vvrp實(shí)例虛擬服務(wù)器都是生效系任;
global_defs {
        ...
}

VRRPD CONFIGURATION  #虛擬路由器同步組配置段
      vrrp_sync_group VG_1 {
       ...
}

VRRP instance(s)  #虛擬路由器實(shí)例配置段
     vrrp_instance INST_NAME {
         ...
}

LVS CONFIGURATION  #集群配置段
        virtual_server_group <STRING> {  #虛擬服務(wù)器組配置段
         ...
}

Virtual server(s)  #虛擬服務(wù)器配置段
       virtual_server IP port |
       virtual_server fwmark int { #十進(jìn)制的整數(shù)恳蹲,(實(shí)際最終用的是十六進(jìn)制數(shù))
         protocol TCP  #注意:keepalived只支持tcp虐块;
        ...
real_server <IPADDR> <PORT>{  #真實(shí)后端服務(wù)器配置段
       ...
                                }
                            }
全局配置段示例
global_defs {
    notification_email {    #用于指定報(bào)警郵件發(fā)往的郵箱地址
        root@localhost
    }
    notification_email_from keepalived@localhost    #用于指定報(bào)警郵件的發(fā)件人
    smtp_server 127.0.0.1    #用于指定郵件服務(wù)器的地址
    smtp_connect_timeout 30    #用于指定郵件服務(wù)器的連接超時(shí)時(shí)長
    router_id node1    #路由器的標(biāo)識(shí)
    vrrp_mcast_group4 224.0.100.19    #用于設(shè)置vrrp的廣播地址,在同一個(gè)HA cluster中的機(jī)器嘉蕾,要確保其廣播地址一致才能接受到相應(yīng)的vrrp報(bào)文
    vrrp_strict    #執(zhí)行嚴(yán)格的vrrp協(xié)議檢查贺奠,某些情況下會(huì)禁止到vip的訪問。
}

Static routes/address/rules:用于配置keepalived中不會(huì)被VRRP移除的靜態(tài)地址错忱、路由或者規(guī)則儡率,一般不會(huì)使用。

VRRP相關(guān)配置段示例
vrrp_instance <STRING> {
    state MASTER|BACKUP    #用于指定此虛擬路由器在vrrp組的角色狀態(tài)
    interface eno16777736    #用于綁定當(dāng)前虛擬路由器所使用的物理接口
    virtual_router_id 14    #用于指定當(dāng)前虛擬路由器在vrrp組的唯一標(biāo)識(shí)id航背,范圍為0-255
    priority 100    #用于設(shè)置當(dāng)前虛擬路由器在vrrp組里面的優(yōu)先級喉悴,范圍為1-254;
    advert_int 1    #用于設(shè)置虛擬路由器發(fā)送vrrp通告的時(shí)間間隔
    nopreempt|preempt    #定義工作模式為非搶占或搶占模式玖媚;
    preempt_delay 300    #定義在搶占式模式下箕肃,節(jié)點(diǎn)上線后觸發(fā)新選舉操作的延遲時(shí)長;
    authentication {    #用于設(shè)置vrrp組協(xié)商的方式及密碼
        auth_type PASS    #定義認(rèn)證類型為簡單密碼認(rèn)證
        auth_pass 571f97b2    #定義密碼串今魔,最長不超過8個(gè)字符
    }
    virtual_ipaddress {    #用于指定需要在綁定的物理接口上添加的虛擬ip地址
        #<IPADDR>/<MASK> brd <IPADDR> dev <STRING> scope <SCOPE> label <LABEL>
        172.18.11.66/16 dev eno16777736
    }
    track_interface {    #配置需要監(jiān)控的網(wǎng)絡(luò)接口勺像,一旦接口出現(xiàn)故障,此虛擬路由器轉(zhuǎn)為FAULT狀態(tài)
      eth0
      eth1
      ...
     }
    track_script {    #用于調(diào)用在vrrp_script中定義的腳本错森,然后根據(jù)腳本的來進(jìn)行監(jiān)控調(diào)整
       <SCRIPT_NAME>
       <SCRIPT_NAME> weight <-254..254>
    }

