keepalived-vrrp设置

keepalived环境准备

1.各节点时间必须同步

2.关闭selinux和防火墙

[root@localhost keepalived1]#yum install ipvsadm keepalived -y               #安装软件主机1                  

[root@localhost keepalived1]# cat keepalived.conf

! Configuration File for keepalived

  global_defs {

  notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc

  smtp_server 192.168.200.1         #SMTP邮件服务

  smtp_connect_timeout 30

  router_id LVS_DEVEL

  vrrp_skip_check_adv_addr

  vrrp_iptables      #启用参数不生成防火墙规则

  vrrp_strict

  vrrp_garp_interval 0

  vrrp_gna_interval 0

}

vrrp_instance VIP1 {

   state MASTER             #主服务器

   interface ens192        #网卡接口

   virtual_router_id 51     #路由id

   priority 100               #优先级

   advert_int 1               #检测时间1s

   authentication {

       auth_type PASS

       auth_pass 1111

   }

   virtual_ipaddress {

       172.16.116.99 dev ens192 label ens192:0          #vip设置

   }

}

[root@localhost keepalived2]# yum install ipvsadm keepalived -y    #安装主机2

[root@localhost keepalived]# cat keepalived.conf

! Configuration File for keepalived

global_defs {

  notification_email {

    acassen@firewall.loc

    failover@firewall.loc

    sysadmin@firewall.loc

  }

  notification_email_from Alexandre.Cassen@firewall.loc

  smtp_server 192.168.200.1

  smtp_connect_timeout 30

  router_id LVS_DEVEL

  vrrp_skip_check_adv_addr

  vrrp_iptables   #启用参数不生成防火墙规则

  vrrp_strict

  vrrp_garp_interval 0

  vrrp_gna_interval 0

}

vrrp_instance VIP1 {

   state BACKUP            #备用模式

   interface ens192

   virtual_router_id 51    #路由id

   priority 90                  #优先级90

   advert_int 1                #检测时间1s

   authentication {

       auth_type PASS

       auth_pass 1111

   }

   virtual_ipaddress {

       172.16.116.99 dev ens192 label ens192:0

   }

}

#注意配置完成后验证配置信息

#systemctl stop keepalived      #停服务，确认两台主机之间vip会发生漂移吗？

#ip add

[root@localhost keepalived]# ip add          #确认vip信息

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

   inet 127.0.0.1/8 scope host lo

      valid_lft forever preferred_lft forever

   inet6 ::1/128 scope host  

      valid_lft forever preferred_lft forever

2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

   link/ether 00:50:56:95:c0:20 brd ff:ff:ff:ff:ff:ff

   inet 172.16.116.91/24 brd 172.16.116.255 scope global noprefixroute ens192

      valid_lft forever preferred_lft forever

   inet 172.16.116.99/32 scope global ens192:0

      valid_lft forever preferred_lft forever

   inet6 fe80::8f54:3d46:7596:9ff2/64 scope link noprefixroute  

      valid_lft forever preferred_lft forever

[root@localhost2 ~]# tail -f /var/log/messages                #查看日志信息，确认

Jan 17 22:21:28 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:21:28 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:21:28 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:21:28 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:22:12 localhost systemd-logind: New session 13 of user root.

Jan 17 22:22:12 localhost systemd: Started Session 13 of user root.

Jan 17 22:22:34 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Received advert with higher priority 100, ours 90

Jan 17 22:22:34 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Entering BACKUP STATE

Jan 17 22:22:34 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) removing protocol VIPs.

Jan 17 22:22:34 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) removing protocol iptable drop rule

Jan 17 22:23:06 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Transition to MASTER STATE

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Entering MASTER STATE

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) setting protocol iptable drop rule

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) setting protocol VIPs.

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Sending/queueing gratuitous ARPs on ens192 for 172.16.116.99

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:07 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Sending/queueing gratuitous ARPs on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:23:12 localhost Keepalived_vrrp[30326]: Sending gratuitous ARP on ens192 for 172.16.116.99

Jan 17 22:24:04 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Received advert with higher priority 100, ours 90

Jan 17 22:24:04 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) Entering BACKUP STATE

Jan 17 22:24:04 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) removing protocol VIPs.

Jan 17 22:24:04 localhost Keepalived_vrrp[30326]: VRRP_Instance(VIP1) removing protocol iptable drop rule

#root@localhost keepalived]# iptables -nvL INPUT                  #如果生成iptables规则，需要删除它

Chain INPUT (policy ACCEPT 822 packets, 59631 bytes)

pkts bytes target     prot opt in     out     source               destination          

   0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53

   0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53

   0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67

   0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

   0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set keepalived dst

[root@localhost keepalived]# iptables -t filter -D INPUT 5         #删除生成INPUT规则 ,不然到vip的所有包都会丢掉

[root@localhost keepalived]# iptables -nvL INPUT

Chain INPUT (policy ACCEPT 6 packets, 396 bytes)

pkts bytes target     prot opt in     out     source               destination          

   0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53

   0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53

   0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67

   0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67