zoukankan      html  css  js  c++  java
  • keepalive 实现浮动的VIP Alex

    Keepalived安装:
    keepalived包,CentOS 6.4+ Base源

    架构

     主LVS服务器地址:192.168.1.4

    备LVS服务器地址:192.168.1.8

    官方网站:http://www.keepalived.org/

    前提条件,LVS服务器时间同步,防火墙规则无影响,selinux禁用

    一、、基于key验证,(此步骤可以省略跳过)

      1、生成key验证(此步可以一直回车,也可以按提示输入具体信息)

    ssh-keygen 

      2、将key验证复制给另外一台LVS服务器

    ssh-copy-id 192.168.1.8

      3、在另外一台机器上生成key

    ssh-keygen 

      4、复制key给主LVS服务器

    ssh-copy-id 192.168.1.4

    此步也可以在一台服务器上生成key,然后将/root/.ssh/ 文件夹直接拷贝给其他服务器

    二、修改hosts 文件(用于访问中更省事,此步可跳过)

    vim /etc/hosts
    192.168.1.4 ka1
    192.168.1.8 ka2

    三、将修改的hosts文件拷贝给另外一台服务器

    scp /etc/hosts ka2:/etc/

    这里的ka2就是第二步中的192.168.1.8

    四、安装keepalive软件

    yum install keepalived -y

    五、进入keepalive主配置文件所在目录

    cd /etc/keepalived/

    六、备份主配置文件(以防修改错误导致原配置文件无法使用)

    cp keepalived.conf{,.bak}

    七、修改主配置文件(三大块,此步只保留前两大块)

    vim keepalived.conf

      1、由于本文只生成浮动VIP其他LVS规则相关的可以删除,(上面有备份不会有影响的),只保留以下的,其他的在命令模式输入dG直接删除到最后(dG是看不见的)

    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       smtp_server 192.168.200.1
       smtp_connect_timeout 30
       router_id LVS_DEVEL
       vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0
       vrrp_gna_interval 0
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface eth0
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.200.16
            192.168.200.17
            192.168.200.18
        }
    }
    

      2、修改全局配置 global_defs {

        1)、修改联系方式为本机

    修改前:

    notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }

    修改后:

    notification_email {
            root@localhost
       }

        2)、修改以keepalive的身份发送给本机

    修改前:

    notification_email_from Alexandre.Cassen@firewall.loc

    修改后:

    notification_email_from keepalived@localhost

        3)、修改发邮件的地址为本机

    修改前:

    smtp_server 192.168.200.1

    修改后:

    smtp_server 127.0.0.1

        4)、修改路由器的名称(每个路由,有自己的ID名称,用于区分不同的物理服务器,自定义)

    router_id LVS_DEVEL

    修改后:

    router_id ka1

        5)、这里的三行,暂时不用是,删除或#号注释掉

     vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0

        6)、修改多播地址(因为keepalive相互通信采用多播地址,多播地址由你自己决定,使用D类地址就行)(通过多播地址,向外发一些通告,如:优先级)(这行可以不写,不写默认是224.0.0.18)

    修改前:

     vrrp_gna_interval 0

    修改后:

    vrrp_mcast_group4 224.100.100.100

      3、修改虚拟路由器的信息

         1)、实例名,VI1 这里就不修改了

    vrrp_instance VI_1 {

        2)、修改角色(在这个实例中有多个角色,这里承当什么角色)

    state MASTER

        3)、接口(我这台服务器上没有eth0,只有ens33,会在这个上面绑定VIP地址)

    修改前:

     interface eth0 

    修改后:

    interface ens33

        4)、虚拟路由器是属于哪个路由器(多台服务器需要在同一个集合里,相同数字即可)

    修改前:

    virtual_router_id 51

    修改后

    virtual_router_id 88

        5)、优先级(优先级0-255,从节点的优先级必须比主节点的小)

    priority 100

        6)、公告的时间间隔(这里的1,表示1秒发一次公告)

     advert_int 1

        7)、公告的验证(密码相同才能加入到66这个集合中,明文密码,略微复杂即可,可以被抓包抓到)

    修改前:

     authentication {
            auth_type PASS
            auth_pass 1111
        }

    修改后:

       authentication {
            auth_type PASS
            auth_pass 123456
        }

    可以通过openssl rand -base64 9生成随机口令

        8)、VIP地址(可以多个地址,必须加子网掩码,不加默认32)

    修改前:

    virtual_ipaddress {
            192.168.200.16
            192.168.200.17
            192.168.200.18
        }

    修改后:绑定在物理网卡ens33上,添加个别名ens33:1(不加别名会增加块网卡)

    virtual_ipaddress {

        192.168.1.100/24 dev ens33 label ens33:1

      }   

        9)、将配置文件拷贝给远程服务器,

    scp keepalived.conf ka2:`pwd`

        10)、完整的主服务器keepalive.comf配置文件

    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            root@localhost
       }
       notification_email_from keepalived@localhost
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id ka1
       vrrp_mcast_group4 224.100.100.100
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 88
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 123456
        }
        virtual_ipaddress {
            192.168.1.100/24 dev ens33 label ens33:1
        }   
    }

        11)、完整的从服务器keepalive.comf配置文件

    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            root@localhost
       }
       notification_email_from keepalived@localhost
       smtp_server 127.0.0.1
       smtp_connect_timeout 30
       router_id ka2
       vrrp_mcast_group4 224.100.100.100
    }
    
    vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 88
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 123456
        }
        virtual_ipaddress {
            192.168.1.100/24 dev ens33 label ens33:1
        }
    }