    notify_master <STRING>|<QUOTED-STRING>    #當(dāng)前節(jié)點(diǎn)成為主節(jié)點(diǎn)時(shí)觸發(fā)的通知腳本吟宦;
    notify_backup <STRING>|<QUOTED-STRING>    #當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為備節(jié)點(diǎn)時(shí)觸發(fā)的通知腳本;
    notify_fault <STRING>|<QUOTED-STRING>    #當(dāng)前節(jié)點(diǎn)轉(zhuǎn)為“失敗”狀態(tài)時(shí)觸發(fā)的通知腳本涩维;
    notify_stop <STRING>|<QUOTED-STRING>     #當(dāng)前節(jié)點(diǎn)停止時(shí)所觸發(fā)的通知腳本
}

VRRP script(s):用于定義周期性執(zhí)行的腳本殃姓,可定義調(diào)用用于檢查相應(yīng)的服務(wù)或Ip的狀態(tài)的腳本。

vrrp_script <SCRIPT_NAME> {    #定義周期執(zhí)行的腳本瓦阐,此腳本的退出碼決定了當(dāng)前監(jiān)控的vrrp組的運(yùn)行狀態(tài)
    script <STRING>|<QUOTED-STRING>    #定義執(zhí)行腳本的存放路徑
    interval INT     #定義調(diào)用執(zhí)行腳本的周期蜗侈,默認(rèn)為1s。
    timeout <INTEGER>   # 腳本執(zhí)行超時(shí)時(shí)間睡蟋,腳本執(zhí)行超時(shí)后踏幻,則被認(rèn)為失敗
    rise <INTEGER>              # 定義腳本檢查成功多少次,才認(rèn)可當(dāng)前的狀態(tài)為正常
    fall <INTEGER>              #定義檢查失敗多少次戳杀,才認(rèn)為當(dāng)前狀態(tài)為失敗
}
LVS配置段示例

Virtual server(s):用于定義虛擬服務(wù)器的設(shè)置该面,虛擬服務(wù)器可以用Ip端口、fwmark或virtual server group來定義信卡。

virtual_server IP port | virtual_server fwmark <int>  |virtual_server group string

{
    delay_loop <INT>    #=服務(wù)輪詢的時(shí)間間隔隔缀;
    lb_algo rr|wrr|lc|wlc|lblc|sh|dh    #定義調(diào)度方法;
    lb_kind NAT|DR|TUN    #集群的類型坐求;
    persistence_timeout <INT>    #持久連接時(shí)長蚕泽;
    protocol TCP|UDP|SCTP    #服務(wù)協(xié)議;
    sorry_server <IPADDR> <PORT>    #備用服務(wù)器地址桥嗤;
    real_server <IPADDR> <PORT>{
        weight <INT>    #設(shè)置real server的權(quán)重
        notify_up <STRING>|<QUOTED-STRING>    #當(dāng)出現(xiàn)匹配字符串時(shí)须妻,就認(rèn)為服務(wù)是up的
        notify_down <STRING>|<QUOTED-STRING>    #當(dāng)出現(xiàn)匹配字符串時(shí),就認(rèn)為服務(wù)是down的
        HTTP_GET|SSL_GET {    #對real server作應(yīng)用層檢測
            url {
                path <URL_PATH>    #定義要監(jiān)控的URL泛领;
                status_code <INT>    #判斷上述檢測機(jī)制為健康狀態(tài)的響應(yīng)碼荒吏;
                digest <STRING>    #判斷上述檢測機(jī)制為健康狀態(tài)的響應(yīng)的內(nèi)容的校驗(yàn)碼;
            }
            nb_get_retry <INT>    #重試次數(shù)渊鞋;
            delay_before_retry <INT>    #重試之前的延遲時(shí)長绰更;
            connect_ip <IP ADDRESS>    #向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測請求
            connect_port <PORT>    #向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測請求
            bindto <IP ADDRESS>    #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源地址;
            bind_port <PORT>    #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源端口锡宋;
            connect_timeout <INTEGER>    #連接請求的超時(shí)時(shí)長儡湾;
        }
        
