• keepalived vip做网关


    背景:

           两台vm,只有一个公网地址。实现公网地址vip。

    实现:

         两台vm上都开启公网和内网两个网卡

     具体配置如下:

    1、master和backup网卡配置情况

    master

    [root@w106 keepalived]# more /etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    HWADDR=a6:ba:02:79:7c:e3
    TYPE=Ethernet
    UUID=602ffeba-811a-432e-9744-3503cb451d7f
    ONBOOT=yes
    NM_CONTROLLED=yes
    [root@w106 keepalived]# more /etc/sysconfig/network-scripts/ifcfg-eth1
    DEVICE=eth1
    HWADDR=ca:db:6b:f6:f4:b3
    TYPE=Ethernet
    UUID=cb26518e-4093-4f27-addf-b651c5fce7fa
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=static
    IPADDR=192.168.1.106
    NETMASK=255.255.255.0
    

    backup

    [root@w107 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth0
    DEVICE=eth0
    HWADDR=32:ea:97:67:36:e9
    TYPE=Ethernet
    UUID=602ffeba-811a-432e-9744-3503cb451d7f
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=none
    [root@w107 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth1
    DEVICE=eth1
    HWADDR=fe:41:f2:d1:2e:77
    TYPE=Ethernet
    UUID=cb26518e-4093-4f27-addf-b651c5fce7fa
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=static
    IPADDR=192.168.1.107
    NETMASK=255.255.255.0
    

    2、keepalived的配置文件

    master

    [root@w106 keepalived]# more keepalived.conf
    ! Configuration File for Keepalived
    ! ---------------------------------------------------------------------------
    ! GLOBAL
    ! ---------------------------------------------------------------------------
    global_defs {
            ! this is who emails will go to on alerts
            notification_email {
                    test@126.com
                    ! add a few more email addresses here if you would like
            }
            notification_email_from test@126.com
    
            ! mail relay server
            smtp_server 127.0.0.1
            smtp_connect_timeout 30
    
            ! each load balancer should have a different ID
            ! this will be used in SMTP alerts, so you should make
            ! each router easily identifiable
            router_id LVS_4
            vrrp_mcast_group4 224.0.0.18
            lvs_sync_daemon eth1 VI1_LVS_NGX
            script_user root
    }
    vrrp_instance VI1_LVS_NGX {
            state MASTER
            interface eth1
            track_interface {
                    eth0
            }
            ! interface to run LVS sync daemon on
            ! lvs_sync_daemon_interface eth1
            !mcast_src_ip 192.168.1.106
            ! each virtual router id must be unique per instance name!
            virtual_router_id 4
            ! MASTER and BACKUP state are determined by the priority
            ! even if you specify MASTER as the state, the state will
            ! be voted on by priority (so if your state is MASTER but your
            ! priority is lower than the router with BACKUP, you will lose
            ! the MASTER state)
            ! I make it a habit to set priorities at least 50 points apart
            ! note that a lower number is lesser priority - lower gets less vote
            priority 100
            ! how often should we vote, in seconds?
            advert_int 1
            ! send an alert when this instance changes state from MASTER to BACKUP
            smtp_alert
            ! this authentication is for syncing between failover servers
            ! keepalived supports PASS, which is simple password
            ! authentication or AH, which is the IPSec authentication header.
            ! Don't use AH yet as many people have reported problems with it
            authentication {
                    auth_type PASS
                    auth_pass P@sROOT
            }
            ! these are the IP addresses that keepalived will setup on this
            ! machine. Later in the config we will specify which real
            ! servers  are behind these IPs without this block, keepalived
            ! will not setup and takedown any IP addresses
            virtual_ipaddress {
                    10.10.10.8/27 dev eth0
            }
            notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw"
            notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw"
    }
    

