集群介绍，keepalived配置

集群介绍

keepalived介绍

用keepalived配置高可用集群

1.两台机器都安装软件：

[root@weixing01 ~]# yum install -y keepalived
已加载插件：fastestmirror
base                                                                          | 3.6 kB  00:00:00     
epel/x86_64/metalink                                                          | 7.8 kB  00:00:00     
epel                                                                          | 4.7 kB  00:00:00     
extras                                                                        | 3.4 kB  00:00:00     
updates                                                                       | 3.4 kB  00:00:00     
(1/3): extras/7/x86_64/primary_db                                             | 185 kB  00:00:01     
(2/3): epel/x86_64/updateinfo                                                 | 908 kB  00:00:03     
(3/3): epel/x86_64/primary_db                                                 | 6.3 MB  00:00:07   

2.使用nginx作为测试：

[root@weixing01 ~]# yum install -y nginx

3.编辑主配置文件：

[root@weixing01 ~]# vim !$
vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     aming@aminglinux.com                             #告警邮箱
   }
   notification_email_from root@aminglinux.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_nginx {
    script "/usr/local/sbin/check_ng.sh"                #检查脚本
    interval 3
}
vrrp_instance VI_1 {
    state MASTER                             #主模块
    interface ens33
    virtual_router_id 51                      #id主从保持一致
    priority 100                                    #权重不同
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass aminglinux>com            #认证密码
    }
    virtual_ipaddress {
        192.168.188.100                          #vip地址
    }
    track_script {
        chk_nginx
    }
}

4.定义脚本：

[root@weixing01 ~]# vim /usr/local/sbin/check_ng.sh

#!/bin/bash
#时间变量，用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0，则启动nginx，并且再次检测nginx进程数量，
#如果还为0，说明nginx无法启动，此时需要关闭keepalived
if [ $n -eq "0" ]; then
        /etc/init.d/nginx start
        n2=`ps -C nginx --no-heading|wc -l`
        if [ $n2 -eq "0"  ]; then
                echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
                systemctl stop keepalived
        fi
fi

5.变更脚本权限：

[root@weixing01 ~]# chmod 755 /usr/local/sbin/check_ng.sh 

6.启动服务并检测：

[root@weixing01 ~]# systemctl start keepalived.service 
[root@weixing01 ~]# ps aux |grep keep
root       1569  0.0  0.1 120740  1400 ?        Ss   21:47   0:00 /usr/sbin/keepalived -D
root       1570  0.0  0.3 127476  3276 ?        S    21:47   0:00 /usr/sbin/keepalived -D
root       1571  0.5  0.3 131780  3104 ?        S    21:47   0:00 /usr/sbin/keepalived -D
root       1598  0.0  0.0 112676   984 pts/0    R+   21:47   0:00 grep --color=auto keep

7.Nginx服务会自动启动：

[root@weixing01 ~]# ps aux |grep nginx
root        900  0.0  0.1  45988  1284 ?        Ss   21:10   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody      913  0.0  0.4  48476  4184 ?        S    21:10   0:00 nginx: worker process
nobody      914  0.0  0.3  48476  3924 ?        S    21:10   0:00 nginx: worker process
root       1660  0.0  0.0 112676   984 pts/0    R+   21:48   0:00 grep --color=auto nginx
[root@weixing01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl):                            [  确定  ]
[root@weixing01 ~]# ps aux |grep nginx
root       1762  0.0  0.1  45988  1296 ?        Ss   21:48   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody     1766  0.0  0.4  48476  4200 ?        S    21:48   0:00 nginx: worker process
nobody     1767  0.0  0.3  48476  3940 ?        S    21:48   0:00 nginx: worker process
root       1775  0.0  0.0 112676   984 pts/0    R+   21:48   0:00 grep --color=auto nginx

8.关闭防火墙：

[root@weixing01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@weixing01 ~]# getenforce
Disabled

9.配置从上的配置文件：

[root@weixing01 ~]# vim /etc/keepalived/keepalived.conf 

global_defs {
   notification_email {
     aming@aminglinux.com
   }
   notification_email_from root@aminglinux.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_nginx {
    script "/usr/local/sbin/check_ng.sh"
    interval 3
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass aminglinux>com
    }
    virtual_ipaddress {
        192.168.188.100
    }
    track_script {
        chk_nginx
    }
}

10.写从上的检测脚本：

[root@weixing01 ~]# vim /usr/local/sbin/check_ng.sh

#时间变量，用于记录日志
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0，则启动nginx，并且再次检测nginx进程数量，
#如果还为0，说明nginx无法启动，此时需要关闭keepalived
if [ $n -eq "0" ]; then
        systemctl start nginx
        n2=`ps -C nginx --no-heading|wc -l`
        if [ $n2 -eq "0"  ]; then
                echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
                systemctl stop keepalived
        fi
fi

11.更改脚本权限：

[root@weixing01 ~]# chmod 755 !$
chmod 755 /usr/local/sbin/check_ng.sh

12.启动从上的服务：

[root@weixing01 ~]# systemctl start keepalived.service 
[root@weixing01 ~]# ps aux |grep keep
root       1476  0.0  0.1 120740  1408 ?        Ss   21:59   0:00 /usr/sbin/keepalived -D
root       1477  0.0  0.2 122812  2376 ?        S    21:59   0:00 /usr/sbin/keepalived -D
root       1478  0.0  0.2 122812  2392 ?        S    21:59   0:00 /usr/sbin/keepalived -D
root       1485  0.0  0.0 112676   980 pts/0    R+   21:59   0:00 grep --color=auto keep

13.主从ip地址默认访问的路径：

主

[root@weixing01 ~]# cat /data/wwwroot/default/index.html 

从

[root@weixing01 ~]# cat /usr/share/nginx/html/index.html 

14.测试高可用：

主上面增加防火墙规则

[root@weixing01 ~]# iptables -I OUTPUT -p vrrp -j DROP

测试后发现还可以继续访问，没有达到目的，删掉防火墙

[root@weixing01 ~]# iptables -F
[root@weixing01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 12 packets, 952 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 10 packets, 928 bytes)
 pkts bytes target     prot opt in     out     source               destination    

停止主上的keepalived服务：vip不在住上监听了

[root@weixing01 ~]# systemctl stop keepalived.service 
[root@weixing01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:ed:fb:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.188.130/24 brd 192.168.188.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
       valid_lft forever preferred_lft forever
    inet6 fe80::9835:40a7:677a:8a07/64 scope link 
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:ed:fb:f0 brd ff:ff:ff:ff:ff:ff

100已经在从上面监听了。

[root@weixing01 ~]# tail /var/log/messages
Apr  9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: VRRP_Instance(VI_1) Sending/queueing 
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr  9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
[root@weixing01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:ca:b5:ec brd ff:ff:ff:ff:ff:ff
    inet 192.168.188.132/24 brd 192.168.188.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
       valid_lft forever preferred_lft forever
    inet6 fe80::b378:2446:305f:e06c/64 scope link tentative 
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:ca:b5:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.188.129/24 brd 192.168.188.255 scope global dynamic ens37
       valid_lft 1200sec preferred_lft 1200sec
    inet 192.168.188.100/32 scope global ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::6b14:823d:f9c7:1cdc/64 scope link 
       valid_lft forever preferred_lft forever