希望是你见过的最简洁配置文档,结构清晰,代码精简,减少新手入门的成本,帮助更多的人掌握。
目录
简介
1.准备工作
- 1.1 关闭selinux
- 1.2 关闭iptables防火墙
- 1.3 安装wget
2.部署Nginx
- 2.1 安装编译工具及库文件
- 2.2 安装nginx
- 2.3 配置nginx
- 2.3.1 创建nginx运行使用的用户www
- 2.3.2 启动nginx
- 2.3.3 编辑index.html文件
- 2.3.4 配置nginx.conf
- 2.3.5 浏览器访问
3.部署Keepalived
- 3.1 安装keepalived
- 3.2 修改keepalived的配置文件
- 3.3 编写nginx状态监测脚本
- 3.4 保存脚本,赋予执行权限
- 3.5 启动keepalived
4.Nginx+Keepalived的高可用测试
- 4.1 查看服务器上的地址
- 4.2 关闭MASTER上的nginx,keepalived会将它重新启动
- 4.3 关闭MASTER上的keepalived,VIP会切换到BACKUP上
- 4.4 验证VIP的漂移
- 验证方法1:通过ip add查看VIP的漂移
- 验证方法2:通过浏览器访问VIP
简介
这种方案,使用两个VIP地址,前端使用2台机器,互为主备,同时有两台机器工作,当其中一台机器出现故障,两台机器的请求转移到一台机器负担,非常适合于生产架构环境。
关于Nginx版本
Mainline version:开发版
Stable version:稳定版
Legacy versions:遗留的老版本
官方地址:http://nginx.org/ ,找到“news”中,最新的一个stable version
下载地址:http://nginx.org/download/ ,找到这个包的下载链接,右键复制链接地址
规划:
LB-01:192.168.1.191 nginx+keepalived-master
LB-02:192.168.1.192 nginx+keepalived-backup
VIP1:192.168.1.98
LB-01:192.168.1.191 nginx+keepalived-backup
LB-02:192.168.1.192 nginx+keepalived-master
VIP2:192.168.1.99
OS:CentOS 6.8 X64
架构图:
Nginx+Keepalived主主架构
1.准备工作
1.1 关闭SELinux
[root@example01 ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
1.2 IPTABLES防火墙添加规则
[root@example01 ~]# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# 允许VRRP(虚拟路由冗余协议)通信
-A INPUT -p vrrp -j ACCEPT
# 允许Keepalived虚拟路由组播地址通信
-A INPUT -d 224.0.0.18 -j ACCEPT
[root@example01 ~]# service iptables restart
iptables: Applying firewall rules: [ OK ]
1.3 安装wget
[root@example01 ~]# yum -y install wget
准备工作到此为止,reboot命令,重启两台服务器,使得SELinux配置生效
2.部署nginx
2.1 安装编译工具及库文件
[root@example01 ~]# yum -y install gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel
2.2 安装nginx
[root@example01 ~]# cd /usr/local/src/
[root@example01 src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
[root@example01 src]# tar -zxvf nginx-1.6.2.tar.gz
[root@example01 src]# cd nginx-1.6.2
[root@example01 nginx-1.6.2]# ./configure --prefix=/usr/local/nginx \
--with-http_stub_status_module \
--with-http_ssl_module
[root@example01 nginx-1.6.2]# make && make install
2.3 配置nginx
2.3.1 创建nginx运行使用的用户www
[root@example01 nginx-1.6.2]# /usr/sbin/groupadd www
[root@example01 nginx-1.6.2]# /usr/sbin/useradd -g www www
2.3.2 启动nginx
启动服务
[root@example01 nginx-1.6.2]# /usr/local/nginx/sbin/nginx
重载nginx配置
[root@example01 nginx-1.6.2]# /usr/local/nginx/sbin/nginx -s reload
开机启动
[root@example01 src]# vim /etc/rc.local
# Nginx
/usr/local/nginx/sbin/nginx
2.3.3 编辑index.html文件
编辑LB-01:192.168.1.191
[root@example01 nginx-1.6.2]# vim /usr/local/nginx/html/index.html
14 <h1>Welcome to nginx!Server01</h1>
编辑LB-02:192.168.1.192
[root@example02 nginx-1.6.2]# vim /usr/local/nginx/html/index.html
14 <h1>Welcome to nginx!Server02</h1>
