环境:centos 6.4 64bit
应用:nginx
目的:keepalived可以让两台服务器处于主备关系,如果主的挂了,备的取得VIP(或者互为主备等关系,文字游戏不纠结),
以实现服务器的高可用。
关于恢复:
如果设置keepalived为主备模式,那么当主服务器恢复,VIP重新回到主服务器上,
那么就产生了多次切换的问题,所以这里我不采用主备,而是采用备备的模式。
但是备备模式,两台机的优先级不一样,还是会竞争,所以需要在优先级高的服务器上设置nopreempt(具体见下面的配置)。
两台服务器,备备模式,都运行着nginx:
nginx-1: 192.168.1.136
nginx-1: 192.168.1.150
VIP(虚拟IP):192.168.1.176
|
1
|
yum install -y gcc gcc-c++ popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel
|
安装keepalived
|
1
2
3
4
5
6
|
wget http:
//www.keepalived.org/software/keepalived-1.2.13.tar.gz
tar zxvf keepalived-
1.2
.
13
.tar.gz
cd keepalived-
1.2
.
13
./configure --prefix=/usr/local/keepalived
make
make install
|
keepalived开机启动,两个脚本(开机启动可以参考我另外的文章。)
vim setkeep_startup.sh
|
1
2
3
4
5
6
7
8
|
#!/bin/bash
mkdir /opt/sta
chmod a+x /opt/sta/*
echo -e
"start on runlevel 2\nstart on runlevel 3\nstart on runlevel 4\nstart on runlevel 5\nrespawn\nexec /opt/sta/keep_check.sh"
> /etc/init/keep.conf
initctl reload-configuration
initctl list
initctl start keep
|
vim keep_check.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#!/bin/bash
#check keepalived
while
[
1
]
do
Run=$(ps aux|grep keep|grep -v
"grep"
|wc -l)
echo Run=$Run
if
[
0
== $Run ]
then
/usr/local/keepalived/sbin/keepalived
echo
"start keepalived"
else
echo
"keepalived is runing"
fi
sleep
3
done
|
nginx开机启动
同上,改改就行。如果连改都懒得改,请自行右上角。
nginx检测脚本(两台服务器都需要),如果发现Nginx进程不在了,则杀死keepalived进程:
|
1
2
3
4
5
6
7
8
|
#!/bin/bash
run=`ps -C nginx --no-header |wc -l`
if
[ $run -eq
0
];then
killall keepalived
echo
"kill keepalived"
>> /opt/keep.log
else
echo
"nginx alive"
>> /opt/keep.log
fi
|
nginx-1配置,路径:/usr/local/keepalived/etc/keepalived/keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
vrrp_script check_nginx {
script
"/opt/sta/nginx_alive_check.sh"
#nginx监控脚本
interval
2
#执行监控时间间隔
weight
2
#脚本结果导致的优先级变更:
2
表示优先级+
2
;-
2
表示优先级-
2
}
global_defs {
notification_email {
root@localhost
}
notification_email_from root@local host
smtp_server localhost
smtp_connect_timeout
30
router_id NodeA
}
vrrp_instance VI_1 {
state BACKUP #两台机都设置为BACKUP
interface
eth0 #绑定虚拟IP的网络接口
virtual_router_id
51
#VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组
priority
100
#竞争时节点的优先级(
1
-
254
之间)
nopreempt #在优先级高的机器上设置,防止恢复时重新竞争
advert_int
3
#组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass
1234
}
track_script {
check_nginx #监控服务定义
}
virtual_ipaddress { #虚拟IP, 两个节点设置一样
192.168
.
1.176
/
24
}
}
|
nginx-2配置,路径:/usr/local/keepalived/etc/keepalived/keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
vrrp_script check_nginx {
script
"/opt/sta/nginx_alive_check.sh"
#nginx监控脚本
interval
2
#执行监控时间间隔
weight
2
#脚本结果导致的优先级变更:
2
表示优先级+
2
;-
2
表示优先级-
2
}
global_defs {
notification_email {
root@localhost
}
notification_email_from root@local host
smtp_server localhost
smtp_connect_timeout
30
router_id NodeA
}
vrrp_instance VI_1 {
state BACKUP #两台机都设置为BACKUP
interface
eth1 #绑定虚拟IP的网络接口
virtual_router_id
51
#VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组
priority
99
#主节点的优先级(
1
-
254
之间),备用节点必须比主节点优先级低
advert_int
3
#组播信息发送间隔,两个节点设置必须一样
authentication { #设置验证信息,两个节点必须一致
auth_type PASS
auth_pass
1234
}
track_script {
check_nginx #监控服务定义
}
virtual_ipaddress { #虚拟IP, 两个节点设置一样
192.168
.
1.176
/
24
}
}
|
启动keepalived
cd /usr/local/keepalived/sbin/
./keepalived -f /usr/local/keepalived/etc/keepalived/keepalived.conf
-f为指定配置文件路径
启动之后在/var/log/messages中可以看到相关信息输出
输出ip addr可以查看网卡上绑定的ip,看看是不是VIP已经绑定到某一台机器的网卡了。
如果发现两台机都绑了,那么就是两台机无法正常通信,检查防火墙。
关于防火墙,据说这样设置可以让keepalived正常工作:
到/etc/sysconfig/iptables中添加一行
-A INPUT -m state --state NEW -m tcp -p tcp -d 224.0.0.0/8 -j ACCEPT
-A INPUT -i eth0 -p vrrp -j ACCEPT
但是我发现不设置,但是stop然后start,也可以正常工作。目前未解。