keepalived+nginx双主热备
- 前言
- keepalived+nginx双主热备
- keepalived+nginx双主热备部署
- 安装nginx
- 安装keepalived
- 修改master节点的keepalived配置文件
- 修改backup节点的keeepalived配置文件
- 配置keepalived主备
- 配置keepalived双主热备
前言
有关keepalived和nginx的一些工作原理,简介等相关信息这里就不过多赘述了,有不了不太清楚或者不太了解的朋友可以参考我之前的文章
keepalived相关内容
nginx相关内容01
nginx相关内容02
keepalived+nginx双主热备
在配置双主热备之前,最好先弄明白双机主备
环境说明
| 系统版本 | 软件版本 | IP地址 |
|---|---|---|
| centos7.9 | keepalived-2.2.7版本 nginx-1.20.1版本 | 192.168.182.130(master) |
| centos7.9 | keepalived-2.2.7版本 nginx-1.20.1版本 | 192.168.182.131(backup) |
keepalived官网下载地址
nginx官网下载地址
keepalived+nginx双主热备部署
安装nginx
以下操做两台主机都做
[root@130 opt]# pwd
/opt
[root@130 opt]# ls
nginx-1.20.1.tar.gz[root@130 opt]# tar zxf nginx-1.20.1.tar.gz
// 进入解压目录
[root@130 opt]# cd nginx-1.20.1/
[root@130 nginx-1.20.1]# ./configure --with-http_ssl_module //开始编译
说明一下不加“--prefix=“ nginx会默认安装在/usr/local目录下./configure: error: C compiler cc is not found //第一个报错
[root@130 nginx-1.20.1]# yum -y install gcc //解决./configure: error: the HTTP rewrite module requires the PCRE library //第二个报错
[root@130 nginx-1.20.1]# yum -y install pcre pcre-devel //解决./configure: error: SSL modules require the OpenSSL library. //第三个报错
[root@130 nginx-1.20.1]# yum -y install openssl openssl-devel //解决
[root@130 nginx-1.20.1]# make && make install //执行完成之后遍安装完成
配置nginx环境,方便使用nginx的二进制命令
[root@130 ~]# echo 'export PATH=$PATH:/usr/local/nginx/sbin' > /etc/profile.d/nginx.sh
[root@130 ~]# source /etc/profile.d/nginx.sh
// 执行完上面的命令后就不需要到sbin目录下执行nginx的二进制命令了
使用systemctl控制nginx
[root@130 ~]# cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=Nginx server daemon
After=network.target sshd-keygen.service[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s quit
ExecReload=/bin/kill -HUP $MAINPID[Install]
WantedBy=multi-user.target
EOF[root@130 ~]# systemctl daemon-reload
[root@130 ~]# systemctl start nginx
[root@130 ~]# systemctl enable nginx.service
//此处为master节点nginx
// 此处为backup节点的nginx
安装keepalived
以下操作同样也需要在两台主机上执行
[root@130 opt]# tar zxf keepalived-2.2.7.tar.gz
[root@130 opt]# cd keepalived-2.2.7/
[root@130 keepalived-2.2.7]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc //咱们安装在/usr/local命令下,不加--sysconf=/etc可能会报错//第一次编译会出现警告信息,但其实不影响,强迫症患者会不舒服
*** WARNING this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS [root@130 keepalived-2.2.7]# yum -y install libnl libnl-devel //解决
[root@130 keepalived-2.2.7]# make && make install //进行安装
配置keepalived环境变量
[root@130 ~]# echo 'export PATH=$PATH:/usr/local/keepalived/sbin' > /etc/profile.d/keepalived.sh
[root@130 ~]# source /etc/profile.d/keepalived.sh
生成keeepalived配置文件
[root@130 keepalived]# pwd
/etc/keepalived
[root@130 keepalived]# cp keepalived.conf.sample keepalived.conf
修改master节点的keepalived配置文件
[root@130 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {router_id HA01 //此处的id要全局唯一
}vrrp_instance VI_1 {state MASTER //因为130为master所以状态为masterinterface ens33 //此处根据你的网卡名称变化而变化virtual_router_id 51 //虚拟路由id,在同一组中此处保持一致,也就是主备节点都需要一样priority 100 //优先级advert_int 1 //主备间心跳检测间隔为1秒authentication { //认证授权的账号和密码auth_type PASSauth_pass 1111}virtual_ipaddress { //此处为虚拟VIP地址192.168.182.100}
}
使用systemctl控制keepalived
[root@130 keepalived]# vim /usr/lib/systemd/system/keepalived.service //修改service文件
[Unit]
Description=keepalived
After=network-online.target syslog.target [Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID[Install]
WantedBy=multi-user.target[root@130 keepalived]# systemctl daemon-reload
[root@130 keepalived]# systemctl start keepalived
[root@130 keepalived]# systemctl enable keepalived.service
修改backup节点的keeepalived配置文件
[root@131 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {router_id HA02
