yum安裝

yum -y install keepalived
配置文件：
/etc/keepalived/ keepalived.conf
日志文件：
/var/log/messages

注意：在啟動(dòng)之前，一定要配置下keepalived.conf文件

源碼編譯安裝

安裝依賴(lài)：

yum install curl gcc autoconf automake openssl-devel libnl3-devel \
    iptables-devel ipset-devel net-snmp-devel libnfnetlink-devel file-devel
yum install glib2-devel
yum install json-c-devel

下載源碼：

wget -c https://keepalived.org/software/keepalived-2.2.8.tar.gz
curl --progress https://keepalived.org/software/keepalived-2.2.8.tar.gz

解壓源碼：

tar -xvf keepalived-2.2.8.tar.gz

編譯安裝：

cd keepalived-2.2.8
./build_setup
./configure --prefix=/usr/local/keepalived-2.2.8
make && make install

設(shè)置自啟動(dòng)：

# 存儲(chǔ)庫(kù)安裝
ln -s /etc/rc.d/init.d/keepalived.init /etc/rc.d/rc3.d/S99keepalived
# 編譯安裝
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/
ln -s /usr/local/keepalived/sbin/keepalived /sbin/
# 開(kāi)啟自啟
systemctl enable keepalived

keepalived基礎(chǔ)運(yùn)行環(huán)境配置

配置/etc/host文件：

10.1.1.11 web01.test.com
10.1.1.12 web02.test.com
10.1.1.13 mysql01.test.com
10.1.1.14 mysql02.test.com

停止NetworkManager：

systemctl stop NetworkManager
systemctl disable NetworkManager

開(kāi)啟時(shí)間同步：

ntpupdate cn.ntp.org.cn

keepalived.conf詳解

! Configuration File for keepalived

#全局定義塊
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
   }
   #指定發(fā)件人
   notification_email_from smtp@test.com
   #指定smtp服務(wù)器地址
   smtp_server 10.1.1.200
   #指定smtp連接超時(shí)時(shí)間
   smtp_connect_timeout 30
   #運(yùn)行keepalived機(jī)器的名稱(chēng)
   router_id LVS_DEVEL
  # vrrp_strict # 不注釋沒(méi)法ping通vip晓锻，需要重啟應(yīng)用
}

#VRRP實(shí)例定義塊  
vrrp_instance Group1 { # 主備組名一致
    #設(shè)置本機(jī)角色独撇，MASTER|BACKUP
    state MASTER
    #對(duì)外提供服務(wù)的網(wǎng)絡(luò)接口纷铣，要與本地的通信的接口一致
    interface ens33
    #VRID標(biāo)記 ,路由ID搜立，主備一致儒拂，可通過(guò)tcpdump命令查看
    virtual_router_id 51
    #優(yōu)先級(jí)，高優(yōu)先級(jí)競(jìng)選為master
    priority 100
    #健康檢查間隔命雀，默認(rèn)1秒
    advert_int 1
     #設(shè)置認(rèn)證
    authentication {
        #認(rèn)證方式
        auth_type PASS
        #認(rèn)證密碼
        auth_pass 1qaz@WSX
    }
    virtual_ipaddress {
            10.1.1.20 #設(shè)置vip
    }
}

keepalived基本操作命令

開(kāi)啟：systemctl start keepalived
停止：systemctl stop keepalived
重啟：systemctl restart keepalived
查看狀態(tài)：systemctl status keepalived

默認(rèn)安裝目錄：/usr/local/keepalive
配置文件位置：/etc/keepalived/keepalived.conf

健康監(jiān)測(cè)nginx

編寫(xiě)一個(gè)健康監(jiān)測(cè)的腳本/sctipt/nginx.sh

#!/bin/bash
nginx_status='ps -C --no-header |wc -l'
if [ $nginx_status -eq 0 ]; then
  systemctl stop keepalived
fi

在配置文件keepalived.conf中調(diào)用腳本

# 聲明腳本
vrrp_script check_nginx{
  script /script/nginx.sh
  interval 3
}
# 調(diào)用腳本
vrrp_instance Group1{
  track_script{
    check_nginx
  }
}

keepalive的非搶占模式

搶占與非搶占模式：
搶占：web01故障恢復(fù)后重新?lián)屨极@取VIP
非搶占：web01故障后不再搶占獲取VIP撵儿，VIP長(zhǎng)期在web02上淀歇，直至配置更改或web02故障
如何設(shè)置非搶占模式：
1.更改配置文件為非搶占模式

vrrp_instance Group1{
  nopreempt
}

2.配置state角色都為BACKUP

vrrp_instance Group1{
  state BACKUP
  nopreempt
}

3.重啟keepalive服務(wù)
systemctl restart keepalived

VIP腦裂

VIP腦裂的原因：最大的原因是沒(méi)有關(guān)閉防火墻，或者是防火墻沒(méi)有放通vrrp協(xié)議
抓包查看：
yum -y install tcpdump
tcpdump -i ens33 vrrp -n
可以看到正常情況下主機(jī)ip在跟vrrp組播地址通信纳决，備機(jī)不會(huì)跟組播地址過(guò)多通信阔加；如果發(fā)生腦裂所有機(jī)器都會(huì)搶占VIP胜榔，抓包查看會(huì)發(fā)現(xiàn)所有機(jī)器都跟組播地址通信。

生產(chǎn)環(huán)境防火墻放通vrrp協(xié)議：

firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens33 --destnation 224.0.0.18 --protocol vrrp -j ACCEPT 
firewall-cmd --reload

組播改單播：
先注釋vrrp_strict摔癣，接著在keepalive.conf配置文件中增加配置择浊，然后重啟應(yīng)用

# vrrp_strict
vrrp_instance Group1{
  unicast_src_ip 10.1.1.11
  unicast_peer {
    10.1.1.12
  }
}