上篇文章介绍了keepalived的安装,此次来看一下keepalived的配置:
修正配置文件一处bug,DR模式下,lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口。不能使用其他网络接口来配置心跳线。
验证方式:
tcpdump -p vrrp -n #查看vrrp协议
tcpdump -v -i eth0 host 224.0.0.18 #本地eth0监听。而不是eth1监听 SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
master:SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
[root@MASTER ~]# uname -r
2.6.32-573.22.1.el6.x86_64
[root@MASTER ~]# cat /etc/redhat-release
CentOS release 6.4 (Final)
[root@MASTER ~]# ifconfig | grep "inet addr:"
eth0: inet addr:1.1.1.201 Bcast:1.1.1.255 Mask:255.255.255.0
eth1: inet addr:192.168.2.201 Bcast:192.168.2.255 Mask:255.255.255.0
eth2: inet addr:10.10.10.201 Bcast:10.255.255.255 Mask:255.0.0.0
lo: inet addr:127.0.0.1 Mask:255.0.0.0 SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
backup:SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
[root@BACKUP keepalived]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@BACKUP keepalived]# uname -r
3.10.0-327.13.1.el7.x86_64
[root@BACKUP keepalived]# ifconfig|grep "inet"
eno16777736: inet 1.1.1.202 netmask 255.255.255.0 broadcast 1.1.1.255
eno33554984: inet 192.168.2.202 netmask 255.255.255.0 broadcast 192.168.2.255
eno33554978: inet 10.10.10.202 netmask 255.0.0.0 broadcast 10.255.255.255
lo: inet 127.0.0.1 netmask 255.0.0.0 SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
keepalived搭建
MASTER配置:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
[root@MASTER keepalived]# route add -host 192.168.2.202 eth1 #<==到对端的心跳路由 [root@BACKUP keepalived]# route add -host 192.168.2.201 eno33554984 #<==到对端的心跳路由 [root@MASTER keepalived]# genhash -s 1.1.1.56 -p 80 -u http://1.1.1.56/9.txt #服务器没有开启服务 [root@MASTER keepalived]# genhash -s 1.1.1.56 -p 80 -u http://1.1.1.56/9.txt #wordpress index.php会返回301 MD5SUM = f632f5eaffa5607c961e22ba40291ab7 [root@MASTER keepalived]# cat keepalived.conf ! Configuration File for keepalived global_defs { #全局设置 notification_email { #需要通知的邮局 admin#t4x.org sysadmin@firewall.loc } notification_email_from Master#t4x.org #发送的邮箱 smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_1 #路由id } vrrp_instance VI_1 { state MASTER #类型为master interface eth0 #接口是eth0 virtual_router_id 51 #虚拟id是51(0-255) lvs_sync_daemon_interface eth0 #心跳线,DR模式下,lvs_sync_daemon_inteface与服务接口interface使用同一个网络接口。 priority 100 #权重为100,值越大,权重越高 advert_int 3 #间隔三秒检查一次 authentication { auth_type PASS auth_pass 1111 #一对keepalived认证密码 } virtual_ipaddress { 1.1.1.99 #VIP地址 } } virtual_server 1.1.1.99 80 { delay_loop 6 #间隔6s查询realserver状态 lb_algo rr #指定算法为轮询 lb_kind DR #采用DR模式 nat_mask 255.255.255.0 persistence_timeout 300 #同一IP的连接60秒内被分配到同一台realserver protocol TCP real_server 1.1.1.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 1.1.1.56 80 { weight 1 HTTP_GET { url { path /9.txt #检测url,可写多个 digest f632f5eaffa5607c961e22ba40291ab7 ##检测效验码 status_code 200 } # connect_port 80 #连接端口 connect_timeout 3 #连接超时时间 nb_get_retry 3 #重试次数 delay_before_retry 3 #连接间隔时间 } } } vrrp_instance VI_2 { state BACKUP interface eth0 lvs_sync_daemon_interface eth0 virtual_router_id 151 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.100 } } virtual_server 1.1.1.100 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 300 protocol TCP real_server 1.1.1.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 1.1.1.56 80 { weight 1 HTTP_GET { url { path /9.txt digest f632f5eaffa5607c961e22ba40291ab7 status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } |
BACKUP配置:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
! Configuration File for keepalived global_defs { notification_email { admin#t4x.org sysadmin@firewall.loc } notification_email_from Master#t4x.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_2 } vrrp_instance VI_1 { state BACKUP interface eno16777736 lvs_sync_daemon_interface eno33554984 virtual_router_id 51 nopreempt priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.99 } } virtual_server 1.1.1.99 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 300 protocol TCP real_server 1.1.1.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 1.1.1.56 80 { weight 1 HTTP_GET { url { path /9.txt digest f632f5eaffa5607c961e22ba40291ab7 status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } vrrp_instance VI_2 { state MASTER interface eno16777736 lvs_sync_daemon_interface eno33554984 virtual_router_id 151 priority 150 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.100 } } virtual_server 1.1.1.100 80 { delay_loop 6 lb_algo wrr lb_kind DR nat_mask 255.255.255.0 persistence_timeout 300 protocol TCP real_server 1.1.1.51 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 1.1.1.56 80 { weight 1 HTTP_GET { url { path /9.txt digest f632f5eaffa5607c961e22ba40291ab7 status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } |
MASTER与BACKUP区别:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@MASTER keepalived]# diff /tmp/keepalived.conf keepalived.conf [root@MASTER keepalived]# diff /tmp/keepalived.conf keepalived.conf 11c11 < router_id LVS_2 --- > router_id LVS_1 15,16c15,16 < state BACKUP < interface eno16777736 --- > state MASTER > interface eth0 18c18 < priority 50 --- > priority 100 |
单播:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
! Configuration File for keepalived global_defs { notification_email { abc#t4x.org sysadmin@firewall.loc } notification_email_from note.t4x.org smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_1 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 lvs_sync_daemon_interface eth0 priority 100 advert_int 3 unicast_src_ip 1.1.1.102 #本地ip unicast_peer { 1.1.1.101 远端ip } authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 1.1.1.99 } } virtual_server 1.1.1.99 80 { delay_loop 6 lb_algo rr lb_kind DR nat_mask 255.255.0.0 persistence_timeout 3600 protocol TCP real_server 1.1.1.101 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 1.1.1.102 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } |
防火墙配置:
|
0 1 |
iptables -A INPUT -i eth0 -d 224.0.0.18/32 -j ACCEPT iptables -A INPUT -i eth2 -p 112 -j ACCEPT |
裂脑问题:SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
1:iptables防火墙导致多播地址224.0.0.18无法通过;
2:route在DR模式下指定了网卡口,导致裂脑;
3:网络不通导致的其他问题; SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
这就是说,MASTER和BACKUP除了route_id、主备、优先级不同以外,其他都一样。SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
官方文档:http://www.keepalived.org/pdf/UserGuide.pdf
参考文档:http://blog.jobbole.com/94675/SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
SourceByrd's Weblog-https://note.t4x.org/remark/keepalived-configfile-comments/
