一、环境搭建
1.1 实验环境规划
|-----|-----|---------------|---------------|
| 角色 | 主机名 | IP地址 | 说明 |
| RS1 | rs1 | 192.168.58.10 | Web服务器1 |
| RS2 | rs2 | 192.168.58.20 | Web服务器2 |
| KA1 | KA1 | 192.168.58.50 | Keepalived主节点 |
| KA2 | KA2 | 192.168.58.60 | Keepalived备节点 |
| VIP | | 192.168.58.3 | 虚拟IP地址 |
1.2 RS1配置
配置网卡:
vmset.sh eth0 192.168.58.10 rs1
安装Apache:
dnf install httpd -y
systemctl enable --now httpd
echo RS1 - 192.168.58.10 > /var/www/html/index.html
1.3 RS2配置
配置网卡:
vmset.sh eth0 192.168.58.20 rs2
安装Apache:
dnf install httpd -y
systemctl enable --now httpd
echo RS2 - 192.168.58.20 > /var/www/html/index.html
#部署rs1和rh2(单网卡NAT模式)
[root@rs1 ~]# vmset.sh eth0 192.168.58.10 rs1
[root@rs1 ~]# dnf install httpd -y
[root@rs1 ~]# echo RS1 - 192.168.58.10 > /var/www/html/index.html
[root@rs1 ~]# systemctl enable --now httpd
[root@rs2 ~]# vmset.sh eth0 192.168.58.20 rs2
[root@rs2 ~]# dnf install httpd -y
[root@rs2 ~]# echo RS2 - 192.168.58.20 > /var/www/html/index.html
[root@rs2 ~]# systemctl enable --now httpd1.4 测试后端服务器
curl 192.168.58.10
curl 192.168.58.20
显示结果:
RS1 - 192.168.58.10
RS2 - 192.168.58.20
#测试:
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.10
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.201.5 KA1和KA2基础配置
配置网卡:
vmset.sh eth0 192.168.58.50 KA1
vmset.sh eth0 192.168.58.60 KA2
配置本地解析:
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.58.50 KA1
192.168.58.60 KA2
192.168.58.10 rs1
192.168.58.20 rs2
同步hosts文件到所有主机:
for i in 60 10 20
do
scp /etc/hosts 192.168.58.$i:/etc/hosts
done
#设定ka1和ka2
[root@KA1 ~]# vmset.sh eth0 192.168.58.50 KA1
[root@KA2 ~]# vmset.sh eth0 192.168.58.60 KA6
#设定本地解析
[root@KA1 ~]# vim /etc/hosts
[root@KA1 ~]# for i in 60 10 20
> do
> scp /etc/hosts 192.168.58.$i:/etc/hosts
> done
#在所有主机中查看/etc/hosts1.6 时间同步配置
KA1作为时间服务器:
vim /etc/chrony.conf
allow 0.0.0.0/0
local stratum 10
systemctl restart chronyd
systemctl enable --now chronyd
KA2同步KA1时间:
vim /etc/chrony.conf
pool 192.168.58.50 iburst
systemctl restart chronyd
systemctl enable --now chronyd
验证时间同步:
chronyc sources -v
显示结果:
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* KA1 3 6 17 13 +303ns[+6125ns] +/- 69ms
#在ka1中开启时间同步服务
[root@KA1 ~]# vim /etc/chrony.conf
[root@KA1 ~]# systemctl restart chronyd
[root@KA1 ~]# systemctl enable --now chronyd
#在ka2中使用ka1的时间同步服务
[root@KA2 ~]# vim /etc/chrony.conf
[root@KA2 ~]# systemctl restart chronyd
[root@KA2 ~]# systemctl enable --now chronyd
[root@KA2 ~]# chronyc sources -v二、Keepalived虚拟路由配置
2.1 安装Keepalived
dnf install keepalived.x86_64 -y
[root@KA1 ~]# dnf install keepalived.x86_64 -y
[root@KA2 ~]# dnf install keepalived.x86_64 -y2.2 KA1主节点配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
启动服务:
systemctl enable --now keepalived.service
2.3 KA2备节点配置
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2
vrrp_skip_check_adv_addr
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
启动服务:
systemctl enable --now keepalived.service
#在master
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA1 ~]# systemctl enable --now keepalived.service
#在KA2中设定
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA2 ~]# systemctl enable --now keepalived.service2.4 验证VRRP通告
在KA1上抓包查看VRRP通告:
tcpdump -i eth0 -nn host 224.0.0.44
显示结果:
11:38:46.183386 IP 192.168.58.50 > 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
