一、高可用nginx负载均衡
1.0 实验环境:
VIP 192.168.23.55
Nginx 192.168.23.21
Nginx2 192.168.23.22
Web 192.168.23.23
Web 192.168.23.24
[root@nginx ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777728 【niginx】
TYPE=Ethernet
BOOTPROTO=none 【手动配置】
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=1aa59b3a-16c2-4c8a-a1e7-262b68bf4a93
DEVICE=eno16777728
ONBOOT=YES【激活网卡】
IPADDR=192.168.23.21
netmask=255.255.255.0
GATEWAY=192.168.23.1
[root@nginx2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777728 【nginx2】
TYPE=Ethernet
BOOTPROTO=none【手动配置】
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=1aa59b3a-16c2-4c8a-a1e7-262b68bf4a93
DEVICE=eno16777728
ONBOOT=YES【激活网卡】
IPADDR=192.168.23.22
netmask=255.255.255.0
GATEWAY=192.168.23.1
[root@web ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777728 【web】
TYPE=Ethernet
BOOTPROTO=none【手动配置】
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=1aa59b3a-16c2-4c8a-a1e7-262b68bf4a93
DEVICE=eno16777728
ONBOOT=YES【激活网卡】
IPADDR=192.168.23.23
netmask=255.255.255.0
GATEWAY=192.168.23.1
[root@web2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777728 【web2】
TYPE=Ethernet
BOOTPROTO=none【手动配置】
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=1aa59b3a-16c2-4c8a-a1e7-262b68bf4a93
DEVICE=eno16777728
ONBOOT=yes【激活网卡】
IPADDR=192.168.23.24
netmask=255.255.255.0
GATEWAY=192.168.23.1
1.1 nginx配置
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@nginx ~]# service network restart
[root@nginx ~]# ls
anaconda-ks.cfg nginx-1.6.0.tar.gz
[root@nginx ~]# umount /dev/sr0
[root@nginx ~]# mkdir /media/cdrom
[root@nginx ~]# mount /dev/sr0 /media/cdrom
mount: /dev/sr0 写保护,将以只读方式挂载
[root@localhost ~]# rpm -ivh /media/cdrom/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm
[root@localhost ~]# systemctl start vsftpd【启动服务】
[root@localhost ~]# systemctl enable vsftpd【加入启动项】
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
[root@localhost ~]# umount /media/cdrom
[root@localhost ~]# mkdir /var/ftp/centos7
[root@localhost ~]# mount /dev/sr0 /var/ftp/centos7/
[root@localhost ~]# ls /var/ftp/centos7/
CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7
EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL
mount: /dev/sr0 写保护,将以只读方式挂载
[root@localhost ~]# vi /var/ftp/local.repo
[local]
name=local
baseurl=ftp://192.168.23.21/centos7
enabled=1
gpgcheck=0
[root@localhost ~]# rpm -ivh /media/cdrom/Packages/wget-1.14-10.el7_0.1.x86_64.rpm
警告:/media/cdrom/Packages/wget-1.14-10.el7_0.1.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:wget-1.14-10.el7_0.1 ################################# [100%]
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# makdir a/
[root@localhost yum.repos.d]# mv C* a/
[root@localhost yum.repos.d]# wget ftp://192.168.23.21/local.repo
--2019-05-01 05:35:53-- ftp://192.168.23.21/local.repo
=> “local.repo”
正在连接 192.168.23.21:21... 已连接。
正在以 anonymous 登录 ... 登录成功!
