KeepAlived 部署

作者: Lisong | 来源:发表于2017-06-07 19:09 被阅读254次

7. Keepalived安装和基础功能实现
socket选项IP_TRANSPARENT简单介绍
KeepAlived 部署
keepalived环境部署
keepalived安装部署
keepalived部署说明
Keepalived安装部署
使用kube-vip部署高可用K8S集群
Varnish实例
ipv6 lvs部署方案

安装：KeepAlived

查看IPVS模块是否已经编译到内核中

cat /boot/config-`uname -r` |grep -i ipvs
# IPVS transport protocol load balancing support
# IPVS scheduler
# IPVS application helper

modprobe -l |grep ipvs

kernel/net/netfilter/ipvs/ip_vs.ko
kernel/net/netfilter/ipvs/ip_vs_rr.ko
kernel/net/netfilter/ipvs/ip_vs_wrr.ko
kernel/net/netfilter/ipvs/ip_vs_lc.ko
kernel/net/netfilter/ipvs/ip_vs_wlc.ko
kernel/net/netfilter/ipvs/ip_vs_lblc.ko
kernel/net/netfilter/ipvs/ip_vs_lblcr.ko
kernel/net/netfilter/ipvs/ip_vs_dh.ko
kernel/net/netfilter/ipvs/ip_vs_sh.ko
kernel/net/netfilter/ipvs/ip_vs_sed.ko
kernel/net/netfilter/ipvs/ip_vs_nq.ko
kernel/net/netfilter/ipvs/ip_vs_ftp.ko
kernel/net/netfilter/ipvs/ip_vs_pe_sip.ko

安装keepalived的依赖组件
安装依赖组件

yum install gcc openssl openssl-devel popt popt-devel libnl libnl-devel -y

安装ipvsadm组件，它是keepalived的基础

yum install -y ipvsadm

查看ipvsadm当前的规则（默认为空）

ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn

安装keepalived

tar -axf keepalived-1.2.16.tar.gz
cd keepalived-1.2.16
\##默认情况下，keepalived主体文件会编译安装在/usr/local/etc/keepalived/目录中。
./configure
make
make install
find / -path "/root" -prune -o -name keep\*
……
/usr/local/etc/keepalived/keepalived.conf           ##这是keepalived主体配置文件
/usr/local/etc/sysconfig/keepalived                 ##这是keepalived选项配置文件
/usr/local/etc/rc.d/init.d/keepalived               ##这是keepalived服务启动脚本。
/usr/local/share/man/man5/keepalived.conf.5
/usr/local/share/man/man8/keepalived.8
/usr/local/sbin/keepalived                      ##这是keepalived命令文件
/usr/share/selinux/targeted/keepalived.pp.bz2
……
mkdir /etc/keepalived
## 备份keepalived主体配置文件
test -f /usr/local/etc/keepalived/keepalived.conf.bak || cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
## 在/etc/keepalived/目录中，创建keepalived主体配置文件的链接文件
ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
## 在/etc/sysconfig/目录中，创建keepalived选项配置文件的链接文件
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
## 在/sbin/目录中，创建keepalived命令文件的链接文件，方便系统通过默认的PATH路径来检索执行该命令
ln -s /usr/local/sbin/keepalived /sbin/keepalived
## 将keepalived服务启动脚本复制到开机启动脚本目录中
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived
## 赋予keepalived服务开机启动脚本的可执行权限
chmod +x /etc/rc.d/init.d/keepalived
4. 启动keepalived服务
chkconfig keepalived on         ##设置keepalived服务开机自启动。
service keepalived start            ##启动keepalived服务。
ps aux| grep keepalived |grep -v grep
root       3361  0.0  0.1  44480  1036 ?        Ss   10:27   0:00 keepalived -D
root       3363  0.1  0.2  48784  2420 ?        S    10:27   0:00 keepalived -D
root       3364  0.1  0.1  48656  1652 ?        S    10:27   0:00 keepalived -D
创建KeepAlived高可用HA主备切换
1. 创建：HAproxy健康检测脚本
cat > /etc/keepalived/check_haproxy.sh <<EOF
#!/bin/bash
if [ \$(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
    /etc/init.d/haproxy  start
    sleep 2
elif [ \$(ps -C haproxy --no-header | wc -l) -eq 0 ]; then
    /etc/init.d/keepalived stop
else
    /etc/init.d/keepalived start
fi
EOF
chmod +x /etc/keepalived/check_haproxy.sh

