! Configuration File for keepalived # 全局配置 global_defs { # 当前服务器中keepalived唯一标识,同一组只能有唯一的lb01<名字> router_id lb01 } # 检测脚本:检测到Nginx服务停止时,重启Nginx再检测,再异常则停止keepalived服务 # check_nginx: 起的名字 vrrp_script check_nginx { # 指定脚本路径,checkNG.sh是创建的脚本名 script "/etc/keepalived/checkNG.sh" # 执行脚本时间间隔sec interval 5 } # 配置VRRP协议 vrrp_instance VI_1 { # 非抢占式设置1: 状态改为BACKUP # 状态: MASTER和BACKUP state BACKUP # 非抢占式设置2 执行开启动作 nopreempt # 绑定网卡 interface eth0 # 虚拟路由标识,可以理解为分组 virtual_router_id 50 # 优先级- 数字大小表示 priority 90 # VRRP协议广播时间间隔 sec,下面含义: 每隔1sec广播一次 advert_int 1 # keepalived身份认证,通过密码认证,则证明其是同一个分组 authentication { # 认证类型 auth_type PASS # 认证密码 auth_pass 1111 } # 设置虚拟ip-此ip跳转到哪台'负载均衡服务器',则哪台'负载均衡服务器'开始工作 virtual_ipaddress { # 设置的虚拟ip要是当前'负载均衡服务器'绑定网卡所在的网段内;当前绑定网卡是eth0,上边有写 # 虚拟ip即公共ip 192.168.15.55 } # 调用上边检测'Nginx服务状态'的脚本,也可叫脚本启动开关 track_script { check_nginx } }
1-22 编辑其他配置文件 编辑lb02配置文件 [root@lb01 ~]# scp /etc/keepalived/keepalived.conf root@192.168.15.6:/etc/keepalived/ 修改点1 改名字 修该点2 改为BACKUP 修改点3 比lb01小即可 1-3 启动并开机自启 [root@lb01 ~]# systemctl enable --now keepalived [root@lb02 ~]# systemctl enable --now keepalived 1-4 查看新增虚拟ip(专业叫VIP)<最终版到此结束,在浏览器输入虚拟ip测试能否访问> [root@lb01 ~]# ip a [root@lb02 ~]# ip a 1-5 验证虚拟ip自动切换到'keepalived服务处于活动状态'的服务器 停止lb01keepalived活动状态 [root@lb01 ~]# systemctl stop keepalived 查看lb02ip [root@lb02 ~]# ip a 发现配置文件中虚拟ip被新增到此处,那么验证了虚拟ip自动切换 1-6 输入虚拟ip192.168.15.55可以实现访问 - 外界用户就是通过此ip所对应的域名访问的 [root@lb02 conf.d]# systemctl stop keepalived 2 ---Nginx宕机怎么办? 背景结论:虚拟ip所在的负载均衡服务器的Nginx服务停止后,虚拟ip没有自动跳转,外界用户访问失败 解决办法: 想办法告诉keepalived,当Nginx异常时,让其自动关闭keepalived服务 step2-1 新增可执行脚本-Nginx服务宕机后,停止keepalived服务 step2-2 将脚本文件的路径和启动开关添加到keepalived配置文件,实现自动化检测,并做对应处理 背景1 同一组的服务器的keepalived都处于活动状态 背景2 查看虚拟ip所在机器 [root@lb01 conf.d]# ip a 背景3 [root@lb01 conf.d]# systemctl stop nginx [root@lb01 conf.d]# systemctl status nginx 背景4 访问虚拟ip 发现无法访问,说明虚拟ip在此服务器上没有跳转 背景5 验证虚拟ip没有跳转 [root@lb01 conf.d]# ip a 解决步骤 step2-1 新增可执行脚本-Nginx服务宕机后,停止keepalived服务 2-11 脚本要创建在keepalived的配置目录下(千万不能错) [root@lb01 ~]# cd /etc/keepalived [root@lb01 keepalived]# vim checkNG.sh
#!/bin/bash # 查看Nginx进程,其中 "-q"静默输出 ps -ef | grep -q [n]ginx # 如果Nginx未正常启动; # 其中 $?: 上一指令的返回值,0表示没有错误,其他数字表示有错误;本次: Nginx正常启动,上调指令会过滤出进程,,则'$?'返回0; # 其中'-ne':不等于; if [ $? -ne 0 ];then # 启动Nginx,'&'将前边的输出结果 放到'/dev/null'路径下,原因输出结果不需要打印出来; systemctl start nginx &>/dev/null sleep 2 # 再次查看Nginx进程 ps -ef | grep -q [n]ginx # 如果Nginx未正常启动; if [ $? -ne 0 ];then # 停止keepalived服务 systemctl stop keepalived # if语句结尾固定搭配 fi fi
配置实际 2-12 添加可执行权限 [root@lb01 keepalived]# chmod +x checkNG.sh 2-13模拟Nginx故障,确认脚本效果 2-131模拟 2-131-1 查看Nginx状态,关闭则启动 [root@lb01 ~]# systemctl status nginx 关闭则执行如下命令 [root@lb01 ~]# systemctl start nginx 2-131-2 查看keepalived状态,关闭则启动 [root@lb01 ~]# systemctl status keepalived 关闭则执行如下命令 [root@lb01 ~]# systemctl start keepalived 2-131-3 确保虚拟ip在某服务器上 [root@lb01 ~]# ip a 2-131-4对nginx配置文件改成错误的 [root@lb01 ~]# cd /etc/nginx/conf.d/ [root@lb01 conf.d]# ll [root@lb01 conf.d]# vim game.conf 改成错误的配置文件 2-132 确认脚本生效 2-132-1关闭Nginx服务 [root@lb01 conf.d]# systemctl stop nginx 2-132-2启动脚本 [root@lb01 conf.d]# /etc/keepalived/checkNG.sh 2-132-3 查看keepalived活动状态 [root@lb01 conf.d]# systemctl status keepalived 结果dead,说明脚本生效 演示 2-132-4 查看同一组负载均衡服务器lb02,发现虚拟ip已经在此处新增,原来的lb01的虚拟ip也没有了 2-132-5 输入虚拟ip,访问正常;说明该脚本可以实现"某负载均衡服务器故障时,将访问切换到其他服务器" step2-2 将脚本文件的路径和启动开关添加到keepalived配置文件,实现自动化检测,并做对应处理 前提1 [root@lb01 conf.d]# vim /etc/nginx/conf.d/game.conf 把错误配置内容去掉 前提2 [root@lb01 ~]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful 前提3 [root@lb01 ~]# systemctl restart nginx 确认正常启动 [root@lb01 ~]# systemctl status nginx 正文内容 2-21 [root@lb01 ~]# cd /etc/keepalived/ [root@lb01 keepalived]# vim keepalived.conf 加入以下内容到脚本 内容1: 内容2: 启动开关 2-22 复制脚本和配置文件到同组内其他负载均衡服务器 [root@lb01 keepalived]# scp /etc/keepalived/checkNG.sh root@192.168.15.6:/etc/keepalived/ [root@lb01 keepalived]# scp /etc/keepalived/keepalived.conf root@192.168.15.6:/etc/keepalived/ 修改192.168.15.6内配置 [root@lb02 keepalived]# vim /etc/keepalived/keepalived.conf 修改1 修改2 修改3 2-23 重启keepalived lb02重启 [root@lb02 keepalived]# systemctl restart keepalived [root@lb02 keepalived]# systemctl status keepalived lb01重启 [root@lb01 keepalived]# systemctl restart keepalived [root@lb01 keepalived]# systemctl status keepalived 2-24 检查配置是否生效 2-24-1 检查1 [root@lb01 ~]# systemctl stop nginx [root@lb01 ~]# systemctl status nginx 发现Nginx竟然启动了,说明时配置文件调用了脚本 2-24-2 检查2 [root@lb01 conf.d]# vim game.conf [root@lb01 conf.d]# systemctl stop nginx [root@lb01 conf.d]# systemctl status keepalived 结果dead,说明脚本生效 2-25 配置文件生效确认 2-25-1 查看同一组负载均衡服务器lb02,发现虚拟ip已经在此处新增,原来的lb01的虚拟ip也没有了 2-25-2 输入虚拟ip,访问正常;说明该脚本可以实现"某负载均衡服务器故障时,将访问切换到其他服务器",不ying 2-26 将配置文件改为正确的并启动两个服务 [root@lb01 conf.d]# vim game.conf [root@lb01 conf.d]# systemctl start nginx keepalived 3 ---某个组内的keepalived无法互相广播怎么办? 以下仅理论,并无实际脚本文件 知识点 什么是keepalived脑裂: 两台'高可用'服务器,在指定时间内,无法互相检测到对方'keepalived活动状态'而各自启动故障转移功能 比如,防火墙打开,VRRP协议所进行的广播进行不了,那么也就互相不知道对方的情况,那么会造成各自都生成配置文件中定义的虚拟ip,这是你让用户端的浏览器怎么选择? 解决思路: 如果对方机器真的时关机了,对方的ip是ping不通的;所以即使keepalived无法通信,只要ip能ping通远程服务器,说明服务器能正常提供服务,keepalived就不需要关闭; 所以,去判断对方的虚拟ip是否ping的通; 3-1 ping下虚拟ip [root@lb01 keepalived]# ping 192.168.15.55 能ping通,说明可以正常提供访问服务 3-2 指定ping次数 3-3 设定'不输出ping结果' [root@lb01 keepalived]# ping -c 1 192.168.15.55 &>/dev/null 确认上一命令执行ok [root@lb01 keepalived]# echo $? 3-4 ping一个不存在的ip,ping不通,$?对应显示数字1 4 --- 配置非抢占式 原因: 配置非抢占式,就是用户访问正常时,防止启动优先级高的keepalived服务后自动切换ip,然后出现出现卡顿(虚拟ip切换到别的机器会卡顿,哪个访问的圈一直在转,对用户来说体验非常不好) 实现非抢占式需 同一组内所有负载均衡服务器 4.1 状态全部都有设置成backup 4.2 增加 nopreempt 4.3 重启 [root@lb01 keepalived]# systemctl restart keepalived [root@lb01 keepalived]# systemctl status keepalived [root@lb02 keepalived]# systemctl restart keepalived [root@lb02 keepalived]# systemctl status keepalived 4.4 [root@lb01 keepalived]# systemctl stop keepalived 发现虚拟IP出现在了lb02 4.5 [root@lb01 keepalived]# systemctl start keepalived [root@lb01 keepalived]# systemctl status keepalived [root@lb01 keepalived]# ip a 无出现虚拟ip ip 仍在lb02 说明,虽然lb01启动了且优先级高,但是因为lb02可以正常提供服务,并没有切换机器,减少 虚拟ip切换机器时造成卡顿,使用户访问体验受挫 补充: 1 为了使其他服务器新搭建的Nginx配置与lb01服务器一样 2 挂载知识 3 [root@lb01 conf.d]# ps -ef | grep [n]ginx 4 [root@lb01 ~]# echo $?