         TCP_CHECK {
            connect_ip <IP ADDRESS>    #向當(dāng)前RS的哪個(gè)IP地址發(fā)起健康狀態(tài)檢測請求
            connect_port <PORT>    #向當(dāng)前RS的哪個(gè)PORT發(fā)起健康狀態(tài)檢測請求
            bindto <IP ADDRESS>    #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源地址;
            bind_port <PORT>    #發(fā)出健康狀態(tài)檢測請求時(shí)使用的源端口执俩;
            connect_timeout <INTEGER>    #連接請求的超時(shí)時(shí)長徐钠;
        }
    }
}
高可用的ipvs集群
! Configuration File for keepalived

global_defs {
    notification_email {
        root@localhost
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id node1
    vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
    state MASTER
    interface eno16777736
    virtual_router_id 14
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 571f97b2
    }
    virtual_ipaddress {
        10.1.0.93/16 dev eno16777736
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault "/etc/keepalived/notify.sh fault"
}

virtual_server 10.1.0.93 80 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    protocol TCP

    sorry_server 127.0.0.1 80

    real_server 10.1.0.69 80 {
        weight 1
        HTTP_GET {
        url {
            path /
            status_code 200
        }
        connect_timeout 1
        nb_get_retry 3
        delay_before_retry 1
        }
    }
    real_server 10.1.0.71 80 {
        weight 1
        HTTP_GET {
        url {
            path /
            status_code 200
        }
        TCP_CHECK {
            nb_get_retry 3
            delay_before_retry 2
            connect_timeout 3
        }
    }
}
雙主模型

主機(jī)配置:

global_defs {
    notification_email {
        root@localhost
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id node1
    vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
    state MASTER
    interface eno16777736
    virtual_router_id 14
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 571f97b2
    }
    virtual_ipaddress {
        172.18.11.66/16 dev eno16777736
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eno16777736
    virtual_router_id 15
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 578f07b2
    }
    virtual_ipaddress {
        172.18.11.66/16 dev eno16777736
    }
}

備機(jī)配置:

global_defs {
    notification_email {
        root@localhost
    }
    notification_email_from keepalived@localhost
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id node2
    vrrp_mcast_group4 224.0.100.19
}

vrrp_instance VI_1 {
    state BACKUP
    interface eno16777736
    virtual_router_id 16
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 571f97b2
    }
    virtual_ipaddress {
        172.18.11.66/16 dev eno16777736
    }
}

vrrp_instance VI_2 {
    state MASTER
    interface eno16777736
    virtual_router_id 17
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 578f07b2
    }
    virtual_ipaddress {
        172.18.11.66/16 dev eno16777736
    }
}
通告腳本

可定義短信網(wǎng)關(guān)、微信網(wǎng)關(guān)役首、郵件服務(wù)器等方式發(fā)送尝丐;
此處,僅以本地郵件服務(wù)編寫腳本衡奥;

[root@node1 ~]# vim notify.sh
#!/bin/bash
#
contact='root@localhost'
 
notify(){
    mailsuject="$(hostname) to be $1:vip floating"
    mailbody="$(date +'%F %T'):vrrp transition,$(hostname) change to be $1"
    echo $mailbody |mail -s "$mailsubject" $contact
}
 
case $1 in
master)
    notify master
    ;;
backup)
    notify bakcup
    ;;
fault)
    notify fault
    ;;
*)
    echo "Usage :$(basename $0) {master|backup|fault}"
    ;;
esac
[root@node1 ~]# chmod +x notify.sh 
[root@node1 ~]# ./notify.sh master
[root@node1 ~]# mail
顯示:
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 root                  Tue May 10 05:55  18/682   ""
& 1 輸入1查看郵件1
部分內(nèi)容:
2016-05-10 05:55:33:vrrp transition,localhost.localdomain change to be master
exit 退出郵件

