目录
- 前言
- 安装keepalived软件
- 先查看keepalived的状态(先不启动,Keepalived很坑爹的)
- 复制配置文件
- 启动Keepalived
- keepalived配置文件说明
前言
环境:centos 7.9 keeplived官网:/
Keepalived是一款用于服务高可用的软件,主要用于企业服务的高可用。
高可用(原理、安装、启动、单实例配置、双实例双主配置实战篇)
安装keepalived软件
下面采用源码包编译安装的方式在两台服务器(LB01、LB02)上安装keepalived软件:
wget /software/keepalived-2.2.
tar -zxvf keepalived-2.2.
yum install curl gcc openssl-devel libnl3-devel net-snmp-devel
cd keepalived-2.2.7/
./configure --prefix=/usr/local/keepalived/
echo $?
make -j 8
echo $?
make install
#如果觉得源码安装太麻烦,也可以直接yum install keepalived 安装keepalived 软件
# yum 安装的Keepalived配置文件在/etc/keepalived目录下
先查看keepalived的状态(先不启动,Keepalived很坑爹的)
systemctl status #源码编译安装默认就使用了systemctl进行管理
#查看服务的状态
[root@node1 keepalived]# systemctl status
- LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:keepalived(8)
man:(5)
man:genhash(1)
#先别启动keepalived,因为还需要将配置文件移动到对应的目录并修改配置文件,否则Keepalived启动不起来的。这一点Keepalived太坑了。
#查看启动服务的文件
[root@node1 keepalived]# cat /usr/lib/systemd/system/
[Unit]
Description=LVS and VRRP High Availability Monitor
After=
Wants=
Documentation=man:keepalived(8)
Documentation=man:(5)
Documentation=man:genhash(1)
Documentation=
[Service]
Type=forking
PIDFile=/run/
KillMode=process
EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived #这个是环境变量的配置文件
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS #启动命令
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=
[root@node1 keepalived]#
#从上面的文件我们可以看得出来,Keepalived使用/usr/local/keepalived/sbin/keepalived命令启动,并指定
#了$KEEPALIVED_OPTIONS参数,而这个参数是在环境变量的配置文件/usr/local/keepalived/etc/sysconfig/keepalived里定义的
#我们查看一下这个环境变量配置文件
[root@node1 keepalived]# cat /usr/local/keepalived/etc/sysconfig/keepalived
# Options for keepalived. See `keepalived --help' output and keepalived(8) and
# (5) man pages for a list of all options. Here are the most
# common ones :
#
# --vrrp -P Only run with VRRP subsystem.
# --check -C Only run with Health-checker subsystem.
# --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop.
# --dont-release-ipvs -I Dont remove IPVS topology on daemon stop.
# --dump-conf -d Dump the configuration data.
# --log-detail -D Detailed log messages.
# --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON)
#
KEEPALIVED_OPTIONS="-D" #只有这一行
[root@node1 keepalived]#
#查看一下/usr/local/keepalived/sbin/keepalived这个命令的使用帮助
#从下面的使用帮助我们可以看的出来,keepalived命令启动时的默认配置文件使用了
# '/usr/local/etc/keepalived/' or '/etc/keepalived/'
[root@node1 keepalived]# /usr/local/keepalived/sbin/keepalived --help
Usage: /usr/local/keepalived/sbin/keepalived [OPTION...]
-f, --use-file=FILE Use the specified configuration file
default '/usr/local/etc/keepalived/'
or '/etc/keepalived/'
-P, --vrrp Only run with VRRP subsystem
-C, --check Only run with Health-checker subsystem
--all Force all child processes to run, even if have no configuration
-l, --log-console Log messages to local console
-D, --log-detail Detailed log messages
-S, --log-facility=([0-7]|local[0-7]|user|daemon)
Set syslog facility to LOG_LOCAL[0-7], user or daemon (default)
-G, --no-syslog Don't log via syslog
-u, --umask=MASK umask for file creation (in numeric form)
-X, --release-vips Drop VIP on transition from signal.
-V, --dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop
-I, --dont-release-ipvs Don't remove IPVS topology on daemon stop
-R, --dont-respawn Don't respawn child processes
-n, --dont-fork Don't fork the daemon process
-d, --dump-conf Dump the configuration data
-p, --pid=FILE Use specified pidfile for parent process
-r, --vrrp_pid=FILE Use specified pidfile for VRRP child process
-T, --genhash Enter into genhash utility mode (this should be the first option used).
-c, --checkers_pid=FILE Use specified pidfile for checkers child process
-a, --address-monitoring Report all address additions/deletions notified via netlink
-s, --namespace=NAME Run in network namespace NAME (overrides config)
-m, --core-dump Produce core dump if terminate abnormally
-M, --core-dump-pattern=PATN Also set /proc/sys/kernel/core_pattern to PATN (default 'core')
-e, --all-config Error if any configuration file missing (same as includet)
-i, --config-id id Skip any configuration lines beginning '@' that don't match id
or any lines beginning @^ that do match.
