keepalived编译安装配置自启动
centos 安装keepalived1.3.5并配置nginx
centos 安装keepalived-1.3.5并配置nginx Keepalived是一个免费开源的,用C编写的类似于layer3, 4 & 7交换机制软件,具备我们平时说的第3层、第4层和第7层交换机的功能。
主要提供loadbalancing(负载均衡)和high-availability(高可用)功能,负载均衡实现需要依赖Linux的虚拟服务内核模块(ipvs),而高可用是通过VRRP协议实现多台机器之间的故障转移服务。
官网源码包下载地址(2017-07-31 Keepalived最新版keepalived-1.3.5.tar.gz):/download.html1.# service keepalived start错误如下Job for keepalived.service failed because a configured resource limit was exceeded. See "systemctl status keepalived.service" and "journalctl -xe" for details. Job for keepalived.service failed because a configured resource limit was exceeded. See "systemctl status keepalived.service" and "journalctl -xe" fordetails.查看错误1.# systemctl status keepalived.service我们可以看到日志,是写日志出了问题1.[root@zk-02 sbin]# systemctl status keepalived.service2.● keepalived.service - LVS and VRRP High Availability Monitor3. Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)4. Active: failed (Result: resources) since Fri 2017-08-04 15:32:31 CST; 4min 59s ago5. Process: 16764 ExecStart=/usr/local/program/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)6.7.Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.2]:13588.Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.3]:13589.Aug 04 15:32:25 zk-02 Keepalived_healthcheckers[16768]: Activating healthchecker for service [10.10.10.3]:135810.Aug 04 15:32:25 zk-02 Keepalived_vrrp[16769]: (VI_1): No VIP specified; at least one is required11.Aug 04 15:32:26 zk-02 Keepalived[16766]: Keepalived_vrrp exited with permanent error CONFIG. Terminating12.Aug 04 15:32:26 zk-02 Keepalived[16766]: Stopping13.Aug 04 15:32:31 zk-02 systemd[1]: keepalived.service never wrote its PID file. Failing. ##写日志出了问题14.Aug 04 15:32:31 zk-02 systemd[1]: Failed to start LVS and VRRP High Availability Monitor.15.Aug 04 15:32:31 zk-02 systemd[1]: Unit keepalived.service entered failed state.16.Aug 04 15:32:31 zk-02 systemd[1]: keepalived.service failed.17.[root@zk-02 sbin]# vi /var/run/keepalived.pid18.[root@zk-02 sbin]# vim /lib/systemd/system/keepalived.service19.[root@zk-02 sbin]# vim /lib/systemd/system/keepalived.service查看keepalived.service[html]view plain copy1.# vi /lib/systemd/system/keepalived.service内容如下[html]view plain copy1.[Unit]2.Description=LVS and VRRP High Availability Monitor3.After=syslog.target network-online.target4.5.[Service]6.Type=forking7.PIDFile=/usr/local/program/keepalived/var/run/keepalived.pid ##发现这个目录不存在,无法写入keepalived.pid8.KillMode=process9.EnvironmentFile=-/usr/local/program/keepalived/etc/sysconfig/keepalived10.ExecStart=/usr/local/program/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS11.ExecReload=/bin/kill -HUP $MAINPID12.13.[Install]14.WantedBy=multi-user.target问题见[html]view plain copy1.PIDFile=/usr/local/program/keepalived/var/run/keepalived.pid ##发现这个目录不存在,无法写入keepalived.pid修改成[html]view plain copy1.PIDFile=/var/run/keepalived.pid运行命令[html]view plain copy1.# systemctl daemon-reload #重新载入 systemd,扫描新的或有变动的单元在运行就Ok了[html]view plain copy1.service keepalived start2.Starting keepalived (via systemctl): [ OK ]。