把通告腳本復(fù)制給另一調(diào)度器上

[root@node1 ~]# scp notify.sh root@172.18.11.121:/etc/keepalived

在兩個(gè)調(diào)度器上配置通告腳本

[root@node2 ~]# vim /etc/keepalived/keepalived.conf
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"

把兩個(gè)調(diào)度器停止keepalived服務(wù)器

[root@node1 ~]# systemctl stop keepalived.service
[root@node2 ~]# systemctl stop keepalived.service
[root@node1 ~]# mail
[root@node2 ~]# mail
刪除已有郵件爹袁,為后續(xù)清空環(huán)境;
d 1
d 2

再先后啟動(dòng)兩個(gè)調(diào)度器keepalived服務(wù)器
先啟動(dòng)優(yōu)先級低的備用調(diào)度器:

[root@node2 ~]# systemctl start keepalived.service
[root@node2 ~]# mail
顯示:剛啟動(dòng)發(fā)一個(gè)郵件為backup的矮固,因?yàn)橹挥幸粋€(gè)調(diào)度器失息,過一會(huì)又收到一個(gè)郵件成為master;

再啟動(dòng)優(yōu)先級高的調(diào)度器:

[root@node1 ~]# mail
則查看档址,顯示也收到2條郵件盹兢,均為master信息;

通告腳本示例:

#!/bin/bash
#
contact='root@localhost'
                 
notify(){
    mailsuject="$(hostname) to be $1:vip floating"
    mailbody="$(date +'%F %T'):vrrp transition,$(hostname) change to be $1"
    echo $mailbody |mail -s "$mailsubject" $contact
}
                 
case $1 in
master)
    notify master
    ;;
backup)
    notify bakcup
    ;;
fault)
    notify fault
    ;;
*)
    echo "Usage :$(basename $0) {master|backup|fault}"
    ;;
esac

調(diào)用方法:

vrrp_instanace <STRING>{
  ...
  notify_master "/etc/keepalived/notify.sh master"
  notify_backup "/etc/keepalived/notify.sh backup"
  notify_fault "/etc/keepalived/notify.sh fault"
}

注意:腳本路徑要使用雙引號辰晕;

示例:keepalived的主從架構(gòu)

搭建RS1和RS2
首先安裝nginx程序:

[root@RS1 ~]# yum install -y epel-release
[root@RS1 ~]# yum install -y nginx

然后編輯/etc/hosts文件:

[root@RS1 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2

隨后修改/usr/share/nginx/html/index.html 內(nèi)容為如下:

[root@RS1 ~]# vim /usr/share/nginx/html/index.html
<h1>This is RS1 192.168.0.83</h1>

啟動(dòng)nginx:

[root@RS1 ~]# systemctl start nginx

關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:

[root@RS1 ~]# systemctl stop firewalld
[root@RS1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@RS1 ~]# setenforce 0

接著在RS1上配置lvs-dr的配置蛤迎,首先創(chuàng)建rs腳本:

[root@RS1 ~]# vim RS.sh
#/bin/bash
vip=192.168.0.99
mask='255.255.255.255'

case $1 in
start)
        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

        ifconfig lo:0 $vip netmask $mask broadcast $vip up
        route add -host $vip dev lo:0
        ;;
stop)
        ifconfig lo:0 down
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
        ;;

*)
        echo "Usage $(basename $0) start|stop "
        exit 1
        ;;
esac

隨后執(zhí)行RS腳本:

