zoukankan      html  css  js  c++  java
  • keepalive 实现浮动的VIP Alex

    Keepalived安装:
    keepalived包,CentOS 6.4+ Base源

    架构

     主LVS服务器地址:192.168.1.4

    备LVS服务器地址:192.168.1.8

    官方网站:http://www.keepalived.org/

    前提条件,LVS服务器时间同步,防火墙规则无影响,selinux禁用

    一、、基于key验证,(此步骤可以省略跳过)

      1、生成key验证(此步可以一直回车,也可以按提示输入具体信息)

    ssh-keygen 

      2、将key验证复制给另外一台LVS服务器

    ssh-copy-id 192.168.1.8

      3、在另外一台机器上生成key

    ssh-keygen 

      4、复制key给主LVS服务器

    ssh-copy-id 192.168.1.4

    此步也可以在一台服务器上生成key,然后将/root/.ssh/ 文件夹直接拷贝给其他服务器

    二、修改hosts 文件(用于访问中更省事,此步可跳过)

    vim /etc/hosts
    192.168.1.4 ka1
    192.168.1.8 ka2

    三、将修改的hosts文件拷贝给另外一台服务器

    scp /etc/hosts ka2:/etc/

    这里的ka2就是第二步中的192.168.1.8

    四、安装keepalive软件

    yum install keepalived -y

    五、进入keepalive主配置文件所在目录

    cd /etc/keepalived/

    六、备份主配置文件(以防修改错误导致原配置文件无法使用)

    cp keepalived.conf{,.bak}

    七、修改主配置文件(三大块,此步只保留前两大块)

    vim keepalived.conf

      1、由于本文只生成浮动VIP其他LVS规则相关的可以删除,(上面有备份不会有影响的),只保留以下的,其他的在命令模式输入dG直接删除到最后(dG是看不见的)

    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       smtp_server 192.168.200.1
       smtp_connect_timeout 30
       router_id LVS_DEVEL
       vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0
       vrrp_gna_interval 0
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.200.16
            192.168.200.17
            192.168.200.18
        }
    }
    

      2、修改全局配置 global_defs {

        1)、修改联系方式为本机

    修改前:

    notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }

    修改后:

    notification_email {
            root@localhost
       }

        2)、修改以keepalive的身份发送给本机

    修改前:

    notification_email_from Alexandre.Cassen@firewall.loc

    修改后:

    notification_email_from keepalived@localhost

        3)、修改发邮件的地址为本机

    修改前:

    smtp_server 192.168.200.1

    修改后:

    smtp_server 127.0.0.1

        4)、修改路由器的名称(每个路由,有自己的ID名称,用于区分不同的物理服务器,自定义)

    router_id LVS_DEVEL

    修改后:

    router_id ka1

        5)、这里的三行,暂时不用是,删除或#号注释掉

     vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0

        6)、修改多播地址(因为keepalive相互通信采用多播地址,多播地址由你自己决定,使用D类地址就行)(通过多播地址,向外发一些通告,如:优先级)(这行可以不写,不写默认是224.0.0.18)

    修改前:

     vrrp_gna_interval 0

    修改后:

    vrrp_mcast_group4 224.100.100.100

      3、修改虚拟路由器的信息

         1)、实例名,VI1 这里就不修改了

    vrrp_instance VI_1 {

        2)、修改角色(在这个实例中有多个角色,这里承当什么角色)

    state MASTER

        3)、接口(我这台服务器上没有eth0,只有ens33,会在这个上面绑定VIP地址)

    修改前:

     interface eth0 

    修改后:

    interface ens33

        4)、虚拟路由器是属于哪个路由器(多台服务器需要在同一个集合里,相同数字即可)

    修改前:

    virtual_router_id 51

    修改后

    virtual_router_id 88

        5)、优先级(优先级0-255,从节点的优先级必须比主节点的小)

    priority 100

        6)、公告的时间间隔(这里的1,表示1秒发一次公告)

     advert_int 1

        7)、公告的验证(密码相同才能加入到66这个集合中,明文密码,略微复杂即可,可以被抓包抓到)

    修改前:

     authentication {
            auth_type PASS
            auth_pass 1111
        }

    修改后:

       authentication {
            auth_type PASS
            auth_pass 123456
        }

    可以通过openssl rand -base64 9生成随机口令

        8)、VIP地址(可以多个地址,必须加子网掩码,不加默认32)

    修改前:

    virtual_ipaddress {
            192.168.200.16
            192.168.200.17
            192.168.200.18
        }

    修改后:绑定在物理网卡ens33上,添加个别名ens33:1(不加别名会增加块网卡)

    virtual_ipaddress {

        192.168.1.100/24 dev ens33 label ens33:1

      }   

        9)、将配置文件拷贝给远程服务器,

    scp keepalived.conf ka2:`pwd`

        10)、完整的主服务器keepalive.comf配置文件

    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            root@localhost
       }
       notification_email_from keepalived@localhost
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id ka1
       vrrp_mcast_group4 224.100.100.100
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 88
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 123456
        }
        virtual_ipaddress {
            192.168.1.100/24 dev ens33 label ens33:1
        }   
    }