11:38:47.184051 IP 192.168.58.50 > 224.0.0.44: VRRPv2, Advertisement, vrid 51, prio 100, authtype simple, intvl 1s, length 20
查看VIP:
ifconfig
显示结果:
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.58.3 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:26:33:d9 txqueuelen 1000 (Ethernet)
#验证
[root@KA1 ~]# tcpdump -i eth0 -nn host 224.0.0.44
[root@KA1 ~]# ifconfig2.5 故障切换测试
在KA1上模拟故障:
systemctl stop keepalived.service
在KA2上查看VIP是否迁移:
ifconfig
显示结果:
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.58.3 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:1e:fd:7a txqueuelen 1000 (Ethernet)
#测试故障
#在一个独立的shell中执行
[root@KA1 ~]# tcpdump -i eth0 -nn host 224.0.0.44
#在kA1中模拟故障
[root@KA1 ~]# systemctl stop keepalived.service
#在KA2中看vip是否被迁移到当前主机
[root@KA2 ~]# ifconfig三、Keepalived日志分离
3.1 配置日志分离
编辑Keepalived服务配置:
vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
重启服务:
systemctl restart keepalived.service
配置rsyslog:
vim /etc/rsyslog.conf
local6.* /var/log/keepalived.log
重启rsyslog:
systemctl restart rsyslog.service
[root@KA1 ~]# vim /etc/sysconfig/keepalived
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# vim /etc/rsyslog.conf
[root@KA1 ~]# systemctl restart rsyslog.service3.2 验证日志文件
ls -l /var/log/keepalived.log
#测试
[root@KA1 log]# ls keepalived.log
keepalived.log四、Keepalived子配置文件
4.1 主配置文件修改
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
include /etc/keepalived/conf.d/*.conf
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
}
include /etc/keepalived/conf.d/*.conf #指定独立子配置文件4.2 创建子配置文件目录
mkdir /etc/keepalived/conf.d -p
[root@KA1 ~]# mkdir /etc/keepalived/conf.d -p4.3 创建VRRP实例配置
vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA1 ~]# vim /etc/keepalived/conf.d/webvip.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}4.4 验证配置
keepalived -t -f /etc/keepalived/keepalived.conf
systemctl restart keepalived.service
[root@KA1 ~]# keepalived -t -f /etc/keepalived/keepalived.conf
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA1 ~]# ifconfig五、抢占模式配置
5.1 抢占模式(默认)
默认情况下,优先级高的节点会抢占VIP。
5.2 非抢占模式
KA1配置:
vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
KA2配置:
vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
重启服务:
systemctl restart keepalived.service
#kA1中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP #非抢占模式互为backup
interface eth0
virtual_router_id 51
nopreempt #启动非抢占模式
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA1 ~]# systemctl stop keepalived.service
#KA2中
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
nopreempt #开启非抢占模式
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA2 ~]# systemctl stop keepalived.service5.3 测试非抢占模式
启动KA1和KA2:
systemctl start keepalived.service
VIP在KA1上:
ifconfig
停止KA1:
systemctl stop keepalived.service
VIP迁移到KA2:
ifconfig
重新启动KA1:
systemctl start keepalived.service
VIP不会回到KA1(非抢占模式)
#测试:
[root@KA1 ~]# systemctl start keepalived.service
[root@KA2 ~]# systemctl start keepalived.service
[root@KA1 ~]# ifconfig
[root@KA1 ~]# systemctl stop keepalived.service
[root@KA2 ~]# ifconfig
#开启KA1的服务ip不会被抢占到1中
[root@KA1 ~]# ifconfig5.4 延迟抢占模式
KA1配置:
vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
preempt_delay 10
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
KA2配置:
vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
preempt_delay 10
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
测试:
watch -n 1 ifconfig
重启KA1的Keepalived,观察VIP延迟10秒后迁移
