目录
1、服务器准备
| 服务器 | CPU | 内存 | 存储 | 操作系统 | 备注 | 说明 | IP |
|---|---|---|---|---|---|---|---|
| Nginx转发(主) | 8C | 16G | 300G | CentOS7 | Nginx主+KeepAlived | 安装docker+nginx+KeepAlived | 192.168.1.212 |
| Nginx转发(备) | 8C | 16G | 300G | CentOS7 | Nginx备+KeepAlived | 安装docker+nginx+KeepAlived | 192.168.1.213 |
| 虚IP | 192.168.1.209 |
1.1 安装KeepAlived(主)
ssh连接到服务器:192.168.1.212
1.1.1 yum环境安装(外网环境)
# 安装gcc
yum install gcc -y
# 安装openssl
yum install openssl -y
1.1.2 yum环境安装(内网环境)
解压sslgcc_离线包.7z,将gcc、和openssl 放到服务器/home目录下,分别在进入其根目录,执行安装命令
离线文件下载地址:sslgcc_离线包.7z
1、安装gcc包
#进入gcc目录
cd /home/gcc
# 执行安装
yum localinstall *.rpm -y
# 强制执行安装
rpm -Uvh *.rpm --nodeps --force
2、安装openssl包
#进入openssl目录
cd /home/openssl
# 执行安装
yum localinstall *.rpm -y
# 强制执行安装
rpm -Uvh *.rpm --nodeps --force
1.1.3 安装keepalived并配置
将keepalived-2.0.19.tar.gz离线包 放到服务器中 /usr/local目录下
安装包下载:keepalived-2.0.19.tar.gz(可自行外网下载或使用yum进行安装)
1、安装命令
# 进入文件所在目录
cd /usr/local
# 解压缩
tar xvf keepalived-2.0.19.tar.gz
# 进入keepalived文件夹
cd keepalived-2.0.19
# 执行安装
./configure --prefix=/usr/local/keepalived
make && make install
# keepalived启动脚本变量引用文件,默认文件路径是/etc/sysconfig/,也可以不做软链接,直接修改启动脚本中文件路径即可(安装目录下)
cp /usr/local/keepalived-2.0.19/etc/sysconfig/keepalived /etc/sysconfig/keepalived
# 将keepalived主程序加入到环境变量(安装目录下)
cp /usr/local/keepalived-2.0.19/sbin/keepalived /usr/sbin/keepalived
# keepalived启动脚本(源码目录下),放到/etc/init.d/目录下就可以使用service命令便捷调用
cp/usr/local/keepalived-2.0.19/keepalived/etc/init.d/keepalived /etc/init.d/keepalived
mkdir /etc/keepalived
cp /usr/local/keepalived-2.0.19/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
# 启动前先修改第二步配置文件
# 重新加载
systemctl daemon-reload
# 设置开机自动启动
systemctl enable keepalived.service
# 取消开机自动启动 (不执行)
systemctl disable keepalived.service
# 启动
systemctl start keepalived.service
# 停止 (不执行)
systemctl stop keepalived.service
# keepalived 服务状态查看
systemctl status keepalived.service
# 查看日志消息
tail -f /var/log/messages
2、修改配置文件
# 做了软连接,直接修改这个配置文件即可
cd /etc/keepalived/keepalived.conf
配置文件(主):
! Configuration File for keepalived
global_defs {
router_id LVS_nginx
}
vrrp_script CheckNginxMaster {
script "curl -k http://192.168.1.212:80"
interval 3
timeout 9
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER
interface eth0 #注意:此处需执行ip addr检查生产机器实际网卡名称是否一致
virtual_router_id 51
priority 100
advert_int 1
mcast_src_ip 192.168.1.212
nopreempt
authentication {
auth_type PASS
auth_pass sqP05dQgMSlzrxHj
}
unicast_peer {
192.168.1.213
}
virtual_ipaddress {
192.168.1.209/24
}
track_script {
CheckNginxMaster
}
}
1.2 安装KeepAlived(备)
ssh连接到服务器:192.168.1.213
1.2.1 yum环境安装(外网环境)
# 安装gcc
yum install gcc -y
# 安装openssl
yum install openssl -y
1.2.2 yum环境安装(内网环境)
解压sslgcc_离线包.7z,将gcc、和openssl 放到服务器/home目录下,分别在进入其根目录,执行安装命令
离线文件下载:sslgcc_离线包.7z
1、安装gcc包
#进入gcc目录
cd /home/gcc
