keepalived通过浮动IP实现数据库、应用、文件服务器高可用还是蛮方便的。但只能使用root用户正常启动,而mysql、tomcat等普通应用在管理规范的环境下是不允许使用root安装管理的。
这里使用普通用户安装keepalived,通过root用户修改系统配置,让普通用户能使用:systemctl start keepalived和systemctl stop keepalived来管理。
安装过程:注意root用户和普通用户执行的命令
[root@localhost ~]# mount /dev/sr0 /cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum -y install openssl-devel.x86_64
Loaded plugins: fastestmirror
Determining fastest mirrors
c7-media
[root@localhost ~]# chown dongzw:dongzw -R /data
[dongzw@localhost ~]$ cd /data/
[dongzw@localhost data]$ ls
apps fdfs mysql
[dongzw@localhost data]$ tar -xf ~/keepalived-2.0.20.tar.gz
[dongzw@localhost data]$ ls
apps fdfs keepalived-2.0.20 mysql
[dongzw@localhost data]$ cd keepalived-2.0.20/
指定安装目录
[dongzw@localhost keepalived-2.0.20]$ ./configure --prefix=/data/keepalived
[dongzw@localhost keepalived-2.0.20]$ echo $?
0
[dongzw@localhost keepalived-2.0.20]$ make
..........
[dongzw@localhost keepalived-2.0.20]$ echo $?
0
开始安装,注意普通用户在这步会因为权限不足而报错
[dongzw@localhost keepalived-2.0.20]$ make install
make[3]: Entering directory `/data/keepalived-2.0.20/keepalived'
/usr/bin/mkdir -p '/data/keepalived/sbin'
/usr/bin/install -c keepalived '/data/keepalived/sbin'
/usr/bin/mkdir -p '/data/keepalived/etc/keepalived'
/usr/bin/install -c -m 644 etc/keepalived/keepalived.conf '/data/keepalived/etc/keepalived'
/usr/bin/mkdir -p '/data/keepalived/etc/sysconfig'
/usr/bin/install -c -m 644 etc/sysconfig/keepalived '/data/keepalived/etc/sysconfig'
/usr/bin/mkdir -p '/usr/lib/systemd/system'
/usr/bin/install -c -m 644 keepalived.service '/usr/lib/systemd/system'
/usr/bin/install: cannot create regular file ‘/usr/lib/systemd/system/keepalived.service’: Permission denied
make[3]: *** [install-systemdsystemunitDATA] Error 1
make[3]: Leaving directory `/data/keepalived-2.0.20/keepalived'
make[2]: *** [install-am] Error 2
make[2]: Leaving directory `/data/keepalived-2.0.20/keepalived'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/data/keepalived-2.0.20/keepalived'
make: *** [install-recursive] Error 1
以上异常是要把keepalived.service放到/usr/lib/systemd/system目录,因权限不足导致失败。
在解压目录找到此文件后,使用root用户复制过去即可。
[dongzw@localhost keepalived-2.0.20]$ find ./ -name keepalived.service
./keepalived/keepalived.service
[root@localhost ~]# cp /data/keepalived-2.0.20/keepalived/keepalived.service /usr/lib/systemd/system/keepalived.service
到此已经安装完成keepalived,接下来需要配置keepalived.conf
[dongzw@localhost keepalived]$ find /data/keepalived -name keepalived.conf
/data/keepalived/etc/keepalived/keepalived.conf
这里只为演示,只要配置最成最简单的模式,指定浮动ip为192.168.128.131,启动后能ping通浮动ip即达到目的。
[dongzw@localhost keepalived]$ vi /data/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.128.131
}
}
需要把配置文件放在:/etc/keepalived 目录,这得要root来操作。
[root@localhost ~]# mkdir /etc/keepalived/
[root@localhost ~]# cp /data/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
普通用户启动需要输入root密码:
[dongzw@localhost keepalived]$ systemctl start keepalived
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
启动后:
查看进程:
[dongzw@localhost keepalived]$ ps aux|grep keep
root 7415 0.0 0.0 43996 684 ? Ss 12:38 0:00 /data/keepalived/sbin/keepalived -D
root 7416 0.0 0.0 43996 1156 ? S 12:38 0:00 /data/keepalived/sbin/keepalived -D
dongzw 7419 0.0 0.0 112708 972 pts/1 S+ 12:38 0:00 grep --color=auto keep
查看ip:
[dongzw@localhost keepalived]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b8:bd:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.128.129/24 brd 192.168.128.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.128.131/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb8:bd1c/64 scope link
valid_lft forever preferred_lft forever
此时可以ping通192.168.128.131,程序已经安装完成。虚拟机上可克隆一台软虚拟机,启动keepalived,通过kill进程来模拟浮动ip漂移的过程,注意keepalived.conf配置里的virtual_router_id 51要配置成一致,才能代表同一监控实例
如果浮动IP在每台主机上都生效,说明广播被防火墙拦截了,需要添加放行规则(centos7),执行下面的命令:
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload
ens33为网卡名称
reload防火墙后,在任意一台执行停止keepalived:systemctl stop keepalived,另一台上查看ip:ip a 应看到浮动ip已经转移生效。
有时候systemctl stop keepalived不能停止进程的处理:
vi /usr/lib/systemd/system/keepalived.service
注释掉 #KillMode=process
保存退出。
改了service文件需要使用systemctl daemon-reload来重读配置
使用root用户可以指定配置文件及pid启动keepalived
/data/keepalived/sbin/keepalived -f /data/keepalived/etc/keepalived/keepalived.conf -p /data/keepalived/keepalived.pid -r /data/keepalived/vrrp.pid -D
把keepalived注册为系统服务:
(centos6下)
[root@localhost etc]# cp /data/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[root@localhost etc]# cp /data/keepalived/sbin/keepalived /sbin/
[root@localhost etc]# ln -s /usr/sbin/keepalived /usr/sbin/
centos7下只需要
cp /data/keepalived-2.0.20/keepalived/keepalived.service /usr/lib/systemd/system/keepalived.service
cp /data/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
设置自动启动:
[root@localhost data]# systemctl list-unit-files|grep keepalived
[root@localhost data]# chkconfig keepalived on
使用root用户修改系统配置,让普通用户能启停服务:
[root@localhost ~]# vi /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy
<action id="org.freedesktop.systemd1.manage-units">
<description>Manage system services or units</description>
...................
<!--
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
-->
把org.freedesktop.systemd1.manage-units节点下,defaults下的auth_admin修改为yes
<defaults>
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
重起polkit之后普通用户即可执行systemctl start/stop xxx服务了
[root@localhost ~]# systemctl restart polkit
完整的配置及监控mysql、nginx脚本请参看后续内容。