> 本文作者:丁辉 # Keepalived部署使用 > 介绍:当前配置完全可以在大规模生产集群中使用 | 节点 | 网关IP | VIP | | :------: | :----------: | :----------: | | 主网关一 | 192.168.1.11 | | | 从网关二 | 192.168.1.12 | | | | | 192.168.1.10 | ## 安装 keepalived ```bash yum install -y keepalived ``` ## 主节点 **编辑配置文件** ```bash mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak vi /etc/keepalived/keepalived.conf ``` 内容如下 ```bash ! Configuration File for keepalived global_defs { router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的 } #vrrp_script check_health { # 检测脚本 #script "/etc/keepalived/check_health_status.sh" # 执行间隔时间 #interval 5 #} vrrp_instance VI_1 { # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER ) state BACKUP # 网卡设备名 interface eth0 # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255) virtual_router_id 50 # 优先级 priority 100 # MASTER与BACKUP同步检查的时间间隔 advert_int 1 # 非抢占模式 nopreempt # 本机IP地址 unicast_src_ip 192.168.1.11 # 对端IP地址 unicast_peer { 192.168.1.12 } authentication { # 指定认证方式 auth_type PASS # 指定认证所使用的密码 auth_pass 1111 } virtual_ipaddress { 192.168.1.10/24 dev eth0 } # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常 track_interface { eth0 } # 开启检测脚本 #track_script { #check_health #} } ``` ## 从节点 **编辑配置文件** ```bash mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak vi /etc/keepalived/keepalived.conf ``` 内容如下 ```bash ! Configuration File for keepalived global_defs { router_id LVS_DEVEL # 负载均衡标识, 在局域网内应该是唯一的 } #vrrp_script check_health { # 检测脚本 #script "/etc/keepalived/check_health_status.sh" # 执行间隔时间 #interval 5 #} vrrp_instance VI_1 { # 备用状态(当 MASTER 宕机之后根据优先级提升 BACKUP 为 MASTER ) state BACKUP # 网卡设备名 interface eth0 # 标识虚拟路由器的ID(在局域网内应该是唯一的, 0-255) virtual_router_id 50 # 优先级 priority 50 # MASTER与BACKUP同步检查的时间间隔 advert_int 1 # 非抢占模式 nopreempt # 本机IP地址 unicast_src_ip 192.168.1.12 # 对端IP地址 unicast_peer { 192.168.1.11 } authentication { # 指定认证方式 auth_type PASS # 指定认证所使用的密码 auth_pass 1111 } virtual_ipaddress { 192.168.1.10/24 dev eth0 } # 路由检测, 通过检测指定的网卡是否存在来判断服务是否正常 track_interface { eth0 } # 开启检测脚本 #track_script { #check_health #} } ``` ## 启动 keepalived ```bash systemctl start keepalived systemctl enable keepalived systemctl status keepalived ``` ## 配置健康检测 1. 编辑脚本 ```bash vi /etc/keepalived/check_health_status.sh ``` 内容如下 ```bash #!/bin/bash /usr/bin/curl -I http://localhost:10254/healthz if [ $? -ne 0 ];then cat /var/run/keepalived.pid | xargs kill fi ``` 2. 授权 ```bash chmod +x /etc/keepalived/check_health_status.sh ``` 3. 确保服务启动后,编辑 keepalived 配置文件取消检测注释,重启后生效 ```bash systemctl restart keepalived ``` ## 配置 Keepalived 自恢复 > 更改 Keepalived Systemd 配置文件, 加入如下内容, Keepalived会一直重启检测服务是否恢复正常 ```bash vi /lib/systemd/system/keepalived.service ``` ```bash [Service] # 总是重启该服务 Restart=always # 重启间隔时间 RestartSec=10 ``` ## 防火墙配置 > 开放其中一种即可 - 允许vrrp流量 ```bash iptables -A INPUT -p vrrp -j ACCEPT ``` - 允许组播流量 ```bash iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT ```