keepalived的双节点及邮件通知实战案例

作者：尹正杰

版权声明：原创作品，谢绝转载！否则将追究法律责任。

一.配置邮件通知

1>.在QQ邮箱中获取授权码(依次点击"设置" ---> "账户" ---> "生成授权码"),如下图所示。

2>.配置发件人信息

[root@node102.yinzhengjie.org.cn ~]# tail -7  /etc/mail.rc 
#Add by Yinzhengjie
set from=1053419035@qq.com
set smtp=smtp.qq.com
set smtp-auth-user=1053419035@qq.com
set smtp-auth-password=xmwzfttagtlsbefd
set smtp-auth=login
set ssl-verify=ignore
[root@node102.yinzhengjie.org.cn ~]#

3>.编写邮件通知的shell脚本

[root@node102.yinzhengjie.org.cn ~]# vim /etc/keepalived/notify.sh 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/notify.sh 
#!/bin/bash
#
#********************************************************************
#Author:        yinzhengjie
#QQ:             1053419035
#Date:             2019-11-23
#FileName：        shell/menu.sh
#URL:             http://www.cnblogs.com/yinzhengjie
#Description：        The test script
#Copyright notice:     original works, no reprint! Otherwise, legal liability will be investigated.
#********************************************************************

contact='1053419035@qq.com'

function notify() {
    mailsubject="$(hostname) to be $1, vip转移"
    mailbody="$(date +'%F %T'): VRRP Transition, $(hostname) changed to be $1"
    echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
    master)
        notify master
        ;;
    backup)
        notify backup
        ;;
    fault)
        notify fault
        ;;
    *)
        echo "Usage: $(basename$0) {master|backup|fault}"
        exit 100
        ;;
esac
[root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh 
-rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh
[root@node102.yinzhengjie.org.cn ~]#

4>.为脚本添加执行权限

[root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh 
-rw-r--r-- 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# chmod +x /etc/keepalived/notify.sh 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ll /etc/keepalived/notify.sh 
-rwxr-xr-x 1 root root 945 Jan 10 11:40 /etc/keepalived/notify.sh
[root@node102.yinzhengjie.org.cn ~]#

[root@node102.yinzhengjie.org.cn ~]# scp /etc/keepalived/notify.sh node103.yinzhengjie.org.cn:/etc/keepalived/
The authenticity of host 'node103.yinzhengjie.org.cn (172.30.1.103)' can't be established.
ECDSA key fingerprint is SHA256:auvfSu0iwTr185exd1pfdhwkXf9wkA8VTXwYx8JrM1c.
ECDSA key fingerprint is MD5:ae:6b:0f:b6:0c:05:bb:b8:a4:fe:02:dc:70:42:4f:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node103.yinzhengjie.org.cn,172.30.1.103' (ECDSA) to the list of known hosts.
root@node103.yinzhengjie.org.cn's password: 
notify.sh                                                                                                      100%  945     1.1MB/s   00:00    
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

[root@node102.yinzhengjie.org.cn ~]# scp /etc/keepalived/notify.sh node103.yinzhengjie.org.cn:/etc/keepalived/　　　　　　　　　　　　#将邮件发送脚本拷贝到另一台keepalived服务器上。

[root@node102.yinzhengjie.org.cn ~]# scp /etc/mail.rc node103.yinzhengjie.org.cn:/etc/
root@node103.yinzhengjie.org.cn's password: 
mail.rc                                                                                                        100% 2155     2.4MB/s   00:00    
[root@node102.yinzhengjie.org.cn ~]#

[root@node102.yinzhengjie.org.cn ~]# scp /etc/mail.rc node103.yinzhengjie.org.cn:/etc/　　　　　　　　　　　　　　　　　　　　　　　　　　 #别忘记把该配置文件也拷贝过去，否则会出现邮箱发送不出的情况。

5>.测试脚本是否可以正常调用

[root@node102.yinzhengjie.org.cn ~]# /etc/keepalived/notify.sh master　　　　　　　　　　　　#调用脚本如果可以在邮箱看到消息说明脚本是没有问题的，如下图所示。
[root@node102.yinzhengjie.org.cn ~]#

二.Keepalived通知配置

1>.实验架构说明

node102.yinzhengjie.org.cn
　　keepalived的master节点，可以将优先级调高。  
node102.yinzhengjie.org.cn  
　　keepalived的backup节点，可以将优先级调低

