背景:keepalived默认是组播地址进行播放,且默认地址是224.0.0.18,如果配置多个keepalived主机,会导致虚拟IP地址存在冲突问题,这种问题怎么解决呢?
解决办法:就是将keepalived主机的多播地址修改为单播地址,绑定固定IP地址,避免在多播模式下,通过VRRP进行广播地址,造成IP地址地址冲突。
vrrp_strict #严格遵守VRRP协议,不允许状况,在配置单播IP地址时,此行需要删除或者注释掉即可。
1、没有VIP地址
2、单播邻居
3、在VRRP版本2中有IPv6地址
实验一:实现keepalived单播地址配置
1、在主节点配置keepalived文件
[root@centos_17~]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.17 配置源地址的IP地址
unicast_peer {
192.168.37.7 配置从节点的目标IP地址
}
advert_int 2
authentication {
auth_type pass
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
配置完成之后重启keepalived:
[root@centos_17~]#systemctl restart keepalived
2、在从节点配置keepalived文件
[root@centos7~]#vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 50
priority 80
unicast_src_ip 192.168.37.7
unicast_peer {
192.168.37.17
}
advert_int 2
authentication {
auth_type pass
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
配置完成之后重启keepalived:
[root@centos_17~]#systemctl restart keepalived
3、验证锁单播IP地址效果。
此时由于绑定了双方keepalived主机的IP地址,就只会对双方进行广播,避免多个keepalived的虚拟IP地址进行冲突。
实验二:实现非抢占模式漂移VIP
原理:关闭VIP抢占模式,需要VIP state都为BACKUP,此时哪个keepalived的优先级大,优先占用哪个keepalived服务器,当此占用的服务器宕机后,另一个BACKUP主机才会进行占用,就算优先级高的恢复了,也不能进行抢占,除非优先级低的服务器宕机后,才会继续占用到高优先级的keepalived服务器上。
1、在优先级高的keepalived主机进行配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP 角色必须是BACKUP
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.17
unicast_peer {
192.168.37.7
}
advert_int 2
nopreempt 设置为非抢占模式
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
2、在优先级低的keepalived主机配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP 角色必须是BACKUP
interface ens33
virtual_router_id 60
priority 80
unicast_src_ip 192.168.37.7
unicast_peer {
192.168.37.17
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
测试效果:
此时手动将keepalived主机优先级高的进行宕机,VIP就会漂移到优先级低的主机上。
[root@centos_17~]#systemctl stop keepalived
此时查看优先级低的主机IP地址情况:
此时就算高优先级的主机恢复,也无法抢占VIP地址,此时需要宕机优先级低的主机才会占用VIP地址。
启动优先级高的主机:systemctl start keepalived
停掉优先级低的主机:systemctl stop keepalived
实战三:实现两个以上的Keepalived主机
背景:当公司需求量较大时,两个keepalived已经不能满足公司需求,此时需要配置两台以上的keepalived,应该怎么配置?
实现方法如下:
1、在A主机配置keepalived
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state MASTER 主节点服务器
interface ens33
virtual_router_id 60
priority 100 优先级为100
unicast_src_ip 192.168.37.7 绑定单播地址,防止IP地址与其他keepalived地址冲突
unicast_peer {
192.168.37.17 目标keepalived主机IP地址
192.168.37.27 目标keepalived主机IP地址
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1 添加VIP地址,也可以多添加几个地址
}
}
2、在B主机配置keepalived
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP 从节点服务器
interface ens33
virtual_router_id 50
priority 80 优先级为80
unicast_src_ip 192.168.37.17 绑定单播地址,源keepalived的IP地址
unicast_peer {
192.168.37.7 两个目标的keepalived的IP地址
192.168.37.27
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
3、在C主机配置keepalived
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP 从节点服务器
interface ens33
virtual_router_id 50
priority 60 优先级为60,要比前两个的主机优先级都要低
unicast_src_ip 192.168.37.27 绑定单播地址,源地址
unicast_peer {
192.168.37.7 两个keepalived的目标地址
192.168.37.17
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
测试效果:
将A主机的keepalived宕机,可以观察此时的B主机成为MASTER主机,VIP地址就会漂移到B主机上。
当B主机的keepalived也宕机之后,此时的VIP就会漂移到C主机从节点的keepalived服务器上
同理:当优先级高的keepalived服务器恢复后,VIP地址就又会漂移回去。
实战四:实现TCP模式keepalived及LVS-DR模式高可用(此用法多于HTTP用法)
参数含义:
delay_loop<INT>:检查后端服务器的时间间隔
lb_algorr|wrr|lc|wlc|lblc|sh|dh:定义调度方法
lb_kindNAT|DR|TUN:集群的类型
persistence_timeout<INT>:持久连接时长
protocol TCP|UDP|SCTP:指定服务协议
sorry_server<IPADDR> <PORT>:所有RS故障时,备用服务器地址
real_server<IPADDR> <PORT>
{
weight <INT> RS权重
notify_up<STRING>|<QUOTED-STRING> RS上线通知脚本
notify_down<STRING>|<QUOTED-STRING> RS下线通知脚本
HTTP_GET|SSL_GET|TCP_CHECK|SMTP_CHECK|MISC_CHEC K { ... }:定义当前主机的健康状态检测方法
}
HTTP监测含义
HTTP_GET|SSL_GET:应用层检测
HTTP_GET|SSL_GET {
url{
path <URL_PATH>:定义要监控的URL
status_code<INT>:判断上述检测机制为健康状态的响应码
}
