一、环境准备
一共4台虚拟机,我用的mac的parallels desktop创建的4台centos7虚拟机
master 192.168.20.104 salve 192.168.20.103 node1 192.168.20.102 node2 192.168.20.98
可以先安装一个虚拟机,然后进行克隆就行。
二、配置虚拟机
1.安装master的keepalived,参考以下脚本:
# -------------------------------------------------------- #
## Keepalived_intsall
# -------------------------------------------------------- #
# Keepalived installation
yum install -y gcc openssl-devel popt-devel
# error libnfnetlink headers missing
yum install -y libnfnetlink-devel
cd /root/software
[ ! -e keepalived-1.2.24.tar.gz ] && wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz
tar -zxvf keepalived-1.2.24.tar.gz
cd keepalived-1.2.24
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
chmod +x /etc/init.d/keepalived
echo $? || [ $? != 0 ] || print " installation keepalived failed" || exit 1
chkconfig --add keepalived
chkconfig --level 345 keepalived on
以上是通过下载相应的压缩包,然后进行安装配置。
centos7这次我用的是yum安装,直接在命令行运行命令:
yum install keepalived //安装 keepalived -v //检查版本
配置master和相应的salve的keepalived,运行命令:
vim /usr/local/keepalived/keepalived.conf //编辑配置文件
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
[email protected] ##设置邮件报警地址
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 3
router_id LVS_DEVEL
}
vrrp_instance VI_1 { ##配置vrrp实例1
state MASTER ##BACKUP修改为BACKUP
interface eth0
virtual_router_id 51
priority 101 ##BACKUP修改为100或更小
advert_int 1
garp_master_delay 5
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.20.10
}
virtual_server 192.168.20.10 80 {
delay_loop 6
lb_algo rr
lb_kind NAT #负载均衡转发规则 DR NAT TUN。和您将启动的LVS的工作模式设置一致
nat_mask 255.255.255.0
persistence_timeout 5
protocol TCP
real_server 192.168.20.98 80 {
weight 10
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.20.102 80 {
weight 10
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
2.防火墙设置,运行命令:
sysemctl stop firewalld.service //关闭 sysemctl disable firewalld.service //开机禁止启动
3.安装ipvsadm,运行命令:
yum install ipvsadm //安装 ipvsadm -v //检查版本
4.(可选)安装iptables防火墙,需要配置相应的防火墙策略,运行命令:
vim /etc/sysconfig/iptables
eg:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -s 172.21.4.51 -j ACCEPT -A INPUT -s 172.21.4.52 -j ACCEPT -A INPUT -s 172.21.4.91 -j ACCEPT -A INPUT -s 172.21.4.92 -j ACCEPT
开放相应的端口。
5.节点安装nginx,注意设置相应的防火墙,以便nginx 80端口能够访问,参考一下脚本:
#!/bin/bash # author: kuangl # mail: [email protected] # description: The installation of Nginx files. # -------------------------------------------------------- # ## Nginx_install # -------------------------------------------------------- # # Nginx installation #CURRENT_PATH=$(pwd) for i in $(rpm -q gcc gcc-c++ kernel-devel openssl-devel zlib-devel popt-devel popt-static libnl-devel wget make |grep 'not installed' | awk '{print $2}') do yum -y install $i done [ -d /root/software ] [ "$?" != 0 ] && mkdir /root/software cd /root/software [ ! -e pcre-8.40.tar.gz ] && wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz tar -zxvf pcre-8.40.tar.gz cd pcre-8.40 ./configure make && make install echo $? || [ $? != 0 ] || echo " installation pcre failed" || exit 1 cd /root/software [ ! -e nginx-1.11.5.tar.gz ] && wget http://nginx.org/download/nginx-1.11.5.tar.gz tar -zxvf nginx-1.11.5.tar.gz cd nginx-1.11.5 ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module make && make install echo $? || [ $? != 0 ] || echo " installation nginx failed" || exit 1
6.在nginx节点上设置lvs
ipvsadm -C ipvsadm -At 192.168.20.10:80 -s rr ipvsadm -at 192.168.20.10:80 -r 192.168.20.98 -m ipvsadm -at 192.168.20.10:80 -r 192.168.20.102 -m -a指定真实服务器 -t lvs上VIP -r真实服务器ip及端口 -w权重值 -g先择DR模式 -m为NAT模式
7.启动并验证
keepalived两种启动方式
(1)自己压缩包安装,参考该目录下的安装sh脚本,启动命令:/etc/init.d/keepalived start
(2)centos7 yum安装,配置成服务
systemctl daemon-reload 重新加载
systemctl enable keepalived.service 设置开机自动启动
systemctl disable keepalived.service 取消开机自动启动
systemctl start keepalived.service 启动
systemctl stop keepalived.service停止
(3)查看启动状态
systemctl status keepalived.service
nginx启动后外部无法访问
(1)检查linux防火墙
(2)查看防火墙配置
Linux防火墙(Iptables)重启系统生效
开启: chkconfig iptables on
关闭: chkconfig iptables off
Linux防火墙(Iptables) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop
nginx相关命令:
nginx -v //查看版本
ps -ef|grep nginx //查看进程,有两个,主进程和子进程
kill -9 进程号 //杀死进程
pkill -9 nginx //强制停止
nginx -c /usr/local/nginx/nginx.conf //启动
nginx -s stop //快速停止或关闭
nginx -s qiut //正常停止或关闭
nginx -s reload //配置文件修改后重新装载
8.注意事项
1、输出的日志信息: /var/log/messages ,更具体的日志信息输出需要在启动keepalived时加 -d 参数。 2、在都为MASTER且priority一样的情况下,后启的节点(service vrrp start)会取代正在运行的节点变成主用的。 3、一台为MASTER且priority较高的情况下,不受次节点down/up影响,并且其本身再从down变为up时,会抢夺控制权。 4、在都为MASTER且priority一样的情况下,正在运行的主节点down(断网),次节点会自动接管,主节点再起来时不会去抢夺控制权。 #keepalived会定时执行脚本并对脚本执行的结果进行分析,动态调整vrrp_instance的优先级。 #如果脚本执行结果为0,并且weight配置的值大于0,则优先级相应的增加 #如果脚本执行结果非0,并且weight配置的值小于0,则优先级相应的减少 #其他情况,维持原本配置的优先级,即配置文件中priority对应的值。 #这里需要注意的是: #1) 优先级“不会”不断的提高或者降低,当track的对象恢复时,又是一致的 #2) 可以编写多个检测脚本并为每个检测脚本设置不同的weight #3) 不管提高优先级还是降低优先级,最终优先级的范围是在[1,254],不会出现优先级小于等于0或者优先级大于等于255的情况 #这样可以做到利用脚本检测业务进程的状态,并动态调整优先级从而实现主备切换。
9、参考链接
http://blog.csdn.net/yinwenjie/article/details/47211551
http://www.linuxidc.com/Linux/2015-07/120179.htm
http://blog.csdn.net/nimasike/article/details/51867046
http://os.51cto.com/art/201103/249045.htm
https://github.com/jiji87432/nginx_sh //相关安装配置脚本