keepalived原理、配置解析及其应用案例（keepalived双机热备实现）

一、keepalived原理及配置解析

keepalived：vrrp协议的实现

vrrp协议：virtual router redundancy protocol 即虚拟路由器冗余协议

vrrp基本实现及工作流程：

VRRP通过在一组路由器(一个VRRP组)之间共享一个虚拟IP(VIP)解决静态配置的问题，此时仅需要客户端以VIP作为其默认网关即可。

如图为一个基本的VLAN拓扑，其中，Device A、B、C共同组成一个VRRP组，其VIP为10.1.1.1，配置在路由器A的物理接口上，因此A为master路由器，B和C为backup路由器。

VRRP组中，master(路由器A)负责转发发往VIP地址的报文，客户端A、B、C都以此VIP作为其默认网关。一旦master故障，backup路由器B和C中具有最高优先级的路由器将成为master并接管VIP地址，而当原来的master路由器A重新上线时，如果工作在抢占模式下，其将重新成为master路由器。如果工作在非抢占模式下，其将作为backup路由器备用。

VRRP是一个“选举”协议，它能够动态地将一个虚拟路由器的责任指定至同一个VRRP组中的其它路由器上，从而消除了静态路由配置的单点故障。

 

 

 

VRRP术语：

VRRP虚拟路由(VRRP router)：由一个master路由器和多个backup路由器组成，主机将虚拟路由器作为默认网关。

VRID(虚拟路由器标志)：同一个虚拟路由器VRID必须唯一。

master路由器：虚拟路由器中承担报文转发任务的路由器。

backup路由器：master路由器故障时，能够接替master路由器工作的路由器。

优先级：vrrp根据优先级高低确定虚拟路由器组中每台路由器地位。

IP地址拥有者（IP Address Owner）：如果一个VRRP设备将虚拟路由器IP地址作为真实的接口地址，则该设备被称为IP地址拥有者。如果IP地址拥有者是可用的，通常它将成为Master。

抢占模式：backup路由器工作于该模式下时，当它收到vrrp报文后，会将自身优先级与报文中的优先级作比较，如果自身优先级高，则会主动抢占成为master路由器，否则维持原状。

非抢占模式：backup路由器工作于该模式下时，只要master路由器不出现故障，则维持原状。

VRRP的优势：

冗余：可以使用多个路由器设备作为LAN客户端的默认网关，大大降低了默认网关成为单点故障的可能性；

负载共享：允许来自LAN客户端的流量由多个路由器设备所共享；

多VRRP组：在一个路由器物理接口上可配置多达255个VRRP组；

多IP地址：基于接口别名在同一个物理接口上配置多个IP地址，从而支持在同一个物理接口上接入多个子网；

抢占：在master故障时允许优先级更高的backup成为master；

通告协议：使用IANA所指定的组播地址224.0.0.18进行VRRP通告；

VRRP追踪：基于接口状态来改变其VRRP优先级来确定最佳的VRRP路由器成为master；

keepalived的体系结构

如图：

Keepalived大致分为两层空间：user space和kernel space。

watchdog：负责监控Checkers和VRRP Stack进程的状况。

Checkers：负责真实服务器的健康检查（health checking），是keepalived最主要的功能。换句话说，可以没有VRRP Stack，但是不能没有Checkers。

VRRP Stack：负责负载均衡器之间的失败切换FailOver，如果只有一个负载均衡器，则VRRP Stack不是必须的。

IPVS Wrappers：用来发送设定的规则（通过ipvsadm设置的规则）到内核ipvs的代码。

NetlinkReflector：用来设定VRRP的VIP等。

 

