目錄
簡(jiǎn)介
1.準(zhǔn)備工作
- 1.1 關(guān)閉selinux
- 1.2 關(guān)閉iptables防火墻
- 1.3 安裝wget
2.部署Nginx
- 2.1 安裝編譯工具及庫(kù)文件
- 2.2 安裝nginx
- 2.3 配置nginx
- 2.3.1 創(chuàng)建nginx運(yùn)行使用的用戶www
- 2.3.2 啟動(dòng)nginx
- 2.3.3 編輯index.html文件
- 2.3.4 配置nginx.conf
- 2.3.5 瀏覽器訪問(wèn)
3.部署Keepalived
- 3.1 安裝keepalived
- 3.2 修改keepalived的配置文件
- 3.3 編寫(xiě)nginx狀態(tài)監(jiān)測(cè)腳本
- 3.4 保存腳本,賦予執(zhí)行權(quán)限
- 3.5 啟動(dòng)keepalived
4.Nginx+Keepalived的高可用測(cè)試
- 4.1 查看服務(wù)器上的地址
- 4.2 關(guān)閉MASTER上的nginx队贱,keepalived會(huì)將它重新啟動(dòng)
- 4.3 關(guān)閉MASTER上的keepalived矮台,VIP會(huì)切換到BACKUP上
- 4.4 驗(yàn)證VIP的漂移
- 驗(yàn)證方法1:通過(guò)ip add查看VIP的漂移
- 驗(yàn)證方法2:通過(guò)瀏覽器訪問(wèn)VIP
簡(jiǎn)介
這種方案唁情,使用一個(gè)VIP地址梧税,前端使用2臺(tái)機(jī)器占业,一臺(tái)做主帽蝶,一臺(tái)做備赦肋,但同時(shí)只有一臺(tái)機(jī)器工作,另一臺(tái)備機(jī)在主機(jī)器不出現(xiàn)故障的時(shí)候励稳,永遠(yuǎn)處于浪費(fèi)狀態(tài)佃乘,對(duì)于服務(wù)器不多的網(wǎng)站,該方案并不經(jīng)濟(jì)實(shí)惠驹尼。
關(guān)于Nginx版本
Mainline version:開(kāi)發(fā)版
Stable version:穩(wěn)定版
Legacy versions:遺留的老版本
官方地址:http://nginx.org/ 趣避,找到“news”中,最新的一個(gè)stable version
下載地址:http://nginx.org/download/ 新翎,找到這個(gè)包的下載鏈接程帕,右鍵復(fù)制鏈接地址
規(guī)劃:
LB-01:192.168.1.191 nginx+keepalived-master
LB-02:192.168.1.192 nginx+keepalived-backup
VIP:192.168.1.99
OS:CentOS 6.8 X64
架構(gòu)圖:
Nginx+Keepalived主從架構(gòu)
1.準(zhǔn)備工作
1.1 關(guān)閉SELinux
[root@example01 ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
1.2 關(guān)閉IPTABLES防火墻
[root@example01 ~]# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# 允許VRRP(虛擬路由冗余協(xié)議)通信
-A INPUT -p vrrp -d -j ACCEPT
# 允許Keepalived虛擬路由組播地址通信
-A INPUT -d 224.0.0.18 -j ACCEPT
[root@example01 ~]# service iptables restart
iptables: Applying firewall rules: [ OK ]
1.3 安裝wget
[root@example01 ~]# yum -y install wget
準(zhǔn)備工作到此為止,reboot命令地啰,重啟兩臺(tái)服務(wù)器愁拭,使得SELinux配置生效
2.部署nginx
2.1 安裝編譯工具及庫(kù)文件
[root@example01 ~]# yum -y install gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel
2.2 安裝nginx
[root@example01 ~]# cd /usr/local/src/
[root@example01 src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
[root@example01 src]# tar -zxvf nginx-1.6.2.tar.gz
[root@example01 src]# cd nginx-1.6.2
[root@example01 nginx-1.6.2]# ./configure --prefix=/usr/local/nginx \
--with-http_stub_status_module \
--with-http_ssl_module
[root@example01 nginx-1.6.2]# make && make install
- 配置報(bào)錯(cuò):
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.- 解決辦法:
[root@example01 nginx-1.6.2]# ./configure --prefix=/usr/local/nginx \
> --without-http_rewrite_module
2.3 配置nginx
2.3.1 創(chuàng)建nginx運(yùn)行使用的用戶www
[root@example01 nginx-1.6.2]# /usr/sbin/groupadd www
[root@example01 nginx-1.6.2]# /usr/sbin/useradd -g www www
