一、架构规划
1、服务器IP地址规划
VIP1:192.168.1.149
VIP2:192.168.1.150
Keepalived1:192.168.1.151
Keepalived2:192.168.1.152
WebServer1:192.168.1.201
WebServer2:192.168.1.202
2、服务器操作系统
所使用的操作系统均为CentOS release 6.6 (Final) x86_64,最小化安装。
3、网络拓扑图
二、配置Nginx代理服务器
此部分Node1与Node2的配置完全相同。
1,准备编译环境
1 |
# yum –y install gccgcc-c++ pcre-devel openssl openssl-devel wget |
2,编译安装nginx
# ./configure \ --prefix=/usr/local/nginx \ --sbin-path=/usr/local/nginx/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --user=nginx \ --group=nginx \ --with-http_ssl_module \ --with-pcre # make && make install
3,为nginx提供SysV init脚本:
# vi /etc/rc.d/init.d/nginx
添加如下内容
#!/bin/sh # # nginx - this script starts and stopsthe nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no"] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/etc/nginx/nginx.conf" [ -f /etc/sysconfig/nginx ] && ./etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`nginx -V 2>&1 | grep "configure arguments:" | sed‘s/[^*]*--user=\([^ ]*\).*/\1/g‘ -` options=`$nginx -V 2>&1 | grep ‘configure arguments:‘` for opt in $options; do if [ `echo $opt | grep ‘.*-temp-path‘` ]; then value=`echo $opt | cut -d"=" -f 2` if [ ! -d "$value" ]; then # echo "creating"$value mkdir -p $value && chown-R $user $value fi fi done } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac
而后为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/nginx
添加至服务管理列表,并让其开机自动启动:
# chkconfig --add nginx
# chkconfig nginx on
4,配置Nginx代理
# cat nginx.conf
user nginx nginx; worker_processes 1; pid /var/run/nginx/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; } http{ include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; upstream backend { ip_hash; server 192.168.1.201:80; server 192.168.1.202:80; } log_format access ‘$remote_addr - $remote_user [$time_local] "$request" ‘ ‘$status $body_bytes_sent "$http_referer" ‘ ‘"$http_user_agent" $http_x_forwarded_for‘; access_log /var/log/nginx/access.log access; server { listen 80; server_name www.test.com; location / { root /var/www/html ; index index.php index.htm index.html; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend; } location /nginx { access_log off; auth_basic "NginxStatus"; } } }
三、安装与配置keepalived
# wgethttp://www.keepalived.org/software/keepalived-1.2.16.tar.gz # yum -y install libnl-devel # ./configure --prefix=/usr/local/keepalived # make && make install # cp /usr/local/keepalived/sbin/keepalived /usr/sbin/ # cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ # cp /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ # mkdir /etc/keepalived # cd /etc/keepalived/ # vim keepalived.conf
以上步骤在两台keepalived机器上都需要进行
下面分别是两节点的配置文件
节点一
! Configuration File for keepalived global_defs { notification_email { [email protected] #接收警报的email地址,可以添加多个 } notification_email_from [email protected] #发件人地址 smtp_connect_timeout 3 #超时时间 smtp_server 127.0.0.1 #发送邮件的服务器 router_id LVS_DEVEL #load balancer的标识ID,用于email警报 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 # 权值要比 back 高 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.149 #vip的地址 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.150 } }
节点二
! Configuration File for keepalived global_defs { notification_email { [email protected] } notification_email_from [email protected] smtp_connect_timeout 3 smtp_server 127.0.0.1 router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth1 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.149 } } vrrp_instance VI_2 { state MASTER interface eth1 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 123456 } virtual_ipaddress { 192.168.1.150 } }
为两节点添加nginx状态监控脚本,由于keepalived本身不能检测到nginx的存活状态,需要借助于第三方脚本来实现,下面是出自余洪春前辈的一个检测脚本,在这里借用一下。
# vim /home/nginx_chk.sh
# chmod +x /home/nginx_chk.sh
#!/bin/bash while : do nginxpid=`ps -C nginx --no-header | wc -l` if [ $nginxpid -eq 0 ];then /usr/local/nginx/sbin/nginx sleep 5 nginxpid=`ps -C nginx --no-header | wc -l` echo $nginxpid if [ $nginxpid -eq 0 ];then /etc/init.d/keepalived stop fi fi sleep 5 done
# chmod +x /home/nginx_chk.sh 后台执行该脚本 # nohup sh /home/nginx_chk.sh &
四、安装web server
这里为了测试我直接使用yum安装两台服务器上的nginx服务。
增加额外资源库
# yum -y install yum-priorities # rpm -Uvh http://mirrors.yun-idc.com/epel/6/x86_64/epel-release-6-8.noarch.rpm # rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm # yum -y install nginx # /etc/init.d/nginx start
五、启动测试
首先测试两台WebServer的可用性
可以看到两台WebServer都运行正常
查看两台keepalived节点的IP情况
使用两个VIP进行访问
停掉一台keepalived服务,查看IP
可以看到VIP已经成功流转到另一节点上,再使用VIP进行访问,依然可以正常访问。
这时重新启动节点一上的keepalived服务,可以看到属于节点一的VIP又重新回到了节点一上。
基本配置到这里就完成了。