keepalived.conf配置组成：

      global_defs{......}

      vrrp_script XXX{......}

      vrrp_instance VI_X{......}

      virtual_server IPPORT { ...... }

           orvirtual_server fwmark int { ...... } 

           orvirtual_server group string { ...... }    

keepalived.conf常用参数解析：

以下为双主模式下keepalived+nginx配置。

[root@testkeepalived]# cat keepalived.conf

! ConfigurationFile for keepalived

global_defs {

   notification_email {

#notification_email：指定当keepalived出现问题时，发送邮件给哪些用户。  

     root@localhost

   }

   notification_email_from field@localhost

#notification_emai_from：发送邮件时，邮件的源地址。    

   smtp_server 127.0.0.1

#smtp_server []：smtp服务器的地址或域名。默认端口为25.如：smtp_server smtp.field.com 25      

   smtp_connect_timeout 30

#指定smtp服务器连接的超时时间，单位s。  

   router_id test.field.com

#router_id：指定标识该机器的route_id. 如：route_id LVS_DEVEL  

   vrrp_mcast_group4 224.18.0.200

#vrrp_mcast_group4224.0.0.18：指定发送VRRP组播消息使用的IPV4组播地址。默认是224.0.0.18

#vrrp_mcast_group6ff02::12 指定发送VRRP组播消息所使用的IPV6组播地址。默认是ff02::12  

}

#vrrp_script添加一个周期性执行的脚本。脚本的退出状态码会调用它的所有的VRRP Instance记录。

#至少应该有一个VRRP实例调用它并且优先级不能为0.优先级范围是1-254.

vrrp_scriptchk_maintanance {

        script "[[ -f /etc/keepalived/down]] && exit 1 || exit 0"

#手工编写测试keepalived脚本，如果down文件存在则优先级-2       

        interval 1

#interval多长时间检查一次

#如果失败返回1权重-2

        weight -2

}

vrrp_scriptchk_nginx {

        script "killall -0 nginx &>/dev/null"

#nginx检测脚本，nginx服务是否在线。       

        interval 1

#interval多长时间检查一次

#如果失败返回1权重-2

        weight -5

}

vrrp_instanceVI_1 {

    state MASTER

#stateMASTER|BACKUP：指定该keepalived节点的初始状态。   

    interface eth0

#interface eth0：vrrp实例绑定的接口，用于发送VRRP包，注意要与本机借口一致。

    virtual_router_id 51

#virtual_router_id51：指定VRRP实例ID，范围是0-255，注意每个vip实例id必须严格一致。   

    priority 100

#priority 100：指定优先级，优先级高的将成为MASTER。 

    advert_int 1

#advert_int 1：指定发送VRRP通告的间隔。单位是秒。

    authentication {

        auth_type PASS

#auth_typePASS|AH：指定认证方式。PASS简单密码认证(推荐),AH:IPSEC认证(不推荐)。  

        auth_pass 4e78bb3a

#auth_pass 1234：指定认证所使用的密码，可用“openssl rand -hex 4”生成8位随机码     

}

    virtual_ipaddress {

        192.168.88.80/16 dev eth0 label eth0:0

#指定VIP地址/掩码，接口名，别名，可只是用IP/掩码。

    }

track_script {

#track_script 添加一个track脚本，即vrrp_script配置的脚本。每个周期通过调用脚本，会监控服务状态。

        chk_nginx

}

#通知脚本

        notify_master"/etc/keepalived/notify.sh master"

        notify_backup"/etc/keepalived/notify.sh backup"

        notify_fault"/etc/keepalived/notify.sh fault"

}

vrrp_instanceVI_2 {

    state BACKUP

    interface eth0

    virtual_router_id 61

    priority 99

    advert_int 1   

#nopreempt

#设置为非抢占模式。默认是抢占模式，设置非抢占模式时，即使高优先级的机器已经上线，也允许低优先级的机器继续成为MASTER。注意使用非抢占模式时，初始化状态必须为BACKUP。

