Detailed explanation and configuration of keepalived parameter

1. Back up the original configuration file

[root@lb01 ~]# cd /etc/keepalived/
[root@lb01 keepalived]# cp keepalived.conf keepalived.conf.backup

2. Parameter interpretation

[root@lb01 keepalived]# head -n 30 keepalived.conf|cat -n
     1  ! Configuration File for keepalived ###Notes
     2
     3  global_defs {###Global configuration
     4     notification_email { ###Destination address of mail sent in case of keepalived failure
     5       acassen@firewall.loc
     6       failover@firewall.loc
     7       sysadmin@firewall.loc
     8     }
     9     notification_email_from Alexandre.Cassen@firewall.loc       ###The source address of the message sent in case of keepalived failure
    10     smtp_server 192.168.200.1 ###Email smtp address
    11     smtp_connect_timeout 30 ###Connection smtp timeout
    12     router_id LVS_DEVEL
    13  }
    14
    15  vrrp_instance VI_1 {###Line 15-30 is an instance configuration, and VI? 1 is the instance name, which can be modified
    16      state MASTER ###Status, can be MASTER or BACKUP
    17      interface eth0 ###The network card of node IP, which is used to send VRRP packets.
    18      virtual_router_id 51###Instance ID
    19      priority 100 ###Priority, higher priority
    20      advert_int 1 ###Heartbeat interval. If the heartbeat is not received in one second, the standby node will take over
    21      authentication { ###Password authentication between services
    22          auth_type PASS
    23          auth_pass 1111
    24      }
    25      virtual_ipaddress {###vip binding, binding to the network card set by the interface
    26          192.168.200.16
    27          192.168.200.17
    28          192.168.200.18
    29      }
    30  }

3. configuration

3.1 lb-01 master node configuration

[root@lb01 keepalived]# ansible lb -m service -a "name=keepalived state=stopped"
[root@lb01 ~]# cat /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     123456-@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_01
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.100/24
    }

3.1 lb-02 standby node configuration

[root@lb02 ~]# cat /etc/keepalived/keepalived.conf    
global_defs {
   notification_email {
     123456-@qq.com
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_02
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.100/24
    }   

4. Start keepalived

[root@lb01 ~]# ansible lb -m service -a "name=keepalived state=started"

5. validation

[root@lb01 ~]# ansible lb -m shell -a "ip add|grep 10.0.0.100"
10.0.0.10 | SUCCESS | rc=0 >>
    inet 10.0.0.100/24 scope global secondary eth0

10.0.0.11 | FAILED | rc=1 >>
non-zero return code
===>Master only10Yes100Of IP´╝îThere is no standby node.

5.1 turn off the keepalived of the primary node and check whether the standby node takes over

[root@lb01 ~]# ansible 10.0.0.10 -m service -a "name=keepalived state=stopped"
10.0.0.10 | SUCCESS => {
    "changed": true, 
    "name": "keepalived", 
    "state": "stopped"
}
[root@lb01 ~]# ansible lb -m shell -a "ip add|grep 10.0.0.100"                
10.0.0.10 | FAILED | rc=1 >>
non-zero return code

10.0.0.11 | SUCCESS | rc=0 >>
    inet 10.0.0.100/24 scope global secondary eth0

5.2 turn on the primary node and check whether the standby node is released

[root@lb01 ~]# ansible 10.0.0.10 -m service -a "name=keepalived state=started"
10.0.0.10 | SUCCESS => {
    "changed": true, 
    "name": "keepalived", 
    "state": "started"
}
[root@lb01 ~]# ansible lb -m shell -a "ip add|grep 10.0.0.100"
10.0.0.11 | SUCCESS | rc=0 >>
    inet 10.0.0.100/24 scope global secondary eth0

10.0.0.10 | FAILED | rc=1 >>
non-zero return code

Tags: ansible firewall shell network

Posted on Wed, 01 Jan 2020 18:38:03 -0500 by TheMD