使用KeepAlived来实现高可用的DR模型 (2)

Node02上

! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 50 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.98.100/24 dev ens33 label ens33:3 } } virtual_server 192.168.98.100 80 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 0 protocol TCP real_server 192.168.98.138 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 retry 3 delay_before_retry 3 } } real_server 192.168.98.139 80 { weight 1 HTTP_GET { url { path / status_code 200 } connect_timeout 3 retry 3 delay_before_retry 3 } } }

指定keepalived配置文件，在Node01和Node02上分别执行：

cd /usr/local/keepalived-2.2.2/etc/sysconfig

修改keepalived文件

# Options for keepalived. See `keepalived --help' output and keepalived(8) and # keepalived.conf(5) man pages for a list of all options. Here are the most # common ones : # # --vrrp -P Only run with VRRP subsystem. # --check -C Only run with Health-checker subsystem. # --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop. # --dont-release-ipvs -I Dont remove IPVS topology on daemon stop. # --dump-conf -d Dump the configuration data. # --log-detail -D Detailed log messages. # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON) # KEEPALIVED_OPTIONS="-D -f /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf"

在KEEPALIVED_OPTIONS中增加了-f选项，指定了keepalived.conf的位置

然后打开Node01和Node02的80端口访问权限，分别在Node01和Node02上执行如下命令

firewall-cmd --permanent --add-port=80/tcp firewall-cmd --reload 启动keepalived

在Node01上执行

systemctl start keepalived

验证：通过浏览器访问：

并且时不时刷新以下页面，可以显示如下结果：

在Node01上执行

ipvsadm -lnc

可以看到

在Node02上执行

systemctl start keepalived

然后在Node02上执行

ipvsadm -lnc

内容是空的，说明Node02是备用节点

此时，我们停掉Node01，在Node01上，执行

systemctl stop keepalived

继续访问浏览器，服务依旧可以访问

验证了主节点（Node01）挂了，备用节点（Node02）顶上这个情况

此时，在Node02上执行

ipvsadm -lnc

可以看到连接情况

说明备机正常提供了服务。

此时，再把主节点（Node01）启动起来，在Node01上执行：

systemctl restart keepalived

服务正常

在主节点（Node01）上执行

ipvsadm -lnc

显示出了连接

说明主节点已经恢复正常。