}vrrp_instance VI_1 {state BACKUP //备用节点改为backupinterface ens33virtual_router_id 51priority 90 //备用节点的优先级要小于主节点advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.182.100}
}
使用systemctl控制keepalived
[root@131 ~]# vim /usr/lib/systemd/system/keepalived.service
[Unit]
Description=keepalived
After=network-online.target syslog.target [Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID[Install]
WantedBy=multi-user.target[root@131 ~]# systemctl daemon-reload
[root@131 ~]# systemctl start keepalived
[root@131 ~]# systemctl enable keepalived
配置keepalived主备
注意:VIP为192.168.182.100
我们知道此实验的目的是为让nginx能7×24小时的工作,保证用户能正常访问,所以接下来需要编写脚本让keepalived来监听并自动运行此脚本
下面的操作均在master上进行
[root@130 keepalived]# pwd
/etc/keepalived
[root@130 keepalived]# touch check-nginx.sh
[root@130 keepalived]# chmod +x check-nginx.sh
[root@130 keepalived]# vim check-nginx.sh
#!/bin/bash
process=`ps -C nginx | grep -vc PID` //获取nginx的进程数
if [ $process -eq 0 ];then //等于0就说明nginx挂了,先尝试启动nginx,然后等待3秒systemctl start nginxsleep 3
elif [ $process -eq 0 ];then //如果nginx启动不了,说明出现问题了,所以需要将服务转到备用节点上systemctl stop keepalived
fi
// 将上面的脚本加入到keepalived的配置文件中
! Configuration File for keepalivedglobal_defs {router_id HA01
}vrrp_script nginx-check {script "/etc/keepalived/check-nginx.sh" //此处写咱们脚本的绝对路径interval 2 //每隔两秒执行此脚本weight 10 //执行脚本成功此节点的优先级+10;若写成weight -10,则反之。
}vrrp_instance VI_1 {state MASTERinterface ens33virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}track_script {nginx-check //追踪咱们上面的脚本
}virtual_ipaddress {192.168.182.100}
}[root@130 keepalived]# systemctl restart keepalived.service
若关闭master上的nginx,keeepalived检测到之后会在3秒内启动nginx,这里我就不做演示了。
从下图可以看到访问VIP时为master上的nginx
下面我们模拟故障情况,假设nginx挂点了,然后我们关闭keepalived,看是否能跳转到backup上
[root@130 keepalived]# systemctl stop keepalived.service //关闭
// 跳转成功
下面的操作在backup上进行
[root@131 keepalived]# pwd
/etc/keepalived
[root@131 keepalived]# touch check_nginx.sh
[root@131 keepalived]# chmod +x check_nginx.sh
[root@131 keepalived]# cat check_nginx.sh
#!/bin/bash
process=`ps -C nginx --no-header | wc -l`
if [ $process -eq 0 ];thensystemctl start nginxsleep 3
elif [ $process -eq 0 ];thensystemctl stop keepalived.service
fi[root@131 keepalived]# vim keepalived.conf
! Configuration File for keepalivedglobal_defs {router_id HA02
}vrrp_script check_nginx {script "/etc/keepalived/check_nginx.sh"weight 10interval 2
}vrrp_instance VI_1 {state BACKUPinterface ens33virtual_router_id 51priority 90advert_int 1authentication {auth_type PASSauth_pass 1111}track_script {check_nginx
}virtual_ipaddress {192.168.182.100}
}
配置keepalived双主热备
- 看咱们上面的主备配置都是master在提供服务只有当master宕机时backup才会接管进行工作,所以这就会导致有一台主机就会处于闲置状态
- 双主就是两台主机都提供服务,当master上nginx宕机后,keepalived也会停掉,这时master上的VIP时便跳转到backup,而当backup节点挂掉时backup便会将请求转到master上,看下面的示例演示
在master节点上配置
[root@130 keepalived]# vim keepalived.conf //在配置文件最后一行添加下面内容
vrrp_instance VI_2 { //因为这是第二组,又因为这里需要全局唯一所以不能与上面的 VI_1一致state BACKUP //因为双主的话,master和backup都是对方的master,上面第一组时master是backup的主,所以现在master应该为backu的备interface ens33virtual_router_id 52 //此处同一节点需保持一致,所以要修改为52priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}
virtual_ipaddress {192.168.182.101 //因为是新的一组主备,所以需要再添加一个VIP}
}[root@130 keepalived]# systemctl restart keepalived.service
[root@131 keepalived]# pwd
/etc/keepalived
[root@131 keepalived]# vim keepalived.conf //也是在配置文件的最后一行添加下面内容
vrrp_instance VI_2 {state MASTERinterface ens33virtual_router_id 52priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}
virtual_ipaddress {192.168.182.101}
}[root@131 keepalived]# systemctl restart keepalived.service
//访问第二组的VIP能正常访问nginx02
//这里我们关闭master节点上的keepalived
[root@130 keepalived]# systemctl stop keepalived.service
//这里发现第一组的VIP100也可以访问到nginx02,反之若backup上的keepalived挂掉,能访问到nginx01,至此双主热备成功。