#kA1中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP #非抢占模式互为backup
interface eth0
virtual_router_id 51
preempt_delay 10 #启动延迟抢占,延迟10s抢占
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA1 ~]# systemctl stop keepalived.service
#KA2中
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
preempt_delay 10 #启动延迟抢占,延迟10s抢占
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA2 ~]# systemctl stop keepalived.service
#测试:
[root@KA1 ~]# systemctl start keepalived.service
[root@KA2 ~]# systemctl start keepalived.service
#在一个独立的shell中开启ip的监控
[root@KA1 ~]# watch -n 1 ifconfig
#在KA1另外的shell中关闭keepalived
[root@KA1 ~]# systemctl stop keepalived.service
[root@KA1 ~]# systemctl start keepalived.service
#操作完毕后观察监控中vip的迁移延迟过程六、Keepalived单播模式
6.1 单播模式配置
KA1配置:
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
vrrp_garp_interval 1
vrrp_gna_interval 1
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 192.168.58.50
unicast_peer {
192.168.58.60
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
KA2配置:
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA2
vrrp_skip_check_adv_addr
vrrp_garp_interval 1
vrrp_gna_interval 1
}
vrrp_instance WEB_VIP {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
unicast_src_ip 192.168.58.60
unicast_peer {
192.168.58.50
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
重启服务:
systemctl restart keepalived.service
#在KA1中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
#vrrp_mcast_group4 224.0.0.44 #关闭组播
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 192.168.58.50 #指定单播源地址,通常是本机IP
unicast_peer {
192.168.58.60 #指定单播接收地址
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
#在KA2中
[root@KA2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
#vrrp_mcast_group4 224.0.0.44 #关闭组播
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
unicast_src_ip 192.168.58.60 #指定单播源地址,通常是本机IP
unicast_peer {
192.168.58.50 #指定单播接收地址
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
}
[root@KA1 ~]# systemctl restart keepalived.service
[root@KA2 ~]# systemctl restart keepalived.service6.2 测试单播模式
在KA1上抓包:
tcpdump -i eth0 -nn src host 192.168.58.50 and dst 192.168.58.60
在KA2上抓包:
tcpdump -i eth0 -nn src host 192.168.58.60 and dst 192.168.58.50
停止KA1:
systemctl stop keepalived.service
VIP迁移到KA2,KA2开始显示通告
启动KA1:
systemctl start keepalived.service
VIP回到KA1,KA2停止显示通告
#测试
#在KA1中开启独立shell监控播报信息
[root@KA1 ~]# tcpdump -i eth0 -nn src host 192.168.58.50 and dst 192.168.58.60
#在KA2中开启独立shell监控播报信息
[root@KA2 ~]# tcpdump -i eth0 -nn src host 192.168.58.60 and dst 192.168.58.50
#在KA1正常时
#ka2播报信息不显示通告内容
[root@KA1 ~]# systemctl stop keepalived.service
#vip会被迁移到KA2,KA2上开始显示播报内容
[root@KA1 ~]# systemctl start keepalived.service
#vip因为优先级被KA1抢占,KA2中播报停止七、邮件告警配置
7.1 安装邮件软件
dnf install s-nail postfix -y
systemctl start postfix.service
#安装邮件软件
[root@KA1 ~]# dnf install s-nail postfix -y
[root@KA2 ~]# dnf install s-nail postfix -y
#启动邮件代理
[root@KA1 ~]# systemctl start postfix.service
[root@KA2 ~]# systemctl start postfix.service7.2 配置邮件客户端
vim /etc/mail.rc
set smtp-auth=login
set smtp-auth-user=timinglee_zln@163.com
set smtp-auth-password=TGfdKaJT7EB
set from=timinglee_zln@163.com
set ssl-verify=ignore
#在Linux主机中配置mailrc(KA1+KA2)
[root@KA1+KA2 ~]# vim /etc/mail.rc
set smtp=smtp.163.com
set smtp-auth=login
set smtp-auth-user=timinglee_zln@163.com
set smtp-auth-password=TGfdKaJT7EB