connect_timeout<INTEGER>:连接请求的超时时长
nb_get_retry<INT>:重试次数
delay_before_retry<INT>:重试之前的延迟时长
connect_ip<IP ADDRESS>:向当前RS哪个IP地址发起健康状态检测请求
connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址
bind_port<PORT>:发出健康状态检测请求时使用的源端口
}
TCP监测
传输层检测TCP_CHECK
TCP_CHECK {
connect_ip<IP ADDRESS>:向当前RS的哪个IP地址发起健康状态检测请求
connect_port<PORT>:向当前RS的哪个PORT发起健康状态检测请求
bindto<IP ADDRESS>:发出健康状态检测请求时使用的源地址
bind_port<PORT>:发出健康状态检测请求时使用的源端口
connect_timeout<INTEGER>:连接请求的超时时长
}
1、在A主机修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state MASTER
interface ens33
virtual_router_id 50
priority 100
unicast_src_ip 192.168.37.7
unicast_peer {
192.168.37.17
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
include /etc/keepalived/conf/*.conf 定义一个单独管理的目录,定义keepalived配置文件
在A主机定义LVS-DR模式配置文件
如果后期keepalived的配置文件修改过大,我们可以调用include,新建一个目录,并在此目录下进行存放配置文件。
[root@centos7keepalived]#mkdir conf
[root@centos7keepalived]#vim conf/tcp.conf
virtual_server 192.168.37.100 80 { VIP地址
delay_loop 6
lb_algo wrr 权重轮询
lb_kind DR DR模式
protocol TCP
sorry_server 192.168.37.47 80 配置后端sorry服务器,当两个keepalived主机都宕机之后,就在此主机进行显示信息。
real_server 192.168.37.27 80 { 后端RS1服务器IP地址
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.37.37 80 { 后端RS2服务器
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
2、在B主机修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.com
}
notification_email_from root@localhost.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1
vrrp_skip_check_adv_addr
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP
interface ens33
virtual_router_id 50
priority 80
unicast_src_ip 192.168.37.17
unicast_peer {
192.168.37.7
}
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.37.100 dev ens33 label ens33:1
}
}
include /etc/keepalived/conf/*.conf
在B主机定义LVS-DR模式的配置文件
新建conf目录,并在此目录下新建一个配置文件
[root@centos_17keepalived]#mkdir conf
[root@centos_17keepalived]#vim conf/tcp.conf
virtual_server 192.168.37.100 80 {
delay_loop 6
lb_algo wrr
lb_kind DR
protocol TCP
sorry_server 192.168.37.47 80 定义sorry server的后端主机,当两个keepalived主机宕机后,就会提示此信息。
real_server 192.168.37.27 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.37.37 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
3、后端服务器RS1上修改配置
在RS1绑定VIP地址及lo回环网卡
[root@centos27~]#vim lvs_dr_rs.sh
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.37.100 绑定VIP地址
mask='255.255.255.255'
dev=lo:1 绑定在lo回环网卡上
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
执行脚本:
[root@centos27~]#bash lvs_dr_rs.sh start
4、在RS2后端服务器上修改配置
修改RS2的配置脚本,绑定VIP地址及lo回环网卡
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.37.100
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
执行以上脚本
[root@centos37~]#bash lvs_dr_rs.sh start
4、在sorry后端服务器上修改配置
修改sorry后端服务器配置脚本,绑定VIP地址及lo回环网卡
#!/bin/bash
#Author:wangxiaochun
#Date:2017-08-13
vip=192.168.37.100
mask='255.255.255.255'
dev=lo:1
rpm -q httpd &> /dev/null || yum -y install httpd &>/dev/null
service httpd start &> /dev/null && echo "The httpd Server is Ready!"
echo "<h1>`hostname`</h1>" > /var/www/html/index.html
case $1 in
start)
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
ifconfig $dev $vip netmask $mask #broadcast $vip up
#route add -host $vip dev $dev
echo "The RS Server is Ready!"
;;
stop)
ifconfig $dev down
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo "The RS Server is Canceled!"
;;
*)
echo "Usage: $(basename $0) start|stop"
exit 1
;;
esac
执行以上脚本
[root@centos47~]#bash lvs_dr_rs.sh start
5、测试效果:
将RS1和RS2及sorry后端服务器添加测试页面,并启动httpd服务:systemctl start httpd
[root@cenots277~]#yum install httpd [root@cenots27~]#cd /var/www/html [root@cenots27html]#cat index.html <h1>cenots27</h1> [root@cenots37html]#cat index.html <h1>cenots37</h1> [root@cenots37html]#cat index.html sorry server !!
客户端访问LVS的VIP地址,此时LVS将调度到后端服务器,进行轮询访问。
当后端RS1和RS2后端服务器宕机后,此时就会显示sorry server信息。
