使用keepalived實現Nginx高可用

Nginx + keepalived高可用 html

目錄 node

1、 實驗簡介 linux

1. 實驗目標 nginx

2. 實驗使用的軟件包 web

3. 實驗拓撲 vim

2、 關閉防火牆&配置BaseEPEL centos

1. 關閉防火牆 緩存

2. 配置BaseEPEL bash

3、 安裝Nginx 服務器

1. Master--Node1

1. Backup--Node2

4、 安裝配置keepalived

1. Master--Node1

2. Backup--Node2

3. 測試高可用

5、 keepalived自動切換&切換告警

1. Nginx宕機keepalived自動切換

2. keepalived切換實時郵件告警

6、 配置Keepalived非搶佔模式

1. Master--Node1

2. Backup--Node2

   

   

   

  • 實驗簡介
  • 實驗目標

    使用keepalived實現Nginx服務的高可用

    1master節點的Nginx宕機,VIP自動切換到backup

    保證用戶能夠正常訪問web頁面

    2master節點的Nginx宕機,自動發送郵件

    3master節點的Nginx恢復也不搶佔VIP,除非backup故障

  • 實驗使用的軟件包

    LinuxCentOS-7.6-x86_64-DVD-1810

    Nginx: Nginx 1.16.1

  • 實驗拓撲

    Master: node1 10.86.24.2

    Slave: Node2 10.86.24.3

    • 關閉防火牆&配置BaseEPEL
  • 關閉防火牆

    systemctl stop firewalld.service

    systemctl disable firewalld.service

    /usr/sbin/setenforce 0

    echo "/usr/sbin/setenforce 0" >> /etc/rc.local

  • 配置BaseEPEL

    1)配置Base

    備份系統base

    mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

       

       

    更新系統base源爲清華源

    sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \

    -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \

    -i.bak \

    /etc/yum.repos.d/CentOS-Base.repo

    最後,更新軟件包緩存

    sudo yum makecache

    詳見https://mirrors.tuna.tsinghua.edu.cn/help/centos/

    2)配置EPEL

    安裝epel-release

    yum install epel-release

    配置使用清華的epel-release,能夠用以下命令自動替換:

    sed -e 's!^metalink=!#metalink=!g' \

    -e 's!^#baseurl=!baseurl=!g' \

    -e 's!//download\.fedoraproject\.org/pub!//mirrors.tuna.tsinghua.edu.cn!g' \

    -e 's!http://mirrors\.tuna!https://mirrors.tuna!g' \

    -i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo

    3)查看當前配置的YUM

    yum repolist

       

    報錯信息:No package Keepalived available Error: Nothing to do

    報錯總結:未配置BaseEPEL源或配置不正確

    沒法解析BaseEPEL源的地址---正確配置DNS

    沒法訪問BaseEPEL源的地址---更換國內源

    • 安裝Nginx
  • Master--Node1

    安裝Nginx

    yum install nginx -y

    建立測試頁面

    echo "this is 10.86.24.2 node1" > /usr/share/nginx/html//index.html

    啓動Nginx

    nginx

  • Backup--Node2

    安裝Nginx

    yum install nginx -y

    建立測試頁面

    echo "this is 10.86.24.3 node2" > /usr/share/nginx/html//index.html

    啓動Nginx

    nginx

       

       

    • 安裝配置keepalived
  • Master--Node1

    1安裝keepalived

    yum install keepalived -y

    2配置keepalivedMaster節點

    備份keepalived.conf文件

    mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.20210213.bak

    配置keepalived.conf文件

    vi /etc/keepalived/keepalived.conf

       

    ### 配置keepalived服務:

    # master服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node1

    # 嚴格遵照VRRP協議,若是沒有配置VIPkeepalived會沒法正常工做vrrp_strict

    }

    vrrp_instance VI_1 {

    state MASTER

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    }

       

    3)啓動keepalived

    systemctl start keepalived

    驗證

    cat /var/log/messages 查看日誌

    ip addr show

    從其餘服務器ping vip10.86.24.216

  • Backup--Node2

    1)安裝keepalived

    yum install keepalived -y

       

    2)配置keepalived

    備份keepalived.conf文件

    mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.20210213.bak

    配置keepalived.conf文件

    vi /etc/keepalived/keepalived.conf

    ### 配置keepalived服務:

    # backup服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node2

    }

    vrrp_instance VI_1 {

    state BACKUP

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    }

       

       

    3)啓動keepalived

    systemctl start keepalived

    驗證

    cat /var/log/messages 查看日誌

    ip addr show

       

  • 測試高可用

    1)默認狀況下

    VIP http://10.86.24.226頁面由node1提供

    2)中止node1keepalived,頁面由node2提供

    Node1停掉 keepalived systemctl stop keepalived

    Node2使用ip addr show查看VIP是否轉移

    訪問http://10.86.24.226頁面由node2提供

       