The config-id defaults to the node name if option not used
--signum=SIGFUNC Return signal number for STOP, RELOAD, DATA, STATS, STATS_CLEAR
-t, --config-test[=LOG_FILE] Check the configuration for obvious errors, output to
stderr by default
-v, --version Display the version number
-h, --help Display this help message
[root@node1 keepalived]#
复制配置文件
#我们发现根本没有'/usr/local/etc/keepalived/' or '/etc/keepalived/'这两个配
# 置文件,甚至连对应的目录都没有,这一点keepalive做的不太好
# 方法一、手动创建目录并建立软链接
[root@node1 keepalived]# pwd
/usr/local/keepalived/etc/keepalived
[root@node1 keepalived]# ll #发现当前源码安装的目录下有个样例配置文件
total 8
-rw-r--r-- 1 root root 3550 Oct 12 21:56
drwxr-xr-x 2 root root 4096 Oct 12 21:56 samples
[root@node1 keepalived]# cp #复制一下
#下面两种建立软链接的方式任选一种,建议选择第二种
#1、创建目录
mkdir /etc/keepalived
#对配置文件建立软链接
ln -s /usr/local/keepalived/etc/keepalived/ /etc/keepalived/
#2、直接对目录建立软链接(建议采用这样)
ln -s /usr/local/keepalived/etc/keepalived /etc/keepalived
# 方法二、环境变量配置文件指定配置文件
#可以不使用系统默认的配置文件路径,需要在`/usr/local/keepalived/etc/sysconfig/keepalived`修改参数:
`KEEPALIVED_OPTIONS="-f /usr/local/keepalived/etc/keepalived/ -D"` #-f就是指定配置文件
启动Keepalived
到这里,仍需检查一下keepalived的配置文件/usr/local/keepalived/etc/keepalived/ 参数,因为里面有个vip绑定的网卡,这个网卡写的不对,Keepalive启动仍会是失败。
vim /etc/keepalived/
interface ens33 #vip绑定的网卡名称,填写你的网卡名称
systemctl daemon-reload #重载
systemctl stop
systemctl start #启动keepalived
systemctl status #keepalived状态正常
#到这里,keepalived已经正常启动了,但是加载的配置文件内容是官网给的样例,我们仍需要修改配置文件内容
keepalived配置文件说明
根据官网/介绍,Keepalived配置文件可以分为4个部分,每部分都对应特定的功能:
GLOBAL configuration: 全局设置
BFD configuration:BFD(双向转发检测机制)设置
VRRPD configuration:对VRRP(虚拟路由冗余协议)设置
LVS configuration:LVS(Linux虚拟服务)设置
#我们主要是对VRRPD这换功能进行配置
vim /usr/local/keepalived/etc/keepalived/
! Configuration File for keepalived
global_defs { #全局定义部分,对全局生效
notification_email { #定义警报时发送的邮箱,一行一个,可选配置
acassen@
failover@
sysadmin@
}
notification_email_from @ #定义发件人的地址,可选配置
smtp_server 192.168.200.1 #指定发送邮件的SMTP服务器,可选
smtp_connect_timeout 30 #连接SMTP的超时时间,可选
router_id LVS_DEVEL #keepalived服务器的路由标识,用于标识机器的,默认是hostname
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
} #以上可选的配置可以不配置,企业中会让zabbix来监控
#下面这段就是配置VRRPD功能模块的
vrrp_instance VI_1 { #实例配置,VI_1是实例名字,可以自定义,master实例和backup实例名必须相同
state MASTER #表示VI_1的角色,角色只有两种:master和backup
interface eth0 #指定网卡,即vip要与哪块网卡进行绑定
virtual_router_id 51 #虚拟路由标识id,用于区分VRRPD的多个实例,从1到255的任意数字都可以,该参数在整个配置文件中必须唯一,同时master和backup该标识必须相同,用于表示他两是一组
priority 100 #优先级,数字越大表示优先级越高,同一个实例里master的优先级必须比backup的优先级高
advert_int 1 #master和backup通信心跳时间间隔,默认就是1秒发送心跳包
authentication { #mater和backup的通信认证方式
auth_type PASS #认证方式有两种PASS和AH,官方建议PASS
auth_pass 1111 #认证密码,同一个实例中,认证方式和密码必须相同,这个mater和backup才能通信
}
virtual_ipaddress { #虚拟IP即vip,一般配置一个即可
192.168.200.16
}
}
#LVS功能模块的配置,我们暂时用不到lvs配置
virtual_server 192.168.200.100 443 { #LVS相关的虚拟主机配置,暂时不用管
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.2 1358 { #LVS相关的虚拟主机配置,暂时不用管
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
sorry_server 192.168.200.200 1358
real_server 192.168.200.2 1358 {
weight 1
HTTP_GET {
url {
path /testurl/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}
virtual_server 10.10.10.3 1358 { #LVS相关的虚拟主机配置,暂时不用管
delay_loop 3
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
real_server 192.168.200.4 1358 {
weight 1
HTTP_GET {
url {
path /testurl/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.200.5 1358 { #LVS相关的虚拟主机配置,暂时不用管
weight 1
HTTP_GET {
url {
path /testurl/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/
digest 640205b7b0fc66c1ea91c463fac6334d
}
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}