Nginx + Keepalived 双主热备
Hwsdien
Contents
说明
system: CentOS release 6.5 (Final)
linux kernel: 2.6.32-431.el6.x86_64
hostname: host-1, IP: 10.211.55.65 VIP: 10.211.55.67
hostname: host-2, IP: 10.211.55.66 VIP: 10.211.55.68
更新源
两台机器都需要更新源
yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
yum clean all
yum makecache
安装依赖
yum install gcc gcc-c++ make cmake ncurses-devel pcre-devel openssl-devel ipvsadm kernel-devel libnl-devel popt-devel -y
防火墙设置
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -d 224.0.0.0/8 -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT
service iptables save
service iptables restart
安装Nginx
两台机器都需要安装Nginx
-
下载
wget http://nginx.org/download/nginx-1.7.9.tar.gz tar zxvf nginx-1.7.9.tar.gz cd nginx-1.7.9 -
安装
useradd -M -r -b /tmp -s /sbin/nologin -d /opt/nginx nginx ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module make -j 4 make install -
设置启动文件
vi /etc/rc.d/init.d/nginx #!/bin/sh # # nginx – this script starts and stops the nginx daemongg # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /opt/nginx/conf/nginx.conf # pidfile: /opt/nginx/logs/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/opt/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf" lockfile=/var/lock/subsys/nginx start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop start } reload() { configtest || return $? echo -n $”Reloading $prog: ” killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac chmod +x /etc/rc.d/init.d/nginx service nginx start
安装Keepalived
两台机器都需要安装Keepalived
-
下载
wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz tar zxvf keepalived-1.2.15.tar.gz cd keepalived-1.2.15 -
安装
./configure --prefix=/opt/keepalived Keepalived configuration ------------------------ Keepalived version : 1.2.15 Compiler : gcc Compiler flags : -g -O2 -DFALLBACK_LIBNL1 Extra Lib : -lssl -lcrypto -lcrypt -lnl Use IPVS Framework : Yes IPVS sync daemon support : Yes IPVS use libnl : Yes fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes SNMP support : No SHA1 support : No Use Debug flags : No make -j 4 make install cp /opt/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ chmod +x /etc/init.d/keepalived cp /opt/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ mkdir -p /etc/keepalived cp /opt/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ ln -s /opt/keepalived/sbin/keepalived /sbin/ chkconfig keepalived on
主服务器(10.211.55.65)配置keepalived
-
keepalived.conf
vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #告警邮箱 } notification_email_from root@localhost #发信邮箱 smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本 interval 2 weight 2 } vrrp_instance VI_1 { state MASTER #主服务器 interface eth0 #网络设备 virtual_router_id 51 #虚拟路由ID priority 100 #优先级,master要比slave 大 advert_int 1 #心跳时间 authentication { auth_type PASS auth_pass yhz.me #认证的密码 } track_script { chk_nginx } virtual_ipaddress { #虚拟IP 10.211.55.67 } } vrrp_instance VI_2 { state BACKUP interface eth0 virtual_router_id 52 priority 99 advert_int 1 authentication { auth_type PASS auth_pass yhz.me } virtual_ipaddress { 10.211.55.68 } } -
chk_nginx.sh
vi /etc/keepalived/chk_nginx.sh #!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then /etc/init.d/nginx restart sleep 3 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then killall keepalived fi fi
从服务器(10.211.55.66)配置keepalived
-
keepalived.conf
vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { [email protected] #告警邮箱 } notification_email_from root@localhost #发信邮箱 smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本 interval 2 weight 2 } vrrp_instance VI_1 { state BACKUP #从服务器 interface eth0 #网络设备 virtual_router_id 51 #虚拟路由ID priority 99 #优先级,master要比slave 大 advert_int 1 authentication { auth_type PASS auth_pass yhz.me #认证的密码 } virtual_ipaddress { #虚拟IP 10.211.55.67 } } vrrp_instance VI_2 { state MASTER interface eth0 virtual_router_id 52 priority 100 advert_int 1 authentication { auth_type PASS auth_pass yhz.me } track_script { chk_nginx } virtual_ipaddress { 10.211.55.68 } } -
chk_nginx.sh
vi /etc/keepalived/chk_nginx.sh #!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then /etc/init.d/nginx restart sleep 3 if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then killall keepalived fi fi
Keepalived操作
-
启动
service keepalived start -
查看是否绑定了虚拟IP
ip a -
停止
service keepalived stop -
重启
service keepalived restart
正常情况的IP显示
-
10.211.55.65
inet 10.211.55.65/24 brd 10.211.55.255 scope global eth0 inet 10.211.55.67/32 scope global eth0 -
10.211.55.66
inet 10.211.55.66/24 brd 10.211.55.255 scope global eth0 inet 10.211.55.68/32 scope global eth0
测试
ping 10.211.55.67
10.211.55.65这台机断网, 重启网络
ping 10.211.55.68
10.211.55.66这台机断网, 重启网络
Nginx的服务测试
打开 http://10.211.55.67
service nginx stop