keepalived部署httpd
主服务器配置
关闭防火墙下载keepalived
//关闭防火墙和selinux
[root@master ~]# systemctl disable --now firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# setenforce 0
[root@master ~]# vim /etc/selinux/config
SELINUX=disabled
//安装keepalived
[root@master ~]# yum -y install keepalived
//查看安装生成的文件
[root@master ~]# rpm -ql keepalived
/etc/keepalived
/etc/keepalived/keepalived.conf //配置文件
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service //服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
......
备服务器配置
关闭防火墙和selinux、下载keepalived
//关闭防火墙和selinux
[root@slave ~]# systemctl disable --now firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@slaver ~]# setenforce 0
[root@slave ~]# vim /etc/selinux/config
SELINUX=disabled
//安装keepalived
[root@slaver ~]# yum -y install keepalived
在主备机上分别安装httpd
主服务器
[root@master ~]# yum -y install httpd
[root@master ~]# cd /var/www/html/
[root@master html]# ls
[root@master html]# echo "master" > index.html
[root@master html]# cat index.html
master
//启动httpd服务
[root@master html]# systemctl start httpd.service
[root@master html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
备服务器
[root@slave ~]# yum -y install httpd
[root@slave ~]# cd /var/www/html/
[root@slave html]# ls
[root@slave html]# echo "slave" > index.html
[root@slave html]# cat index.html
slave
//启动httpd服务
[root@slave html]# systemctl start httpd.service
[root@slave html]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
keepalived配置
主服务器配置
[root@master ~]# cd /etc/keepalived/
[root@master keepalived]# ls
keepalived.conf
[root@master keepalived]# cp keepalived.conf{,-bak} //本分原配置文件
[root@master keepalived]# ls
keepalived.conf keepalived.conf-bak
[root@master keepalived]# rm -rf keepalived.conf
[root@master keepalived]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface ens33 //网卡名要和IP a 网卡名一样
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123 //密码
}
virtual_ipaddress {
192.168.164.250
}
}
virtual_server 192.168.164.250 80 { //VIP 加端口号
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 { //主服务器IP
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 { //备服务器IP
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@master keepalived]# systemctl start keepalived
[root@master keepalived]# systemctl enable keepalived
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
//把配置文件传到备服务器上,应为主备都需要配置
[root@master keepalived]# scp keepalived.conf root@192.168.164.137:/etc/keepalived
The authenticity of host '192.168.164.137 (192.168.164.137)' can't be established.
ECDSA key fingerprint is SHA256:LHRhfz+dzwLMs+25QRqhHneTBq5ScV3htejYRiSJ7Pk.
ECDSA key fingerprint is MD5:cc:ac:35:a9:d1:e5:74:d9:8b:11:62:1c:31:9e:01:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.164.137' (ECDSA) to the list of known hosts.
root@192.168.164.137's password:
keepalived.conf 100% 868 339.8KB/s 00:00
配置备keepalived
//查看目录中是否有来自主服务器发来的文件
[root@slave keepalived]# ls
keepalived.conf keepalived.conf-bak
//修改配置文件
[root@slave keepalived]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP //修改为backup 备份
interface ens33
virtual_router_id 51
priority 90 //权重改成90,这样VIP才能到128主机上
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
}
virtual_server 192.168.164.250 80 { //VIP地址 和服务端口号
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 { //主服务器
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 { //备服务器
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启并设置为开机自启
[root@slave keepalived]# systemctl start keepalived
[root@slave keepalived]# systemctl enable keepalived
Created symlink /etc/systemd/system/multi-user.target.wants/keepalived.service → /usr/lib/systemd/system/keepalived.service.