[root@RS1 ~]# bash -x RS.sh start
+ vip=192.168.0.99
+ mask=255.255.255.255
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
+ ifconfig lo:0 192.168.0.99 netmask 255.255.255.255 broadcast 192.168.0.99 up
+ route add -host 192.168.0.99 dev lo:0

重復(fù)以上步驟并結(jié)合相應(yīng)的信息搭建RS2。

搭建DR1
首先yum安裝keepalived和ipvsadm程序包:

[root@DR1 ~]# yum install -y ipvsadm keepalived

然后編輯/etc/hosts文件:

[root@DR1 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2

隨后編輯/etc/keepalived/keepalived.conf文件:

global_defs {
   notification_email {
        root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id DR1 
   vrrp_mcast_group4 224.0.0.0.20
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state MASTER
    interface eno16777736
    virtual_router_id 1
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ^&IUYH*&
    }
    virtual_ipaddress { 
        192.168.0.99/24 dev eno16777736 label eno16777736:0
    }
}

virtual_server 192.168.0.99 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP
    
    real_server 192.168.0.83 80 {
        weight 1 
        HTTP_GET {
            url {
              path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }   
        real_server 192.168.0.84 80 {
                weight 1 
                HTTP_GET {
                        url {
                                path /index.html
                                status_code 200
                        }
                }
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
        }
}

啟動(dòng)keepalived含友,查看ipvsadm和接口的狀態(tài):

[root@DR1 ~]# systemctl start keepalived
[root@DR1 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.99:http rr
  -> 192.168.0.83:http            Route   1      1          4         
  -> 192.168.0.84:http            Route   1      1          80        
[root@DR1 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.81  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:fe21:59b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:21:59:b9  txqueuelen 1000  (Ethernet)
        RX packets 62277  bytes 72099132 (68.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21742  bytes 2744670 (2.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.99  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:21:59:b9  txqueuelen 1000  (Ethernet)

關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:

[root@DR1 ~]# systemctl stop firewalld
[root@DR1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR1 ~]# setenforce 0

搭建DR2
首先yum安裝keepalived和ipvsadm程序包:

[root@DR2 ~]# yum install -y ipvsadm keepalived

然后編輯/etc/hosts文件:

[root@DR2 ~]# vim /etc/hosts
192.168.0.81 DR1.ilinux.io DR1
192.168.0.87 DR2.ilinux.io DR2
192.168.0.83 RS1.ilinux.io RS1
192.168.0.84 RS2.ilinux.io RS2

隨后編輯/etc/keepalived/keepalived.conf文件:

global_defs {
   notification_email {
        root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id DR2
   vrrp_mcast_group4 224.0.0.0.20
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 1
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass ^&IUYH*&
    }
    virtual_ipaddress {
        192.168.0.99/24 dev ens33 label ens33:0
    }
}

virtual_server 192.168.0.99 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.0.83 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
        real_server 192.168.0.84 80 {
                weight 1
                HTTP_GET {
                        url {
                                path /index.html
                                status_code 200
                        }
                }
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
        }
}

最后啟動(dòng)keepalived并查看ipvsadm的狀態(tài):

[root@DR2 ~]# systemctl start keepalived
[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.99:80 rr
  -> 192.168.0.83:80              Route   1      0          0         
  -> 192.168.0.84:80              Route   1      0          0         
[root@DR2 ~]# ifconfig    #因?yàn)镈R2的角色為BACKUP替裆,因此不會(huì)創(chuàng)建Ip為192.168.0.99的子接口
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.87  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::5e4b:719d:3781:43a0  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::4c6e:8b7e:2dcd:665d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:a3:20  txqueuelen 1000  (Ethernet)
        RX packets 34041  bytes 27376635 (26.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14131  bytes 2169836 (2.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 101  bytes 8902 (8.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 101  bytes 8902 (8.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

關(guān)閉firewalld和修改selinux的狀態(tài)為permissive:

