You've already forked www.colben.cn
update
This commit is contained in:
195
content/post/keepalived-install.md
Normal file
195
content/post/keepalived-install.md
Normal file
@@ -0,0 +1,195 @@
|
||||
---
|
||||
title: "Keepalived 基础"
|
||||
date: 2019-10-30T11:26:18+08:00
|
||||
lastmod: 2019-10-30T11:26:18+08:00
|
||||
tags: ["keepalived"]
|
||||
categories: ["ha/lb"]
|
||||
---
|
||||
|
||||
# VRRP 简介
|
||||
- VRRP通过一种竞选协议动态地将路由任务交给LAN中**虚拟路由器**中的某台**VRRP路由器**
|
||||
- VRRP路由器是一台实现了VRRP协议(运行VRRPD程序)的物理路由器
|
||||
- 虚拟路由器是由多台VRRP物理路由器组成的逻辑路由器,对外看起来就像一台路由器
|
||||
- 虚拟路由器中,只有一台MASTER物理路由器工作,其他都是BACKUP
|
||||
- MASTER路由器一直发送VRRP广播,MASTER不可用后(BACKUP收不到广播),其余BACKUP会根据优先级竞选出一台MASTER
|
||||
- MASTER拥有虚拟路由器IP地址及其它路由配置
|
||||
|
||||
# 全局配置
|
||||
- 全局定义
|
||||
```
|
||||
global_defs {
|
||||
notification_email {
|
||||
admin@exammple.com #keepalived发生事件时通知该email
|
||||
...
|
||||
}
|
||||
notification_email_from admin@example.com
|
||||
smtp_server 127.0.0.1 #smtp服务器
|
||||
smtp_connect_timeout 30
|
||||
router_id my_hostname #机器标识
|
||||
default_interface eth0 #设置静态地址默认绑定的端口,默认是eth0
|
||||
vrrp_mcast_group4 #VRRP 的组播IPV4地址,默认224.0.0.18
|
||||
vrrp_mcast_group6 #VRRP 的组播IPV4地址,默认ff02::12
|
||||
vrrp_version 2|3 #设置默认的VRRP版本,默认是2
|
||||
script_user <username> [groupname] #设置运行脚本默认用户和组,如果没有指定,则默认用户为keepalived_script(需要该用户存在),否则为root用户,默认groupname同username
|
||||
enable_script_security #如果脚本路径的任一部分对于非root用户来说,都具有可写权限,则不会以root身份运行脚本
|
||||
}
|
||||
```
|
||||
- 静态地址和路由,不随 vrrpd instance 的开/关变化
|
||||
```
|
||||
static_ipaddress {
|
||||
$ip/$mask dev $interface #ip命令规则
|
||||
...
|
||||
}
|
||||
static_routes {
|
||||
$dest_ip/$dest_mask via $dest_gateway dev $interface #ip命令规则
|
||||
...
|
||||
}
|
||||
```
|
||||
- 一般服务器都配置了网络信息,所以通常无需配置静态地址和路由,如果不指定 dev,则使用 default_interface
|
||||
|
||||
# VRRPD 配置
|
||||
- VRRP检查脚本(vrrp_script)
|
||||
```
|
||||
vrrp_script <SCRIPT_NAME> {
|
||||
scrip "/path/to/script-file" #可执行的脚本的绝对路径
|
||||
interval <INTEGER> #脚本执行的间隔,单位是秒,默认为1s
|
||||
timeout <INTEGER> #指定在多少秒后,脚本被认为执行失败
|
||||
weight <-254 --- 254> #调整优先级,默认为2
|
||||
#如果脚本执行成功(退出状态码为0),weight大于0,则priority增加
|
||||
#如果脚本执行失败(退出状态码为非0),weight小于0,则priority减少
|
||||
#其他情况下,priority不变
|
||||
rise <INTEGER> #执行成功多少次才认为是成功
|
||||
fall <INTEGER> #执行失败多少次才认为失败
|
||||
user <USERNAME> [GROUPNAME] #运行脚本的用户和组
|
||||
init_fail #假设脚本初始状态是失败状态
|
||||
}
|
||||
```
|
||||
- VRRP同步组(sync group)
|
||||
```
|
||||
vrrp_sync_group VG_1 {
|
||||
group {
|
||||
inside_network #实例名
|
||||
...
|
||||
}
|
||||
notify_master /path/to/master.sh #切换到master时执行该脚本
|
||||
notify_backup /path/to/backup.sh #切换到backup时执行该脚本
|
||||
notify_fault /path/to/fault.sh #出错时执行该脚本
|
||||
notify /path/to/notify.sh #该脚本会在notify_*脚本后执行,默认3个参数:$1(GROUP|INSTANCE),$2(group或instance名字),$3(MASTER|BACKUP|FAULT)
|
||||
smtp_alert #发送邮件通知
|
||||
}
|
||||
```
|
||||
- VRRP实例(instance)配置
|
||||
```
|
||||
vrrp_instance inside_network {
|
||||
state MASTER #初始状态
|
||||
interface eth0 #绑定的网卡
|
||||
dont_track_primary #忽略VRRP的interface错误(默认不设置)
|
||||
track_interface { #这里的任一网卡出现问题,都会进入FAULT状态
|
||||
eth0
|
||||
eth1 weight <-254 - 254>
|
||||
...
