一、部署准备
准备两台Linux(ubuntu)设备
主机:192.168.2.78
备机:192.168.2.18
设备安装keepalived(主机和备机都安装)
sudo apt-get install keepalived
keepalived配置文件为keepalived.conf,开始时文件可能不存在,需要自行创建,默认路径如下:
/etc/keepalived/keepalived.conf
keepalived.conf 的权限必须设置为644,否则可能无法启动 keepalived 服务,权限太高也不行。
keepalived 的日志可以这样查看:
tail -f /var/log/syslog
设备上keepalived的虚拟IP(V-ip)查询命令:
ip a show dev 网卡名 或 ip addr
二、开始部署
- 安装keepalived(主机和备机都安装)
sudo apt-get install keepalived
- 创建配置文件
V-ip约定为:192.168.2.233
sudo vi /etc/keepalived/keepalived.conf
内容如下:
====> 主机:
! Configuration File for keepalivedglobal_defs {# 全局唯一的主机标识router_id server_a
}
#健康检查
vrrp_script health_check {script "/home/ubuntu/work/health_check.sh" # 指定脚本interval 2 # 脚本执行间隔,单位秒timeout 2 # 脚本超时时间,单位秒fall 2 # 失败次数,超过此次数脚本将被标记为DOWNrise 1 # 成功次数,超过此次数脚本将被标记为UPweight -30 # 服务宕掉时,权重减少30
}
vrrp_instance VI_1 {# 标识是主节点还是备用节点,值为 MASTER 或 BACKUPstate MASTER# 绑定的网卡,指定设备实际的网卡名interface wlp0s20f3# 虚拟路由id,保证主备节点是一致的virtual_router_id 51# 权重priority 100# 同步检查时间,间隔默认1秒advert_int 1# 认证授权的密码,所有主备需要一样authentication {auth_type PASSauth_pass 1111}# 虚拟IP,主备需要一样virtual_ipaddress {192.168.2.233}#调用脚本track_script {health_check}##keepalived代理HTTP端口#virtual_server 192.168.2.233 10000 {# # ######}
}
====> 备机:
! Configuration File for keepalivedglobal_defs {# 全局唯一的主机标识router_id server_b
}
#健康检查
vrrp_script health_check {script "/home/azurengine/health_check.sh" # 指定脚本interval 2 # 脚本执行间隔,单位秒timeout 2 # 脚本超时时间,单位秒fall 2 # 失败次数,超过此次数脚本将被标记为DOWNrise 1 # 成功次数,超过此次数脚本将被标记为UPweight -30 # 服务宕掉时,权重减少30
}
vrrp_instance VI_1 {# 标识是主节点还是备用节点,值为 MASTER 或 BACKUPstate BACKUP# 绑定的网卡,指定设备实际的网卡名interface enp2s0# 虚拟路由id,保证主备节点是一致的virtual_router_id 51# 权重priority 90# 同步检查时间,间隔默认1秒advert_int 1# 认证授权的密码,所有主备需要一样authentication {auth_type PASSauth_pass 1111}# 虚拟IP,主备需要一样virtual_ipaddress {192.168.2.233}#调用脚本track_script {health_check}# #keepalived代理HTTP端口# virtual_server 192.168.2.233 10000 {# #### }
}- 健康检查脚本
health_check.sh
#!/bin/bashVALUE_TO_CHECK="yes" ## 模拟检查的结果if [ $VALUE_TO_CHECK == "yes" ]; thenecho "Server is healthy"exit 0
elseecho "Server is not healthy"exit 1
fi
- 重启keepalived服务
(主备都需要重启)
sudo systemctl restart keepalived
- 验证
(1)正常情况。
在主机查看V-ip,可以看到存在V-ip:
ubuntu@linux:~$ ip a show dev wlp0s20f3
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 90:09:df:a7:8d:b6 brd ff:ff:ff:ff:ff:ffinet 192.168.2.78/24 brd 192.168.2.255 scope global dynamic noprefixroute wlp0s20f3valid_lft 68900sec preferred_lft 68900secinet 192.168.2.233/32 scope global wlp0s20f3 ## V-ipvalid_lft forever preferred_lft foreverinet6 2408:8956:7a80:2d1d:c2eb:6e24:3e0:b/128 scope global dynamic noprefixroute valid_lft 6955sec preferred_lft 3355secinet6 fdc2:eb6e:2403:e000:31c1:5b9b:b739:417d/64 scope global temporary dynamic valid_lft 6978sec preferred_lft 3378secinet6 fdc2:eb6e:2403:e000:6eee:ca49:7e64:8cca/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 6978sec preferred_lft 3378secinet6 2408:8956:7a80:2d1d:26c:136c:3b20:7ca7/64 scope global temporary dynamic valid_lft 6978sec preferred_lft 3378secinet6 2408:8956:7a80:2d1d:a8d3:eef6:1dee:e9a0/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 6978sec preferred_lft 3378secinet6 fe80::e9dd:d4e4:c753:3c00/64 scope link noprefixroute valid_lft forever preferred_lft forever