HAPROXY+KEEPALIVED安装配置手册
HAPROXY+KEEPALIVED安装手册1安装包准备1.1 操作系统操作系统版本 REDFLAG DC5 SP4 32位1.2 HAPROXYHaproxy-1.4.181.3 KEEPALIVEDKeepalived-1.1.172操作系统安装略3HAPROXY安装3.1 安装#tar -zxvf haproxy-1.4.18.tar.gz#cd haproxy-1.4.18#make TARGET=linux26 PREFIX=/usr/local/haproxy#make install PREFIX=/usr/local/haproxy3.2 配置新建haproxy.cfg文件#vi /usr/local/haproxy/haproxy.cfg――――――――――――――――――――――――――――――globallog 127.0.0.1 local0maxconn 55555 #最大连接数chroot /usr/local/haproxy #安装目录uid 513 #用户haproxygid 513 #组haproxydaemon #守护进程运行nbproc 1 #进程数量pidfile /usr/local/haproxy/haproxy.pid #haproxy piddefaultslog globalmode http #7层http;4层tcpoption httplog #http 日志格式option httpclose #主动关闭http通道option redispatch #serverId对应的服务器挂掉后,强制定向到其他健康的服务器option dontlognullmaxconn 2000 #最大连接数contimeout 5000 #连接超时(毫秒)clitimeout 50000 #客户端超时(毫秒)srvtimeout 50000 #服务器超时(毫秒)#运输ETMS3.0应用frontend vs_SaaS #定义前端服务器(haproxy)bind 192.170.0.239:7001 #监听地址log globaldefault_backend pool_SaaS #指定后端服务器群#errorfile 502 /usr/local/haproxy/html/maintain.html#errorfile 503 /usr/local/haproxy/html/maintain.html#errorfile 504 /usr/local/haproxy/html/maintain.htmlbackend pool_SaaS #定义后端服务器群(web server/apache/nginx/iis..) mode httplog global#option forwardfor #后端服务器(apache/nginx/iis/*),从Http Header中获得客户端IP #balance roundrobin #负载均衡的方式,轮询方式balance leastconn #负载均衡的方式,最小连接cookie SESSION_COOKIE insert indirect nocache #插入serverid到cookie中,serverid 后面可以定义#option httpchk HEAD /check.html #用来做健康检查html文档server app155 192.170.0.155:7001 cookie server1 check rise 3 fall 3 weight 3server app156 192.170.0.156:7001 cookie server2 check rise 3 fall 3 weight 3server app160 192.170.0.160:7001 cookie server3 check rise 2 fall 3 weight 3#运输力展应用frontend vs_LiZhan #定义前端服务器(haproxy)bind 192.170.0.238:7002 #监听地址log globaldefault_backend pool_LiZhan #指定后端服务器群#errorfile 502 /usr/local/haproxy/html/maintain.html#errorfile 503 /usr/local/haproxy/html/maintain.html#errorfile 504 /usr/local/haproxy/html/maintain.htmlbackend pool_LiZhan #定义后端服务器群(web server/apache/nginx/iis..) mode httplog global#option forwardfor #后端服务器(apache/nginx/iis/*),从Http Header中获得客户端IP#balance roundrobin #负载均衡的方式,轮询方式balance leastconn #负载均衡的方式,最小连接cookie SESSION_COOKIE insert indirect nocache #插入serverid到cookie中,serverid 后面可以定义#option httpchk HEAD /check.html #用来做健康检查html文档server app143 192.170.0.143:7001 cookie server1 check rise 3 fall 3 weight 3server app144 192.170.0.144:7001 cookie server2 check rise 3 fall 3 weight 3server app146 192.170.0.146:7001 cookie server3 check rise 2 fall 3 weight 3server app147 192.170.0.147:7001 cookie server3 check rise 2 fall 3 weight 3#服务器定义:#cookie server1表示serverid为server1;#check inter 2000 是检测心跳频率(check 默认);#rise 3 表示3次正确认为服务器可用;#fall 3 表示3次失败认为服务器不可用;#weight 表示权重。
使用KeepAlived实现服务进程HA的安装配置
使用KeepAlived实现服务进程HA的安装配置使用HA方案的背景对于可以实现集群的服务,我们可以将同一功能的多个实例部署在不同的机器上,避免设备单点故障。
