keepalived官网地址:
keepalived下载地址:
https://keepalived.org/software/keepalived-2.2.7.tar.gz
keepalived安装步骤:
cd /usr/local/src
# 下载keepalived安装包
wget https://keepalived.org/software/keepalived-2.2.7.tar.gz
tar zxvf keepalived-2.2.7.tar.gz
cd keepalived-2.2.7
./configure --prefix=/usr/local/keepalived
make && make install
安装完成界面
配置默认路径
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/src/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/init.d/
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
配置文件修改:
vi /etc/keepalived/keepalived.conf
vrrp_instance VIP_1 { ### 实例名称,VIP_1即实例名
state MASTER ### 标记该节点是主节点(master)
interface ens33 ### 配置vip绑定的网卡,ens33是网卡名,按照实际情况修改成你自己(网卡名查询:ifconfig)。vip指的是虚拟ip地址
virtual_router_id 51 ### 取1-255之间的值,主备节点的值需要设置成一样的,成为一个组
priority 100 ### 权重,该数值最大的节点即为主节点
advert_int 1 ### 主备节点之间通讯的时间间隔(单位:秒),用于判断主节点是否存活
authentication {
auth_type PASS ### 认证方式
auth_pass 123456 ### 认证密码
}
virtual_ipaddress {
192.168.159.199 ### vip地址
}
}
启动命令
启动 keepalived:
systemctl start keepalived
重启 keepalived:
systemctl restart keepalived
停止 keepalived:
systemctl stop keepalived
查看日志:
tail -f /var/log/messages
设置开机启动
systemctl enable keepalived.service
查看运行状态:
systemctl status keepalived.service
问题与解决一:
需要安装OpenSSL
在线安装openssl
#Ubuntu
sudo apt-get install openssl-devel
#CentOS
sudo yum -y install openssl-devel
离线安装openssl
#1、下载
wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
#2、解压并切换目录
tar -zxvf openssl-1.1.1.tar.gz
cd openssl-1.1.1
#3、设定Openssl 安装,( --prefix )参数为欲安装之目录,也就是安装后的档案会出现在该目录下
./config --prefix=/usr/ no-zlib
#4、执行make、make install,编译Openssl
make & make install
#5:查看版本号:
openssl version
如果出现:Operating system: x86_64-whatever-linux2 You need Perl 5.
需要安装Perl 5 网址https://www.cpan.org/src/README.html:
安装步骤:
wget https://www.cpan.org/src/5.0/perl-5.30.1.tar.gz
tar -xzf perl-5.30.1.tar.gz
cd perl-5.30.1
./Configure -des -Dprefix=$HOME/localperl
make
make test
make install
问题与解决二:
keepalived --check-config -f /etc/keepalived/keepalived.conf
问题与解决三:
解决:需要安装gcc
在线安装 yum install gcc
离线安装
rpm -ivh --force --nodeps gcc-4.8.5-44.el7.x86_64.rpm cpp-4.8.5-44.el7.x86_64.rpm glibc-devel-2.17-317.el7.x86_64.rpm libgcc-4.8.5-44.el7.x86_64.rpm libgomp-4.8.5-44.el7.x86_64.rpm mpfr-3.1.1-4.el7.x86_64.rpm libmpc-1.0.1-3.el7.x86_64.rpm glibc-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm kernel-headers-3.10.0-1160.el7.x86_64.rpm
问题与解决四:
防火墙开启导致keepalived之间无法通讯
解决方法:防火墙开启vrrp协议
#开启vrrp协议
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
# 重启防火墙
systemctl restart firewalld
说明:系统上使用 firewall-cmd
添加一个永久的防火墙规则,以允许 VRRP 多播通信。该规则将接受来自 em1
网卡的目标地址为 224.0.0.18
,协议为 VRRP 的输入流量。
Nginx集群高可用
上图
1:修改keepalived 上的master配置
vi /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_01
script_user root
enable_script_security
}
vrrp_script check_nginx {
script "/usr/local/src/nginx_check.sh" #检测脚本存放的路径
interval 2 # 检测脚本执行的间隔,即检测脚本每隔2s会自动执行一次
weight -10 #权重,如果这个脚本检测失败,服务器权重-10
fall 2 #检测连续 2 次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 #检测 1 次成功就算成功。但不修改优先级
}
vrrp_instance VI_1 {
state MASTER # 指定keepalived的角色,MASTER为主,BACKUP为备。备份服务器上需将MASTER 改为BACKUP
interface ens192 # 通信端口 通过ip addr可以看到,根据自己的机器配置
virtual_router_id 52 # vrrp实例id keepalived集群的实例id必须一致,即主、备机的virtual_router_id必须相同
priority 100 #优先级,数值越大,获取处理请求的优先级越高。主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1 #心跳间隔,默认为1s。keepalived多机器集群通过心跳检测当前服务器是否还正常工作,如果发送心跳没反应,备份服务器就会立刻接管;
authentication { # 服务器之间通信密码
auth type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth pass sls123456@!