#preempt_delay：

#设置抢占延迟。单位是秒，范围是0---1000，默认是0.发现低优先级的MASTER后多少秒开始抢占。   

    authentication {

        auth_type PASS

        auth_pass Te7UYb3a

    }

    virtual_ipaddress {

        192.168.88.90/16 dev eth0 label eth0:1

    }

track_script {

#track_script 调用脚本

        chk_nginx

}

        notify_master"/etc/keepalived/notify.sh master"

        notify_backup"/etc/keepalived/notify.sh backup"

        notify_fault"/etc/keepalived/notify.sh fault"

}

#virtual_server192.168.200.100 443 {

#    delay_loop 6

#  delay_loop ：健康检查的时间间隔。

#    lb_algo rr

#  lb_argo rr|wrr|lc|wlc|lblc|sh|dh：LVS调度算法。默认为轮询。

#    lb_kind NAT

#  lb_kind NAT|DR|TUN：LVS模式。

#    nat_mask 255.255.255.0

#    persistence_timeout 50

#persistence_timeout360：持久化超时时间，单位是秒。默认是6分钟。

#    protocol TCP

#  protocol TCP|UDP|SCTP：使用的4层协议。默认TCP.

#    sorry_server 192.168.200.200 1358

#sorry_server ：添加一个备用服务器。当所有的RS都故障时，作为显示页面。

#    real_server 192.168.201.100 443 {

#        weight 1

#weight：给服务器指定权重。默认是1.

#        SSL_GET {

#            url {

#              path /

#path：指定要检查的URL的路径。如path / or path /mrtg2

#              digestff20ad2481f97b1754ef3e12ecd3a9cc

#digest：摘要。计算方式：genhash-s 172.17.100.1 -p 80 -u /index.html

#            }

#            url {

#              path /mrtg/

#              digest 9b3a0c85a887a256d6939da88aabd8cd

#            }

#            connect_timeout 3

#            nb_get_retry 3   

#nb_get_retry：get尝试次数。

#            delay_before_retry 3

#delay_before_retry：延迟多长时间再次尝试。

#        }

#    }

#}

 

二、keepalived应用：

使用keepalived实现双机热备：

master：CentOS release 6.3 (Final)  192.168.88.130   test.field.com

backup：CentOS release 6.3 (Final)   192.168.88.131   www.field.com

以下演示keepalived安装到实现双击热备全流程。为便于观测，为keepalived添加日志记录功能，该功能为非必须功能。

[root@test ~]#yum install keepalived -y

keepalived相关文件：

[root@test ~]#rpm -ql keepalived

/etc/keepalived

/etc/keepalived/keepalived.conf

/etc/rc.d/init.d/keepalived

/etc/sysconfig/keepalived

/usr/bin/genhash

/usr/libexec/keepalived

/usr/sbin/keepalived

/usr/share/doc/keepalived-1.2.13

/usr/share/doc/keepalived-1.2.13/AUTHOR

/usr/share/doc/keepalived-1.2.13/CONTRIBUTORS

/usr/share/doc/keepalived-1.2.13/COPYING

/usr/share/doc/keepalived-1.2.13/ChangeLog

/usr/share/doc/keepalived-1.2.13/NOTE_vrrp_vmac.txt

/usr/share/doc/keepalived-1.2.13/README

/usr/share/doc/keepalived-1.2.13/TODO

/usr/share/doc/keepalived-1.2.13/VERSION

/usr/share/doc/keepalived-1.2.13/keepalived.conf.SYNOPSIS

/usr/share/doc/keepalived-1.2.13/samples

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.HTTP_GET.port

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.IPv6

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SMTP_CHECK

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.SSL_GET

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.fwmark

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.inhibit

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.misc_check_arg

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.quorum

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.sample

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.status_code

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.track_interface

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtual_server_group

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.virtualhost

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.localcheck

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.lvs_syncd

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.routes

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.scripts

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.static_ipaddress

/usr/share/doc/keepalived-1.2.13/samples/keepalived.conf.vrrp.sync

/usr/share/doc/keepalived-1.2.13/samples/sample.misccheck.smbcheck.sh

/usr/share/man/man1/genhash.1.gz

/usr/share/man/man5/keepalived.conf.5.gz

/usr/share/man/man8/keepalived.8.gz

/usr/share/snmp/mibs/KEEPALIVED-MIB.txt

HAcluster配置前提

1、本机的主机名，要与hostname（uname -n）获得的名称保持一致

centos6：/etc/sysconfig/network

master:

[root@test ~]#cat /etc/issue

CentOS release6.3 (Final)

Kernel \r on an\m

能互相解析域名，建议直接写进/etc/hosts解析

[root@test ~]#hostname

test.field.com

[root@test ~]#vi  /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4localhost4.localdomain4

::1         localhost localhost.localdomainlocalhost6 localhost6.localdomain6

192.168.88.130   test.field.com test

192.168.88.131    www.field.com www

backup:

[root@www ~]#cat /etc/issue

CentOS release6.3 (Final)

Kernel \r on an\m

[root@www ~]#hostname

www.field.com

 [root@www ~]# vi /etc/hosts

# 127.0.0.1   localhost localhost.localdomain localhost4localhost4.localdomain4

# ::1         localhost localhost.localdomainlocalhost6 localhost6.localdomain6

192.168.88.130    test.field.com test

192.168.88.131    www.field.com www

192.168.88.131    web1.field.com web1

192.168.88.131    img1.field.com img1

2、相互之间能互相通信，建议配置免密ssh。

[root@test ~]# ssh-keygen -t rsa-P ''

Generatingpublic/private rsa key pair.

Enter file inwhich to save the key (/root/.ssh/id_rsa):

Youridentification has been saved in /root/.ssh/id_rsa.

Your public keyhas been saved in /root/.ssh/id_rsa.pub.

The keyfingerprint is:

43:41:0c:f7:2a:3f:5b:77:a3:8c:8b:3a:ca:04:28:[email protected]

The key'srandomart image is:

+--[ RSA2048]----+

|      .++       |

|       ..o      |

|  .     ..      |

| o .   . .      |

|o E   . S       |

|.  .   o.       |

|    .   o. . o  |

|   o .  = + o . |

|    o..oo o.o   |

+-----------------+

本机免密登录：

[root@test ~]# cat .ssh/id_rsa.pub>> .ssh/authorized_keys

[root@test ~]#ssh test

Last login: SunApr 22 13:56:44 2018 from test.field.com

[root@test ~]#ll .ssh/authorized_keys

-rw-r--r-- 1root root 401 4月  22 15:47 .ssh/authorized_keys

authorized_keys权限建议设置为600

[root@test ~]# chmod go=.ssh/authorized_keys

[root@test ~]#ll .ssh/authorized_keys

-rw------- 1root root 401 4月  22 15:47 .ssh/authorized_keys

scp到备机，实现免密ssh

[root@test ~]# scp -p .ssh/id_rsa.ssh/authorized_keys www:/root/.ssh

The authenticityof host 'www (192.168.88.131)' can't be established.

RSA keyfingerprint is da:52:ca:c5:e6:c5:3a:de:5d:bc:07:ed:86:e6:ac:44.

Are you sure youwant to continue connecting (yes/no)? yes

Warning:Permanently added 'www' (RSA) to the list of known hosts.

root@www'spassword:

id_rsa                                                                100% 1675     1.6KB/s   00:00   

authorized_keys                                                       100%  401     0.4KB/s  00:00   

3、各节点时间必须同步

[root@test ~]# date; ssh www'date'

2018年 04月 22日 星期日 16:16:24 CST

2018年 04月 22日 星期日 16:16:24 CST

4、确保iptables及selinux不会成为服务阻碍

service iptables stop

service selinux stop

 