但是,有些系统级别的进程,却不允许运行多实例,例如一个普通的统计服务,这个服务的功能是主动轮询规则后进行统计。
在这种情况下,如果不进行规则适配改造,运行多个统计服务实例,那么,每个实例都将统计一遍数据,暂且不考虑对服务器的消耗,多个实例将产生多份数据,造成统计结果错误。
特别的,对于很多已经存在的服务进程,都无法实现多实例部署。
在这种情况下,这种服务只能是单进程的,如果这台机器由于硬件故障的话,服务将中断。
因此,有必要研究另外一种方案,实现服务进程的异地备份,在服务机器出现故障时,能够最快速的在另外一台备份机器上运行起来。
这种方案就属于冷备方案,也叫HA方案。
对于冷备方案,将不可避免的中断服务,但是,中断服务的时间长短是整个方案的关键,使用KeepAlived,配合增加进程的守护,将极大的缩短故障恢复时间。
故障的时长基本上等于服务进程的启动时长。
HA方案流程1.在主机和备机上安装好KeepAlived软件,服务对外使用虚拟IP。
2.在主机和备机上安装好能正常使用的程序。
3.在主机和备机上安装好进程监控程序,在主备机切换时,监控程序将服务启动起来。
4.实现主机和备机的程序同步功能,防止日常维护造成两边程序文件的不一致。
在本方案中,KeepAlived只提供主机的虚拟IP自动映射功能,不提供任何业务逻辑。
所有的业务逻辑都是通过自己编写的进程监控程序来实现,也就是说,监控程序一直在运行中,当发现虚拟IP切换后,将相关的服务进行启动或停止操作。
KeepAlived的安装配置KeepAlived的安装、启动、停止都是在root用户下,因此,本章节的所有操作都是在root用户下操作。
另外,本安装包都是针对linux x64机器,如果是其他操作系统,原理相同,但安装包要自行解决。
keepalived安装流程
keepalived安装流程CentOS6.5和CentOS7配置keepalived1.检查依赖包rpm -qa | grep opensslrpm -qa | grep poptrpm -qa | grep kernel如果没有需要用yum进行安装2. 安装keepalived软件包提示:安装前请确认路径–whit-kernel-dir=/usr/src/kernels/3.10.0-327.el7.x86_64或/usr/src/kernels/2.6.32-431.el6.x86_64如果没有此路径,请看下面的补充安装说明:法一:ln -s /usr/src/kernels/3.10.0-327.el7.x86_64 /usr/src/linux (CentOS7不需要这个连接)ln -s /usr/src/kernels/2.6.32-431.el6.x86_64 /usr/src/linux 做连接只是为了配合LVS如果只是切换,不需要做这个。
提示:安装时有可能会没有/usr/src/kernels/3.10.0-327.el7.x86_64,这是因为缺少kernel-devel-3.10.0-327.el7.el5软件包,此时需要提前通过yum install kernel-devel命令安装tar zxf keepalived-1.2.20.tar.gzcd keepalived-1.2.20./configuremakemake install错误1:一般6.4有这个错误checking for openssl/ssl.h ..noconfigure:error:OpemSSL is not properly installed on your system。
Can not include OpenSSL headers files.yum install openssl* -y错误2:checking for popGetContext in –lpopt …noconfigure:error:Popt libraries is rerequiredCentOS6.5安装效果图:CentOS7下面是keepalived configure低版本的正确结果:Keepalived versionKeepalived version:版本号Compiler :gccCompiler flags :-g –02Extra Lib : -lpopot –lssl –lcryptoUse IPVS Framwork :YES #LVS功能IPVS sync daemon support :YES #LVS功能Use VRRP Framework:YES #VRRP功能Use LineWatch :noUse Debug flags :no编译参数说明:./configure –help--with-kernel-dir 这是个很重要的参数,但这个参数不是要把keepalived 编译进内核,而是指定使用内核源码里面的头文件,就是include目录,如果使用LVS时才需要用到此参数,否则不需要。
keepalived的配置解析安装与爬坑
keepalived的配置解析安装与爬坑⽬录:⼀. 前情提要⼆. 官⽅配置说明三. 案例解析四. 其他配置⽅式收集五. 爬坑附1: 安装keepalived------------------------⼀. 前情提要以下试验以及说明是经过试验确定了的,准确!!另外,如果想知道每个参数的真正含义,建议看官⽹解决的问题:1,当⼀个节点(Linux设备)挂了,2个VIP都浮动到⼀个节点上2,当这个节点(Linux设备)好了,由于业务有⼀定的延时,所以还不想浮动IP⽴马漂移回来3,如果⼀个节点的业务(设备上运⾏的业务进程)完蛋了,需要⾃⼰主动交出VIP4,等⾃⼰节点的业务(设备上运⾏的业务进程)⼜好了,那么不能⽴马夺权,⽽是有⼀个过渡再夺权⼆. 官⽅配置说明概述:keepalived的具体实现原理这⾥就不做阐述,但是从其配置⽂件的⾓度⼤致将其⼯作模块分成两部分: 全局部分,和VRRP实例部分。
全局部分,顾名思义就是整体相关的配置;VRRP实例部分:⾸先,keepalived通过创建⼀个个VRRP实例来实现浮动IP的管理,⼀个VRRP实例可以看做是⼀个连接实例(使⽤VRRP协议);⼀个实例对应⼀个VIP,⼀台设备可以配置多个VRRP实例即参与多个VIP的抢占;然后,具有相同VRRP实例配置的⼀对设备,会因为实例匹配⽽成功配对;最后,通过协商得到谁是master谁是slave,以及谁来占有VIP。
