如何搭建keepalived+nginx+httpd+dns高可用双主反向代理服务器,相信很多没有经验的人对此束手无策,为此本文总结了问题出现的原因和解决方法,通过这篇文章希望你能解决这个问题。
rs服务器安装httpd,ip为:192.168.122.5,192.168.122.6
rs配置好web页面并启动服务
node1两块网卡,一块是外网172.16.0.3,一个内网192.168.122.3
node2两块网卡,一块是外网172.16.0.4,一个内网192.168.122.4
node1配置时间服务器,其余三台来同步时间
nod1配置好nginx反向代理后端两台rs,并测试
nod2配置好nginx反向代理后端两台rs,并测试
yun -y install nginx
http {
upstream webservers {
server 192.168.122.5:80;
server 192.168.122.6:80;
}
server {
location / {
proxy_pass http://webservers;
}
}
两节点安装keepalived
node1配置高可用
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localdomain ##本地通知
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.1.33 ##多播地址
}
#集群1
vrrp_instance VI_1 {
state MASTER ##主节点标志
interface ens33
virtual_router_id 51 #集群1ID
priority 100 #点点优先级,越高就是主
advert_int 1
authentication {
auth_type PASS
auth_pass %^*AJOoj78j.
}
virtual_ipaddress {
172.16.0.90/16 dev ens33 label ens33:0 ##集群VIP
}
}
#集群2
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 44 #集群ID,唯一值,不能跟其他集群ID相同
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass J%(#Qjb78.
}
virtual_ipaddress {
172.16.0.91/16 dev ens33 label ens33:1
}
}
node2配置高可用
[root@node2 keepalived]# vi keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localdomain
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.1.33
}
vrrp_instance VI_1 {
state BACKUP ##集群1的备节点
interface ens33
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass %^*AJOoj78j.
}
virtual_ipaddress {
172.16.0.90/16 dev ens33 label ens33:0
}
}
vrrp_instance VI_2 {
state MASTER ##集群2的主节点,这样就够成了双主模式
interface ens33
virtual_router_id 44
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass J%(#Qjb78.
}
virtual_ipaddress {
172.16.0.91/16 dev ens33 label ens33:1
}
}
到此服务已可以正常使用,测试
curl http://172.16.0.91
curl http://172.16.0.90 均可正常访问到后端两主机
当一台主机出故障时自动降为备节点,另一台会自动接管,服务不会宕机.
停止节点1的服务,查看节点的2rip
systemctl stop keepalived.service
ifconfig
journalctl -f -u keepalived.service 查看日志
建立nginx检测脚本,当一台ngix服务没启的时候同样降为备节点,另一台会自动接管,服务不会宕机.
vi /etc/keepalived/chk_nginx.sh
#!/bin/bash
#
killall -0 nginx || weight -10
增加可执行权限 chmod u+x chk_nginx.sh
配置调用126发邮件设置
1.获取126SSL发送证书
mkdir -p /root/.certs/
cd /root/.certs/
echo -n | openssl s_client -connect smtp.126.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/qq.crt
certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
certutil -L -d /root/.certs/
certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i qq.crt
2.配置postfix
vi /etc/postfix/main.cf
inet_interfaces = all
inet_protocols = all
systemctl enable postfix
systemctl restart postfix
3.配置调用126发邮件
vi /etc/mail.rc
set from=xxxxxxxx@126.com --邮箱用户名
set smtp=smtps://smtp.126.com:465
set smtp-auth-user=xxxxxxxx@126.com --邮箱用户名
set smtp-auth-password=ajbjs465785 --注意这是授权码
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/root/.certs
通知脚本:当成主/备节点时都启动nginx,两个节点都一样
cd /etc/keepalived/
vi notify.sh
#!/bin/bash
#
contact='xxxxxxx@qq.com' --接收邮件的邮箱
notify() {
local mailsubject="$(hostname) to be $1,vip floating"
local mailbody="$(date +'%F %T'):vrrp transition,$(hostname) changed to be $1 "
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
systemctl start nginx ##当成为主节点时启动nginx
notify master;;
backup)
systemctl start nginx ##因为双主模式,所以当成为备节点时不能停止nginx,一定要启动nginx,作为另一个主节点
notify backup;;
fault)
notify fault;;
*)
echo "error"
exit 1 ;;
esac
增加执行权限
chmod u+x notify.sh
测试成为备节点时通知邮件能不能正常发送
./notify.sh backup
在配置文件中全局配置下,集群配置上调用nginx检测脚本,并持续追踪.(见最终配置文件)
vrrp_script chk_nginx {
script "/etc/keepalived/chk_nginx.sh"
fall 3
rise 3
}
在集群内跟踪检测结果.(见最终配置文件)
track_script {
chk_down
chk_nginx
}
在两个集群内部调用通知脚本. (见最终配置文件)
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
查看日志
journalctl -f -u keepalived
测试停止node1,nginx,查看是否降为备节点,查看日志,查看是否邮件通知,查看ip,客户端两个VIP能否正常访问.
最终配置文件
##节点1
[root@node1 keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localdomain
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.1.33
}
vrrp_script chk_nginx {
script "/etc/keepalived/chk_nginx.sh"
fall 3
rise 3
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass %^*AJOoj78j.
}
virtual_ipaddress {
172.16.0.90/16 dev ens33 label ens33:0
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 44
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass J%(#Qjb78.
}
virtual_ipaddress {
172.16.0.91/16 dev ens33 label ens33:1
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
##节点2
cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localdomain
}
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.1.1.33
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass %^*AJOoj78j.
}
virtual_ipaddress {
172.16.0.90/16 dev ens33 label ens33:0
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 44
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass J%(#Qjb78.
}
virtual_ipaddress {
172.16.0.91/16 dev ens33 label ens33:1
}
track_script {
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
dns 服务器.ip:172.16.0.7.将两个VIP 172.16.0.90/91 解析成www.bjs.io,并顺序解析
yum -y install bind
##正向区域数据
vi /etc/named.conf
zone "bjs.io" IN {
type master;
file "bjs.io.zone";
};
##反向区域数据
zone "0.16.172.in-addr.arpa" IN {
type master;
file "0.16.172.in-addr.arpa";
};
##正向区域数据文件
vi /var/named/bjs.io.zone
$TTL 1D
@ IN SOA ns1.bjs.io root.localdomain 2019011601 1H 10M 3D 1D
IN NS ns1
ns1 IN A 172.16.0.7
www IN A 172.16.0.90
www IN A 172.16.0.91
##反向区域数据文件
vi /var/named/0.16.172.in-addr.arpa
$TTL 1D
@ IN SOA ns1.bjs.io root.localdomain 2019011601 1H 10M 3D 1D
IN NS ns1.bjs.io.
7 IN PTR ns1.bjs.io.
90 IN PTR www.bjs.io.
91 IN PTR www.bjs.io.
看完上述内容,你们掌握如何搭建keepalived+nginx+httpd+dns高可用双主反向代理服务器的方法了吗?如果还想学到更多技能或想了解更多相关内容,欢迎关注编程网行业资讯频道,感谢各位的阅读!