普通用户安装管理Keepalived

介绍


负载均衡(Load Balance,简称LB)是一种服务或基于硬件设备等实现的高可用反向代理技术,负载均衡将特定的业务(web服务、网络流量等)分担给指定的一个或多个后端特定的服务器或设备,从而提高了公司业务的并发处理能力、保证了业务的高可用性、方便了业务后期的水平动态扩展。
我经过测试,完全使用普通用户是不能安装上的,keepalived的运行需要root。下面的回答中,普通用户用到了sudo,提升权限,所以并不是完全是普通用户。
这篇文件使用普通用户安装keepalived,通过root用户修改系统配置,让普通用户能使用:systemctl start keepalived和systemctl stop keepalived来管理。

安装


下载地址:https://www.keepalived.org/software/keepalived-2.2.4.tar.gz

[code404@OIS-AS ~]$ tar -xvf keepalived-2.2.4.tar.gz
[code404@OIS-AS ~]$ cd keepalived-2.2.4
[code404@OIS-AS ~]$ ./configure --prefix=/data/keepalived
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

报错:*** WARNING – this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.

切到root用户把libnl-devel 安装上,然后用root编译安装

[root@OIS-AS ~]# yum install libnl-devel
[root@OIS-AS ~]# cd keepalived-2.2.4
[root@OIS-AS ~]# ./configure --prefix=/data/keepalived
[root@OIS-AS ~]# make install

授权给普通用户

安装目录/data/keepalived给普通用户code404授权

[root@OIS-AS ~]# chown -R code404.code404 /data/keepalived

systemctl 管理服务,给普通用户code404授权
编辑配置文件/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy

vim /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy
        <action id="org.freedesktop.systemd1.manage-units">
                <defaults>
                        <allow_any>yes</allow_any>
                        <allow_inactive>yes</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.systemd1.manage-unit-files"> enable
                <defaults>
                        <allow_any>yes</allow_any>
                        <allow_inactive>yes</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.systemd1.reload-daemon"> enable
                <defaults>
                        <allow_any>yes</allow_any>
                        <allow_inactive>yes</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
        </action>

修改配置文件


使用 root 用户修改keeepalived 服务配置,指定一下启动配置文件
/usr/lib/systemd/system/keepalived.service

vim /usr/lib/systemd/system/keepalived.service
ExecStart=/data/keepalived/sbin/keepalived -f /data/keepalived/etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS

keepalived 配置


vim /data/keepalived/etc/keepalived/keepalived.conf

! Configuration File for keepalived
# 全局配置,demo中配置了邮件信息,此处因为调试中,暂时没有添加
global_defs {
    router_id OA-YY-T074161
}
# 集群资源监控,组合track_script进行
vrrp_script check_haproxy {
    script "/data/keepalived/etc/keepalived/haproxy_check.sh"
    interval 2 #检测间隔时间
    #weight -20 ##如果条件成立则权重减20
}
vrrp_instance VI_1 {
    # 设置当前主机为主节点,如果是备用节点,则设置为BACKUP
    # 备用节点时,设置为:
    state BACKUP
    # state MASTER
    # 指定HA监测网络接口,可以用ifconfig查看来决定设置哪一个
    interface ens192
    # 虚拟路由标识,同一个VRRP实例要使用同一个标识,主备机
    virtual_router_id 161
    #mcast_src_ip 10.3.153.67
    # 因为当前环境中VRRP组播有问题,改为使用单播发送VRRP报文
    # 这个地方需要关注,之前未做此设置,结果主备节点互相不能发现,因此主备节点都升级成了MASTER,并且绑定了VIP
    unicast_src_ip 10.3.153.67
    unicast_peer {
		10.3.153.68
	}
    # 备用节点时,内容为:
    priority 100 ##设置优先级(0-255)
    nopreempt
    advert_int 1 ## 组播信息发送间隔,两个节点必须配置一致,默认1s
    authentication {
        auth_type PASS
        auth_pass 123321
    }
    track_script {
        chk_haproxy
    }
    virtual_ipaddress {
        10.3.153.244 ##虚拟ip,可指定多个
    }
}

检测脚本配置


vim /data/keepalived/etc/keepalived/haproxy_check.sh

#!/bin/bash
COUNT=`ps -C haproxy --no-header |wc -l`
T=`date '+%Y-%m-%d %H:%M:%S'`
LOGF='/data/keepalived/logs/keepalived_healthcheckers.log'
echo "$T haproxy Number of processes :"$COUNT >> $LOGF
echo "$T haproxy processes :" `ps -ef |grep haproxy` >> $LOGF
if [ $COUNT -eq 0 ];then
echo "$T Stopping keepalived:" >> $LOGF
systemctl stop keepalived
echo "$T Stoped keepalived :" >> $LOGF
fi

普通用户启动keepalived


[code404@OIS-AS ~]$ systemctl start keepalived

查看本机监听IP

[tailweb@OAV2-YY-V153067 ~/keepalived/etc/keepalived]$ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a6:e0:2a brd ff:ff:ff:ff:ff:ff
    inet 10.3.153.67/23 brd 10.3.153.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet 10.3.153.244/32 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea6:e02a/64 scope link 
       valid_lft forever preferred_lft forever

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/1478.html

发表评论

登录后才能评论