set from=timinglee_zln@163.com
set ssl-verify=ignore7.3 测试邮件发送
echo hello | mailx -s test 1122334455@qq.com
查看邮件队列:
mailq
查看退信:
#测试邮件
[root@KA1 mail]# echo hello | mailx -s test 1122334455@qq.com
[root@KA1 mail]# mailq #查看邮件队列
Mail queue is empty
[root@KA1 mail]# mail #查看是否又退信
s-nail version v14.9.22. Type `?' for help
/var/spool/mail/root: 1 message
▸ 1 Mail Delivery Subsys 2026-01-28 16:26 69/2210 "Returned mail: see transcript for details "
&q 退出
#查看对应邮箱是否有邮件收到7.4 创建告警脚本
mkdir -p /etc/keepalived/scripts
vim /etc/keepalived/scripts/waring.sh
#!/bin/bash
mail_dest='timinglee_zln@163.com'
send_message()
{
mail_sub="HOSTNAME to be $1 vip move"
mail_msg="`date +%F\ %T`: vrrp move HOSTNAME change 1"
echo mail_msg \| mail -s "mail_sub" $mail_dest
}
case $1 in
master)
send_message master
;;
backup)
send_message backup
;;
fault)
send_message fault
;;
*)
;;
esac
chmod +x /etc/keepalived/scripts/waring.sh
[root@KA1 ~]# mkdir -p /etc/keepalived/scripts
[root@KA2 ~]# mkdir -p /etc/keepalived/scripts
#编写告警脚本
[root@KA1+2 ~]# vim /etc/keepalived/scripts/waring.sh
#!/bin/bash
mail_dest='594233887@qq.com'
mail_send()
{
mail_subj="$HOSTNAME to be $1 vip 转移"
mail_mess="`date +%F\ %T`: vrrp 转移,$HOSTNAME 变为 $1"
echo "$mail_mess" | mail -s "$mail_subj" $mail_dest
}
case $1 in
master)
mail_send master
;;
backup)
mail_send backup
;;
fault)
mail_send fault
;;
*)
exit 1
;;
esac
[root@KA1+2 ~]# chmod +x /etc/keepalived/scripts/waring.sh
[root@KA1 ~]# /etc/keepalived/scripts/waring.sh master
#对应邮箱中会出现邮件7.5 配置Keepalived调用脚本
vim /etc/keepalived/keepalived.conf
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
notify_master "/etc/keepalived/scripts/waring.sh master"
notify_backup "/etc/keepalived/scripts/waring.sh backup"
notify_fault "/etc/keepalived/scripts/waring.sh fault"
}
重启服务:
systemctl restart keepalived.service
#在KA1和KA2中设定配置文件
! Configuration File for keepalived
global_defs {
notification_email {
timinglee_zln@163.com
}
notification_email_from timinglee_zln@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id KA1
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 1
vrrp_gna_interval 1
vrrp_mcast_group4 224.0.0.44
enable_script_security
script_user root
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
# unicast_src_ip 192.168.58.50
# unicast_peer {
# 192.168.58.60
# }
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
notify_master "/etc/keepalived/scripts/waring.sh master"
notify_backup "/etc/keepalived/scripts/waring.sh backup"
notify_fault "/etc/keepalived/scripts/waring.sh fault"
}
[root@KA1+2 ~]# systemctl restart keepalived.service
#测试
[root@KA1 ~]# systemctl stop keepalived.service #停止服务后查看邮件
[root@KA1 ~]# systemctl start keepalived.service #开启服务后查看邮件八、Keepalived实现LVS高可用
8.1 在RS上配置VIP
RS1配置:
ip addr add 192.168.58.3/32 dev lo
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
RS2配置:
ip addr add 192.168.58.3/32 dev lo
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@rs1+2 ~]# cd /etc/NetworkManager/system-connections/
[root@rs1+2 system-connections]# ls
[root@rs1+2 system-connections]# cp eth0.nmconnection lo.nmconnection -p
[root@rs1+2 system-connections]# vim lo.nmconnection
[connection]
id=lo
type=loopback
interface-name=lo
[ipv4]
method=manual
address1=127.0.0.1/8
address2=192.168.58.3/32
[root@rs1+2 system-connections]# nmcli connection reload
[root@rs1+2 system-connections]# nmcli connection up lo
