本文详细介绍了在Mac OS上使用CentOS7虚拟机搭建负载均衡系统,包括将动态IP改为静态IP,安装必要软件如telnet、ifconfig、wget、tcpdump,以及安装和配置nginx、keepalived。通过keepalived实现主从热备,确保服务高可用性,并提供故障切换机制。此外,还涉及了防火墙配置及VIP的验证。
Mac内CentOS7虚拟机搭建lvs+keepalived+nginx双机主从热备
【目前列出操作大纲,后续复习完善详细配置内容】
MAC:00:50:56:38:3D:80
2核4G,硬盘20G
一、CentOS7_64_基础联网版本
1.1 查看网卡信息
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:38:3d:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.67.132/24 brd 192.168.67.255 scope global dynamic eth0
valid_lft 1607sec preferred_lft 1607sec
inet6 fe80::250:56ff:fe38:3d80/64 scope link
valid_lft forever preferred_lft forever
# 从上可以看出网卡名为eth0
1.2 动态ip改静态ip
编辑网卡:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
内容:
TYPE="Ethernet"
#BOOTPROTO="dhcp"
BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="eth0"
UUID="736e2b13-2d02-4113-b446-51604372809f"
DEVICE="eth0"
#ONBOOT="yes"
ONBOOT="yes"
IPADDR="192.168.67.132"
GATEWAY="192.168.67.2"
NETMASK="250.250.250.0"
DNS1="192.168.168.1"
MACADDR="00:50:56:38:3D:80"
重启网卡:
[root@localhost ~]# sudo service network restart
1.3 安装telnet
rpm -qa telnet-server
yum install telnet-server
rpm -qa telnet
yum install telnet
yum -y install xinetd
service xinetd restart
1.4 安装ifconfig
yum search ifconfig
yum install net-tools.x86_64 -y
1.5 安装 wget
yum -y install wget
1.6 安装tcpdump
yum install -y tcpdump
#后面安装keepalived后可以执行抓包
tcpdump -i eth0 vrrp -n
二、CentOS7_64_基础联网版本-增强版(有防火墙)
2.1 安装gcc
gcc -v
yum -y install gcc
2.2 安装pcre、pcre-devel
yum install -y pcre pcre-devel
2.3 安装zlib
yum install -y zlib zlib-devel
2.4 安装openssl
yum install -y openssl openssl-devel
三、nginx-1.21.1版
3.1 列出已安装list
yum list
3.2 安装nginx-1.21.1
3.2.1 下载
下载地址:http://nginx.org/en/download.html
3.2.2 安装
下载后,通过sftp上传到/root下,进行命令安装:
[root@localhost ~]# ll
总用量 1044
-rw-------. 1 root root 945 8月 14 13:55 anaconda-ks.cfg
-rwxr-xr-x. 1 root root 1064925 8月 15 14:45 nginx-1.21.1.tar.gz
[root@localhost ~]# tar -zxvf nginx-1.21.1.tar.gz -C /usr/local/
[root@localhost ~]# cd /usr/local/nginx-1.21.1
[root@localhost nginx-1.21.1]# ./configure
[root@localhost nginx-1.21.1]# make
[root@localhost nginx-1.21.1]# make install
3.2.3 配置nginx.conf
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
#监听80端口服务下加入内容(解压中文乱码):
charset utf-8;
3.2.4 修改index.html
[root@localhost ~]# vi /usr/local/nginx/html/index.html
#修改内容为:
<h1>Welcome to nginx! LVS+Keepalived+Nginx Master,双机主从热备。</h1>
3.2.5 启动
# 切换到/usr/local/nginx/sbin启动nginx
[root@instance-bnjr1fvm nginx]# cd /usr/local/nginx/sbin
# 启动nginx(默认配置)
[root@instance-bnjr1fvm sbin]# ./nginx
# 或者指定配置启动(可以运行)
[root@instance-bnjr1fvm sbin]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
3.3 开放80端口
#重启防火墙
systemctl restart firewalld
#开放80端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent
#重新加载
firewall-cmd --reload
3.4 访问nginx
地址:http://192.168.67.132/
四、keepalived 版单机Master版
4.1 安装popt-devel
yum install popt-devel
4.2 同步网络时间
1、安装ntpdate工具
[root@slave1 ~]# yum -y install ntp ntpdate
2、设置系统时间与网络时间同步
[root@slave1 ~]# ntpdate 0.asia.pool.ntp.org
3、将系统时间写入硬件时间
[root@slave1 ~]# hwclock --systohc
4.3 安装配置keepalived
4.3.1 上传文件
通过sftp将keepalived-1.2.18.tar.gz上传到指定目录下,如:/root
[root@localhost ~]# ll
总用量 1368
-rw-------. 1 root root 945 8月 14 13:55 anaconda-ks.cfg
-rwxr-xr-x. 1 root root 330361 8月 15 15:04 keepalived-1.2.18.tar.gz
-rwxr-xr-x. 1 root root 1064925 8月 15 14:45 nginx-1.21.1.tar.gz
4.3.2 解压
[root@localhost ~]# tar -zxvf keepalived-1.2.18.tar.gz -C /usr/local/
4.3.3 编译、配置
[root@instance-bnjr1fvm local]# cd /usr/local/keepalived-1.2.18/ && ./configure --prefix=/usr/local/keepalived
......