|
||||
}
|
||||
track_script { #这里的任一脚本返回码非0,都会进入FAULT状态
|
||||
<SCRIPT_NAME>
|
||||
<SCRIPT_NAME> weight <-254-254>
|
||||
...
|
||||
}
|
||||
mcast_src_ip <IPADDR> #多播包发送源地址,默认网卡当前ip
|
||||
garp_master_delay 10 #切换到MASTER后,延迟arp请求
|
||||
virtual_router_id 1 #VRID标记(0..255)
|
||||
priority 100 #高优先级竞选为MASTER,MASTER高于BACKUP至少50
|
||||
advert_int 1 #检查间隔,默认1秒
|
||||
authentication {
|
||||
auth_type PASS #密码认证
|
||||
auth_pass 1111
|
||||
}
|
||||
virtual_ipaddress { #漂移地址,符合ip命令规则
|
||||
$vip/$vmask dev $interface
|
||||
...
|
||||
}
|
||||
virtual_routes { #随地址一同漂移的路由,符合ip命令规则
|
||||
$dest_ip/$dest_mask via $dest_gateway dev $interface
|
||||
...
|
||||
}
|
||||
nopreempt #BACKUP配置,且优先级比其他高
|
||||
preempt_delay 300 #抢占延迟,默认5分钟
|
||||
debug #Debug级别
|
||||
lvs_sync_daemon_interface #lvn syncd绑定的网卡
|
||||
}
|
||||
```
|
||||
|
||||
# LVS配置(不涉及lvs时无需下面配置)
|
||||
- 虚拟主机组
|
||||
```
|
||||
virtual_server_group <STRING> {
|
||||
#VIP VPORT
|
||||
<IPADDR> <PORT>
|
||||
<IPADDR> <PORT>
|
||||
...
|
||||
fwmark <INT>
|
||||
}
|
||||
```
|
||||
- 虚拟主机3中配置
|
||||
```
|
||||
#virtual_server IP port
|
||||
#virtual_server fwmark int
|
||||
#virtual_server group string
|
||||
virtual_server 192.168.1.229 80 { #配置一个virtual server
|
||||
delay_loop 3 #每隔3秒检查一次RealServer是否可用
|
||||
lb_algo rr|wrr|lc|wlc|lblc|sh|dh #LVS调度算法
|
||||
lb_kind NAT|DR|TUN #LVS集群模式
|
||||
persistence_timeout 120 #同一个客户端IP在120秒内分到同一个RealServer
|
||||
persistence_granularity <NETMASK> #会话保持粒度,默认255.255.255.255,即根据每个客户端IP做会话保持
|
||||
protocol TCP #协议
|
||||
ha_suspend
|
||||
virtualhost <string> #HTTP_GET健康检查时使用的HOST}
|
||||
sorry_server <IPADDR> <PORT> #所有RS失效后连接该备用机
|
||||
real_server <IPADDR> <PORT> {
|
||||
weight 1 #默认1,0失效
|
||||
inhibit_on_failure #健康检查失败后将weight置0,不从IPVS中删除
|
||||
notify_up <STRING> #检测到service up后执行的脚本
|
||||
notify_down <STRING> #检测到service down后执行的脚本
|
||||
#检查方式,HTTP_GET|SSL_GET|TCP_CHECK
|
||||
HTTP_GET|SSL_GET {
|
||||
url {
|
||||
path /
|
||||
digest <STRING> #SSL检查返回的摘要信息
|
||||
status_code 200 #HTTP检查返回的状态码
|
||||
}
|
||||
connect_port 80 #检查端口
|
||||
bindto <IPADDR> #使用该地址发送健康检查
|
||||
connect_timeout #连接超时时间
|
||||
nb_get_retry 3 #重连次数
|
||||
delay_before_retry 2 #重连间隔(秒)
|
||||
}
|
||||
TCP_CHECK {
|
||||
connect_port 80
|
||||
bindto <IPADDR>
|
||||
connect_timeout 4
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
# 配置日志文件
|
||||
- 修改服务启动参数
|
||||
```bash
|
||||
sed -i '/^KEEPALIVED_OPTIONS/d' /etc/sysconfig/keepalived
|
||||
echo 'KEEPALIVED_OPTIONS="-D -d -S 2"' >> /etc/sysconfig/keepalived
|
||||
```
|
||||
- 修改 rsyslog 配置文件
|
||||
```bash
|
||||
echo "local2.* /var/log/keepalived.log" >> /etc/rsyslog.conf
|
||||
```
|
||||
- 重启 rsyslog 服务
|
||||
```bash
|
||||
systemctl restart rsyslog
|
||||
```
|
||||
- 重启 keepalived 服务
|
||||
```bash
|
||||
systemctl restart keepalived
|
||||
```
|
||||
|
||||
# 其他参考
|
||||
- [详细解释](https://blog.csdn.net/wos1002/article/details/56483325)
|
||||
|
||||
Reference in New Issue
Block a user