[root@rs1+2 system-connections]# ip a
[root@rs1+2 system-connections]# vim /etc/sysctl.conf
net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.lo.arp_ignore=1
[root@rs1+2 system-connections]# sysctl -p
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
#安装ipvsadm
[root@KA1+KA2 ~]# dnf install ipvsadm -y8.2 KA1配置LVS规则
vim /etc/keepalived/keepalived.conf
virtual_server 192.168.58.3 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
重启服务:
systemctl restart keepalived.service
#在keepalived的所有主机中
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
virtual_server 192.168.58.3 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@KA1 ~]# systemctl restart keepalived.service8.3 查看LVS规则
ipvsadm -Ln
显示结果:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.58.3:80 rr
-> 192.168.58.10:80 Route 1 0 0
-> 192.168.58.20:80 Route 1 0 0
8.4 测试高可用
在KA1上监控LVS规则:
watch -n 1 ipvsadm -Ln
关闭RS1的Apache:
systemctl stop httpd
观察LVS规则变化,RS1被移除
关闭KA1的Keepalived:
systemctl stop keepalived.service
观察KA2是否自动生成LVS规则
#友情提示:不要再KA1和KA2中访问vip,会检测不出效果
#在ka1中开启独立的shell
[root@KA1 ~]# watch -n 1 ipvsadm -Ln
#在RS1中关闭wen服务查看lvs策略是否变化
#把ka1中的keepalived关闭查看ka2中是否自动生成lvs策略九、双主模式代理不同业务
9.1 实验环境
在RS上配置第二个VIP:
ip addr add 192.168.58.4/32 dev lo
在RS上安装数据库:
dnf install mariadb-server -y
systemctl enable --now mariadb
创建数据库用户:
mysql
CREATE USER lee@'%' identified by 'lee';
GRANT ALL ON *.* TO lee@'%';
#web服务设定再个实验已经设定完成
#在rs中设定lo添加vip2 192.168.58.4、32
#在rs中搭建数据库
[root@rs1+2 ~]# dnf install mariadb-server -y
[root@rs1+2 ~]# systemctl enable --now mariadb
[root@rs1+2 ~]# mysql
#测试
[root@rs1 ~]# mysql -ulee -plee -h192.168.58.10
MariaDB [(none)]> quit
[root@rs1 ~]# mysql -ulee -plee -h192.168.58.20
MariaDB [(none)]> quit9.2 KA1和KA2配置
创建子配置文件:
mkdir /etc/keepalived/conf.d
vim /etc/keepalived/conf.d/webserver.conf
virtual_server 192.168.58.3 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
vim /etc/keepalived/conf.d/database.conf
virtual_server 192.168.58.4 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.58.20 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
}
主配置文件:
vim /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/webserver.conf
include /etc/keepalived/conf.d/database.conf
重启服务:
systemctl restart keepalived.service
#KA1和KA2
[root@KA1+2 ~]# vim /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/webserver.conf
include /etc/keepalived/conf.d/datebase.conf
[root@KA1+2 ~]# vim /etc/keepalived/conf.d/webserver.conf
virtual_server 192.168.58.3 80 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
retry 3
delay_before_retry 1
}
}
real_server 192.168.58.20 80 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@KA1 ~]# vim /etc/keepalived/conf.d/datebase.conf
virtual_server 192.168.58.4 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
protocol TCP
real_server 192.168.58.10 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.58.20 3306 {
weight 1
TCP_CHECK {
connect_timeout 5
retry 3
delay_before_retry 3
connect_port 3306
}
}
}
[root@KA1+2 ~]# systemctl restart keepalived.service9.3 测试
测试Web服务:
curl 192.168.58.3
显示结果:
RS1 - 192.168.58.10
RS2 - 192.168.58.20
测试数据库:
mysql -ulee -plee -h192.168.58.4
[root@rs2 ~]# mysql -ulee -plee -h192.168.58.4
MariaDB [(none)]>
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.3
[Administrator.DESKTOP-VJ307M3] ➤ curl 192.168.58.3十、VRRP Script实现全能高可用
