keepalived部署
master:192.168.100.10
slave: 192.168.100.40
直接将nginx作为后端web站点
一、Master主节点和slave备份节点:
1、关闭防火墙和selinux(略)
2、配置网络源--阿里源centos7和epel源
powershell
[root@stw ~]# cd /etc/yum.repos.d/
[root@stw yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo
[root@stw yum.repos.d]# rm -rf *
[root@stw yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@stw yum.repos.d]# yum -y install epel-release
[root@stw ~]# cd /etc/yum.repos.d/
[root@stw yum.repos.d]# ls
CentOS-Base.repo epel.repo epel-testing.repo3、安装一下常用命令
powershell
yum -y install vim wget gcc gcc-c++4、安装keepalived和nginx
powershell
[root@stw ~]# yum -y install nginx keepalived
[root@stw ~]# systemctl restart nginx.service
[root@stw ~]# systemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@stw ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:6000 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::6000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::* 5、在nginx中添加测试网页
powershell
[root@stw ~]# cd /usr/share/nginx/html
[root@stw html]# ls
404.html en-US img nginx-logo.png
50x.html icons index.html poweredby.png
[root@stw html]# echo "master node" > index.html
[root@stw4 ~]# cd /usr/share/nginx/html/
[root@stw4 html]# echo "slave node" > index.html
二、配置主keepalived
1、先将主机名称更改(10网段为master,40网段为slave)
powershell
[root@stw ~]# hostnamectl set-hostname master.example.com
[root@stw ~]# bash
[root@master ~]#
[root@stw4 html]# echo "slave node" > index.html
[root@stw4 html]# hostnamectl set-hostname slave.example.com
[root@stw4 html]# bash
[root@slave html]# 2、更改配置文件之前先备份
powershell
[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# cp keepalived.conf keepalived.conf.bak
[root@master keepalived]# ls
keepalived.conf keepalived.conf.bak3、更改配置文件
powershell
[root@master keepalived]# vim keepalived.conf
[root@master keepalived]# systemctl restart keepalived.service
[root@master keepalived]# systemctl enable keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
powershell
! Configuration File for keepalived
global_defs {
router_id stw01
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.150
}
}
virtual_server 192.168.100.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.40 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}三、在slave节点配置备份keepalived
powershell
[root@slave ~]# cd /etc/keepalived/
[root@slave keepalived]# ls
keepalived.conf
[root@slave keepalived]# cp keepalived.conf keepalived.conf.bak
[root@slave keepalived]# scp root@192.168.100.10:/etc/keepalived/keepalived.conf .
The authenticity of host '192.168.100.10 (192.168.100.10)' can't be established.
ECDSA key fingerprint is SHA256:R7/1dpul7cu8SnefsN2wQw5hKDL+xekk0ffasLS6OGI.
ECDSA key fingerprint is MD5:81:88:a1:16:52:83:c0:d5:59:ad:2b:3a:d5:52:02:bc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.10' (ECDSA) to the list of known hosts.
root@192.168.100.10's password:
keepalived.conf 100% 846 616.4KB/s 00:00
[root@slave keepalived]# ls
keepalived.conf keepalived.conf.bak
[root@slave keepalived]# vim keepalived.conf
[root@slave keepalived]# systemctl restart keepalived.service
[root@slave keepalived]# systemctl enable keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
powershell
! Configuration File for keepalived
global_defs {
router_id stw02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.150
}
}
virtual_server 192.168.100.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.40 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}四、查看IP(此时主keepalived工作)
主keepalived中能查看到虚拟IP
powershell
[root@master keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:b9:a3:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.100.150/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::3233:2f91:158e:95c2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:07:f1:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:07:f1:30 brd ff:ff:ff:ff:ff:ffslave节点中查看不到
powershell
[root@slave keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:85:55:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::9510:d8d7:5d52:d7b3/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::2850:4f7d:bcdd:ccb3/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::a087:fe31:95a7:535/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:07:f1:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:07:f1:30 brd ff:ff:ff:ff:ff:ff五、修改内核参数,开启侦听VIP功能(此步可做可不做,该功能可用于仅监听VIP)
powershell
[root@master ~]# vim /etc/sysctl.conf
[root@master ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@slave ~]# vim /etc/sysctl.conf
[root@slave ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1此时客户端去访问192,。168.100.150时,访问不到网页,因为master和slave中的nginx都处于开启阶段,客户端不知道找谁
将slave中的nginx停掉(systemctl stop nginx)
六、让keepalived监控nginx负载均衡(master节点损坏时,自动切换slave节点)
手动修改时:
master:
root@master \~\]# systemctl stop nginx
\[root@master \~\]# systemctl stop keepalived.service
slave:
\[root@slave \~\]# systemctl restart nginx
\[root@slave \~\]# systemctl restart keepalived.service
##### 1、在master上编写脚本
```powershell
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vim check.sh
[root@master scripts]# chmod +x check.sh
[root@master scripts]# vim notify.sh
[root@master scripts]# chmod +x notify.sh
```
##### check.sh:
```powershell
#!/bin/bash
nginx_status=`ps -ef | grep -v "grep" | grep "nginx" | wc -l`
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
```
##### notify.sh:
当服务器切换为 master 状态时,确保 nginx 运行并发送邮件通知
当服务器切换为 backup 状态时,确保 nginx 停止运行
```powershell
#!/bin/bash
VIP=$2
sendmail () {
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" 3256094218@qq.com
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
```
##### 2、在slave上编写脚本
```powershell
[root@slave keepalived]# mkdir /scripts
[root@slave keepalived]# cd /scripts/
[root@slave scripts]# scp root@192.168.100.10:/scripts/check.sh .
root@192.168.100.10's password:
check.sh 100% 143 51.4KB/s 00:00
[root@slave scripts]# scp root@192.168.100.10:/scripts/notify.sh .
root@192.168.100.10's password:
notify.sh 100% 590 399.4KB/s 00:00
[root@slave scripts]# ls
check.sh notify.sh
[root@slave scripts]# chmod +x check.sh
[root@slave scripts]# chmod +x notify.sh
```
##### 3、配置master的keepalived
```powershell
[root@master scripts]# vim /etc/keepalived/keepalived.conf
[root@master scripts]# systemctl restart keepalived.service
```
```powershell
! Configuration File for keepalived
global_defs {
router_id stw01
}
vrrp_script nginx_check {
script "/scripts/check.sh"
interval 10
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.150
}
track_script {
nginx_check
}
notify_master "/scripts/notify.sh master 192.168.100.150"
notify_backup "/scripts/notify.sh backup 192.168.100.150"
}
virtual_server 192.168.100.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.40 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
```
##### 4、配置slave的keepalived
```powershell
[root@slave scripts]# vim /etc/keepalived/keepalived.conf
[root@slave scripts]# systemctl restart keepalived.service
```
```powershell
! Configuration File for keepalived
global_defs {
router_id stw02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.150
}
notify_master "/scripts/notify.sh master 192.168.100.150"
notify_backup "/scripts/notify.sh backup 192.168.100.150"
}
virtual_server 192.168.100.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.100.10 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.100.40 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
```
##### 5、模拟故障
##### master:
```powershell
[root@master scripts]# systemctl stop nginx
[root@master scripts]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:6000 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::6000 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*
[root@master scripts]# ip a
1: lo: