172.20.19.49 主
172.20.19.98 从
172.20.19.95 vip
虚拟ip的漂移是通过keepalive是否存活来实现的
安装keepalive
yum install -y keepalived
# 添加keepalived到开机启动
chkconfig keepalived on或者systemctl enable keepalived.service
安装完之后执行 vi /etc/keepalived/keepalived.conf
启动服务
systemctl start keepalived
查看启动状态
systemctl status keepalived
此时执行ip addr会发现主备机子都抢到了vip的ip
使用tcpdump查看
tcpdump -i ens33 vrrp -n
master
backup
由上图可以看到,172.20.19.49 172.20.19.98 两个IP在轮流发送组播信号。而正常的应该是由MASTER服务器发送组播,如果BACKUP收不到MASTER的组播信号了,那么判定MASTER宕机了,BACKUP就会接手VIP
问题就是出现在了防火墙这里,防火墙阻止了vrrp组包发送
如果是Firewalld防火墙 则主、备都运行下面的命令
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --protocol vrrp -j ACCEPT
firewall-cmd --reload
没问题了奥
测试
关闭master机子
再master上输入init 0
观察到95已经漂移到backup上了
重启master之后
95回到了master上
安装nginx
#yum 安装依赖
yum -y install gcc gcc-c++ autoconf automake make
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel
#解压nginx----------------------------------------------------------------------
cd /opt
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar xzvf nginx-1.14.2.tar.gz
rm -rf nginx-1.14.2.tar.gz
cd nginx-1.14.2
#编译nginx 并配置需要安装的模块 如果需要修改安装到其他路径可以修改prefix的值,编译后可通过nginx -V查看
./configure --prefix=/usr/local --with-http_ssl_module --with-http_stub_status_module --with-http_flv_module --with-http_gzip_static_module --with-http_realip_module
#编译安装
make && make install
#启动nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
是否需要配置Keepalived监听Nginx 以及smtp请自行配置
修改系统的配置文件(vi /etc/keepalived/keepalived.conf)
1添加Nginx心跳检测脚本 vrrp_script check_nginx_alive
2在vrrp_instance VI_1中加入track_script 调用check_nginx_alive每隔1秒检查Nginx状态
3在vrrp_instance VI_1中为keepalived 三个状态接口 notify_master , notify_backup, notify_fault添加脚本/usr/local/keepalived/sbin/notify.sh (当keepalived状态改变时调用相同脚本但传入不同参数)
! Configuration File for keepalived
global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 }
vrrp_script check_nginx_alive { script "[[ `ps -ef | grep nginx | grep -v grep | wc -l` -ge 2 ]] && exit 0 || exit 1" interval 1 #每隔1秒执行上述的脚本,检查ngnix状态 weight -2 #宕机一次将自身权重减2 }
vrrp_instance VI_1 { state BACKUP interface enp0s3 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 172.20.19.95/24 } # 新增检测Nginx脚本 自定义脚本名check_nginx_alive track_script { check_nginx_alive }
# keepalived 三个接口,当状态改变时执行用户自定义脚本 notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault"
} |
红色部分为新增
添加执行权限!!!
chmod +x /etc/keepalived/notify.sh
重启keepalive
systemctl restart keepalived
systemctl status keepalived
之前使用关机的方式的确实现了 vip的漂移,其实是由于keepalive关闭了的原因.测试杀死nginx 进程vip并没有漂移 而且检测的脚本也没有运行.
修改keepalive.conf 通过脚本监控杀死keepalive 来实现vip漂移
cat > /etc/keepalived/check_nginx.sh <<EOF
#!/bin/bash
# Author:
# Email:
# Description: 检测nginx状态并控制keepalive
# Notes:
#调试模式
#set -x
function check_pid_num {
[[ `ps -ef | grep nginx |grep process| grep -v grep | wc -l` -ge 2 ]] && echo 0 || echo 1
}
pid_1=$(check_pid_num)
echo pid_1 $pid_1
if [ $pid_1 -eq 1 ];then
/usr/local/nginx/sbin/nginx -s stop
echo 启动nginx
/usr/local/nginx/sbin/nginx
sleep 10
pid_2=$(check_pid_num)
echo $pid_2
# 如果还是有端口不通,表示nginx服务不正常,则停掉keepalived,使VIP发生切换
if [ $pid_2 -eq 1 ];then
echo 停掉keepalived,使VIP发生切换
systemctl stop keepalived
exit
fi
echo nginx 恢复正常
exit
fi
echo nginx正常
EOF
然后keepalived.conf 处修改成如下
vrrp_script check_nginx_alive
{
script "/etc/keepalived/check_nginx.sh"
interval 20 #每隔20秒执行上述的脚本,检查ngnix状态
weight -2 #宕机一次将自身权重减2
}
解决检测的脚本没有运行
网上有说
其实好像不是这个原因 不知道为什么root启动的keepalived 没法执行这个脚本
直接
chmod +x /etc/keepalived/check_nginx.sh
systemctl restart keepalived