nginx keepalived lvs

阅读更多

一、环境准备

一共4台虚拟机,我用的mac的parallels desktop创建的4台centos7虚拟机

master 192.168.20.104
salve 192.168.20.103
node1 192.168.20.102
node2 192.168.20.98

可以先安装一个虚拟机,然后进行克隆就行。

二、配置虚拟机

1.安装master的keepalived,参考以下脚本:

# -------------------------------------------------------- #
            ## Keepalived_intsall
# -------------------------------------------------------- #
# Keepalived installation
yum install -y gcc openssl-devel popt-devel
# error libnfnetlink headers missing
yum install -y libnfnetlink-devel
cd /root/software
[ ! -e keepalived-1.2.24.tar.gz ] &&  wget http://www.keepalived.org/software/keepalived-1.2.24.tar.gz
tar -zxvf keepalived-1.2.24.tar.gz
cd keepalived-1.2.24
./configure --prefix=/usr/local/keepalived
make && make install
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir -p /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
chmod +x /etc/init.d/keepalived
echo $? || [ $? != 0  ] || print " installation keepalived  failed" || exit 1
chkconfig --add keepalived
chkconfig --level 345 keepalived on

 以上是通过下载相应的压缩包,然后进行安装配置。

centos7这次我用的是yum安装,直接在命令行运行命令:

yum install keepalived //安装
keepalived -v //检查版本 

配置master和相应的salve的keepalived,运行命令:

vim /usr/local/keepalived/keepalived.conf //编辑配置文件
! Configuration File for keepalived

global_defs {
   notification_email {
        root@localhost
        [email protected]                              ##设置邮件报警地址
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 3
   router_id LVS_DEVEL
}
vrrp_instance VI_1 {                          ##配置vrrp实例1
    state MASTER                           ##BACKUP修改为BACKUP
    interface eth0
    virtual_router_id 51
    priority 101                           ##BACKUP修改为100或更小
    advert_int 1
    garp_master_delay 5
    authentication {
        auth_type PASS
        auth_pass 1111
    }
virtual_ipaddress {
        192.168.20.10
    }
virtual_server 192.168.20.10 80 {
    delay_loop 6
    lb_algo rr
    lb_kind NAT #负载均衡转发规则 DR NAT TUN。和您将启动的LVS的工作模式设置一致
    nat_mask 255.255.255.0
    persistence_timeout 5
    protocol TCP
    real_server 192.168.20.98 80 {
        weight 10
        HTTP_GET {
            url {
              path /
            status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
      }
    }
real_server 192.168.20.102 80 {
        weight 10
        HTTP_GET {
            url {
              path /
            status_code 200
            }
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
        }
    }
}

2.防火墙设置,运行命令:

sysemctl stop firewalld.service //关闭
sysemctl disable firewalld.service //开机禁止启动

3.安装ipvsadm,运行命令:

yum install ipvsadm //安装
ipvsadm -v //检查版本

4.(可选)安装iptables防火墙,需要配置相应的防火墙策略,运行命令:

vim /etc/sysconfig/iptables

eg:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -s 172.21.4.51 -j ACCEPT
-A INPUT -s 172.21.4.52 -j ACCEPT
-A INPUT -s 172.21.4.91 -j ACCEPT
-A INPUT -s 172.21.4.92 -j ACCEPT

 开放相应的端口。

 

5.节点安装nginx,注意设置相应的防火墙,以便nginx 80端口能够访问,参考一下脚本:

#!/bin/bash
# author: kuangl
# mail: [email protected]
# description: The installation of Nginx files.
# -------------------------------------------------------- #
         ## Nginx_install
# -------------------------------------------------------- #
# Nginx installation
#CURRENT_PATH=$(pwd)
for i in $(rpm -q gcc gcc-c++ kernel-devel openssl-devel zlib-devel popt-devel popt-static libnl-devel wget make |grep 'not installed' | awk '{print $2}')
do
    yum -y install $i
done
[ -d /root/software ]
[ "$?" != 0 ] && mkdir /root/software
cd /root/software
[ !  -e pcre-8.40.tar.gz ] && wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
tar -zxvf pcre-8.40.tar.gz
cd pcre-8.40
./configure
make && make install
echo $? || [ $? != 0  ] || echo  " installation pcre  failed" || exit 1
cd /root/software
[ ! -e nginx-1.11.5.tar.gz ] && wget http://nginx.org/download/nginx-1.11.5.tar.gz
tar -zxvf nginx-1.11.5.tar.gz
cd nginx-1.11.5
./configure  --prefix=/usr/local/nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module  --with-http_gzip_static_module
make && make install
echo $? || [ $? != 0  ] || echo  " installation  nginx  failed" || exit 1

