keepalived的雙節點及郵件通知實戰案例
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
一.配置郵件通知
1>.在QQ郵箱中獲取授權碼(依次點擊"設置" ---> "賬戶" ---> "生成授權碼"),如下圖所示。
2>.配置發件人信息
[root@node102.yinzhengjie.org.cn ~]# tail -7 /etc/mail.rc #Add by Yinzhengjie set from=1053419035@qq.com set smtp=smtp.qq.com set smtp-auth-user=1053419035@qq.com set smtp-auth-password=xmwzfttagtlsbefd set smtp-auth=login set ssl-verify=ignore [root@node102.yinzhengjie.org.cn ~]#
3>.編寫郵件通知的shell腳本
[root@node102.yinzhengjie.org.cn ~]# vim /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/notify.sh #!/bin/bash # #******************************************************************** #Author: yinzhengjie #QQ: 1053419035 #Date: 2019-11-23 #FileName: shell/menu.sh #URL: http://www.cnblogs.com/yinzhengjie #Description: The test script #Copyright notice: original works, no reprint! Otherwise, legal liability will be investigated. #******************************************************************** contact='1053419035@qq.com' function notify() { mailsubject="$(hostname) to be $1, vip轉移" mailbody="$(date +'%F %T'): VRRP Transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename$0) {master|backup|fault}" exit 100 ;; esac [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]#
4>.為腳本添加執行權限
[root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# chmod +x /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rwxr-xr-x 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# scp /etc/keepalived/notify.sh node103.yinzhengjie.org.cn:/etc/keepalived/ The authenticity of host 'node103.yinzhengjie.org.cn (172.30.1.103)' can't be established. ECDSA key fingerprint is SHA256:auvfSu0iwTr185exd1pfdhwkXf9wkA8VTXwYx8JrM1c. ECDSA key fingerprint is MD5:ae:6b:0f:b6:0c:05:bb:b8:a4:fe:02:dc:70:42:4f:1e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node103.yinzhengjie.org.cn,172.30.1.103' (ECDSA) to the list of known hosts. root@node103.yinzhengjie.org.cn's password: notify.sh 100% 945 1.1MB/s 00:00 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# scp /etc/mail.rc node103.yinzhengjie.org.cn:/etc/ root@node103.yinzhengjie.org.cn's password: mail.rc 100% 2155 2.4MB/s 00:00 [root@node102.yinzhengjie.org.cn ~]#
5>.測試腳本是否可以正常調用
[root@node102.yinzhengjie.org.cn ~]# /etc/keepalived/notify.sh master #調用腳本如果可以在郵箱看到消息說明腳本是沒有問題的,如下圖所示。 [root@node102.yinzhengjie.org.cn ~]#
二.Keepalived通知配置
1>.實驗架構說明
node102.yinzhengjie.org.cn
keepalived的master節點,可以將優先級調高。
node102.yinzhengjie.org.cn
keepalived的backup節點,可以將優先級調低
2>.編輯"node102.yinzhengjie.org.cn"節點的keepalived配置文件
[root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived #上一行是注釋信息,global_defs則定義全局配置。 global_defs { #聲明虛擬路標識符,一般會寫當前主機名稱 router_id node102.yinzhengjie.org.cn #所有報文都檢查比較消耗性能,此配置為如果收到的報文和上一個報文是同一個路由器發出的則跳過檢查報文中的源地址。 vrrp_skip_check_adv_addr #禁用防火牆策略,keepalived默認啟動時會自動生成iptables策略,因此我們啟用此項就可以不生成iptables的策略。 vrrp_iptables #嚴格遵守VRRP協議,即不允許以下三種狀況: # 1>.沒有VIP地址; # 2>.單播鄰居; # 3>.在VRRP版本2中有IPv6地址; # #由於我下面配置基於單播地址發送消息,因此我這里手動禁用了嚴格模式,直接注釋即可。 #vrrp_strict #ARP報文發送延遲時間,0表示不延遲。 vrrp_garp_interval 0 #消息發送延遲,0表示不延遲。 vrrp_gna_interval 0 } #使用vrrp_instance指令定義一個VIP實例名稱,我這里自定義VIP實例的名稱為"VIP01",生產環境建議該名稱和業務相結合。 vrrp_instance VIP01 { #指定當前實例默認角色,當前節點在此虛擬路由器上的初始狀態,狀態為MASTER或者BACKUP state BACKUP #定義工作模式為非搶占模式(即當master重啟,VIP會飄移到其它節點,重啟完成后並不會將vip搶過來),需要兩個keepalived的state的值均為"BACKUP",讓它們根 據個節點的優先級選擇對應的master nopreempt #定義VIP綁定的本地接口的名稱(該接口名稱必須在當前節點存在喲~),即綁定為當前虛擬路由器使用的物理接口 interface eth1 #定義當前虛擬路由器惟一標識,該id的范圍是0-255,注意,用一組keepalived的id編號必須要一致喲~ virtual_router_id 27 #當前物理節點在此虛擬路由器中的優先級;范圍1-254 priority 150 #定義vrrp通告的時間間隔,默認1s advert_int 2 #指定單播地址的源地址,需要禁用嚴格模式"vrrp_strict" unicast_src_ip 172.30.1.102 #指定單播地址的對端地址 unicast_peer { 172.30.1.103 } #定義認證機制 authentication { #指定認證類型 auth_type PASS #指定認證密碼,僅前8位有效喲~ auth_pass yinzhengjie } #指定具體的虛擬IP地址,可以指定多個。 virtual_ipaddress { 172.30.1.100 dev eth1 label eth1:0 172.30.1.200 dev eth1 label eth1:1 } #定義通知腳本,當前節點成為主節點時觸發的腳本 notify_master "/etc/keepalived/notify.sh master" #定義通知腳本,當前節點轉為備節點時觸發的腳本 notify_backup "/etc/keepalived/notify.sh backup" #定義通知腳本,當前節點轉為“失敗”狀態時觸發的腳本 notify_fault "/etc/keepalived/notify.sh fault" } [root@node102.yinzhengjie.org.cn ~]#
3>.編輯"node103.yinzhengjie.org.cn"節點的keepalived配置文件