[root@DR2 ~]# systemctl stop firewalld
[root@DR2 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@DR2 ~]# setenforce 0

測試訪問
在客戶端上測試訪問vip所提供的服務(wù):

[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>

此時(shí)DR1為主機(jī),DR2為備機(jī)窘问,兩者都工作正常辆童,因此請求連接是由DR1來處理。
那么我們模擬DR1宕機(jī)惠赫,把DR1的服務(wù)停用后把鉴,再來觀察DR2的狀態(tài)和客戶端的訪問情況。
DR2的keepalived狀態(tài):

[root@DR2 ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-05-29 14:34:08 CST; 1h 29min ago
  Process: 11808 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 11809 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─11809 /usr/sbin/keepalived -D
           ├─11810 /usr/sbin/keepalived -D
           └─11811 /usr/sbin/keepalived -D

May 29 16:03:06 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) removing protocol VIPs.
May 29 16:03:47 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Transition to MASTER STATE
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Entering MASTER STATE
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) setting protocol VIPs.
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99
May 29 16:03:48 DR2 Keepalived_vrrp[11811]: Sending gratuitous ARP on ens33 for 192.168.0.99

DR2檢測到DR1的宕機(jī),主動(dòng)變成了MASTER狀態(tài)庭砍。
在客戶端的訪問情況:

[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>

此時(shí)DR1模擬為宕機(jī)狀態(tài)场晶,DR2為MASTER,客戶端的訪問不受影響怠缸。

示例:Keepalived的主主架構(gòu)

此處以上面主從架構(gòu)的拓?fù)錇槔幔瑢⒅鲝募軜?gòu)更改為主主架構(gòu),首先我們需更改DR1和DR2的keepalived的配置揭北,然后要在RS1和RS2上添加lvs-dr中與192.168.0.98虛擬IP相關(guān)的配置扳炬。

DR模式開啟ip轉(zhuǎn)發(fā)

[root@DR1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

修改DR1
編輯/etc/keepalived/keepalived.conf文件

[root@DR1 ~]# vim /etc/keepalived/keepalived.conf
#添加如下配置
vrrp_instance VI_2 {
    state BACKUP
    interface eno16777736
    virtual_router_id 2
    priority 98
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass POM123(*
    }
    virtual_ipaddress {
        192.168.0.98/24 dev eno16777736 label eno16777736:1
    }
}
#添加虛擬服務(wù)器組backend
virtual_server_group backend {
        192.168.0.99 80
        192.168.0.98 80
}

#修改虛擬服務(wù)器調(diào)用虛擬服務(wù)器組
virtual_server group backend {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.0.83 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
        real_server 192.168.0.84 80 {
                weight 1
                HTTP_GET {
                        url {
                                path /index.html
                                status_code 200
                        }
                }
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
        }
}

停用再啟動(dòng)keepalived:

[root@DR1 ~]# systemctl stop keepalived
[root@DR1 ~]# systemctl start keepalived

此時(shí)ipvsadm和接口的狀態(tài)為:

[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.98:80 rr
  -> 192.168.0.83:80              Route   1      0          0         
  -> 192.168.0.84:80              Route   1      0          0         
TCP  192.168.0.99:80 rr
  -> 192.168.0.83:80              Route   1      0          0         
  -> 192.168.0.84:80              Route   1      0          0           
[root@DR1 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.81  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:fe21:59b9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:21:59:b9  txqueuelen 1000  (Ethernet)
        RX packets 63844  bytes 72282542 (68.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23654  bytes 2934901 (2.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno16777736:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.99  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:21:59:b9  txqueuelen 1000  (Ethernet)

修改DR2
編輯/etc/keepalived/keepalived.conf文件:

