目录
一. 环境准备
KeepAlived在该项目中的功能:
1. 管理IPVS的路由表(包括对RealServer做健康检查)
2. 实现调度器的HA
官网地址:Keepalived for Linux
准备四个虚拟机,要在同一网段内且可互相通信,关闭防火墙,SElinux,时间同步和配置好YUM源操作。
虚拟IP为:192.168.226.200
| 主机名 | IP | 系统 | 用途 |
| master | 192.168.225.138 | Rocky_linux9.4 | 主虚拟服务器 |
| backup | 192.168.226.129 | Rocky_linux9.4 | 备虚拟服务器 |
| web1 | 192.168.226.99 | Centos7 | 后端web服务器 |
| web2 | 192.168.226.100 | Centos7 | 后端web服务器 |
| localhost | 10.35.186.197 | windows10 | 模拟客户 |
二. 对master和backup操作
下载ipvsadm和keepalived
yum install -y ipvsadm keepalived备份两台这两台主机的keepalived.conf文件
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak三. 配置master主机
vi /etc/keepalived/keepalived.conf#删除原来全部配置内容,加入如下配置内容,其中IP要改成你的对应的服务IP
! Configuration File for keepalived
global_defs {
router_id lvs-keepalived-master #辅助改为lvs-backup
}
vrrp_script check_run {
script /etc/keepalived/keepalived_check_mysql.sh
interval 5
}
vrrp_instance VI_1 {
state MASTER
interface ens33 #VIP绑定接口
virtual_router_id 80 #VRID 同一组集群,主备一致
priority 100 #本节点优先级,辅助改为50
advert_int 1 #检查间隔,默认为1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.226.200/24 # 可以写多个vip
}
track_script {
check_run
}
notify_master "/etc/keepalived/sendmail.sh master"
notify_backup "/etc/keepalived/sendmail.sh backup"
notify_fault "/etc/keepalived/sendmail.sh fault"
}
virtual_server 192.168.226.200 80 { #LVS配置
delay_loop 3
lb_algo rr #LVS调度算法
lb_kind DR #LVS集群模式(路由模式)
net_mask 255.255.255.0
protocol TCP #健康检查使用的协议
real_server 192.168.226.99 80 {
weight 1
inhibit_on_failure #当该节点失败时,把权重设置为0,而不是从IPVS中删除
TCP_CHECK { #健康检查
connect_port 80 #检查的端口
connect_timeout 3 #连接超时的时间
}
}
real_server 192.168.226.100 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
}
四. 配置backup主机
vi /etc/keepalived/keepalived.conf#删除原来全部配置内容,加入如下配置内容,其中IP要改成你的对应的服务IP
! Configuration File for keepalived
global_defs {
router_id lvs-keepalived-slave
}
vrrp_script check_run {
script /etc/keepalived/sendmail.sh
interval 5
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
nopreempt
virtual_router_id 80
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.226.200/24
}
}
track_script {
check_run
}
notify_master "/etc/keepalived/sendmail.sh master"
notify_backup "/etc/keepalived/sendmail.sh backup"
notify_fault "/etc/keepalived/sendmail.sh fault"
virtual_server 192.168.226.200 80 {
delay_loop 3
lb_algo rr
lb_kind DR
net_mask 255.255.255.0
protocol TCP
real_server 192.168.226.99 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_port 80
connect_timeout 3
}
}
real_server 192.168.226.100 80 {
weight 1
inhibit_on_failure
TCP_CHECK {
connect_timeout 3
connect_port 80
}
}
}
六. 验证虚拟IP
启动mastart主机和backup主机中的keepalived
systemctl enable --now keepalived查看并验证两台主机都又ipvsadm规则
ipvsadm -Ln
其中,在master主机中查看ip,可以看到虚拟IP已经有了
七. 配置后端两个web服务器
对web1和web2主机都进行如下操作:
下载nginx
yum install -y nginx添加虚拟IP
ip addr add dev lo 192.168.226.200/32添加开机启动时,绑定vip
echo "ip addr add dev lo 192.168.226.200/32" >> /etc/rc.localweb1和web2主机都配置
echo "net.ipv4.conf.all.arp_ignore = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.arp_announce = 2" >> /etc/sysctl.conf重新加载 sysctl 配置
sysctl -p给 rc.local加执行权限
chmod +x /etc/rc.local单独修改web1主机
echo web1 > /usr/share/nginx/html/index.html单独修改web2主机
echo web2 > /usr/share/nginx/html/index.htmlweb1主机和web2主机的nginx启动并设置开机自启
systemctl enable --now nginx验证
在浏览器无痕模式,避免浏览器缓存影响,输入虚拟IP多次刷新可以看到会显示web1和web2的内容。
当master主机模拟关闭keepalived后,虚拟IP依旧可以访问,虚拟IP已经切换到backup主机上了。
八. 设置邮件报警
对master和backup主机下载邮件
yum install -y s-nail说明: 在Rocky_linux9.4中,下载邮件是s-nail 而在centos7下载邮件是mailx
master和backup都配置上邮箱,这是rocky系统上的配置,cenos7配置文件在/etc/mailx.rc
vim /etc/s-nail.rc #在s-nail.rc文件最后加入如下内容,里面的邮箱相关配置需要修改成你的真实服务邮箱这是用来发送的邮箱
set [email protected] #邮箱账号
set smtp=smtp.qq.com #邮件服务器
set [email protected] #邮箱账号
set smtp-auth-password=xxxxxxxx #邮件授权码
set smtp-auth=login
set ssl-verify=ignore
#这是第二种格式,两者都可用,选其一即可,但是记得替换邮箱号码和服务商
set v15-compat
set [email protected]
set mta=smtp://1111111111%40qq.com:授权码@smtp.qq.com smtp-use-starttls
set smtp-auth=login
master和backup主机都要编写发送邮件脚本,脚本中的邮箱是接收人邮箱,注意修改
vi /etc/keepalived/sendmail.sh
#!/bin/bash
to_email='[email protected]'
ipaddress=`ip -4 a show dev ens33 | awk '/brd/{print $2}'`
notify() {
mailsubject="${ipaddress}to be $1, vip转移"
mailbody="$(date +'%F %T'): vrrp 飘移, $(hostname) 切换到 $1"
echo "$mailbody" | s-nail -s "$mailsubject" $to_email
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac同时都要赋予执行权限
chmod 777 /etc/keepalived/sendmail.sh在keepalived.conf模板里已经定义了调用邮件的脚本。因此这里直接去测试即可。
在master主机中停止keepalived服务,然后会发现虚拟IP跳转到了backup主机上,并且接收者邮箱会收到对应的报警邮件,同时访问虚拟IP网站也是可以正常的,当master启动keepalived服务后,也会收到邮件,并且虚拟IP又回到了master主机上。
