synchronization

资源安装/Keepalived部署.md

@@ -0,0 +1,221 @@
+> 本文作者：丁辉
+
+# Keepalived部署使用
+
+> 介绍：当前配置完全可以在大规模生产集群中使用
+
+|   节点   |    网关IP    |     VIP      |
+| :------: | :----------: | :----------: |
+| 主网关一 | 192.168.1.11 |              |
+| 从网关二 | 192.168.1.12 |              |
+|          |              | 192.168.1.10 |
+
+## 安装 keepalived
+
+```bash
+yum install -y keepalived
+```
+
+## 主节点
+
+**编辑配置文件**
+
+```bash
+mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
+vi /etc/keepalived/keepalived.conf
+```
+
+内容如下
+
+```bash
+! Configuration File for keepalived
+  
+global_defs {
+   router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的
+}
+
+#vrrp_script check_health {
+  # 检测脚本
+  #script "/etc/keepalived/check_health_status.sh"
+  # 执行间隔时间
+  #interval 5
+#}
+
+vrrp_instance VI_1 {
+    # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER )
+    state BACKUP
+    # 网卡设备名
+    interface eth0
+    # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255)
+    virtual_router_id 50
+    # 优先级
+    priority 100
+    # MASTER与BACKUP同步检查的时间间隔
+    advert_int 1
+    # 非抢占模式
+    nopreempt
+    # 本机IP地址
+    unicast_src_ip 192.168.1.11
+    # 对端IP地址
+    unicast_peer { 
+        192.168.1.12
+    }
+    authentication {
+        # 指定认证方式
+        auth_type PASS
+        # 指定认证所使用的密码
+        auth_pass 1111
+    }
+    virtual_ipaddress {
+        192.168.1.10/24 dev eth0
+    }
+    # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
+    track_interface {
+        eth0
+    }
+    # 开启检测脚本
+    #track_script {
+      #check_health
+    #}
+}
+```
+
+## 从节点
+
+**编辑配置文件**
+
+```bash
+mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
+vi /etc/keepalived/keepalived.conf
+```
+
+内容如下
+
+```bash
+! Configuration File for keepalived
+  
+global_defs {
+   router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的
+}
+
+#vrrp_script check_health {
+  # 检测脚本
+  #script "/etc/keepalived/check_health_status.sh"
+  # 执行间隔时间
+  #interval 5
+#}
+
+vrrp_instance VI_1 {
+    # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER )
+    state BACKUP
+    # 网卡设备名
+    interface eth0
+    # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255)
+    virtual_router_id 50
+    # 优先级
+    priority 50
+    # MASTER与BACKUP同步检查的时间间隔
+    advert_int 1
+    # 非抢占模式
+    nopreempt
+    # 本机IP地址
+    unicast_src_ip 192.168.1.12
+    # 对端IP地址
+    unicast_peer { 
+        192.168.1.11
+    }
+    authentication {
+        # 指定认证方式
+        auth_type PASS
+        # 指定认证所使用的密码
+        auth_pass 1111
+    }
+    virtual_ipaddress {
+        192.168.1.10/24 dev eth0
+    }
+
+    # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常
+    track_interface {
+        eth0
+    }
+    # 开启检测脚本
+    #track_script {
+      #check_health
+    #}
+}
+```
+
+## 启动 keepalived
+
+```bash
+systemctl start keepalived
+systemctl enable keepalived
+systemctl status keepalived
+```
+
+## 配置健康检测
+
+1. 编辑脚本
+
+   ```bash
+   vi /etc/keepalived/check_health_status.sh
+   ```
+
+   内容如下
+
+   ```bash
+   #!/bin/bash                                                                                             
+   /usr/bin/curl -I http://localhost:10254/healthz 
+     
+   if [ $? -ne 0 ];then
+                                                                        
+        cat /var/run/keepalived.pid | xargs kill
+     
+   fi
+   ```
+
+2. 授权
+
+   ```bash
+   chmod +x /etc/keepalived/check_health_status.sh
+   ```
+
+3. 确保服务启动后，编辑 keepalived 配置文件取消检测注释，重启后生效
+
+   ```bash
+   systemctl restart keepalived
+   ```
+
+## 配置 Keepalived 自恢复
+
+> 更改 Keepalived Systemd 配置文件, 加入如下内容, Keepalived会一直重启检测服务是否恢复正常
+
+```bash
+vi /lib/systemd/system/keepalived.service
+```
+
+```bash
+[Service]
+# 总是重启该服务
+Restart=always
+# 重启间隔时间
+RestartSec=10
+```
+
+## 防火墙配置
+
+> 开放其中一种即可
+
+- 允许vrrp流量
+
+  ```bash
+  iptables -A INPUT -p vrrp -j ACCEPT
+  ```
+
+- 允许组播流量
+
+  ```bash
+  iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
+  ```
+
+