Keepalived-配置虚拟路由器

#配置参数： state MASTER|BACKUP#当前节点在此虚拟路由器上的初始状态，状态为MASTER或者BACKUP interface IFACE_NAME #绑定为当前虚拟路由器使用的物理接口，如：ens32,eth0,bond0,br0 virtual_router_id VRID #每个虚拟路由器惟一标识，范围：0-255，每个虚拟路由器此值必须唯一，否则服务无法启动，同属一个虚拟路由器的多个keepalived节点必须相同 priority 100 #当前物理节点在此虚拟路由器的优先级，范围：1-254，每个keepalived主机节点此值不同 advert_int 1 #vrrp通告的时间间隔，默认1s authentication { #认证机制 auth_type AH|PASS auth_pass PASSWORD #预共享密钥，仅前8位有效，同一个虚拟路由器的多个keepalived节点必须一样 virtual_ipaddress { #虚拟IP IPADDR / MASK brd IPADDR dev STRING scope SCOPE label LABEL 192.168.200.100 #指定VIP，不指定网卡，默认为eth0,注意：不指定/prefix,默认为/32 192.168.200.101/24 dev eth1 #指定VIP的网卡 192.168.200.102/24 dev eth2 label eth2:1 #指定VIP的网卡label track_interface { #配置监控网络接口，一旦出现故障，则转为FAULT状态实现地址转移 eth0 eth1 }

范例：

[root@centos7 ~]#cat /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {

 notification_email {

 acassen@firewall.loc

 failover@firewall.loc

 sysadmin@firewall.loc

 notification_email_from Alexandre.Cassen@firewall.loc

 smtp_server 192.168.200.1

 smtp_connect_timeout 30

 router_id LVS_DEVEL

 vrrp_skip_check_adv_addr

 vrrp_strict #开启限制，会自动生效防火墙设置，导致无访问VIP

 vrrp_garp_interval 0

 vrrp_gna_interval 0

vrrp_instance VI_1 {

 state MASTER

 interface eth0

 virtual_router_id 80 #修改此行

 priority 100

 advert_int 1

 authentication {

 auth_type PASS

 auth_pass 1111

 virtual_ipaddress {

 192.168.200.16

 192.168.200.17

 192.168.200.18

[root@centos7 ~]#systemctl start keepalived.service 

[root@centos7 ~]#ip a

1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

 inet 127.0.0.1/8 scope host lo

 valid_lft forever preferred_lft forever

 inet6 ::1/128 scope host 

 valid_lft forever preferred_lft forever

2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

 link/ether 00:0c:29:33:b4:1a brd ff:ff:ff:ff:ff:ff

 inet 10.0.0.17/24 brd 10.0.0.255 scope global noprefixroute eth0

 valid_lft forever preferred_lft forever

 inet 192.168.200.16/32 scope global eth0

 valid_lft forever preferred_lft forever

 inet 192.168.200.17/32 scope global eth0

 valid_lft forever preferred_lft forever

 inet 192.168.200.18/32 scope global eth0

 valid_lft forever preferred_lft forever

 inet6 fe80::20c:29ff:fe33:b41a/64 scope link 

 valid_lft forever preferred_lft forever

[root@centos7 ~]#iptables -vnL

Chain INPUT (policy ACCEPT 59 packets, 3372 bytes)

 pkts bytes target prot opt in out source destination 

 0 0 DROP all -- * * 0.0.0.0/0 192.168.200.16 

 0 0 DROP all -- * * 0.0.0.0/0 192.168.200.17 

 0 0 DROP all -- * * 0.0.0.0/0 192.168.200.18 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target prot opt in out source destination 

Chain OUTPUT (policy ACCEPT 33 packets, 6940 bytes)

 pkts bytes target prot opt in out source destination 

[root@centos7 ~]#ping 192.168.200.16

PING 192.168.200.16 (192.168.200.16) 56(84) bytes of data.

--- 192.168.200.16 ping statistics ---

6 packets transmitted, 0 received, 100% packet loss, time 5002ms

[root@centos7 ~]#

# 如果是CentOS 8 ，会显示以下warning 

[root@centos8 ~]#iptables -vnL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target prot opt in out source destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target prot opt in out source destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target prot opt in out source destination 

# Warning: iptables-legacy tables present, use iptables-legacy to see them

#无法访问VIP

[root@centos8 ~]#ping 192.168.200.16

PING 192.168.200.16 (192.168.200.16) 56(84) bytes of data.

--- 192.168.200.16 ping statistics ---

6 packets transmitted, 0 received, 100% packet loss, time 143ms

本文链接：http://www.yunweipai.com/35369.html

52714.html

centosiptablesKeepalivedLVS