==> SYST ... 完成。 ==> PWD ... 完成。
==> TYPE I ... 完成。 ==> 不需要 CWD。
==> SIZE local.repo ... 76
==> PASV ... 完成。 ==> RETR local.repo ... 完成。
长度:76 (非正式数据)
2019-05-01 05:35:53 (6.98 MB/s) - “local.repo” 已保存 [76]
[root@localhost yum.repos.d]# yum -y clean all
已加载插件:fastestmirror
正在清理软件源: local
Cleaning up everything
100%[============================================================================>] 76 --.-K/s 用时 0s
[root@localhost ~]# yum makecache
已加载插件:fastestmirror
local | 3.6 kB 00:00:00
(1/4): local/group_gz | 154 kB 00:00:00
(2/4): local/filelists_db | 2.7 MB 00:00:00
(3/4): local/other_db | 1.1 MB 00:00:00
(4/4): local/primary_db | 2.7 MB 00:00:00
Determining fastest mirrors
元数据缓存已建立
[root@nginx ~]# ls【拉此包进来】
anaconda-ks.cfg nginx-1.6.0.tar.gz
[root@nginx ~]#useradd -M -s /sbin/nologin nginx
[root@nginx ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/【为主程序nginx创建连接文件】
[root@nginx ~]# ll /usr/local/sbin/
总用量 0
lrwxrwxrwx. 1 root root 27 5月 1 08:08 nginx -> /usr/local/nginx/sbin/nginx
[root@nginx ~]#yum -y install pcre-devel zlib-devel openssl-devel gcc gcc-c++ *netstat* vim keepalived
[root@nginx ~]#tar xf nginx-1.6.0.tar.gz -C /usr/src/
[root@nginx ~]#cd /usr/src/nginx-1.6.0/
[root@nginx nginx-1.6.0]#./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_flv_module --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module && make && make install
[root@nginx nginx-1.6.0]# cd /usr/local/nginx/conf/
[root@nginx conf]# cp nginx.conf{,.bak}
[root@nginx conf]# vim nginx.conf
1 user nginx nginx;
2 worker_processes 1;
3 error_log logs/error.log info;
4 pid logs/nginx.pid;
5 events {
6 worker_connections 1024;
7 }
8 http {
9 include mime.types;
10 default_type application/octet-stream;
11
12 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
13 '$status $body_bytes_sent "$http_referer" '
14 '"$http_user_agent" "$http_x_forwarded_for"';
15 access_log logs/access.log main;
16 sendfile on;
17 tcp_nopush on;
18 keepalive_timeout 65;
19 gzip on;
20 upstream hao {
21 server 192.168.23.23:80 weight=1
22 server 192.168.23.24:80 weight=1
23 }
24 server {
25 listen 80;
26 server_name localhost;
27 charset uft-8;
28 access_log logs/host.access.log main;
29 location / {
30 proxy_pass http://hao;
31 }
32 error_page 404 /404.html;
33 redirect server error pages to the static page /50x.html
34 error_page 500 502 503 504 /50x.html;
35 location = /50x.html {
36 root html;
37 }
38 }
39 }
保存退出
[root@nginx ~]# nginx -s reload
1.1.0安装keepalived
[root@nginx ~]# cp /etc/keepalived/keepalived.conf{,.bak}
[root@nginx ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_nginx
}
vrrp_script nginx {
script /opt/chk_nginx.sh
interval 2
weiget -10
}
vrrp_instance VI_1 {
state MASTER
interface eno16777728
virtual_router_id 51
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
nginx
}
virtual_ipaddress {
192.168.23.55
}
}
保存退出
[root@nginx ~]# vim /opt/chk_nginx.sh
#!/bin/bash
#check nginx server status
NGINX="/usr/local/nginx/sbin/nginx"
nginxpid=$(ps -C nginx --no-header |wc -l)
if [ $nginxpid -eq 0 ];then
$NGINX
sleep3
nginxpid=$(ps -C nginx --no-header |wc -l)
if [ $nginxpid -eq 0 ];then
/etc/init.d/keepalived stop
echo "Keepalived stopped,please check your Nginx !" |tee -a /var/log/messages
fi
fi
保存退出
[root@nginx ~]# chmod +x /opt/chk_nginx.sh
[root@nginx ~]# systemctl start keepalived 【启动keepalived】
[root@nginx ~]#/opt/chk_nginx.sh
[root@nginx ~]# ipvsadm -A -t 192.168.23.55:80 -s rr
