配置主keepalived
客户端关闭防火墙与SELINUX
[root@master ~]# systemctl stop firewalld.service
[root@master ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# setenforce 0
[root@master ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@master ~]#
客户端配置网络源
[root@master ~]# dnf -y install epel-release
[root@master ~]# dnf list all |grep keepalived
keepalived.x86_64 2.1.5-6.el8 AppStream
[root@master ~]#
客户端安装keepalived
[root@master ~]# dnf -y install keepalived
客户端查看安装生成的文件
[root@master ~]# rpm -ql keepalived
/etc/keepalived //配置目录
/etc/keepalived/keepalived.conf //此为主配置文件
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service //此为服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
.....此处省略N行
用同样的方法在备服务器上安装keepalived
服务端关闭防火墙与SELINUX
[root@client ~]# systemctl stop firewalld.service
[root@client ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@client ~]# setenforce 0
[root@client ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@client ~]#
服务端配置网络源
[root@client ~]# dnf -y install epel-release
[root@client ~]# dnf list all |grep keepalived
keepalived.x86_64 2.1.5-6.el8 AppStream
[root@client ~]#
服务端安装keepalived
[root@client ~]# dnf -y install keepalived
在主备机上分别安装nginx
在master上安装nginx
[root@master ~]# dnf -y install nginx
[root@master ~]# cd /usr/share/nginx/html/
[root@master html]# ls
404.html 50x.html index.html nginx-logo.png poweredby.png
[root@master html]# echo 'master' > index.html
[root@master html]# systemctl start nginx
[root@master html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@master html]# systemctl enable nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@master html]#
[root@master html]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# mv keepalived.conf{,-bak} //备份
[root@master keepalived]# ls
keepalived.conf-bak
[root@master keepalived]#
在client上安装nginx
[root@client ~]# dnf -y install nginx
[root@client ~]# cd /usr/share/nginx/html/
[root@client html]# echo 'client' > index.html
[root@client html]# systemctl start nginx
[root@client html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@client html]# cd /etc/keepalived/
[root@client keepalived]# ls
keepalived.conf
[root@client keepalived]# mv keepalived.conf{,-bak}
[root@client keepalived]# ls
keepalived.conf-bak
[root@client keepalived]#
在浏览器上访问试试,确保master上的nginx服务能够正常访问
keepalived配置
配置主keepalived
[root@master keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass wangqing
}
virtual_ipaddress {
192.168.64.250
}
}
virtual_server 192.168.64.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.64.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.64.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master keepalived]# systemctl start keepalived
[root@master keepalived]# systemctl enable --now keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@master keepalived]#
查看VIP在哪里
在MASTER上查看
[root@master keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c1:8f:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.64.128/24 brd 192.168.64.255 scope global dynamic noprefixroute ens33
valid_lft 1104sec preferred_lft 1104sec
inet 192.168.64.250/32 scope global ens33 //可以看到此处有VIP
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec1:8f69/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@master keepalived]#
两边配置差不多所有把master传到client去
[root@master keepalived]# scp keepalived.conf 192.168.64.130:/etc/keepalived/
The authenticity of host '192.168.64.130 (192.168.64.130)' can't be established.
ECDSA key fingerprint is SHA256:5X7DlYJCT8dxCmkIYVfWqepLlRloj2IeAnIrJFlRqNo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.64.130' (ECDSA) to the list of known hosts.
root@192.168.64.130's password:
keepalived.conf 100% 866 658.1KB/s 00:00
[root@master keepalived]#
到client中修改一下刚刚传过来得文件
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state CLIENT
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass wangqing
}
virtual_ipaddress {
192.168.64.250
}
}
virtual_server 192.168.64.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.64.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.64.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@client keepalived]# systemctl enable --now keepalived.service
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
[root@client keepalived]#
在SLAVE上查看
[root@client keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:3e:3f:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.64.130/24 brd 192.168.64.255 scope global dynamic noprefixroute ens33
valid_lft 1499sec preferred_lft 1499sec
inet6 fe80::20c:29ff:fe3e:3f78/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:9b:19:ae:bc brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@client keepalived]#
让keepalived监控nginx负载均衡机
keepalived通过脚本来监控nginx负载均衡机的状态
在master上编写脚本
[root@master ~]# cd /scripts/
[root@master scripts]# ls
#!/bin/bash
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# chmod +x check_nginx.sh
[root@master scripts]# ll
total 4
-rwxr-xr-x. 1 root root 142 Oct 9 00:14 check_nginx.sh
[root@master scripts]#
[root@master scripts]# vi notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
;;
client)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|client VIP"
;;
esac
[root@master scripts]# chmod +x notify.sh
[root@master scripts]# ll
total 8
-rwxr-xr-x. 1 root root 142 Oct 9 00:14 check_nginx.sh
-rwxr-xr-x. 1 root root 434 Oct 9 00:22 notify.sh
[root@master scripts]#
在slave上编写脚本
[root@master scripts]# scp notify.sh 192.168.64.130:/scripts/
root@192.168.64.130's password:
notify.sh 100% 434 403.3KB/s 00:00
[root@master scripts]#
[root@client ~]# cd /scripts/
[root@client scripts]#
[root@client scripts]# ls
notify.sh
配置keepalived加入监控脚本的配置
配置主keepalived
[root@master ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script nginx_check {
script "/scripts/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wangqing
}
virtual_ipaddress {
192.168.64.250
}
track_script {
nginx_check
}
notify_master "/scripts/notify.sh master 192.168.64.250"
notify_backup "/scripts/notify.sh backup 192.168.64.250"
}
virtual_server 192.168.64.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.64.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.64.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master ~]# systemctl restart keepalived
配置备keepalived
backup无需检测nginx是否正常,当升级为MASTER时启动nginx,当降级为BACKUP时关闭
[root@client ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass wangqing
}
virtual_ipaddress {
192.168.64.250
}
notify_master "/scripts/notify.sh master 192.168.64.250"
notify_backup "/scripts/notify.sh backup 192.168.64.250"
}
virtual_server 192.168.64.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.64.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.64.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@client ~]# systemctl restart keepalived