文章目录
- 1 Keepalived简介
- 2 配置情况
- 2.1 主从模式
- 2.2 双主模式
- 3 安装
- 3.1 安装nginx
- 3.2 安装Keepalived
- 3.3 将 keepalived 安装成 Linux 系统服务
- 4 配置keepalived
- 4.1 主从模式
- 4.1.1 主从模式介绍
- 4.1.2 配置 Keepalived
- 4.1.3 配置nginx检查脚本
- 4.1.4 配置通知提醒脚本
- 4.1.5 关闭防火墙
- 4.1.6 启动keepalived
- 4.1.7 查看keepalived日志
- 4.1.8 查看页面
- 4.2 双主模式
- 4.2.1 双主模式介绍
- 4.2.2 配置 Keepalived
- 4.2.3 配置nginx检查脚本
- 4.2.4 配置通知提醒脚本
- 4.2.5 启动keepalived
- 4.2.6 查看
- 5 参考文档
1 Keepalived简介
Keepalived是Linux下一个轻量级别的高可用解决方案。高可用:广义来讲,是指整个系统的高可用行;狭义的来讲就是主机的冗余和接管。
它与HeartBeat实现类似的功能,都可以实现服务或者网络的高可用,但是又有差别,HeartBeat是一个专业的、功能完善的高可用软件,它提供HA软件所需的基本功能,比如:心跳检测、资源接管,检测集群中的服务,在集群节点转移共享IP地址的所有者等等。HeartBeat功能强大,但是部署和使用相对比较麻烦,与HeartBeat相比,Keepalived主要是通过虚拟路由冗余来实现高可用功能,虽然它没有HeartBeat功能强大,但是Keepalived部署和使用非常的简单,所有配置只需要一个配置文件即可以完成。
2 配置情况
2.1 主从模式
VIP | IP | Keepalived | Nginx | CentOS | 默认主从 |
172.16.159.140 | 172.16.159.142 | keepalived-1.2.12.tar.gz | nginx-1.5.0(使用80端口) | CentOS release 6.6 (Final) | MASTER |
172.16.159.140 | 172.16.159.143 | keepalived-1.2.12.tar.gz | nginx-1.5.0(使用80端口) | CentOS release 6.6 (Final) | BACKUP |
2.2 双主模式
VIP | IP | Keepalived | Nginx | CentOS |
172.16.159.140(主) 172.16.159.141(备) | 172.16.159.142 | keepalived-1.2.12.tar.gz | nginx-1.5.0(使用80端口) | CentOS release 6.6 (Final) |
172.16.159.140(备) 172.16.159.141(主) | 172.16.159.143 | keepalived-1.2.12.tar.gz | nginx-1.5.0(使用80端口) | CentOS release 6.6 (Final) |
3 安装
3.1 安装nginx
请参考《Linux中Nginx安装与配置(CentOS-6.5:nginx-1.5.0)》:
3.2 安装Keepalived
从官网:https://www.keepalived.org 下载:keepalived-1.2.12.tar.gz
# mkdir /Data/apps/keepalived
# cd /Data/apps/keepalived
# tar zxvf keepalived-1.2.12.tar.gz
# cd keepalived-1.2.12
# ./configure --prefix=/Data/apps/keepalived
# make
# make install3.3 将 keepalived 安装成 Linux 系统服务
因为没有使用 keepalived 的默认路径安装(默认是/usr/local) ,安装完成之后,需要做一些工作复制默认配置文件到默认路径
# mkdir /etc/keepalived
# cp /Data/apps/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/复制 keepalived 服务脚本到默认的地址
# cp /Data/apps/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
# cp /Data/apps/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# ln -s /Data/apps/keepalived/sbin/keepalived /usr/sbin/
# ln -s /Data/apps/keepalived/sbin/keepalived /sbin/设置 keepalived 服务开机启动
# chkconfig keepalived on4 配置keepalived
4.1 主从模式
4.1.1 主从模式介绍
双机主从模式:即前端使用两台服务器,一台主服务器和一台热备服务器,正常情况下,主服务器绑定一个公网虚拟IP,提供负载均衡服务,热备服务器处于空闲状态;当主服务器发生故障时,热备服务器接管主服务器的公网虚拟IP,提供负载均衡服务;但是热备服务器在主机器不出现故障的时候,永远处于浪费状态,对于服务器不多的网站,该方案不经济实惠。
4.1.2 配置 Keepalived
a)在主节点 172.16.159.142,配置keepalived.conf
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
#指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱
##设置报警邮件地址,可以设置多个,每行一个。 需开启本机的sendmail服务
notification_email {
clevercode@qq.com
clevercode1@qq.com
clevercode2@qq.com
}
#keepalived在发生诸如切换操作时需要发送email通知地址
notification_email_from root
#指定发送email的smtp服务器
smtp_server 127.0.0.1
#设置连接smtp server的超时时间
smtp_connect_timeout 30
#运行keepalived的机器的一个标识,通常可设为hostname。故障发生时,发邮件时显示在邮件主题中的信息。
router_id master-node
}
#检测nginx服务是否在运行。有很多方式,比如进程,用脚本检测等等
vrrp_script chk_nginx {
#这里通过脚本监测
script "/etc/keepalived/nginx_check.sh"
#脚本执行间隔,每2s检测一次
interval 2
#脚本结果导致的优先级变更,检测失败(脚本返回非0)则优先级 -20
weight -20
}
#keepalived在同一virtual_router_id中priority(0-255)最大的会成为master,也就是接管VIP,当priority最大的主机发生故障后次priority将会接管
vrrp_instance VI_1 {
#指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器。注意这里的state指定instance(Initial)的初始状态,
#就是说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定。如果这里设置为MASTER,
#但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为MASTER
state MASTER
#指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的
interface eth0
# 发送多播数据包时的源IP地址,这里注意了,这里实际上就是在哪个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址
# ip不是固定的话可以考虑不配置
# mcast_src_ip 103.110.98.14
#虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须是一致的
