安装keepalived
1.下载keepalived
wget http://www.keepalived.org/software/keepalived-1.2.18.tar.gz
2.解压安装:
## 解压到/usr/local目录
tar -zxvf keepalived-1.2.18.tar.gz -C /usr/local/
3.下载插件openssl
yum install -y openssl openssl-devel
4.开始编译keepalived
cd /usr/local/keepalived-1.2.18/ && ./configure --prefix=/usr/local/keepalived
5.make一下
make && make install
安装好Keepalived之后,还需要安装Nginx,这里就不介绍Nginx如何安装了
keepalived安装成Linux系统服务
将keepalived安装成Linux系统服务实现开机自启,因为没有使用keepalived的默认安装路径(默认路径:/usr/local),安装完成之后,需要做一些修改工作:
## 首先创建文件夹,将keepalived配置文件进行复制
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
## 然后复制keepalived脚本文件
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/sbin/keepalived /usr/sbin/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
## 可以设置开机启动
chkconfig keepalived on
keepalived 常用命令
service keepalived start #启动keepalived
service keepalived stop #关闭keepalived
启动报错Starting keepalived (via systemctl): Job for keepalived.service failed. See ‘systemctl status keepalived.service’ and ‘journalctl -xn’ for details.
解决办法 :
cd /usr/sbin/
rm -f keepalived
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
主服务配置
以10.10.10.102为主服务器,修改/etc/keepalived/keepalived.conf
,内容如下
! Configuration File for keepalived
global_defs {
notification_email {
#acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
router_id LVS_129
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" ## 检测 nginx 状态的脚本路径
interval 3 # 检测时间间隔
weight -20 # 如果条件成立,权重-20
}
vrrp_instance VI_1 {
state MASTER # 来决定主从
interface p8p1 # 绑定虚拟 IP 的网络接口,根据自己的机器填写 (ip a命令查看)
virtual_router_id 99 # 虚拟路由的 ID 号(自定义), 两个节点设置必须一样
priority 100 # 节点优先级,主要比从节点优先级高
advert_int 1 # 组播信息发送间隔,两个节点设置必须一样,默认 1s
authentication {
auth_type PASS
auth_pass 123456
}
unicast_src_ip 10.10.10.102
unicast_peer {
10.10.10.44
}
virtual_ipaddress {
10.10.10.150
}
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
}
从服务器配置
以10.10.10.44为主服务器,修改/etc/keepalived/keepalived.conf
,内容如下
! Configuration File for keepalived
global_defs {
notification_email {
#acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
router_id LVS_129
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" ## 检测 nginx 状态的脚本路径
interval 3 ## 检测时间间隔
weight -20 ## 如果条件成立,权重-20
}
vrrp_instance VI_1 {
state BACKUP
interface p8p1
virtual_router_id 99
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
unicast_src_ip 10.10.10.44
unicast_peer {
10.10.10.102
}
virtual_ipaddress {
10.10.10.150
}
track_script {
chk_nginx ## 执行 Nginx 监控的服务
}
}
检查nginx脚本
#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
sleep 2
if [ `ps -C nginx --no-header | wc -l` -eq 0 ];then
killall keepalived
fi
fi
如果需要别的检查,也可以加到这里面来。
测试
记得关闭防火墙 systemctl stop firewalld
修改配置以后通过service keepalived start
启动Keepalived,在主服务器,通过ip addr
命令可以看到多了一个VIP(虚拟ip),即我们在配置文件virtual_ipaddress中设置的ip
2: p8p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 70:b5:e8:27:69:55 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.102/24 brd 10.10.10.255 scope global p8p1
valid_lft forever preferred_lft forever
inet 10.10.10.150/32 scope global p8p1
valid_lft forever preferred_lft forever
inet6 2409:8734:11:79:72b5:e8ff:fe27:6955/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::72b5:e8ff:fe27:6955/64 scope link
valid_lft forever preferred_lft forever
我们访问10.10.10.150,可以发现它到了10.10.10.102。
那么,我们使用service keepalived stop
将10.10.10.102的keepalived关闭。
我们访问10.10.10.150,可以发现它到了10.10.10.44。
强制主备切换
可以通过sentinel强制进行故障转移,及主动的主备切换,命令如下
sentinel failover mymaster