        11)、完整的从服务器keepalive.comf配置文件

    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            root@localhost
       }
       notification_email_from keepalived@localhost
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id ka2
       vrrp_mcast_group4 224.100.100.100
    }
    
    vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 88
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 123456
        }
        virtual_ipaddress {
            192.168.1.100/24 dev ens33 label ens33:1
        }
    }

    这里可以有多个虚拟路由器,在多个虚拟路由器中,一台服务器可以充当多个角色,如,在本机是主服务器,在其他服务器上是从,而在另外一台服务器上,对方是主,而我是从

      八、观察

      1、在其他服务器上安装抓包软件,在同一网段的服务器即可

    yum install tcpdump -y

      2、开始抓包,返回如下

    [00:42:23 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes

      3、开启优先级较低的服务器上的keepalive服务

    systemctl start keepalived

      4、查看抓包,192.168.1.8这台服务器对外宣传,自己拥有90的优先级,网络中目前没有人优先级比他高,所以他就拥有了VIP地址

    [00:42:23 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:44:59.571763 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:00.575048 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:01.578290 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:02.580599 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20

       5、查看IP地址,在192.168.1.8服务器上获取到了VIP地址

    ip a 
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:62:3f:c8 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.8/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet 192.168.1.100/24 scope global secondary ens33:1
           valid_lft forever preferred_lft forever
        inet6 fe80::5585:1cb1:8329:e534/64 scope link 
           valid_lft forever preferred_lft forever

      6、在优先级为100的主服务器上(IP为192.168.1.4)上开启keepalive服务

    systemctl start keepalived

       7、抓包查看

    [00:49:01 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:49:32.304796 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:49:33.307825 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:49:33.308035 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:49:34.308864 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20

    当网络中有优先级比他高的服务器,处于低优先级的服务器将会立马停止发送ARP公告

       8、此时查看主服务器(IP为192.168.1.4)的IP地址

    [00:49:33 root@ka1 ~]#ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:88:cd:f0 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.4/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet 192.168.1.100/24 scope global secondary ens33:1
           valid_lft forever preferred_lft forever
        inet6 fe80::82fc:253f:d442:8fa4/64 scope link 
           valid_lft forever preferred_lft forever

    优先级高的服务器会自动获取VIP地址,优先级低的IP会自动停止获取VIP地址

      8、查看优先级低的服务器的IP

    ip a 
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:62:3f:c8 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.8/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet6 fe80::5585:1cb1:8329:e534/64 scope link 
           valid_lft forever preferred_lft forever

      9、将主服务器宕机,(关闭keepalive服务)

    systemctl stop keepalived

      10、抓包如下:

    [00:49:37 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:55:38.133342 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:55:50.171851 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:55:50.669535 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 0, authtype simple, intvl 1s, length 20
    00:55:51.320149 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20

    由于是主动停止keepalive服务,所以会对外发个0,主动宣城主服务器停止了,其他服务器可以获取VIP地址了,意外停止的不会发0,也来不及发0 

      11、其他主机ping VIP地址

    ping 192.168.1.100
    PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
    64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.668 ms
    64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.874 ms
    64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.153 ms
    64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=0.588 ms
    64 bytes from 192.168.1.100: icmp_seq=5 ttl=64 time=1.11 ms
    From 192.168.1.4 icmp_seq=6 Redirect Host(New nexthop: 192.168.1.100)
    From 192.168.1.4: icmp_seq=6 Redirect Host(New nexthop: 192.168.1.100)
    64 bytes from 192.168.1.100: icmp_seq=6 ttl=64 time=780 ms
    64 bytes from 192.168.1.100: icmp_seq=7 ttl=64 time=0.156 ms
    64 bytes from 192.168.1.100: icmp_seq=8 ttl=64 time=0.182 ms
    64 bytes from 192.168.1.100: icmp_seq=9 ttl=64 time=0.273 ms
    ^C
    --- 192.168.1.100 ping statistics ---
    9 packets transmitted, 9 received, +1 errors, 0% packet loss, time 8017ms
    rtt min/avg/max/mdev = 0.153/87.151/780.351/245.083 ms

    测试下来会丢一点的包,不过不多

       九、其他配置

        1、跟踪接口

    在上面步骤中写的是

    interface ens33

    track_interface { #配置监控网络接口,一旦出现故障,则转为FAULT状态 实现地址转移
    eth0
    eth1

    }

    不定义,默认监控的就是ens33 ,定义了可以监控多个网卡,如果网卡出问题会自动释放IP

        2、定义工作模式为非抢占模式

    nopreempt

        3、定义工作模式为抢占式模式,节点上线后触发新选举操作的延迟时长,默认模式

    preempt_delay 300

     

  • 相关阅读:
    ps太卡
    vba 数字变为excel对应列的字母
    爬去网页离线数据
    vba 得到数字
    Sql Server generate table structure document
    Git
    windows凭据管理器
    修改注册表
    Software List
    1009 说反话
  • 原文地址:https://www.cnblogs.com/alexlv/p/14810022.html
Copyright © 2011-2022 走看看