[root@DR2 ~]# vim /etc/keepalived/keepalived.conf
#添加如下配置
vrrp_instance VI_2 {
    state MASTER
    interface ens33
    virtual_router_id 2
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass POM123(*
    }   
    virtual_ipaddress {
        192.168.0.98/24 dev ens33 label ens33:1
    }           
}
#添加虛擬服務(wù)器組backend
virtual_server_group backend {
        192.168.0.99 80
        192.168.0.98 80
}
#修改虛擬服務(wù)器調(diào)用虛擬服務(wù)器組
virtual_server group backend {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.0.83 80 {
        weight 1
        HTTP_GET {
            url {
              path /index.html
                status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
        real_server 192.168.0.84 80 {
                weight 1
                HTTP_GET {
                        url {
                                path /index.html
                                status_code 200
                        }
                }
                connect_timeout 3
                nb_get_retry 3
                delay_before_retry 3
        }
}

停用再啟動(dòng)keepalived:

[root@DR2 ~]# systemctl stop keepalived
[root@DR2 ~]# systemctl start keepalived

此時(shí)ipvsadm和接口的狀態(tài)為:

[root@DR2 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.98:80 rr
  -> 192.168.0.83:80              Route   1      0          0         
  -> 192.168.0.84:80              Route   1      0          0         
TCP  192.168.0.99:80 rr
  -> 192.168.0.83:80              Route   1      0          0         
  -> 192.168.0.84:80              Route   1      0          0         
[root@DR2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.87  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::5e4b:719d:3781:43a0  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::4c6e:8b7e:2dcd:665d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:26:a3:20  txqueuelen 1000  (Ethernet)
        RX packets 39989  bytes 28047325 (26.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20816  bytes 2894556 (2.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.98  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:26:a3:20  txqueuelen 1000  (Ethernet)

配置RS1和RS2
復(fù)制編輯RS腳本:

[root@RS1 ~]# cp RS.sh RS_new.sh
#/bin/bash

#修改vip為192.168.0.98
vip=192.168.0.98  
mask='255.255.255.255'

case $1 in
start)
        echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
    
        ifconfig lo:1 $vip netmask $mask broadcast $vip up    #修改接口為lo:1
        route add -host $vip dev lo:1  #修改接口為lo:1
        ;;
stop)
        ifconfig lo:1 down    #修改接口為lo:1
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
        echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
        echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
        ;;

*)
        echo "Usage $(basename $0) start|stop "
        exit 1
        ;;
esac

運(yùn)行腳本:

[root@RS1 ~]# bash -x RS_new.sh start
+ vip=192.168.0.98
+ mask=255.255.255.255
+ case $1 in
+ echo 1
+ echo 1
+ echo 2
+ echo 2
+ ifconfig lo:1 192.168.0.98 netmask 255.255.255.255 broadcast 192.168.0.98 up
+ route add -host 192.168.0.98 dev lo:1

在RS2 上也按照如上步驟執(zhí)行操作即可

測試訪問
此時(shí)在客戶端通過192.168.0.99和192.168.0.98均能訪問到后端RS所提供的web服務(wù):

[root@client ~]# for i in {1..10} ; do curl http://192.168.0.98; done
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
[root@client ~]# for i in {1..10} ; do curl http://192.168.0.99; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>

在客戶端上編輯/etc/hosts,添加域名解析到99和98:

[root@client ~]# vim /etc/hosts
192.168.0.99 www.ilinux.io
192.168.0.98 www.ilinux.io

此時(shí)通過域名解析能使得只要有99和98有一個(gè)正常工作搔体,客戶端均能正常訪問服務(wù)恨樟。

[root@client ~]# for i in {1..10} ; do curl http://www.ilinux.io; done
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>
<h1>This is RS2 192.168.0.84</h1>
<h1>This is RS1 192.168.0.83</h1>

