环境:centos 6.4 64bit
应用:nginx
目的:keepalived可以让两台服务器处于主备关系,如果主的挂了,备的取得VIP(或者互为主备等关系,文字游戏不纠结),
以实现服务器的高可用。
关于恢复:
如果设置keepalived为主备模式,那么当主服务器恢复,VIP重新回到主服务器上,
那么就产生了多次切换的问题,所以这里我不采用主备,而是采用备备的模式。
但是备备模式,两台机的优先级不一样,还是会竞争,所以需要在优先级高的服务器上设置nopreempt(具体见下面的配置)。
两台服务器,备备模式,都运行着nginx:
nginx-1: 192.168.1.136
nginx-1: 192.168.1.150
VIP(虚拟IP):192.168.1.176
|
1
|
yum install -y gcc gcc-c++ popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel |
安装keepalived
|
1
2
3
4
5
6
|
wget http://www.keepalived.org/software/keepalived-1.2.13.tar.gztar zxvf keepalived-1.2.13.tar.gzcd keepalived-1.2.13./configure --prefix=/usr/local/keepalived makemake install |
keepalived开机启动,两个脚本(开机启动可以参考我另外的文章。)
vim setkeep_startup.sh
|
1
2
3
4
5
6
7
8
|
#!/bin/bashmkdir /opt/stachmod a+x /opt/sta/*echo -e "start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5
respawn
exec /opt/sta/keep_check.sh" > /etc/init/keep.confinitctl reload-configuration initctl list initctl start keep |
vim keep_check.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#!/bin/bash#check keepalivedwhile [ 1 ]doRun=$(ps aux|grep keep|grep -v "grep"|wc -l)echo Run=$Runif [ 0 == $Run ]then/usr/local/keepalived/sbin/keepalivedecho "start keepalived"elseecho "keepalived is runing"fisleep 3done |
nginx开机启动
同上,改改就行。如果连改都懒得改,请自行右上角。
nginx检测脚本(两台服务器都需要),如果发现Nginx进程不在了,则杀死keepalived进程:
|
1
2
3
4
5
6
7
8
|
#!/bin/bash run=`ps -C nginx --no-header |wc -l` if [ $run -eq 0 ];then killall keepalived echo "kill keepalived" >> /opt/keep.logelseecho "nginx alive" >> /opt/keep.logfi |
nginx-1配置,路径:/usr/local/keepalived/etc/keepalived/keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
vrrp_script check_nginx { script "/opt/sta/nginx_alive_check.sh" #nginx监控脚本 interval 2 #执行监控时间间隔 weight 2 #脚本结果导致的优先级变更:2表示优先级+2;-2表示优先级-2}global_defs { notification_email { root@localhost } notification_email_from root@local host smtp_server localhost smtp_connect_timeout 30 router_id NodeA}vrrp_instance VI_1 { state BACKUP #两台机都设置为BACKUP interface eth0 #绑定虚拟IP的网络接口 virtual_router_id 51 #VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组 priority 100 #竞争时节点的优先级(1-254之间) nopreempt #在优先级高的机器上设置,防止恢复时重新竞争 advert_int 3 #组播信息发送间隔,两个节点设置必须一样 authentication { #设置验证信息,两个节点必须一致 auth_type PASS auth_pass 1234 }track_script { check_nginx #监控服务定义 } virtual_ipaddress { #虚拟IP, 两个节点设置一样 192.168.1.176/24 }} |
nginx-2配置,路径:/usr/local/keepalived/etc/keepalived/keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
vrrp_script check_nginx { script "/opt/sta/nginx_alive_check.sh" #nginx监控脚本 interval 2 #执行监控时间间隔 weight 2 #脚本结果导致的优先级变更:2表示优先级+2;-2表示优先级-2}global_defs { notification_email { root@localhost } notification_email_from root@local host smtp_server localhost smtp_connect_timeout 30 router_id NodeA}vrrp_instance VI_1 { state BACKUP #两台机都设置为BACKUP interface eth1 #绑定虚拟IP的网络接口 virtual_router_id 51 #VRRP组名,两个节点的设置必须一样,以指明各个节点属于同一VRRP组 priority 99 #主节点的优先级(1-254之间),备用节点必须比主节点优先级低 advert_int 3 #组播信息发送间隔,两个节点设置必须一样 authentication { #设置验证信息,两个节点必须一致 auth_type PASS auth_pass 1234 }track_script { check_nginx #监控服务定义 } virtual_ipaddress { #虚拟IP, 两个节点设置一样 192.168.1.176/24 }} |
启动keepalived
cd /usr/local/keepalived/sbin/
./keepalived -f /usr/local/keepalived/etc/keepalived/keepalived.conf
-f为指定配置文件路径
启动之后在/var/log/messages中可以看到相关信息输出
输出ip addr可以查看网卡上绑定的ip,看看是不是VIP已经绑定到某一台机器的网卡了。
如果发现两台机都绑了,那么就是两台机无法正常通信,检查防火墙。
关于防火墙,据说这样设置可以让keepalived正常工作:
到/etc/sysconfig/iptables中添加一行
-A INPUT -m state --state NEW -m tcp -p tcp -d 224.0.0.0/8 -j ACCEPT
-A INPUT -i eth0 -p vrrp -j ACCEPT
但是我发现不设置,但是stop然后start,也可以正常工作。目前未解。