centos7 源码安装keepalived 【亲测有效,没有效果你来找我】
环境
keepalived 版本: keepalived-2.2.7
操作系统: cenos7
安装方式: 源码编译安装
环境安装
#安装包下载
wget https://keepalived.org/software/keepalived-2.2.7.tar.gz#安装编译源码所需依赖
yum -y install gcc openssl-devel libnfnetlink-devel libnl libnl-devel popt-devel gcc make# 解压至 /usr/local/ 目录下
tar -zxvf keepalived-2.2.7.tar.gz -C /usr/local/# 进入源码包
cd /usr/local/keepalived-2.2.7/# 编译安装,-j 后面的参数是CPU核心数,根据自己机器的CPU核心数指定
./configure && make -j 4 && make install#查找所有keepalived 文件位置
find / -name keepalived/etc/selinux/targeted/active/modules/100/keepalived
/etc/sysconfig/keepalived
/etc/rc.d/init.d/keepalived
/etc/keepalived
/usr/sbin/keepalived
/usr/local/etc/keepalived
/usr/local/etc/sysconfig/keepalived
/usr/local/sbin/keepalived
/usr/local/share/doc/keepalived
/usr/local/keepalived-2.2.7/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/sysconfig/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/openrc/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/keepalived
/usr/local/keepalived-2.2.7/keepalived/etc/init.d/keepalived
/usr/local/keepalived-2.2.7/keepalived/keepalived
/usr/local/keepalived-2.2.7/bin/keepalived# 把 keepalived的启动文件复制到init.d下,加入开机启动项
cp /usr/local/keepalived-2.2.7/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/# 复制启动服务至 /etc/sysconfig/
cp -r cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/#把 keepalived 加入系统命令目录
cp /usr/local/sbin/keepalived /usr/sbin/# 创建 keepalived 配置文件夹
mkdir /etc/keepalived
keepalived 配置
1、检测脚本
cat << \\EOF > /etc/keepalived/check.sh
#!/bin/shnum=`ps -ef | grep test.jar | grep -v grep | wc -l`
# $? -ne 不存在 0 $? -eq 0 存在
if [ $num -eq 0 ]
thensystemctl stop keepalived
fi
EOF
检测java程序进程是否存在,如果不清楚有哪些 java 进程可以使用下面命令获取
ps - ef | grep java
2、设置脚本权限
chmod 744 /etc/keepalived/check.sh
3、keepalived.conf 配置(主从节点都需要配置)
ps -ef | grep java
```bash
cat <<\\EOF >/etc/keepalived/keepalived.conf# 全局参数
global_defs {# 脚本执行用户script_user rootenable_script_security
}# 健康检查脚本,检查Haproxy状态,脚本返回0正常,返回非0失败,失败后节点降级 weight -15
# 名字自定义
vrrp_script maint-checkHaproxy {script "/etc/keepalived/check.sh"interval 3 # 检查间隔3秒weight -15 # 降低本节点权重fall 2 # 2次失败算失败rise 2 # 2次成功算成功timeout 2 # 超时
}# 实例1,名字自定义
vrrp_instance Vs_1 {state BACKUP # 定义节点主/备,主MASTER,备BACKUP,这里2个节点均为BACKUPinterface ens192 # 服务IP绑定的网卡virtual_router_id 45 # 集群号,所有节点需要相同priority 100 # 权重,weight -15 降低权重值,2个节点权重一致,降低权重后会发生切换advert_int 1 # 检测间隔# 抢占模式,(nopreempt非抢占模式),配置为抢占模式时,当节点权重降低时,另外一个高权重节点会抢占服务,发生切换;# 如果为非抢占模式,上面配置的检查脚本在检查到服务失败后,降低权重,但是不会发生切换。!nopreemptauthentication {auth_type PASSauth_pass 1718 # 各节点密码一致}#开启邮件通知smtp_alert# 单播模式# keepalived在组播模式下所有的信息都会向224.0.0.18的组播地址发送,产生众多的无用信息,并且会产生干扰和冲突,所以需要改为单播。# 这是一种安全的方法,避免局域网内有大量的keepalived造成虚拟路由id的冲突。# 单薄模式需要关闭vrrp_strict,严格遵守vrrp协议这个选项# 需要在VIP实例配置段加入单播的源地址和目标地址# 在全局配置中global_defs那一段,不能配置vrrp_strict参数,如果有需注释。# 否则会因为不是组播而无法启动keepalivedunicast_src_ip 192.168.46.56 # 本端,源地址unicast_peer {192.168.46.55 # 对端,目标地址}# 虚拟IPvirtual_ipaddress {192.168.46.77}track_script {maint-checkHaproxy # 健康检查脚本,与上面同名;如果不配置也可以,就不检查状态。}track_interface {ens192 # 检查网卡健康}# 邮箱通知配置notify_master "/usr/bin/sudo /etc/keepalived/notify.sh master"notify_backup "/usr/bin/sudo /etc/keepalived/notify.sh backup"notify_fault "/usr/bin/sudo /etc/keepalived/notify.sh fault"
}
EOF
需要修改的地方
- unicast_src_ip: 本机,源地址
- unicast_peer: 对端,目标地址
- unicast_peer: 服务IP地址 ens192 为网卡名称
- track_interface: 检查网卡健康
- vrrp_instance Vs_1.interface: 服务IP绑定的网卡
- vrrp_instance Vs_1.state MASTER或者BACKUP
4、防火墙配置
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --protocol vrrp -j ACCEPTfirewall-cmd --reload
5、安装邮件推送服务
yum install -y mailx
5.1、设置邮箱参数
vim /etc/mail.rc
# 添加如下参数
# 发件人邮箱
set from=XXX@163.com
# 邮箱服务器
set smtp=smtp.163.com
# 发件人邮箱账号
set smtp-auth-user=XXX@163.com
# 发件人邮箱授权码
set smtp-auth-password=DFXCFXXX
5.2、测试邮件发送是否成功
echo "邮件内容1" | mail -s "邮件主11题" XXX@163.com
5.3、邮件发送脚本
🔴 修改 contact 收件人邮箱
cat << \\EOF > /etc/keepalived/notify.sh
#收件人邮箱
contact='15028999624@163.com'
#ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
notify() {
local mailsubject="$(hostname) to be $1, vip floating"
local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}case $1 in
master)notify master;;
backup)notify backup;;
fault)notify fault;;
*)echo "Usage: $(basename $0) {master|backup|fault}"exit 1;;
esacEOF
5.4 修改脚本权限
chmod 777 /etc/keepalived/notify.sh
6、重启keepalived 服务
systemctl restart keepalived
systemctl start keepalived
systemctl stop keepalived
systemctl status keepalived
7、检查虚拟IP是否正常运行
ens192 为虚拟IP设置的网卡名称
[root@curry keepalived]# ip addr | grep ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 192.168.16.12/24 brd 192.138.16.255 scope global noprefixroute ens192inet 192.168.46.19/24 scope global secondary ens192
inet 192.168.46.19/24 scope global secondary ens192 为我们设置的虚拟IP
8、测试高可用
停止java服务看虚拟IP是否会切换到另一台机器
通过 ip addr | grep ens192 判断是否切换成功,如果本机是主节点则存在两个IP如下
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000inet 192.168.16.12/24 brd 192.138.16.255 scope global noprefixroute ens192inet 192.168.46.19/24 scope global secondary ens192