}
virtual_ipaddress {
10.18.90.66
}
track_script {
check_nginx
}
}
2: 修改keepalived 上的backup配置
vi /etc/keepalived/keepalived.conf
global_defs {
router_id LVS_01
script_user root
enable_script_security
}
vrrp_script check_nginx {
script "/usr/local/src/nginx_check.sh" #检测脚本存放的路径
interval 2 # 检测脚本执行的间隔,即检测脚本每隔2s会自动执行一次
weight -10 #权重,如果这个脚本检测失败,服务器权重-10
fall 2 #检测连续 2 次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 #检测 1 次成功就算成功。但不修改优先级
}
vrrp_instance VI_1 {
state BACKUP # 指定keepalived的角色,MASTER为主,BACKUP为备。备份服务器上需将MASTER 改为BACKUP
interface ens192 # 通信端口 通过ip addr可以看到,根据自己的机器配置
virtual_router_id 52 # vrrp实例id keepalived集群的实例id必须一致,即主、备机的virtual_router_id必须相同
priority 1 #优先级,数值越大,获取处理请求的优先级越高。主、备机取不同的优先级,主机值较大,备份机值较小
advert_int 1 #心跳间隔,默认为1s。keepalived多机器集群通过心跳检测当前服务器是否还正常工作,如果发送心跳没反应,备份服务器就会立刻接管;
authentication { # 服务器之间通信密码
auth type PASS #设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth pass sls123456@!
}
virtual_ipaddress {
10.18.90.66
}
track_script {
check_nginx
}
}
3:添加nginx监控脚本nginx_check.sh 分别放到master和backup机器上
#!/bin/bash
NGINX_CONTAINER_NAME="nginx" # 设置 Nginx 容器的名称
A=`ps -C $NGINX_CONTAINER_NAME --no-header |wc -l`
echo "$NGINX_CONTAINER_NAME num $A "
if [ $A -eq 0 ];then
echo '$NGINX_CONTAINER_NAME is down'
echo '$NGINX_CONTAINER_NAME is starting'
docker start $NGINX_CONTAINER_NAME
sleep 3
if [ `ps -ef | grep $NGINX_CONTAINER_NAME | grep -v grep | wc -l` -eq 0 ];then
echo 'killall keepalived'
ps -ef|grep keepalived|grep -v grep|awk '{print $2}'|xargs kill -9
fi
fi
4:分别启动maser和backup keepalived
参考文章:
离线安装nginx+keepalived高可用集群,并实现普通用户下启动_keepalived以普通用户启动_太阳下的小白的博客-CSDN博客
Nginx+Keepalived搭建高可用Web服务器详细教程,基于最新版Keepalived2.0.20实现的安装与配置_keepalived2.0.20安装-CSDN博客