环境准备
Nginx安装
- 安装包准备
[root@web-1 software]# wget http://nginx.org/download/nginx-1.18.0.tar.gz
- 安装依赖环境
2.1 安装gcc环境
[root@web-1 software]# yum install gcc-c++
2.2 安装PCRE库,用于解析正则表达式
[root@web-1 software]# yum install -y pcre pcre-devel
2.3 zlib压缩和解压缩依赖
[root@web-1 software]# yum install -y zlib zlib-devel
2.4 SSL 安全的加密的套接字协议层,用于HTTP安全传输,也就是https
[root@web-1 software]# yum install -y openssl openssl-devel
- 解压软件包
[root@web-1 software]# tar -zxf nginx-1.18.0.tar.gz
- 创建所需目录
[root@web-1 nginx-1.18.0]# mkdir /data/nginx/{lock,log,client,proxy,fastcgi,uwsgi,scgi}
- 在nginx目录,输入如下命令进行配置,目的是为了创建makefile文件
[root@web-1 nginx-1.18.0]# ./configure --prefix=/data/nginx --conf-path=/data/nginx/nginx.conf --pid-path=/data/nginx/nginx.pid --lock-path=/data/nginx/lock/nginx.lock --error-log-path=/data/nginx/log/error.log --http-log-path=/data/nginx/log/access.log --with-http_gzip_static_module --http-client-body-temp-path=/data/nginx/client/ --http-proxy-temp-path=/data/nginx/proxy/ --http-fastcgi-temp-path=/data/nginx/fastcgi/ --http-uwsgi-temp-path=/data/nginx/uwsgi/ --http-scgi-temp-path=/data/nginx/scgi/ --with-http_ssl_module --with-stream --with-http_stub_status_module
6. 编译安装
make && make install
7. 启动nginx
[root@web-1 nginx-1.18.0]# /data/nginx/sbin/nginx
安装keepalived
- 安装包准备
[root@web-1 software]# wget https://www.keepalived.org/software/keepalived-2.0.18.tar.gz --no-check-certificate
- 安装依赖
[root@web-1 software]# yum -y install libnl libnl-devel
- 解压
[root@web-1 software]# tar -zxf keepalived-2.0.18.tar.gz
- 使用configure命令配置安装目录与核心配置文件所在位置
[root@web-1 keepalived-2.0.18]# ./configure --prefix=/data/keepalived --sysconf=/etc
5. 编译安装
make && make install
配置keepalived DNS轮询双主热备
- 备份配置文件
[root@web-1 keepalived]# cd /etc/keepalived/ && cp keepalived.conf keepalived.conf.bak
- keepalived配置nginx自动重启
2.1 在/etc/keepalived/下创建脚本check_nginx_alive_or_not
[root@web-2 keepalived]# cat /etc/keepalived/check_nginx_alive_or_not.sh
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
# 判断nginx是否宕机,如果宕机了,尝试重启
if [ $A -eq 0 ];then
/data/nginx/sbin/nginx
# 等待一小会再次检查nginx,如果没有启动成功,则停止keepalived,使其启动备用机
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
2.2 添加运行权限
[root@web-2 keepalived]# chmod +x /etc/keepalived/check_nginx_alive_or_not.sh
- 修改配置文件
3.1 web-1配置
[root@web-1 keepalived]# cat keepalived.conf
global_defs {
script_user root
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
enable_script_security
router_id keep_171
}
vrrp_script check_nginx_alive {
script "/etc/keepalived/check_nginx_alive_or_not.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 10 # 如果脚本运行失败,则升级权重+10
}
vrrp_instance VI_1 {
state MASTER i
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.50
}
track_script {
check_nginx_alive
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.51
}
track_script {
check_nginx_alive
}
}
3.2 web-2 配置
[root@web-2 keepalived]# cat keepalived.conf
global_defs {
script_user root
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
enable_script_security
router_id keep_171
}
vrrp_script check_nginx_alive {
script "/etc/keepalived/check_nginx_alive_or_not.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 10 # 如果脚本运行失败,则升级权重+10
}
vrrp_instance VI_1 {
state MASTER i
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.50
}
track_script {
check_nginx_alive
}
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.51
}
track_script {
check_nginx_alive
}
}
- 启动并检查
4.1 web-1
