keepalived vip做网关
背景:
两台vm,只有一个公网地址。实现公网地址vip。
实现:
两台vm上都开启公网和内网两个网卡
具体配置如下:
1、master和backup网卡配置情况
master
[root@w106 keepalived]# more /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=a6:ba:02:79:7c:e3 TYPE=Ethernet UUID=602ffeba-811a-432e-9744-3503cb451d7f ONBOOT=yes NM_CONTROLLED=yes [root@w106 keepalived]# more /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 HWADDR=ca:db:6b:f6:f4:b3 TYPE=Ethernet UUID=cb26518e-4093-4f27-addf-b651c5fce7fa ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.1.106 NETMASK=255.255.255.0
backup
[root@w107 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=32:ea:97:67:36:e9 TYPE=Ethernet UUID=602ffeba-811a-432e-9744-3503cb451d7f ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none [root@w107 ~]# more /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 HWADDR=fe:41:f2:d1:2e:77 TYPE=Ethernet UUID=cb26518e-4093-4f27-addf-b651c5fce7fa ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.1.107 NETMASK=255.255.255.0
2、keepalived的配置文件
master
[root@w106 keepalived]# more keepalived.conf ! Configuration File for Keepalived ! --------------------------------------------------------------------------- ! GLOBAL ! --------------------------------------------------------------------------- global_defs { ! this is who emails will go to on alerts notification_email { test@126.com ! add a few more email addresses here if you would like } notification_email_from test@126.com ! mail relay server smtp_server 127.0.0.1 smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable router_id LVS_4 vrrp_mcast_group4 224.0.0.18 lvs_sync_daemon eth1 VI1_LVS_NGX script_user root } vrrp_instance VI1_LVS_NGX { state MASTER interface eth1 track_interface { eth0 } ! interface to run LVS sync daemon on ! lvs_sync_daemon_interface eth1 !mcast_src_ip 192.168.1.106 ! each virtual router id must be unique per instance name! virtual_router_id 4 ! MASTER and BACKUP state are determined by the priority ! even if you specify MASTER as the state, the state will ! be voted on by priority (so if your state is MASTER but your ! priority is lower than the router with BACKUP, you will lose ! the MASTER state) ! I make it a habit to set priorities at least 50 points apart ! note that a lower number is lesser priority - lower gets less vote priority 100 ! how often should we vote, in seconds? advert_int 1 ! send an alert when this instance changes state from MASTER to BACKUP smtp_alert ! this authentication is for syncing between failover servers ! keepalived supports PASS, which is simple password ! authentication or AH, which is the IPSec authentication header. ! Don't use AH yet as many people have reported problems with it authentication { auth_type PASS auth_pass P@sROOT } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs without this block, keepalived ! will not setup and takedown any IP addresses virtual_ipaddress { 10.10.10.8/27 dev eth0 } notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw" notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw" }
backup
[root@w107 ~]# more /etc/keepalived/keepalived.conf ! Configuration File for Keepalived ! --------------------------------------------------------------------------- ! GLOBAL ! --------------------------------------------------------------------------- global_defs { ! this is who emails will go to on alerts notification_email { test@126.com ! add a few more email addresses here if you would like } notification_email_from test@126.com ! mail relay server smtp_server 127.0.0.1 smtp_connect_timeout 30 ! each load balancer should have a different ID ! this will be used in SMTP alerts, so you should make ! each router easily identifiable router_id LVS_4 vrrp_mcast_group4 224.0.0.18 lvs_sync_daemon eth1 VI1_LVS_NGX script_user root } vrrp_instance VI1_LVS_NGX { state BACKUP interface eth1 track_interface { eth0 } ! interface to run LVS sync daemon on ! lvs_sync_daemon_interface eth1 !mcast_src_ip 192.168.1.107 ! each virtual router id must be unique per instance name! virtual_router_id 4 ! MASTER and BACKUP state are determined by the priority ! even if you specify MASTER as the state, the state will ! be voted on by priority (so if your state is MASTER but your ! priority is lower than the router with BACKUP, you will lose ! the MASTER state) ! I make it a habit to set priorities at least 50 points apart ! note that a lower number is lesser priority - lower gets less vote priority 90 ! how often should we vote, in seconds? advert_int 1 ! send an alert when this instance changes state from MASTER to BACKUP smtp_alert ! this authentication is for syncing between failover servers ! keepalived supports PASS, which is simple password ! authentication or AH, which is the IPSec authentication header. ! Don't use AH yet as many people have reported problems with it authentication { auth_type PASS auth_pass P@ssRoot } ! these are the IP addresses that keepalived will setup on this ! machine. Later in the config we will specify which real ! servers are behind these IPs without this block, keepalived ! will not setup and takedown any IP addresses virtual_ipaddress { 10.10.10.8/27 dev eth0 } notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw" notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw" }
3、/etc/keepalived/keepalived_gw_route 脚本内容
[root@w107 ~]# more /etc/keepalived/keepalived_gw_route #! /bin/bash # # keepalived_gw_route Bring add/del gw/route for keepalived # # chkconfig: 2345 15 85 # description: Add/Delete iptables rule for keepalived to start at boot time. # ### BEGIN INIT INFO # Provides: $keepalived_gw_route ### END INIT INFO # Source function library. . /etc/init.d/functions INTER_GW=10.10.10.7 INTRA_GW=192.168.1.1 INTER_DEV=eth0 INTRA_DEV=eth1 # --------- # functions # --------- message() { echo -e "$@"; } # message - output message on stdout error() { echo -e "$@" >&2; } # error - output message on stderr die() { error "$@"; exit 1; } # die - output message on stderr and exit TO_INTER_GW() { ip route del default ip route add default via ${INTER_GW} dev ${INTER_DEV} } TO_INTRA_GW() { ip route del default ip route add default via ${INTRA_GW} dev ${INTRA_DEV} } status() { ip route show } case "$1" in to_inter_gw) TO_INTER_GW ;; to_intra_gw) TO_INTRA_GW ;; status) status ;; *) echo $"Usage: $0 {to_inter_gw|to_intra_gw|status}" exit 1 esac exit 0
4、master和backup启动backup 就可以实现要求了。保证了公网地址的高可用,涉及后面的应用,需要自行再在master和backup配置。
比如配置nginx代理这些。