Configuration Example: https://blog.51cto.com/14227204/2438902
a, keepalived working principle and function:
keepalived first is a powerful auxiliary tool designed specifically for LVS, mainly used to provide failover and health checks - LVS load balancer determine availability server nodes, timely isolation and replaced with a new server, when a failed host after its return to re-join the cluster. LVS separate deployment environment, then the scheduler downtime occurs, the whole cluster becomes ineffective after a certain web node goes down, the client at the time of the visit, there will always run into situations not visit the page, so the keepalived and LVS combine to form before a true high availability cluster, of course, must be shared storage backend storage server to build a highly available, three of which have a satisfied or not, can not be called a high-availability cluster environment.
keepalived official website: http://www.linuxvirtualserver.org/ , in a non-LVS environment, keepalived also be used as hot backup software
use.
keepalived using VRRP (Virtual Routing Redundancy Protocol) protocol hot backup, software way to achieve Linux servers
Multi hot standby. VRRP backup solution is directed to a router - a multiple routers form a hot standby groups, through
Had shared virtual IP (VIP) address external services; the same time in each group hot backup mention only one master router
For services, other routers in redundant state, if the current line of router fails, another router will automatically take over
(Priority order decided to take over) the virtual IP address, in order to continue to provide services.
Each router in the hot standby group are likely to be the main router, IP address of the virtual router (VIP) can be in the hot standby group
Router transfer, it is also known drift IP address. When using keepalived, drift address the need to manually implement
Establishing virtual interface profile (e.g. ens33: 0), but it is automatically managed by the file according to the configuration keepalived.
Hot standby mode based on the VRRP, keepalived failover server may be used, each group may have more than one hot standby server
Service is - most commonly used is a multi hot standby. In this embodiment multiple hot standby, failover for the virtual IP address of the main
Drift to achieve. Therefore it can be applied to various application servers (either Web, FTP, Mail, or SSH, DNS ....).
Two, keepalived hot standby configuration in detail:
.
By a simple FIG environment below, can be configured to fully understand the function and the stateful failover: 
1, configure the master server:
[root@lVS1 ~]# systemctl stop firewalld #关闭防火墙
[root@lVS1 ~]# yum -y install keepalived ipvsadm 安装所需工具
[root@lVS1 ~]# systemctl enable keepalived #设置开机自启动
[root@lVS1 ~]# cd /etc/keepalived/
[root@lVS1 keepalived]# cp keepalived.conf keepalived.conf.bak #备份配置文件
[root@lVS1 keepalived]# vim keepalived.conf #编辑配置文件
global_defs {
notification_email {
[email protected] #启用邮件通知功能,这里设置收件人地址,可以配置多个
[email protected]
[email protected]
}
notification_email_from [email protected] #发件人姓名、地址
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL1 #本服务器的名称(在群集中必须唯一)。
.............. #省略部分内容
}
vrrp_instance VI_1 { #定义VRRP热备实例
state MASTER #热备状态,MASTER表示主服务器(注意大小写)
interface ens33 #承载VIP地址的物理接口
virtual_router_id 51 #虚拟路由器的ID号,每个热备组保持一致。
priority 100 #优先级0-100,数值越大越优先。
advert_int 1 #通告间隔秒数(心跳频率)。
authentication { #认证信息,每个热备组保持一致
auth_type PASS #认证类型
auth_pass 1111 #密码字串
}
virtual_ipaddress { #指定漂移地址,可以有多个
192.168.1.100
}
}
......................... #省略部分内容After confirming the above configuration is correct, and then start keepalived service, the actual state of the primary server for the MASTER will automatically add ens33 interfaces VIP address, the ip command to view (Note: ifconfig command can not see).
[root@lVS1 keepalived]# systemctl start keepalived #启动该服务
[root@lVS1 keepalived]# ip a show dev ens33 #查看ens33接口
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UPUt qlen 1000
link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.100/32 scope global ens33 #可以看到VIP已经配置在ens33上。
valid_lft forever preferred_lft forever
inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute
valid_lft forever preferred_lft forever2, the backup server configuration (LVS2):
in the hot standby keepalived same group, all servers keepalived profile substantially the same, some configurations shall
It must be the same, including the ID number, authentication information, drift address, virtual router heart rate , etc., differ primarily in the way
The name, hot standby status, priority . Note the following points when specific configuration:
-
Server name (route_id): recommendations specify a different name for each server involved in hot standby.
