一 環境准備
1.1 設置時間同步
root@node-01:~# apt -y install chrony
root@node-01:~# systemctl enable chrony
二 在線安裝
2.1 查看keepalived軟件版本
root@node-01:~# apt-cache madison keepalived
keepalived | 1:2.0.19-2 | http://mirrors.aliyun.com/ubuntu focal/main amd64 Packages2.2 安裝keepalived
root@node-01:~# apt -y install keepalived2.3 准備keepalived.conf文件
root@node-01:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.sample /etc/keepalived/keepalived.conf2.4 修改keepalived.conf文件
點擊查看代碼
root@node-01:~# sed -i 's@interface eth0@interface ens33@g' /etc/keepalived/keepalived.conf 2.5 啟動keepalived服務
點擊查看代碼
root@node-01:~# systemctl start keepalived root@node-01:~# systemctl status keepalived ● keepalived.service - Keepalive Daemon (LVS and VRRP) Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-11-09 12:05:12 CST; 3s ago Main PID: 2182 (keepalived) Tasks: 3 (limit: 2245) Memory: 2.3M CGroup: /system.slice/keepalived.service ├─2182 /usr/sbin/keepalived --dont-fork ├─2194 /usr/sbin/keepalived --dont-fork └─2195 /usr/sbin/keepalived --dont-fork
Nov 09 12:05:12 keepalived-01 Keepalived[2182]: Starting VRRP child process, pid=2195
Nov 09 12:05:12 keepalived-01 Keepalived_healthcheckers[2194]: Initializing ipvs
Nov 09 12:05:12 keepalived-01 Keepalived_healthcheckers[2194]: Gained quorum 1+0=1 <= 1 for VS [10.10.10.2]:tcp:1358
Nov 09 12:05:12 keepalived-01 Keepalived_healthcheckers[2194]: Activating healthchecker for service [192.168.200.2]:tcp:1358 for VS [10.10.10.2]:tcp:1358
Nov 09 12:05:12 keepalived-01 Keepalived_healthcheckers[2194]: Activating BFD healthchecker
Nov 09 12:05:12 keepalived-01 Keepalived_vrrp[2195]: Registering Kernel netlink reflector
Nov 09 12:05:12 keepalived-01 Keepalived_vrrp[2195]: Registering Kernel netlink command channel
Nov 09 12:05:12 keepalived-01 Keepalived_vrrp[2195]: Opening file '/etc/keepalived/keepalived.conf'.
Nov 09 12:05:12 keepalived-01 Keepalived_vrrp[2195]: Registering gratuitous ARP shared channel
Nov 09 12:05:12 keepalived-01 Keepalived_vrrp[2195]: (VI_1) Entering BACKUP STATE (init)
2.6 驗證VIP
點擊查看代碼
root@node-01:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:2e:5a:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.174.120/24 brd 192.168.174.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.11/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.12/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.200.13/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe2e:5a9c/64 scope link
valid_lft forever preferred_lft forever三 編譯安裝keepalived
3.1 安裝依賴
root@node-01:~# apt -y install gcc openssl libssl-dev make libnl-3-dev3.2 下載keepalived安裝包
root@keepalived-01:/opt# wget https://keepalived.org/software/keepalived-2.2.4.tar.gz
3.3 安裝keepalived
root@node-01:/opt# tar xf keepalived-2.2.4.tar.gz
root@node-01:/opt# cd keepalived-2.2.4/
root@node-01:/opt/keepalived-2.2.4# ./configure --prefix=/usr/local/keepalived
root@node-01:/opt/keepalived-2.2.4# make && make install
3.4 准備keepalived.conf文件
點擊查看代碼
root@node-01:~# mkdir -pv /etc/keepalived
mkdir: created directory '/etc/keepalived'
root@node-01:~# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
root@node-01:~# sed -i 's@interface eth0@interface ens33@g' /etc/keepalived/keepalived.conf 3.4 准備keepalived.service文件
root@node-01:~# cat /lib/systemd/system/keepalived.service [Unit] Description=Keepalive Daemon (LVS and VRRP) After=network-online.target Wants=network-online.target[Service]
Type=forking
PIDFile=/run/keepalived.pid
killmode=process
EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
3.5 開機啟動keepalived
root@node-01:~# systemctl enable keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /lib/systemd/system/keepalived.service.
3.6 啟動keepalived
點擊查看代碼
root@node-01:~# systemctl start keepalived root@node-01:~# systemctl status keepalived ● keepalived.service - Keepalive Daemon (LVS and VRRP) Loaded: loaded (/lib/systemd/system/keepalived.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-11-09 13:50:48 CST; 2s ago Process: 66737 ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 66753 (keepalived) Tasks: 3 (limit: 2245) Memory: 1.7M CGroup: /system.slice/keepalived.service ├─66753 /usr/local/keepalived/sbin/keepalived -D ├─66754 /usr/local/keepalived/sbin/keepalived -D └─66755 /usr/local/keepalived/sbin/keepalived -D
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Gained quorum 1+0=1 <= 2 for VS [10.10.10.2]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Gained quorum 1+0=1 <= 2 for VS [10.10.10.3]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Activating healthchecker for service [192.168.201.100]:tcp:443 for VS [192.168.200.100]:tcp:443
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Activating healthchecker for service [192.168.200.2]:tcp:1358 for VS [10.10.10.2]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Activating healthchecker for service [192.168.200.3]:tcp:1358 for VS [10.10.10.2]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Activating healthchecker for service [192.168.200.4]:tcp:1358 for VS [10.10.10.3]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_healthcheckers[66754]: Activating healthchecker for service [192.168.200.5]:tcp:1358 for VS [10.10.10.3]:tcp:1358
Nov 09 13:50:48 node-01 Keepalived_vrrp[66755]: (VI_1) Entering BACKUP STATE (init)
Nov 09 13:50:48 node-01 Keepalived_vrrp[66755]: VRRP sockpool: [ifindex( 2), family(IPv4), proto(112), fd(13,14)]
Nov 09 13:50:48 node-01 systemd[1]: Started Keepalive Daemon (LVS and VRRP).