2>.编辑"node102.yinzhengjie.org.cn"节点的keepalived配置文件

[root@node102.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

#上一行是注释信息，global_defs则定义全局配置。
global_defs {
   #声明虚拟路标识符，一般会写当前主机名称
   router_id node102.yinzhengjie.org.cn
   #所有报文都检查比较消耗性能，此配置为如果收到的报文和上一个报文是同一个路由器发出的则跳过检查报文中的源地址。
   vrrp_skip_check_adv_addr
   #禁用防火墙策略,keepalived默认启动时会自动生成iptables策略，因此我们启用此项就可以不生成iptables的策略。
   vrrp_iptables
   #严格遵守VRRP协议,即不允许以下三种状况:
   #    1>.没有VIP地址;
   #    2>.单播邻居;
   #    3>.在VRRP版本2中有IPv6地址;
   #
   #由于我下面配置基于单播地址发送消息,因此我这里手动禁用了严格模式，直接注释即可。
   #vrrp_strict
   #ARP报文发送延迟时间,0表示不延迟。
   vrrp_garp_interval 0
   #消息发送延迟,0表示不延迟。
   vrrp_gna_interval 0
}

#使用vrrp_instance指令定义一个VIP实例名称,我这里自定义VIP实例的名称为"VIP01",生产环境建议该名称和业务相结合。
vrrp_instance VIP01 {
    #指定当前实例默认角色,当前节点在此虚拟路由器上的初始状态，状态为MASTER或者BACKUP
    state BACKUP
    #定义工作模式为非抢占模式(即当master重启,VIP会飘移到其它节点,重启完成后并不会将vip抢过来),需要两个keepalived的state的值均为"BACKUP",让它们根
据个节点的优先级选择对应的master    nopreempt 
    #定义VIP绑定的本地接口的名称(该接口名称必须在当前节点存在哟~),即绑定为当前虚拟路由器使用的物理接口
    interface eth1
    #定义当前虚拟路由器惟一标识,该id的范围是0-255,注意，用一组keepalived的id编号必须要一致哟~
    virtual_router_id 27
    #当前物理节点在此虚拟路由器中的优先级；范围1-254
    priority 150
    #定义vrrp通告的时间间隔，默认1s
    advert_int 2
    #指定单播地址的源地址,需要禁用严格模式"vrrp_strict"
    unicast_src_ip 172.30.1.102
    #指定单播地址的对端地址
    unicast_peer {
        172.30.1.103
    }  
    #定义认证机制
    authentication {
        #指定认证类型
        auth_type PASS
        #指定认证密码,仅前8位有效哟~
        auth_pass yinzhengjie
    }
    #指定具体的虚拟IP地址,可以指定多个。
    virtual_ipaddress {
        172.30.1.100 dev eth1 label eth1:0
        172.30.1.200 dev eth1 label eth1:1
    }
    #定义通知脚本,当前节点成为主节点时触发的脚本
    notify_master "/etc/keepalived/notify.sh master"
    #定义通知脚本,当前节点转为备节点时触发的脚本
    notify_backup "/etc/keepalived/notify.sh backup"
    #定义通知脚本,当前节点转为“失败”状态时触发的脚本
    notify_fault "/etc/keepalived/notify.sh fault"
}
[root@node102.yinzhengjie.org.cn ~]#

3>.编辑"node103.yinzhengjie.org.cn"节点的keepalived配置文件**

[root@node103.yinzhengjie.org.cn ~]# cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

#上一行是注释信息，global_defs则定义全局配置。
global_defs {
   #声明虚拟路标识符，一般会写当前主机名称,需要保证该id在局域网唯一。
   router_id node103.yinzhengjie.org.cn
   #所有报文都检查比较消耗性能，此配置为如果收到的报文和上一个报文是同一个路由器发出的则跳过检查报文中的源地址。
   vrrp_skip_check_adv_addr
   #禁用防火墙策略,keepalived默认启动时会自动生成iptables策略，因此我们启用此项就可以不生成iptables的策略。
   vrrp_iptables
   #严格遵守VRRP协议,即不允许以下三种状况:
   #    1>.没有VIP地址;
   #    2>.单播邻居;
   #    3>.在VRRP版本2中有IPv6地址;
   #
   #由于我下面配置基于单播地址发送消息,因此我这里手动禁用了严格模式，直接注释即可。
   #vrrp_strict
   #ARP报文发送延迟时间,0表示不延迟。
   vrrp_garp_interval 0
   #消息发送延迟,0表示不延迟。
   vrrp_gna_interval 0
}