[root@instance-bnjr1fvm local]# cd /usr/local/keepalived-1.2.18
[root@instance-bnjr1fvm keepalived-1.2.18]# make && make install
4.3.4 keepalived安装成Linux系统服务
将Keepalived安装成Linux系统服务,因为没有使用Keepalived的默认安装路径(默认路径:/usr/local),需要做一些修改工作:
#首先创建文件夹,将Keepalived配置文件进行复制:
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /usr/keepalived
#然后复制keepalived脚本文件:
cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/keepalived
rm -rf /etc/sysconfig/keepalived
cp /usr/local/keepalived/sbin/keepalived /etc/sysconfig/ # 这个不能少
chmod u+x /etc/sysconfig/keepalived
#创建符号链接(是L的小写)
ln -s /usr/local/sbin/keepalived /usr/sbin
ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/ #ln: 无法创建符号链接"/sbin/keepalived": 文件已存在
#可以设置开机启动
chkconfig keepalived on
4.3.5 使用keepalived虚拟VIP
# 创建新文件
vi /etc/keepalived/keepalived.conf
加入文件内容(说明):
! Configuration File for keepalived
# 注意脚本的 { 前面留有空格,否则代码块有问题。
vrrp_script chk_nginx {
script "/etc/keepalived/chk_nginx.sh" # 运行脚本,脚本内容下面有,就是启动一个nginx宕机以后,自动开启服务
interval 2 # 检测时间间隔,每隔两秒运行上一行脚本
weight 10 # 如果脚本运行成功,则升级权重+10
# # weight -10 # 如果脚本运行失败,则升级权重-10
}
# 定义虚拟路由,VI_1 虚拟路由的标识符,自己定义名称。
vrrp_instance VI_1 {
state MASTER # 决定主从,主:MASTER,从:BACKUP
# 网卡名称
interface eth0 #绑定虚拟IP的网络接口,根据自己的机器填写
virtual_router_id 51 #虚拟路由的ID号,两个节点设置必须一样
mcast_src_ip 192.168.67.132 #填写本机IP
priority 50 #节点优先级,主要比从节点优先级高
nopreemt #优先级高的设置nopreemt,解决异常恢复后再次抢占的问题
advert_int 1 #组播信息发送间隔,两个节点设置必须一样,默认1s
authentication {
auth_type PASS
auth_pass 1111
}
#将track_script块加入instance配置模块
track_script {
chk_nginx # 执行Nginx监控的服务
}
virtual_ipaddress {
# 虚拟IP
192.168.67.100 # 虚拟机IP,也就是解决写死程序的IP怎么切换的IP,也可扩展,用途广泛。可配置多个。
}
}
4.3.6 nginx脚本
vi /etc/keepalived/chk_nginx.sh:
#!/bin/bash
A=`ps -C nginx --no-header |wc -l`
# 判断nginx是否宕机,如果宕机了,尝试重启
if [ $A -eq 0 ];then
/usr/local/nginx/sbin/nginx
# 等待一小会再次检查nginx,如果没有启动成功,则停止keepalived,使其启动备用机
sleep 3
if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
killall keepalived
fi
fi
4.3.7 nginx脚本授权
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# chmod u+x chk_nginx.sh
4.3.8 启动keepalived
# 停止keepalived服务
[root@instance-bnjr1fvm sbin]# service keepalived stop
cd /usr/sbin/
rm -f keepalived
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
cp /usr/local/keepalived/sbin/keepalived /etc/sysconfig/
# 重启keepalived服务
[root@instance-bnjr1fvm sbin]# service keepalived restart
# 查看keepalived服务状态
[root@instance-bnjr1fvm sbin]# systemctl status keepalived.service
4.4 访问nginx
地址:http://192.168.67.100/
4.5 删除资源文件
[root@localhost local]# rm -rf keepalived-1.2.18
[root@localhost local]# rm -rf nginx-1.21.1
五、keepalived双机主从热备MASTER、BACKUP版
5.1 双机MASTER
#需要的时候重启keepalived
