环境
keepalived 版本: keepalived-2.2.7 操作系统: cenos7 安装方式: 源码编译安装
环境安装
#安装包下载
wget https://keepalived.org/software/keepalived-2.2.7.tar.gz
#安装编译源码所需依赖
yum -y install gcc openssl-devel libnfnetlink-devel libnl libnl-devel popt-devel gcc make
# 解压至 /usr/local/ 目录下
tar -zxvf keepalived-2.2.7.tar.gz -C /usr/local/
# 进入源码包
cd /usr/local/keepalived-2.2.7/
# 编译安装,-j 后面的参数是CPU核心数,根据自己机器的CPU核心数指定
./configure && make -j 4 && make install
#查找所有keepalived 文件位置
find / -name keepalived
/etc/selinux/targeted/active/modules/100/keepalived
/etc/sysconfig/keepalived
/etc/rc.d/init.d/keepalived
/etc/keepalived
/usr/sbin/keepalived
/usr/local/etc/keepalived
/usr/local/etc/sysconfig/keepalived
/usr/local/sbin/keepalived
/usr/local/share/doc/keepalived
/usr/local/keepalived-2.2.7/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/sysconfig/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/openrc/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/init.d/keepalived
/usr/local/keepalived-2.2.7/keepalived/keepalived
/usr/local/keepalived-2.2.7/bin/keepalived
# 把 keepalived的启动文件复制到init.d下,加入开机启动项
cp /usr/local/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
# 复制启动服务至 /etc/sysconfig/
cp -r cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#把 keepalived 加入系统命令目录
cp /usr/local/sbin/keepalived /usr/sbin/
# 创建 keepalived 配置文件夹
mkdir /etc/keepalivedkeepalived 配置
1、检测脚本
cat << \EOF > /etc/keepalived/check.sh
#!/bin/sh
num=`ps -ef | grep test.jar | grep -v grep | wc -l`
# $? -ne 不存在 0 $? -eq 0 存在
if [ $num -eq 0 ]
then
systemctl stop keepalived
fi
EOF检测java程序进程是否存在,如果不清楚有哪些 java 进程可以使用下面命令获取
ps - ef | grep java2、设置脚本权限
chmod 744 /etc/keepalived/check.sh3、keepalived.conf 配置(主从节点都需要配置)
ps -ef | grep java
```bash
cat <<\EOF >/etc/keepalived/keepalived.conf
# 全局参数
global_defs {
# 脚本执行用户
script_user root
enable_script_security
}
# 健康检查脚本,检查Haproxy状态,脚本返回0正常,返回非0失败,失败后节点降级 weight -15
# 名字自定义
vrrp_script maint-checkHaproxy {
script "/etc/keepalived/check.sh"
interval 3 # 检查间隔3秒
weight -15 # 降低本节点权重
fall 2 # 2次失败算失败
rise 2 # 2次成功算成功
timeout 2 # 超时
}
# 实例1,名字自定义
vrrp_instance Vs_1 {
state BACKUP # 定义节点主/备,主MASTER,备BACKUP,这里2个节点均为BACKUP
interface ens192 # 服务IP绑定的网卡
virtual_router_id 45 # 集群号,所有节点需要相同
priority 100 # 权重,weight -15 降低权重值,2个节点权重一致,降低权重后会发生切换
advert_int 1 # 检测间隔
# 抢占模式,(nopreempt非抢占模式),配置为抢占模式时,当节点权重降低时,另外一个高权重节点会抢占服务,发生切换;
# 如果为非抢占模式,上面配置的检查脚本在检查到服务失败后,降低权重,但是不会发生切换。
!nopreempt
authentication {
auth_type PASS
auth_pass 1718 # 各节点密码一致
}
#开启邮件通知
smtp_alert
# 单播模式
# keepalived在组播模式下所有的信息都会向224.0.0.18的组播地址发送,产生众多的无用信息,并且会产生干扰和冲突,所以需要改为单播。
# 这是一种安全的方法,避免局域网内有大量的keepalived造成虚拟路由id的冲突。
# 单薄模式需要关闭vrrp_strict,严格遵守vrrp协议这个选项
# 需要在VIP实例配置段加入单播的源地址和目标地址
# 在全局配置中global_defs那一段,不能配置vrrp_strict参数,如果有需注释。
# 否则会因为不是组播而无法启动keepalived
unicast_src_ip 192.168.46.56 # 本端,源地址
unicast_peer {
192.168.46.55 # 对端,目标地址
}
# 虚拟IP
virtual_ipaddress {
192.168.46.77
}
track_script {
maint-checkHaproxy # 健康检查脚本,与上面同名;如果不配置也可以,就不检查状态。
}
track_interface {
ens192 # 检查网卡健康
}
# 邮箱通知配置
notify_master "/usr/bin/sudo /etc/keepalived/notify.sh master"
notify_backup "/usr/bin/sudo /etc/keepalived/notify.sh backup"
notify_fault "/usr/bin/sudo /etc/keepalived/notify.sh fault"
}
EOF需要修改的地方
- unicast_src_ip: 本机,源地址
- unicast_peer: 对端,目标地址
- unicast_peer: 服务IP地址 ens192 为网卡名称
- track_interface: 检查网卡健康
- vrrp_instance Vs_1.interface: 服务IP绑定的网卡
- vrrp_instance Vs_1.state MASTER或者BACKUP
4、防火墙配置
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --protocol vrrp -j ACCEPT
firewall-cmd --reload5、安装邮件推送服务
yum install -y mailx5.1、设置邮箱参数
vim /etc/mail.rc
# 添加如下参数
# 发件人邮箱
set [email protected]
# 邮箱服务器
set smtp=smtp.163.com
# 发件人邮箱账号
set [email protected]
# 发件人邮箱授权码
set smtp-auth-password=DFXCFXXX5.2、测试邮件发送是否成功
echo "邮件内容1" | mail -s "邮件主11题" [email protected]5.3、邮件发送脚本
:red_circle: 修改 contact 收件人邮箱
cat << \EOF > /etc/keepalived/notify.sh
#收件人邮箱
contact='[email protected]'
#ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
EOF5.4 修改脚本权限
chmod 777 /etc/keepalived/notify.sh6、重启keepalived 服务
systemctl restart keepalived
systemctl start keepalived
systemctl stop keepalived
systemctl status keepalived7、检查虚拟IP是否正常运行
ens192 为虚拟IP设置的网卡名称
[root@curry keepalived]# ip addr | grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.16.12/24 brd 192.138.16.255 scope global noprefixroute ens192
inet 192.168.46.19/24 scope global secondary ens192inet 192.168.46.19/24 scope global secondary ens192 为我们设置的虚拟IP
8、测试高可用
停止java服务看虚拟IP是否会切换到另一台机器
通过 ip addr | grep ens192 判断是否切换成功,如果本机是主节点则存在两个IP如下
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.16.12/24 brd 192.138.16.255 scope global noprefixroute ens192
inet 192.168.46.19/24 scope global secondary ens192