virtual_router_id 140
#定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级
priority 100
# 优先级高的设置 nopreempt 解决异常恢复后再次抢占的问题
nopreempt
#设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
advert_int 1
#设置验证类型和密码。主从必须一样
authentication {
auth_type PASS #设置vrrp验证类型,主要有PASS和AH两种
auth_pass nginx #设置vrrp验证密码,在同一个vrrp_instance下,MASTER与BACKUP必须使用相同的密码才能正常通信
}
track_script {
chk_nginx
}
#VRRP HA 虚拟地址 如果有多个VIP,继续换行填写
virtual_ipaddress {
172.16.159.140
}
#当当前节点成为master时,通知脚本执行任务(一般用于启动某服务,比如nginx,haproxy等)
notify_master "/etc/keepalived/notify.sh master"
#当当前节点成为backup时,通知脚本执行任务(一般用于关闭某服务,比如nginx,haproxy等)
notify_backup "/etc/keepalived/notify.sh backup"
#当当前节点出现故障,执行的任务;
notify_fault "/etc/keepalived/notify.sh fault"
}b)在从节点 172.16.159.143,配置keepalived.conf
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
clevercode@qq.com
clevercode1@qq.com
clevercode2@qq.com
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id slave-node
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 140
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass nginx
}
track_script {
chk_nginx
}
virtual_ipaddress {
172.16.159.140
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}4.1.3 配置nginx检查脚本
在主和从节点上面,配置nginx检查脚本
vi /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
if [ $A -eq 0 ];then
/Data/apps/nginx/sbin/nginx -c /Data/apps/nginx/conf/nginx.conf
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
/etc/init.d/keepalived stop
#killall keepalived(网上的大部分资料都是killall,亲自试了一下,如果直接killall,虚ip不会
#删除,还是网卡中绑定,所以用/etc/init.d/keepalived stop会更新优雅,虚ip也会删除
fi
fi添加执行权限
# chmod +x /etc/keepalived/nginx_check.sh4.1.4 配置通知提醒脚本
在主和从节点上面,当角色出现变化或者出现故障的时候需要进行通知以及记录日志。
vi /etc/keepalived/notify.sh
#!/bin/bash
SMS_LIST="18688888881 18688888882 18688888883"
host_name=`hostname`
notify ( ) {
local now_time=$(date "+%Y-%m-%d %H:%M:%S")
#记录日志
echo $now_time keepalived ${host_name} change $1 >> /etc/keepalived/notify.log
#发送告警短信
for i in $SMS_LIST
do
#python /etc/keepalived/sendsms.py $i keepalived "${now_time} ${host_name} change $1"
echo $now_time $i keepalived "${host_name} change $1" >> /etc/keepalived/notify.log
done
}
case "$1" in
master)
notify master
exit 0
;;
backup)
notify backup
exit 0
;;
fault)
notify fault
exit 0
;;
*)
echo 'Usage: `basename $0` {master|backup|fault}'
exit 1
;;
esac添加执行权限
# chmod +x /etc/keepalived/notify.sh4.1.5 关闭防火墙
# service iptables stop如果不关闭防火墙,keepalived,启动的端口如下,需要配置防火墙:
[root@localhost keepalived]# netstat -anp | grep keepalived
raw 720 0 0.0.0.0:112 0.0.0.0:* 7 12312/keepalived
raw 0 0 0.0.0.0:112 0.0.0.0:* 7 12312/keepalived
raw 0 0 0.0.0.0:255 0.0.0.0:* 7 12311/keepalived如果防火墙不关闭,同时也不配置防火区。会产生脑裂问题。请参考文档:《解决nginx+keepalived 中主从节点负载均衡服务器同时拥有虚拟ip的问题》:
4.1.6 启动keepalived
启动主和从的keepalived
# /etc/init.d/keepalived start4.1.7 查看keepalived日志
默认日志存放在系统日志:/var/log/messages下
cat /var/log/messages
Sep 20 11:34:38 localhost Keepalived[10493]: Starting Keepalived v1.2.12 (09/18,2019)
Sep 20 11:34:38 localhost Keepalived[10494]: Starting Healthcheck child process, pid=10496
Sep 20 11:34:38 localhost Keepalived[10494]: Starting VRRP child process, pid=10497
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Netlink reflector reports IP 172.16.159.142 added
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Netlink reflector reports IP fe80::250:56ff:fe32:5998 added
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Registering Kernel netlink reflector
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Registering Kernel netlink command channel
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Registering gratuitous ARP shared channel
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Opening file '/etc/keepalived/keepalived.conf'.
