Nginx:1.12.2
keepalived:2.0.12
時間同步(同步後確認各服務器時間是否一致,不一致須要修改一下時區)
關閉防火牆
[root@k8s-node-207 ~]# wget http://nginx.org/download/nginx-1.12.2.tar.gz
[root@k8s-node-207 ~]# yum -y install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel open openssl-devel #安裝相關依賴包 [root@k8s-node-207 ~]# tar xf nginx-1.12.2.tar.gz [root@k8s-node-207 ~]# cd nginx-1.12.2/ [root@k8s-node-207 nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-threads --with-pcre --with-http_gzip_static_module #設置編譯參數,特別是--prefix [root@k8s-node-207 nginx-1.12.2]# make && make install [root@k8s-node-207 nginx-1.12.2]# scp -r /usr/local/nginx 172.16.155.208:/usr/local/ #拷貝到另一臺Nginx服務器
[root@k8s-node-207 nginx-1.12.2]# vim /lib/systemd/system/nginx.service #建立Nginx服務系統啓動文件 [Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx #注意要替換爲本身編譯安裝的路徑 ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
[root@k8s-node-207 nginx-1.12.2]# systemctl start nginx #測試腳本,啓動 [root@k8s-node-207 nginx-1.12.2]# netstat -tnlp|grep :80 #檢查端口 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 7834/nginx: master [root@k8s-node-207 nginx-1.12.2]# ps aux|grep nginx #檢查進程 root 7834 0.0 0.0 45956 1124 ? Ss 16:24 0:00 nginx: master process /usr/local/nginx/sbin/nginx nobody 7835 0.0 0.0 48484 1976 ? S 16:24 0:00 nginx: worker process root 7944 0.0 0.0 112720 968 pts/0 S+ 16:25 0:00 grep -E --color=auto nginx [root@k8s-node-207 nginx-1.12.2]# systemctl enable nginx #設置開機自啓 [root@k8s-node-207 nginx-1.12.2]# scp /lib/systemd/system/nginx.service 172.16.155.208:/lib/systemd/system/nginx.service #拷貝到另外一臺機器
#在另外一臺機器上啓動Nginx [root@k8s-node-208 ~]# systemctl start nginx [root@k8s-node-208 ~]# systemctl status nginx [root@k8s-node-208 ~]# systemctl enable nginx
[root@k8s-node-207 ~]# wget https://www.keepalived.org/software/keepalived-2.0.12.tar.gz #下載源碼
[root@k8s-node-207 ~]# yum install -y openssl openssl-devel libnl libnl-devel #安裝依賴文件 [root@k8s-node-207 ~]# tar xf keepalived-2.0.12.tar.gz [root@k8s-node-207 ~]# cd keepalived-2.0.12/ [root@k8s-node-207 keepalived-2.0.12]# ./configure --prefix=/usr/local/keepalived #只有編譯安裝的目錄 [root@k8s-node-207 keepalived-2.0.12]# make && make install
[root@k8s-node-207 keepalived-2.0.12]# cd /usr/local/keepalived/etc/keepalived/ #進入keepalived配置目錄 [root@k8s-node-207 keepalived]# cp keepalived.conf keepalived.conf-$(date +%F-%H:%M:%S) #拷貝默認的配置 ! Configuration File for keepalived global_defs { #默認該字段是配置發送郵件通知,因爲我使用微信進行通知因此忽略 } vrrp_script chk_http_port { #配置服務的健康檢查 script "/mnt/chk_nginx.sh" #檢查是使用的腳本路徑 interval 2 #監控間隔 weight -5 #每檢測失敗一次,若是weight大於0則當前節點的priority增長該配置的值,不然減小 fall 2 #執行幾回纔會認爲是失敗 rise 1 #執行多少次纔會認爲是成功 } vrrp_instance VI_1 { state MASTER #指定當前節點的初始狀態 interface eth0 #vrrp實例綁定的網卡接口 用於發送vrrp包
