keepalived安裝配置 (Centos7)

時間  2019-12-29
標籤 keepalived 安裝 配置 centos7 centos 欄目 負載均衡 简体版
原文   原文鏈接
  1. keepalived簡介
    keepalive是一款能夠實現高可靠的軟件,一般部署在2臺服務器上,分爲一主一備。Keepalived能夠對本機上的進程進行檢測,一旦Master(主)檢測出某個進程出現問題,將本身切換成Backup(副)狀態,而後通知另一個節點切換成Master(主)狀態。
    https://www.keepalived.org/download.html
    http://nginx.org/en/download.html 
    # 將keepalived解壓到/usr/local目錄下
tar -zxvf keepalived-2.0.11.tar.gz  -C /usr/local

進入到/usr/local/keepalived-2.0.11目錄

cd /usr/local/keepalived-2.0.11html

開始configure

./configure --prefix=/usr/local/keepalivednginx

#編譯並安裝
make && make install服務器

出現如下信息表示編譯成功

Keepalived configuration

Keepalived version : 2.0.11
Compiler : gcc
Preprocessor flags :
Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -Winit-self -g -D_GNU_SOURCE -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -pie
Extra Lib : -lcrypto -lssl -lnl
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : No
IPVS 64 bit stats : No
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With ip rules/routes : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
SHA1 support : No
Use JSON output : No
libnl version : 1
Use IPv4 devconf : No
Use iptables : Yes
Use libiptc : No
Use libipset : No
Use nftables : No
init type : systemd
Strict config checks : No
Build genhash : Yes
Build documentation : Nosocket

編譯可能出現的問題

*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
執行yum命令yum -y install libnl libnl-devel解決上述警告問題
yum -y install libnl libnl-devel

configure: error: in /usr/local/keepalived-2.0.11':<br/>configure: error: no acceptable C compiler found in $PATH<br/>Seeconfig.log' for more detailstcp

 
 
yum install gccide
 
 
 
 
configure: error: 
!!! OpenSSL is not properly installed on your system. !!!
!!! Can not include OpenSSL headers files. !!!
[root@dajia keepalived-2.0.11]# ui
 
 
yum -y install openssl-devel

安裝完成之後,從新執行configure ... 命令

將keepalived添加到系統服務中

路徑  說明
/usr/local/keepalived-2.0.10    解壓後源碼存放路徑
/usr/local/keepalived   安裝目錄

# 拷貝執行文件
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/

# 將初始化腳本拷貝到系統初始化目錄下
cp /usr/local/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/init.d/

# 將keepalived配置文件拷貝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/sysconfig/keepalived /etc/sysconfig/

# 建立keepalived文件夾
mkdir /etc/keepalived/

# 將keepalived配置文件拷貝到etc下
cp /usr/local/keepalived-2.0.10/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/

# 添加可執行權限
chmod +x /etc/init.d/keepalived

# 添加keepalived到開機啓動
chkconfig --add keepalived
chkconfig keepalived on

此時已加入系統服務 可以使用services 啓動

#啓動
service keepalived start
#中止
service keepalived stop
#重啓
service keepalived restart
#查看啓動狀況
ps -aux |grep keepalived

配置keepalived虛擬IP

修改剛添加到系統的配置文件:vi /etc/keepalived/keepalived.conf
注意 是系統的配置文件(/etc/keepalived/keepalived.conf)
注意 是系統的配置文件(/etc/keepalived/keepalived.conf)
注意 是系統的配置文件(/etc/keepalived/keepalived.conf)
不是安裝目錄/usr/local...下的
 
 
vrrp_instance VI_1 {
state MASTER //MASTER主節點,備用節點上設置爲state BACKUP
interface ens33 //綁定虛擬機IP的網卡 兩個節點設置同樣 根據 ipaddr換成對應的網卡地址
virtual_router_id 51 //VRRP組名,主副節點設置必須同樣,指名各個節點屬於同一個VRRP組,同一個組的節點互相搶IP
priority 100 //優先級(1~254之間),備用節點必須比主節點優先級低
advert_int 1 //組播信息發送間隔,兩個節點設置必須同樣
authentication { //設置驗證信息, 兩個節點設置必須同樣,用於節點間信息轉發時的加密
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { // 虛擬IP兩個節點設置必須同樣,兩節點同時搶一個io
192.168.33.60/24 // 若是兩個nginx的ip分別是192.168.33.61,,...62,則此處的虛擬ip跟它倆同一個網段便可 24表明3個255的子網掩碼
}
}this
 
 
若是要 ping 192.168.33.60 還須要註釋掉配置文件中的# vrrp_strict

遇到的問題
主備都搶到了虛擬ip

採用tcpdump抓包定位問題,如下是在192.168.93.141 主節點的抓包結果
tcpdump -i ens33 vrrp -n
![](https://s1.51cto.com/images/blog/201912/05/d2cf1697ce5f7fff0752dd5d2e4ec35c.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

如下是在10.11.4.187 備節點的抓包結果
tcpdump -i ens33 vrrp -n

![](https://s1.51cto.com/images/blog/201912/05/cc5b493808c50aea3367b3eb6ebbb67d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

由上圖能夠看到,192.168.93.140和192.168.93.141兩個IP在輪流發送組播信號。而正常的應該是由MASTER服務器發送組播,若是BACKUP收不到MASTER的組播信號了,那麼斷定MASTER宕機了,BACKUP就會接手VIP

問題就是出如今了防火牆這裏,防火牆阻止了vrrp組包發送

若是是Firewalld防火牆 則主、備都運行下面的命令
 
 
[root@dajia sysconfig]# firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --protocol vrrp -j ACCEPT
success
[root@dajia sysconfig]# firewall-cmd --reload
success加密
  



        

            

        	





    

		

            
相關文章

            

                

                

                    

                

            


            
相關標籤/搜索

            
        


    

        

            

        

        

        
        

        

        

    




	

    





    

    	

    

        每日一句
    

    
    
    	每一个你不满意的现在,都有一个你没有努力的曾经。
    







    

    


    



    

        本站公眾號
    

    

           歡迎關注本站公眾號,獲取更多信息

        
    




    

    




	


	







    

        聯繫我們
        最近搜索
        最新文章
        
        沪ICP备13005482号-10

            MyBatis教程
            SQL 教程
            MySQL教程
            Java 教程
            Thymeleaf 教程
            Hibernate教程
            Spring教程 
            Redis教程