利用keepalived实现高可用

用keepalived配置高可用

规划节点

192.168.110.150	Master
192.168.110.151	Backup

一、在master节点上：

1.关闭防火墙

[root@master ~]# systemctl stop firewalld [root@master ~]# setenforce 0

2.源码安装nginx服务：

在nginx.org官网下载软件包

[root@master ~]# wget https://nginx.org/download/nginx-1.24.0.tar.gz -P /usr/local

解压nginx

[root@master local]# tar -zxvf nginx-1.24.0.tar.gz

执行./configure

[root@master nginx-1.24.0]# ./configure --prefix=/usr/src checking for OS  + Linux 3.10.0-862.el7.x86_64 x86_64 checking for C compiler ... not found ./configure: error: C compiler cc is not found

出现报错，没有安装所需依赖

[root@master nginx-1.24.0]# yum install -y gcc openssl openssl-devel

再次执行./configure命令

[root@master nginx-1.24.0]# ./configure --prefix=/usr/src

编译

[root@master nginx-1.24.0]# make

安装

[root@master nginx-1.24.0]# make install

启动nginx

[root@master ~]# cd /usr/src/sbin [root@master sbin]# ./nginx

3.安装keepalived

[root@master ~]# yum install -y keepalived

4.配置keepalived

修改keepalived配置文件，文件位置：/etc/keepalived/keepalived.conf

! Configuration File for keepalived global_defs {    notification_email {    notification_email_from Alexandre.Cassen@firewall.loc    smtp_server 192.168.200.1    smtp_connect_timeout 30    router_id 192.168.110.150 } vrrp_instance VI_1 {     state MASTER     interface ens33     virtual_router_id 51     priority 100     advert_int 1     authentication {         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {         192.168.110.200     }     track_script{          chk_nginx     } }

5.新建脚本文件并赋权

[root@master ~]# vi /usr/local/sbin/check_ng.sh #!/bin/bash   #时间变量，用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量   n=`ps -C nginx --no-heading|wc -l` #如果进程为0，则启动nginx，并且再次检测nginx进程数量   if [ $n -eq "0" ]; then          /etc/init.d/nginx start           n2=`ps -C nginx --no-heading|wc -l` #如果还为0，说明nginx无法启动，此时需要关闭keepalived           if [ $n2 -eq "0"  ]; then                   echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log                   systemctl stop keepalived           fi  fi

赋予权限

[root@master ~]# chmod a+x /etc/keepalived/check_nginx.sh

重启keepalived服务

[root@master ~]# systemctl restart keepalived

二、在backup节点上：

1.关闭防火墙

[root@backup ~]# systemctl stop firewalld [root@backup ~]# setenforce 0

2.安装nginx（yum安装）

[root@backup ~]# yum install -y nginx

启动nginx

[root@backup ~]# systemctl start nginx

3.安装keepalived

[root@backup ~]# yum install -y keepalived

4.配置keepalived

修改keepalived配置文件

文件位置：/etc/keepalived/keepalived.conf

! Configuration File for keepalived global_defs {    notification_email {    notification_email_from Alexandre.Cassen@firewall.loc    smtp_server 192.168.200.1    smtp_connect_timeout 30    router_id 192.168.110.151 } vrrp_instance VI_1 {     state BACKUP     interface ens33     virtual_router_id 51     priority 99     advert_int 1     authentication {         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {         192.168.110.200     }     track_script{          chk_nginx     } }

5.编辑监控脚本

[root@backup ~]# vi /usr/local/sbin/check_ng.sh #!/bin/bash d=`date --date today +%Y%m%d_%H:%M:%S` n=`ps -C nginx --no-heading|wc -l` if [ $n -eq "0" ]; then         systemctl start nginx         n2=`ps -C nginx --no-heading|wc -l`         if [ $n2 -eq "0"  ]; then                 echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log                 systemctl stop keepalived         fi fi

添加权限

[root@master ~]# chmod a+x /etc/keepalived/check_nginx.sh

重启keepalived服务

[root@backup ~]# systemctl restart keepalived

三、测试：

1.访问master节点

[root@backup ~]# curl -I 192.168.110.150 HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 21 Sep 2024 02:16:28 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Sat, 21 Sep 2024 02:08:26 GMT Connection: keep-alive ETag: "66ee2a9a-267" Accept-Ranges: bytes

2.查看VIP是否在master节点上

[root@backup ~]# curl -I 192.168.110.200 HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Sat, 21 Sep 2024 02:17:02 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Sat, 21 Sep 2024 02:08:26 GMT Connection: keep-alive ETag: "66ee2a9a-267" Accept-Ranges: bytes

3.关闭master节点的nginx服务

[root@master ~]# cd /usr/src/sbin [root@master sbin]# ./nginx -s stop [root@master sbin]# netstat -ntpl |grep nginx

发现VIP跑到了backup节点

4.模拟master宕机，在master节点添加iptables规则

[root@master ~]# iptables -I OUTPUT -p vrrp -j DROP

1. 关闭master节点keepalived

在master节点关闭keepalived并查看backup节点状态

可以看出VIP跑到backup节点上

6.在master节点启动keepalived

在master节点开启keepalived服务时，VIP又再次跑到master节点上