keepalived+nginx双主热备
- 前言
- keepalived+nginx双主热备
- keepalived+nginx双主热备部署
- 安装nginx
- 安装keepalived
- 修改master节点的keepalived配置文件
- 修改backup节点的keeepalived配置文件
- 配置keepalived主备
- 配置keepalived双主热备
前言
有关keepalived和nginx的一些工作原理,简介等相关信息这里就不过多赘述了,有不了不太清楚或者不太了解的朋友可以参考我之前的文章
keepalived相关内容
nginx相关内容01
nginx相关内容02
keepalived+nginx双主热备
在配置双主热备之前,最好先弄明白双机主备
环境说明
| 系统版本 | 软件版本 | IP地址 |
|---|---|---|
| centos7.9 | keepalived-2.2.7版本 nginx-1.20.1版本 | 192.168.182.130(master) |
| centos7.9 | keepalived-2.2.7版本 nginx-1.20.1版本 | 192.168.182.131(backup) |
keepalived官网下载地址
nginx官网下载地址
keepalived+nginx双主热备部署
安装nginx
以下操做两台主机都做
[root@130 opt]# pwd
/opt
[root@130 opt]# ls
nginx-1.20.1.tar.gz
[root@130 opt]# tar zxf nginx-1.20.1.tar.gz
// 进入解压目录
[root@130 opt]# cd nginx-1.20.1/
[root@130 nginx-1.20.1]# ./configure --with-http_ssl_module //开始编译
说明一下不加“--prefix=“ nginx会默认安装在/usr/local目录下
./configure: error: C compiler cc is not found //第一个报错
[root@130 nginx-1.20.1]# yum -y install gcc //解决
./configure: error: the HTTP rewrite module requires the PCRE library //第二个报错
[root@130 nginx-1.20.1]# yum -y install pcre pcre-devel //解决
./configure: error: SSL modules require the OpenSSL library. //第三个报错
[root@130 nginx-1.20.1]# yum -y install openssl openssl-devel //解决
[root@130 nginx-1.20.1]# make && make install //执行完成之后遍安装完成
配置nginx环境,方便使用nginx的二进制命令
[root@130 ~]# echo 'export PATH=$PATH:/usr/local/nginx/sbin' > /etc/profile.d/nginx.sh
[root@130 ~]# source /etc/profile.d/nginx.sh
// 执行完上面的命令后就不需要到sbin目录下执行nginx的二进制命令了
使用systemctl控制nginx
[root@130 ~]# cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=Nginx server daemon
After=network.target sshd-keygen.service
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s quit
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
[root@130 ~]# systemctl daemon-reload
[root@130 ~]# systemctl start nginx
[root@130 ~]# systemctl enable nginx.service
//此处为master节点nginx
// 此处为backup节点的nginx
安装keepalived
以下操作同样也需要在两台主机上执行
[root@130 opt]# tar zxf keepalived-2.2.7.tar.gz
[root@130 opt]# cd keepalived-2.2.7/
[root@130 keepalived-2.2.7]# ./configure --prefix=/usr/local/keepalived --sysconf=/etc //咱们安装在/usr/local命令下,不加--sysconf=/etc可能会报错
//第一次编译会出现警告信息,但其实不影响,强迫症患者会不舒服
*** WARNING this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS
[root@130 keepalived-2.2.7]# yum -y install libnl libnl-devel //解决
[root@130 keepalived-2.2.7]# make && make install //进行安装
配置keepalived环境变量
[root@130 ~]# echo 'export PATH=$PATH:/usr/local/keepalived/sbin' > /etc/profile.d/keepalived.sh
[root@130 ~]# source /etc/profile.d/keepalived.sh
生成keeepalived配置文件
[root@130 keepalived]# pwd
/etc/keepalived
[root@130 keepalived]# cp keepalived.conf.sample keepalived.conf
修改master节点的keepalived配置文件
[root@130 keepalived]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id HA01 //此处的id要全局唯一
}
vrrp_instance VI_1 {
state MASTER //因为130为master所以状态为master
interface ens33 //此处根据你的网卡名称变化而变化
virtual_router_id 51 //虚拟路由id,在同一组中此处保持一致,也就是主备节点都需要一样
priority 100 //优先级
advert_int 1 //主备间心跳检测间隔为1秒
authentication { //认证授权的账号和密码
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { //此处为虚拟VIP地址
192.168.182.100
}
}
使用systemctl控制keepalived
[root@130 keepalived]# vim /usr/lib/systemd/system/keepalived.service //修改service文件
[Unit]
Description=keepalived
After=network-online.target syslog.target
[Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@130 keepalived]# systemctl daemon-reload
[root@130 keepalived]# systemctl start keepalived
[root@130 keepalived]# systemctl enable keepalived.service