# 执行安装
yum localinstall *.rpm -y
# 强制执行安装
rpm -Uvh *.rpm --nodeps --force
2、安装openssl包
#进入openssl目录
cd /home/openssl
# 执行安装
yum localinstall *.rpm -y
# 强制执行安装
rpm -Uvh *.rpm --nodeps --force
1.2.3 安装keepalived
将keepalived-2.0.19.tar.gz离线包 放到服务器中 /usr/local目录下
离线文件下载:keepalived-2.0.19.tar.gz(可自行外网下载或使用yum进行安装)
1、安装命令
# 进入文件所在目录
cd /usr/local
# 解压缩
tar xvf keepalived-2.0.19.tar.gz
# 进入keepalived文件夹
cd keepalived-2.0.19
# 执行安装
./configure --prefix=/usr/local/keepalived
make && make install
# keepalived启动脚本变量引用文件,默认文件路径是/etc/sysconfig/,也可以不做软链接,直接修改启动脚本中文件路径即可(安装目录下)
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
# 将keepalived主程序加入到环境变量(安装目录下)
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/keepalived
# keepalived启动脚本(源码目录下),放到/etc/init.d/目录下就可以使用service命令便捷调用
cp /usr/local/keepalived-2.0.19/keepalived/etc/init.d/keepalived /etc/init.d/keepalived
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
# 重新加载
systemctl daemon-reload
# 设置开机自动启动
systemctl enable keepalived.service
# 取消开机自动启动 (不执行)
systemctl disable keepalived.service
# 启动
systemctl start keepalived.service
# 停止 (不执行)
systemctl stop keepalived.service
# keepalived 服务状态查看
systemctl status keepalived.service
# 查看日志消息
tail -f /var/log/messages
2、修改配置文件
# 做了软连接,直接修改这个配置文件即可
cd /etc/keepalived/keepalived.conf
配置文件(备):
! Configuration File for keepalived
global_defs {
router_id LVS_nginx
}
vrrp_script CheckNginxMaster {
script "curl -k http://192.168.1.213:80"
interval 3
timeout 9
fall 2
rise 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0 #注意:此处需执行ip addr检查生产机器实际网卡名称是否一致
virtual_router_id 51
priority 90
advert_int 1
mcast_src_ip 192.168.1.213
nopreempt
authentication {
auth_type PASS
auth_pass sqP05dQgMSlzrxHj
}
unicast_peer {
192.168.1.212
}
virtual_ipaddress {
192.168.1.209/24
}
track_script {
CheckNginxMaster
}
}
配置文件参数说明:
1. vrrp_instance:vrrp实例名
2. state:实例状态,只有MASTER 和 BACKUP两种状态,并且需要全部大写。抢占模式下,其中MASTER为工作状态,BACKUP为备用状态。当MASTER所在的服务器失效时,BACKUP所在的服务会自动把它的状态由BACKUP切换到MASTER状态。当失效的MASTER所在的服务恢复时,BACKUP从MASTER恢复到BACKUP状态。
3. interface:对外提供服务的网卡接口,即VIP绑定的网卡接口。如:eth0,eth1。当前主流的服务器都有2个或2个以上的接口(分别对应外网和内网),在选择网卡接口时,一定要核实清楚。(执行ip addr检查或者ip a)
4. mcast_src_ip:本机IP地址
5. virtual_router_id:虚拟路由的ID号,每个节点设置必须一样,可选择IP最后一段使用,相同的 VRID 为一个组,他将决定多播的 MAC 地址。
6. priority:节点优先级,取值范围0~254,MASTER要比BACKUP高
7. advert_int:MASTER与BACKUP节点间同步检查的时间间隔,单位为秒
8. authentication:验证类型和验证密码。类型主要有 PASS、AH 两种,通常使用PASS类型,据说AH使用时有问题。验证密码为明文,同一vrrp 实例MASTER与BACKUP使用相同的密码才能正常通信。
9. nopreempt:禁止抢占服务。默认情况,当MASTER服务挂掉之后,BACKUP自动升级为MASTER并接替它的任务,当MASTER服务恢复后,升级为MASTER的BACKUP服务又自动降为BACKUP,把工作权交给原MASTER。当配置了nopreempt,MASTER从挂掉到恢复,不再将服务抢占过来。
10. virtual_ipaddress:虚拟IP地址池,可以有多个IP,每个IP占一行,不需要指定子网掩码。注意:这个IP必须与我们的设定的vip保持一致。
查看虚拟IP挂载:ip addr
977
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
