集羣介紹
keepalived介紹
用keepalived配置高可用集羣
1.兩臺機器都安裝軟件:
[root@weixing01 ~]# yum install -y keepalived
已加載插件:fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 7.8 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/3): extras/7/x86_64/primary_db | 185 kB 00:00:01
(2/3): epel/x86_64/updateinfo | 908 kB 00:00:03
(3/3): epel/x86_64/primary_db | 6.3 MB 00:00:07
2.使用nginx作爲測試:
[root@weixing01 ~]# yum install -y nginx
3.編輯主配置文件:
[root@weixing01 ~]# vim !$
vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected] #告警郵箱
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh" #檢查腳本
interval 3
}
vrrp_instance VI_1 {
state MASTER #主模塊
interface ens33
virtual_router_id 51 #id主從保持一致
priority 100 #權重不同
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com #認證密碼
}
virtual_ipaddress {
192.168.188.100 #vip地址
}
track_script {
chk_nginx
}
}
4.定義腳本:
[root@weixing01 ~]# vim /usr/local/sbin/check_ng.sh
#!/bin/bash
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx進程數量
n=`ps -C nginx --no-heading|wc -l`
#如果進程爲0,則啓動nginx,並且再次檢測nginx進程數量,
#如果還爲0,說明nginx無法啓動,此時需要關閉keepalived
if [ $n -eq "0" ]; then
/etc/init.d/nginx start
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
5.變更腳本權限:
[root@weixing01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
6.啓動服務並檢測:
[root@weixing01 ~]# systemctl start keepalived.service
[root@weixing01 ~]# ps aux |grep keep
root 1569 0.0 0.1 120740 1400 ? Ss 21:47 0:00 /usr/sbin/keepalived -D
root 1570 0.0 0.3 127476 3276 ? S 21:47 0:00 /usr/sbin/keepalived -D
root 1571 0.5 0.3 131780 3104 ? S 21:47 0:00 /usr/sbin/keepalived -D
root 1598 0.0 0.0 112676 984 pts/0 R+ 21:47 0:00 grep --color=auto keep
7.Nginx服務會自動啓動:
[root@weixing01 ~]# ps aux |grep nginx
root 900 0.0 0.1 45988 1284 ? Ss 21:10 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 913 0.0 0.4 48476 4184 ? S 21:10 0:00 nginx: worker process
nobody 914 0.0 0.3 48476 3924 ? S 21:10 0:00 nginx: worker process
root 1660 0.0 0.0 112676 984 pts/0 R+ 21:48 0:00 grep --color=auto nginx
[root@weixing01 ~]# /etc/init.d/nginx stop
Stopping nginx (via systemctl): [ 確定 ]
[root@weixing01 ~]# ps aux |grep nginx
root 1762 0.0 0.1 45988 1296 ? Ss 21:48 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 1766 0.0 0.4 48476 4200 ? S 21:48 0:00 nginx: worker process
nobody 1767 0.0 0.3 48476 3940 ? S 21:48 0:00 nginx: worker process
root 1775 0.0 0.0 112676 984 pts/0 R+ 21:48 0:00 grep --color=auto nginx
8.關閉防火牆:
[root@weixing01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@weixing01 ~]# getenforce
Disabled
9.配置從上的配置文件:
[root@weixing01 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/usr/local/sbin/check_ng.sh"
interval 3
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass aminglinux>com
}
virtual_ipaddress {
192.168.188.100
}
track_script {
chk_nginx
}
}
10.寫從上的檢測腳本:
[root@weixing01 ~]# vim /usr/local/sbin/check_ng.sh
#時間變量,用於記錄日誌
d=`date --date today +%Y%m%d_%H:%M:%S`
#計算nginx進程數量
n=`ps -C nginx --no-heading|wc -l`
#如果進程爲0,則啓動nginx,並且再次檢測nginx進程數量,
#如果還爲0,說明nginx無法啓動,此時需要關閉keepalived
if [ $n -eq "0" ]; then
systemctl start nginx
n2=`ps -C nginx --no-heading|wc -l`
if [ $n2 -eq "0" ]; then
echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
systemctl stop keepalived
fi
fi
11.更改腳本權限:
[root@weixing01 ~]# chmod 755 !$
chmod 755 /usr/local/sbin/check_ng.sh
12.啓動從上的服務:
[root@weixing01 ~]# systemctl start keepalived.service
[root@weixing01 ~]# ps aux |grep keep
root 1476 0.0 0.1 120740 1408 ? Ss 21:59 0:00 /usr/sbin/keepalived -D
root 1477 0.0 0.2 122812 2376 ? S 21:59 0:00 /usr/sbin/keepalived -D
root 1478 0.0 0.2 122812 2392 ? S 21:59 0:00 /usr/sbin/keepalived -D
root 1485 0.0 0.0 112676 980 pts/0 R+ 21:59 0:00 grep --color=auto keep
13.主從ip地址默認訪問的路徑:
主
[root@weixing01 ~]# cat /data/wwwroot/default/index.html
從
[root@weixing01 ~]# cat /usr/share/nginx/html/index.html
14.測試高可用:
主上面增加防火牆規則
[root@weixing01 ~]# iptables -I OUTPUT -p vrrp -j DROP
測試後發現還可以繼續訪問,沒有達到目的,刪掉防火牆
[root@weixing01 ~]# iptables -F
[root@weixing01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 12 packets, 952 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 928 bytes)
pkts bytes target prot opt in out source destination
停止主上的keepalived服務:vip不在住上監聽了
[root@weixing01 ~]# systemctl stop keepalived.service
[root@weixing01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ed:fb:e6 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.130/24 brd 192.168.188.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::9835:40a7:677a:8a07/64 scope link
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ed:fb:f0 brd ff:ff:ff:ff:ff:ff
100已經在從上面監聽了。
[root@weixing01 ~]# tail /var/log/messages
Apr 9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:13 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: VRRP_Instance(VI_1) Sending/queueing
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
Apr 9 22:43:18 weixing01 Keepalived_vrrp[8730]: Sending gratuitous ARP on ens37 for 1
[root@weixing01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:ca:b5:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.188.132/24 brd 192.168.188.255 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.188.150/24 brd 192.168.188.255 scope global secondary ens33:0
valid_lft forever preferred_lft forever
inet6 fe80::b378:2446:305f:e06c/64 scope link tentative
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ca:b5:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.188.129/24 brd 192.168.188.255 scope global dynamic ens37
valid_lft 1200sec preferred_lft 1200sec
inet 192.168.188.100/32 scope global ens37
valid_lft forever preferred_lft forever
inet6 fe80::6b14:823d:f9c7:1cdc/64 scope link
valid_lft forever preferred_lft forever