【安装文档】keepalived1.2.7安装步骤
简介
Keepalived的作用是检测服务器的状态,如果有一台web服务器宕机,或工作出现故障,Keepalived将检测到,并将有故障的服务器从系统中剔除,同时使用其他服务器代替该服务器的工作,当服务器工作正常后Keepalived自动将服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的服务器。
本文将以两台服务器来详细讲述keepalived主从服务的安装过程。
keepalived安装
[root@bogon local]# tar -zxvf keepalived-1.2.7.tar.gz
[root@bogon local]# cd keepalived-1.2.7
[root@bogon keepalived-1.2.7]# yum -y install ipvsadm
... ...
Complete!
[root@bogon keepalived-1.2.7]# ./configure
Keepalived configuration
------------------------
Keepalived version : 1.2.7
Compiler : gcc
Compiler flags : -g -O2
Extra Lib : -lpopt -lssl -lcrypto
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : No
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
Use Debug flags : No
[root@bogon keepalived-1.2.7]# make
Make complete
[root@bogon keepalived-1.2.7]# make install
[root@bogon keepalived-1.2.7]#
注意:如果出现以下报错,请执行对应的命令安装;
报错1:
configure: error:
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!执行命令:yum -y install openssl-devel
报错2:
configure: error: Popt libraries is required执行命令:yum -y install popt-devel
iptables添加VRRP通讯支持
[root@bogon ~]# vi /etc/sysconfig/iptables添加:
-A INPUT -d 224.0.0.0/8 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT
重启iptables:
[root@bogon ~]# service iptables restart
在iptables 中加入对vrrp报文的允许 ,vrrp广播报文使用的地址是224.0.0.18
参考资料:
http://stackoverflow.com/questions/12908701/keepalived-works-well-without-iptables
http://www.07net01.com/linux/chucishiyongkeepalivedyinggaizhuyide_58436_1358909551.html
将keepalived配置为服务
[root@bogon keepalived-1.2.7]# cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[root@bogon keepalived-1.2.7]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@bogon keepalived-1.2.7]# ln -s /usr/local/sbin/keepalived /usr/sbin/
[root@bogon keepalived-1.2.7]# service keepalived start
Starting keepalived: [ OK ]
[root@bogon keepalived-1.2.7]#
[root@bogon keepalived-1.2.7]# service keepalived stop
Stopping keepalived: [ OK ]
设为开机启动:
[root@bogon keepalived-1.2.7]# chkconfig keepalived on
同上,安装另一服务器;两台服务器keepalived均ok时,继续以下操作;
修改主服务器和从服务器keepalived.conf配置文件:
[root@bogon /]# vi /usr/local/keepalived-1.2.7/keepalived/etc/keepalived/keepalived.conf
主服务器:
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_sync_group VG_1 {
group {
VI_1
}
notify_master /etc/keepalived/sendmail.pl
}
vrrp_script chk_http_port {
script "</dev/tcp/127.0.0.1/80"
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.8.191
}
track_script {
chk_http_port
}
}
从服务器:
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_sync_group VG_1 {
group {
VI_1
}
notify_master /etc/keepalived/sendmail.pl
}
vrrp_script chk_http_port {
script "</dev/tcp/127.0.0.1/80"
interval 1
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0 #设置实例绑定的网卡
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #设置vip
192.168.8.191
}
track_script {
chk_http_port
}
}
启动keepalived服务:
[root@bogon /]# mkdir /etc/keepalived/
[root@bogon /]# cp /usr/local/keepalived-1.2.7/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@bogon /]# service keepalived start
Starting keepalived: [ OK ]
[root@bogon /]#
直接查看keepalived日志: tail -f /var/log/messages
设置syslog日志
修改/etc/rsyslog.conf
[root@bogon /]# vi etc/rsyslog.conf
加入以下内容:
#keepalived -S 0
local0.* /var/log/keepalived.log
重新启动日志
/etc/init.d/rsyslog restart
查看日志:
tail -f /var/log/messages
Keepalived发送报警邮件:
/etc/keepalived/sendmail.pl
邮件具体格式内容参看:sendmail.pl文件
首先手动执行此脚本,检验是否能成功发送:
[root@bogon ~]# /etc/keepalived/sendEmail.pl
Can't locate Net/SMTP_auth.pm in @INC (@INC contains: /usr/local/lib/perl5 /usr/local/share/perl5 /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5 /usr/share/perl5 .) at /etc/keepalived/sendEmail.pl line 2.
BEGIN failed--compilation aborted at /etc/keepalived/sendEmail.pl line 2.
[root@bogon ~]#
如报以上错:说明需要安装Net::SMTP_auth模块
[root@bogon ~]# yum -y install perl-CPAN
[root@bogon ~]# cpan Net::SMTP_auth
执行安装完毕,再试即ok
验证是否安装成功步骤:
tail - f /var/log/keepalived.log
主从服务器都配置好后,分别启动keepalived,测试如下情况:
1、主从服务器都正常时,主服务器有VIP,从服务器无;
2、主服务器宕机时,VIP是否切换至从服务器;
3、主服务器恢复正常时,VIP重新绑定到主服务器,并从从服务器移除;
keepalived-log.png注意:
如果报错:keepalived ip address associated with VRID not present in received packet
详细日志:
5913 May 16 15:26:04 ha02 Keepalived_vrrp: ip address associated with VRID not present in received packet : 192.168.57.75
5914 May 16 15:26:04 ha02 Keepalived_vrrp: one or more VIP associated with VRID mismatch actual MASTER advert
5915 May 16 15:26:04 ha02 Keepalived_vrrp: bogus VRRP packet received on eth0 !!!
5916 May 16 15:26:04 ha02 Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received advertisment...
5917 May 16 15:26:05 ha02 Keepalived_vrrp: ip address associated with VRID not present in received packet : 192.168.57.75
5918 May 16 15:26:05 ha02 Keepalived_vrrp: one or more VIP associated with VRID mismatch actual MASTER advert
5919 May 16 15:26:05 ha02 Keepalived_vrrp: bogus VRRP packet received on eth0 !!!
5920 May 16 15:26:05 ha02 Keepalived_vrrp: VRRP_Instance(VI_1) ignoring received advertisment..
解决方法:
在同一网段内virtual_router_id 值不能相同,如果相同会在messages中收到VRRP错误包,所以需要更改 virual_router_id。
主主配置
在两台主从的配置中,我们可以发现,只有主节点在提供服务,备节点服务只有在主节点宕机后才可对外服务。为使服务器利用率最大化,在生产环境中我们通常会申请两个虚拟IP,两台互为主主同时对外提供服务,一台服务器宕机后另外一台继续提供服务。
具体配置如下:
主:
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_script chk_nginx {
script "/usr/local/scripts/nginx_check.sh"
interval 2
weight 20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass server123
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.10.44.142/24
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 66
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 123fa9f6
}
virtual_ipaddress {
10.10.44.143/24
}
}
备:
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_script chk_nginx {
script "/usr/local/scripts/nginx_check.sh"
interval 2
weight 20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass server123
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.10.44.142/24
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 123fa9f6
}
virtual_ipaddress {
10.10.44.143/24
}
}
(完)