2.3.4 配置nginx.conf
2 user www www;
3 worker_processes 1;
35 upstream myServer {
36 ip_hash;
37 server 192.168.1.191:80;
38 server 192.168.1.192:80;
39 }
Tips:
- 负载均衡模块用于从”upstream”指令定义的后端主机列表中选取一台主机。nginx先使用负载均衡模块找到一台主机,再使用upstream模块实现与这台主机的交互。
- 从配置我们可以看出负载均衡模块的使用场景:
- 1.核心指令”ip_hash”只能在upstream {}中使用。这条指令用于通知nginx使用ip hash负载均衡算法。如果没加这条指令,nginx会使用默认的round robin负载均衡模块。
- 2.upstream {}中的指令可能出现在”server”指令前,可能出现在”server”指令后,也可能出现在两条”server”指令之间。
2.3.5 浏览器访问:
http://192.168.1.191
LB-01:192.168.1.191
http://192.168.1.192
LB-02:192.168.1.192
nginx其它命令:
/usr/local/nginx/sbin/nginx -s reload # 重新载入配置文件
/usr/local/nginx/sbin/nginx -s reopen # 重启 Nginx
/usr/local/nginx/sbin/nginx -s stop # 停止 Nginx
3.部署keepalived
3.1 安装keepalived
[root@example01 src]# yum -y install keepalived
查看keepalived版本
[root@example01 src]# keepalived -v
Keepalived v1.2.13 (03/19,2015)
3.2 修改keepalived的配置文件
LB-01:192.168.1.191的配置
[root@example01 src]# vim /etc/keepalived/keepalived.conf
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh" # 检测nginx状态的脚本路径
interval 2 # 检测时间间隔2s
weight -20 # 如果脚本的条件成立,权重-20
}
vrrp_instance VI_1 { # VRRP实例名;多实例的情况下,名称必须不一致
state MASTER # 服务状态;MASTER(工作状态)BACKUP(备用状态)
interface eth0 # VIP绑定网卡
virtual_router_id 51 # 虚拟路由ID,主、备节点必须一致;多实例的情况下,ID必须不一致
mcast_src_ip 192.168.1.191 # 本机IP
nopreempt # 优先级高的设置,解决异常回复后再次抢占的问题
priority 100 # 优先级;取值范围:0~254;MASTER > BACKUP
advert_int 1 # 组播信息发送间隔,主、备节点必须一致,默认1s
authentication { # 验证信息;主、备节点必须一致
auth_type PASS # VRRP验证类型,PASS、AH两种
auth_pass 1111 # VRRP验证密码,在同一个vrrp_instance下,主、从必须使用相同的密码才能正常通信
}
track_script { # 将track_script块加入instance配置块
chk_nginx # 执行Nginx监控的服务
}
virtual_ipaddress { # 虚拟IP池,主、备节点必须一致,可以定义多个VIP
192.168.1.98 # 虚拟IP
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
mcast_src_ip 192.168.1.191
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.99
}
LB-02:192.168.1.192的配置
[root@example02 src]# vim /etc/keepalived/keepalived.conf
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.1.192
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.98
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 52
mcast_src_ip 192.168.1.192
nopreempt
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
chk_nginx
}
virtual_ipaddress {
192.168.1.99
}
}
3.3 编写nginx状态监测脚本
[root@example01 keepalived]# vim /etc/keepalived/nginx_check.sh
#!/bin/bash
A=`ps -C nginx –no-header |wc -l`
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
sleep 2
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
脚本要求:如果 nginx 停止运行,尝试启动,如果无法启动则杀死本机的 keepalived 进程, keepalied将虚拟 ip 绑定到 BACKUP 机器上。
3.4 保存脚本,赋予执行权限
[root@example01 keepalived]# chmod +x /etc/keepalived/nginx_check.sh
[root@example01 keepalived]# ll
total 8