案例1、keepalived配置单个vip实例实现双机热备

openssl生成随机码做密码

[root@test ~]#openssl rand -hex 4

4e78bb3a

[root@testkeepalived]# vim keepalived.conf

! ConfigurationFile for keepalived

global_defs {

  notification_email {

     root@localhost

  }

  notification_email_from kaadimin@localhost

  smtp_server 127.0.0.1

  smtp_connect_timeout 30

  router_id test.field.com

 vrrp_mcast_group4 224.18.0.200

}

vrrp_instance VI_1 {

   state MASTER

   interface eth0

   virtual_router_id 51

   priority 100

   advert_int 1

   authentication {

        auth_type PASS

        auth_pass 4e78bb3a

   }

   virtual_ipaddress {

        192.168.88.80/16 dev eth0 label eth0:0

   }

}

#virtual_server192.168.200.100 443 {

#    delay_loop 6

#    lb_algo rr

#    lb_kind NAT

:.,$s/^/#/g 从当前行到最后一行搜索行首添加#号

backup安装keepalived，scp主机配置备机，并修改配置。

[root@test keepalived]# scpkeepalived.conf www:/etc/keepalived/

keepalived.conf                                                       100% 3631     3.6KB/s   00:00   

www节点

[root@www ssh]#cd /etc/keepalived/

[root@wwwkeepalived]# ll

总用量 4

-rw-r--r--. 1root root 3631 4月  22 16:42 keepalived.conf

[root@wwwkeepalived]# vi keepalived.conf

! ConfigurationFile for keepalived

global_defs {

   notification_email {

     root@localhost

   }

   notification_email_from kaadimin@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id www.field.com

  vrrp_mcast_group4 224.18.0.200

}

vrrp_instanceVI_1 {

    state BACKUP

    interface eth1

    virtual_router_id 51

    priority 98    

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 4e78bb3a

    }

    virtual_ipaddress {

        192.168.88.80/16 dev eth1 label eth1:0

    }

}

启动主备机keepalived

[root@test keepalived]# servicekeepalived start;ssh www 'service keepalived start'

正在启动 keepalived：[确定]

正在启动 keepalived：[确定]

[root@testkeepalived]# ps aux |grep keepalived

root     21200 0.0  0.2 109764  1136 ?       Ss   16:45   0:00 /usr/sbin/keepalived -D

root     21201 0.0  0.7 111868  2860 ?       S    16:45   0:00 /usr/sbin/keepalived -D

root     21202 0.0  0.4 111868  1956 ?       S    16:45   0:00 /usr/sbin/keepalived -D

root     21244 0.0  0.2 103268   864 pts/2   S+   16:47   0:00 grep keepalived

ifconfig可以发现master主节点已启用vip

[root@test log]#ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:4C:04:CC 

          inet addr:192.168.88.130  Bcast:192.168.88.255  Mask:255.255.255.0

          inet6 addr:fe80::20c:29ff:fe4c:4cc/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1

          RX packets:341231 errors:0 dropped:0overruns:0 frame:0

          TX packets:120981 errors:0 dropped:0overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:493162689 (470.3 MiB)  TX bytes:12197825 (11.6 MiB)

 

eth0:0    Linkencap:Ethernet  HWaddr00:0C:29:4C:04:CC 

          inetaddr:192.168.88.80  Bcast:0.0.0.0  Mask:255.255.0.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1

 

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436 Metric:1

          RX packets:521786 errors:0 dropped:0overruns:0 frame:0

          TX packets:521786 errors:0 dropped:0overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:3963721429 (3.6 GiB)  TX bytes:3963721429 (3.6 GiB)

也可以使用“ip addr list”命令查看IP

[root@test log]#ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet192.168.88.80/16 scope global eth0:0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever

backup节点：备用节点未启用vip

[root@wwwkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:e3:90:19 brdff:ff:ff:ff:ff:ff

    inet 192.168.88.131/24 brd 192.168.88.255scope global eth1

    inet6 fe80::20c:29ff:fee3:9019/64 scopelink

       valid_lft forever preferred_lft forever

[root@test ~]#man keepalived

案例2、配置keepalived记录日志

[root@testsysconfig]# vim /etc/sysconfig/keepalived

# Options forkeepalived. See `keepalived --help' output and keepalived(8) and

#keepalived.conf(5) man pages for a list of all options. Here are the most

# common ones :

#

# --vrrp               -P   Only run with VRRP subsystem.

# --check              -C    Only run with Health-checker subsystem.

#--dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs ondaemon stop.

