构建keepalive+nginx集群 1、软件安装 1.1、准备两台机器 A机器:192.168.232.132 B机器:192.168.232.131 A级器作为master,B机器作为backup 1.2、两台机器都安装keepalived A机器 [root@aaa-01 ~]# yum install -y keepalived B机器 [root@bbb-01 ~]# yum install -y keepalived 1.3、两台机器上都安装nginx 若是A、B机器没有装nginx服务,可以直接yum安装,安装完之后启动nginx [root@aaa-01 ~]# yum install -y nginx [root@aaa-01 ~]# service nginx start Redirecting to /bin/systemctl start nginx.service [root@aaa-01 ~]# ps aux|grep nginx root 16687 0.0 0.0 46364 964 ? Ss 11:51 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 16688 0.0 0.1 46764 1924 ? S 11:51 0:00 nginx: worker process root 16690 0.0 0.0 112676 980 pts/0 R+ 11:51 0:00 grep --color=auto nginx 注意:有时直接yum安装不了,需要安装yum扩展源:yum install -y epel-release 2、配置A机器 2.1、更改keepalived配置文件 默认的配置文件路径在/etc/keepalived/keepalived.conf 清空文件内容 > /etc/keepalived/keepalived.conf 编辑配置文件 vim /etc/keepalived/keepalived.conf 添加加以下内容: global_defs { notification_email { aming@aminglinux.com } notification_email_from root@aminglinux.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" interval 3 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { 192.168.232.100 } track_script { chk_nginx } } 注意:"virtual_ipaddress"也就是所谓的vip我们设置为192.168.232.100 2.2、定义监控脚本 脚本路径在keepalived配置文件中有定义,路径为/usr/local/sbin/check_ng.sh 编辑配置文件: vim /usr/local/sbin/check_ng.sh 增加以下内容: #!/bin/bash #时间变量,用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量 n=`ps -C nginx --no-heading|wc -l` #如果进程为0,则启动nginx,并且再次检测nginx进程数量, #如果还为0,说明nginx无法启动,此时需要关闭keepalived if [ $n -eq "0" ]; then /etc/init.d/nginx start n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi 2.3、改变脚本的权限 脚本创建完之后,还需要改变脚本的权限(不更改权限,就无法自动加载脚本,那就无法启动keepalived服务) [root@aaa-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh 2.4、启动keepalived服务,并查看是否启动成功 [root@aaa-01 ~]# systemctl start keepalived [root@aaa-01 ~]# ps aux |grep keepalived root 34653 0.0 0.1 118652 1400 ? Ss 12:16 0:00 /usr/sbin/keepalived -D root 34654 0.0 0.2 122852 2392 ? S 12:16 0:00 /usr/sbin/keepalived -D root 34655 0.0 0.2 122852 2448 ? S 12:16 0:00 /usr/sbin/keepalived -D root 34661 0.0 0.0 112720 988 pts/1 S+ 12:16 0:00 grep --color=auto keepalived 启动不成功,有可能是防火墙未关闭或者规则限制导致的 systemctl stop firewalld 关闭firewalld iptables -nvL查看防火墙 setenforce 0 临时关闭selinux getenforce命令查看是否为Permissiv 再来启动keepalived,就会看到keepalived进程服务了 2.5、停止nginx服务 /etc/init.d/nginx stop 查看nginx服务进程 [root@aaa-01 ~]# /etc/init.d/nginx stop Stopping nginx (via systemctl): [ 确定 ] [root@aaa-01 ~]# ps aux |grep nginx root 34813 0.0 0.0 20548 628 ? Ss 12:17 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 34817 0.0 0.3 22992 3216 ? S 12:17 0:00 nginx: worker process nobody 34818 0.0 0.3 22992 3216 ? S 12:17 0:00 nginx: worker process root 34832 0.0 0.0 112720 984 pts/1 R+ 12:17 0:00 grep --color=auto nginx 2.6、查看ip地址 使用 ip add 命令,可以查看到vip192.168.232.100 [root@aaa-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c2:05:5a brd ff:ff:ff:ff:ff:ff inet 192.168.232.132/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1559sec preferred_lft 1559sec inet 192.168.232.