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Configuration is using : 65592 Bytes
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: Using LinkWatch kernel netlink reflector...
Sep 20 11:34:38 localhost Keepalived_vrrp[10497]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
Sep 20 11:34:38 localhost Keepalived_healthcheckers[10496]: Netlink reflector reports IP 172.16.159.142 added配置日志参考:《Keepalived日志》
4.1.8 查看页面
在浏览器中输入虚IP:http://172.16.159.140/。访问发现请求落入了172.16.159.142机器。
在172.16.159.142查看IP地址。可以看到虚IPx信息。
现在停止掉172.16.159.142的keepalived。下面两种方式都可以。
# /etc/init.d/keepalived stop
# killall keepalived发现请求已经打到了172.16.159.143了。
在172.16.159.143查看IP信息。发现了虚IP172.16.159.140信息。
在172.16.159.142查看IP信息。没有发现了虚IP172.16.159.140信息。
再次启动172.16.159.142的keepalived。发现虚IP被抢占。
# /etc/init.d/keepalived start
4.2 双主模式
4.2.1 双主模式介绍
双主模式:即前端使用两台负载均衡服务器,互为主备,且都处于活动状态,同时各自绑定一个公网虚拟IP,提供负载均衡服务;当其中一台发生故障时,另一台接管发生故障服务器的公网虚拟IP(这时由非故障机器一台负担所有的请求)。这种方案,经济实惠,非常适合于当前架构环境。
4.2.2 配置 Keepalived
a)在 172.16.159.142,配置keepalived.conf
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
clevercode@qq.com
clevercode1@qq.com
clevercode2@qq.com
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
#主(172.16.159.140)
state MASTER
interface eth0
#以VIP最后一个段命名(172.16.159.140)
virtual_router_id 140
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass nginx
}
track_script {
chk_nginx
}
virtual_ipaddress {
172.16.159.140
}
notify_master "/etc/keepalived/notify.sh master 172.16.159.140"
notify_backup "/etc/keepalived/notify.sh backup 172.16.159.140"
notify_fault "/etc/keepalived/notify.sh fault 172.16.159.140"
}
vrrp_instance VI_2 {
#备(172.16.159.141)
state BACKUP
interface eth0
#以虚IP最后一个段命令(172.16.159.141)
virtual_router_id 141
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass nginx
}
track_script {
chk_nginx
}
virtual_ipaddress {
172.16.159.141
}
notify_master "/etc/keepalived/notify.sh master 172.16.159.141"
notify_backup "/etc/keepalived/notify.sh backup 172.16.159.141"
notify_fault "/etc/keepalived/notify.sh fault 172.16.159.141"
}a)在 172.16.159.143,配置keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
clevercode@qq.com
clevercode1@qq.com
clevercode2@qq.com
}
notification_email_from root
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
#备(172.16.159.140)
state BACKUP
interface eth0
#以VIP最后一个段命名(172.16.159.140)
virtual_router_id 140
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass nginx
}
track_script {
chk_nginx
}
virtual_ipaddress {
172.16.159.140
}
notify_master "/etc/keepalived/notify.sh master 172.16.159.140"
notify_backup "/etc/keepalived/notify.sh backup 172.16.159.140"
notify_fault "/etc/keepalived/notify.sh fault 172.16.159.140"
}
vrrp_instance VI_2 {
#主(172.16.159.141)
state MASTER
interface eth0
#以虚IP最后一个段命令(172.16.159.141)
virtual_router_id 141
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass nginx
}
track_script {
chk_nginx
}
virtual_ipaddress {
172.16.159.141
}
notify_master "/etc/keepalived/notify.sh master 172.16.159.141"
notify_backup "/etc/keepalived/notify.sh backup 172.16.159.141"
notify_fault "/etc/keepalived/notify.sh fault 172.16.159.141"
}4.2.3 配置nginx检查脚本
同4.1.3
4.2.4 配置通知提醒脚本
同4.1.4
4.2.5 启动keepalived
同4.1.4
4.2.6 查看
访问http://172.16.159.140/ 可以看到请求打到了172.16.159.142。
在172.16.159.142查看虚IP.
访问http://172.16.159.141/ 可以看到请求打到了172.16.159.143。
查看172.16.159.143 的IP信息,可以看到虚IP。172.16.159.141
现在停止172.16.159.142的keepalived
# /etc/init.d/keepalived stop
# killall keepalived再次访问http://172.16.159.140/ ,http://172.16.159.141/ 发现请求都打到了172.16.159.143
在172.16.159.143查看ip信息。发现了2个虚IP:172.16.159.140,172.16.159.141
现在启动172.16.159.142的keepalived。/etc/init.d/keepalived start。发现172.16.159.142抢占了虚IP172.16.159.140。
访问172.16.159.140请求,页面也到172.16.159.142
