CentOS+Keepalived搭建主備雙網關

背景

公司有幾段公網是用雲主機做網關的，且與IDC互聯的是/30的一個IP。爲了業務可靠，避免網關單點問題，需要做主備兩個網關。主的宕機能自動切去備用網關。

施作方案

CentOS+Keepalived+float vip

開始部署

實驗環境拓撲圖如下所示：

一、配置CentOS雲主機

主要是開設兩臺Centos6.9雲主機，掛好兩個網卡，一個做WAN卡，一個做LAN卡。配置好IP地址，啓用路由轉發，iptables配置允許轉發。

此處不是重點，具體步驟不闡述。

二、安裝Keepalived並配置

Centos6.9下可以直接yum安裝，如果提示沒有找到包，可以先安裝epel源

yum install epel-release -y

yum install keepalived -y

接下來配置keepalived

Master配置如下：

vim /etc/keepalived/keepalived.conf

! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
     [email protected]
   }
   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id GW01
}

vrrp_script chk_maintainace {
        script "/etc/keepalived/health_check.sh"
        interval 3  
        weight -2
}

vrrp_instance VI_1 {
    state MASTER
    interface eth1
    virtual_router_id 51
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    track_script {
        chk_maintainace
    }
    virtual_ipaddress {
        192.168.10.254/24 dev eth1
	192.168.0.253/24 dev eth0
    }
    notify_master "/etc/keepalived/autosw.sh master"
    notify_backup "/etc/keepalived/autosw.sh backup"
    notify_fault "/etc/keepalived/autosw.sh fault"
}

Backup配置：

! Configuration File for keepalived

global_defs {
   notification_email {
     [email protected]
     [email protected]
     [email protected]
   }
   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id GW02
}

vrrp_script chk_maintainace {
        script "/etc/keepalived/health_check.sh"
        interval 3
        weight -2
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth1
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    track_script {
        chk_maintainace
    }
    virtual_ipaddress {
        192.168.10.254/24 dev eth1
        192.168.0.253/24 dev eth0
    }
    notify_master "/etc/keepalived/autosw.sh master"
    notify_backup "/etc/keepalived/autosw.sh backup"
    notify_fault "/etc/keepalived/autosw.sh fault"
}

解釋下上述配置的意思：

這邊是郵件通告的相關配置，此方案另有腳本方式郵件告警。

最下面是標識ID，根據不同角色區別開就好。

此處配置了一個網關機器健康檢查的腳本，每3秒檢查一次。出問題了的話，優先級降級2.

配置文件中會使用到的腳本內容

health_check.sh，腳本返回值爲1時，表明不健康。

###health_check.sh
#!/bin/bash
#

if [ "`ip addr show | grep 192.168.0.253`" == "" ] || [ "`ip addr show | grep 192.168.10.254`" == "" ];then
#	echo "$? Is Null"
	exit 1
else
#	echo "$? Not Null"
	exit 0
fi

autosw.sh，此腳本參考博文：https://blog.51cto.com/13520924/2094236

此腳本能生效的前提是，網關機器能成功發送郵件。本方案按照的是sendmail，然後在/etc/mail.rc最後面加上smtp信息

###autosw.sh
#!/bin/bash
#
contact='[email protected]'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac

三、啓動keepalived並設置開機自啓

分別在主備兩臺網關機器上面輸入下面指令

service keepalived start
chkconfig keepalived on

四、檢查浮動IP，以及自動切換功能

Master：

Backup：

給Master使點壞（關機或者ifdown一個網卡），觀察浮動IP和網絡穩定狀況

Master

Backup

ping出去發現主備網關切換的時候會有一個掉包

Master切換後有告警郵件

 Master網關恢復後，浮動IP也會自動切回。