1. 全局配置部分1. 预定义⼀个脚本以及脚本管理⽅式,之后⽤于VRRP实例引⽤vrrp_script <SCRIPT_NAME> {# 脚本的路径,或者直接就是脚本本⾝script <STRING>|<QUOTED-STRING># 间隔多长时间执⾏⼀次脚本interval <INTEGER>#脚本执⾏如果没有正确返回,则这段时间后就算超时,然后算作是failed了timeout <INTEGER># adjust priority by this weight, (default: 0).For description of reverse, see track_script.# 'weight 0 reverse' will cause the vrrp instance to be down when the script is up, and vice versa.weight <INTEGER:-253..253> [reverse]# required number of successes for OK transitionrise <INTEGER># required number of successes for KO transitionfall <INTEGER># 以哪个⽤户⾝份去执⾏脚本的⼈是谁user USERNAME [GROUPNAME]# 假设初始时脚本是执⾏失败的init_fail}2. VRRP实例部分# Ignore VRRP interface faults (default unset)dont_track_primary #表⽰的含义是,⼀旦接⼝有问题,则忽略之,否则keepalived的代码中对链路有做检查,发现链路down则进⼊fault状态,于是将放弃所有浮动ip# optional, monitor these as well. go to FAULT state if any of these go down if unweighted.# When a weight is specified in track_interface, instead of setting the vrrp instance to the FAULT state in case of failure, its priority will be# increased by the weight when the interface is up (for positive weights), or decreased by the weight's absolute value when the interface is down# (for negative weights), unless reverse is specified, in which case the direction of adjustment of the priority is reversed.# The weight must be comprised between -253 and +253 inclusive.0is the default behaviour which means that a failure implies a# FAULT state. The common practice is to use positive weights to count a limited number of good services so that the server with the highest count# becomes master. Negative weights are better to count unexpected failures among a high number of interfaces, as it will not saturate even with high# number of interfaces. Use reverse to increase priority if an interfaces is downtrack_interface {eth0eth1eth2 weight <-253..253> [reverse]...}# 1 to 255 used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket).virtual_router_id 51 #⽤来区分多VRRP实例?, 是指为⼀台设备配置多个实例,还是⼀个局域⽹中的多个实例? 貌似是后者,待确认preempt_delay 300 #表⽰的含义是,我当前是backup⾝份,但是我发现对⽅的master不如我,即优先级⽐我低,那么我不会⽴马去抢占,⽽是等五分钟后再去抢占关于weight,rise,fall的综合⽤法A positive weight means that <rise> successes will add <weight> to the priority of all VRRP instances which monitor it.On the opposite, a negative weight will be subtracted from the initial priority in case of <fall> failures解析:rise和正数的weight结合使⽤,如果rise次脚本执⾏都是成功的(返回0),则增加weight数量的优先级fall和负数的weight结合使⽤,如果是fall次脚本执⾏都是失败的(返回1),则减少|weight|数量的优先级其余的组合⽅式不起任何作⽤,即不会影响优先级的增减三. 案例解析节点1:简介:我是backup⾝份,但因为我的优先级⾼,所以是实际的掌权者,当我发现我节点上的业务已经挂了那么我就降低我的级别,让真正的master去掌权直到我的级别⼜上来了,我也不会⽴马夺权,⽽是等待⼀段时间后再夺权vrrp_script chkBackup {##检查进程是否存在,如果存在检查联通性,如果联通了。
如何利用shell开发keepalived启动脚本
如何利⽤shell开发keepalived启动脚本keepalived是什么?Keepalived软件起初是专为LVS负载均衡软件设计的,⽤来管理并监控LVS集群系统中各个服务节点的状态,后来⼜加⼊了可以实现⾼可⽤的VRRP功能。
因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的⾼可⽤解决⽅案软件。
Keepalived软件主要是通过VRRP协议实现⾼可⽤功能的。
VRRP是Virtual Router RedundancyProtocol(虚拟路由器冗余协议)的缩写,VRRP出现的⽬的就是为了解决静态路由单点故障问题的,它能够保证当个别节点宕机时,整个⽹络可以不间断地运⾏。
所以,Keepalived ⼀⽅⾯具有配置管理LVS的功能,同时还具有对LVS下⾯节点进⾏健康检查的功能,另⼀⽅⾯也可实现系统⽹络服务的⾼可⽤功能。
