keepalived部署及实验
一、实验部署所需服务器: 服务器名称 ip地址 环境 负载均衡(主) 虚拟ip:192.168.1.135 Nginx,keepalived 负载均衡(备) 虚拟ip:192.168.1.135 Nginx,keepalived Web1 192.168..133 Nginx/Tomcat Web2 192.168.1.134 Nginx/Tomcat
二、keepalived安装及配置
1、安装并启动keepalived(主、备服务器)
# yum install keepalived –y 安装
# /etc/init.d/keepalived start 启动
# ps –ef |grep keep 查看是否启动成功
2、配置主服务器的keepalived.conf 配置文件
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id test01 #id 为test01,不同的keepalived.conf这个ID要唯一
#vrrp_strict #如果未注释,可能会出现VIP ping不通的情况
}
vrrp_instance VI_1 { #实例名字为VI_1,相同实例的备节点名字要和这相同
state MASTER # 主节点为 MASTER
interface eth0 # 备节点需与主相同
virtual_router_id 51 # 实例id为51,keepalived.conf唯一
priority 100 # 备节点数值必须比这个低
advert_int 1
authentication {
auth_type PASS # 主备相同
auth_pass 1111 # 主备相同
}
virtual_ipaddress {
192.168.1.135 #虚拟ip,主备需相同
}
}
测试是否成功 ip addr|grep 192.168.3.135,若成功绑定后无法ping通VIP, 打开keepalived的配置文件,注释掉vrrp_strict~
3、配置备服务器的keepalived.conf 配置文件
#vim /etc/keepalived/keepalived.conf``
> ! Configuration File for keepalived
>
> global_defs {
> notification_email {
> acassen@firewall.loc
> failover@firewall.loc
> sysadmin@firewall.loc
> }
> notification_email_from Alexandre.Cassen@firewall.loc
> smtp_server 192.168.200.1
> smtp_connect_timeout 30
> router_id test02 #名字与主不同
> }
>
> vrrp_instance VI_1 {
> state BACKUP #备为BACKUP
> interface eth0
> virtual_router_id 51 #和主相同
> priority 80 #低于主
> advert_int 1
> authentication {
> auth_type PASS
> auth_pass 1111
> }
> virtual_ipaddress {
> 192.168.1.135
> }
> }
4、配置Web服务器(Nginx),主备配置相同:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#定义web服务器池,包含以下两个节点
upstream www_server_pools {
server 192.168.1.133:80 weight=1;
server 192.168.1.134:80 weight=1;
}
server {
listen 192.168.1.135:80; #监听vip端口
server_name www.test.cc;
location / {
proxy_pass http://www_server_pools;
#访问www.test.cc的请求发生给www_server_pools里面的节点
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
如果nginx启动报错:
nginx[22428]: nginx: [emerg] bind() to 10.81.180.170:80 failed (99:
表示服务器不能识别该ip,需要在/etc/sysctl.conf下添加:
#allow processes to bind to the non-local address
#(necessary for apache/nginx in Amazon EC2)
net.ipv4.ip_nonlocal_bind = 1
#表示允许linux绑定非本地ip
重启配置即可
sysctl -p /etc/sysctl.conf
主备配置完以后建议重启一次,然后启动nginx和keepalived,并查看监听是否正确 测试,关掉主nginx后,能正常打开网页,则配置成功。
三、 主备服务器切换测试 1、停掉主服务器上的keepalived服务或者关闭服务器,并查看vip状态 ip addr|grep 192.168.1.135,vip消失。 2、切换至备服务器上,查看vip是否出现,ip addr|grep 192.168.1.135,若出现表示ip漂移成功。 注:(该配置只能自动切换服务器down机的情况,若要自动切换nginx服务挂掉,需加脚本及配置)
四、解决高可用服务针对物理服务器的问题: keepalived只针对服务器及keepalived服务宕机才会切换,实际工作中有时nginx服务也会出现故障,这时需借助脚本来实现.
1、若没有80端口存在,则停止keepalived服务实现释放本地vip。
#!/bin/sh
while true
do
if [ `netstat -lntup|grep nginx|wc -l` -ne 1 ]; then
/etc/init.d/keepalived stop
fi
sleep 5
done
2、可以使用keepalived的配置文件来触发写好的检测服务脚本。(略)
五、keepalived脑裂问题 可以配置冗余心跳线,并做检测脚本 备节点上执行脚本,若可以ping同主节点并且备节点有vip就报警。
#!/bin/sh
test1ip=192.168.1.130
test1vip=192.168.1.135
while true
do
ping -c 2 -W 3 $test1ip &>/dev/null
if [ $? -eq 0 -a ‘ip add|grep “$test1vip”|wc -l’ -eq 1 ]
then
echo “ha is split brain.waring!!!”
else
echo ”ha is ok!”
fi
sleep 5
done