[root@node103.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived #上一行是注釋信息,global_defs則定義全局配置。 global_defs { #聲明虛擬路標識符,一般會寫當前主機名稱,需要保證該id在局域網唯一。 router_id node103.yinzhengjie.org.cn #所有報文都檢查比較消耗性能,此配置為如果收到的報文和上一個報文是同一個路由器發出的則跳過檢查報文中的源地址。 vrrp_skip_check_adv_addr #禁用防火牆策略,keepalived默認啟動時會自動生成iptables策略,因此我們啟用此項就可以不生成iptables的策略。 vrrp_iptables #嚴格遵守VRRP協議,即不允許以下三種狀況: # 1>.沒有VIP地址; # 2>.單播鄰居; # 3>.在VRRP版本2中有IPv6地址; # #由於我下面配置基於單播地址發送消息,因此我這里手動禁用了嚴格模式,直接注釋即可。 #vrrp_strict #ARP報文發送延遲時間,0表示不延遲。 vrrp_garp_interval 0 #消息發送延遲,0表示不延遲。 vrrp_gna_interval 0 } #使用vrrp_instance指令定義一個VIP實例名稱,我這里自定義VIP實例的名稱為"VIP01",生產環境建議該名稱和業務相結合。 vrrp_instance VIP01 { #指定當前實例默認角色,當前節點在此虛擬路由器上的初始狀態,狀態為MASTER或者BACKUP state BACKUP #定義VIP綁定的本地接口的名稱(該接口名稱必須在當前節點存在喲~),即綁定為當前虛擬路由器使用的物理接口 interface eth1 #定義當前虛擬路由器惟一標識,該id的范圍是0-255,注意,用一組keepalived的id編號必須要一致喲~ virtual_router_id 27 #當前物理節點在此虛擬路由器中的優先級;范圍1-254 priority 50 #定義vrrp通告的時間間隔,默認1s advert_int 2 #指定單播地址的源地址,需要禁用嚴格模式"vrrp_strict" unicast_src_ip 172.30.1.103 #指定單播地址的對端地址 unicast_peer { 172.30.1.102 } #定義認證機制 authentication { #指定認證類型 auth_type PASS #指定認證密碼,僅前8位有效喲~ auth_pass yinzhengjie } #指定具體的虛擬IP地址,可以指定多個。 virtual_ipaddress { 172.30.1.100 dev eth1 label eth1:0 172.30.1.200 dev eth1 label eth1:1 } #定義通知腳本,當前節點成為主節點時觸發的腳本 notify_master "/etc/keepalived/notify.sh master" #定義通知腳本,當前節點轉為備節點時觸發的腳本 notify_backup "/etc/keepalived/notify.sh backup" #定義通知腳本,當前節點轉為“失敗”狀態時觸發的腳本 notify_fault "/etc/keepalived/notify.sh fault" } [root@node103.yinzhengjie.org.cn ~]#
4>.啟動"node102.yinzhengjie.org.cn"的keepalived
[root@node102.yinzhengjie.org.cn ~]# systemctl start keepalived [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 357 bytes 27759 (27.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 250 bytes 23932 (23.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29200 bytes 2421303 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28635 bytes 3498739 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2420 bytes 254094 (248.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2420 bytes 254094 (248.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]#
5>.再啟動"node103.yinzhengjie.org.cn"
[root@node103.yinzhengjie.org.cn ~]# systemctl start keepalived [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:ef:75:60 txqueuelen 1000 (Ethernet) RX packets 4779 bytes 706794 (690.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5111 bytes 479741 (468.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.103 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) RX packets 20684 bytes 1564433 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21348 bytes 4782063 (4.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]#
三.驗證keepalived的VIP飄逸及郵箱通知
1>.重啟"node102.yinzhengjie.org.cn"的keepalived服務
[root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 357 bytes 27759 (27.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 250 bytes 23932 (23.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29247 bytes 2424639 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28818 bytes 3514371 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2434 bytes 255550 (249.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2434 bytes 255550 (249.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# systemctl restart keepalived [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 382 bytes 29660 (28.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 267 bytes 25561 (24.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29303 bytes 2429195 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28871 bytes 3525795 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2436 bytes 255758 (249.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2436 bytes 255758 (249.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
2>.vip飄向了"node103.yinzhengjie.org.cn"節點
[root@node103.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:ef:75:60 txqueuelen 1000 (Ethernet) RX packets 4840 bytes 714090 (697.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5167 bytes 485000 (473.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.103 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) RX packets 20865 bytes 1576103 (1.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21496 bytes 4797151 (4.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node103.yinzhengjie.org.cn ~]#
3>.觀察QQ郵箱,發現的確收到了告警信息