    • keepalived自動切換&切換告警
  • Nginx宕機keepalived自動切換

    1master節點---node1

    Keepalived配置文件

    vi /etc/keepalived/keepalived.conf

    紅色部分是爲Nginx宕機keepalived自動切換增長的腳本內容

    ### 配置keepalived服務:

    # master服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node1

    }

    vrrp_script check_nginx {

    script "/data/sh/check_nginx.sh"

    interval 1

    weight -20

    }

    vrrp_instance VI_1 {

    state MASTER

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    track_script {

    check_nginx

    }

    }

    建立Nginx檢測腳本

    mkdir -p /data/sh/

    vim /data/sh/check_nginx.sh

    chmod +x /data/sh/check_nginx.sh

    #!/bin/bash

    #############################

    killall -0 nginx &>/dev/null

    if [ $? -ne 0 ];then

    exit 1

    fi

    2backup節點---node2

    # 配置keepalived backup服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node2

    }

    vrrp_script check_nginx {

    script "/data/sh/check_nginx.sh"

    interval 1

    weight -20

    }

    vrrp_instance VI_1 {

    state BACKUP

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    track_script {

    check_nginx

    }

    }

       

    3)測試自動切換

    重啓keepalived使新的配置生效

    systemctl restart keepalived

    手動關閉Nginx,模擬Nginx故障

    nginx -s stop

    查看日誌及VIP轉移

    cat /var/log/message

    備註:可以使用tcpdump抓包來分析

    安裝抓包軟件

    yum install tcpdump -y

    抓取vrrp數據包

    tcpdump -i ens160 vrrp -nn

  • keepalived切換實時郵件告警

    1master節點---node1

    Keepalived配置文件

    vi /etc/keepalived/keepalived.conf

    紅色部分是爲實現keepalived切換實時郵件告警增長的內容

       

       

    ### 配置keepalived服務:

    # master服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node1

    }

    vrrp_script check_nginx {

    script "/data/sh/check_nginx.sh"

    interval 1

    weight -20

    }

    vrrp_instance VI_1 {

    state MASTER

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    track_script {

    check_nginx

    }

    notify_backup "/data/sh/notify.sh backup"

    notify_master "/data/sh/notify.sh master"

    }

       

    安裝mailx實現linux 使用外部郵箱實現發送郵件功能

       

  • 安裝mailx

    # systemctl stop postfix

    # systemctl disable postfix

    #  yum  -y install mailx

    postfix爲本地郵箱推送方式需安裝的軟件,若同時配置本地和外部郵箱兩種發送方式,系統會優先採用外部郵箱方式,因此該步驟不是必須但最好關閉這個服務。

  • 編輯配置文件

    vim /etc/mail.rc

    set from=xxx@163.com

    set smtp=smtp.163.com

    set smtp-auth-user=xxx@163.com

    set smtp-auth-password=xxxxxx

    set smtp-auth=login

       

    發送測試郵件

    echo "test mail ..." |mail -s "test" xxx@163.com

    建立郵件告警腳本

    vim /data/sh/notify.sh

    ### 配置keepalived服務:

    # master服務器配置:

    #!/bin/bash

    #############################

    SERVICE_NAME="nginx+keepalived"

    if [ $1 = "backup" ];then

    echo "

    時間=`date +%F-%H:%M:%S`

    內容=`hostname` $SERVICE_NAME 服務故障,目前切換爲備用服務

    !" | mailx -s "`hostname` $SERVICE_NAME down" xxx@163.com

    else

    echo "

    時間=`date +%F-%H:%M:%S`

    內容=`hostname` $SERVICE_NAME 服務恢復,目前切換爲主

    服務器!" | mailx -s "`hostname` $SERVICE_NAME up" xxx@163.com

    fi

    執行如下腳本,測試是否能夠收到郵件

    bash /data/sh/notify.sh master

    bash /data/sh/notify.sh backup

    中止Nginx測試是否能夠收到郵件

    重啓keepalived使更新的配置生效

    systemctl restart keepalived

    手動中止、啓動Nginx查收郵件

    nginx -s stop 中止Nginx

    nginx 啓動Nginx

       

    備註:backup節點的郵件告警設置能夠參考master節點

    • 配置Keepalived非搶佔模式

    在上面的配置中,masternginx服務宕機,VIP會自動切換到backup服務

    器上。可是在master端的nginx服務器恢復後,VIP會自動切換到master端。若是有須要,能夠實現即便master恢復,VIP也不切換回去,只有在backup端宕機後,再進行切換。

       

    配置要點:masterbackupstate均設置爲BACKUP,其次是master端配置nopreemptbackup不用配置。

  • Master--Node1

    ### 配置keepalived服務:

    # master服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node1

    }

    vrrp_script check_nginx {

    script "/data/sh/check_nginx.sh"

    interval 1

    weight -20

    }

    vrrp_instance VI_1 {

    #不搶佔

    Nopreempt

    # 原來的state MASTER

       

    state BACKUP

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 100

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    track_script {

    check_nginx

    }

    }

  • Backup--Node2

    # 配置keepalived backup服務器配置:

    ! Configuration File for keepalived

    global_defs {

    #指定機器的ID,通常設置爲主機名,但不是必須

    router_id node2

    }

    vrrp_script check_nginx {

    script "/data/sh/check_nginx.sh"

    interval 1

    weight -20

    }

    vrrp_instance VI_1 {

    state BACKUP

    # 應該是ens160,是執行ifconfigh獲取的接口名稱,而不是接口文件名ifcfg-ens160

    interface ens160

    virtual_router_id 51

    priority 90

    advert_int 1

    authentication {

    auth_type PASS

    auth_pass 1111

    }

    virtual_ipaddress {

    10.86.24.226

    }

    track_script {

    check_nginx

    }

    }

相關文章
相關標籤/搜索