您现在的位置是:门户> 系统/运维

keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务
2020-01-20 323人围观 0条评论
简介keepalived + nginx轮询方式 做高可用克负载均衡 访问后端apache web 服务

    keepalived+nginx+apache主备及双活搭建测试

    keepalived+nginx高可用有主备和双活两种方式。主备方式下对外提供一个vip,同时只有一台服务器工作,另一台作备机;双活方式下对外提供两个vip,两台机器互为备份,下面详细说明搭建测试步骤:

    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    配置:

    主机  ip  操作系统    软件  vip
    nginx01 192.168.2.185   Centos7 nginx 端口82 
    keepalived  192.168.2.189
    nginx02 192.168.2.186   Centos7 nginx 端口82
    keepalived  192.168.2.189
    web01   192.168.2.187   Centos7 apache 端口80 /
    web02   192.168.2.188   Centos7 apache 端口80 /
    
    1.nginx01安装nginx
    [root@nginx01 ~]# cat /etc/redhat-release
    CentOS Linux release 7.3.1611 (Core)
    [root@nginx01 ~]# yum -y install gcc-c++
    [root@nginx01 ~]#  yum  -y install  pcre pcre-devel
    [root@nginx01 ~]# yum -y install zlib zlib-devel
    [root@nginx01 ~]# yum -y install openssl openssl-devel
    下载https://nginx.org/en/download.html

    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    https://nginx.org/download/nginx-1.12.2.tar.gz
    
    [root@nginx01 ~]# mkdir software
    [root@nginx01 ~]# cd software/
    [root@nginx01 software]# wget https://nginx.org/download/nginx-1.12.2.tar.gz
    
    [root@nginx01 software]# ls -ltr
    total 960
    -rw-r--r--. 1 root root 981687 Oct 17 21:20 nginx-1.12.2.tar.gz
    [root@nginx01 software]# tar -zxvf nginx-1.12.2.tar.gz
    [root@nginx01 software]# chown -R root.root nginx-1.12.2
    [root@nginx01 software]# groupadd nginx
    [root@nginx01 software]# useradd -g nginx -d /home/nginx -s /sbin/nologin nginx
    [root@nginx01 software]# id nginx
    uid=1000(nginx) gid=1000(nginx) groups=1000(nginx)
    [root@nginx01 software]# grep nginx /etc/passwd
    nginx:x:1000:1000::/home/nginx:/sbin/nologin
    [root@nginx01 software]#
    [root@nginx01 nginx-1.12.2]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_gzip_static_module | tee -a configure_nginx_20180417.log
    .......
    .......
    .......
    Configuration summary
      + using system PCRE library
      + using system OpenSSL library
      + using system zlib library
    
