keepalived

keepalived

VRRP通过一种竞选(election)协议来动态的将路由任务交给LAN中虚拟路由器中的某台VRRP路由器。

VRRP路由器
VRRP路由器是一台路由器，只不过上面运行了VRRPD这样的程序来实现VRRP协议，这是一台物理的路由器，一台VRRP路由器可以位于多个虚拟路由器。

keepalived配置

配置文件组件部分：

TOP HIERACHY
    GLOBAL CONFIGURATION
        Global definitions    
    VRRPD CONFIGURATION
        VRRP synchronization group(s)：vrrp同步组
        VRRP instance(s)：即一个vrrp虚拟路由器
    LVS CONFIGURATION
        Virtual server group(s)
        Virtual server(s)：ipvs集群的vs和rs

Mater配置示例,backup配置只需将state状态改为BACKUP

~]# vi /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id ha1.example.com
   vrrp_skip_check_adv_addr #如果收到的报文和上一个报文是同一个路由器则跳过检查报文中的源地址
   vrrp_strict #严格遵守VRRP协议,不允许状况:1,没有VIP地址,2.单播邻居,3.在VRRP版本2中有IPv6地址.
   vrrp_garp_interval 0 #ARP报文发送延迟
   vrrp_gna_interval 0 #消息发送延迟
   vrrp_mcast_group4 224.0.0.18 #默认组播IP地址，224.0.0.0到239.255.255.255
   #vrrp_iptables
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 80
    priority 100
    advert_int 1

    authentication {
        auth_type PASS
        auth_pass 1111qwer
    }
    virtual_ipaddress {
        192.168.7.248 dev eth0 label eth0:0
    }
    notify_master
    notify_backup
    notify_fault
}

keepalived通知脚本

[root@localhost keepalived]# cat /etc/keepalived/notify.sh 
#!/bin/bash
contact='2973707860@qq.com'
notify() {
  mailsubject="$(hostname) to be $1, vip 转移"
  mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
  echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
  notify master
  ;;
backup)
  notify backup
  ;;
fault)
  notify fault
  ;;
*)
  echo "Usage: $(basename $0) {master|backup|fault}"
  exit 1
  ;;
esac

keepalived配置多vip

vrrp_instance VI_1 {
    state MASTER
    interface ens34
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.34.248/24 dev ens34 label ens34:1
        192.168.34.249/24 dev ens34 label ens34:2
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault  "/etc/keepalived/notify.sh fault"
}

keepalived双主配置
配置方式如下，两台keepalive的主机的priority值需相反

vrrp_instance VI_1 {
    state MASTER
    interface ens34
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
	192.168.34.248/24 dev ens34 label ens34:1
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault  "/etc/keepalived/notify.sh fault"
}

vrrp_instance VI_2 {
    state BACKUP
    interface ens34
    virtual_router_id 52
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.34.249/24 dev ens34 label ens34:2
    }
    notify_master "/etc/keepalived/notify.sh master"
    notify_backup "/etc/keepalived/notify.sh backup"
    notify_fault  "/etc/keepalived/notify.sh fault"
}

开启内核参数，允许haproxy绑定本机没有的ip地址的端口。

[root@master keepalived]# cat /etc/sysctl.d/keepalived.conf 
net.ipv4.ip_nonlocal_bind = 1

配置haproxy

frontend main 
  bind 192.168.34.248:80
  #acl ip_range_test src 192.168.34.0/24
  #use_backend test_host if ip_range_test
  default_backend default_web

frontend test_host
  bind 192.168.34.249:80
  default_backend test_host

backend test_host
  mode http
  server web1 192.168.34.102:80 check inter 2000 fall 3 rise 5

backend default_web
  mode http
  server web2 192.168.34.103:80 check inter 2000 fall 3 rise 5

keepalived单播配置及示例

unicast_src_ip  本机源IP
    unicast_peer {
        目标主机IP
    }

示例：

global_defs {
	unicast_src_ip 192.168.34.100 
	unicast_peer {
		192.168.34.101
	}
}