1.1 keepalived的相关的⽂件keepalived的执⾏命令:/data/apps/keepalived/sbin/keepalivedkeepalived的配置⽂件:/data/apps/keepalived/etc/keepalived/keepalived.confkeepalived的Pid⽂件:/data/apps/keepalived/run/keepalived.pid1.2 keepalived的启停⽌⽅式注意:不要去修改/data/apps/keepalived/etc/sysconfig/keepalived⽂件启动⽅式:keepalived -f 配置⽂件(绝对路径) -p PID⽂件(绝对路径)关闭⽅式:kill $( cat PID⽂件(绝对路径) )1.3 脚本内容注意:该脚本只能Linux的超级⽤户root才能启动,因为脚本中有进⾏限制#!/bin/bash## Define variablesRETVAL=0Conf="/data/apps/keepalived/etc/keepalived/keepalived.conf"Exce="/data/apps/keepalived/sbin/keepalived"Pid="/data/apps/keepalived/run/keepalived.pid"# Determine the user to executeif [ "$UID" -ne "$RETVAL" ];thenecho "Must be root to run scripts"exit 1fi# Load local functions library[ -f /etc/init.d/functions ] && source /etc/init.d/functions# Define functionsstart(){if [ ! -f "$Pid" ];then$Exce -f $Conf -p $Pid >/dev/null 2>&1RETVAL=$?if [ $RETVAL -eq 0 ];thenaction "Start keepalived service" /bin/trueelseaction "Start keepalived service" /bin/falsefielseecho "keepalived service is running"fireturn $RETVAL}stop(){if [ -f "$Pid" ];thenkill $(cat $Pid) >/dev/null 2>&1RETVAL=$?if [ $RETVAL -eq 0 ];thenaction "Stop keepalived service" /bin/trueelseaction "Stop keepalived service" /bin/falsefielseecho "keepalived service is not running"fireturn $RETVAL}status(){if [ -f "$Pid" ];thenecho "keepalived service is running"elseecho "keepalived service is not running"fireturn $RETVAL}# case local functionscase "$1" instart)startRETVAL=$?;;stop)stopRETVAL=$?;;status)statusRETVAL=$?;;restart)stopsleep 2startRETVAL=$?;;*)echo "USAGE:$0{status|start|stop|restart}"exit 1esac# Scripts return valuesexit $RETVAL总结到此这篇关于使⽤shell开发keepalived启动脚本的⽂章就介绍到这了,更多相关shell keepalived启动脚本内容请搜索以前的⽂章或继续浏览下⾯的相关⽂章希望⼤家以后多多⽀持!。
keepalived安装手册
keepalived安装文档1.安装环境su - rootyum -y install kernel-devel*yum -y install openssl-*yum -y install popt-develyum -y install lrzszyum -y install openssh-clientsyum -y install libnl libnl-devel popt2.安装keepalived2.1.上传keepalived安装文件1、cd /usr/local/src/2、mkdir keepalived3、cd keepalived/4、wget /software/keepalived-1.2.15.tar.gz或者rz 上传2.2.解压1、tar -xvf keepalived-1.2.15.tar.gz2、cd keepalived-1.2.152.3.安装keepalived1、cd keepalived2、执行配置命令./configure3、编译make4、安装make install5、拷贝执行文件cp /usr/local/sbin/keepalived /usr/sbin/6、将init.d文件拷贝到etc下,加入开机启动项cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived 7、将keepalived文件拷贝到etc下,加入网卡配置cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/8、创建keepalived文件夹mkdir -p /etc/keepalived9、将keepalived配置文件拷贝到etc下cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf 10、添加可执行权限chmod +x /etc/init.d/keepalived2.4.加入开机启动:chkconfig --add keepalivedchkconfig keepalived on3.配置日志文件1.将keepalived日志输出到local0:vi /etc/sysconfig/keepalivedKEEPALIVED_OPTIONS="-D -d -S 0"2.在/etc/rsyslog.conf里添加:local0.* /var/log/keepalived.log3.重新启动keepalived和rsyslog服务:service rsyslog restartservice keepalived restart4.打开防火墙的通讯地址iptables -A INPUT -d 224.0.0.18 -j ACCEPT/etc/rc.d/init.d/iptables save。
Keepalived原理及配置详解-选项参数详细