查看VIP在哪里
主服务查看
[root@master keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33 //看见此次主服务上有VIP,说明是这台主机提供的服务(面向客户端的IP地址)
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
备服务器查看
[root@slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试
关闭主服务器上的keepalived
[root@master ~]# systemctl stop keepalived
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//去备服务器查看,发现vip到备服务了说明是备服务器提供的服务
[root@slave ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
关闭主服务的Keeplived,发现VIP到了备服务器,此时去访问网站是备服服务器提供的服务
让keepalived通过脚本监控httpd负载均衡机
keepalived通过脚本来监控nginx负载均衡机的状态
主服务器编辑脚本
两个脚本
[root@master ~]# mkdir /scripts
[root@master ~]# cd /scripts/
[root@master scripts]# vi check_h.sh
#!/bin/bash
httpd_status=$(ps -ef|grep -Ev "httpd|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl stop keepalived
fi
[root@master scripts]# chmod +x check_h.sh //添加执行的权限 X
[root@master scripts]# ll
总用量 4
-rwxr-xr-x. 1 root root 142 10月 21 21:16 check_h.sh
//创建编辑第二个脚本
[root@master scripts]# vi notify.sh
#!/bin/bash
VIP=$2
case "$1" in
master)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -lt 1 ];then
systemctl start httpd
fi
;;
backup)
httpd_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bhttpd\b'|wc -l)
if [ $httpd_status -gt 0 ];then
systemctl stop httpd
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@master scripts]# chmod +x notify.sh
[root@master scripts]# ll
总用量 8
-rwxr-xr-x. 1 root root 142 10月 21 21:16 check_h.sh
-rwxr-xr-x. 1 root root 432 10月 21 21:26 notify.sh
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
//待备服务器创建完/scripts后,再把notify脚本用scp传到对面相同目录中
[root@master scripts]# scp notify.sh root@192.168.164.137:/scripts
root@192.168.164.137's password:
notify.sh 100% 432 109.0KB/s 00:00
备服务器编辑脚本
[root@slave ~]# mkdir /scripts
[root@slave ~]# cd /scripts/
//查看是否收到对面穿过来的脚本文件
[root@slave scripts]# ll
总用量 4
-rwxr-xr-x. 1 root root 432 10月 21 21:30 notify.sh
配置keepalived加入监控脚本的配置
配置主服务器的keepalived
//开启主服务器上的Keeplived
[root@master scripts]# systemctl start keepalived
[root@master scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
//编辑主服务的keepalived配置文件
[root@master scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script httpd_check { //添加以下4行
script "/scripts/check_h.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
track_script {
httpd_check
}
notify_master "/scripts/notify.sh master 192.168.164.250" //添加以下两行
notify_backup "/scripts/notify.sh backup 192.168.164.250"
}
virtual_server 192.168.164.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启服务
[root@master scripts]# systemctl restart keepalived
备服务器配置keepalived
[root@slave scripts]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass wjm123
}
virtual_ipaddress {
192.168.164.250
}
notify_master "/scripts/notify.sh master 192.168.164.250" //添加以下两行内容
notify_backup "/scripts/notify.sh backup 192.168.164.250"
}
virtual_server 192.168.164.250 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.164.128 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.164.137 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
//重启服务
[root@slave ~]# systemctl restart keepalived
验证
//模拟关闭主上面的httpd,发现keepalived服务已经自动关闭了
[root@master scripts]# systemctl stop httpd
[root@master scripts]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@master scripts]# ip a //此时去查看IP发现VIP已经不在了
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:73:96:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.164.128/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::65f2:205e:c9e8:7e94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@master scripts]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 四 2021-10-21 23:41:22 CST; 55s ago
Process: 117289 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 117290 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/keepalived.service
10月 21 23:41:21 master Keepalived_vrrp[117292]: WARNING -...
10月 21 23:41:21 master Keepalived_vrrp[117292]: SECURITY ...
10月 21 23:41:21 master Keepalived_vrrp[117292]: VRRP_Inst...
10月 21 23:41:21 master Keepalived_vrrp[117292]: Using Lin...
10月 21 23:41:21 master Keepalived_vrrp[117292]: VRRP sock...
10月 21 23:41:21 master Keepalived[117290]: Stopping
10月 21 23:41:21 master systemd[1]: Stopping LVS and VRRP ...
10月 21 23:41:21 master Keepalived_healthcheckers[117291]: ...
10月 21 23:41:21 master Keepalived_healthcheckers[117291]: ...
10月 21 23:41:22 master systemd[1]: Stopped LVS and VRRP H...
Hint: Some lines were ellipsized, use -l to show in full.
//去备服务器查看IP,发现VIP在备服务上,现在访问VIP 所提供服务的是备服务器
[root@slave scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b0:c6:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.164.137/24 brd 192.168.164.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.164.250/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::394:4b63:da73:a11/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@slave scripts]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
现在去访问,查看是否是备提供的服务