nopreempt #設置爲非搶佔模式,優先級高的設置 解決優先級高的恢復後再次搶斷 測試時能夠先不配置 virtual_router_id 51 #指定vrrp實例的ID 範圍是0-255 主備節點必須一致 priority 101 #指定當前節點的優先級 優先級高的爲MASTER advert_int 1 #指定發送vrrp間隔時間 主備必須一致 authentication { #主備必須一致 auth_type PASS #指定認證方式 這裏使用簡單密碼認證 auth_pass 1111 #指定認證使用的密碼 最大爲8位 } virtual_ipaddress { 172.16.155.209 #指定VIP地址 } notify_master "/root/script_dir/wechat.py master test keepalived狀態發送改變,master切換至172.16.155.207" #設置通知腳本路徑及通知信息 此處根據本身實際狀況自定義,此處配置不影響啓動,若是沒有告警通知能夠稍後建立 notify_backup "/root/script_dir/wechat.py backup test keepalived狀態發送改變,backup切換至172.16.168.207" notify_fault "/root/script_dir/wechat.py fault test keepalived發送故障,故障主機爲:172.16.168.207" #以上配置爲:當節點成爲master時執行的操做 成爲backup是執行的操做 當發生故障時執行的操做 track_script { #監控腳本執行的狀態 chk_http_port } } [root@k8s-node-207 keepalived]# cd /usr/local/keepalived/etc/sysconfig/ #因爲啓動命令默認會去/etc/keepalived/下讀取keepalived.conf,而且默認日誌會寫入/var/log/messages文件中,因此咱們須要修改相關配置 [root@k8s-node-207 sysconfig]# cat keepalived KEEPALIVED_OPTIONS="-f /usr/local/keepalived/etc/keepalived/keepalived.conf -S 0 -D" #-f 指定配置文件路徑 -S 指定日誌路徑 0 表示local0.* [root@k8s-node-207 sysconfig]# cat /etc/rsyslog.conf #修改rsyslog配置文件 #Save keepalived log local0.* /var/log/keepalived.log #指定日誌文件路徑
#暫時不拷貝至另外一臺服務器
#207上拷貝相關文件到208上
[root@k8s-node-207 sysconfig]# scp -r /usr/local/keepalived/ 172.16.155.208:/usr/local/ [root@k8s-node-207 sysconfig]# scp /etc/rsyslog.conf 172.16.155.208:/etc/rsyslog.conf
[root@k8s-node-207 sysconfig]# scp /lib/systemd/system/keepalived.service 172.16.155.208:/lib/systemd/system/keepalived.service #默認編譯keepalived時會自動生成系統服務配置文件
[root@k8s-node-207 sysconfig]# systemctl restart rsyslog.service
#208上修改配置文件爲backup [root@k8s-node-208 ~]# cd /usr/local/keepalived/etc/keepalived/ [root@k8s-node-208 keepalived]# vim keepalived.conf ! Configuration File for keepalived global_defs { #可自定義 } vrrp_script chk_http_port { #可自定義 script "/mnt/chk_nginx.sh" interval 2 weight -5 fall 2 rise 1 } vrrp_instance VI_1 { state backup #指定當前節點狀態 interface eth0 nopreempt virtual_router_id 51 #確保與master保持一致 priority 100 #確保小於master設置的值 advert_int 1 #確保與master保持一致 authentication { #確保與master保持一致 auth_type PASS auth_pass 1111 } virtual_ipaddress { #確保與master保持一致 172.16.155.209 } notify_master "/root/script_dir/wechat.py master test keepalived狀態發送改變,master切換至172.16.155.208" #可自定義 notify_backup "/root/script_dir/wechat.py backup test keepalived狀態發送改變,backup切換至172.16.168.208" notify_fault "/root/script_dir/wechat.py fault test keepalived發送故障,故障主機爲:172.16.168.208" track_script { #可自定義 chk_http_port } }
默認編譯後會自動生成系統服務配置文件,若是沒有參考如下配置建立html
[root@k8s-node-207 sysconfig]# vim /lib/systemd/system/keepalived.service [Unit] Description=LVS and VRRP High Availability Monitor After= network-online.target syslog.target Wants=network-online.target [Service] Type=forking PIDFile=/var/run/keepalived.pid KillMode=process EnvironmentFile=-/usr/local/keepalived/etc/sysconfig/keepalived ExecStart=/usr/local/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
