Nginx + keepalived高可用 html
目錄 node
1、 實驗簡介 linux
1. 實驗目標 nginx
2. 實驗使用的軟件包 web
3. 實驗拓撲 vim
2、 關閉防火牆&配置Base和EPEL源 centos
1. 關閉防火牆 緩存
2. 配置Base和EPEL源 bash
3、 安裝Nginx 服務器
使用keepalived實現Nginx服務的高可用
1)master節點的Nginx宕機,VIP自動切換到backup
保證用戶能夠正常訪問web頁面
2)master節點的Nginx宕機,自動發送郵件
3)master節點的Nginx恢復也不搶佔VIP,除非backup故障
Linux:CentOS-7.6-x86_64-DVD-1810
Nginx: Nginx 1.16.1
Master: node1 10.86.24.2
Slave: Node2 10.86.24.3
systemctl stop firewalld.service
systemctl disable firewalld.service
/usr/sbin/setenforce 0
echo "/usr/sbin/setenforce 0" >> /etc/rc.local
1)配置Base源
備份系統base源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
更新系統base源爲清華源
sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
-i.bak \
/etc/yum.repos.d/CentOS-Base.repo
最後,更新軟件包緩存
sudo yum makecache
詳見https://mirrors.tuna.tsinghua.edu.cn/help/centos/
2)配置EPEL源
安裝epel-release
yum install epel-release
配置使用清華的epel-release,能夠用以下命令自動替換:
sed -e 's!^metalink=!#metalink=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e 's!//download\.fedoraproject\.org/pub!//mirrors.tuna.tsinghua.edu.cn!g' \
-e 's!http://mirrors\.tuna!https://mirrors.tuna!g' \
-i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo
3)查看當前配置的YUM源
yum repolist
報錯信息:No package Keepalived available Error: Nothing to do
報錯總結:未配置Base和EPEL源或配置不正確
沒法解析Base和EPEL源的地址---正確配置DNS
沒法訪問Base和EPEL源的地址---更換國內源
安裝Nginx
yum install nginx -y
建立測試頁面
echo "this is 10.86.24.2 node1" > /usr/share/nginx/html//index.html
啓動Nginx
nginx
安裝Nginx
yum install nginx -y
建立測試頁面
echo "this is 10.86.24.3 node2" > /usr/share/nginx/html//index.html
啓動Nginx
nginx
1)安裝keepalived
yum install keepalived -y
2)配置keepalived的Master節點
備份keepalived.conf文件
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.20210213.bak
配置keepalived.conf文件
vi /etc/keepalived/keepalived.conf
### 配置keepalived服務:
# master服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node1
# 嚴格遵照VRRP協議,若是沒有配置VIP,keepalived會沒法正常工做vrrp_strict
}
vrrp_instance VI_1 {
state MASTER
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
}
3)啓動keepalived
systemctl start keepalived
驗證
cat /var/log/messages 查看日誌
ip addr show
從其餘服務器ping vip10.86.24.216
1)安裝keepalived
yum install keepalived -y
2)配置keepalived
備份keepalived.conf文件
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.20210213.bak
配置keepalived.conf文件
vi /etc/keepalived/keepalived.conf
### 配置keepalived服務:
# backup服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node2
}
vrrp_instance VI_1 {
state BACKUP
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
}
3)啓動keepalived
systemctl start keepalived
驗證
cat /var/log/messages 查看日誌
ip addr show
1)默認狀況下
VIP http://10.86.24.226頁面由node1提供
2)中止node1的keepalived,頁面由node2提供
Node1停掉 keepalived ,systemctl stop keepalived
Node2使用ip addr show查看VIP是否轉移
訪問http://10.86.24.226頁面由node2提供
1)master節點---node1
Keepalived配置文件
vi /etc/keepalived/keepalived.conf
紅色部分是爲Nginx宕機keepalived自動切換增長的腳本內容
### 配置keepalived服務:
# master服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node1
}
vrrp_script check_nginx {
script "/data/sh/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