[root@web-1 keepalived]# systemctl start keepalived
[root@web-1 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:ed:6a:91 brd ff:ff:ff:ff:ff:ff
inet 172.18.1.155/24 brd 172.18.1.255 scope global noprefixroute dynamic eth0
valid_lft 76077sec preferred_lft 76077sec
inet 172.18.1.50/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::bee:e968:f628:58a3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4.2 web-2
[root@web-2 keepalived]# systemctl start keepalived
[root@web-2 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:a7:f4:65 brd ff:ff:ff:ff:ff:ff
inet 172.18.1.48/24 brd 172.18.1.255 scope global noprefixroute dynamic eth0
valid_lft 78298sec preferred_lft 78298sec
inet 172.18.1.51/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::2004:bc5a:3f4e:d9b6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Keepalived+Lvs+Nginx高可用集群负载均衡
- 安装ipvsadm
[root@web-1 keepalived]# yum -y install ipvsadm
- 修改配置文件
2.1 web-1
[root@web-1 keepalived]# cat keepalived.conf
global_defs {
script_user root
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
enable_script_security
router_id keep_171
}
vrrp_script check_nginx_alive {
script "/etc/keepalived/check_nginx_alive_or_not.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 10 # 如果脚本运行失败,则升级权重+10
}
vrrp_instance VI_1 {
state MASTER i
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.50
}
track_script {
check_nginx_alive
}
}
#配置集群访问的ip+端口,端口和nginx保持一致
virtual_server 172.18.1.50 80{
#健康检查的时间,单位:秒
delay_loop 6
#配置负载均衡的算法,默认的轮询
lb_algo rr
#设置LVS的模式 NAT|TUN|DR
lb-kind DR
#设置会话持久化的时间
persistence_timeout 5
#协议
protocol TCP
#配置负载均衡的真实服务器,也就是nginx节点的具体的ip地址
real_server 172.18.1.155 80{
#轮询权重配比
weight 1
#设置健康检查
TCP_CHECK {
#检查80端口
connect_port 80
#超时时间
connect_timeout 2
#重试次数
nb_get_retry 2
#重试间隔时间
delay_before_retry 3
}
}
real_server 172.18.1.48 80{
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 2
nb_get_retry 2
delay_before_retry 3
}
}
}
2.2 web-2
[root@web-2 keepalived]# cat keepalived.conf
global_defs {
script_user root
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
enable_script_security
router_id keep_171
}
vrrp_script check_nginx_alive {
script "/etc/keepalived/check_nginx_alive_or_not.sh"
interval 2 # 每隔两秒运行上一行脚本
weight 10 # 如果脚本运行失败,则升级权重+10
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.50
}
track_script {
check_nginx_alive
}
}
#配置集群访问的ip+端口,端口和nginx保持一致
virtual_server 172.18.1.50 80{
#健康检查的时间,单位:秒
delay_loop 6
#配置负载均衡的算法,默认的轮询
lb_algo rr
#设置LVS的模式 NAT|TUN|DR
lb-kind DR
#设置会话持久化的时间
persistence_timeout 5
#协议
protocol TCP
#配置负载均衡的真实服务器,也就是nginx节点的具体的ip地址
real_server 172.18.1.155 80{
#轮询权重配比
weight 1
#设置健康检查
TCP_CHECK {
#检查80端口
connect_port 80
#超时时间
connect_timeout 2
#重试次数
nb_get_retry 2
#重试间隔时间
delay_before_retry 3
}
}
real_server 172.18.1.48 80{
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 2
nb_get_retry 2
delay_before_retry 3
}
}
}
- 重启并验证
[root@web-1 keepalived]# systemctl restart keepalived
[root@web-1 keepalived]#
[root@web-1 keepalived]#
[root@web-1 keepalived]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.18.1.50:80 rr persistent 5
-> 172.18.1.48:80 Masq 1 0 0
-> 172.18.1.155:80 Masq 1 0 0
- openstack添加可用地址对
4.1 web-1
4.2 web-2
- 测试
[root@web-1 keepalived]# curl 172.18.1.50
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx web-1</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx web-1</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>