标签:记录 iptables 自动加载 enforce ipaddr not bsp etc gre
1.准备两台机器A机器:192.168.232.132
B机器:192.168.232.131
A级器作为master,B机器作为backup
2.两台机器都安装:keepalived
A机器 [root@aaa-01 ~]# yum install -y keepalived B机器 [root@bbb-01 ~]# yum install -y keepalived
3.两台机器上都安装nginx
若是A、B机器没有装nginx服务,可以直接 yum安装
因为我A机器上已经源码包安装编译过nginx了所以就不用再安装了
B机器安装完之后启动nginx
[root@bbb-01 ~]# yum install -y nginx [root@bbb-01 ~]# service nginx start Redirecting to /bin/systemctl start nginx.service [root@bbb-01 ~]# ps aux|grep nginx root 16687 0.0 0.0 46364 964 ? Ss 11:51 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 16688 0.0 0.1 46764 1924 ? S 11:51 0:00 nginx: worker process root 16690 0.0 0.0 112676 980 pts/0 R+ 11:51 0:00 grep --color=auto nginx
注意:有时直接yum安装不了,需要安装yum扩展源:yum install -y epel-release
下面是在A机器上操作的
1.更改A机器上的更改keepalived配置文件
默认的配置文件路径在/etc/keepalived/keepalived.conf
清空文件内容
> /etc/keepalived/keepalived.conf
编辑配置文件
vim /etc/keepalived/keepalived.conf
添加加以下内容:
global_defs { notification_email { aming@aminglinux.com } notification_email_from root@aminglinux.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" interval 3 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { 192.168.232.100 } track_script { chk_nginx } }
这里需要注意的是:"virtual_ipaddress"也就是所谓的vip我们设置为192.168.232.100
2.定义监控脚本
脚本路径在keepalived配置文件中有定义,路径为/usr/local/sbin/check_ng.sh
编辑配置文件:
vim /usr/local/sbin/check_ng.sh
增加以下内容:
#!/bin/bash #时间变量,用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量 n=`ps -C nginx --no-heading|wc -l` #如果进程为0,则启动nginx,并且再次检测nginx进程数量, #如果还为0,说明nginx无法启动,此时需要关闭keepalived if [ $n -eq "0" ]; then /etc/init.d/nginx start n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi
3.脚本创建完之后,还需要改变脚本的权限(不更改权限,就无法自动加载脚本,那就无法启动keepalived服务)
[root@aaa-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
4.启动keepalived服务,并查看是否启动成功
[root@aaa-01 ~]# systemctl start keepalived [root@aaa-01 ~]# ps aux |grep keepalived root 34653 0.0 0.1 118652 1400 ? Ss 12:16 0:00 /usr/sbin/keepalived -D root 34654 0.0 0.2 122852 2392 ? S 12:16 0:00 /usr/sbin/keepalived -D root 34655 0.0 0.2 122852 2448 ? S 12:16 0:00 /usr/sbin/keepalived -D root 34661 0.0 0.0 112720 988 pts/1 S+ 12:16 0:00 grep --color=auto keepalived
启动不成功,有可能是防火墙未关闭或者规则限制导致的
systemctl stop firewalld 关闭firewalld iptables -nvL查看防火墙 setenforce 0 临时关闭selinux getenforce命令查看是否为Permissive
这时再来启动keepalived,就会看到keepalived进程服务了
5.这时停止nginx服务
/etc/init.d/nginx stop
再来查看nginx服务进程,会看到自动加载了
[root@aaa-01 ~]# /etc/init.d/nginx stop Stopping nginx (via systemctl): [ 确定 ] [root@aaa-01 ~]# ps aux |grep nginx root 34813 0.0 0.0 20548 628 ? Ss 12:17 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody 34817 0.0 0.3 22992 3216 ? S 12:17 0:00 nginx: worker process nobody 34818 0.0 0.3 22992 3216 ? S 12:17 0:00 nginx: worker process root 34832 0.0 0.0 112720 984 pts/1 R+ 12:17 0:00 grep --color=auto nginx
6.查看ip地址,使用 ip add 命令,可以查看到vip192.168.232.100
[root@aaa-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c2:05:5a brd ff:ff:ff:ff:ff:ff inet 192.168.232.132/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1559sec preferred_lft 1559sec inet 192.168.232.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec2:55a/64 scope link valid_lft forever preferred_lft forever
以下是B机器上的配置
