配置邮箱服务
yum -y install postfix;systemctl enable --now postfix
yum -y install mailx
cat >> /etc/mail.rc <<eof
set from=2298408548@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=2298408548@qq.com
set smtp-auth-password=yslsnzvgqqtadhee
set smtp-auth=login
eof
echo "测试邮件" | mail -s "测试" 2298408548@qq.com
🔣实现VIP的漂移vrrp_instance
yum install rsyslog -y; systemctl enable --now rsyslog
yum -y install keepalived;systemctl enable --now keepalived
vim /etc/keepalived/keepalived.conf 修改ka1的配置文件
#########全局配置############
global_defs {
notification_email {
2298408548@qq.com
}
notification_email_from 2298408548@qq.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1 #修改此行
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_mcast_group4 224.8.8.8
}
#########配置虚拟路由VRRP############
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 88
priority 100 #修改此行
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.10
}
}
scp /etc/keepalived/keepalived.conf 10.0.0.28:/etc/keepalived/keepalived.conf 修改ka2的配置文件
systemctl restart keepalived
hostname -I 测试
tcpdump -i eth0 -nn host 224.8.8.8
启用独立日志
yum install rsyslog -y; systemctl enable --now rsyslog 未成功!
vi /etc/rsyslog.conf
local6.* /var/log/keepalived.log
vi /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 6"
systemctl restart keepalived rsyslog
实现独立子配置文件
mkdir /etc/keepalived/conf.d/
vim /etc/keepalived/keepalived.conf (在全局配置下面)
include /etc/keepalived/conf.d/*.conf
vim /etc/keepalived/conf.d/cluster1.conf (写入集群VRRP相关配置)
非抢占模式
① 关闭VIP抢占模式,主从节点的state都为BACKUP
② 在主节点vrrp_instance下添加 nopreempt (非抢占模式)
在主节点vrrp_instance下添加 preempt_delay (抢占延迟模式)
VIP单播配置
注意:启用 vrrp_strict 时,不能启用单播
#在所有节点vrrp_instance语句块中设置对方主机的IP,建议设置为专用于对应心跳线网络的地址,而非使用业务网络
vrrp_instance VI_1 {
......
unicast_src_ip 10.0.0.18 #指定发送单播的源IP
unicast_peer {
10.0.0.28 #指定接收单播的对方目标主机IP
......
}
......
}
通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
默认以用户 keepalived_script 身份执行脚本,如果此用户不存在,以root执行脚本
可以在全局配置global_defs 中指定 script_user root
通知脚本类型
- 当前节点成为主节点时触发的脚本 notify_master
- 当前节点转为备节点时触发的脚本 notify_backup
- 当前节点转为“失败”状态时触发的脚本 notify_fault
- 通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知 notify
- 当停止VRRP时触发的脚本 notify_stop
```bash ① 创建通知脚本并配置邮箱 /etc/keepalived/notify.sh!/bin/bash
mailadress=”2298408548@qq.com” notify() { mailsubject=”$(hostname) to be $1,VIP floating” mailbody=”$(date +’%F %T’) wrrp transition,$(hostname) changed to be $1” echo “$mailbody” |mail -s “$mailsubject” $mailadress } case $1 in master) notify master ;; backup) notify backup ;;
fault) notify fault ;; *) echo “Usage: $(basename $0)” {master|backup|fault} exit 1 ;; esac chmod +x notify.sh
② 在vrrp_instance调用脚本 notify_master “/etc/keepalived/notify.sh master” notify_backup “/etc/keepalived/notify.sh backup” notify_fault “/etc/keepalived/notify.sh fault”
<a name="Nbjao"></a>
### 🔣实现IPVS的高可用virtual_server
<a name="XFWb5"></a>