track_script {
check_nginx
}
}
建立Nginx檢測腳本
mkdir -p /data/sh/
vim /data/sh/check_nginx.sh
chmod +x /data/sh/check_nginx.sh
#!/bin/bash
#############################
killall -0 nginx &>/dev/null
if [ $? -ne 0 ];then
exit 1
fi
2)backup節點---node2
# 配置keepalived backup服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node2
}
vrrp_script check_nginx {
script "/data/sh/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
track_script {
check_nginx
}
}
3)測試自動切換
重啓keepalived使新的配置生效
systemctl restart keepalived
手動關閉Nginx,模擬Nginx故障
nginx -s stop
查看日誌及VIP轉移
cat /var/log/message
備註:可以使用tcpdump抓包來分析
安裝抓包軟件
yum install tcpdump -y
抓取vrrp數據包
tcpdump -i ens160 vrrp -nn
1)master節點---node1
Keepalived配置文件
vi /etc/keepalived/keepalived.conf
紅色部分是爲實現keepalived切換實時郵件告警增長的內容
### 配置keepalived服務:
# master服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node1
}
vrrp_script check_nginx {
script "/data/sh/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
track_script {
check_nginx
}
notify_backup "/data/sh/notify.sh backup"
notify_master "/data/sh/notify.sh master"
}
安裝mailx實現linux 使用外部郵箱實現發送郵件功能
# systemctl stop postfix
# systemctl disable postfix
# yum -y install mailx
postfix爲本地郵箱推送方式需安裝的軟件,若同時配置本地和外部郵箱兩種發送方式,系統會優先採用外部郵箱方式,因此該步驟不是必須但最好關閉這個服務。
vim /etc/mail.rc
set from=xxx@163.com
set smtp=smtp.163.com
set smtp-auth-user=xxx@163.com
set smtp-auth-password=xxxxxx
set smtp-auth=login
發送測試郵件
echo "test mail ..." |mail -s "test" xxx@163.com
建立郵件告警腳本
vim /data/sh/notify.sh
### 配置keepalived服務:
# master服務器配置:
#!/bin/bash
#############################
SERVICE_NAME="nginx+keepalived"
if [ $1 = "backup" ];then
echo "
時間=`date +%F-%H:%M:%S`
內容=`hostname` 的 $SERVICE_NAME 服務故障,目前切換爲備用服務
器!" | mailx -s "`hostname` $SERVICE_NAME down" xxx@163.com
else
echo "
時間=`date +%F-%H:%M:%S`
內容=`hostname` 的 $SERVICE_NAME 服務恢復,目前切換爲主
服務器!" | mailx -s "`hostname` $SERVICE_NAME up" xxx@163.com
fi
執行如下腳本,測試是否能夠收到郵件
bash /data/sh/notify.sh master
bash /data/sh/notify.sh backup
中止Nginx測試是否能夠收到郵件
重啓keepalived使更新的配置生效
systemctl restart keepalived
手動中止、啓動Nginx查收郵件
nginx -s stop 中止Nginx
nginx 啓動Nginx
備註:backup節點的郵件告警設置能夠參考master節點
在上面的配置中,master的nginx服務宕機,VIP會自動切換到backup服務
器上。可是在master端的nginx服務器恢復後,VIP會自動切換到master端。若是有須要,能夠實現即便master恢復,VIP也不切換回去,只有在backup端宕機後,再進行切換。
配置要點:master和backup的state均設置爲BACKUP,其次是master端配置nopreempt,backup不用配置。
### 配置keepalived服務:
# master服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node1
}
vrrp_script check_nginx {
script "/data/sh/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
#不搶佔
Nopreempt
# 原來的state 爲MASTER
state BACKUP
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
track_script {
check_nginx
}
}
# 配置keepalived backup服務器配置:
! Configuration File for keepalived
global_defs {
#指定機器的ID,通常設置爲主機名,但不是必須
router_id node2
}
vrrp_script check_nginx {
script "/data/sh/check_nginx.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP
# 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160
interface ens160
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.86.24.226
}
track_script {
check_nginx
}
}