3.7 驗證vip
root@node-01:~# hostname -I
192.168.174.120 192.168.200.16 192.168.200.17 192.168.200.183.8 測試vip連通性
root@node-01:~# ping -c 2 192.168.200.18 PING 192.168.200.18 (192.168.200.18) 56(84) bytes of data. 64 bytes from 192.168.200.18: icmp_seq=1 ttl=64 time=0.016 ms 64 bytes from 192.168.200.18: icmp_seq=2 ttl=64 time=0.045 ms
--- 192.168.200.18 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1014ms
rtt min/avg/max/mdev = 0.016/0.030/0.045/0.014 ms
四 keepalived.conf文件解析
4.1 實現獨立配置文件
root@node-01:~# tail -n1 /etc/keepalived/keepalived.conf
include /etc/keepalived/conf.d/*.conf
4.2 keepalived.conf文件詳解
點擊查看代碼
root@node-01:~# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalivedglobal_defs {
notification_email { #keepalived發生故障切換時郵件發送的目標郵箱
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc #發送郵件的地址
smtp_server 192.168.200.1 #郵件服務器地址
smtp_connect_timeout 30 #郵件服務器連接timeout
router_id LVS_DEVEL #每個keepalived主機唯一標識,建議使用當前主機名稱
vrrp_skip_check_adv_addr #對所有通告報文都檢查,會比較消耗性能,啟動此配置后,如果收到的通告報文和上一個報文是同一個路由器,則跳過檢查,默認值為全檢查
vrrp_strict #嚴格遵守VRRP協議,禁止以下情況:1.無VIP地址;2.配置了單播;3.在VRRP版本2中有IPV6地址,開啟此項會自動開啟iptalbes防火牆規則,建議關閉此項配置
vrrp_garp_interval 0 #gratuitous ARP message報文發送延遲,0標識不延遲
vrrp_gna_interval 0 #unsolicited NA message 消息發送延遲
}vrrp_instance VI_1 {
state MASTER # 當前節點在虛擬路由上的初始狀態,狀態為MASTER或者BACKUP
interface ens33 #修改此行,默認為eth0 綁定為當前虛擬路由器使用的物理接口
virtual_router_id 51 #每個虛擬路由器唯一標識,范圍0-255.每個虛擬路由器必須唯一,同屬一個虛擬路由器的多個keepalived節點必須相同
priority 100 #當前物理節點在此虛擬路由器的優先級,范圍1-254,每個keepalived節點此值不同
advert_int 1 #vrrp通告的時間間隔,默認1s
authentication { #認證機制
auth_type PASS #預共享秘鑰,僅前8位有效,同一個虛擬路由器的多個keepalived節點必須一樣
auth_pass 1111
}
virtual_ipaddress { #虛擬IP
192.168.200.16 #指定VIP,不指定網卡,默認為eth0,默認掩碼32
192.168.200.17/24 dev eth1 #指定VIP網卡
192.168.200.18/24 dev ens33 label ens33:1 # 指定VIP網卡label
}
}virtual_server 192.168.200.100 443 { #虛擬服務器,VIP和PORT
delay_loop 6 #檢查后端服務器的時間間隔
lb_algo rr # 定義調度方法 rr|wrr|lc|wlc|lblc|sh|dh
lb_kind NAT #集群的類型, NAT|DR|TUN
persistence_timeout 50 #持久連接時長
protocol TCP #指定服務協議,TCP|UDP|SCTPreal_server 192.168.201.100 443 { #RS的IP和PORT weight 1 #RS的權重 SSL_GET { #應用層檢測 HTTP_GET|SSL_GET url { path / #定義要監控的URL digest ff20ad2481f97b1754ef3e12ecd3a9cc } url { path /mrtg/ digest 9b3a0c85a887a256d6939da88aabd8cd } connect_timeout 3 #客戶端請求的超時時長 retry 3 #重試次數 delay_before_retry 3 #重試之前的延遲時長 } }}
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCPsorry_server 192.168.200.200 1358 real_server 192.168.200.2 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 retry 3 delay_before_retry 3 } } real_server 192.168.200.3 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334c } connect_timeout 3 retry 3 delay_before_retry 3 } }}
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCPreal_server 192.168.200.4 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 retry 3 delay_before_retry 3 } } real_server 192.168.200.5 1358 { weight 1 HTTP_GET { url { path /testurl/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl2/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } url { path /testurl3/test.jsp digest 640205b7b0fc66c1ea91c463fac6334d } connect_timeout 3 retry 3 delay_before_retry 3 } }
}