工作中最近使用到keepalived+VIP,简单记录一下配置使用期间的配置问题以及容易出错的地方,未做太多讲解。
keepalived分为单播和组播,由于组播经常被网络策略限制,此处仅仅介绍单播模式。
| 服务器 | IP | 备注 |
|---|---|---|
| ka1 | 192.168.1.1 | 主 |
| ka2 | 192.168.1.1 | 备 |
- 使用yum方式安装keepalived
yum install -y keepalived
- 修改主服务器keepalived配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka1 # 主从id区分
vrrp_skip_check_adv_addr
#vrrp_strict # 单播模式需要注释
#vrrp_mcast_group4 224.100.100.100 # 单播模式需要注释
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER #设为主
interface bond0 #绑定的网卡名称,按需修改
virtual_router_id 11 #两台服务器保持一致
priority 100 # 主服务器优先级高一些
advert_int 1
#nopreempt #注释,表示打开VIP漂移,在优先级高的服务器上线后自动漂移VIP
authentication {
auth_type PASS
auth_pass 123
}
unicast_src_ip 192.168.1.1 # 本机IP
unicast_peer {
192.168.1.2 #单播,通知的目标IP,可以写多个
}
virtual_ipaddress {
192.168.1.100 #要保持和实际IP在同一网段,使用192.168.1.*,否则会因为缺少路由规则,两台服务器直接无法相互ping通
}
}
- 修改备服务器keepalived配置
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id ka2
vrrp_skip_check_adv_addr
#vrrp_strict
#vrrp_mcast_group4 224.100.100.100
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP # 设为备
interface bond0
virtual_router_id 11
priority 80 #优先级低于主
advert_int 1
#nopreempt
authentication {
auth_type PASS
auth_pass 123
}
unicast_src_ip 192.168.1.2 # 本机IP
unicast_peer {
192.168.1.1 #单播,通知的目标IP,可以写多个
}
virtual_ipaddress {
192.168.1.100 #要保持和实际IP在同一网段,使用192.168.1.*,否则会因为缺少路由规则,两台服务器直接无法相互ping通
}
}
4.验证准备服务器VIP漂移
4.1 备服务器首先启动keepalived,然后抓包
# 开启备服务器
# systemctl restart keepalived
# 抓包测试,结果:备>主
tcpdump -nn vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:54:15.471055 IP 192.168.1.2 > 192.168.1.1: VRRPv2, Advertisement, vrid 11, prio 80, authtype simple, intvl 1s, length 20
13:54:16.471828 IP 192.168.1.2 > 192.168.1.1: VRRPv2, Advertisement, vrid 11, prio 80, authtype simple, intvl 1s, length 20
13:54:17.472599 IP 192.168.1.2 > 192.168.1.1: VRRPv2, Advertisement, vrid 11, prio 80, authtype simple, intvl 1s, length 20
13:54:18.473371 IP 192.168.1.2 > 192.168.1.1: VRRPv2, Advertisement, vrid 11, prio 80, authtype simple, intvl 1s, length 20
4.2 主服务器启动keepalived,然后抓包
# 开启备服务器
# systemctl restart keepalived
# 抓包测试,结果:主>备,因为主priority为100,备80
tcpdump -nn vrrp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:09:01.210396 IP 192.168.1.1 > 192.168.1.2: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
14:09:02.211458 IP 192.168.1.1 > 192.168.1.2: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
14:09:03.211975 IP 192.168.1.1 > 192.168.1.2: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
14:09:04.212705 IP 192.168.1.1 > 192.168.1.2: VRRPv2, Advertisement, vrid 11, prio 100, authtype simple, intvl 1s, length 20
4.3 通过ip a命令确认VIP漂移成功
- docker版本实现
# 镜像具体使用方法,参考https://github.com/osixia/docker-keepalived
# 拉取镜像
docker pull osixia/keepalived:2.0.20
# 配置文件 /home/finance/packages/keepalived.conf,参考上面的配置
# 主服务器
docker run --name ka1 --volume /home/finance/packages/keepalived.conf:/container/service/keepalived/assets/keepalived.conf --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host -d osixia/keepalived:2.0.20 --copy-service && docker logs -f ka1
# 备服务器
docker run --name ka2 --volume /home/finance/packages/keepalived.conf:/container/service/keepalived/assets/keepalived.conf --cap-add=NET_ADMIN --cap-add=NET_BROADCAST --cap-add=NET_RAW --net=host -d osixia/keepalived:2.0.20 --copy-service && docker logs -f ka2