keepalived安装配置详解(一)
一、keepalived简介
1.1功能
Keepalived是一款高可用软件,它的功能主要包括两方面:
1)通过IP漂移,实现服务的高可用:服务器集群共享一个虚拟IP,同一时间只有一个服务器占有虚拟IP并对外提供服务,若该服务器不可用,则虚拟IP漂移至另一台服务器并对外提供服务;
2)对LVS应用服务层的应用服务器集群进行状态监控:若应用服务器不可用,则keepalived将其从集群中摘除,若应用服务器恢复,则keepalived将其重新加入集群中。
Keepalived可以单独使用,即通过IP漂移实现服务的高可用,也可以结合LVS使用,即一方面通过IP漂移实现LVS负载均衡层的高可用,另一方面实现LVS应用服务层的状态监控,如图所示:
1.2原理
Keepalived的实现基于VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议),而VRRP是为了解决静态路由的高可用。VRRP的基本架构如图所示:
虚拟路由器由多个VRRP路由器组成,每个VRRP路由器都有各自的IP和共同的VRID(0-255),其中一个VRRP路由器通过竞选成为MASTER,占有VIP,对外提供路由服务,其他成为BACKUP,MASTER以IP组播(组播地址:224.0.0.18)形式发送VRRP协议包,与BACKUP保持心跳连接,若MASTER不可用(或BACKUP接收不到VRRP协议包),则BACKUP通过竞选产生新的MASTER并继续对外提供路由服务,从而实现高可用。
二、安装配置
2.1下载安装包
2.2解压、配置、编译、安装
[[email protected] ~]# tar -zxvf keepalived-1.2.24.tar.gz [[email protected] ~]# cd keepalived-1.2.24 [[email protected] keepalived-1.2.24]#./configure--prefix=/usr/local/keepalived [[email protected]]# make && make install |
2.3安装过程中出现的问题
1) OpenSSL is not properly installed on your system
原因是:OpenSSL没有在当前系统中安装。
解决办法:yuminstall -y openssl openssl-devel
然后再次执行./configure命令
2)安装OpenSSL时,报错Couldnot open/read file:///mnt/cdrom/repodata/repomd.xml
原因是:yum源出现问题
解决办法:更换yum
a、先进入yum源配置目录
cd /etc/yum.repos.d
b、备份系统自带的yum源
mv CentOS-Base.repoCentOS-Base.repo.save
c、下载其他更快的yum源
sohu的yum源
wgethttp://mirrors.sohu.com/help/CentOS-Base-sohu.repo
d、更新完yum源后,建议更新一下,使操作立即生效
yum makecache
e、如若出现问题
在CentOS-Base-sohu.repo中注释掉下面的内容
#[addons] #name=CentOS-$releasever - Addons - sohu.com #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons #baseurl=http://mirrors.sohu.com/centos/$releasever/addons/$basearch/ #gpgcheck=1 #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5CentOS-Base-sohu.repo
|
f、执行yum list
ftp:///mnt/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] nohost given
打开/etc/yum.repos.d,目录中有server.repo文件,内容如下:
[myserver] name=server baseurl=file:///mnt/ enabled=1 gpgcheck=0 |
在网上找到centos的安装源http://centos.ustc.edu.cn/centos/6/os/i386/,替换掉上面的baseurl后,经测试正常!因为是rhel和centos有些不同的原因,提示某些包的Publickey没有安装,如下:
"Couldn't open file/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5"
这时打开“CentOS-Base-sohu.repo”文件,将所有的“gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5”改为“gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7”
这下yum源的问题就解决了,可以正常安装OpenSSL了
2.4 配置
[[email protected]~]#cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[[email protected]~]#cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
[[email protected]~]#mkdir /etc/keepalived
[[email protected]~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
2.5修改配置文件
修改/etc/keepalived/keepalived.conf
2.6启动测试
[[email protected]~]#service keepalived start 启动keepalived [[email protected]~]#service keepalived stop 停止keepalived [[email protected]~]#service keepalived restart 重启keepalived [[email protected]~]#service keepalived status 查看keepalived状态 |
启动成功后,使用ps –ef|grepkeepalived
也可用ip a查看,其中192.168.88.128是实际IP,192.168.88.100是设置的VIP,结果如下图所示
2.7启动过程中出现的问题
1) env: /etc/init.d/keepalived: Permissiondenied
原因:未授权
解决方法:chmod 777/etc/init.d/keepalived
2)启动失败,报一下错误
解决方法:
[[email protected] ~]# ln -s/usr/local/keepalived/sbin/keepalived /usr/sbin/ [[email protected] ~]# /usr/local/keepalived/sbin/keepalived -d -D -S 0 |