      nginx path prefix: "/usr/local/nginx"
      nginx binary file: "/usr/local/nginx/sbin/nginx"
      nginx modules path: "/usr/local/nginx/modules"
      nginx configuration prefix: "/usr/local/nginx/conf"
      nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
      nginx pid file: "/usr/local/nginx/logs/nginx.pid"
      nginx error log file: "/usr/local/nginx/logs/error.log"
      nginx http access log file: "/usr/local/nginx/logs/access.log"
      nginx http client request body temporary files: "client_body_temp"
      nginx http proxy temporary files: "proxy_temp"
      nginx http fastcgi temporary files: "fastcgi_temp"
      nginx http uwsgi temporary files: "uwsgi_temp"
      nginx http scgi temporary files: "scgi_temp"
    [root@nginx01 nginx-1.12.2]# make && make install | tee -a make_make_install_nginx_20180417.log
    .........
    .........
    .........
    objs/ngx_modules.o \
    -ldl -lpthread -lcrypt -lpcre -lssl -lcrypto -ldl -lz \
    -Wl,-E
    sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
            -e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
            -e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
            -e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
             objs/nginx.8
    make[1]: Leaving directory `/root/software/nginx-1.12.2'
    make -f objs/Makefile install
    make[1]: Entering directory `/root/software/nginx-1.12.2'
    test -d '/usr/local/nginx' || mkdir -p '/usr/local/nginx'
    test -d '/usr/local/nginx/sbin' \
            || mkdir -p '/usr/local/nginx/sbin'
    test ! -f '/usr/local/nginx/sbin/nginx' \
            || mv '/usr/local/nginx/sbin/nginx' \
                    '/usr/local/nginx/sbin/nginx.old'
    cp objs/nginx '/usr/local/nginx/sbin/nginx'
    test -d '/usr/local/nginx/conf' \
            || mkdir -p '/usr/local/nginx/conf'
    cp conf/koi-win '/usr/local/nginx/conf'
    cp conf/koi-utf '/usr/local/nginx/conf'
    cp conf/win-utf '/usr/local/nginx/conf'
    test -f '/usr/local/nginx/conf/mime.types' \
            || cp conf/mime.types '/usr/local/nginx/conf'
    cp conf/mime.types '/usr/local/nginx/conf/mime.types.default'
    test -f '/usr/local/nginx/conf/fastcgi_params' \
            || cp conf/fastcgi_params '/usr/local/nginx/conf'
    cp conf/fastcgi_params \
            '/usr/local/nginx/conf/fastcgi_params.default'
    test -f '/usr/local/nginx/conf/fastcgi.conf' \
            || cp conf/fastcgi.conf '/usr/local/nginx/conf'
    cp conf/fastcgi.conf '/usr/local/nginx/conf/fastcgi.conf.default'
    test -f '/usr/local/nginx/conf/uwsgi_params' \
            || cp conf/uwsgi_params '/usr/local/nginx/conf'
    cp conf/uwsgi_params \
            '/usr/local/nginx/conf/uwsgi_params.default'
    test -f '/usr/local/nginx/conf/scgi_params' \
            || cp conf/scgi_params '/usr/local/nginx/conf'
    cp conf/scgi_params \
            '/usr/local/nginx/conf/scgi_params.default'
    test -f '/usr/local/nginx/conf/nginx.conf' \
            || cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf'
    cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf.default'
    test -d '/usr/local/nginx/logs' \
            || mkdir -p '/usr/local/nginx/logs'
    test -d '/usr/local/nginx/logs' \
            || mkdir -p '/usr/local/nginx/logs'
    test -d '/usr/local/nginx/html' \
            || cp -R html '/usr/local/nginx'
    test -d '/usr/local/nginx/logs' \
            || mkdir -p '/usr/local/nginx/logs'
    make[1]: Leaving directory `/root/software/nginx-1.12.2'
    [root@nginx01 nginx-1.12.2]# cd /usr/local/nginx/sbin/
    [root@nginx01 sbin]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
    [root@nginx01 sbin]# nginx -v
    nginx version: nginx/1.12.2
    [root@nginx01 sbin]#

    查看加载模块

    [root@nginx01 sbin]# nginx -V
    nginx version: nginx/1.12.2
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
    built with OpenSSL 1.0.2k-fips  26 Jan 2017
    TLS SNI support enabled
    configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_gzip_static_module
    [root@nginx01 sbin]#

    Nginx相关启动任务

    [root@nginx01 sbin]# nginx
    [root@nginx01 sbin]# ps -ef | grep  nginx
    root      5241     1  0 00:35 ?        00:00:00 nginx: master process nginx
    nginx     5242  5241  0 00:35 ?        00:00:00 nginx: worker process
    root      5244  2517  1 00:35 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 sbin]# nginx -s stop
    [root@nginx01 sbin]# ps -ef | grep  nginx
    root      5247  2517  0 00:35 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 sbin]# nginx -s quit
    nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
    [root@nginx01 sbin]# nginx
    [root@nginx01 sbin]# nginx -s quit
    [root@nginx01 sbin]# ps -ef | grep  nginx
    root      5254  2517  0 00:36 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 sbin]# nginx
    [root@nginx01 sbin]# nginx -s reload
    [root@nginx01 sbin]#
    [root@nginx01 sbin]# ps -ef | grep  nginx
    root      5257     1  0 00:36 ?        00:00:00 nginx: master process nginx
    nginx     5260  5257  0 00:36 ?        00:00:00 nginx: worker process
    root      5262  2517  0 00:36 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 sbin]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [root@nginx01 sbin]#
    nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。
    nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。
    nginx -s reload:动态加载,当配置文件nginx.conf有变化时执行该命令动态加载。

