Web Nginx Intranet: 10.16.8.8/10.16.8.9
Keepalived Intranet: 10.16.8.10 (ka67)/10.16.8.11 (ka68)
Keepalived public network: 172.16.8.10/172.16.8.11
Keepalived Intranet VIP: 10.16.8.100/10.16.8.101
Keepalived public network VIP: 172.16.8.100/172.16.8.101
OS:CentOS Linux release 7.4.1708 (Core)
Install keepalived.
Time synchronization.
Set SELinux and firewall.
Between each other
/etc/hosts Add the opposite host name to the file (optional).
Confirm that the network interface supports multicast (multicast) by default.
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state MASTER interface eth0 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state BACKUP interface eth0 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
global_defs { notification_email { root@localhost } notification_email_from ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_1 { state BACKUP interface eth0 virtual_router_id 191 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" } vrrp_instance Internal_2 { state MASTER interface eth0 virtual_router_id 192 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault" }
$ vim /usr/local/keepalived/etc/keepalived/notify.sh
#!/ bin/bash # contact=' root@localhost ' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup systemctl start nginx #After configuring here, the Nginx service can automatically start if it hangs ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac
[ root@ka67 ~]# systemctl start keepalived
[ root@ka67 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever
172.16.8.100/32
172.16.8.101/32
10.16.8.100/32
10.16.8.101/32
[ root@ka68 ~]# systemctl start keepalived
[ root@ka68 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:79 brd ff:ff:ff:ff:ff:ff inet 172.16.8.11/24 brd 103.28.204.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::3d2c:ecdc:5e6d:70ba/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:82 brd ff:ff:ff:ff:ff:ff inet 10.16.8.11/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::4fb3:d0a8:f08c:4536/64 scope link valid_lft forever preferred_lft forever
172.16.8.101/32
10.16.8.101/32
[ root@ka67 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever
[ root@ka67 ~]# tcpdump -nn -i eth1 host 224.0.0.111
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes 02:00:15.690389 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:15.692654 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:16.691552 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:16.693814 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:17.692710 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20
$ yum install epel-release -y $ yum install nginx -y
$ echo "Server 10.16.8.8" > /usr/share/nginx/html/index.html $ echo "Server 10.16.8.9" > /usr/share/nginx/html/index.html
$ curl //10.16.8.8 Server 10.16.8.8
$ yum install nginx psmisc -y
$ mv /etc/nginx/conf.d/default.conf{,.bak} $ mv /etc/nginx/nginx.conf{,.bak}
$ vim /etc/nginx/nginx.conf
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; upstream webserverapps { server 10.16.8.8:80; server 10.16.8.9:80; #server 127.0.0.1:8080 backup; } server { listen 80; server_name _; location / { proxy_pass //webserverapps; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; add_header Access-Control-Allow-Origin *; } } }
$ systemctl restart nginx
[ root@ka67 ~]# for i in `seq 10`; do curl 10.16.8.10; done Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.9 Server 10.16.8.9
vrrp_script chk_nginx { script "killall -0 nginx" interval 2 weight -10 fall 2 rise 2 }
track_script { chk_nginx }
... vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } track_script { chk_nginx } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_"/usr/local/keepalived/etc/keepalived/notify.sh fault" } ...
$ systemctl stop keepalived $ systemctl start keepalived