yum安装
yum -y install keepalived
配置文件:
/etc/keepalived/ keepalived.conf
日志文件:
/var/log/messages
注意:在启动之前,一定要配置下keepalived.conf文件
源码编译安装
安装依赖:
yum install curl gcc autoconf automake openssl-devel libnl3-devel \
iptables-devel ipset-devel net-snmp-devel libnfnetlink-devel file-devel
yum install glib2-devel
yum install json-c-devel
下载源码:
wget -c https://keepalived.org/software/keepalived-2.2.8.tar.gz
curl --progress https://keepalived.org/software/keepalived-2.2.8.tar.gz
解压源码:
tar -xvf keepalived-2.2.8.tar.gz
编译安装:
cd keepalived-2.2.8
./build_setup
./configure --prefix=/usr/local/keepalived-2.2.8
make && make install
设置自启动:
# 存储库安装
ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived
# 编译安装
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
# 开启自启
systemctl enable keepalived
keepalived基础运行环境配置
配置/etc/host文件:
10.1.1.11 web01.test.com
10.1.1.12 web02.test.com
10.1.1.13 mysql01.test.com
10.1.1.14 mysql02.test.com
停止NetworkManager:
systemctl stop NetworkManager
systemctl disable NetworkManager
开启时间同步:
ntpupdate cn.ntp.org.cn
keepalived.conf详解
! Configuration File for keepalived
#全局定义块
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
}
#指定发件人
notification_email_from smtp@test.com
#指定smtp服务器地址
smtp_server 10.1.1.200
#指定smtp连接超时时间
smtp_connect_timeout 30
#运行keepalived机器的名称
router_id LVS_DEVEL
# vrrp_strict # 不注释没法ping通vip,需要重启应用
}
#VRRP实例定义块
vrrp_instance Group1 { # 主备组名一致
#设置本机角色,MASTER|BACKUP
state MASTER
#对外提供服务的网络接口,要与本地的通信的接口一致
interface ens33
#VRID标记 ,路由ID,主备一致,可通过tcpdump命令查看
virtual_router_id 51
#优先级,高优先级竞选为master
priority 100
#健康检查间隔,默认1秒
advert_int 1
#设置认证
authentication {
#认证方式
auth_type PASS
#认证密码
auth_pass 1qaz@WSX
}
virtual_ipaddress {
10.1.1.20 #设置vip
}
}
keepalived基本操作命令
开启:systemctl start keepalived
停止:systemctl stop keepalived
重启:systemctl restart keepalived
查看状态:systemctl status keepalived
默认安装目录:/usr/local/keepalive
配置文件位置:/etc/keepalived/keepalived.conf
健康监测nginx
编写一个健康监测的脚本/sctipt/nginx.sh
#!/bin/bash
nginx_status='ps -C --no-header |wc -l'
if [ $nginx_status -eq 0 ]; then
systemctl stop keepalived
fi
在配置文件keepalived.conf中调用脚本
# 声明脚本
vrrp_script check_nginx{
script /script/nginx.sh
interval 3
}
# 调用脚本
vrrp_instance Group1{
track_script{
check_nginx
}
}
keepalive的非抢占模式
抢占与非抢占模式:
抢占:web01故障恢复后重新抢占获取VIP
非抢占:web01故障后不再抢占获取VIP,VIP长期在web02上,直至配置更改或web02故障
如何设置非抢占模式:
1.更改配置文件为非抢占模式
vrrp_instance Group1{
nopreempt
}
2.配置state角色都为BACKUP
vrrp_instance Group1{
state BACKUP
nopreempt
}
3.重启keepalive服务
systemctl restart keepalived
VIP脑裂
VIP脑裂的原因:最大的原因是没有关闭防火墙,或者是防火墙没有放通vrrp协议
抓包查看:
yum -y install tcpdump
tcpdump -i ens33 vrrp -n
可以看到正常情况下主机ip在跟vrrp组播地址通信,备机不会跟组播地址过多通信;如果发生脑裂所有机器都会抢占VIP,抓包查看会发现所有机器都跟组播地址通信。
生产环境防火墙放通vrrp协议:
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destnation 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload
组播改单播:
先注释vrrp_strict,接着在keepalive.conf配置文件中增加配置,然后重启应用
# vrrp_strict
vrrp_instance Group1{
unicast_src_ip 10.1.1.11
unicast_peer {
10.1.1.12
}
}
网友评论