-
Hot Standby state (state): have at least one primary server, set the status to the MASTER; can have more than one backup server, sets the status to BACKUP.
- Priority (priority): to obtain higher value of the control VIP higher the priority, so the priority should be set to the primary maximum and services; other backup servers in descending order, but not identical, in order to avoid contention occurs when control VIP conflict.
.
When configuring the standby server (which may be more than one), keepa.conf can simply copy over the file of the main server, the server name modification, hot standby status, priority, three on it, even if it is some web contains configuration node, also without modification, can not be modified.
[root@LVS2 ~]# systemctl stop firewalld #关闭防火墙
[root@LVS2 ~]# yum -y install keepalived ipvsadm #安装相关工具
[root@LVS2 ~]# scp [email protected]:/etc/keepalived/keepalived.conf /etc/keepalived/
#使用主服务器root用户将主服务器的keepalived配置文件复制过来。
[email protected] s password: #输入主服务器root用户的密码
keepalived.conf 100% 3549 3.5MB/s 00:00
[root@LVS2 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
...............
router_id LVS_DEVEL2 #修改这里的服务器名称
.....................
}
..............
vrrp_instance VI_1 {
state BACKUP #修改这里的状态,改为BACKUP
interface ens33 #若该服务器承载VIP的物理接口有变,则这里也要修改
virtual_router_id 51
priority 90 #修改优先级,要比主服务器低。
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.100
}
}
.................
#改动上述几行后,保存退出即可。
[root@LVS2 ~]# systemctl start keepalived #启动服务
[root@LVS2 ~]# systemctl enable keepalived #设置开机自启动At this time, the primary server is still online, the VIP address is actually still controlled by the master server, another server in the backup state, the standby server will not add VIP addresses ens33 Interface:
[root@LVS2 ~]# ip a show dev ens33 #查看ens33接口,不会看到VIP
2: ens33: <BROADCAST,MULTICAST,Udel state UP group default qlen 1000
link/ether 00:0c:29:9a:09:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::3050:1a9b:5956:5297/64 scope link noprefixroute
valid_lft forever preferred_lft forever3, dual-function test Hot Standby:
The main server is down, or stop keepalived service, wait about 15 seconds to view the backup server ens33 card, you will find the address has been transferred from the drift, indicating Hot Standby function dual effect. After the primary server is powered on, drift address will be automatically transferred back to the primary server.
[root@localhost ~]# ip a show dev ens33 #主服务器关机后查看备份服务器的网卡信息
2: ens33: <BROADCAST,MULTICAST,UP state UP group default qlen 1000
link/ether 00:0c:29:9a:09:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.100/32 scope global ens33 #漂移地址已经转移过来了
valid_lft forever preferred_lft forever
inet6 fe80::3050:1a9b:5956:5297/64 scope link noprefixroute
valid_lft forever preferred_lft foreverThen the primary server is powered on, you will find VIP has been transferred back to the primary server and backup server and finding out VIP:
[root@LVS1 ~]# ip a show dev ens33 #在主服务器上进行查看
2: ens33: <BROADCAST,MULTICAST,UP,Lefault qlen 1000
link/ether 00:0c:29:77:2c:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.1.100/32 scope global ens33 #VIP地址在这里了
valid_lft forever preferred_lft forever
inet6 fe80::95f8:eeb7:2ed2:d13c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@LVS2 ~]# ip a show dev ens33 #在备份服务器上进行查看
2: ens33: <BROADCAST,MULTICAST,UP,P grou00
link/ether 00:0c:29:9a:09:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope goute ens33
valid_lft forever preferred_lft forever
inet6 fe80::3050:1a9b:5956:5297/64 scope link noprefixroute
valid_lft forever preferred_lft forever