2.3.2 啟動(dòng)nginx
啟動(dòng)服務(wù)
[root@example01 nginx-1.6.2]# /usr/local/nginx/sbin/nginx
重載nginx配置
[root@example01 nginx-1.6.2]# /usr/local/nginx/sbin/nginx -s reload
開(kāi)機(jī)啟動(dòng)
[root@example01 src]# vim /etc/rc.local
# Nginx
/usr/local/nginx/sbin/nginx
2.3.3 編輯index.html文件
編輯LB-01:192.168.1.191
[root@example01 nginx-1.6.2]# vim /usr/local/nginx/html/index.html
14 <h1>Welcome to nginx!Server01</h1>
編輯LB-02:192.168.1.192
[root@example02 nginx-1.6.2]# vim /usr/local/nginx/html/index.html
14 <h1>Welcome to nginx!Server02</h1>
2.3.4 配置nginx.conf
2 user www www;
3 worker_processes 1;
35 upstream my Server {
36 ip_hash;
37 server 192.168.1.191:80;
38 server 192.168.1.192:80;
39 }
Tips:
- 負(fù)載均衡模塊用于從”upstream”指令定義的后端主機(jī)列表中選取一臺(tái)主機(jī)。nginx先使用負(fù)載均衡模塊找到一臺(tái)主機(jī)亏吝,再使用upstream模塊實(shí)現(xiàn)與這臺(tái)主機(jī)的交互岭埠。
- 從配置我們可以看出負(fù)載均衡模塊的使用場(chǎng)景:
- 1.核心指令”ip_hash”只能在upstream {}中使用。這條指令用于通知nginx使用ip hash負(fù)載均衡算法蔚鸥。如果沒(méi)加這條指令惜论,nginx會(huì)使用默認(rèn)的round robin負(fù)載均衡模塊。
- 2.upstream {}中的指令可能出現(xiàn)在”server”指令前株茶,可能出現(xiàn)在”server”指令后来涨,也可能出現(xiàn)在兩條”server”指令之間。
2.3.5 瀏覽器訪問(wèn):
http://192.168.1.191
LB-01:192.168.1.191
http://192.168.1.192
LB-02:192.168.1.192
nginx其它命令:
/usr/local/nginx/sbin/nginx -s reload # 重新載入配置文件
/usr/local/nginx/sbin/nginx -s reopen # 重啟 Nginx
/usr/local/nginx/sbin/nginx -s stop # 停止 Nginx
3.部署keepalived
3.1 安裝keepalived
[root@example01 src]# yum -y install keepalived
查看keepalived版本
[root@example01 src]# keepalived -v
Keepalived v1.2.13 (03/19,2015)
3.2 修改keepalived的配置文件
LB-01:192.168.1.191的配置
[root@example01 src]# vim /etc/keepalived/keepalived.conf
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" # 檢測(cè)nginx狀態(tài)的腳本路徑
interval 2 # 檢測(cè)時(shí)間間隔2s
weight -20 # 如果腳本的條件成立启盛,權(quán)重-20
}
vrrp_instance VI_1 {
state MASTER # 服務(wù)狀態(tài)蹦掐;MASTER(工作狀態(tài))BACKUP(備用狀態(tài))
interface eth0 # VIP綁定網(wǎng)卡
virtual_router_id 51 # 虛擬路由ID,主僵闯、備節(jié)點(diǎn)必須一致
mcast_src_ip 192.168.1.191 # 本機(jī)IP
nopreempt # 優(yōu)先級(jí)高的設(shè)置卧抗,解決異常回復(fù)后再次搶占的問(wèn)題
priority 100 # 優(yōu)先級(jí)鳖粟;取值范圍:0~254社裆;MASTER > BACKUP
advert_int 1 # 組播信息發(fā)送間隔,主向图、備節(jié)點(diǎn)必須一致泳秀,默認(rèn)1s
authentication { # 驗(yàn)證信息标沪;主、備節(jié)點(diǎn)必須一致
auth_type PASS # VRRP驗(yàn)證類型嗜傅,PASS金句、AH兩種
auth_pass 1111 # VRRP驗(yàn)證密碼,在同一個(gè)vrrp_instance下吕嘀,主违寞、從必須使用相同的密碼才能正常通信
}
track_script { # 將track_script塊加入instance配置塊
chk_nginx # 執(zhí)行Nginx監(jiān)控的服務(wù)
}
virtual_ipaddress { # 虛擬IP池,主偶房、備節(jié)點(diǎn)必須一致趁曼,可以定義多個(gè)VIP
192.168.1.99 # 虛擬IP
}
}
LB-02:192.168.1.192的配置
[root@example02 src]# vim /etc/keepalived/keepalived.conf
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.192
