keepalived简介及基础配置
一、keepalived简介keepalived是高可用集群的解决方案之一,相比于heartbeat,corosync来说是较为轻量级的。keeoalived是vrrp协议在linux主机上以守护进程方式实现,其优点是能够根据配置文件自动生成ipvs规则,同时相比于LVS,多出了健康状态检测的功能,这是LVS不具备的。
keepalived官方架构图如下:
https://s3.运维网.com/wyfs02/M01/8D/6A/wKioL1ib54uQsJLrAAF4VW7EdsU545.png
(引自keepalived官方文档:http://keepalived.org/)
Scheduler:调度器
memory mngt:内存空间管理
control plane configuretion file parser:配置文件的主控器,类似于Nginx的master进程
VRRP Stack:vrrp功能的实现
Checkers:健康状态检测
WatchDog:监控VRRP进程,并进行守护
二、keepalived配置
1、集群配置前准备
Nginx:192.168.0.104
node1:192.168.0.40
1、本机的主机名与hosts中定义的主机保持一致,要与hostname(uname -n)获得的名称保持一致
vim /etc/hosts
192.168.0.104 Nginx
192.168.0.40 node1
2、各节点时间同步
# yum install ntp
# vim /etc/ntp.conf
将下面的语句
restrict default kod nomodify notrap nopeer noquery
修改为
restrict default nomodify
restrict 192.168.0.0 mask 255.255.255.0 nomodify
# service ntpd start
# ntpdate 192.168.0.40
10 Feb 14:14:50 ntpdate: adjust time server 192.168.0.40 offset 0.032422 sec
# date; ssh 192.168.0.40 'date'
2017年 02月 10日 星期五 14:16:21 CST
root@192.168.0.40's password:
2017年 02月 10日 星期五 14:16:24 CST
3、各节点之间密钥认证
1.生成密钥对
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0b:ca:be:1f:0f:b3:3a:aa:cc:c8:76:2c:76:25:59:fd root@Nginx
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . |
| o . S |
| + o . E |
|. = + . |
|=+ =.* |
|===.+=o . |
+-----------------+
2.将密钥传输至各节点
# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.40
root@192.168.0.40's password:
Now try logging into the machine, with "ssh 'root@192.168.0.40'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
3.测试
# date; ssh 192.168.0.40 'date'
2017年 02月 10日 星期五 14:24:45 CST
2017年 02月 10日 星期五 14:24:46 CST
4.iptables与selinux规则放行或禁用
# getenforce
Disabled
# service iptables stop
5.各节点均进行上述操作
# ssh-keygen -t rsa
# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.104
# date; ssh 192.168.0.104 'date'
Fri Feb 10 14:27:02 CST 2017
Fri Feb 10 14:27:02 CST 2017
2、keepalived集群配置
1.各节点安装keepalived,yum安装(keepalived被官方收录到base源中)
# yum install keepalived -y
# yum install keepalived -y
2.配置文件
Nginx配置
# cd /etc/keepalived/
# cp keepalived.conf{,.bak}
# grep -Ev '#|^$' keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost #收件人
}
notification_email_from kaadmin@localhost #发件人
smtp_server 127.0.0.1 #mail服务器
smtp_connect_timeout 30
router_id Nginx
}
vrrp_instance VI_1 {
state MASTER #vrrp工作模式master或backup
interface eth0 #vip配置接口
virtual_router_id 51 #同一虚拟路由id一致
priority 100 #优先级
advert_int 1 #发送心跳信息的时间
authentication {
auth_type PASS #字符串认证
auth_pass 51ea2a78
}
virtual_ipaddress {
192.168.0.80/24 label eth0:0 #vip
}
}
将配置文件复制到别的节点,并修改配置文件
# scp keepalived.conf node1:/etc/keepalived/
The authenticity of host 'node1 (192.168.0.40)' can't be established.
RSA key fingerprint is 46:dc:2d:3c:90:45:80:f4:21:40:03:2c:5b:ca:f0:77.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1' (RSA) to the list of known hosts.
keepalived.conf 100% 3606 3.5KB/s 00:00
node1配置
# cp keepalived.conf{,.bak}
# egrep -v '#|^$' keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 51ea2a78
}
virtual_ipaddress {
192.168.0.80/24 label eth0:0
}
}
3.启动日志(各节点一同修改)
# vim /etc/sysconfig/keepalived
KEEPALIVED_OPTIONS="-D -S 3"
# vim /etc/rsyslog.conf
local7.* /var/log/boot.log
local3.* /var/log/keepalived.log
# service rsyslog restart
4.启动服务并测试
# service keepalived start; ssh node1 'service keepalived start'
# ifconfig eth0:0
eth0:0 Link encap:EthernetHWaddr 00:0C:29:8E:59:EC
inet addr:192.168.0.80Bcast:0.0.0.0Mask:255.255.255.0
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
Interrupt:19 Base address:0x2000
# ps -ef | grep keepalived
root 2532 10 19:49 ? 00:00:00 /usr/sbin/keepalived -D
root 253325320 19:49 ? 00:00:00 /usr/sbin/keepalived -D
root 253525320 19:49 ? 00:00:00 /usr/sbin/keepalived -D
root 254319960 19:53 pts/0 00:00:00 grep keepalived
三、手动调度
1、配置vrrp脚本并调用(各节点)
# !gre
grep -Ev '#|^$' keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id Nginx
}
#vrrp脚本,检查该目录下是否有down文件,有则权重减2,无则不进行操作
vrrp_script chk_maintance {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 51ea2a78
}
virtual_ipaddress {
192.168.0.80/24 label eth0:0
}
#调用脚本
track_script {
chk_maintance
}
} 2、测试
# touch /etc/keepalived/down
# ip add | grep eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.0.104/24 brd 192.168.0.255 scope global eth0
# ip addr | grep eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.0.40/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.80/24 scope global secondary eth0:0
# rm down
rm:是否删除普通空文件 "down"?y
# ip add | grep eth0
2: eth0:mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.0.104/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.80/24 scope global secondary eth0:0
页:
[1]