#--dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.

#--dump-conf          -d    Dump the configuration data.

#--log-detail         -D    Detailed log messages.

#--log-facility       -S    0-7 Set local syslog facility(default=LOG_DAEMON)

#

KEEPALIVED_OPTIONS="-D -S3"

[root@test log]#vi /etc/rsyslog.conf

#添加如下内容

local3.*                                               /var/log/keepalived.log

[root@test log]#service rsyslog restart

关闭系统日志记录器：[确定]

启动系统日志记录器：[确定]

backup节点同样配置：

[root@wwwkeepalived]#  vim/etc/sysconfig/keepalived

# Options for keepalived.See `keepalived --help' output and keepalived(8) and

#keepalived.conf(5) man pages for a list of all options. Here are the most

# common ones :

#

# --vrrp               -P    Only run with VRRP subsystem.

# --check              -C    Only run with Health-checker subsystem.

#--dont-release-vrrp  -V    Dont remove VRRP VIPs & VROUTEs ondaemon stop.

#--dont-release-ipvs  -I    Dont remove IPVS topology on daemon stop.

#--dump-conf          -d    Dump the configuration data.

#--log-detail         -D   Detailed log messages.

#--log-facility       -S    0-7 Set local syslog facility(default=LOG_DAEMON)

#

KEEPALIVED_OPTIONS="-D -S3"

[root@www log]#vi /etc/rsyslog.conf

#添加如下内容

local3.*                                               /var/log/keepalived.log

[root@wwwkeepalived]# service rsyslog restart

关闭系统日志记录器：[确定]

启动系统日志记录器：[确定]

重启keepalived，可以发现启动日志被记录。

[root@test sysconfig]# tail -n 30/var/log/keepalived.log

Apr 22 17:03:25test Keepalived[21603]: Starting Keepalived v1.2.13 (03/19,2015)

Apr 22 17:03:25test Keepalived[21604]: Starting Healthcheck child process, pid=21605

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Initializing ipvs 2.6

Apr 22 17:03:25test Keepalived[21604]: Starting VRRP child process, pid=21606

Apr 22 17:03:25test Keepalived_vrrp[21606]: Netlink reflector reports IP 192.168.88.130 added

Apr 22 17:03:25test Keepalived_vrrp[21606]: Netlink reflector reports IPfe80::20c:29ff:fe4c:4cc added

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Netlink reflector reports IP192.168.88.130 added

Apr 22 17:03:25test Keepalived_vrrp[21606]: Registering Kernel netlink reflector

Apr 22 17:03:25test Keepalived_vrrp[21606]: Registering Kernel netlink command channel

Apr 22 17:03:25test Keepalived_vrrp[21606]: Registering gratuitous ARP shared channel

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Netlink reflector reports IPfe80::20c:29ff:fe4c:4cc added

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Registering Kernel netlink reflector

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Registering Kernel netlink commandchannel

Apr 22 17:03:25test Keepalived_vrrp[21606]: Opening file '/etc/keepalived/keepalived.conf'.

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Opening file '/etc/keepalived/keepalived.conf'.

Apr 22 17:03:25test Keepalived_vrrp[21606]: Configuration is using : 62934 Bytes

Apr 22 17:03:25test Keepalived_vrrp[21606]: Using LinkWatch kernel netlink reflector...

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Configuration is using : 7461 Bytes

Apr 22 17:03:25test Keepalived_vrrp[21606]: VRRP sockpool: [ifindex(2), proto(112),unicast(0), fd(10,11)]

Apr 22 17:03:25test Keepalived_healthcheckers[21605]: Using LinkWatch kernel netlinkreflector...

