keepalived的双节点及邮件通知实战案例
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.配置邮件通知
1>.在QQ邮箱中获取授权码(依次点击"设置" ---> "账户" ---> "生成授权码"),如下图所示。
2>.配置发件人信息
[root@node102.yinzhengjie.org.cn ~]# tail -7 /etc/mail.rc #Add by Yinzhengjie set from=1053419035@qq.com set smtp=smtp.qq.com set smtp-auth-user=1053419035@qq.com set smtp-auth-password=xmwzfttagtlsbefd set smtp-auth=login set ssl-verify=ignore [root@node102.yinzhengjie.org.cn ~]#
3>.编写邮件通知的shell脚本
[root@node102.yinzhengjie.org.cn ~]# vim /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/notify.sh #!/bin/bash # #******************************************************************** #Author: yinzhengjie #QQ: 1053419035 #Date: 2019-11-23 #FileName: shell/menu.sh #URL: http://www.cnblogs.com/yinzhengjie #Description: The test script #Copyright notice: original works, no reprint! Otherwise, legal liability will be investigated. #******************************************************************** contact='1053419035@qq.com' function notify() { mailsubject="$(hostname) to be $1, vip转移" mailbody="$(date +'%F %T'): VRRP Transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename$0) {master|backup|fault}" exit 100 ;; esac [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]#
4>.为脚本添加执行权限
[root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# chmod +x /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh -rwxr-xr-x 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh [root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# scp /etc/keepalived/notify.sh node103.yinzhengjie.org.cn:/etc/keepalived/ The authenticity of host 'node103.yinzhengjie.org.cn (172.30.1.103)' can't be established. ECDSA key fingerprint is SHA256:auvfSu0iwTr185exd1pfdhwkXf9wkA8VTXwYx8JrM1c. ECDSA key fingerprint is MD5:ae:6b:0f:b6:0c:05:bb:b8:a4:fe:02:dc:70:42:4f:1e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node103.yinzhengjie.org.cn,172.30.1.103' (ECDSA) to the list of known hosts. root@node103.yinzhengjie.org.cn's password: notify.sh 100% 945 1.1MB/s 00:00 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# scp /etc/mail.rc node103.yinzhengjie.org.cn:/etc/ root@node103.yinzhengjie.org.cn's password: mail.rc 100% 2155 2.4MB/s 00:00 [root@node102.yinzhengjie.org.cn ~]#
5>.测试脚本是否可以正常调用
[root@node102.yinzhengjie.org.cn ~]# /etc/keepalived/notify.sh master #调用脚本如果可以在邮箱看到消息说明脚本是没有问题的,如下图所示。 [root@node102.yinzhengjie.org.cn ~]#
二.Keepalived通知配置
1>.实验架构说明
node102.yinzhengjie.org.cn
keepalived的master节点,可以将优先级调高。
node102.yinzhengjie.org.cn
keepalived的backup节点,可以将优先级调低
2>.编辑"node102.yinzhengjie.org.cn"节点的keepalived配置文件
[root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived #上一行是注释信息,global_defs则定义全局配置。 global_defs { #声明虚拟路标识符,一般会写当前主机名称 router_id node102.yinzhengjie.org.cn #所有报文都检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器发出的则跳过检查报文中的源地址。 vrrp_skip_check_adv_addr #禁用防火墙策略,keepalived默认启动时会自动生成iptables策略,因此我们启用此项就可以不生成iptables的策略。 vrrp_iptables #严格遵守VRRP协议,即不允许以下三种状况: # 1>.没有VIP地址; # 2>.单播邻居; # 3>.在VRRP版本2中有IPv6地址; # #由于我下面配置基于单播地址发送消息,因此我这里手动禁用了严格模式,直接注释即可。 #vrrp_strict #ARP报文发送延迟时间,0表示不延迟。 vrrp_garp_interval 0 #消息发送延迟,0表示不延迟。 vrrp_gna_interval 0 } #使用vrrp_instance指令定义一个VIP实例名称,我这里自定义VIP实例的名称为"VIP01",生产环境建议该名称和业务相结合。 vrrp_instance VIP01 { #指定当前实例默认角色,当前节点在此虚拟路由器上的初始状态,状态为MASTER或者BACKUP state BACKUP #定义工作模式为非抢占模式(即当master重启,VIP会飘移到其它节点,重启完成后并不会将vip抢过来),需要两个keepalived的state的值均为"BACKUP",让它们根 据个节点的优先级选择对应的master nopreempt #定义VIP绑定的本地接口的名称(该接口名称必须在当前节点存在哟~),即绑定为当前虚拟路由器使用的物理接口 interface eth1 #定义当前虚拟路由器惟一标识,该id的范围是0-255,注意,用一组keepalived的id编号必须要一致哟~ virtual_router_id 27 #当前物理节点在此虚拟路由器中的优先级;范围1-254 priority 150 #定义vrrp通告的时间间隔,默认1s advert_int 2 #指定单播地址的源地址,需要禁用严格模式"vrrp_strict" unicast_src_ip 172.30.1.102 #指定单播地址的对端地址 unicast_peer { 172.30.1.103 } #定义认证机制 authentication { #指定认证类型 auth_type PASS #指定认证密码,仅前8位有效哟~ auth_pass yinzhengjie } #指定具体的虚拟IP地址,可以指定多个。 virtual_ipaddress { 172.30.1.100 dev eth1 label eth1:0 172.30.1.200 dev eth1 label eth1:1 } #定义通知脚本,当前节点成为主节点时触发的脚本 notify_master "/etc/keepalived/notify.sh master" #定义通知脚本,当前节点转为备节点时触发的脚本 notify_backup "/etc/keepalived/notify.sh backup" #定义通知脚本,当前节点转为“失败”状态时触发的脚本 notify_fault "/etc/keepalived/notify.sh fault" } [root@node102.yinzhengjie.org.cn ~]#
3>.编辑"node103.yinzhengjie.org.cn"节点的keepalived配置文件
