安装:KeepAlived
- 查看IPVS模块是否已经编译到内核中
cat /boot/config-`uname -r` |grep -i ipvs
# IPVS transport protocol load balancing support
# IPVS scheduler
# IPVS application helper
modprobe -l |grep ipvs
kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko
- 安装keepalived的依赖组件
安装依赖组件
yum install gcc openssl openssl-devel popt popt-devel libnl libnl-devel -y
安装ipvsadm组件,它是keepalived的基础
yum install -y ipvsadm
查看ipvsadm当前的规则(默认为空)
ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
- 安装keepalived
tar -axf keepalived-1.2.16.tar.gz
cd keepalived-1.2.16
\##默认情况下,keepalived主体文件会编译安装在/usr/local/etc/keepalived/目录中。
./configure
make
make install
find / -path "/root" -prune -o -name keep\*
……
/usr/local/etc/keepalived/keepalived.conf ##这是keepalived主体配置文件
/usr/local/etc/sysconfig/keepalived ##这是keepalived选项配置文件
/usr/local/etc/rc.d/init.d/keepalived ##这是keepalived服务启动脚本。
/usr/local/share/man/man5/keepalived.conf.5
/usr/local/share/man/man8/keepalived.8
/usr/local/sbin/keepalived ##这是keepalived命令文件
/usr/share/selinux/targeted/keepalived.pp.bz2
……
mkdir /etc/keepalived
## 备份keepalived主体配置文件
test -f /usr/local/etc/keepalived/keepalived.conf.bak || cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
## 在/etc/keepalived/目录中,创建keepalived主体配置文件的链接文件
ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
## 在/etc/sysconfig/目录中,创建keepalived选项配置文件的链接文件
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
## 在/sbin/目录中,创建keepalived命令文件的链接文件,方便系统通过默认的PATH路径来检索执行该命令
ln -s /usr/local/sbin/keepalived /sbin/keepalived
## 将keepalived服务启动脚本复制到开机启动脚本目录中
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived
## 赋予keepalived服务开机启动脚本的可执行权限
chmod +x /etc/rc.d/init.d/keepalived
4. 启动keepalived服务
chkconfig keepalived on ##设置keepalived服务开机自启动。
service keepalived start ##启动keepalived服务。
ps aux| grep keepalived |grep -v grep
root 3361 0.0 0.1 44480 1036 ? Ss 10:27 0:00 keepalived -D
root 3363 0.1 0.2 48784 2420 ? S 10:27 0:00 keepalived -D
root 3364 0.1 0.1 48656 1652 ? S 10:27 0:00 keepalived -D
创建KeepAlived高可用HA主备切换
1. 创建:HAproxy健康检测脚本
cat > /etc/keepalived/check_haproxy.sh <<EOF
#!/bin/bash
if [ \$(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/haproxy start
sleep 2
elif [ \$(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
/etc/init.d/keepalived stop
else
/etc/init.d/keepalived start
fi
EOF
chmod +x /etc/keepalived/check_haproxy.sh
配置:keepalived
- 暂时关闭:iptables防火墙
service iptables stop
- 配置:keepalived配置文件 server01
cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
## 全局配置段
global_defs {
## 定义:通知收件人邮箱
notification_email {
li@qq.com
}
## 定义:发送邮件的邮件服务器
notification_email_from HAproxy01@one.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy01
## 表示:切换时,依据global_defs中定义的邮件地址发送邮件通知
## 需要确保linux系统本机的smtp协议25/tcp端口处于工作状态。
smtp_alert
## 表示当切换到master状态时,要执行的脚本
notify_master "/etc/keepalived/notify.sh masker"
## 表示当切换到backup状态时,要执行的脚本
notify_backup "/etc/keepalived/notify.sh backup"
## 表示当切换到fault故障状态时,要执行的脚本
notify_fault "/etc/keepalived/notify.sh fault"
}
## 定义:调用指定的<健康检测脚本程序>
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
}
## 定义:故障转移组
vrrp_sync_group G1 {
group {
WAN
}
}
vrrp_instance WAN {
## 定义:实例角色
state MASTER
## 定义:承载VIP地址的物理接口
interface eth0
## 定义:VIP的MAC地址中的vrrp值,(两个节点必须一致)
virtual_router_id 51
## 定义:ARRP组播地址的<源IP地址>,即:心跳检测
##mcast_src_ip 192.168.10.9
## 定义:ARRP单播<源IP地址>,即:心跳检测
unicast_src_ip 192.168.10.8
## 定义:ARRP单播<一个或多个目标IP地址>,即:心跳检测
unicast_peer {
192.168.10.9
}
## 定义:优先级的初始值
priority 100
## 定义:VRRP通知报文的时间间隔
advert_int 1
## 设置:验证信息(两个节点必须一致)
authentication {
auth_type PASS
auth_pass a123456!