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec2:55a/64 scope link valid_lft forever preferred_lft forever 3、B机器配置 3.1、修改keepalived配置文件 配置文件路径:/etc/keepalived/keepalived.conf 清空:> /etc/keepalived/keepalived.conf 编辑配置文件: [root@bbb-01 ~]# vim /etc/keepalived/keepalived.conf 增加以下内容: global_defs { notification_email { aming@aminglinux.com } notification_email_from root@aminglinux.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" interval 3 } vrrp_instance VI_1 { state BACKUP //这里 和master不一样的名字 interface eno16777736 //网卡和当前机器一致,否则无法启动keepalived服务 virtual_router_id 51 //和主机器 保持一致 priority 90 //权重,要比主机器小的数值 advert_int 1 authentication { auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { 192.168.74.100 //这里更改为192.168.232.100 } track_script { chk_nginx } } 3.2、定义监控脚本 [root@bbb-01 ~]# vim /usr/local/sbin/check_ng.sh 增加以下内容: #时间变量,用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量 n=`ps -C nginx --no-heading|wc -l` #如果进程为0,则启动nginx,并且再次检测nginx进程数量, #如果还为0,说明nginx无法启动,此时需要关闭keepalived if [ $n -eq "0" ]; then systemctl start nginx n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi 3.3、改动脚本的权限 设置为755权限 [root@bbb-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh 3.4、启动keepalived服务 [root@bbb-01 ~]# systemctl start keepalived [root@bbb-01 ~]# ps aux |grep keep root 19134 0.0 0.1 118608 1384 ? Ss 12:33 0:00 /usr/sbin/keepalived -D root 19135 0.0 0.2 122804 2384 ? S 12:33 0:00 /usr/sbin/keepalived -D root 19136 0.0 0.2 122804 2424 ? S 12:33 0:00 /usr/sbin/keepalived -D root 19143 0.0 0.0 112676 984 pts/0 R+ 12:33 0:00 grep --color=auto keep 4、区分主和从的nginx 4.1、A机器 4.1.1、查看虚拟主机内容 [root@aaa-01]# cat /usr/local/nginx/conf/vhost/aaa.com.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; } 4.1.2、索引页 [root@aaa-01~]# cat /data/wwwroot/default/index.html This is the default sete. [root@aaa-01~]# vim /data/wwwroot/default/index.html #增加内容 master This is the default sete. 4.1.3、用网页查看 http://192.168.232.132 This is the default sete. 4.2、B机器 4.2.1、索引页 默认的索引页在 /usr/share/nginx/html/index.html [root@bbb-01 ~]# vim /usr/share/nginx/html/index.html #增加内容 backup backup. 4.2.2、用网页查看 http://192.168.232.131 backup backup. 4.3、用虚拟IP在网页测试 http://192.168.232.100 This is the default sete. 5、模拟线上生产环境 模拟主机宕机环境,可直接关闭keepalive服务, 5.1、关闭A机器keepalive并查看 [root@aaa-01 ~]# systemctl start keepalived [root@aaa-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c2:05:5a brd ff:ff:ff:ff:ff:ff inet 192.168.232.132/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1532sec preferred_lft 1532sec inet6 fe80::20c:29ff:fec2:55a/64 scope link valid_lft forever preferred_lft forever 5.2、查看B机器 [root@bbb-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:fb:fc:6f brd ff:ff:ff:ff:ff:ff inet 192.168.232.131/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1179sec preferred_lft 1179sec inet 192.168.232.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fefb:fc6f/64 scope link valid_lft forever preferred_lft forever 3、浏览器访问vip,看到已经变成B机器 http://192.168.232.100 backup backup.