[root@node103.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived #上一行是注释信息,global_defs则定义全局配置。 global_defs { #声明虚拟路标识符,一般会写当前主机名称,需要保证该id在局域网唯一。 router_id node103.yinzhengjie.org.cn #所有报文都检查比较消耗性能,此配置为如果收到的报文和上一个报文是同一个路由器发出的则跳过检查报文中的源地址。 vrrp_skip_check_adv_addr #禁用防火墙策略,keepalived默认启动时会自动生成iptables策略,因此我们启用此项就可以不生成iptables的策略。 vrrp_iptables #严格遵守VRRP协议,即不允许以下三种状况: # 1>.没有VIP地址; # 2>.单播邻居; # 3>.在VRRP版本2中有IPv6地址; # #由于我下面配置基于单播地址发送消息,因此我这里手动禁用了严格模式,直接注释即可。 #vrrp_strict #ARP报文发送延迟时间,0表示不延迟。 vrrp_garp_interval 0 #消息发送延迟,0表示不延迟。 vrrp_gna_interval 0 } #使用vrrp_instance指令定义一个VIP实例名称,我这里自定义VIP实例的名称为"VIP01",生产环境建议该名称和业务相结合。 vrrp_instance VIP01 { #指定当前实例默认角色,当前节点在此虚拟路由器上的初始状态,状态为MASTER或者BACKUP state BACKUP #定义VIP绑定的本地接口的名称(该接口名称必须在当前节点存在哟~),即绑定为当前虚拟路由器使用的物理接口 interface eth1 #定义当前虚拟路由器惟一标识,该id的范围是0-255,注意,用一组keepalived的id编号必须要一致哟~ virtual_router_id 27 #当前物理节点在此虚拟路由器中的优先级;范围1-254 priority 50 #定义vrrp通告的时间间隔,默认1s advert_int 2 #指定单播地址的源地址,需要禁用严格模式"vrrp_strict" unicast_src_ip 172.30.1.103 #指定单播地址的对端地址 unicast_peer { 172.30.1.102 } #定义认证机制 authentication { #指定认证类型 auth_type PASS #指定认证密码,仅前8位有效哟~ auth_pass yinzhengjie } #指定具体的虚拟IP地址,可以指定多个。 virtual_ipaddress { 172.30.1.100 dev eth1 label eth1:0 172.30.1.200 dev eth1 label eth1:1 } #定义通知脚本,当前节点成为主节点时触发的脚本 notify_master "/etc/keepalived/notify.sh master" #定义通知脚本,当前节点转为备节点时触发的脚本 notify_backup "/etc/keepalived/notify.sh backup" #定义通知脚本,当前节点转为“失败”状态时触发的脚本 notify_fault "/etc/keepalived/notify.sh fault" } [root@node103.yinzhengjie.org.cn ~]#
4>.启动"node102.yinzhengjie.org.cn"的keepalived
[root@node102.yinzhengjie.org.cn ~]# systemctl start keepalived [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 357 bytes 27759 (27.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 250 bytes 23932 (23.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29200 bytes 2421303 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28635 bytes 3498739 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2420 bytes 254094 (248.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2420 bytes 254094 (248.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]#
5>.再启动"node103.yinzhengjie.org.cn"
[root@node103.yinzhengjie.org.cn ~]# systemctl start keepalived [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:ef:75:60 txqueuelen 1000 (Ethernet) RX packets 4779 bytes 706794 (690.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5111 bytes 479741 (468.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.103 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) RX packets 20684 bytes 1564433 (1.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21348 bytes 4782063 (4.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]#
三.验证keepalived的VIP飘逸及邮箱通知
1>.重启"node102.yinzhengjie.org.cn"的keepalived服务
[root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 357 bytes 27759 (27.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 250 bytes 23932 (23.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29247 bytes 2424639 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28818 bytes 3514371 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2434 bytes 255550 (249.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2434 bytes 255550 (249.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# systemctl restart keepalived [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:50:b8:26 txqueuelen 1000 (Ethernet) RX packets 382 bytes 29660 (28.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 267 bytes 25561 (24.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.102 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:1d:d2:80 txqueuelen 1000 (Ethernet) RX packets 29303 bytes 2429195 (2.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28871 bytes 3525795 (3.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 2436 bytes 255758 (249.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2436 bytes 255758 (249.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]#
2>.vip飘向了"node103.yinzhengjie.org.cn"节点
[root@node103.yinzhengjie.org.cn ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:ef:75:60 txqueuelen 1000 (Ethernet) RX packets 4840 bytes 714090 (697.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5167 bytes 485000 (473.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.103 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) RX packets 20865 bytes 1576103 (1.5 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21496 bytes 4797151 (4.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.100 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.200 netmask 255.255.255.255 broadcast 0.0.0.0 ether 08:00:27:3a:da:a7 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@node103.yinzhengjie.org.cn ~]#
3>.观察QQ邮箱,发现的确收到了告警信息
