使用keepalived可以创建虚拟IP(VIP)统一对外访问入口
准备工作
下载keepalived:官网www.keepalived.org
用Xftp拷贝文件到Linux中
使用命令安装需要到的 kernel-devel openssl-devel libnl-devel
yum install kernel-devel openssl-devel libnl-devel -y
创建软连接(安装完kernel-devel,/kernels/+tab键自动添加后面的那串东西->3.10.0-957.27.2.el7.x86_64,每个版本Linux的内核版本可能不一样)
ln -s /usr/src/kernels/3.10.0-957.27.2.el7.x86_64/ /usr/src/linux
进入到你拷贝好的keepalived文件存放地,进行解压
tar -zxvf keepalived-2.0.18.tar.gz
进入解压后的 keepalived-2.0.18
cd keepalived-2.0.18/
编译及安装(–with-kernel-dir=/usr/src/kernels/3.10.0-957.27.2.el7.x86_64/ 重要)
./configure --prefix=/usr/local/keepalived --mandir=/usr/local/share/man/--with-kernel-dir=/usr/src/kernels/3.10.0-957.27.2.el7.x86_64/
(出现这个说明命令完成)
第二个命令
make
第三个命令
make install
路径 | 说明 |
---|---|
/usr/local/keepalived | 安装目录 |
/usr/local/keepalived-2.0.18 | 解压目录 |
拷贝执行文件
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
将初始化脚本拷贝到系统初始化目录下
cp /usr/local/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/init.d/
将keepalived配置文件拷贝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
创建keepalived文件夹
mkdir -p /etc/keepalived/
将keepalived配置文件拷贝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
添加可执行权限
chmod +x /etc/init.d/keepalived
添加keepalived到开机启动
chkconfig --add keepalived
第二命令
chkconfig keepalived on
修改 /etc/keepalived下的keepalived.conf文件
vim /etc/keepalived/keepalived.conf
具体文件内容介绍
! Configuration File for keepalived
## 配置故障发生时的通知对象以及机器标识
global_defs {
notification_email {
## 故障时,给谁发送通知邮件,可添加多个
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc ## 邮件发送方
smtp_server 192.168.200.1 ## 通知邮件的smtp地址
smtp_connect_timeout 30 ## 连接smtp服务器的超时时间
router_id LVS_DEVEL ## 标识本节点的字条串,通常为hostname,但不一定非得是hostname。故障发生时,邮件通知会用到
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
## 定义 vrrp 实例
vrrp_instance VI_1 {
state MASTER ## MASTER,配置为主服务器;BACKUP 为备用服务器
interface eth0 ## 通讯网卡,与系统网卡名称一致 ## 查询网卡名称可使用 `ip a` or `ifconfig` or 'ip addr' 等命令
virtual_router_id 51 ## 虚拟路由标识,这个标识是一个数字,并且同一个 vrrp 实例使用唯一的标识
priority 101 ## 优先级,0--254,权重值 MASTER 一定要高于 BACKUP
advert_int 1 ## 同步时间间隔,实际部署时可以设置小一点,减少延时
## 验证信息
authentication {
auth_type PASS ## 验证类型
auth_pass 1111 ## 验证密码,用于通讯主机间验证,备用服务器必须与主服务器密码相同
}
## 虚拟 IP,主服务器与从服务器设置相同的虚拟 IP,可配置多个
## 注:外部访问时,hosts 指向与本虚拟 IP 一致
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
## 虚拟服务定义块
virtual_server 192.168.200.100 443 {
delay_loop 6 ## 健康检查时间间隔,单位 秒
lb_algo rr
lb_kind NAT ## 负载均衡转发规则,一般包括 DR、NAT 和 TUN 三种
persistence_timeout 50 ## 会话保持时间,单位 秒
protocol TCP ## 转发协议,一般有 TCP、UDP 两种
## 实际服务器 IP
real_server 192.168.201.100 443 {
weight 1 ## 权重值 数值越大,权重越高
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
## 虚拟服务定义块
virtual_server 10.10.10.2 1358 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
## 实际服务器 IP
real_server 192.168.200.2 1358 {
weight 1
## http 或 ssl 检查方式(HTTP_GET|SSL_GET)
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
## 实际服务器 IP
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
## 虚拟服务定义块
virtual_server 10.10.10.3 1358 {
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
## 实际服务器 IP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
## 实际服务器 IP
real_server 192.168.200.5 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
我们这里只需要保留一个vrrp_instance VI_1
vrrp_instance VI_1以下的可以删掉
高可用一般两台机器安装该软件,不同之处只有配置(主:MASTER,备:BACKUP)
MASTER的keepalived.conf配置
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.43.92
smtp_connect_timeout 30
router_id LVS_01
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.88/24
}
}
BACKUP的keepalived.conf配置(另一台机器上的配置)
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.43.91
smtp_connect_timeout 30
router_id LVS_02
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.88/24
}
}
两个配置的不同之处:
router_id + 名字,不能相同
priority + 量 主要比备高,官方说最好差50
state + 主/备
keepalived.conf配置中默认vrrp_strict打开了,需要把它注释掉。重启keepalived即可ping通。(直接删掉,不然ping自己都不通,不说Windows上ping。不然Nginx无法在Windows上访问,连接Linux的软件也会连接失败)
cd /usr/lib/systemd/system/
启动
systemctl start keepalived
开机启动
systemctl enable keepalived.service
查看是否开机启动
systemctl is-enabled keepalived.service
此时已加入系统服务 可使用services 启动
#启动
service keepalived start
#停止
service keepalived stop
#重启
service keepalived restart
#查看启动情况
ps -aux |grep keepalived
此时使用ip addr查看是否有虚拟的IP出现(查看自己定义的VIP:192.168.88.88,查看是否出现在ens33设备上)
主的机器上(虚拟IP在主上,当主的关闭,VIP自动浮动到备上)
备的机器上
模拟主宕机(关闭keepalived)
systemctl stop keepalived
主的机器上(虚拟IP在主上,当主的关闭,VIP自动浮动到备上)
备的机器上(VIP已经浮动到备用机上)
到此已经成功
启动Nginx,实践检验(我的启动路径为:/usr/local/webserver/nginx/sbin/nginx,Nginx安装可以看我其他博客)
/usr/local/webserver/nginx/sbin/nginx