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.99
}
}
3.3 編寫(xiě)nginx狀態(tài)監(jiān)測(cè)腳本
[root@example01 keepalived]# vim /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
腳本要求:如果 nginx 停止運(yùn)行,嘗試啟動(dòng)棕洋,如果無(wú)法啟動(dòng)則殺死本機(jī)的 keepalived 進(jìn)程挡闰, keepalied將虛擬 ip 綁定到 BACKUP 機(jī)器上。
3.4 保存腳本拍冠,賦予執(zhí)行權(quán)限
[root@example01 keepalived]# chmod +x /etc/keepalived/nginx_check.sh
[root@example01 keepalived]# ll
total 8
-rw-r--r--. 1 root root 3602 Mar 27 23:46 keepalived.conf
-rwxr-xr-x. 1 root root 191 Mar 27 23:53 nginx_check.sh
3.5 啟動(dòng)keepalived
開(kāi)機(jī)啟動(dòng)
[root@example02 src]# chkconfig keepalived on
啟動(dòng)服務(wù)
[root@example01 keepalived]# service keepalived start
Starting keepalived: [ OK ]
4.keepalived+nginx的高可用測(cè)試
4.1 查看服務(wù)器上的地址
查看MASTER的地址:
[root@example01 keepalived]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:2c:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.191/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0 # 注意尿这,此時(shí)MASTER上存在一個(gè)VIP
inet6 fe80::20c:29ff:fe37:2c86/64 scope link
valid_lft forever preferred_lft forever
查看BACKUP的地址:
[root@example02 src]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:9e:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.192/24 brd 192.168.1.255 scope global eth0
inet6 fe80::20c:29ff:fe5b:9e6b/64 scope link
valid_lft forever preferred_lft forever
4.2 關(guān)閉MASTER上的nginx,keepalived會(huì)將它重新啟動(dòng)
[root@example01 keepalived]# /usr/local/nginx/sbin/nginx -s stop
4.3 關(guān)閉MASTER上的keepalived庆杜,VIP會(huì)切換到BACKUP上
[root@example01 keepalived]# service keepalived stop
Stopping keepalived: [ OK ]
4.4 驗(yàn)證VIP的漂移
驗(yàn)證方法1:通過(guò)ip add查看VIP的漂移
[root@example01 keepalived]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:2c:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.191/24 brd 192.168.1.255 scope global eth0
inet6 fe80::20c:29ff:fe37:2c86/64 scope link
valid_lft forever preferred_lft forever
[root@example02 src]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:9e:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.192/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0 # 注意射众,此時(shí)存在一個(gè)VIP
inet6 fe80::20c:29ff:fe5b:9e6b/64 scope link
valid_lft forever preferred_lft forever
驗(yàn)證方法2:通過(guò)瀏覽器訪問(wèn)VIP
瀏覽器訪問(wèn):http://192.168.1.99
刷新頁(yè)面,顯示“Welcome to nginx!Server02”晃财,表示已經(jīng)VIP已經(jīng)漂移到了BACKUP服務(wù)器上
高可用
到這里叨橱,整個(gè)部署就已經(jīng)完成了!
Tips:
- 在上面的部署過(guò)程中断盛,為了節(jié)省篇幅罗洗,只顯示了LB-01:192.168.1.191上的部署過(guò)程。新手請(qǐng)注意钢猛,按照部署過(guò)程伙菜,凡是在LB-01:192.168.1.191上做的所有配置(準(zhǔn)備工作、部署Nginx命迈、部署Keepalived)贩绕,都需要在LB-02:192.168.1.192上,再部署一次壶愤,并保持兩邊的配置過(guò)程一樣淑倾!
