4个节点:
keepalived1: IP:172.16.20.10 hostname:knode1.lushenle.com OS:CentOS Linux release 7.1.1503 (Core) NetworkDEVICE:eno16777728keepalived2:
IP:172.16.20.12 hostname:knode2.lushenle.com OS:CentOS Linux release 7.1.1503 (Core) NetworkDEVICE:eno16777728Real Server1:
IP:172.16.100.40 hostname:node1.lushenle.com OS:CentOS Linux release 7.4.1708 (Core) NetworkDEVICE:ens32Real Server2:
IP:172.16.100.50 hostname:node3.lushenle.com OS:CentOS Linux release 7.4.1708 (Core) NetworkDEVICE:ens32还有一个节点是客户端,IP地址为172.16.100.20,OS为MacOSX。其中Real Server2还是yum源。VIP为172.16.20.100,各节点之间的都能相互解析主机名,使用了公钥认证
两个keepalived节点开启核心转发功能,操作是在keepalived1节点中完成的:
# echo 1 > /proc/sys/net/ipv4/ip_forward; ssh knode2.lushenle.com 'echo 1 > /proc/sys/net/ipv4/ip_forward'安装keepalived,ipvsadm,httpd,其中httpd的作用是Sorry_server:
# yum install -y keepalived,ipvsadm,httpd; ssh knode2.lushenle.com 'yum install -y keepalived,ipvsadm,httpd' # echo "<h1>The system is upgrading on knode1 Please wait a few minutes retry!<h1>" > /var/www/html/index.html keepalived2也是一样的,但为了测试效果,加以区别,可显示不同的内容 # echo "<h1>The system is upgrading on knode2 Please wait a few minutes retry!<h1>" > /var/www/html/index.html # systemctl start http; ssh knode2.lushenle.com 'systemctl start http'配置keepalived,在不停止服务的前提下可以通过脚本的方式进行流转,且流转的时候发邮件:
# cp /etc/keepalived/keepalived.conf{,.bak} ```先备份一下``` # vim /etc/keepalived/keepalived.conf1 ! Configuration File for keepalived 2 3 global_defs { 4 notification_email { 5 root@localhost 6 } 7 notification_email_from kaadmin@localhost 8 smtp_server 127.0.0.1 9 smtp_connect_timeout 3010 router_id LVS_DEVEL11 vrrp_mcast_group4 224.0.1.11812 }13 14 vrrp_script chk_down {15 script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"16 interval 117 weight -2018 }19 20 vrrp_instance VI_1 {21 state MASTER22 interface eno1677772823 virtual_router_id 14424 priority 10025 advert_int 126 authentication {27 auth_type PASS28 auth_pass 44dace615cdd5d26 29 }30 virtual_ipaddress {31 172.16.20.100/16 dev eno16777728 label eno16777728:132 }33 34 track_script {35 chk_down36 }37 38 notify_master "/etc/keepalived/notify.sh master"39 notify_backup "/etc/keepalived/notify.sh backup"40 notify_fault "/etc/keepalived/notify.sh fault"41 }42 43 virtual_server 172.16.20.100 80 {44 delay_loop 645 lb_algo wrr46 lb_kind DR47 nat_mask 255.255.0.048 protocol TCP49 sorry_server 127.0.0.1 8050 51 real_server 172.16.100.40 80 {52 weight 153 HTTP_GET {54 url {55 path /56 status_code 200 57 }58 connect_timeout 359 nb_get_retry 360 delay_before_retry 361 }62 }63 real_server 172.16.100.50 80 {64 weight 265 HTTP_GET {66 url {67 path /68 status_code 200 69 }70 connect_timeout 371 nb_get_retry 372 delay_before_retry 373 }74 }75 }
将keepalived1节点中/etc/keepalived/keepalived.conf文件复制keepalived2节点中,将state MASTER改为state BACKUP,priority 100改为priority 90即可
# vim /etc/keepalived/notify.sh
1 #!/bin/bash 2 # 3 4 vip=172.16.20.100 5 contact='root@localhost' 6 7 notify() { 8 mailsubject="`hostname` to be $1: $vip floating" 9 mailbody="`date '+%F %H:%M:%S'`: vrrp transition, `hostname` changed to be $1"10 echo $mailbody | mail -s "$mailsubject" $contact11 }12 13 case "$1" in14 master)15 notify master16 exit 017 ;;18 backup)19 notify backup20 exit 021 ;;22 fault)23 notify fault24 exit 025 ;;26 *)27 echo 'Usage: `basename $0` {master|backup|fault}'28 exit 129 ;;30 esac
也将此脚本复制到keepalived2节点中
启动两个keepalived节点:
# systemctl start keepalived; ssh knode2.lushenle.com 'systemctl start keepalived'此时可查看自动生成的ipvs规则
# ipvsadm -L -n
两台Real Server中修改内核参数,将Real Server中VIP配置在ens32网卡的别名ens32:0上,并限制其不能响应对VIP地址的请求:
# vim set.sh1 #!/bin/bash2 #3 vip=172.16.20.1004 ifconfig ens32:0 $vip broadcast $vip netmask 255.255.255.255 up5 route add -host $vip ens32:06 echo 1 > /proc/sys/net/ipv4/conf/ens32/arp_ignore7 echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore8 echo 2 > /proc/sys/net/ipv4/conf/ens32/arp_announce9 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
为Real Server1提供内容,因为Real Server2位所有节点的yum源,就懒得去修改了:
# echo "<h1>This is on real server1<h1>" > /var/www/html/index.html启动两个Real Server的服务:
# systemctl start httpd; ssh node3.lushenle.com 'systemctl start httpd'客户端进行访问、测试