參考文檔:http://www.reibang.com/p/eefa8afabb09

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末,一起剝皮案震驚了整個(gè)濱河市疚俱,隨后出現(xiàn)的幾起案子劝术,更是在濱河造成了極大的恐慌,老刑警劉巖计螺,帶你破解...
    沈念sama閱讀 211,561評論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件夯尽,死亡現(xiàn)場離奇詭異,居然都是意外死亡登馒,警方通過查閱死者的電腦和手機(jī)匙握,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,218評論 3 385
  • 文/潘曉璐 我一進(jìn)店門,熙熙樓的掌柜王于貴愁眉苦臉地迎上來陈轿,“玉大人圈纺,你說我怎么就攤上這事÷笊洌” “怎么了蛾娶?”我有些...
    開封第一講書人閱讀 157,162評論 0 348
  • 文/不壞的土叔 我叫張陵,是天一觀的道長潜秋。 經(jīng)常有香客問我蛔琅,道長,這世上最難降的妖魔是什么峻呛? 我笑而不...
    開封第一講書人閱讀 56,470評論 1 283
  • 正文 為了忘掉前任罗售,我火速辦了婚禮,結(jié)果婚禮上钩述,老公的妹妹穿的比我還像新娘寨躁。我一直安慰自己,他們只是感情好牙勘,可當(dāng)我...
    茶點(diǎn)故事閱讀 65,550評論 6 385
  • 文/花漫 我一把揭開白布职恳。 她就那樣靜靜地躺著,像睡著了一般。 火紅的嫁衣襯著肌膚如雪放钦。 梳的紋絲不亂的頭發(fā)上色徘,一...
    開封第一講書人閱讀 49,806評論 1 290
  • 那天,我揣著相機(jī)與錄音最筒,去河邊找鬼贺氓。 笑死蔚叨,一個(gè)胖子當(dāng)著我的面吹牛床蜘,可吹牛的內(nèi)容都是我干的。 我是一名探鬼主播蔑水,決...
    沈念sama閱讀 38,951評論 3 407
  • 文/蒼蘭香墨 我猛地睜開眼邢锯,長吁一口氣:“原來是場噩夢啊……” “哼!你這毒婦竟也來了搀别?” 一聲冷哼從身側(cè)響起丹擎,我...
    開封第一講書人閱讀 37,712評論 0 266
  • 序言:老撾萬榮一對情侶失蹤,失蹤者是張志新(化名)和其女友劉穎歇父,沒想到半個(gè)月后蒂培,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體,經(jīng)...
    沈念sama閱讀 44,166評論 1 303
  • 正文 獨(dú)居荒郊野嶺守林人離奇死亡榜苫,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 36,510評論 2 327
  • 正文 我和宋清朗相戀三年护戳,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片垂睬。...
    茶點(diǎn)故事閱讀 38,643評論 1 340
  • 序言:一個(gè)原本活蹦亂跳的男人離奇死亡媳荒,死狀恐怖,靈堂內(nèi)的尸體忽然破棺而出驹饺,到底是詐尸還是另有隱情钳枕,我是刑警寧澤,帶...
    沈念sama閱讀 34,306評論 4 330
  • 正文 年R本政府宣布赏壹,位于F島的核電站鱼炒,受9級特大地震影響,放射性物質(zhì)發(fā)生泄漏蝌借。R本人自食惡果不足惜昔瞧,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 39,930評論 3 313
  • 文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望骨望。 院中可真熱鬧硬爆,春花似錦、人聲如沸擎鸠。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,745評論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽。三九已至袜蚕,卻和暖如春糟把,著一層夾襖步出監(jiān)牢的瞬間,已是汗流浹背牲剃。 一陣腳步聲響...
    開封第一講書人閱讀 31,983評論 1 266
  • 我被黑心中介騙來泰國打工遣疯, 沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留,地道東北人凿傅。 一個(gè)月前我還...
    沈念sama閱讀 46,351評論 2 360
  • 正文 我出身青樓缠犀,卻偏偏與公主長得像,于是被迫代替她去往敵國和親聪舒。 傳聞我的和親對象是個(gè)殘疾皇子辨液,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 43,509評論 2 348