非抢占式模式
默认为抢占模式 preempt,即当高优先级的主机恢复在线后,会抢占低先级的主机的master角色,造成 网络抖动,建议设置为非抢占模式 nopreempt ,即高优先级主机恢复后,并不会抢占低优先级主机的 master 角色注意: 非抢占模式下,如果原主机down机, VIP迁移至的新主机,后续新主机也发生down时,VIP还会迁移回 修复好的原主机但如果新主机的服务down掉(keepalived服务正常),原主机也不会接管VIP,仍会由新主机拥有VIP即非抢占式模式,只是适合当主节点宕机,切换到从节点的一次性的高可用性,后续即使当原主节点修复好,仍无法再次起到高用功能注意:要关闭 VIP抢占,必须将各 Keepalived 服务器 state 配置为 BACKUP
非抢占式配置
节点一:
vrrp_instance VI_1 {
state BACKUP #都为BACKUP
interface eth1
virtual_router_id 66
priority 100 #优先级高
advert_int 1
nopreempt #添加此行设为nopreempt
节点二:
vrrp_instance VI_1 {
state BACKUP #都为BACKUP
interface eth1
virtual_router_id 66
priority 80 #优先级低
advert_int 1
nopreempt #添加此行设为nopreempt
所有节点重启keepalived挂掉节点一,观察结果
[root@ubuntu2004 ~]#tcpdump -i eth1 -nn host 224.0.0.18
23:09:59.835993 IP 192.168.10.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
23:10:00.687778 IP 192.168.10.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 0, authtype simple, intvl 1s, length 20
23:10:01.376464 IP 192.168.10.101 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
节点二接替节点一组播地址信息
[root@ubuntu2004 ~]#hostname -I
10.0.0.102 10.0.0.100 192.168.10.101
VIP地址飘到了节点二上节点一重启后,观察结果
主节点二IP
[root@ubuntu2004 ~]#hostname -I
10.0.0.102 10.0.0.100 192.168.10.101
节点二依然在组播地址信息
[root@ubuntu2004 ~]#tcpdump -i eth1 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
23:13:23.538298 IP 192.168.10.101 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20
23:13:24.539440 IP 192.168.10.101 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 80, authtype simple, intvl 1s, length 20挂掉节点二,观察结果
回到节点一组播地址信息
[root@ubuntu2004 ~]#tcpdump -i eth1 -nn host 224.0.0.18
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
23:14:41.199520 IP 192.168.10.100 > 224.0.0.18: VRRPv2, Advertisement, vrid 66, prio 100, authtype simple, intvl 1s, length 20
查看节点一IP信息
[root@ubuntu2004 ~]#hostname -I
10.0.0.101 10.0.0.100 192.168.10.100
查看节点二IP信息
[root@ubuntu2004 ~]#hostname -I
10.0.0.102 192.168.10.101抢占延迟模式preempt_delay
抢占延迟模式,即优先级高的主机恢复后,不会立即抢回VIP,而是延迟一段时间在抢回VIP
preempt_delay #指定抢占延迟时间为#s,默认延迟300s节点一:
vrrp_instance VI_1 {
state BACKUP #都为BACKUP
interface eth1
virtual_router_id 66
priority 100 #优先级高
advert_int 1
preempt_delay 60 #抢占延迟模式,默认延迟300s
节点二:
vrrp_instance VI_1 {
state BACKUP #都为BACKUP
interface eth1
virtual_router_id 66
priority 80 #优先级低
advert_int 1VIP 单播配置
单播的优点
1、默认keepalived主机之间利用多播相互通告消息,会造成网络拥塞,可以替换成单播,减少网络流量
2、点对点,比较安全
3、在全局配置里面配置多播
vrrp_mcast_group4 239.0.0.0 #单播优于多播
(多播地址范围为D类地址)
A类:1-126
B类:128-191
C类:192-223
D类:224-239
E类:240-254
另外:有些公有云不支持多播,可以单播实现
注意:启用 vrrp_strict 时,不能启用单播配置如下:
节点一
[root@ubuntu2004 ~]#vim /etc/keepalived/conf.d/www.meng.org.conf
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 66
priority 100
advert_int 1
#nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.10.100 #指定发送单播的源IP,心跳线地址
unicast_peer{
192.168.10.101 #其他节点单播接收地址,也是心跳线地址
}
}
[root@ubuntu2004 ~]#systemctl restart keepalived.service
节点二:
[root@ubuntu2004 ~]#vim /etc/keepalived/conf.d/www.meng.org.conf
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 66
priority 80
advert_int 1
#nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.10.101 #指定发送单播的源IP,心跳线地址
unicast_peer{
192.168.10.100 #其他节点单播接收地址,也是心跳线地址
}
}
[root@ubuntu2004 ~]#systemctl restart keepalived.service
单播抓包 tcpdump -i eth1 -nn host 192.168.10.100
停止节点一服务,查看节点二IP
[root@ubuntu2004 ~]#systemctl stop keepalived.service
[root@ubuntu2004 ~]#hostname -I