    Nginx开机自启动

    [root@nginx01 sbin]# cd /etc/rc.d
    [root@nginx01 rc.d]# ls -ltr
    total 4
    -rw-r--r--. 1 root root 473 Nov  7  2016 rc.local
    drwxr-xr-x. 2 root root  70 Mar 12 18:54 init.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc6.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc5.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc4.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc3.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc2.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc1.d
    drwxr-xr-x. 2 root root  45 Mar 12 18:54 rc0.d
    [root@nginx01 rc.d]# cat rc.local
    #!/bin/bash
    # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
    #
    # It is highly advisable to create own systemd services or udev rules
    # to run scripts during boot instead of using this file.
    #
    # In contrast to previous versions due to parallel execution during boot
    # this script will NOT be run after all other services.
    #
    # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
    # that this script will be executed during boot.
    
    touch /var/lock/subsys/local
    [root@nginx01 rc.d]# echo "/usr/local/nginx/sbin/nginx" > rc.local
    [root@nginx01 rc.d]# chmod u+x rc.local
    [root@nginx01 rc.d]# view rc.local
    [root@nginx01 rc.d]# cat rc.local
    /usr/local/nginx/sbin/nginx
    [root@nginx01 rc.d]# ls -ltr rc.local
    -rwxr--r--. 1 root root 28 Apr 18 00:39 rc.local
    [root@nginx01 rc.d]# ps -ef | grep nginx
    root      5257     1  0 00:36 ?        00:00:00 nginx: master process nginx
    nginx     5260  5257  0 00:36 ?        00:00:00 nginx: worker process
    root      5271  2517  0 00:39 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 rc.d]# nginx -s quit
    [root@nginx01 rc.d]# ps -ef | grep nginx
    root      5274  2517  0 00:39 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 rc.d]# ./rc.local
    [root@nginx01 rc.d]# ps -ef | grep nginx
    root      5277     1  0 00:39 ?        00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
    nginx     5278  5277  0 00:39 ?        00:00:00 nginx: worker process
    root      5280  2517  0 00:39 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 rc.d]#

    至此nginx安装成功,nginx02也按nginx01的上面的操作执行一遍

    2.配置nginx

    [root@nginx01 rc.d]# cp -p /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bk.2018
    
    [root@nginx01 rc.d]# grep -v '#' /usr/local/nginx/conf/nginx.conf
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            location / {
                root   html;
                index  index.html index.htm;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    [root@nginx01 rc.d]# cp -p /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bk.2018
    [root@nginx01 rc.d]# vi /usr/local/nginx/conf/nginx.conf
    [root@nginx01 rc.d]# diff /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bk.2018
    34,37d33
    <     upstream webser{
    <              server 192.168.2.187:80;
    <            server 192.168.2.188:80;
    <             }
    48,50c44,45
    <             proxy_pass http://webser;
    <             #root   html;
    <             #index  index.html index.htm;
    ---
    >             root   html;
    >             index  index.html index.htm;
    [root@nginx01 rc.d]# cat /usr/local/nginx/conf/nginx.conf
    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    #pid        logs/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
        #access_log  logs/access.log  main;
        sendfile        on;
        #tcp_nopush     on;
        #keepalive_timeout  0;
        keepalive_timeout  65;
        #gzip  on;
        upstream webser{
                 server 192.168.2.187:80;
                 server 192.168.2.188:80;
                }
        server {
            listen       80;
            server_name  localhost;
            #charset koi8-r;
            #access_log  logs/host.access.log  main;
            location / {
                proxy_pass http://webser;
                #root   html;
                #index  index.html index.htm;
            }
            #error_page  404              /404.html;
            # redirect server error pages to the static page /50x.html
            #
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ \.php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ \.php$ {
            #    root           html;
            #    fastcgi_pass   127.0.0.1:9000;
            #    fastcgi_index  index.php;
            #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            #    include        fastcgi_params;
            #}
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /\.ht {
            #    deny  all;
            #}
        }
        # another virtual host using mix of IP-, name-, and port-based configuration
        #
        #server {
        #    listen       8000;
        #    listen       somename:8080;
        #    server_name  somename  alias  another.alias;
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
        # HTTPS server
        #
        #server {
        #    listen       443 ssl;
        #    server_name  localhost;
        #    ssl_certificate      cert.pem;
        #    ssl_certificate_key  cert.key;
        #    ssl_session_cache    shared:SSL:1m;
        #    ssl_session_timeout  5m;
        #    ssl_ciphers  HIGH:!aNULL:!MD5;
        #    ssl_prefer_server_ciphers  on;
        #    location / {
        #        root   html;
        #        index  index.html index.htm;
        #    }
        #}
    }
    [root@nginx01 rc.d]#
    
