keepalived是基于vrrp协议的一款高可用软件,运行在lvs之上,是一个用于做双机热备的软件。主要为Linux系统和基于Linux系统的基础架构提供强大的负载均衡和高可用功能。
keepalived环境
Master 192.168.1.103
Backup 192.168.1.104
VIP 192.168.1.105
keepalived服务部署
keepalived官网下载keepalived
安装依赖包
1
| yum install openssl-devel popt-devel gcc-c++ -y
|
安装内核
1
2
3
4
5
6
7
8
| [root@103 keepalived-2.1.4]# yum install kernel-devel -y
[root@103 keepalived-2.1.4]# cd /usr/src/kernels
[root@103 keepalived-2.1.4]# ln -s /usr/src/kernels/3.10.0-1160.24.1.el7.x86_64 /usr/src/linux
[root@103 keepalived-2.1.4]# ll /usr/src/
总用量 0
drwxr-xr-x. 2 root root 6 4月 11 2018 debug
drwxr-xr-x. 3 root root 41 4月 18 10:51 kernels
lrwxrwxrwx 1 root root 44 4月 18 10:52 linux -> /usr/src/kernels/3.10.0-1160.24.1.el7.x86_64
|
编译安装
1
2
| [root@103 keepalived-2.1.4]# ./configure
[root@103 keepalived-2.1.4]# make && make install
|
复制配置文件
1
2
3
4
5
| [root@103 keepalived-2.1.4]# cp keepalived/etc/init.d/keepalived /etc/init.d/ 启动脚本配置文件
[root@103 keepalived-2.1.4]# cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/ 配置启动脚本参数
[root@103 ~]# mkdir /etc/keepalived 创建配置文件存储目录
[root@103 ~]# cp download/keepalived-2.1.4/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ 配置文件模块
[root@103 ~]# cp /usr/local/sbin/keepalived /usr/sbin/ 启动命令
|
keepalived分为全局配置模块global_defs,vrrpd模块,lvs配置模块
配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
| [root@103 keepalived]# cat keepalived.conf.back
! Configuration File for keepalived
global_defs { 全局配置模块
notification_email { 通知邮件地址
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc 邮件服务器配置
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL 虚拟路由器ID,全网唯一
vrrp_skip_check_adv_addr 接受的消息与上一个接受的消息都来自相同的master路由器,则跳过检查
vrrp_strict 严格遵守vrrp协议
vrrp_garp_interval 0 在一个接口发送的两个arp之间的延迟
vrrp_gna_interval 0 在一个接口上每组na消息之间的延迟
}
vrrp_instance VI_1 { vrrp实例,VI_1实例
state MASTER 角色(master/backup)
interface eth0 发送心跳检测的接口
virtual_router_id 51 虚拟路由器ID,同一集群保持一致
priority 100 优先级
advert_int 1 两个keepalived之间的通知时间间隔
authentication { 两个keepalived之间的认证
auth_type PASS 指定认证类型
auth_pass 1111 指定密码
}
virtual_ipaddress { 指定VIP配置模块
192.168.200.16 VIP地址
192.168.200.17
192.168.200.18
}
}
virtual_server 192.168.200.100 443 { #虚拟主机配置模块
delay_loop 6 健康检测时间间隔
lb_algo rr lvs调度算法
lb_kind NAT lvs工作模式
persistence_timeout 50 持久化超时时间
protocol TCP 协议类型
real_server 192.168.201.100 443 { 后端真实主机配置模块
weight 1 权重
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3 连接超时时间
retry 3 超时重试连接次数
delay_before_retry 3 重试之前的延迟时间
}
}
}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
|
master-keepalived配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| [root@103 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_254
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens192
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.105
}
}
|
backup-keepalived配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| [root@104 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_253
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens192
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.105
}
}
|
启动keepalived
1
2
3
4
| [root@103 keepalived]# /etc/init.d/keepalived start
Starting keepalived (via systemctl): [ 确定 ]
[root@104 keepalived]# /etc/init.d/keepalived start
Starting keepalived (via systemctl): [ 确定 ]
|
测试
1
2
3
4
5
6
| C:\Users\Administrator>ping 192.168.1.105
正在 Ping 192.168.1.105 具有 32 字节的数据:
来自 192.168.1.105 的回复: 字节=32 时间=5ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=5ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=6ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=7ms TTL=63
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| [root@103 keepalived]# ip a|grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.103/24 brd 192.168.1.255 scope global noprefixroute ens192
inet 192.168.1.105/32 scope global ens192
####backup
[root@104 keepalived]# ip a |grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.104/24 brd 192.168.1.255 scope global noprefixroute ens192
#######关闭master#######
C:\Users\Administrator>ping 192.168.1.105
正在 Ping 192.168.1.105 具有 32 字节的数据:
来自 192.168.1.105 的回复: 字节=32 时间=7ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=7ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=5ms TTL=63
来自 192.168.1.105 的回复: 字节=32 时间=6ms TTL=63
[root@103 keepalived]# /etc/init.d/keepalived stop
Stopping keepalived (via systemctl): [ 确定 ]
[root@103 keepalived]# ip a|grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.103/24 brd 192.168.1.255 scope global noprefixroute ens192
####backup
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.1.104/24 brd 192.168.1.255 scope global noprefixroute ens192
inet 192.168.1.105/32 scope global ens192
|