Keepalived原理及配置详解-选项参数详细接着上篇,既然做了mysql+keepalived就需要对这些有个了解,以至于有了知道可以从哪里着手及相关配置;本篇是在网易博客上看到的一篇,就记录并且copy了,请大家尊重原创作者,珍惜汗水劳动者;原url /blog/static/1007689 14201191762253640/keepalived的核心vrrp相关知识:/5675165/1179600什么是Keepalived呢,keepalived观其名可知,保持存活,在网络里面就是保持在线了,也就是所谓的高可用或热备,用来防止单点故障(单点故障是指一旦某一点出现故障就会导致整个系统架构的不可用)的发生,那说到keepalived时不得不说的一个协议就是VRRP协议,可以说这个协议就是keepalived实现的基础,那么首先我们来看看VRRP协议一,VRRP协议二,Keepalived原理Keepalived原理keepalived也是模块化设计,不同模块复杂不同的功能,下面是keepalived的组件core check vrrp libipfwc libipvs-2.4 libipvs-2.6core:是keepalived的核心,复杂主进程的启动和维护,全局配置文件的加载解析等check:负责healthchecker(健康检查),包括了各种健康检查方式,以及对应的配置的解析包括LVS的配置解析vrrp:VRRPD子进程,VRRPD子进程就是来实现VRRP协议的libipfwc:iptables(ipchains)库,配置LVS会用到libipvs*:配置LVS会用到注意,keepalived和LVS完全是两码事,只不过他们各负其责相互配合而已keepalived启动后会有三个进程父进程:内存管理,子进程管理等等子进程:VRRP子进程子进程:healthchecker子进程有图可知,两个子进程都被系统WatchDog看管,两个子进程各自复杂自己的事,healthchecker子进程复杂检查各自服务器的健康程度,例如HTTP,LVS等等,如果healthchecker子进程检查到MASTER上服务不可用了,就会通知本机上的兄弟VRRP子进程,让他删除通告,并且去掉虚拟IP,转换为BACKUP状态三,Keepalived配置文件详解keepalived配置详解keepalived有三类配置区域(姑且就叫区域吧),注意不是三种配置文件,是一个配置文件里面三种不同类别的配置区域全局配置(Global Configuration)VRRPD配置LVS配置一,全局配置全局配置又包括两个子配置:全局定义(global definition)静态路由配置(static ipaddress/routes)1,全局定义(global definition)配置范例全局配置解析global_defs全局配置标识,表面这个区域{}是全局配置表示keepalived在发生诸如切换操作时需要发送email通知,以及email发送给哪些邮件地址,邮件地址可以多个,每行一个****************************************表示发送通知邮件时邮件源地址是谁smtp_server 127.0.0.1表示发送email时使用的smtp服务器地址,这里可以用本地的sendmail来实现mtp_connect_timeout 30连接smtp连接超时时间router_id node1机器标识2,静态地址和路由配置范例这里实际上和系统里面命令配置IP地址和路由一样例如:192.168.1.1/24 brd + dev eth0 scope global 相当于: ip addr add 192.168.1.1/24 brd + dev eth0 scope global就是给eth0配置IP地址路由同理一般这个区域不需要配置这里实际上就是给服务器配置真实的IP地址和路由的,在复杂的环境下可能需要配置,一般不会用这个来配置,我们可以直接用vi /etc/sysconfig/network-script/ifcfg-eth1来配置,切记这里可不是VIP哦,不要搞混淆了,切记切记!二,VRRPD配置VRRPD配置包括三个类VRRP同步组(synchroization group)VRRP实例(VRRP Instance)VRRP脚本1,VRRP同步组(synchroization group)配置范例http和mysql是实例名和下面的实例名一致notify /path/to/notify.sh:smtp alter表示切换时给global defs中定义的邮件地址发送邮件通知2,VRRP实例(instance)配置范例state:state 指定instance(Initial)的初始状态,就是说在配置好后,这台服务器的初始状态就是这里指定的,但这里指定的不算,还是得要通过竞选通过优先级来确定,里如果这里设置为master,但如若他的优先级不及另外一台,那么这台在发送通告时,会发送自己的优先级,另外一台发现优先级不如自己的高,那么他会就回抢占为masterinterface:实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加的dont track primary:忽略VRRP的interface错误track interface:跟踪接口,设置额外的监控,里面任意一块网卡出现问题,都会进入故障(FAULT)状态,例如,用nginx做均衡器的时候,内网必须正常工作,如果内网出问题了,这个均衡器也就无法运作了,所以必须对内外网同时做健康检查mcast src ip:发送多播数据包时的源IP地址,这里注意了,这里实际上就是在那个地址上发送VRRP通告,这个非常重要,一定要选择稳定的网卡端口来发送,这里相当于heartbeat的心跳端口,如果没有设置那么就用默认的绑定的网卡的IP,也就是interface指定的IP地址garp master delay:在切换到master状态后,延迟进行免费的ARP(gratuitous ARP)请求virtual router id:这里设置VRID,这里非常重要,相同的VRID 为一个组,他将决定多播的MAC地址priority 100:设置本节点的优先级,优先级高的为masteradvert int:检查间隔,默认为1秒virtual ipaddress:这里设置的就是VIP,也就是虚拟IP地址,他随着state的变化而增加删除,当state为master的时候就添加,当state为backup的时候删除,这里主要是有优先级来决定的,和state设置的值没有多大关系,这里可以设置多个IP地址virtual routes:原理和virtual ipaddress一样,只不过这里是增加和删除路由lvs sync daemon interface:lvs syncd绑定的网卡authentication:这里设置认证auth type:认证方式,可以是PASS或AH两种认证方式auth