#准备两台机器安装keepalived,一台当作客户端
#使用yum安装
[root@yang-8 ~]# yum install -y keepalived
#编辑配置文件,两台机器都要配置
#master机器
[root@yang-8 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
#全局配置
global_defs {
#定义发送邮件给接收人
notification_email {
acassen@firewall.loc
}
#指定发件人
notification_email_from Alexandre.Cassen@firewall.loc
#指定发件服务器
smtp_server 192.168.200.1
smtp_connect_timeout 30
#路由标识,可以不写
router_id LVS_DEVEL
}
#实例配置
#VI_1是机器封装成路由器集群实例名称,两台机器需要保持一致
vrrp_instance VI_1 {
#角色,这边是master,另一台就是backup
MASTER
#对外的网卡名称
interface ens32
#虚拟路由ID,两台机器保持一致,表示两台机器属于一个集群
virtual_router_id 51
#优先级,谁越高谁就是master
100
#通告时间
advert_int 5
#以加密的方式发送组播包
authentication {
auth_type PASS
auth_pass 1111
}
#VIP地址
virtual_ipaddress {
192.168.254.188
}
}
#将上面这个配置文件拷贝到另一台机器,然后配置成backup机器
[root@yang-8 ~]# scp -r /etc/keepalived/keepalived.conf root@192.168.254.207:/etc/keepalived/
root@192.168.254.207's password:
keepalived.conf 100% 491 170.4KB/s 00:00
#vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
BACKUP
interface ens32
virtual_router_id 51
90
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.188
}
}
#两台机器重启keepalived服务
systemctl restart keepalived.service
#在master机器上面查看网卡的子网卡是否以及绑定VIP,绑定的VIP地址同一时刻只能存在一台机器上
[root@yang-8 ~]# ip addr list |grep 192.168.254.188
inet 192.168.254.188/32 scope global ens32
[root@yang-8 ~]#
#这两台机器已经组成了高可用集群,用户访问的话去访问192.168.254.188就可以了
#此时stop掉一台keepalived机器,那么VIP地址会自动飘到另一台去
#查看日志,查看VIP漂移过程
[root@yang-7 ~]# tail -n30 /var/log/messages
#master端重新启动keepalived那么VIP地址就会重新飘回来,因为它的优先级高于backup
#基于keepalived实现nginx高可用
#使用脚本将nginx与keepalived整合,两台机器都需要放这个脚本
#实现需求:当nginx服务宕机时,keepalived服务也会停止,这时候master端的VIP地址会飘到backup机器上,然后客户端/etc/hosts文件中绑定VIP地址,那么客户端继续可以访问backup机器上的nginx服务
#[root@yang-8 shell]# vim check_nginx.sh
#!/bin/bash
#2023-11-22 22:15
#auto check nginx status
#by author yang-8
########################
while true
do
CHECK_NUM=$(ps -ef|grep -aiE nginx|grep -aivE "grep|check"|wc -l)
if [ $CHECK_NUM -eq 0 ]
then
systemctl stop keepalived.service
fi
sleep 5
done
#把脚本放在后台实时执行
[root@yang-8 shell]# nohup sh check_nginx.sh &
#这时候将nginx服务停止,然后VIP地址就会飘到backup机器上,客户端访问测试
#注意:
#当keepalived服务挂掉一台说明与keepalived整合的服务出现了问题,需要即使排错检查
###
###
#使用配置文件调用脚本实现keepalived+nginx高可用
#定义脚本
#[root@yang-8 shell]# vim check_nginx.sh
#!/bin/bash
#2023-11-22 22:15
#auto check nginx status
#by author yang-8
########################
CHECK_NUM=$(ps -ef|grep -aiE nginx|grep -aivE "grep|check"|wc -l)
if [ $CHECK_NUM -eq 0 ]
then
systemctl stop keepalived.service
fi
#将脚本拷贝到另一台机器
[root@yang-8 shell]# scp -r check_nginx.sh 192.168.254.207:/root/shell/
root@192.168.254.207's password:
check_nginx.sh 100% 234 147.4KB/s 00:00
[root@yang-8 shell]#
#增加vrrp代码
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
#定义检测脚本的模块,名字自定义
vrrp_script chk_nginx
#脚本路径
/root/shell/check_nginx.sh"
#每间隔两秒执行一次
interval 2
#权重,每次发生切换权重加2,这里可以不定义
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface ens32
virtual_router_id 51
priority 100
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.188
}
#在这里调用定义的脚本模块
track_script {
chk_nginx
}
}
#重启服务
[root@yang-8 ~]# systemctl restart keepalived.service
#检查日志
tail /var/log/messages
Nov 22 22:05:47 yang-8 Keepalived_vrrp[95419
#测试
#停掉nginx,检查VIP是否飘到backup机器,访问客户端查看状态
###
###
#在实际工作中每次master机器的keepalived起来之后那么VIP地址又会飘回来,这样来回频繁切换是不行的,所以配置文件中稍加修改即可
#一般实际使用两台机器都配置成同样的BACKUP和nopreempt
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
#定义检测脚本的模块,名字自定义
vrrp_script chk_nginx {
#脚本路径
script "/root/shell/check_nginx.sh"
#每间隔两秒执行一次
interval 2
#权重,每次发生切换权重加2,这里可以不定义
weight 2
}
#在实例部分加入配置
vrrp_instance VI_1 {
#将MASTER改为BACKUP
BACKUP
interface ens32
virtual_router_id 51
priority 100
advert_int 5
#此参数表示不机器优先级高也不抢占
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.188
}
#在这里调用定义的脚本模块
track_script {
chk_nginx
}
}
#测试先停掉nginx服务,这时候VIP会飘到原来的BACKUP机器上
[root@yang-8 shell]# pkill nginx
#再重新启动服务,VIP地址并不会飘回来
[root@yang-8 shell]# systemctl restart keepalived.service
[root@yang-8 shell]# /usr/local/nginx/sbin/nginx
###
###
#keepalived双机互备模式
#编辑配置文件
#配置两个实例,相当于两个集群
[root@yang-8 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/root/shell/check_nginx.sh"
interval 2
}
vrrp_instance VI_1 {
MASTER
interface ens32
51
100
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.188
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
BACKUP
interface ens32
52
90
nopreempt
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.189
}
track_script {
chk_nginx
}
}
#另一台机器配置文件
[root@yang-8 ~]# scp -r /etc/keepalived/keepalived.conf root@192.168.254.207:/etc/keepalived/
root@192.168.254.207's password:
keepalived.conf
#[root@yang-7 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script "/root/shell/check_nginx.sh"
interval 2
}
vrrp_instance VI_1 {
BACKUP
interface ens32
virtual_router_id 51
90
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.188
}
track_script {
chk_nginx
}
}
vrrp_instance VI_2 {
MASTER
interface ens32
virtual_router_id 52
100
nopreempt
advert_int 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.254.189
}
track_script {
chk_nginx
}
}
#重启两台机器keepalived服务
[root@yang-8 ~]# systemctl restart keepalived.service
[root@yang-7 ~]# systemctl restart keepalived.service
#查看两台机器绑定的VIP地址
[root@yang-8 ~]# ip addr list |grep 188
inet 192.168.254.188/32 scope global ens32
[root@yang-7 ~]# ip addr list|grep 189
inet 192.168.254.189/32 scope global ens32
#客户端在/etc/hosts中进行配置域名解析
192.168.254.208 yang-8
192.168.254.207 yang-7
192.168.254.188 yang-8
192.168.254.189 yang-7
#测试通之前实验宕掉一台机器,然后另一台机器会存在两个VIP地址,客户端依然可以正常访问
###