集群介绍,keepalived配置
集群介绍keepalived介绍
用keepalived配置高可用集群
1.两台机器都安装软件:
# yum install -y keepalived
已加载插件:fastestmirror
base | 3.6 kB00:00:00
epel/x86_64/metalink | 7.8 kB00:00:00
epel | 4.7 kB00:00:00
extras | 3.4 kB00:00:00
updates | 3.4 kB00:00:00
(1/3): extras/7/x86_64/primary_db | 185 kB00:00:01
(2/3): epel/x86_64/updateinfo | 908 kB00:00:03
(3/3): epel/x86_64/primary_db | 6.3 MB00:00:07
2.使用nginx作为测试:
# yum install -y nginx
3.编辑主配置文件:
# vim !$
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
aming@aminglinux.com #告警邮箱
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" #检查脚本
interval 3
}
vrrp_instance VI_1 {
state MASTER #主模块
interface ens33
virtual_router_id 51 #id主从保持一致
priority 100 #权重不同
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com #认证密码
}
virtual_ipaddress {
192.168.188.100 #vip地址
}
track_script {
chk_nginx
}
}
4.定义脚本:
# vim /usr/local/sbin/check_ng.sh
#!/bin/bash
#时间变量,用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0,则启动nginx,并且再次检测nginx进程数量,
#如果还为0,说明nginx无法启动,此时需要关闭keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0"]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
5.变更脚本权限:
# chmod 755 /usr/local/sbin/check_ng.sh
6.启动服务并检测:
# systemctl start keepalived.service
# ps aux |grep keep
root 15690.00.1 1207401400 ? Ss 21:47 0:00 /usr/sbin/keepalived -D
root 15700.00.3 1274763276 ? S 21:47 0:00 /usr/sbin/keepalived -D
root 15710.50.3 1317803104 ? S 21:47 0:00 /usr/sbin/keepalived -D
root 15980.00.0 112676 984 pts/0 R+ 21:47 0:00 grep --color=auto keep
7.Nginx服务会自动启动:
# ps aux |grep nginx
root 9000.00.1459881284 ? Ss 21:10 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 9130.00.4484764184 ? S 21:10 0:00 nginx: worker process
nobody 9140.00.3484763924 ? S 21:10 0:00 nginx: worker process
root 16600.00.0 112676 984 pts/0 R+ 21:48 0:00 grep --color=auto nginx
# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [确定]
# ps aux |grep nginx
root 17620.00.1459881296 ? Ss 21:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 17660.00.4484764200 ? S 21:48 0:00 nginx: worker process
nobody 17670.00.3484763940 ? S 21:48 0:00 nginx: worker process
root 17750.00.0 112676 984 pts/0 R+ 21:48 0:00 grep --color=auto nginx
8.关闭防火墙:
# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# getenforce
Disabled
9.配置从上的配置文件:
# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
aming@aminglinux.com
}
notification_email_from root@aminglinux.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.188.100
}
track_script {
chk_nginx
}
}
10.写从上的检测脚本:
# vim /usr/local/sbin/check_ng.sh
#时间变量,用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0,则启动nginx,并且再次检测nginx进程数量,
#如果还为0,说明nginx无法启动,此时需要关闭keepalived
if [ $n -eq "0" ]; then
systemctl start nginx
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0"]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
11.更改脚本权限:
# chmod 755 !$
chmod 755 /usr/local/sbin/check_ng.sh
12.启动从上的服务:
# systemctl start keepalived.service
# ps aux |grep keep
root 14760.00.1 1207401408 ? Ss 21:59 0:00 /usr/sbin/keepalived -D
root 14770.00.2 1228122376 ? S 21:59 0:00 /usr/sbin/keepalived -D
root 14780.00.2 1228122392 ? S 21:59 0:00 /usr/sbin/keepalived -D
root 14850.00.0 112676 980 pts/0 R+ 21:59 0:00 grep --color=auto keep
13.主从ip地址默认访问的路径:
主
# cat /data/wwwroot/default/index.html
从
# cat /usr/share/nginx/html/index.html
14.测试高可用:
主上面增加防火墙规则
# iptables -I OUTPUT -p vrrp -j DROP
测试后发现还可以继续访问,没有达到目的,删掉防火墙
# iptables -F
# iptables -nvL
Chain INPUT (policy ACCEPT 12 packets, 952 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 928 bytes)
pkts bytes target prot opt in out source destination
停止主上的keepalived服务:vip不在住上监听了
# systemctl stop keepalived.service
# ip add
1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:
mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ed:fb:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.130/24 brd 192.168.188.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::9835:40a7:677a:8a07/64 scope link
valid_lft forever preferred_lft forever
3: ens37:
mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ed:fb:f0 brd ff:ff:ff:ff:ff:ff
100已经在从上面监听了。
# tail /var/log/messages
Apr9 22:43:13 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:13 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:13 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:13 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:18 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:18 weixing01 Keepalived_vrrp: VRRP_Instance(VI_1) Sending/queueing
Apr9 22:43:18 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:18 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:18 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
Apr9 22:43:18 weixing01 Keepalived_vrrp: Sending gratuitous ARP on ens37 for 1
# ip add
1: lo:mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33:
mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:ca:b5:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.188.132/24 brd 192.168.188.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::b378:2446:305f:e06c/64 scope link tentative
valid_lft forever preferred_lft forever
3: ens37:
mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:b5:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.129/24 brd 192.168.188.255 scope global dynamic ens37
valid_lft 1200sec preferred_lft 1200sec
inet 192.168.188.100/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::6b14:823d:f9c7:1cdc/64 scope link
valid_lft forever preferred_lft forever
444
页:
[1]