#### 定义虚拟主机IP地址及其端口
![image.png](https://cdn.nlark.com/yuque/0/2021/png/12467445/1638258310412-b9342a7e-3be2-4ff3-b8b7-a8088c0a6a0c.png#clientId=u481c5aef-fa61-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=282&id=ub39b996a&margin=%5Bobject%20Object%5D&name=image.png&originHeight=563&originWidth=1238&originalType=binary&ratio=1&rotation=0&showTitle=false&size=84202&status=done&style=none&taskId=u514e50e6-c4ef-401b-90ac-6d1c7fe061b&title=&width=619)
```bash
① 后端服务器rs1,rs2
hostnamectl set-hostname rs
yum -y install httpd;systemctl enable --now httpd
echo `hostname`-`hostname -I` >/var/www/html/index.html
ifconfig lo:1 10.0.0.10/32
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
② 实现IPVS的高可用virtual_server(keepalived的lvs负载均衡功能)
yum -y install httpd;systemctl enable --now httpd
echo sorry,server maintance >/var/www/html/index.html
vi virtual_server.conf
virtual_server 10.0.0.10 80 {
delay_loop 1
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.7 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.17 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
systemctl restart keepalived
while :; do curl 10.0.0.10 && sleep 1 ;done
基于防火墙为集群绑定多个服务
绑定多个服务(如http,https)为同一个集群服务,实现两个端口一起调度
#两个节点都执行以下操作
iptables -t mangle -A PREROUTING -d 10.0.0.10 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 6
vim /etc/keepalived/keepalived.conf
virtual_server fwmark 6 { #指定FWM为6
delay_loop 2
lb_algo rr
lb_kind DR
sorry_server 127.0.0.1 80 #注意端口必须指定,官方文档有bug
real_server 10.0.0.7 80 { #注意端口必须指定
...
}
real_server 10.0.0.17 80 { #注意端口必须指定
...
}
}
🔣自定义资源监控脚本vrrp_script
通常此脚本用于监控指定应用的状态。一旦发现应用的状态异常,则触发对MASTER节点的权重减至低于SLAVE节点,从而实现 VIP 切换到 SLAVE 节点;
可被多个实例调用,定义在vrrp实例之外的独立配置块,一般放在global_defs设置块之后,是和global_defs平级的语句块
① 定义脚本vrrp_script(一定要放在include /etc/keepalived/conf.d/*.conf前面!否则无法调用)
vrrp_script check_down {
script "[ ! -f /etc/keepalived/down ]" #/etc/keepalived/down存在时返回非0,触发权重-30
interval 1
weight -30
fall 3
rise 2
timeout 2
}
② 调用脚本track_script
vrrp_instance VI_1 {
...
track_script {
check_down #调用前面定义的脚本
}
1.keepalived+nginx
yum install -y nginx;systemctl enable --now nginx;systemctl is-active nginx
vim /etc/nginx/nginx.conf (http模块中)
upstream websrvs {
server 10.0.0.7:80 weight=1;
server 10.0.0.17:80 weight=1;
}
server {
listen 80;
location /{
proxy_pass http://websrvs/;
}
}
systemctl restart nginx
yum install -y keepalived;systemctl enable --now keepalived;systemctl is-active keepalived
vim /etc/keepalived/keepalived.conf
#########全局配置############
global_defs {
...
}
vrrp_script check_nginx {
script "/usr/bin/killall -0 nginx" #返回非0,触发权重-30(yum install -y psmisc)
interval 1
weight -30
fall 3
rise 2
timeout 2
}
include /etc/keepalived/conf.d/*.conf #一定要放在vrrp_script后面!否则不启用vrrp_script
#########配置虚拟路由VRRP############
vrrp_instance VI_1 {
...
track_script {
check_nginx #调用前面定义的脚本
}
mkdir conf.d ;mv vrrp_instance.conf conf.d/
systemctl restart keepalived;systemctl is-active keepalived
测试
while true ;do curl 10.0.0.10; sleep 1;done
systemctl stop nginx;systemctl is-active nginx