    [root@nginx01 rc.d]# grep -v '#'  /usr/local/nginx/conf/nginx.conf
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        upstream webser{
                 server 192.168.2.187:80;
                 server 192.168.2.188:80;
                }
        server {
            listen       80;
            server_name  localhost;
            location / {
                proxy_pass http://webser;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    
    }
    重启nginx生效
    [root@nginx01 rc.d]# nginx -s reload
    [root@nginx01 rc.d]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [root@nginx01 rc.d]# nginx -s quit
    [root@nginx01 rc.d]# ps -ef | grep nginx
    root      5299  2517  0 00:52 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 rc.d]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [root@nginx01 rc.d]# nginx
    [root@nginx01 rc.d]# ps -ef | grep nginx
    root      5302     1  0 00:52 ?        00:00:00 nginx: master process nginx
    nginx     5303  5302  0 00:52 ?        00:00:00 nginx: worker process
    root      5305  2517  0 00:52 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx01 rc.d]#
    
    nginx01  nginx配置完成
    
    nginx02 也按照上面一样的配置
    [root@nginx02 rc.d]# cp -p /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf.bk.20180417
    [root@nginx01 rc.d]# scp -p /usr/local/nginx/conf/nginx.conf 192.168.2.186:/usr/local/nginx/conf/nginx.conf
    The authenticity of host '192.168.2.186 (192.168.2.186)' can't be established.
    ECDSA key fingerprint is eb:04:83:e8:3d:6e:e6:95:f0:c6:9c:6c:ba:78:34:66.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.2.186' (ECDSA) to the list of known hosts.
    root@192.168.2.186's password:
    nginx.conf                                    100% 2800     2.7KB/s   00:00
    [root@nginx01 rc.d]#
    [root@nginx02 rc.d]# grep -v '#' /usr/local/nginx/conf/nginx.conf
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        upstream webser{
                 server 192.168.2.187:80;
                 server 192.168.2.188:80;
                }
        server {
            listen       80;
            server_name  localhost;
            location / {
                proxy_pass http://webser;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    [root@nginx02 rc.d]# nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    [root@nginx02 rc.d]# nginx
    [root@nginx02 rc.d]# ps -ef | grep  nginx
    root      5306     1  0 00:57 ?        00:00:00 nginx: master process nginx
    nginx     5307  5306  0 00:57 ?        00:00:00 nginx: worker process
    root      5309  2524  0 00:57 pts/0    00:00:00 grep --color=auto nginx
    [root@nginx02 rc.d]#

    至此2台nginx配置成功

    3.keepalived 的安装

    [root@nginx01 softare]# pwd
    /root/softare
    [root@nginx01 software]# yum -y install keepalived | tee -a install_keepalived_20180417.log
    [root@nginx02 softare]# yum -y install keepalived | tee -a install_keepalived_20180417.log
    