}
## 定义:本实例KeepAlived的VIP虚拟IP地址(两个节点必须一致)
virtual_ipaddress {
192.168.10.100/24 dev eth0 scope global
}
## 定义:需要监控的网卡(可以包含额外的网卡)
## 注意:测试网卡故障转移时,必须彻底的断开网卡
track_interface {
eth0
eth1
}
## 定义:需要监控的<健康检测配置段>
track_script {
check_haproxy
}
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart
- 配置:keepalived配置文件 server02
cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
## 全局配置段
global_defs {
## 定义:通知收件人邮箱
notification_email {
li@qq.com
}
## 定义:发送邮件的邮件服务器
notification_email_from HAproxy01@one.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id haproxy01
## 表示:切换时,依据global_defs中定义的邮件地址发送邮件通知
## 需要确保linux系统本机的smtp协议25/tcp端口处于工作状态。
smtp_alert
## 表示当切换到master状态时,要执行的脚本
notify_master "/etc/keepalived/notify.sh masker"
## 表示当切换到backup状态时,要执行的脚本
notify_backup "/etc/keepalived/notify.sh backup"
## 表示当切换到fault故障状态时,要执行的脚本
notify_fault "/etc/keepalived/notify.sh fault"
}
## 定义:调用指定的<健康检测脚本程序>
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 2
}
## 定义:故障转移组
vrrp_sync_group G1 {
group {
WAN
}
}
vrrp_instance WAN {
## 定义:实例角色
state BACKUP
## 定义:承载VIP地址的物理接口
interface eth0
## 定义:VIP的MAC地址中的vrrp值,(两个节点必须一致)
virtual_router_id 51
## 定义:ARRP组播地址的<源IP地址>,即:心跳检测
##mcast_src_ip 192.168.10.9
## 定义:ARRP单播<源IP地址>,即:心跳检测
unicast_src_ip 192.168.10.9
## 定义:ARRP单播<一个或多个目标IP地址>,即:心跳检测
unicast_peer {
192.168.10.8
}
## 定义:优先级的初始值
priority 50
## 定义:VRRP通知报文的时间间隔
advert_int 1
## 设置:验证信息(两个节点必须一致)
authentication {
auth_type PASS
auth_pass a123456!
}
## 定义:本实例KeepAlived的VIP虚拟IP地址(两个节点必须一致)
virtual_ipaddress {
192.168.10.100/24 dev eth0 scope global
}
## 定义:需要监控的网卡(可以包含额外的网卡)
## 注意:测试网卡故障转移时,必须彻底的断开网卡
track_interface {
eth0
eth1
}
## 定义:需要监控的<健康检测配置段>
track_script {
check_haproxy
}
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart
- 检测vip绑定:
ip add show eth0
- 防火墙
service iptables restart
iptables -D INPUT -p vrrp -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT
service iptables save
测试
- 检测vip绑定:
ip add show eth0
service keepalived stop
service keepalived status
service haproxy stop
service haproxy status
- 检测心跳信息(VRRP数据包):
tcpdump -p vrrp -n -i eth0
服务
service keepalived restart
service keepalived stop
