安装步骤
- 在线安装
依赖: yum install -y gcc openssl-devel libnl3-devel net-snmp-devel
安装: yum install keepalived -y
- 离线安装
- 集群服务器都需做如下操作
- root用户 上传离线安装包至 /home/keepInstall
- 查询gcc ,执行命令: gcc -v 。
如果没有安装
进入rpm包目录 执行命令: cd /home/keepInstall/gcc
进行安装 执行命令: rpm -Uvh *.rpm --nodeps --force - 进入指定目录 执行命令:cd /home/keepInstall
安装libnl-devel 执行命令:rpm -ivh libnl-devel-1.1.4-3.el7.x86_64.rpm - 进入指定目录 执行命令:cd /home/keepInstall/openssl
安装openssl 执行命令:rpm -Uvh *.rpm --nodeps --force - 解压 执行命令:tar -xvf keepalived.tar
- 复制keepalived.service到系统目录
执行命令:cp /home/keepInstall/keepalived.service /usr/lib/systemd/system
安装包见连接:链接:https://pan.baidu.com/s/1R1tAMd4pKRkXIqGVlOuz3Q?pwd=lzw4
常用命令
一旦Keepalived安装和配置完成,你可以使用以下一些常用命令来管理Keepalived:
- 启动Keepalived服务:
sudo systemctl start keepalived
- 停止Keepalived服务:
sudo systemctl stop keepalived
- 重新启动Keepalived服务:
sudo systemctl restart keepalived
- 查看Keepalived服务状态:
sudo systemctl status keepalived
- 禁用Keepalived开机自启动:
sudo systemctl disable keepalived
- 启用Keepalived开机自启动:
sudo systemctl enable keepalived
- 查看日志:
tail -f /var/log/messages
这些命令可以帮助你启动、停止、重启、查看状态以及配置Keepalived的开机启动行为。根据你的需求,可以使用这些命令来管理Keepalived服务。
遇到问题
- localhost.localdomain Keepalived_vrrp[10842]: /etc/keepalived/check_nginx.sh exited with status 127
- 解决:将SELinux状态更改为permissive模式,命令为setenforce 0
注意:主机重启后得重新设置
- localhost.localdomain Keepalived_vrrp[11533]: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
- 解决:global_defs配置增加 script_user root
- localhost.localdomain Keepalived_vrrp[13195]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
- 解决:global_defs配置增加 enable_script_security
- localhost Keepalived_vrrp[14010]: Unknown keyword 'track_script{'
- 解决:virtual_ipaddress 和 ‘{’之间有空格
keepalive.conf配置文件
! Configuration File for keepalived
# 全局配置,路由ID,固定不变
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
## smtp_server 192.168.200.1
# smtp_connect_timeout 30
# 路由ID 全局配置,标识当前keepalived实例唯一性
router_id node105
#执行脚本的用户
script_user root
#安全策略
enable_script_security
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
# 定义Nginx状态脚本
vrrp_script chk_nginx {
script "/etc/keepalived/check_nginx.sh" #检测脚本
interval 2 # 间隔时间单位为秒,默认1秒
weight -5 # 权重当脚本成功或失败对当前节点的优先级是增加还是减少
}
# VRRP实例
vrrp_instance VI_1 {
# 主节点 集群角色状态,可选值MASTER(主)、BACKUP(从),必须大写。
state MASTER
# 绑定的网卡,使用ifconfig命令查看获取 ip addr show |grep "IP"
interface ens160
# 虚拟路由id,保证相同
virtual_router_id 51
# 优先级,抢占模式下优先级高的称为主
priority 101
# 指定发送VRRP通告的间隔。单位是秒
advert_int 1
#当前主机IP 安全检测
unicast_src_ip 10.210.21.105
#集群内其他主机IP
unicast_peer {
10.210.21.106
}
# 安全认证用的密码,自定义即可
authentication {
auth_type PASS
auth_pass 1111
}
# 对外暴露的VIP地址 虚拟出来的IP,集群内配置虚IP需保持一致
virtual_ipaddress {
10.210.21.200
}
# 指定Nginx执行状态脚本
track_script { #需要有空格
chk_nginx
}
}
nginx_check.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading | wc -l)
echo "thread count=" ${counter}
if [ "${counter}" = "0" ]; then
systemctl stop keepalived
fi