-rw-r--r--. 1 root root 3602 Mar 27 23:46 keepalived.conf
-rwxr-xr-x. 1 root root 191 Mar 27 23:53 nginx_check.sh
3.5 启动keepalived
开机启动
[root@example02 src]# chkconfig keepalived on
启动服务
[root@example01 keepalived]# service keepalived start
Starting keepalived: [ OK ]
4.keepalived+nginx的高可用测试
4.1 查看服务器上的地址
查看MASTER的地址:
[root@example01 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:2c:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.191/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.98/32 scope global eth0 # VIP1
inet 192.168.1.99/32 scope global eth0 # VIP2
inet6 fe80::20c:29ff:fe37:2c86/64 scope link
valid_lft forever preferred_lft forever
查看BACKUP的地址:
[root@example02 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:9e:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.192/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0 # VIP1
inet 192.168.1.98/32 scope global eth0 # VIP2
inet6 fe80::20c:29ff:fe5b:9e6b/64 scope link
valid_lft forever preferred_lft forever
4.2 关闭MASTER上的nginx,keepalived会将它重新启动
[root@example01 keepalived]# /usr/local/nginx/sbin/nginx -s stop
4.3 关闭MASTER上的keepalived,VIP会切换到BACKUP上
[root@example01 keepalived]# service keepalived stop
Stopping keepalived: [ OK ]
4.4 验证VIP的漂移
验证方法1:通过ip add查看VIP的漂移
关闭LB-01上的keepalived,VIP1会切换到LB-02上,同时,LB-01的eth0网卡上两个VIP都消失了
[root@example01 keepalived]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:37:2c:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.191/24 brd 192.168.1.255 scope global eth0 # 注意,keepalived服务关闭后,LB-01上已经没有VIP了
inet6 fe80::20c:29ff:fe37:2c86/64 scope link
valid_lft forever preferred_lft forever
[root@example02 src]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5b:9e:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.192/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.99/32 scope global eth0 # VIP1
inet 192.168.1.98/32 scope global eth0 # VIP2
inet6 fe80::20c:29ff:fe5b:9e6b/64 scope link
valid_lft forever preferred_lft forever
验证方法2:通过浏览器访问VIP
验证方法2:通过浏览器访问VIP
浏览器访问:http://192.168.1.98 显示Server01
MASTER-VIP1 / BACKUP-VIP2
浏览器访问:http://192.168.1.99 显示Server02
BACKUP-VIP1 / MASTER-VIP2
到这里,整个部署就已经完成了!
Tips:
- 在上面的部署过程中,为了节省篇幅,只显示了LB-01:192.168.1.191上的部署过程。新手请注意,按照部署过程,凡是在LB-01:192.168.1.191上做的所有配置(准备工作、部署Nginx、部署Keepalived),都需要在LB-02:192.168.1.192上,再部署一次,并保持两边的配置过程一样!
- Nginx+Keepalived主主模式和Nginx+Keepalived主备模式,两种模式在部署过程上,所有过程都是几样的,唯一不同的是在/etc/keepalived/keepalived.conf配置文件中,需要再添加一个vrrp_instance,需要注意的是:
- 两个vrrp_instance的名称必须不相同,这里我配置的是VI_1和VI_2;
- 两个vrrp_instance的state必须不相同,既然是互为主备,两个instance的state必须一个为MASTER,另一个为BACKUP
- 两个vrrp_instance的virtual_router_id必须不相同
- 两个vrrp_instance的priority必须不相同,MASTER的优先级 > BACKUP的优先级
- 两个vrrp_instance的virtual_ipaddress必须不相同