    backup

    [root@w107 ~]# more /etc/keepalived/keepalived.conf
    ! Configuration File for Keepalived
    ! ---------------------------------------------------------------------------
    ! GLOBAL
    ! ---------------------------------------------------------------------------
    global_defs {
            ! this is who emails will go to on alerts
            notification_email {
                    test@126.com
                    ! add a few more email addresses here if you would like
            }
            notification_email_from test@126.com
            ! mail relay server
            smtp_server 127.0.0.1
            smtp_connect_timeout 30
            ! each load balancer should have a different ID
            ! this will be used in SMTP alerts, so you should make
            ! each router easily identifiable
            router_id LVS_4
            vrrp_mcast_group4 224.0.0.18
            lvs_sync_daemon eth1 VI1_LVS_NGX
            script_user root
    }
    vrrp_instance VI1_LVS_NGX {
            state BACKUP
            interface eth1
            track_interface {
                    eth0
            }
            ! interface to run LVS sync daemon on
            ! lvs_sync_daemon_interface eth1
            !mcast_src_ip 192.168.1.107
            ! each virtual router id must be unique per instance name!
            virtual_router_id 4
            ! MASTER and BACKUP state are determined by the priority
            ! even if you specify MASTER as the state, the state will
            ! be voted on by priority (so if your state is MASTER but your
            ! priority is lower than the router with BACKUP, you will lose
            ! the MASTER state)
            ! I make it a habit to set priorities at least 50 points apart
            ! note that a lower number is lesser priority - lower gets less vote
            priority 90
            ! how often should we vote, in seconds?
            advert_int 1
            ! send an alert when this instance changes state from MASTER to BACKUP
            smtp_alert
            ! this authentication is for syncing between failover servers
            ! keepalived supports PASS, which is simple password
            ! authentication or AH, which is the IPSec authentication header.
            ! Don't use AH yet as many people have reported problems with it
            authentication {
                    auth_type PASS
                    auth_pass P@ssRoot
            }
            ! these are the IP addresses that keepalived will setup on this
            ! machine. Later in the config we will specify which real
            ! servers  are behind these IPs without this block, keepalived
            ! will not setup and takedown any IP addresses
            virtual_ipaddress {
                    10.10.10.8/27 dev eth0
            }
            notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw"
            notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw"
    }

    3、/etc/keepalived/keepalived_gw_route 脚本内容

    [root@w107 ~]# more /etc/keepalived/keepalived_gw_route
    #! /bin/bash
    #
    # keepalived_gw_route       Bring add/del gw/route for keepalived
    #
    # chkconfig: 2345 15 85
    # description: Add/Delete iptables rule for keepalived to start at boot time.
    #
    ### BEGIN INIT INFO
    # Provides: $keepalived_gw_route
    ### END INIT INFO
    # Source function library.
    . /etc/init.d/functions
    INTER_GW=10.10.10.7
    INTRA_GW=192.168.1.1
    INTER_DEV=eth0
    INTRA_DEV=eth1
    # ---------
    # functions
    # ---------
    message() { echo -e "$@"; }        # message - output message on stdout
    error() { echo -e "$@" >&2; }      # error - output message on stderr
    die() { error "$@"; exit 1; }   # die - output message on stderr and exit
    TO_INTER_GW()
    {
            ip route del default
            ip route add default via ${INTER_GW} dev ${INTER_DEV}
    }
    TO_INTRA_GW()
    {
            ip route del default
            ip route add default via ${INTRA_GW} dev ${INTRA_DEV}
    }
    status() {
            ip route show
    }
    case "$1" in
            to_inter_gw)
                    TO_INTER_GW
            ;;
            to_intra_gw)
                    TO_INTRA_GW
            ;;
            status)
                    status
            ;;
            *)
                    echo $"Usage: $0 {to_inter_gw|to_intra_gw|status}"
                    exit 1
    esac
    exit 0
    

    4、master和backup启动backup 就可以实现要求了。保证了公网地址的高可用,涉及后面的应用,需要自行再在master和backup配置。

    比如配置nginx代理这些。  

  • 相关阅读:
    syslog日志格式解析
    Linux打补丁的一个简单例子
    Linux打补丁的一些问题
    安全漏洞整改解决方案(很不错网络文章)
    Linux系统启动过程
    chkconfig命令主要用来更新(启动或停止)和查询系统服务的运行级信息
    主机名/etc/hosts文件的作用
    Linux中如何配置IP相关文件
    /bin、/sbin、/usr/bin、/usr/sbin目录Linux执行文档的区别
    日志生成控制文件syslog.conf
  • 原文地址:https://www.cnblogs.com/xzlive/p/12950845.html
Copyright © 2020-2023  润新知