[root@nginx ~]# ipvsadm -a -t 192.168.23.55:80 -r 192.168.23.23:80 -g
[root@nginx ~]# ipvsadm -a -t 192.168.23.55:80 -r 192.168.23.24:80 -g
[root@nginx ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.23.55:80 rr
-> 192.168.23.23:80 Route 1 0 0
-> 192.168.23.24:80 Route 1 0 0
[root@nginx ~]# vim /opt/vip.sh
#!/bin/bash
#lvs-dr
VIP="172.16.23.10"
/sbin/ifconfig eno16777728:vip $VIP broadcast $VIP netmask 255.255.255.255
/sbin/route add -host $VIP dev eno16777728:vip
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@nginx ~]# chmod +x /opt/vip.sh
[root@nginx ~]# /opt/vip.sh
[root@nginx ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.23.1 0.0.0.0 UG 100 0 0 eno16777728
192.168.23.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.23.55 0.0.0.0 255.255.255.255 UH 0 0 0 lo
[root@nginx ~]# echo "/opt/vip.sh" >>/etc/rc.local
[root@nginx ~]# ipvsadm-save >/etc/sysconfig/ipvsadm
1.2 nginx2配置
[root@nginx2 ~]# setenforce 0
[root@nginx2 ~]# systemctl stop firewalld
[root@nginx2 ~]# systemctl enable firewalld
[root@nginx2 ~]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@nginx2 ~]# umount /dev/sr0
umount: /dev/sr0:未挂载
[root@nginx2 ~]# mkdir /media/cdrom
mkdir: 无法创建目录"/media/cdrom": 文件已存在
[root@nginx2 ~]# mount /dev/sr0 /media/cdrom
mount: /dev/sr0 写保护,将以只读方式挂载
[root@nginx2 ~]# rpm -ivh /media/cdrom/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm
警告:/media/cdrom/Packages/vsftpd-3.0.2-9.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:vsftpd-3.0.2-9.el7 ################################# [100%]
[root@nginx2 ~]# systemctl start vsftpd
[root@nginx2 ~]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
[root@nginx2 ~]#umount /media/cdrom
[root@nginx2 ~]# mkdir /var/ftp/centos7
[root@nginx2 ~]# mount /dev/sr0 /var/ftp/centos7/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@nginx2 ~]# vi /var/ftp/local.repo
[local]
name=local
baseurl=ftp://192.168.23.22/centos7
enabled=1
gpgcheck=0
[root@nginx2 ~]# rpm -ivh /media/cdrom/Packages/wget-1.14-10.el7_0.1.x86_64.rpm
警告:/media/cdrom/Packages/wget-1.14-10.el7_0.1.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:wget-1.14-10.el7_0.1 ################################# [100%]
[root@nginx2 ~]# cd /etc/yum.repos.d/
[root@nginx2 yum.repos.d]# mkdir a/
[root@nginx2 yum.repos.d]# mv C* a/
[root@nginx2 yum.repos.d]# wget ftp://192.168.23.22/local.repo
--2019-05-01 06:09:21-- ftp://192.168.23.22/local.repo
=> “local.repo”
正在连接 192.168.23.22:21... 已连接。
正在以 anonymous 登录 ... 登录成功!
==> SYST ... 完成。 ==> PWD ... 完成。
==> TYPE I ... 完成。 ==> 不需要 CWD。
==> SIZE local.repo ... 76
==> PASV ... 完成。 ==> RETR local.repo ... 完成。
长度:76 (非正式数据)
100%[========================================>] 76 --.-K/s 用时 0s
2019-05-01 06:09:21 (1.13 MB/s) - “local.repo” 已保存 [76]
[root@nginx2 yum.repos.d]# yum -y clean all
已加载插件:fastestmirror
正在清理软件源: local
Cleaning up everything
[root@nginx2 ~]# yum makecache
[root@nginx2 ~]# ls
anaconda-ks.cfg nginx-1.6.0.tar.gz
【其他步骤和主负载均衡是一样的。以下主要说下配置文件】
[root@nginx2 conf]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_nginx2
}
vrrp_script nginx {
script /opt/chk_nginx.sh
interval 2
weiget -10
}
vrrp_instance VI_1 {
state BACKUP
interface eno16777728
virtual_router_id 51
priority 99
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script {
nginx
}
virtual_ipaddress {
192.168.23.55
}
}
保存退出
[root@nginx2 conf]# scp 192.168.23.21:/opt/chk_nginx.sh /opt/ 【脚本】
The authenticity of host '192.168.23.21 (192.168.23.21)' can't be established.