1.自定义B机器keepalived配置文件,更改虚拟IP和主一样的,首先清空B机器keepalived里面自带的配置文件
配置文件路径:/etc/keepalived/keepalived.conf 清空:> /etc/keepalived/keepalived.conf
编辑配置文件:
[root@bbb-01 ~]# vim /etc/keepalived/keepalived.conf
增加以下内容:
global_defs { notification_email { aming@aminglinux.com } notification_email_from root@aminglinux.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_script chk_nginx { script "/usr/local/sbin/check_ng.sh" interval 3 } vrrp_instance VI_1 { state BACKUP //这里 和master不一样的名字 interface eno16777736 //网卡和当前机器一致,否则无法启动keepalived服务 virtual_router_id 51 //和主机器 保持一致 priority 90 //权重,要比主机器小的数值 advert_int 1 authentication { auth_type PASS auth_pass aminglinux>com } virtual_ipaddress { 192.168.74.100 //这里更改为192.168.232.100 } track_script { chk_nginx } }
2.定义监控脚本,路径再keepalived里面已定义过
[root@bbb-01 ~]# vim /usr/local/sbin/check_ng.sh
增加以下内容:
#时间变量,用于记录日志 d=`date --date today +%Y%m%d_%H:%M:%S` #计算nginx进程数量 n=`ps -C nginx --no-heading|wc -l` #如果进程为0,则启动nginx,并且再次检测nginx进程数量, #如果还为0,说明nginx无法启动,此时需要关闭keepalived if [ $n -eq "0" ]; then systemctl start nginx n2=`ps -C nginx --no-heading|wc -l` if [ $n2 -eq "0" ]; then echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log systemctl stop keepalived fi fi
3.改动脚本的权限,设置为755权限
[root@bbb-01 ~]# chmod 755 /usr/local/sbin/check_ng.sh
4.启动keepalived服务:
[root@bbb-01 ~]# systemctl start keepalived [root@bbb-01 ~]# ps aux |grep keep root 19134 0.0 0.1 118608 1384 ? Ss 12:33 0:00 /usr/sbin/keepalived -D root 19135 0.0 0.2 122804 2384 ? S 12:33 0:00 /usr/sbin/keepalived -D root 19136 0.0 0.2 122804 2424 ? S 12:33 0:00 /usr/sbin/keepalived -D root 19143 0.0 0.0 112676 984 pts/0 R+ 12:33 0:00 grep --color=auto keep
区分主和从上的nginx
1.A机器,是源码包安装的nginx(PS:这是lnmp配置好的环境虚拟主机内容)
[root@aaa-01]# cat /usr/local/nginx/conf/vhost/aaa.com.conf server { listen 80 default_server; server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; }
2.索引页:
[root@aaa-01~]# cat /data/wwwroot/default/index.html This is the default sete. [root@aaa-01~]# vim /data/wwwroot/default/index.html #增加内容 master This is the default sete.
3.用网页查看
B机器是yum安装的nginx
默认的索引页在 /usr/share/nginx/html/index.html
[root@bbb-01 ~]# vim /usr/share/nginx/html/index.html #增加内容
backup backup.
网页查看
访问192.168.132.100这个VIP会看到和主机器(即A机器相同的内容),说明现在访问到的是机器master,VIP在master上
测试高可用
1.模拟线上生产环境,主机器宕机环境,最简单直接的方法,就是直接关闭keepalived服务
关闭master机器(即A机器)上的keepalived服务关闭
查看A机器上的VIP被已经释放掉了
[root@aaa-01 ~]# systemctl start keepalived [root@aaa-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c2:05:5a brd ff:ff:ff:ff:ff:ff inet 192.168.232.132/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1532sec preferred_lft 1532sec inet6 fe80::20c:29ff:fec2:55a/64 scope link valid_lft forever preferred_lft forever
2.查看backup机器(即B机器)发现它在监听VIP
[root@bbb-01 ~]# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:fb:fc:6f brd ff:ff:ff:ff:ff:ff inet 192.168.232.131/24 brd 192.168.232.255 scope global dynamic ens33 valid_lft 1179sec preferred_lft 1179sec inet 192.168.232.100/32 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fefb:fc6f/64 scope link valid_lft forever preferred_lft forever
3.浏览器访问vip,会看到已经变成backup机器上的了
这证明成功了,当A机器出现问题B机器就顶了上去
标签:记录 iptables 自动加载 enforce ipaddr not bsp etc gre
原文地址:http://blog.51cto.com/12922638/2155817