    Keepalived 配置
    查看keepalived 安装了那些文件
    [root@nginx01 softare]# rpm -qa keepalived
    keepalived-1.3.5-1.el7.x86_64
    [root@nginx02 softare]# rpm -ql keepalived
    /etc/keepalived
    /etc/keepalived/keepalived.conf
    /etc/sysconfig/keepalived
    /usr/bin/genhash
    /usr/lib/systemd/system/keepalived.service
    /usr/libexec/keepalived
    /usr/sbin/keepalived
    /usr/share/doc/keepalived-1.3.5
    /usr/share/doc/keepalived-1.3.5/AUTHOR
    /usr/share/doc/keepalived-1.3.5/CONTRIBUTORS
    /usr/share/doc/keepalived-1.3.5/COPYING
    /usr/share/doc/keepalived-1.3.5/ChangeLog
    /usr/share/doc/keepalived-1.3.5/NOTE_vrrp_vmac.txt
    /usr/share/doc/keepalived-1.3.5/README
    /usr/share/doc/keepalived-1.3.5/TODO
    /usr/share/doc/keepalived-1.3.5/keepalived.conf.SYNOPSIS
    /usr/share/doc/keepalived-1.3.5/samples
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.HTTP_GET.port
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.IPv6
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SMTP_CHECK
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.SSL_GET
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.fwmark
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.inhibit
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.misc_check_arg
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.quorum
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.sample
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.status_code
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.track_interface
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtual_server_group
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.virtualhost
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.localcheck
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.lvs_syncd
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.routes
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.rules
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.scripts
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.static_ipaddress
    /usr/share/doc/keepalived-1.3.5/samples/keepalived.conf.vrrp.sync
    /usr/share/doc/keepalived-1.3.5/samples/sample.misccheck.smbcheck.sh
    /usr/share/man/man1/genhash.1.gz
    /usr/share/man/man5/keepalived.conf.5.gz
    /usr/share/man/man8/keepalived.8.gz
    /usr/share/snmp/mibs/KEEPALIVED-MIB.txt
    /usr/share/snmp/mibs/VRRP-MIB.txt
    /usr/share/snmp/mibs/VRRPv3-MIB.txt
    [root@nginx02 softare]#
    
    [root@nginx01 software]# cat /etc/keepalived/keepalived.conf                      ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id LVS_DEVEL1
       vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0
       vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 1
      rise 10
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }
    [root@nginx01 software]#
    
    [root@nginx01 software]# vi /etc/keepalived/check_nginx.sh
    [root@nginx01 software]# chmod u+x /etc/keepalived/check_nginx.sh
    [root@nginx01 software]# cat /etc/keepalived/check_nginx.sh
    #!/bin/bash
    A=`ps -C nginx --no-header |wc -l`
    if [ $A -eq 0 ];then
          /usr/local/nginx/sbin/nginx
          if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
          pkill keep
          fi
    fi
    [root@nginx01 software]#
    [root@nginx01 ~]# systemctl start keepalived
    [root@nginx01 ~]# systemctl enable  keepalived
    Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
    [root@nginx01 ~]#

    nginx01上的keepalived 配置完成

    配置nginx02上的keepalived
    [root@nginx02 softare]# cat /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id LVS_DEVEL2
       vrrp_skip_check_adv_addr
       vrrp_strict
       vrrp_garp_interval 0
       vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 2
      rise 1
    }
    vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 51
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }

    该脚本用户检测nginx进程是否存在,若不存在则重启,若重启失败则直接杀掉keepalived进程,触发切换。(若没有pkill命令请先安装)

    [root@nginx02 softare]# vi "/etc/keepalived/check_nginx.sh"
    [root@nginx02 softare]# cat "/etc/keepalived/check_nginx.sh"
    #!/bin/bash
    A=`ps -C nginx --no-header |wc -l`
    if [ $A -eq 0 ];then
          /usr/local/nginx/sbin/nginx
          if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
          pkill keep
          fi
    fi
    [root@nginx02 ~]# chmod u+x "/etc/keepalived/check_nginx.sh"
    [root@nginx02 softare]#
    [root@nginx02 ~]#  systemctl start keepalived
    [root@nginx02 ~]# systemctl enable  keepalived
    Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