service keepalived restart
5.1.1 允许vrrp流量,或者允许组播流量
# 允许vrrp流量,或者允许组播流量
[root@psql_standby ~]# vim /etc/sysconfig/iptables
-A INPUT -p vrrp -j ACCEPT
5.1.2 关闭防火墙
systemctl stop firewalld
5.2 双机BACKUP
5.2.1 修改IP、MAC地址、UUID
vi /etc/sysconfig/network-scripts/ifcfg-eth0
5.2.2 修改keepalived配置本机ip
vi /etc/keepalived/keepalived.conf
#修改ip、设置BACKUP、删除nopreemt、降低priority值
# 重启:
service keepalived restart
5.2.3 修改Nginx主页
vi /usr/local/nginx/html/index.html
Master改为Backup
5.3 tcpdump双机检查
# 这个可以看出master机上有显示发送信息,backup机没有发送(一开始双机都有发送信息,后来backup没有发送了)
tcpdump -i eth0 vrrp -n
# 间隔时间内检测
# MASTER机发送的信息
12:37:55.479715 IP 192.168.67.132 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 60, authtype simple, intvl 1s, length 20
# BACKUP机变MASTER发送的信息(期间132机器的prio为0了)
12:41:58.295184 IP 192.168.67.132 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 0, authtype simple, intvl 1s, length 20
12:41:59.106085 IP 192.168.67.133 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 59, authtype simple, intvl 1s, length 20
#上面是关闭防火墙的请求下查看的(MASTER机有虚拟vip,BACKUP机没有虚拟VIP)
#当双机都打开防火墙后,会同时发送信息(双机都又虚拟VIP,主从无法切换,即使双机都关闭防火墙后,偶尔不灵):
13:01:17.077839 IP 192.168.67.133 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 59, authtype simple, intvl 1s, length 20
13:01:17.078411 IP 192.168.67.132 > 224.0.0.18: VRRPv2, Advertisement, vrid 51, prio 60, authtype simple, intvl 1s, length 20
5.4 keepalived状态查看
service keepalived status
# MASTER机
VRRP_Instance(VI_1) Entering MASTER STATE
# BACKUP机
VRRP_Instance(VI_1) Entering BACKUP STATE
# 但是当执行service keepalived stop时,查看status,有错误(未解决):
/etc/rc.d/init.d/keepalived: 第 15 行:.: /etc/sysconfig/keepalived: 无法执行二进制文件
5.5 查看vip
5.5.1 MASTER
[root@localhost init.d]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:38:3d:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.67.132/23 brd 192.168.67.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.67.100/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe38:3d80/64 scope link
valid_lft forever preferred_lft forever
5.5.2 BACKUP
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:38:3d:83 brd ff:ff:ff:ff:ff:ff
inet 192.168.67.133/23 brd 192.168.67.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe38:3d83/64 scope link
valid_lft forever preferred_lft forever
5.6 访问nginx
访问地址:http://192.168.67.100/
Welcome to nginx! LVS+Keepalived+Nginx Master,双机主从热备。
#通过停止master上的keepalived,查看nginx访问页面是否变化
#停止master上的keepalived时,可以看出切换到backup页面
service keepalived stop
Welcome to nginx! LVS+Keepalived+Nginx Backup,双机主从热备。
#启动master上的keepalived时,可以看出切换回master页面
service keepalived start
扫一扫
563
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
