1、安装keepalived并将其配置成系统服务。
环境介绍:两台centos7虚拟机
master1:192.168.23.129
master2:192.168.23.130
vip(虚拟Ip):192.168.23.188
master1和master2两台机器上同样进行如下操作:
# 下载与安装
yum install -y openssl-devel popt-devel
cd /usr/local/src/
wget http://www.keepalived.org/software/keepalived-1.3.5.tar.gz
tar -zvxf keepalived-1.3.5.tar.gz
cd keepalived-1.3.5
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived/
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
echo "/etc/init.d/keepalived start" >> /etc/rc.local
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
2、master1机器上的keepalived.conf配置。(下面配置中没有使用lvs的负载均衡功能,所以不需要配置虚拟服务器virtual server)
1.主机master上配置
vim /etc/keepalived/keepalived.conf #清空默认内容,直接采用下面配置:
! Configuration File for keepalived
global_defs {
router_id MASTER-HA
}
vrrp_script chk_mysql_port {
script "/etc/keepalived/chk_mysql.sh"
interval 2
weight 2
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens33
mcast_src_ip 192.168.1.146
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.188
}
track_script {
chk_mysql_port
}
}
virtual_server 192.168.23.188 3306 {
delay_loop 6
lb_algo rr
lb_kind NAT
#nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
## Real Server设置,3306就是连接端口
real_server 192.168.23.129 3306 {
weight 3 #权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.23.130 3306 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
2.主机master2上的配置
! Configuration File for keepalived
global_defs {
router_id BACKUP-HA
}
vrrp_script chk_mysql_port {
script "/etc/keepalived/chk_mysql.sh"
interval 2
weight 2
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
mcast_src_ip 192.168.23.130
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.23.188
}
track_script {
chk_mysql_port
}
}
virtual_server 192.168.23.188 3306 {
delay_loop 6 #服务轮询的时间间隔
lb_algo rr #加权轮询调度,LVS调度算法 rr|wrr|lc|wlc|lblc|sh|sh
lb_kind NAT #LVS集群模式 NAT|DR|TUN,其中DR模式要求负载均衡器网卡必须有一块与物理网卡在同一个网段
#nat_mask 255.255.255.0
persistence_timeout 50 #会话保持时间
protocol TCP #健康检查协议
## Real Server设置,3306就是连接端口
real_server 192.168.23.129 3306 {
weight 3 ##权重
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
real_server 192.168.23.130 3306 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}
3.编写切换脚本。
KeepAlived做心跳检测,如果Master的MySQL服务挂了(3306端口挂了),那么它就会选择自杀。Slave的KeepAlived通过心跳检测发现这个情况,就会将VIP的请求接管。
# 编辑脚本
vim /etc/keepalived/chk_mysql.sh
编写具体脚本
#!/bin/bash
counter=$(netstat -na| grep "LISTEN"| grep "3306" | wc -l)
if [ "${counter}" - eq 0 ]; then
/etc/init .d /keepalived stop
fi
4.启动keepalived
# 给脚本赋权
chmod 755 /etc/keepalived/chk_mysql.sh
# 启动keepalived服务
/etc/init.d/keepalived start
#可以看到 vip在master上
ip addr
问题解决
- 问题描述:由防火墙导致的脑裂问题
注意:应该永久关闭防火墙,cent os7以前是iptables,之后是firewall
Keepalived是一个轻量级的HA集群解决方案,但开启防火墙后各节点无法感知其它节点的状态,各自都绑定了虚拟IP。网上很多文章讲要配置防火墙放过tcp/112,在CentOS7下是无效的,正确的做法是配置放过vrrp协议,方法如下:
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload
Keepalived使用vrrp组播,默认地址是224.0.0.18,因此要配置防火墙放过。 完成后再用ip addr查看,集群已经正常了,只有主节点绑定虚拟IP,备份节点不会绑定了。
- 启动的时候有可能启动失败
在启动的时候有可能启动失败 ,修改PIDFile的位置
vim /lib/systemd/system/keepalived.service
# 在第7行修改,发现这个目录不存在,无法写入
PIDFile=/usr/local/program/keepalived/var/run/keepalived.pid
#修改成
PIDFile=/var/run/keepalived.pid
#重新载入 systemd,扫描新的或有变动的单元
systemctl daemon-reload
在运行就Ok了
etc/init.d/keepalived start
版权声明:本文为qq_41695041原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。