背景:
两台服务器,只有一个公网地址。实现公网地址高可用,做网关使用,使得内网主机能够上外网。
实现:
两台服务器上都开启公网和内网两个网卡,通过keepalived 实现公网IP地址高可用。
具体配置如下:
master和backup网卡配置情况
master
[root@w106 keepalived]
DEVICE=eth0
HWADDR=a6:ba:02:79:7c:e3
TYPE=Ethernet
UUID=602ffeba-811a-432e-9744-3503cb451d7f
ONBOOT=yes
NM_CONTROLLED=yes
[root@w106 keepalived]
DEVICE=eth1
HWADDR=ca:db:6b:f6:f4:b3
TYPE=Ethernet
UUID=cb26518e-4093-4f27-addf-b651c5fce7fa
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.106
NETMASK=255.255.255.0
backup
[root@w107 ~]
DEVICE=eth0
HWADDR=32:ea:97:67:36:e9
TYPE=Ethernet
UUID=602ffeba-811a-432e-9744-3503cb451d7f
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
[root@w107 ~]
DEVICE=eth1
HWADDR=fe:41:f2:d1:2e:77
TYPE=Ethernet
UUID=cb26518e-4093-4f27-addf-b651c5fce7fa
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.107
NETMASK=255.255.255.0
keepalived的配置文件
master
[root@w106 keepalived]# more keepalived.conf
! Configuration File for Keepalived
! ---------------------------------------------------------------------------
! GLOBAL
! ---------------------------------------------------------------------------
global_defs {
! this is who emails will go to on alerts
notification_email {
test@126.com
! add a few more email addresses here if you would like
}
notification_email_from test@126.com
! mail relay server
smtp_server 127.0.0.1
smtp_connect_timeout 30
! each load balancer should have a different ID
! this will be used in SMTP alerts, so you should make
! each router easily identifiable
router_id LVS_4
vrrp_mcast_group4 224.0.0.18
lvs_sync_daemon eth1 VI1_LVS_NGX
script_user root
}
vrrp_instance VI1_LVS_NGX {
state MASTER
interface eth1
track_interface {
eth0
}
! interface to run LVS sync daemon on
! lvs_sync_daemon_interface eth1
!mcast_src_ip 192.168.1.106
! each virtual router id must be unique per instance name!
virtual_router_id 4
! MASTER and BACKUP state are determined by the priority
! even if you specify MASTER as the state, the state will
! be voted on by priority (so if your state is MASTER but your
! priority is lower than the router with BACKUP, you will lose
! the MASTER state)
! I make it a habit to set priorities at least 50 points apart
! note that a lower number is lesser priority - lower gets less vote
priority 100
! how often should we vote, in seconds?
advert_int 1
! send an alert when this instance changes state from MASTER to BACKUP
smtp_alert
! this authentication is for syncing between failover servers
! keepalived supports PASS, which is simple password
! authentication or AH, which is the IPSec authentication header.
! Don
authentication {
auth_type PASS
auth_pass P@sROOT
}
! these are the IP addresses that keepalived will setup on this
! machine. Later in the config we will specify which real
! servers are behind these IPs without this block, keepalived
! will not setup and takedown any IP addresses
virtual_ipaddress {
10.10.10.8/27 dev eth0
}
notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw"
notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw"
}
backup
[root@w107 ~]# more /etc/keepalived/keepalived.conf
! Configuration File for Keepalived
! ---------------------------------------------------------------------------
! GLOBAL
! ---------------------------------------------------------------------------
global_defs {
! this is who emails will go to on alerts
notification_email {
test@126.com
! add a few more email addresses here if you would like
}
notification_email_from test@126.com
! mail relay server
smtp_server 127.0.0.1
smtp_connect_timeout 30
! each load balancer should have a different ID
! this will be used in SMTP alerts, so you should make
! each router easily identifiable
router_id LVS_4
vrrp_mcast_group4 224.0.0.18
lvs_sync_daemon eth1 VI1_LVS_NGX
script_user root
}
vrrp_instance VI1_LVS_NGX {
state BACKUP
interface eth1
track_interface {
eth0
}
! interface to run LVS sync daemon on
! lvs_sync_daemon_interface eth1
!mcast_src_ip 192.168.1.107
! each virtual router id must be unique per instance name!
virtual_router_id 4
! MASTER and BACKUP state are determined by the priority
! even if you specify MASTER as the state, the state will
! be voted on by priority (so if your state is MASTER but your
! priority is lower than the router with BACKUP, you will lose
! the MASTER state)
! I make it a habit to set priorities at least 50 points apart
! note that a lower number is lesser priority - lower gets less vote
priority 90
! how often should we vote, in seconds?
advert_int 1
! send an alert when this instance changes state from MASTER to BACKUP
smtp_alert
! this authentication is for syncing between failover servers
! keepalived supports PASS, which is simple password
! authentication or AH, which is the IPSec authentication header.
! Don
authentication {
auth_type PASS
auth_pass P@ssRoot
}
! these are the IP addresses that keepalived will setup on this
! machine. Later in the config we will specify which real
! servers are behind these IPs without this block, keepalived
! will not setup and takedown any IP addresses
virtual_ipaddress {
10.10.10.8/27 dev eth0
}
notify_master "/etc/keepalived/keepalived_gw_route to_inter_gw"
notify_backup "/etc/keepalived/keepalived_gw_route to_intra_gw"
}
sh脚本内容
/etc/keepalived/keepalived_gw_route
[root@w107 ~]
. /etc/init.d/functions
INTER_GW=10.10.10.7
INTRA_GW=192.168.1.1
INTER_DEV=eth0
INTRA_DEV=eth1
message() { echo -e "$@"; }
error() { echo -e "$@" >&2; }
die() { error "$@"; exit 1; }
TO_INTER_GW()
{
ip route del default
ip route add default via ${INTER_GW} dev ${INTER_DEV}
}
TO_INTRA_GW()
{
ip route del default
ip route add default via ${INTRA_GW} dev ${INTRA_DEV}
}
status() {
ip route show
}
case "$1" in
to_inter_gw)
TO_INTER_GW
;;
to_intra_gw)
TO_INTRA_GW
;;
status)
status
;;
*)
echo $"Usage: $0 {to_inter_gw|to_intra_gw|status}"
exit 1
esac
exit 0
master和backup启动keepalived 就可以实现要求了。
保证了公网地址的高可用,涉及后面的应用,需要自行再在master和backup配置。
比如配置nginx代理这些。
