CentOS 7 keepalived部署
CentOS 7环境下,keepavived服务配置,VRRP IP飘移测试。
简介
Keepalived 是一个用 C 语言编写的路由软件。该项目的主要目标是为 Linux 系统和基于 Linux 的基础架构提供简单而强大的负载平衡和高可用性设施。负载平衡框架依赖于众所周知且广泛使用的Linux 虚拟服务器 (IPVS) 内核模块,提供第 4 层负载平衡。Keepalived 实现了一组检查器,以根据其健康状况动态和自适应地维护和管理负载平衡的服务器池。另一方面,高可用性是通过 VRRP实现的协议。VRRP 是路由器故障转移的基础。此外,Keepalived 实现了一组与 VRRP 有限状态机的挂钩,提供低级和高速协议交互。为了提供最快的网络故障检测,Keepalived 实现了BFD协议。VRRP 状态转换可以考虑 BFD 提示来驱动快速状态转换。Keepalived 框架可以单独使用,也可以一起使用,以提供弹性基础架构。
keepalived 部署环境
配置主机:
虚拟IP:192.168.10.80
主服务器:192.168.10.81
备服务器:192.168.10.82
主机需要保证时间一致。
安装keepalived
直接通过yum安装keepalived。在两台主机分别安装keepalived。
1
| yum install keepalived -y
|
配置keepalived
主服务器配置参考:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| [root@haproxy-node-a ~]
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.80
}
}
|
备服务器配置参考:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| [root@haproxy-node-b ~]
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.80
}
}
|
提示说明
- 虚拟路由器:Virtual Router
- 虚拟路由器标识:VRID(0-255)
- 物理路由器:
- master :主设备
- backup :备用设备
- priority:优先级
- VIP:Virtual IP
- VMAC:Virutal MAC
- GraciousARP
安全认证
工作模式
- 主/备:单虚拟路径器;
- 主/主:主/备(虚拟路径器),备/主(虚拟路径器)
工作类型
- 抢占式:当出现比现有主服务器优先级高的服务器时,会发送通告抢占角色成为主服务器
- 非抢占式
配置防火墙
如果您正在运行防火墙(通过 firewalld 或 iptables),则必须允许 VRRP 流量在 keepalived 节点之间传递。要将防火墙配置为允许使用 firewalld 的 VRRP 流量,请运行以下命令:
如果省略区域,将使用默认区域。 但是,如果您需要通过 iptables 允许 VRRP 流量,请运行以下命令:
配置参考链接
验证keepalived
抢占工keepalived配置,启动keepalived后,优先级高的获得VIP,主服务器网卡信息如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0c:da:41:1d:1a:ee brd ff:ff:ff:ff:ff:ff
inet 192.168.10.81/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.10.80/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5551:3346:d6b7:73d5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
|
备服务器只有本地网卡IP信息:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0c:da:41:1d:db:f5 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.82/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::22c7:f98f:8813:7eca/64 scope link noprefixroute
valid_lft forever preferred_lft forever
|
使用arping 测试VIP 192.168.10.80,得到结果:
1
2
3
4
5
6
7
8
| arping 192.168.10.80
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 1.101ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.948ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.870ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.690ms
^CSent 4 probes (1 broadcast(s))
Received 4 response(s)
|
通过主机arping测试,得到arp缓存为主服务器arp。
将主服务器网络断开。再次测试,查看keepalived状态,此时,备服务器已经分配到VIP,192.168.10.80:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0c:da:41:1d:db:f5 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.82/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.10.80/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::22c7:f98f:8813:7eca/64 scope link noprefixroute
valid_lft forever preferred_lft forever
|
使用arping 测试VIP 192.168.10.80,得到结果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| root@node70 ~]
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 1.101ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.948ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.870ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.690ms
^CSent 4 probes (1 broadcast(s))
Received 4 response(s)
[root@node70 ~]
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 1.456ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 1.013ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.792ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.799ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.874ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.869ms
^CSent 6 probes (1 broadcast(s))
Received 6 response(s)
|
关闭主服务器网络服务后,备服务器能够正常获得VIP 192.168.10.80,VIP实现迁移。
再次重启主服务器的keepalived服务,主服务器再次获得VIP。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| [root@node70 ~]
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 1.101ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.948ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.870ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.690ms
^CSent 4 probes (1 broadcast(s))
Received 4 response(s)
[root@node70 ~]
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 1.456ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 1.013ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.792ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.799ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.874ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:DB:F5] 0.869ms
^CSent 6 probes (1 broadcast(s))
Received 6 response(s)
[root@node70 ~]
ARPING 192.168.10.80 from 192.168.10.70 eth0
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 1.033ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.977ms
Unicast reply from 192.168.10.80 [0C:DA:41:1D:1A:EE] 0.714ms
^CSent 3 probes (1 broadcast(s))
Received 3 response(s)
|
keepalived主备切换,故障恢复测试完成。