建立Nginx狀態檢查腳本node
[root@k8s-node-207 sysconfig]# cat /mnt/chk_nginx.sh #!/bin/bash ngix_status=`ps -C nginx --no-header |wc -l` if [[ ${ngix_status} -eq 0 ]];then /usr/local/nginx/sbin/nginx sleep 2 new_nginx_status=$(ps -C nginx --no-header |wc -l) if [[ ${new_nginx_status} -eq 0 ]];then killall keepalived fi fi [root@k8s-node-207 sysconfig]# scp /mnt/chk_nginx.sh 172.16.155.208:/mnt/chk_nginx.sh [root@k8s-node-207 sysconfig]# chmod +x /mnt/chk_nginx.sh [root@k8s-node-207 sysconfig]# ssh 172.16.155.208 "chmod +x /mnt/chk_nginx.sh"
[root@k8s-node-207 sysconfig]# systemctl restart rsyslog.service #重啓rsyslog服務,使keepalived的日誌配置生效 [root@k8s-node-207 sysconfig]# echo "k8s-node-207" > /usr/local/nginx/html/index.html #修改Nginx index文件 稍後測試使用 [root@k8s-node-207 sysconfig]# systemctl start keepalived.service #啓動keepalived服務 #208上 同207操做 [root@k8s-node-208 keepalived]# systemctl restart rsyslog.service [root@k8s-node-208 keepalived]# echo "k8s-node-208" > /usr/local/nginx/html/index.html [root@k8s-node-208 keepalived]# systemctl start keepalived.service
[root@k8s-node-207 sysconfig]# ip a|grep 172.16 #207上檢查當前的IP地址 inet 172.16.155.207/24 brd 172.16.155.255 scope global eth0 inet 172.16.155.209/32 scope global eth0 #VIP地址當前綁定在當前主機eth0網卡上 [root@k8s-node-208 keepalived]# ip a|grep 172.16 #208上檢查當前用有的IP地址 主要檢查是否發生腦裂問題 inet 172.16.155.208/24 brd 172.16.155.255 scope global eth0 [root@k8s-node-207 sysconfig]# curl http://172.16.155.209:80 #使用crul命令範圍VIP查看訪問到哪一個節點 顯示爲207節點
k8s-node-207
[root@k8s-node-207 sysconfig]# systemctl stop keepalived.service #在207上關閉keepalived服務 [root@k8s-node-207 sysconfig]# ip a|grep 172.16 #查看207上的擁有的IP地址 VIP已經沒有了 inet 172.16.155.207/24 brd 172.16.155.255 scope global eth0 [root@k8s-node-208 keepalived]# ip a|grep 172.16 #查看208上的擁有的IP地址 VIP已經漂移到208上了 inet 172.16.155.208/24 brd 172.16.155.255 scope global eth0 inet 172.16.155.209/32 scope global eth0 [root@k8s-node-207 sysconfig]# curl http://172.16.155.209:80 #訪問一下VIP 顯示爲208節點
k8s-node-208 [root@k8s-node-207 sysconfig]# systemctl start keepalived.service #207上從新啓動keepalived [root@k8s-node-207 sysconfig]# ip a|grep 172.16 #VIP沒有漂移回來,符合預期,若是想在master恢復後VIP漂移回來則能夠刪除nopreempt配置 inet 172.16.155.207/24 brd 172.16.155.255 scope global eth0
[root@k8s-node-208 mnt]# ip a|grep 172.16 #當前VIP在208上 inet 172.16.155.208/24 brd 172.16.155.255 scope global eth0 inet 172.16.155.209/32 scope global eth0 [root@k8s-node-208 mnt]# systemctl stop nginx #關閉208上Nginx服務 稍等幾秒鐘 [root@k8s-node-208 mnt]# ip a|grep 172.16 #再次檢查208上的IP,VIP已經沒有了 inet 172.16.155.208/24 brd 172.16.155.255 scope global eth0
[root@k8s-node-207 mnt]# ip a|grep 172.16 #207上查看,VIP已經漂移到207上了 inet 172.16.155.207/24 brd 172.16.155.255 scope global eth0 inet 172.16.155.209/32 scope global eth0