#使用vrrp_instance指令定义一个VIP实例名称,我这里自定义VIP实例的名称为"VIP01",生产环境建议该名称和业务相结合。
vrrp_instance VIP01 {
    #指定当前实例默认角色,当前节点在此虚拟路由器上的初始状态，状态为MASTER或者BACKUP
    state BACKUP
    #定义VIP绑定的本地接口的名称(该接口名称必须在当前节点存在哟~),即绑定为当前虚拟路由器使用的物理接口
    interface eth1
    #定义当前虚拟路由器惟一标识,该id的范围是0-255,注意，用一组keepalived的id编号必须要一致哟~
    virtual_router_id 27
    #当前物理节点在此虚拟路由器中的优先级；范围1-254
    priority 50
    #定义vrrp通告的时间间隔，默认1s
    advert_int 2
    #指定单播地址的源地址,需要禁用严格模式"vrrp_strict"
    unicast_src_ip 172.30.1.103
    #指定单播地址的对端地址
    unicast_peer {
        172.30.1.102
    }  
    #定义认证机制
    authentication {
        #指定认证类型
        auth_type PASS
        #指定认证密码,仅前8位有效哟~
        auth_pass yinzhengjie
    }
    #指定具体的虚拟IP地址,可以指定多个。
    virtual_ipaddress {
        172.30.1.100 dev eth1 label eth1:0
        172.30.1.200 dev eth1 label eth1:1
    }
    #定义通知脚本,当前节点成为主节点时触发的脚本
    notify_master "/etc/keepalived/notify.sh master"
    #定义通知脚本,当前节点转为备节点时触发的脚本
    notify_backup "/etc/keepalived/notify.sh backup"
    #定义通知脚本,当前节点转为“失败”状态时触发的脚本
    notify_fault "/etc/keepalived/notify.sh fault"
}
[root@node103.yinzhengjie.org.cn ~]#

4>**.启动"node102.yinzhengjie.org.cn"的keepalived**

[root@node102.yinzhengjie.org.cn ~]# systemctl start keepalived
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        ether 08:00:27:50:b8:26  txqueuelen 1000  (Ethernet)
        RX packets 357  bytes 27759 (27.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 250  bytes 23932 (23.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.102  netmask 255.255.255.0  broadcast 172.30.1.255
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)
        RX packets 29200  bytes 2421303 (2.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28635  bytes 3498739 (3.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)

eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.200  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2420  bytes 254094 (248.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2420  bytes 254094 (248.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node102.yinzhengjie.org.cn ~]#

5>.再启动"node103.yinzhengjie.org.cn"

[root@node103.yinzhengjie.org.cn ~]# systemctl start keepalived
[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        ether 08:00:27:ef:75:60  txqueuelen 1000  (Ethernet)
        RX packets 4779  bytes 706794 (690.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5111  bytes 479741 (468.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.103  netmask 255.255.255.0  broadcast 172.30.1.255
        ether 08:00:27:3a:da:a7  txqueuelen 1000  (Ethernet)
        RX packets 20684  bytes 1564433 (1.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21348  bytes 4782063 (4.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node103.yinzhengjie.org.cn ~]# 
[root@node103.yinzhengjie.org.cn ~]#

三.验证keepalived的VIP飘逸及邮箱通知

1>.重启"node102.yinzhengjie.org.cn"的keepalived服务

[root@node102.yinzhengjie.org.cn ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        ether 08:00:27:50:b8:26  txqueuelen 1000  (Ethernet)
        RX packets 357  bytes 27759 (27.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 250  bytes 23932 (23.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.102  netmask 255.255.255.0  broadcast 172.30.1.255
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)
        RX packets 29247  bytes 2424639 (2.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28818  bytes 3514371 (3.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)

eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.200  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2434  bytes 255550 (249.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2434  bytes 255550 (249.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# systemctl restart keepalived
[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        ether 08:00:27:50:b8:26  txqueuelen 1000  (Ethernet)
        RX packets 382  bytes 29660 (28.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 267  bytes 25561 (24.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.102  netmask 255.255.255.0  broadcast 172.30.1.255
        ether 08:00:27:1d:d2:80  txqueuelen 1000  (Ethernet)
        RX packets 29303  bytes 2429195 (2.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28871  bytes 3525795 (3.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2436  bytes 255758 (249.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2436  bytes 255758 (249.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node102.yinzhengjie.org.cn ~]# 
[root@node102.yinzhengjie.org.cn ~]#

[root@node102.yinzhengjie.org.cn ~]# systemctl restart keepalived

2>.vip飘向了"node103.yinzhengjie.org.cn"节点

[root@node103.yinzhengjie.org.cn ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        ether 08:00:27:ef:75:60  txqueuelen 1000  (Ethernet)
        RX packets 4840  bytes 714090 (697.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5167  bytes 485000 (473.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.103  netmask 255.255.255.0  broadcast 172.30.1.255
        ether 08:00:27:3a:da:a7  txqueuelen 1000  (Ethernet)
        RX packets 20865  bytes 1576103 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21496  bytes 4797151 (4.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.100  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:3a:da:a7  txqueuelen 1000  (Ethernet)

eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.1.200  netmask 255.255.255.255  broadcast 0.0.0.0
        ether 08:00:27:3a:da:a7  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node103.yinzhengjie.org.cn ~]#

[root@node103.yinzhengjie.org.cn ~]# ifconfig

3>.观察QQ邮箱，发现的确收到了告警信息