keepalived简介
keepalive是一款可以实现高可靠的软件,通常部署在2台服务器上,分为一主一备。Keepalived可以对本机上的进程进行检测,一旦Master(主)检测出某个进程出现问题,将自己切换成Backup(副)状态,然后通知另外一个节点切换成Master(主)状态。
下载、安装
# 将keepalived解压到/usr/local目录下
tar -zxvf keepalived-2.0.11.tar.gz -C /usr/local
# 进入到/usr/local/keepalived-2.0.11目录
cd /usr/local/keepalived-2.0.11
# 开始configure
./configure --prefix=/usr/local/keepalived
#编译并安装
make && make install
出现以下信息表示编译成功
Keepalived configuration
------------------------
Keepalived version : 2.0.11
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use JSON output : No
libnl version : 1
Use IPv4 devconf : No
Use iptables : Yes
Use libiptc : No
Use libipset : No
Use nftables : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : No
编译可能出现的问题
- 问题1:
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
执行yum命令yum -y install libnl libnl-devel解决上述警告问题
yum -y install libnl libnl-devel
- 问题2:
configure: error: in `/usr/local/keepalived-2.0.11':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
缺少C编译器 安装GCC软件套件 yum install gcc
yum install gcc
- 问题3
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
[root@dajia keepalived-2.0.11]#
yum -y install openssl-devel
安装完成以后,重新执行configure ... 命令
将keepalived添加到系统服务中
| 路径 | 说明 |
|---|---|
| /usr/local/keepalived-2.0.10 | 解压后源码存放路径 |
| /usr/local/keepalived | 安装目录 |
# 拷贝执行文件
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
# 将初始化脚本拷贝到系统初始化目录下
cp /usr/local/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/init.d/
# 将keepalived配置文件拷贝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# 创建keepalived文件夹
mkdir /etc/keepalived/
# 将keepalived配置文件拷贝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# 添加可执行权限
chmod +x /etc/init.d/keepalived
# 添加keepalived到开机启动
chkconfig --add keepalived
chkconfig keepalived on
此时已加入系统服务 可使用services 启动
#启动
service keepalived start
#停止
service keepalived stop
#重启
service keepalived restart
#查看启动情况
ps -aux |grep keepalived
配置keepalived虚拟IP
- 修改刚添加到系统的配置文件:vi /etc/keepalived/keepalived.conf
注意 是系统的配置文件(/etc/keepalived/keepalived.conf)
注意 是系统的配置文件(/etc/keepalived/keepalived.conf)
注意 是系统的配置文件(/etc/keepalived/keepalived.conf)
不是安装目录/usr/local...下的
因为这个问题我找的好辛苦!!!
- 找到虚拟路由节点 vrrp_instance(Virtual Router Redundancy Protocol)
vrrp_instance VI_1 {
state MASTER //MASTER主节点,备用节点上设置为state BACKUP
interface ens33 //绑定虚拟机IP的网卡 两个节点设置一样 根据 ipaddr换成对应的网卡地址
virtual_router_id 51 //VRRP组名,主副节点设置必须一样,指名各个节点属于同一个VRRP组,同一个组的节点互相抢IP
priority 100 //优先级(1~254之间),备用节点必须比主节点优先级低
advert_int 1 //组播信息发送间隔,两个节点设置必须一样
authentication { //设置验证信息, 两个节点设置必须一样,用于节点间信息转发时的加密
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { // 虚拟IP两个节点设置必须一样,两节点同时抢一个io
192.168.33.60/24 // 如果两个nginx的ip分别是192.168.33.61,,...62,则此处的虚拟ip跟它俩同一个网段即可 24代表3个255的子网掩码
}
}
如果要 ping 192.168.33.60 还需要注释掉配置文件中的# vrrp_strict
遇到的问题
- 主备都抢到了虚拟ip
采用tcpdump抓包定位问题,以下是在192.168.93.141 主节点的抓包结果
tcpdump -i ens33 vrrp -n
192.168.93.141主服务器
以下是在10.11.4.187 备节点的抓包结果
tcpdump -i ens33 vrrp -n
10.11.4.187备用服务器
由上图可以看到,192.168.93.140和192.168.93.141两个IP在轮流发送组播信号。而正常的应该是由MASTER服务器发送组播,如果BACKUP收不到MASTER的组播信号了,那么判定MASTER宕机了,BACKUP就会接手VIP
问题就是出现在了防火墙这里,防火墙阻止了vrrp组包发送
如果是Firewalld防火墙 则主、备都运行下面的命令
[root@dajia sysconfig]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --protocol vrrp -j ACCEPT
success
[root@dajia sysconfig]# firewall-cmd --reload
success
配置Keepalived监听Nginx
修改系统的配置文件(vi /etc/keepalived/keepalived.conf)
- 添加Nginx心跳检测脚本 vrrp_script check_nginx_alive
- 在vrrp_instance VI_1中加入track_script 调用check_nginx_alive每隔1秒检查Nginx状态
- 在vrrp_instance VI_1中为keepalived 三个状态接口 notify_master , notify_backup, notify_fault添加脚本/usr/local/keepalived/sbin/notify.sh (当keepalived状态改变时调用相同脚本但传入不同参数)
vrrp_script check_nginx_alive {
script "[[ `ps -ef | grep nginx | grep -v grep | wc -l` -ge 2 ]] && exit 0 || exit 1"
interval 1 #每隔1秒执行上述的脚本,检查ngnix状态
weight -2 #宕机一次将自身权重减2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.93.180/24
}
# 新增检测Nginx脚本 自定义脚本名check_nginx_alive
track_script {
check_nginx_alive
}
# keepalived 三个接口,当状态改变时执行用户自定义脚本
notify_master "/usr/local/keepalived/sbin/notify.sh master"
notify_backup "/usr/local/keepalived/sbin/notify.sh backup"
notify_fault "/usr/local/keepalived/sbin/notify.sh fault"
}
添加切换通知脚本
vi /usr/local/keepalived/sbin/notify.sh
#!/bin/bash
case "$1" in
master)
echo 'Usage:notify.sh {master}'
/usr/mysoftware/nginx/sbin/nginx
exit 0
;;
backup)
echo 'Usage:notify.sh {backup}'
/usr/mysoftware/nginx/sbin/nginx -s stop
/usr/mysoftware/nginx/sbin/nginx
exit 0
;;
fault)
echo 'Usage:notify.sh {fault}'
/usr/mysoftware/nginx/sbin/nginx -s stop
exit 0
;;
*)
echo 'Usage:notify.sh {master|backup|fault}'
exit 1
;;
esac
添加执行权限!!!
chmod +x /usr/local/keepalived/sbin/notify.sh
如果遇到nginx无法被脚本调用, 可直接运行 /usr/local/keepalived/sbin/notify.sh master 查看是否有echo输出
在第主、备机器上添加notify.sh脚本
分别启动主、备keepalived (此时两台机器的Nginx也启动了 )
结束备Nginx 与主Keepalived,当备切换为主时会再次启动Nginx
网友评论