10.1 实验环境
安装HAProxy:
dnf install haproxy -y
配置内核参数:
vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
配置HAProxy:
vim /etc/haproxy/haproxy.cfg
listen webserver
bind 192.168.58.3:80
mode http
server web1 192.168.58.10:80 check
server web2 192.168.58.20:80 check
启动HAProxy:
systemctl enable --now haproxy
#在KA1和KA2中安装haproxy
[root@KA1+2 ~]# dnf install haproxy-2.4.22-4.el9.x86_64 -y
[root@KA1 ~]# vim /etc/sysctl.conf
[root@KA1+2 ~]# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
[root@KA1+2 ~]# vim /etc/haproxy/haproxy.cfg
listen webserver
bind 192.168.58.3:80
mode http
server web1 172.25.254.10:80 check
server web2 172.25.254.20:80 check
[root@KA1+2 ~]# systemctl enable --now haproxy.service10.2 创建检测脚本
vim /etc/keepalived/scripts/haproxy_check.sh
#!/bin/bash
killall -0 haproxy &> /dev/null
chmod +x /etc/keepalived/scripts/haproxy_check.sh
[root@KA1 ~]# vim /etc/keepalived/scripts/haproxy_check.sh
#!/bin/bash
killall -0 haproxy &> /dev/null
[root@KA1 ~]# chmod +x /etc/keepalived/scripts/haproxy_check.sh
vrrp_script haporxy_check {
script "/etc/keepalived/scripts/haproxy_check.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
user root
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
track_script {
haporxy_check
}
}
[root@KA1 ~]# systemctl restart keepalived.service10.3 配置VRRP Script
vim /etc/keepalived/keepalived.conf
vrrp_script haproxy_check {
script "/etc/keepalived/scripts/haproxy_check.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
user root
}
vrrp_instance WEB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:0
}
track_script {
haproxy_check
}
}
重启服务:
systemctl restart keepalived.service
#在KA1主机中
[root@KA1 ~]# vim /etc/keepalived/scripts/test.sh
#!/bin/bash
[ ! -f "/mnt/lee" ]
[root@KA1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script check_lee {
script "/etc/keepalived/scripts/test.sh"
interval 1
weight -30
fall 2
rise 2
timeout 2
user root
}
vrrp_instance DB_VIP {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.58.3/24 dev eth0 label eth0:1
}
track_script {
check_lee
}
}
[root@KA1 ~]# systemctl restart keepalived.service10.4 测试
查看VIP:
ifconfig
停止HAProxy:
systemctl stop haproxy
观察VIP是否迁移
启动HAProxy:
systemctl start haproxy
观察VIP是否回到KA1
#测试:
[root@KA1 ~]# ifconfig
[root@KA1 ~]# touch /mnt/lee
[root@KA1 ~]# ifconfig
[root@KA1 ~]# rm -fr /mnt/lee
[root@KA1 ~]# ifconfig十一、Keepalived常用配置参数
11.1 global_defs全局配置
|-------------------------|------------|
| 参数 | 说明 |
| notification_email | 告警邮件接收地址 |
| notification_email_from | 告警邮件发送地址 |
| smtp_server | SMTP服务器地址 |
| smtp_connect_timeout | SMTP连接超时时间 |
| router_id | 路由器标识 |
| vrrp_mcast_group4 | VRRP组播地址 |
11.2 vrrp_instance实例配置
|-------------------|---------------------|
| 参数 | 说明 |
| state | 节点状态(MASTER/BACKUP) |
| interface | 绑定网卡 |
| virtual_router_id | VRRP实例ID(0-255) |
| priority | 优先级(1-254) |
| advert_int | 通告间隔(秒) |
| authentication | 认证配置 |
| virtual_ipaddress | 虚拟IP地址 |
| nopreempt | 非抢占模式 |
| preempt_delay | 延迟抢占时间 |
11.3 vrrp_script脚本配置
|----------|---------|
| 参数 | 说明 |
| script | 检测脚本路径 |
| interval | 检测间隔(秒) |
| weight | 权重变化值 |
| fall | 失败次数阈值 |
| rise | 成功次数阈值 |
| timeout | 超时时间 |
11.4 virtual_server虚拟服务器配置
|-------------|--------------------|
| 参数 | 说明 |
| delay_loop | 健康检查间隔 |
| lb_algo | 负载均衡算法 |
| lb_kind | 负载均衡模式(NAT/DR/TUN) |
| protocol | 协议(TCP/UDP) |
| real_server | 真实服务器配置 |