2. 技术
    3. CentOS7配置keepalived(1) 编译安装keepalived

    CentOS7配置keepalived(1) 编译安装keepalived

    技术2023-08-13  82

    该文档在CentOS7.6系统下进行编译安装keepalived 2.0.20

    主机名称ip地址操作系统角色软件版本备注opsproxy-shqs-110.99.73.38 (real ip)CentOS 7.6keepalived2.0.20opsproxy-shqs-110.99.73.39 (real ip)CentOS 7.6keepalived2.0.2010.99.73.40 (vip)VIP

    备注: 当前最新 版本应该是2.1.3, 在centos7下编译安装后,功能一切正常,就是就是日志配置不生效(还是生成在/var/log/messages下,rsyslog的配置不生效)。 同样的方式编译安装2.0.20以及1系列版本1.4.5日志的配置是生效的。

    一、编译安装keepalived

    1.1 下载keepalived源码包

    wget https://www.keepalived.org/software/keepalived-2.0.20.tar.gz tar zxvf keepalived-2.0.20.tar.gz

    1.2 编译安装keepalived

    我的编译软件统一安装在/opt/app/install/目录下面,然后软连接到/opt/app/下面。所以这里设置keepalived的安装目录为/opt/app/install/keepalived

    # 准备编译环境 yum install -y ipvsadm popt popt-devel libnl libnl-devel libnl3-devel libnfnetlink libnfnetlink-devel net-snmp-devel openssl openssl-devel # 切换到keepalived源码根目录 cd keepalived-2.0.20 # 编译 ./configure --with-init=systemd --with-systemdsystemunitdir=/usr/lib/systemd/system --prefix=/opt/app/install/keepalived --with-run-dir=/opt/app/install/keepalived/run make # 安装 make install # 可执行文件拷贝一份到系统执行文件目录,该目录在path变量里面,可以直接使用keepalived命令 cp /opt/app/install/keepalived/sbin/keepalived /usr/sbin/keepalived # 或者 # ln -s /opt/app/install/keepalived/sbin/keepalived /usr/sbin/keepalived # 软连接(这一步谨是我自己对软件目录管理的需求) ln -s /opt/app/install/keepalived /opt/app/keepalived # keepalived附加参数文件,为了跟yum安装一致,其实是不用配置的。启动文件指定实际路径就可以了。 ln -s /opt/app/install/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived # pid文件放置目录,目录可以自己定义在启动脚本里面使用 mkdir /opt/app/install/keepalived/run

    1.3 配置system自启动文件

    根据上面的编译安装,实际已经生成了启动文件,我们这里进行一些修改。

    编写配置文件vi /usr/lib/systemd/system/keepalived.service [Unit] Description=LVS and VRRP High Availability Monitor After=network-online.target syslog.target Wants=network-online.target [Service] Type=simple PIDFile=/opt/app/keepalived/run/keepalived.pid KillMode=process EnvironmentFile=-/etc/sysconfig/keepalived ExecStart=/usr/sbin/keepalived -f /opt/app/keepalived/etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target 加载文件systemctl daemon-reload

    以上,keepalived主备节点操作相同。

    1.4 keepalived配置文件

    这里仅仅是一个简单的配置文件,在haproxy服务中使用,部署验证这些就够了,更多参数配置需要了在补充吧。 配置文件目录/opt/app/keepalived/etc/keepalived/keepalived.conf

    主备节点需要一致的参数:router_id ,virtual_router_id 主备节点优先级可以设置为主高备低:priority

    Master节点

    vi /opt/app/keepalived/etc/keepalived/keepalived.conf global_defs { router_id haproxy } vrrp_script chk_haproxy { script "/opt/app/keepalived/etc/keepalived/chk_haproxy.sh" interval 2 weight 2 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 55 priority 101 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.99.73.40 } track_script { chk_haproxy } }

    backup节点

    vi /opt/app/keepalived/etc/keepalived/keepalived.conf global_defs { router_id haproxy } vrrp_script chk_haproxy { script "/opt/app/keepalived/etc/keepalived/chk_haproxy.sh" interval 2 weight 2 } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 55 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.99.73.40 } track_script { chk_haproxy } } 定义haproxy状态监控,如果haproxy没有运行,会监控到并主动拉起haproxy服务。 vi /opt/app/keepalived/etc/keepalived/chk_haproxy.sh #!/bin/bash if [ $(ps -C haproxy --no-header | wc -l) -eq 0 ]; then systemctl start haproxy fi chmod +x /opt/app/keepalived/etc/keepalived/chk_haproxy.sh