Apr 22 17:03:26test Keepalived_vrrp[21606]: VRRP_Instance(VI_1) Transition to MASTER STATE

Apr 22 17:03:27test Keepalived_vrrp[21606]: VRRP_Instance(VI_1) Entering MASTER STATE

Apr 22 17:03:27test Keepalived_vrrp[21606]: VRRP_Instance(VI_1) setting protocol VIPs.

Apr 22 17:03:27test Keepalived_healthcheckers[21605]: Netlink reflector reports IP192.168.88.80 added

Apr 22 17:03:27test Keepalived_vrrp[21606]: VRRP_Instance(VI_1) Sending gratuitous ARPs oneth0 for 192.168.88.80

Apr 22 17:03:32test Keepalived_vrrp[21606]: VRRP_Instance(VI_1) Sending gratuitous ARPs oneth0 for 192.168.88.80

测试1、关闭master节点keepalived

[root@test log]#ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet 192.168.88.80/16 scope global eth0:0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever

[root@test log]#service keepalived stop

停止 keepalived：[确定]

[root@test log]#ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lftforever  

可以发现备用节点vip已启动

[root@wwwkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:e3:90:19 brdff:ff:ff:ff:ff:ff

    inet 192.168.88.131/24 brd 192.168.88.255scope global eth1

    inet192.168.88.80/16 scope global eth1:0

    inet6 fe80::20c:29ff:fee3:9019/64 scopelink

       valid_lft forever preferred_lft forever

测试2、重新启动，因为工作在抢占模式下，主节点会抢回vip

[root@test log]#service keepalived start

正在启动 keepalived：[确定]

[root@test log]#ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet192.168.88.80/16 scope global eth0:0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever

案例3、定义手动监控keepalived

[root@testkeepalived]# vi keepalived.conf

! ConfigurationFile for keepalived

global_defs {

   notification_email {

     root@localhost

   }

   notification_email_from kaadimin@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id test.field.com

   vrrp_mcast_group4 224.18.0.200

}

vrrp_script chk_maintanance {

        script "[[ -f /etc/keepalived/down]] && exit1 || exit 0 "

        interval 1

#interval多长时间检查一次

#如果失败返回1权重-2

        weight -2

}

vrrp_instanceVI_1 {

    state MASTER

    interface eth0

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 4e78bb3a

    }

    virtual_ipaddress {

        192.168.88.80/16 dev eth0 label eth0:0

    }

track_script {

#track_script 调用脚本

        chk_maintanance

}

}

[root@wwwkeepalived]# vim keepalived.conf

        192.168.88.80/16 dev eth0 label eth0:0

    virtual_ipaddress {

    }

        interval 1

! ConfigurationFile for keepalived

 

global_defs {

   notification_email {

     root@localhost

   }

   notification_email_from kaadimin@localhost

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id www.field.com

  vrrp_mcast_group4 224.18.0.200

}

vrrp_script chk_maintanance {

        script "[[ -f /etc/keepalived/down]] && exit 1 || exit 0 "

        interval 1

#interval多长时间检查一次  

#如果失败返回1权重-2

        weight -2

}

vrrp_instanceVI_1 {

    state BACKUP

    interface eth1

    virtual_router_id 51

    priority 99

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 4e78bb3a

    }

    virtual_ipaddress {

        192.168.88.80/16 dev eth1 label eth1:0

    }

track_script {

#track_script 调用脚本

        chk_maintanance

}

}

[root@testkeepalived]# !1049

servicekeepalived restart;ssh www 'service keepalived restart'

停止 keepalived：[确定]

正在启动 keepalived：[确定]

停止 keepalived：[确定]

正在启动 keepalived：[确定]

[root@testkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet 192.168.88.80/16 scope global eth0:0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever      

测试1、新建down文件，测试keepalived切换功能      

[root@test keepalived]# touch down

此时可以发现，master移除vip

[root@testkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brd ff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever

[root@testsysconfig]# tail -f /var/log/keepalived.log

Apr 22 18:14:31 test Keepalived_vrrp[24108]:VRRP_Script(chk_maintanance) failed

Apr 22 18:14:33 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Received higher prio advert

Apr 22 18:14:33 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Entering BACKUP STATE

Apr 22 18:14:33 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) removing protocol VIPs.