修改backup节点的keeepalived配置文件
[root@131 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id HA02
}
vrrp_instance VI_1 {
state BACKUP //备用节点改为backup
interface ens33
virtual_router_id 51
priority 90 //备用节点的优先级要小于主节点
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.182.100
}
}
使用systemctl控制keepalived
[root@131 ~]# vim /usr/lib/systemd/system/keepalived.service
[Unit]
Description=keepalived
After=network-online.target syslog.target
[Service]
Type=forking
PIDFile=/run/keepalived.pid
KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@131 ~]# systemctl daemon-reload
[root@131 ~]# systemctl start keepalived
[root@131 ~]# systemctl enable keepalived
配置keepalived主备
注意:VIP为192.168.182.100
我们知道此实验的目的是为让nginx能7×24小时的工作,保证用户能正常访问,所以接下来需要编写脚本让keepalived来监听并自动运行此脚本
下面的操作均在master上进行
[root@130 keepalived]# pwd
/etc/keepalived
[root@130 keepalived]# touch check-nginx.sh
[root@130 keepalived]# chmod +x check-nginx.sh
[root@130 keepalived]# vim check-nginx.sh
#!/bin/bash
process=`ps -C nginx | grep -vc PID` //获取nginx的进程数
if [ $process -eq 0 ];then //等于0就说明nginx挂了,先尝试启动nginx,然后等待3秒
systemctl start nginx
sleep 3
elif [ $process -eq 0 ];then //如果nginx启动不了,说明出现问题了,所以需要将服务转到备用节点上
systemctl stop keepalived
fi
// 将上面的脚本加入到keepalived的配置文件中
! Configuration File for keepalived
global_defs {
router_id HA01
}
vrrp_script nginx-check {
script "/etc/keepalived/check-nginx.sh" //此处写咱们脚本的绝对路径
interval 2 //每隔两秒执行此脚本
weight 10 //执行脚本成功此节点的优先级+10;若写成weight -10,则反之。
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
nginx-check //追踪咱们上面的脚本
}
virtual_ipaddress {
192.168.182.100
}
}
[root@130 keepalived]# systemctl restart keepalived.service
若关闭master上的nginx,keeepalived检测到之后会在3秒内启动nginx,这里我就不做演示了。
从下图可以看到访问VIP时为master上的nginx
下面我们模拟故障情况,假设nginx挂点了,然后我们关闭keepalived,看是否能跳转到backup上
[root@130 keepalived]# systemctl stop keepalived.service //关闭
// 跳转成功
下面的操作在backup上进行
[root@131 keepalived]# pwd
/etc/keepalived
[root@131 keepalived]# touch check_nginx.sh
[root@131 keepalived]# chmod +x check_nginx.sh
[root@131 keepalived]# cat check_nginx.sh
#!/bin/bash
process=`ps -C nginx --no-header | wc -l`
if [ $process -eq 0 ];then
systemctl start nginx
sleep 3
elif [ $process -eq 0 ];then
systemctl stop keepalived.service
fi
[root@131 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
router_id HA02
}
vrrp_script check_nginx {
script "/etc/keepalived/check_nginx.sh"
weight 10
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
check_nginx
}
virtual_ipaddress {
192.168.182.100
}
}
配置keepalived双主热备
- 看咱们上面的主备配置都是master在提供服务只有当master宕机时backup才会接管进行工作,所以这就会导致有一台主机就会处于闲置状态
- 双主就是两台主机都提供服务,当master上nginx宕机后,keepalived也会停掉,这时master上的VIP时便跳转到backup,而当backup节点挂掉时backup便会将请求转到master上,看下面的示例演示
在master节点上配置
[root@130 keepalived]# vim keepalived.conf //在配置文件最后一行添加下面内容
vrrp_instance VI_2 { //因为这是第二组,又因为这里需要全局唯一所以不能与上面的 VI_1一致
state BACKUP //因为双主的话,master和backup都是对方的master,上面第一组时master是backup的主,所以现在master应该为backu的备
interface ens33
virtual_router_id 52 //此处同一节点需保持一致,所以要修改为52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.182.101 //因为是新的一组主备,所以需要再添加一个VIP
}
}
[root@130 keepalived]# systemctl restart keepalived.service
[root@131 keepalived]# pwd
/etc/keepalived
[root@131 keepalived]# vim keepalived.conf //也是在配置文件的最后一行添加下面内容
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.182.101
}
}
[root@131 keepalived]# systemctl restart keepalived.service
//访问第二组的VIP能正常访问nginx02
//这里我们关闭master节点上的keepalived
[root@130 keepalived]# systemctl stop keepalived.service
//这里发现第一组的VIP100也可以访问到nginx02,反之若backup上的keepalived挂掉,能访问到nginx01,至此双主热备成功。
