keepalived雙BACKUP加nopreempt不起作用,兩個機器同時擁有vip,
排查幾天發現是防火牆問題,啃爹。
打開 vi /etc/sysconfig/iptables
插入一條:-A RH-Firewall-1-INPUT -i eth0 -p 112 -j ACCEPT
保存后,
然后重啟防火牆,就恢復正常。
要么把防火牆關掉。
-----------------------------------
我們這里僅僅是監控了網絡故障和keepalived本身進程,在網絡或者keepalived進程出現問題的時候會切換,但是我的節點A里面還有很多服務呢,例如nginx,PHP,mysql進程出問題或高負載的時候相應過慢怎么辦,怎么切換的呢,這時就要用到腳本了,下面我們來看看keepalived是如何控制腳本來實現對服務器的監控和切換的
寫個腳本來實時監控三個服務,若有一個出現問題遍切換mkdir /root/shell/
cd /root/shell
vi keepcheck.sh
#!/bin/bash
while :
do
mysqlcheck=`/usr/local/lnmp/mysql/bin/mysqladmin -uroot ping 2>&1`
mysqlcode=`echo $?`
phpcheck=`ps -C php-fpm --no-header | wc -l`
nginxcheck=`ps -C nginx --no-header | wc -l`
keepalivedcheck=`ps -C keepalived --no-header | wc -l`
if [ $nginxcheck -eq 0 ]|| [ $phpcheck -eq 0 ]||[ $mysqlcode -ne 0 ];then
if [ $keepalivedcheck -ne 0 ];then
killall -TERM keepalived
else
echo "keepalived is stoped"
fi
else
if [ $keepalivedcheck -eq 0 ];then
/etc/init.d/keepalived start
else
echo "keepalived is running"
fi
fi
sleep 5
done
注意,用/etc/init.d/keepalived start如果起不來,可以用/usr/local/keepalived/sbin/keepalived二進制文件直接執行啟動即可
啟動腳本:
- chmod +x /root/shell/keepcheck.sh
- nohup sh /root/shell/keepcheck.sh &
節點B也用這個腳本
節點A和節點B 都寫入/etc/rc.local開機自動啟動
- echo "nohup sh /root/shell/keepcheck.sh &" >> /etc/rc.loal
更改時間,並配置時間自動同步
crontab -e
加入下面一行:
*/30 * * * * ntpdate 210.72.145.44
配置時間:
date --set "06/10/2011 13:56"
即把時間調整為2011年06月10日,13點56分(以當你前時間為准)
保存時間,即保存到coms里
clock -w
--------------------------------------
一、keepalived環境搭建
1.硬、軟件需求
keepalived-1.2.12.tar.gz
兩台Linux服務器(kernel版本在2.4.18以上)
172.16.0.252、172.16.0.253
關閉防火牆:
service iptables stop
chkconfig --level 235 iptables off
關閉selinux:
vi /etc/selinux/config
SELINUX=disabled
2.安裝步驟
2.1解壓安裝軟件(兩台服務器)
tar -zxvf keepalived-1.2.12.tar.gz
cd keepalived-1.2.12
./configure --prefix=/usr/local/keepalived --disable-lvs(沒有ipvs負載均衡時,可以disable掉) --with-kernel-dir=/usr/src/kernels/2.6.32-358.el6.x86_64/(kernel版本根據實際情況)
make && make install
2.2 復制相關文件(兩台服務器)
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
2.3 編輯配置文件(兩台服務器)
主服務器:
vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost.localdomain
}
notification_email_from notification_email_from root@localhost.localdomain
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_sync_group VGM {
group {
VI_1
}
}
vrrp_script chk_tomcat {
script "/root/tomcat.pid"
interval 1
#weight -20
}
}
vrrp_instance VI_1 {
state BACKUP #只在Master上修改
interface eth0 #心跳,網絡監控端口
virtual_router_id 51
priority 100
advert_int 1
nopreempt #只在Master上添加
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0 #需要監控的網口
eth1
}
virtual_ipaddress {
172.16.0.254/23 dev eth1 #vip綁定在業務網口上,提供用戶訪問的ip地址
}
track_script {
chk_tomcat
}
}
備服務器:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost.localdomain
}
notification_email_from root@localhost.localdomain
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_sync_group VGM {
group {
VI_1
}
}
vrrp_script chk_tomcat {
script "/root/tomcat.pid"
interval 1
#weight -20
}
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_interface {
eth0
eth1
}
virtual_ipaddress {
172.16.0.254/23 dev eth1
}
track_script {
chk_tomcat
}
}
新增tomcat.pid文件(兩台服務器一樣)
vim /root/tomcat.pid
#!/bin/bash
JAVA_PRO=`ps -C java --no-headers|wc -l`
if [ $JAVA_PRO -eq 0 ];then
/etc/init.d/keepalived stop
fi
chmod a+x tomcat.pid
3.啟動服務(兩台服務器):
先啟動tomcat,再啟動keepalived(service keepalived start)
4.檢查vip
#ip addr
#tail -f /var/log/messages
http://www.tuicool.com/articles/7NjEjm
http://www.linuxidc.com/Linux/2015-03/114981.htm
http://www.ipython.me/centos/keepalived-config-using.html
排查:
1.是否需要添加默認網關或路由
3.是否開啟了iptables和selinux
4.內核參數
net.ipv4.ip_forward = 1
開啟IP轉發功能
net.ipv4.ip_nonlocal_bind = 1
開啟允許綁定非本機的IP
如果使用LVS的DR或者TUN模式結合Keepalived需要在后端真實服務器上特別設置兩個arp相關的參數。這里也設置好。
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
5.如果Keepalived所在網絡不允許使用組播,可以使用VRRP單播
6.懷疑是keepalived啟動腳本/etc/init.d/keepalived的問題
關鍵是這一行
daemon $exec $KEEPALIVED_OPTIONS
由於沒有復制/etc/sysconfig/keepalived,所以將直接執行damon /data/app_platform/keepalived/sbin/keepalived
由於keepalived默認使用的是/etc/keepalived/keepalived.conf作為配置文件,而這里指定了不同的配置文件,所以要修改成為
daemon $exec -D -f $config
如果前面沒有定義config變量
就把$config換成配置文件的絕對位置
7.需要注意主備的weight和priority的值,這兩個值如果設置不合理可能會影響VIP的切換。
8.如果使用的配置文件不是默認的配置文件,在啟動Keepalived的時候需要使用 -f 參數指定配置文件。
9.兩台服務器的時間是否一致。
10.重啟網絡