配置：keepalived

暂时关闭：iptables防火墙

service iptables stop

配置：keepalived配置文件 server01

cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
## 全局配置段
global_defs {
   ## 定义：通知收件人邮箱
   notification_email {
     li@qq.com
   }
   ## 定义：发送邮件的邮件服务器
   notification_email_from HAproxy01@one.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id haproxy01
   ## 表示：切换时，依据global_defs中定义的邮件地址发送邮件通知
   ## 需要确保linux系统本机的smtp协议25/tcp端口处于工作状态。
   smtp_alert
   ## 表示当切换到master状态时，要执行的脚本
   notify_master "/etc/keepalived/notify.sh masker"
   ## 表示当切换到backup状态时，要执行的脚本
   notify_backup "/etc/keepalived/notify.sh backup"
   ## 表示当切换到fault故障状态时，要执行的脚本
   notify_fault  "/etc/keepalived/notify.sh fault"
}
## 定义：调用指定的<健康检测脚本程序>
vrrp_script check_haproxy {
       script "/etc/keepalived/check_haproxy.sh"
       interval 2
}
## 定义：故障转移组
vrrp_sync_group G1 {
  group {
    WAN
  }
}
vrrp_instance WAN {
    ## 定义：实例角色 
    state MASTER    
    ## 定义：承载VIP地址的物理接口
    interface eth0
    ## 定义：VIP的MAC地址中的vrrp值，（两个节点必须一致）
    virtual_router_id 51
    ## 定义：ARRP组播地址的<源IP地址>，即：心跳检测
    ##mcast_src_ip 192.168.10.9
    ## 定义：ARRP单播<源IP地址>，即：心跳检测
    unicast_src_ip 192.168.10.8
    ## 定义：ARRP单播<一个或多个目标IP地址>，即：心跳检测
    unicast_peer {
         192.168.10.9
    }
    ## 定义：优先级的初始值
    priority 100
    ## 定义：VRRP通知报文的时间间隔
    advert_int 1
    ## 设置：验证信息（两个节点必须一致）
    authentication {
        auth_type PASS
        auth_pass a123456!
    }
    ## 定义：本实例KeepAlived的VIP虚拟IP地址（两个节点必须一致）
    virtual_ipaddress {
        192.168.10.100/24 dev eth0 scope global
    }
    ## 定义：需要监控的网卡（可以包含额外的网卡）
    ## 注意：测试网卡故障转移时，必须彻底的断开网卡
    track_interface {
        eth0
        eth1
    }
    ## 定义：需要监控的<健康检测配置段>
    track_script {
        check_haproxy
    }
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart

配置：keepalived配置文件 server02

cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
## 全局配置段
global_defs {
   ## 定义：通知收件人邮箱
   notification_email {
     li@qq.com
   }
   ## 定义：发送邮件的邮件服务器
   notification_email_from HAproxy01@one.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id haproxy01
   ## 表示：切换时，依据global_defs中定义的邮件地址发送邮件通知
   ## 需要确保linux系统本机的smtp协议25/tcp端口处于工作状态。
   smtp_alert
   ## 表示当切换到master状态时，要执行的脚本
   notify_master "/etc/keepalived/notify.sh masker"
   ## 表示当切换到backup状态时，要执行的脚本
   notify_backup "/etc/keepalived/notify.sh backup"
   ## 表示当切换到fault故障状态时，要执行的脚本
   notify_fault  "/etc/keepalived/notify.sh fault"
}
## 定义：调用指定的<健康检测脚本程序>
vrrp_script check_haproxy {
       script "/etc/keepalived/check_haproxy.sh"
       interval 2
}
## 定义：故障转移组
vrrp_sync_group G1 {
  group {
    WAN
  }
}
vrrp_instance WAN {
    ## 定义：实例角色
    state BACKUP    
    ## 定义：承载VIP地址的物理接口
    interface eth0
    ## 定义：VIP的MAC地址中的vrrp值，（两个节点必须一致）
    virtual_router_id 51
    ## 定义：ARRP组播地址的<源IP地址>，即：心跳检测
    ##mcast_src_ip 192.168.10.9
    ## 定义：ARRP单播<源IP地址>，即：心跳检测
    unicast_src_ip 192.168.10.9
    ## 定义：ARRP单播<一个或多个目标IP地址>，即：心跳检测
    unicast_peer {
         192.168.10.8
    }
    ## 定义：优先级的初始值
    priority 50
    ## 定义：VRRP通知报文的时间间隔
    advert_int 1
    ## 设置：验证信息（两个节点必须一致）
    authentication {
        auth_type PASS
        auth_pass a123456!
    }
    ## 定义：本实例KeepAlived的VIP虚拟IP地址（两个节点必须一致）
    virtual_ipaddress {
        192.168.10.100/24 dev eth0 scope global
    }
    ## 定义：需要监控的网卡（可以包含额外的网卡）
    ## 注意：测试网卡故障转移时，必须彻底的断开网卡
    track_interface {
        eth0
        eth1
    }
    ## 定义：需要监控的<健康检测配置段>
    track_script {
        check_haproxy
    }
}
EOF
cat /etc/keepalived/keepalived.conf
service keepalived restart

检测vip绑定：

ip add show eth0

防火墙

service iptables restart
iptables -D INPUT -p vrrp -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT
service iptables save

测试

检测vip绑定：

ip add show eth0
service keepalived stop
service keepalived status
service haproxy stop
service haproxy status

检测心跳信息（VRRP数据包）：

tcpdump -p vrrp -n -i eth0

服务

service keepalived restart
service keepalived stop

7. Keepalived安装和基础功能实现
1 Keepalived部署 1.1 Keepalived-yum安装环境 CentOS-7自带版本主配置文件...
socket选项IP_TRANSPARENT简单介绍
1 引言在使用Keepalived部署DNS(nsd)高可用集群时，不使用LVS，仅仅使用Keepalived实...
KeepAlived 部署
安装：KeepAlived 查看IPVS模块是否已经编译到内核中安装keepalived的依赖组件安装依赖组件 ...
keepalived环境部署
一、软件安装 yum install -y keepalived 二、查询已安装的软件及路径 rpm -qc ke...
keepalived安装部署
keepalived介绍第二章： keepalived工作原理 keepalived高可用功能实现的基本原理为:...
keepalived部署说明
流程规范 route_id分配原则网络分配vip 10.XXX.XXX.2-10.XXX.XXX.9 对应rou...
Keepalived安装部署
1.下载地址 keepalived下载 2.通过ftp工具上传到 /home/software目录下 3.解压ke...
使用kube-vip部署高可用K8S集群
目前高可用部署方式1.haproxy+keepalived（复杂）2.sealos（一键部署，目前高版本底层使用的...
Varnish实例
一、前言实现基于keepalived+nginx+Varnish+LAMP企业架构，在后端LAMP部署wordp...
ipv6 lvs部署方案
ipv6 lvs架构部署 1.安装组件yum install ipvsadm keepalived mysql-s...