Apr 22 18:14:33 test Keepalived_healthcheckers[24107]:Netlink reflector reports IP 192.168.88.80 removed

观测backup节点，可以发现意启用vip                                             

[root@wwwkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:e3:90:19 brdff:ff:ff:ff:ff:ff

    inet 192.168.88.131/24 brd 192.168.88.255scope global eth1

    inet192.168.88.80/16 scope global eth1:0

    inet6fe80::20c:29ff:fee3:9019/64 scope link

       valid_lft forever preferred_lft forever

[root@www ~]#tail -f /var/log/keepalived.log

Apr 22 18:14:33 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) forcing a new MASTER election

Apr 22 18:14:33 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) forcing a new MASTER election

Apr 22 18:14:34 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Transition to MASTER STATE

Apr 22 18:14:35 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Entering MASTER STATE

Apr 22 18:14:35 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) setting protocol VIPs.

Apr 22 18:14:35 www Keepalived_healthcheckers[10523]: Netlinkreflector reports IP 192.168.88.80 added

Apr 22 18:14:35 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.88.80

Apr 22 18:14:40 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.88.80

测试2、master节点删除down文件

[root@testkeepalived]# rm -rf down

因工作于抢占模式，可以发现，master抢回vip

[root@test keepalived]#ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:4c:04:cc brdff:ff:ff:ff:ff:ff

    inet 192.168.88.130/24 brd 192.168.88.255scope global eth0

    inet192.168.88.80/16 scope global eth0:0

    inet6 fe80::20c:29ff:fe4c:4cc/64 scope link

       valid_lft forever preferred_lft forever

 [root@test sysconfig]# tail -f/var/log/keepalived.log

Apr 22 18:20:52 test Keepalived_vrrp[24108]:VRRP_Script(chk_maintanance) succeeded

Apr 22 18:20:53 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) forcing a new MASTER election

Apr 22 18:20:53 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) forcing a new MASTER election

Apr 22 18:20:54 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Transition to MASTER STATE

Apr 22 18:20:55 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Entering MASTER STATE

Apr 22 18:20:55 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) setting protocol VIPs.

Apr 22 18:20:55 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.88.80

Apr 22 18:20:55 test Keepalived_healthcheckers[24107]:Netlink reflector reports IP 192.168.88.80 added

Apr 22 18:21:00 test Keepalived_vrrp[24108]:VRRP_Instance(VI_1) Sending gratuitous ARPs on eth0 for 192.168.88.80

backup节点：vip被主节点抢占回去

[root@wwwkeepalived]# ip addr list

1: lo: mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

      valid_lft forever preferred_lft forever

2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:e3:90:19 brdff:ff:ff:ff:ff:ff

    inet 192.168.88.131/24 brd 192.168.88.255scope global eth1

    inet6fe80::20c:29ff:fee3:9019/64 scope link

       valid_lft forever preferred_lft forever

[root@wwwkeepalived]#

[root@www ~]#tail -f /var/log/keepalived.log

Apr 22 18:20:53 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Received higher prio advert

Apr 22 18:20:53 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) Entering BACKUP STATE

Apr 22 18:20:53 www Keepalived_vrrp[10524]:VRRP_Instance(VI_1) removing protocol VIPs.

Apr 22 18:20:53 www Keepalived_healthcheckers[10523]: Netlinkreflector reports IP 192.168.88.80 removed