ECDSA key fingerprint is bd:61:e2:41:fb:65:83:bf:19:e8:ad:e9:67:c8:7a:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.21' (ECDSA) to the list of known hosts.
root@192.168.23.21's password: 123
chk_nginx.sh 100% 352 0.3KB/s 00:00
[root@nginx2 ~]# chmod +x /opt/chk_nginx.sh
[root@nginx2 ~]# systemctl start keepalived
1.3 web 配置
Yum仓库创建如上
1.3.0 安装apache
[root@web ~]# yum -y install httpd
[root@web ~]# rpm -q httpd
httpd-2.4.6-31.el7.centos.x86_64
[root@web ~]# cp /etc/httpd/conf/httpd.conf{,.bak}
[root@web ~]# vi /etc/httpd/conf/httpd.conf
102 <Directory />
103 AllowOverride ALL
104 Require all denied
105 </Directory>
保存退出
[root@web ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp【临时添加80端口】
[root@web ~]# fire-cmd --permanent --zone=public --list-ports【永久添加端口并查看】
[root@web ~]# yum -y install *netstat*
[root@web ~]# systemctl start httpd
[root@web ~]# netstat -anpt|grep httpd
tcp6 0 0 :::80 :::* LISTEN 11026/httpd
[root@web ~]# echo "web" >/usr/share/httpd/noindex/index.html
[root@web ~]# cat /usr/share/httpd/noindex/index.html 【yum安装apache的测试网页的路径】
web
1.4 web2 配置
Yum仓库创建如上
1.4.0 源代码安装apache
[root@web2 ~]# rpm -q httpd
未安装软件包 httpd
[root@web2 ~]# ls
anaconda-ks.cfg httpd-2.2.17.tar.gz
[root@web2 ~]# yum -y install *fire* gcc gcc-c++ vim zlib-devel pcre-devel
[root@web2 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp
[root@web2 ~]# tar xf httpd-2.2.17.tar.gz -C /usr/src/
[root@web2 ~]# cd /usr/src/httpd-2.2.17/
[root@web2 httpd-2.2.17]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-charset-lite --enable-cgi --enable-deflate --enable-expires && make && make install
[root@web2 ~]# ln -s /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@web2 ~]# chmod +x /etc/init.d/httpd
[root@web2 ~]# ll /etc/init.d/httpd
lrwxrwxrwx. 1 root root 30 5月 1 14:31 /etc/init.d/httpd -> /usr/local/httpd/bin/apachectl
【通过源码包编译安装的httpd服务,程序路径并不在默认的搜索路径中,为了使该服务在使用中更加方便,可以为相关程序添加符号链接(软连接)到/usr/local/bin下】
[root@web2 ~]# /etc/init.d/httpd start
httpd: apr_sockaddr_info_get() failed for web2
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@web2 ~]# netstat -anpt|grep httpd
tcp6 0 0 :::80 :::* LISTEN 129554/httpd
[root@web2 ~]# vi /usr/local/httpd/conf/httpd.conf
97 ServerName www.example.com:80 【去掉#号】
[root@web2 ~]# /etc/init.d/httpd restart
[root@web2 ~]# cat /usr/local/httpd/htdocs/index.html【测试页路径】
[root@web2 ~]# vi /usr/local/httpd/htdocs/index.html
<html><body><h1>It works!</h1></body></html>【默认为此】
1.5客户机测试
root@nginx ~]# curl 192.168.23.55
web
[root@nginx ~]# curl 192.168.23.55
<html><body><h1>It works!</h1></body></html>
<h1>web2!</h1>
1.6高可用测试
【因为脚本的缘故所以杀不死nginx,如果nginx停止,那么keepalived将自动停止】
root@nginx ~]# curl 192.168.23.55
web
[root@nginx ~]# curl 192.168.23.55
<html><body><h1>It works!</h1></body></html>
<h1>web2!</h1>
[root@nginx ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ec:08:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.21/24 brd 192.168.23.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet 192.168.23.55/32 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feec:8d3/64 scope link
valid_lft forever preferred_lft forever
【centos7上实现了高可用,当nginx工作时在nginx上curl工具依旧可以正常使用,也可显示出来
这是在centos6上没有实现的】【centos7上俩nginx源代码安装,2个web主机1个yum安装apache、1个源代码安装apache】【centos6上2个nginx源代码安装。2个apache源代码安装】
补充:
1、问题:出现yum命令使用失败,找不到镜像,
原因:ip配置文件,修改后重启网卡
问题:yum缓冲失败
原因:yum配置文件不对,跟防火墙,安全机制有关
2、用源代码安装apache编译报zlib库找不到
checking for zlib location... not found
原因:没有安装zlib-devel库
3、关闭nginx时失败,
[root@nginx conf]# systemctl stop nginx.service
Failed to issue method call: Unit nginx.service not loaded.
原因:
1、用yum安装时如果找不到安装包,可以用**把关键词括起来安装