10.0.0.102 10.0.0.100 192.168.10.101Keepalived 通知脚本配置
当keepalived的状态变化时,可以自动触发脚本的执行,比如:发邮件通知用户
默认以用户keepalived_script身份执行脚本,如果此用户不存在,以root执行脚本
通知脚本类型
当前节点成为主节点时触发的脚本
notify_master <STRING>|<QUOTED-STRING>当前节点转为备节点时触发的脚本
notify_backup <STRING>|<QUOTED-STRING>当前节点转为“失败”状态时触发的脚本
notify_fault <STRING>|<QUOTED-STRING>通用格式的通知触发机制,一个脚本可完成以上三种状态的转换时的通知
notify <STRING>|<QUOTED-STRING>当停止VRRP时触发的脚本
notify_stop <STRING>|<QUOTED-STRING>ubuntu通过send email命令往外发邮件(根据三种不同的状态发送邮件master|backup|fault)
发邮件脚本
[root@ubuntu2004 ~]#cat notify.sh
#!/bin/bash
contact='13298188777@163.com' #接收邮件帐号
email_send='1153454651@qq.com' #发邮件帐号
email_passwd='bdeuidngbzvufjjf' #发邮件帐号授权码
email_smtp_server='smtp.qq.com'
. /etc/os-release
msg_error() {
echo -e "\033[1;31m$1\033[0m"
}
msg_info() {
echo -e "\033[1;32m$1\033[0m"
}
msg_warn() {
echo -e "\033[1;33m$1\033[0m"
}
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_sendemail () {
if [[ $ID =~ rhel|centos|rocky ]];then
rpm -q sendemail &> /dev/null || yum install -y sendemail
elif [ $ID = 'ubuntu' ];then
dpkg -l |grep -q sendemail || { apt update; apt install -y libio-socket-ssl-perl libnet-ssleay-perl sendemail ; }
else
color "不支持此操作系统,退出!" 1
exit
fi
}
send_email () {
local email_receive="$1"
local email_subject="$2"
local email_message="$3"
sendemail -f $email_send -t $email_receive -u $email_subject -m $email_message -s $email_smtp_server -o message-charset=utf-8 -o tls=yes -xu $email_send -xp $email_passwd
[ $? -eq 0 ] && color "邮件发送成功!" 0 || color "邮件发送失败!" 1
}
notify() {
if [[ $1 =~ ^(master|backup|fault)$ ]];then
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
send_email "$contact" "$mailsubject" "$mailbody"
else
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
fi
}
install_sendemail
notify $1给脚本加执行权限并测试
[root@ubuntu2004 ~]#chmod +x notify.sh
[root@ubuntu2004 ~]#./notify.sh master
可观察到发送的邮件
[root@ubuntu2004 ~]#./notify.sh backup
[root@ubuntu2004 ~]#./notify.sh fault脚本调用方法
在 vrrp_instance VI_1 语句块的末尾加下面行
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"范例
各节点配置脚本调用方法(都配置)
[root@ubuntu2004 ~]#vim /etc/keepalived/conf.d/www.meng.org.conf
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 66
priority 100
advert_int 1
#nopreempt
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
unicast_src_ip 192.168.10.100
unicast_peer{
192.168.10.101
}
notify_master "/etc/keepalived/notify.sh master" #当节点的状态称为master就会发送邮件
notify_backup "/etc/keepalived/notify.sh backup" #当节点的状态称为backup就会发送邮件
notify_fault "/etc/keepalived/notify.sh fault" #当节点的状态称为fault就会发送邮件
}
把脚本移动到/etc/keepalived/路径下
[root@ubuntu2004 ~]#ll /etc/keepalived/notify.sh
-rwxr-xr-x 1 root root 2431 10月 29 14:33 /etc/keepalived/notify.sh*
重启
[root@ubuntu2004 ~]#systemctl restart keepalived.service
最好把两个节点区别开来,容易辨别哪个节点发送的邮件,可更改主机名测试邮件性能
目前VIP地址存放节点在ka1,停掉ka1节点keepalived服务,ka2节点状态变了,会发送邮件
[root@ka2 ~]#hostname -I
10.0.0.102 10.0.0.100 192.168.10.101
收到ka2节点发送的邮件(邮件内容如下)
2022-10-29 14:54:05: vrrp transition, ka2 changed to be master
重启ka1节点,由于是抢占式状态,ka1节点会抢占VIP,并且收到三份邮件
[root@ka1 ~]#systemctl start keepalived
[root@ka1 ~]#hostname -I
10.0.0.101 10.0.0.100 192.168.10.100
收到三份邮件
第一份是ka1起来后,还未抢占VIP发送的状态邮件
2022-10-29 14:56:23: vrrp transition, ka1 changed to be backup
第二份是ka2被抢占VIP后发送的状态邮件
2022-10-29 14:56:26: vrrp transition, ka2 changed to be backup
第三份是ka1抢占VIP后发送的状态邮件
2022-10-29 14:56:26: vrrp transition, ka1 changed to be master