    配置自启动

    systemctl enable keepalived.service

    启动服务

    systemctl start keepalived.service systemctl status keepalived.service

    验证VIP的漂移

    #----------------------------------- # 1. 初次启动看下VIP #----------------------------------- # 主节点(master) # ip add 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:5f:60:52 brd ff:ff:ff:ff:ff:ff inet 10.99.73.38/24 brd 10.99.73.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.99.73.40/32 scope global eth0 #这里 valid_lft forever preferred_lft forever # 备节点(backup) # ip add 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:84:54:be brd ff:ff:ff:ff:ff:ff inet 10.99.73.39/24 brd 10.99.73.255 scope global eth0 valid_lft forever preferred_lft forever #----------------------------------- # 2. 关闭主节点keepalived服务 #----------------------------------- # 主节点(master) 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:5f:60:52 brd ff:ff:ff:ff:ff:ff inet 10.99.73.38/24 brd 10.99.73.255 scope global eth0 #可以看到VIP已经漂走了 valid_lft forever preferred_lft forever # 备节点(backup) 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:84:54:be brd ff:ff:ff:ff:ff:ff inet 10.99.73.39/24 brd 10.99.73.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.99.73.40/32 scope global eth0 #可以看到VIP已经漂过来了,很快很快 valid_lft forever preferred_lft forever #----------------------------------- # 3. 重新开启主节点keepalived服务,因为我们配置的主节点优先级比较高,虽然备节点正常,但VIP还是会漂过来的。 #----------------------------------- # 主节点(master) 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:5f:60:52 brd ff:ff:ff:ff:ff:ff inet 10.99.73.38/24 brd 10.99.73.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.99.73.40/32 scope global eth0 # 备节点(backup) 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:84:54:be brd ff:ff:ff:ff:ff:ff inet 10.99.73.39/24 brd 10.99.73.255 scope global eth0 valid_lft forever preferred_lft forever

    验证监控脚本会自动拉起haproxy

    # 查看当前haproxy状态,确认启动时间以及PID systemctl status haproxy|grep -A 1 Active Active: active (running) since Fri 2020-07-03 16:11:25 CST; 4min 27s ago Main PID: 3942 (haproxy) # 执行关闭haproxy,查看是否被自动拉起服务 systemctl stop haproxy systemctl status haproxy|grep -A 1 Active Active: active (running) since Fri 2020-07-03 16:16:47 CST; 601ms ago Main PID: 8382 (haproxy)

    可以看到haproxy被keepalived自动拉起来了,验证完成。

    1.5 日志配置

    编辑启动环境变量文件,将日志配置到local[0-7]中的一个,这里配置到local1 (因为我已经将haproxy的日志配置到local0) vi /opt/app/install/keepalived/etc/sysconfig/keepalived # Options for keepalived. See `keepalived --help' output and keepalived(8) and # keepalived.conf(5) man pages for a list of all options. Here are the most # common ones : # # --vrrp -P Only run with VRRP subsystem. # --check -C Only run with Health-checker subsystem. # --dont-release-vrrp -V Dont remove VRRP VIPs & VROUTEs on daemon stop. # --dont-release-ipvs -I Dont remove IPVS topology on daemon stop. # --dump-conf -d Dump the configuration data. # --log-detail -D Detailed log messages. # --log-facility -S 0-7 Set local syslog facility (default=LOG_DAEMON) # KEEPALIVED_OPTIONS="-D -d -S 1" 配置rsyslog vi /etc/rsyslog.d/keepalived.conf $ModLoad imudp $UDPServerRun 514 local1.* /var/log/keepalived.log 重启rsyslog,然后重启keepalived systemctl restart rsyslog systemctl restart keepalived systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-07-05 00:55:27 CST; 427ms ago Process: 32314 ExecStart=/usr/sbin/keepalived -f /opt/app/keepalived/etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 32315 (keepalived) Tasks: 2 Memory: 704.0K CGroup: /system.slice/keepalived.service ├─32315 /usr/sbin/keepalived -f /opt/app/keepalived/etc/keepalived/keepalived.conf -D -d -S 1 └─32316 /usr/sbin/keepalived -f /opt/app/keepalived/etc/keepalived/keepalived.conf -D -d -S 1

    可以看到配置已经生效了。

    tail -f /var/log/keepalived.log ...<省略>
    Processed: 0.010, SQL: 9