pass:认证密码nopreempt:设置不抢占,这里只能设置在state为backup的节点上,而且这个节点的优先级必须别另外的高preempt delay:抢占延迟debug:debug级别notify master:和sync group这里设置的含义一样,可以单独设置,例如不同的实例通知不同的管理人员,http实例发给网站管理员,mysql的就发邮件给DBA3,VRRP脚本首先在vrrp_script区域定义脚本名字和脚本执行的间隔和脚本执行的优先级变更vrrp_script check_running {script"/usr/local/bin/check_running"interval 10 #脚本执行间隔weight 10 #脚本结果导致的优先级变更:10表示优先级+10;-10则表示优先级-10}然后在实例(vrrp_instance)里面引用,有点类似脚本里面的函数引用一样:先定义,后引用函数名track_script {check_running weight 20}注意:VRRP脚本(vrrp_script)和VRRP实例(vrrp_instance)属于同一个级别LVS配置如果你没有配置LVS+keepalived那么无需配置这段区域,里如果你用的是nginx来代替LVS,这无限配置这款,这里的LVS配置是专门为keepalived+LVS集成准备的。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Centos配置Keepalived 做双机热备切换分类:网站架构2009-07-25 13:53 7823人阅读评论(0) 收藏举报centosserverdelayauthenticationsnscompilerKeepalived系统环境:************************************************************两台服务器都装了CentOS-5.2-x86_64系统Virtual IP: 192.168.30.20Squid1+Real Server 1:网卡地址(eth0):192.168.30.12Squid2+Real Server 2:网卡地址(eth0):192.168.30.13************************************************************软件列表:keepalived/software/keepalived-1.1.17.tar.gzopenssl-develyum -y install openssl-devel***************************************************************配置:配置基于高可用keepalived,确定LVS使用DR模式1.安装配置keepalived1.1安装依赖软件如果系统为基本文本安装,需要安装一下软件# yum -y install ipvsadm# yum -y install kernel kernel-devel# reboot 重启系统切换内核# yum -y install openssl-devel ;安装keepalived依赖软件#ln -s /usr/src/kernels/`uname -r`-`uname -m`/ /usr/src/linux;建立内核链接,编译keepalived支持lvs时需要注意建立链接的内核名和当前运行的内核一致,否则导致安装失败#tar zxvf keepalived-1.1.17.tar.gz#cd keepalived-1.1.17#./configure --prefix=/usr --sysconf=/etcKeepalived configuration------------------------Keepalived version : 1.1.17Compiler : gccCompiler flags : -g -O2Extra Lib : -lpopt -lssl -lcryptoUse IPVS Framework : Yes ;注意编译时一定要支持lvsIPVS sync daemon support : YesUse VRRP Framework : YesUse LinkWatch : NoUse Debug flags : No#make#make install1.2编辑keepalived配置文件#Vi /etc/keepalived/keepalived.confglobal_defs {notification_email {test@}notification_email_from root@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_instance VI_1 {state MASTER #备份服务器上将MASTER改为BACKUPinterface eth0 # HA 监测网络接口virtual_router_id 51 #主、备机的virtual_router_id必须相同priority 100 #主、备机取不同的优先级,主机值较大,备份机值较小 advert_int 2 # VRRP Multicast 广播周期秒数authentication {auth_type PASS #VRRP 认证方式auth_pass 1111 #VRRP 口令字}virtual_ipaddress {192.168.30.20 # VRRP HA 虚拟地址如果有多个VIP,继续换行填写 }}virtual_server 192.168.30.20 80 {delay_loop 2 #每隔6秒查询realserver状态lb_algo rr #lvs 算法lb_kind DR #Direct Routepersistence_timeout 50 #同一IP 的连接60 秒内被分配到同一台realserverprotocol TCP #用TCP协议检查realserver状态real_server 192.168.30.12 80 {weight 3 #(权重)TCP_CHECK {connect_timeout 10 #(10秒无响应超时)nb_get_retry 3delay_before_retry 3connect_port 80}}real_server 192.168.30.13 80 {weight 3 #(权重)TCP_CHECK {connect_timeout 10 #(10秒无响应超时)nb_get_retry 3delay_before_retry 3connect_port 80}}}1.3BACKUP服务器同上配置,先安装lvs再按装keepalived,仍后配置/etc/keepalived/keepalived.conf,只需将红色标示的部分改一下即可.global_defs {notification_email {test@}notification_email_from root@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_instance VI_1 {state BACKUP #备份服务器上将MASTER改为BACKUPinterface eth0 # HA 监测网络接口virtual_router_id 51 #主、备机的virtual_router_id必须相同priority 99 #主、备机取不同的优先级,主机值较大,备份机值较小 advert_int 2 # VRRP Multicast 广播周期秒数authentication {auth_type PASS #VRRP 认证方式auth_pass 1111 #VRRP 口令字}virtual_ipaddress {192.168.30.20 # VRRP HA 虚拟地址}}virtual_server 192.168.30.20 80 {delay_loop 2 #每隔6秒查询realserver状态lb_algo rr #lvs 算法lb_kind DR #Direct Routepersistence_timeout 50 #同一IP 的连接60 秒内被分配到同一台realserver protocol TCP #用TCP协议检查realserver状态real_server 192.168.30.12 80 {weight 3 #(权重)TCP_CHECK {connect_timeout 10 #(10秒无响应超时)nb_get_retry 3delay_before_retry 3connect_port 80}}real_server 192.168.30.13 80 {weight 3 #(权重)TCP_CHECK {connect_timeout 10 #(10秒无响应超时)nb_get_retry 3delay_before_retry 3connect_port 80}}}2. 配置lvs客户端脚本[c-sharp]view plaincopyprint?1.#vi /usr/local/sbin/realserver.sh2. #!/bin/bash3. # description: Config realserver lo and apply noarp4. #Written by :NetSeek 5.6. SNS_VIP=192.168.30.207.8. . /etc/rc.d/init.d/functions9.10.case"$1"in11. start)12. ifconfig lo:0 $SNS_VIP netmask 255.255.255.255 broadcast $SNS_VIP13. /sbin/route add -host $SNS_VIP dev lo:014. echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore15. echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce16. echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore17. echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce18. sysctl -p >/dev/null 2>&119. echo "RealServer Start OK"20.21. ;;22. stop)23. ifconfig lo:0 down24. route del $SNS_VIP >/dev/null 2>&125. echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore26. echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce27. echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore28. echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce29. echo "RealServer Stoped"30. ;;31. *)32. echo "Usage: $0 {start|stop}"33. exit 134. esac35.36. exit 0或者采用secondary ip address方式配置# vi /etc/sysctl.confnet.ipv4.conf.lo.arp_ignore = 1net.ipv4.conf.lo.arp_announce = 2net.ipv4.conf.all.arp_ignore = 1net.ipv4.conf.all.arp_announce = 2#sysctl -p#ip addr add 192.168.30.20/32 dev lo#ip add list 查看是否绑定3. 启动lvs-dr脚本和realserver启本,在DR上可以查看LVS当前状态: #watch ipvsadm -ln4. 启动keepalived 服务#service httpd start#/etc/init.d/keepalived start查看keepalived的安装位置:# find / -name keepalived将keepalived作为服务添加到chkconfig中,并设置开机启动# chkconfig --add keepalived# chkconfig --level 35 keepalived on# chkconfig --list keepalivedkeepalived 0:关闭 1:关闭 2:关闭 3:启用 4:关闭 5:启用 6:关闭“各等级”包括2、3、4、5等级等级0表示:表示关机等级1表示:单用户模式等级2表示:无网络连接的多用户命令行模式等级3表示:有网络连接的多用户命令行模式等级4表示:不可用等级5表示:带图形界面的多用户模式等级6表示:重新启动5. 测试lvs服务是否正常5.1通过浏览器访问http://192.168.30.20是否正常多次刷新浏览器,在主LVS上看连接数变化5.2停止主LVS上的keepalived 看看备份keepalived是否正常接管服务注:realserver如果为windows主机的话需要安装microsoft loopback,设置IP为VIP确认之后搜索注册表,关键字"VIP"把搜到结果的每项里面的subnet mask都改成255.255.255.255然后重启即可。