在备机查看V-ip,V-ip不存在:
azurengine@azurengine-Default-string:/$ ip a show dev enp2s0
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:e0:97:21:d6:ec brd ff:ff:ff:ff:ff:ffinet 192.168.2.18/24 brd 192.168.2.255 scope global noprefixroute enp2s0valid_lft forever preferred_lft foreverinet6 fdc2:eb6e:2403:e000:2e0:97ff:fe21:d6ec/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7121sec preferred_lft 3521secinet6 2408:8956:7a80:2d1d:2e0:97ff:fe21:d6ec/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7121sec preferred_lft 3521secinet6 fe80::2e0:97ff:fe21:d6ec/64 scope link noprefixroute valid_lft forever preferred_lft forever
(2)异常情况
(主机health_check.sh脚本的VALUE_TO_CHECK改为‘no’)
主机查看V-ip,显示不存在V-ip:
ubuntu@linux:~$ ip a show dev wlp0s20f3
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 90:09:df:a7:8d:b6 brd ff:ff:ff:ff:ff:ffinet 192.168.2.78/24 brd 192.168.2.255 scope global dynamic noprefixroute wlp0s20f3valid_lft 69107sec preferred_lft 69107secinet6 2408:8956:7a80:2d1d:c2eb:6e24:3e0:b/128 scope global dynamic noprefixroute valid_lft 7162sec preferred_lft 3562secinet6 fdc2:eb6e:2403:e000:31c1:5b9b:b739:417d/64 scope global temporary dynamic valid_lft 7185sec preferred_lft 3585secinet6 fdc2:eb6e:2403:e000:6eee:ca49:7e64:8cca/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7185sec preferred_lft 3585secinet6 2408:8956:7a80:2d1d:26c:136c:3b20:7ca7/64 scope global temporary dynamic valid_lft 7185sec preferred_lft 3585secinet6 2408:8956:7a80:2d1d:a8d3:eef6:1dee:e9a0/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7185sec preferred_lft 3585secinet6 fe80::e9dd:d4e4:c753:3c00/64 scope link noprefixroute valid_lft forever preferred_lft forever
在备机上查看V-ip,发现V-ip漂移到备机上了:
azurengine@azurengine-Default-string:/$ ip a show dev enp2s0
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:e0:97:21:d6:ec brd ff:ff:ff:ff:ff:ffinet 192.168.2.18/24 brd 192.168.2.255 scope global noprefixroute enp2s0valid_lft forever preferred_lft foreverinet 192.168.2.233/32 scope global enp2s0 ## V-ipvalid_lft forever preferred_lft foreverinet6 fdc2:eb6e:2403:e000:2e0:97ff:fe21:d6ec/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7180sec preferred_lft 3580secinet6 2408:8956:7a80:2d1d:2e0:97ff:fe21:d6ec/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 7180sec preferred_lft 3580secinet6 fe80::2e0:97ff:fe21:d6ec/64 scope link noprefixroute valid_lft forever preferred_lft forever
(3)恢复
当主机脚本恢复VALUE_TO_CHECK恢复为‘yes’的时候,V-ip再次会到主机上,备机不存在V-ip(此处不贴结果了)。
- 遇到的问题
1.启动 keepalived 报错。解决方法:keepalived.conf 的权限修改为644。
2.主机健康检查失败后,备机自动接管V-ip,但是主机运行 ip addr 依然显示存在 V-ip。解决方法:防火墙会影响keepalived的心跳通信,所以主机和备机都需要关闭防火墙,或者允许特定的端口提供给keepalived进行通信。