 6.在nginx节点上设置lvs

ipvsadm -C
ipvsadm -At 192.168.20.10:80 -s rr
ipvsadm -at 192.168.20.10:80 -r 192.168.20.98 -m
ipvsadm -at 192.168.20.10:80 -r 192.168.20.102 -m
-a指定真实服务器 -t lvs上VIP -r真实服务器ip及端口 -w权重值 -g先择DR模式 -m为NAT模式

 7.启动并验证

keepalived两种启动方式
(1)自己压缩包安装,参考该目录下的安装sh脚本,启动命令:/etc/init.d/keepalived start
(2)centos7 yum安装,配置成服务
    systemctl daemon-reload  重新加载
    systemctl enable keepalived.service  设置开机自动启动
    systemctl disable keepalived.service 取消开机自动启动
    systemctl start keepalived.service 启动
    systemctl stop keepalived.service停止
(3)查看启动状态
    systemctl status keepalived.service
nginx启动后外部无法访问
(1)检查linux防火墙
(2)查看防火墙配置
    Linux防火墙(Iptables)重启系统生效
    开启: chkconfig iptables on
    关闭: chkconfig iptables off
    
    Linux防火墙(Iptables) 即时生效,重启后失效
    开启: service iptables start
    关闭: service iptables stop
nginx相关命令:
    nginx -v //查看版本
    ps -ef|grep nginx //查看进程,有两个,主进程和子进程
    kill -9 进程号 //杀死进程
    pkill -9 nginx //强制停止
    nginx -c /usr/local/nginx/nginx.conf //启动
    nginx -s stop //快速停止或关闭
    nginx -s qiut //正常停止或关闭
    nginx -s reload //配置文件修改后重新装载

 

8.注意事项

1、输出的日志信息: /var/log/messages ,更具体的日志信息输出需要在启动keepalived时加 -d 参数。
2、在都为MASTER且priority一样的情况下,后启的节点(service vrrp start)会取代正在运行的节点变成主用的。
3、一台为MASTER且priority较高的情况下,不受次节点down/up影响,并且其本身再从down变为up时,会抢夺控制权。
4、在都为MASTER且priority一样的情况下,正在运行的主节点down(断网),次节点会自动接管,主节点再起来时不会去抢夺控制权。
#keepalived会定时执行脚本并对脚本执行的结果进行分析,动态调整vrrp_instance的优先级。
#如果脚本执行结果为0,并且weight配置的值大于0,则优先级相应的增加
#如果脚本执行结果非0,并且weight配置的值小于0,则优先级相应的减少
#其他情况,维持原本配置的优先级,即配置文件中priority对应的值。
#这里需要注意的是:
#1) 优先级“不会”不断的提高或者降低,当track的对象恢复时,又是一致的
#2) 可以编写多个检测脚本并为每个检测脚本设置不同的weight
#3) 不管提高优先级还是降低优先级,最终优先级的范围是在[1,254],不会出现优先级小于等于0或者优先级大于等于255的情况
#这样可以做到利用脚本检测业务进程的状态,并动态调整优先级从而实现主备切换。 

9、参考链接

http://blog.csdn.net/yinwenjie/article/details/47211551

http://www.linuxidc.com/Linux/2015-07/120179.htm

http://blog.csdn.net/nimasike/article/details/51867046

http://os.51cto.com/art/201103/249045.htm

https://github.com/jiji87432/nginx_sh //相关安装配置脚本

你可能感兴趣的:(nginx,keepalived,lvs,负载均衡)