nginx 使用 keepalived 部署高可用
一、准备工作
- 准备两台机器 192.168.1.2(master)、192.168.1.3(slave)
- 准备虚拟IP 192.168.1.1
二、安装
1. 安装nginx(两台)
yum -y install nginx
systemctl start nginx
systemctl enable nginx
# master
echo "111111" > /usr/share/nginx/html/index.html
# slave
echo "222222" > /usr/share/nginx/html/index.html
2. 安装keepalived(两台)
安装依赖
yum -y install gcc openssl-devel popt-devel
打开下载页面,找到最新版本 https://www.keepalived.org/download.html
cd /usr/local
wget https://www.keepalived.org/software/keepalived-2.2.4.tar.gz --no-check-certificat
tar -zxvf keepalived-2.2.4.tar.gz
cd keepalived-2.2.4
./configure --prefix=/usr/local/keepalived
make && make install
开机启动
cp keepalived/etc/init.d/keepalived /etc/init.d/
cp keepalived/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
3. 修改配置
vim /etc/keepalived/keepalived.conf
master配置:
! Configuration File for keepalived
global_defs {
#一个没重复的名字即可
router_id nginx_master
}
# 检测nginx是否运行
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20 #脚本结果导致的优先级变更,检测失败(脚本返回非0)则优先级 -5
fall 2 #检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 #检测1次成功就算成功。但不修改优先级
}
vrrp_instance VI_1 {
# 此处不设置为MASTER,通过priority来竞争master
state BACKUP
# 网卡名字,文章下方会给出如何获取网卡名字的方法
interface eth0
# 同一个keepalived集群的virtual_router_id相同
virtual_router_id 51
# 权重,master要大于slave
priority 100
# 主备通讯时间间隔
advert_int 1
# 如果两节点的上联交换机禁用了组播,则采用vrrp单播通告的方式
# 本机ip
unicast_src_ip 192.168.1.2
unicast_peer {
# 其他机器ip
192.168.1.3
}
# 设置nopreempt防止抢占资源
nopreempt
# 主备保持一致
authentication {
auth_type PASS
auth_pass 1111
}
# 与上方nginx运行状况检测呼应
track_script {
chk_nginx
}
virtual_ipaddress {
# 虚拟ip地址(VIP,一个尚未占用的内网ip即可)
192.168.1.1
}
}
slave配置:
! Configuration File for keepalived
global_defs {
#一个没重复的名字即可
router_id nginx_slave
}
# 检测nginx是否运行
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight -20 #脚本结果导致的优先级变更,检测失败(脚本返回非0)则优先级 -5
fall 2 #检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间)
rise 1 #检测1次成功就算成功。但不修改优先级
}
vrrp_instance VI_1 {
# 此处不设置为MASTER,通过priority来竞争master
state BACKUP
# 网卡名字,文章下方会给出如何获取网卡名字的方法
interface eth0
# 同一个keepalived集群的virtual_router_id相同
virtual_router_id 51
# 权重,master要大于slave
priority 90
# 主备通讯时间间隔
advert_int 1
# 如果两节点的上联交换机禁用了组播,则采用vrrp单播通告的方式
# 本机ip
unicast_src_ip 192.168.1.3
unicast_peer {
# 其他机器ip
192.168.1.2
}
# 设置nopreempt防止抢占资源
nopreempt
# 主备保持一致
authentication {
auth_type PASS
auth_pass 1111
}
# 与上方nginx运行状况检测呼应
track_script {
chk_nginx
}
virtual_ipaddress {
# 虚拟ip地址(VIP,一个尚未占用的内网ip即可)
192.168.1.1
}
}
nginx监听脚本:
touch /etc/keepalived/nginx_check.sh
chmod +x /etc/keepalived/nginx_check.sh
vim /etc/keepalived/nginx_check.sh
#! /bin/bash pidof nginx if [ $? -ne 0 ];then /etc/init.d/keepalived stop fi
4. 防止脑裂
# 指定keepalived配置的网卡:enp0s3,固定的VRRP广播地址:224.0.0.18 firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp0s3 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface enp0s3 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --reload # 查看配置的规则 firewall-cmd --direct --get-rules ipv4 filter INPUT firewall-cmd --direct --get-rules ipv4 filter OUTPUT
5. 启动keepalived
service keepalived start
# 配置开机自启动
systemctl enable keepalived
三、 nginx 配置文件同步
yum -y install rsync
yum -y install inotify-tools
浙公网安备 33010602011771号