    这里可以有多个虚拟路由器,在多个虚拟路由器中,一台服务器可以充当多个角色,如,在本机是主服务器,在其他服务器上是从,而在另外一台服务器上,对方是主,而我是从

      八、观察

      1、在其他服务器上安装抓包软件,在同一网段的服务器即可

    yum install tcpdump -y

      2、开始抓包,返回如下

    [00:42:23 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes

      3、开启优先级较低的服务器上的keepalive服务

    systemctl start keepalived

      4、查看抓包,192.168.1.8这台服务器对外宣传,自己拥有90的优先级,网络中目前没有人优先级比他高,所以他就拥有了VIP地址

    [00:42:23 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:44:59.571763 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:00.575048 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:01.578290 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:45:02.580599 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20

       5、查看IP地址,在192.168.1.8服务器上获取到了VIP地址

    ip a 
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:62:3f:c8 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.8/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet 192.168.1.100/24 scope global secondary ens33:1
           valid_lft forever preferred_lft forever
        inet6 fe80::5585:1cb1:8329:e534/64 scope link 
           valid_lft forever preferred_lft forever

      6、在优先级为100的主服务器上(IP为192.168.1.4)上开启keepalive服务

    systemctl start keepalived

       7、抓包查看

    [00:49:01 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:49:32.304796 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:49:33.307825 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20
    00:49:33.308035 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:49:34.308864 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20

    当网络中有优先级比他高的服务器,处于低优先级的服务器将会立马停止发送ARP公告

       8、此时查看主服务器(IP为192.168.1.4)的IP地址

    [00:49:33 root@ka1 ~]#ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:88:cd:f0 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.4/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet 192.168.1.100/24 scope global secondary ens33:1
           valid_lft forever preferred_lft forever
        inet6 fe80::82fc:253f:d442:8fa4/64 scope link 
           valid_lft forever preferred_lft forever

    优先级高的服务器会自动获取VIP地址,优先级低的IP会自动停止获取VIP地址

      8、查看优先级低的服务器的IP

    ip a 
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:62:3f:c8 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.8/24 brd 192.168.1.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet6 fe80::5585:1cb1:8329:e534/64 scope link 
           valid_lft forever preferred_lft forever

      9、将主服务器宕机,(关闭keepalive服务)

    systemctl stop keepalived

      10、抓包如下:

    [00:49:37 root@rs1 ~]#tcpdump -i ens33 -nn host 224.100.100.100
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:55:38.133342 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:55:50.171851 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 100, authtype simple, intvl 1s, length 20
    00:55:50.669535 IP 192.168.1.4 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 0, authtype simple, intvl 1s, length 20
    00:55:51.320149 IP 192.168.1.8 > 224.100.100.100: VRRPv2, Advertisement, vrid 88, prio 90, authtype simple, intvl 1s, length 20

    由于是主动停止keepalive服务,所以会对外发个0,主动宣城主服务器停止了,其他服务器可以获取VIP地址了,意外停止的不会发0,也来不及发0 

      11、其他主机ping VIP地址

    ping 192.168.1.100
    PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
    64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.668 ms
    64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.874 ms
    64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.153 ms
    64 bytes from 192.168.1.100: icmp_seq=4 ttl=64 time=0.588 ms
    64 bytes from 192.168.1.100: icmp_seq=5 ttl=64 time=1.11 ms
    From 192.168.1.4 icmp_seq=6 Redirect Host(New nexthop: 192.168.1.100)
    From 192.168.1.4: icmp_seq=6 Redirect Host(New nexthop: 192.168.1.100)
    64 bytes from 192.168.1.100: icmp_seq=6 ttl=64 time=780 ms
    64 bytes from 192.168.1.100: icmp_seq=7 ttl=64 time=0.156 ms
    64 bytes from 192.168.1.100: icmp_seq=8 ttl=64 time=0.182 ms
    64 bytes from 192.168.1.100: icmp_seq=9 ttl=64 time=0.273 ms
    ^C
    --- 192.168.1.100 ping statistics ---
    9 packets transmitted, 9 received, +1 errors, 0% packet loss, time 8017ms
    rtt min/avg/max/mdev = 0.153/87.151/780.351/245.083 ms

    测试下来会丢一点的包,不过不多

       九、其他配置

        1、跟踪接口

    在上面步骤中写的是

    interface ens33

    track_interface { #配置监控网络接口,一旦出现故障,则转为FAULT状态 实现地址转移
    eth0
    eth1

    }

    不定义,默认监控的就是ens33 ,定义了可以监控多个网卡,如果网卡出问题会自动释放IP

        2、定义工作模式为非抢占模式

    nopreempt

        3、定义工作模式为抢占式模式,节点上线后触发新选举操作的延迟时长,默认模式

    preempt_delay 300

     

  • 相关阅读:
    BZOJ5212 ZJOI2018历史(LCT)
    BZOJ5127 数据校验
    253. Meeting Rooms II
    311. Sparse Matrix Multiplication
    254. Factor Combinations
    250. Count Univalue Subtrees
    259. 3Sum Smaller
    156. Binary Tree Upside Down
    360. Sort Transformed Array
    348. Design Tic-Tac-Toe
  • 原文地址:https://www.cnblogs.com/alexlv/p/14810022.html
Copyright © 2011-2022 走看看