    Nginx02上的keepalived配置完成

    Apache安装
    在web01和web02上分别安装apache
    [root@web01 software]# yum -y install httpd httpd-devel | tee -a yum_install_apache_20180417.log
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: mirrors.aliyun.com
     * extras: mirrors.aliyun.com
     * updates: mirrors.aliyun.com
    Resolving Dependencies
    --> Running transaction check
    ---> Package httpd.x86_64 0:2.4.6-67.el7.centos.6 will be installed
    --> Processing Dependency: httpd-tools = 2.4.6-67.el7.centos.6 for package: httpd-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-67.el7.centos.6.x86_64
    ---> Package httpd-devel.x86_64 0:2.4.6-67.el7.centos.6 will be installed
    --> Processing Dependency: perl >= 5.004 for package: httpd-devel-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: perl(strict) for package: httpd-devel-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: apr-util-devel for package: httpd-devel-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: apr-devel for package: httpd-devel-2.4.6-67.el7.centos.6.x86_64
    --> Processing Dependency: /usr/bin/perl for package: httpd-devel-2.4.6-67.el7.centos.6.x86_64
    --> Running transaction check
    ---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
    ---> Package apr-devel.x86_64 0:1.4.8-3.el7_4.1 will be installed
    ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
    ---> Package apr-util-devel.x86_64 0:1.5.2-6.el7 will be installed
    --> Processing Dependency: openldap-devel(x86-64) for package: apr-util-devel-1.5.2-6.el7.x86_64
    --> Processing Dependency: libdb-devel(x86-64) for package: apr-util-devel-1.5.2-6.el7.x86_64
    --> Processing Dependency: expat-devel(x86-64) for package: apr-util-devel-1.5.2-6.el7.x86_64
    ---> Package httpd-tools.x86_64 0:2.4.6-67.el7.centos.6 will be installed
    ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
    ---> Package perl.x86_64 4:5.16.3-292.el7 will be installed
    --> Processing Dependency: perl-libs = 4:5.16.3-292.el7 for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl-macros for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl-libs for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Getopt::Long) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Processing Dependency: libperl.so()(64bit) for package: 4:perl-5.16.3-292.el7.x86_64
    --> Running transaction check
    ---> Package expat-devel.x86_64 0:2.1.0-10.el7_3 will be installed
    --> Processing Dependency: expat = 2.1.0-10.el7_3 for package: expat-devel-2.1.0-10.el7_3.x86_64
    ---> Package libdb-devel.x86_64 0:5.3.21-21.el7_4 will be installed
    --> Processing Dependency: libdb(x86-64) = 5.3.21-21.el7_4 for package: libdb-devel-5.3.21-21.el7_4.x86_64
    ---> Package openldap-devel.x86_64 0:2.4.44-5.el7 will be installed
    --> Processing Dependency: openldap(x86-64) = 2.4.44-5.el7 for package: openldap-devel-2.4.44-5.el7.x86_64
    --> Processing Dependency: cyrus-sasl-devel(x86-64) for package: openldap-devel-2.4.44-5.el7.x86_64
    ---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed
    ---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed
    ---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed
    ---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed
    ---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed
    ---> Package perl-Getopt-Long.noarch 0:2.40-2.el7 will be installed
    --> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-2.el7.noarch
    --> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-2.el7.noarch
    ---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed
    ---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed
    --> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
    --> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
    ---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed
    ---> Package perl-Socket.x86_64 0:2.010-4.el7 will be installed
    ---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed
    ---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed
    ---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed
    ---> Package perl-constant.noarch 0:1.27-2.el7 will be installed
    ---> Package perl-libs.x86_64 4:5.16.3-292.el7 will be installed
    ---> Package perl-macros.x86_64 4:5.16.3-292.el7 will be installed
    ---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed
    ---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed
    --> Running transaction check
    ---> Package cyrus-sasl-devel.x86_64 0:2.1.26-21.el7 will be installed
    --> Processing Dependency: cyrus-sasl-lib(x86-64) = 2.1.26-21.el7 for package: cyrus-sasl-devel-2.1.26-21.el7.x86_64
    --> Processing Dependency: cyrus-sasl(x86-64) = 2.1.26-21.el7 for package: cyrus-sasl-devel-2.1.26-21.el7.x86_64
    ---> Package expat.x86_64 0:2.1.0-8.el7 will be updated
    ---> Package expat.x86_64 0:2.1.0-10.el7_3 will be an update
    ---> Package libdb.x86_64 0:5.3.21-19.el7 will be updated
    --> Processing Dependency: libdb(x86-64) = 5.3.21-19.el7 for package: libdb-utils-5.3.21-19.el7.x86_64
    ---> Package libdb.x86_64 0:5.3.21-21.el7_4 will be an update
    ---> Package openldap.x86_64 0:2.4.40-13.el7 will be updated
    ---> Package openldap.x86_64 0:2.4.44-5.el7 will be an update
    ---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed
    ---> Package perl-Pod-Escapes.noarch 1:1.04-292.el7 will be installed
    ---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed
    --> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch
    --> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch
    ---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed
    --> Running transaction check
    ---> Package cyrus-sasl.x86_64 0:2.1.26-21.el7 will be installed
    ---> Package cyrus-sasl-lib.x86_64 0:2.1.26-20.el7_2 will be updated
    ---> Package cyrus-sasl-lib.x86_64 0:2.1.26-21.el7 will be an update
    ---> Package libdb-utils.x86_64 0:5.3.21-19.el7 will be updated
    ---> Package libdb-utils.x86_64 0:5.3.21-21.el7_4 will be an update
    ---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed
    --> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
    --> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
    ---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed
    --> Running transaction check
    ---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed
    ---> Package perl-parent.noarch 1:0.225-244.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package                   Arch      Version                   Repository  Size
    ================================================================================
    Installing:
     httpd                     x86_64    2.4.6-67.el7.centos.6     updates    2.7 M
     httpd-devel               x86_64    2.4.6-67.el7.centos.6     updates    194 k
    Installing for dependencies:
     apr                       x86_64    1.4.8-3.el7_4.1           updates    103 k
     apr-devel                 x86_64    1.4.8-3.el7_4.1           updates    188 k
     apr-util                  x86_64    1.5.2-6.el7               base        92 k
     apr-util-devel            x86_64    1.5.2-6.el7               base        76 k
     cyrus-sasl                x86_64    2.1.26-21.el7             base        88 k
     cyrus-sasl-devel          x86_64    2.1.26-21.el7             base       310 k
     expat-devel               x86_64    2.1.0-10.el7_3            base        57 k
     httpd-tools               x86_64    2.4.6-67.el7.centos.6     updates     88 k
     libdb-devel               x86_64    5.3.21-21.el7_4           updates     38 k
     mailcap                   noarch    2.1.41-2.el7              base        31 k
     openldap-devel            x86_64    2.4.44-5.el7              base       801 k
     perl                      x86_64    4:5.16.3-292.el7          base       8.0 M
     perl-Carp                 noarch    1.26-244.el7              base        19 k
     perl-Encode               x86_64    2.51-7.el7                base       1.5 M
     perl-Exporter             noarch    5.68-3.el7                base        28 k
     perl-File-Path            noarch    2.09-2.el7                base        26 k
     perl-File-Temp            noarch    0.23.01-3.el7             base        56 k
     perl-Filter               x86_64    1.49-3.el7                base        76 k
     perl-Getopt-Long          noarch    2.40-2.el7                base        56 k
     perl-HTTP-Tiny            noarch    0.033-3.el7               base        38 k
     perl-PathTools            x86_64    3.40-5.el7                base        82 k
     perl-Pod-Escapes          noarch    1:1.04-292.el7            base        51 k
     perl-Pod-Perldoc          noarch    3.20-4.el7                base        87 k
     perl-Pod-Simple           noarch    1:3.28-4.el7              base       216 k
     perl-Pod-Usage            noarch    1.63-3.el7                base        27 k
     perl-Scalar-List-Utils    x86_64    1.27-248.el7              base        36 k
     perl-Socket               x86_64    2.010-4.el7               base        49 k
     perl-Storable             x86_64    2.45-3.el7                base        77 k
     perl-Text-ParseWords      noarch    3.29-4.el7                base        14 k
     perl-Time-HiRes           x86_64    4:1.9725-3.el7            base        45 k
     perl-Time-Local           noarch    1.2300-2.el7              base        24 k
     perl-constant             noarch    1.27-2.el7                base        19 k
     perl-libs                 x86_64    4:5.16.3-292.el7          base       688 k
     perl-macros               x86_64    4:5.16.3-292.el7          base        43 k
     perl-parent               noarch    1:0.225-244.el7           base        12 k
     perl-podlators            noarch    2.5.1-3.el7               base       112 k
     perl-threads              x86_64    1.87-4.el7                base        49 k
     perl-threads-shared       x86_64    1.43-6.el7                base        39 k
    Updating for dependencies:
     cyrus-sasl-lib            x86_64    2.1.26-21.el7             base       155 k
     expat                     x86_64    2.1.0-10.el7_3            base        81 k
     libdb                     x86_64    5.3.21-21.el7_4           updates    719 k
     libdb-utils               x86_64    5.3.21-21.el7_4           updates    132 k
     openldap                  x86_64    2.4.44-5.el7              base       354 k
    
    Transaction Summary
    ================================================================================
    Install  2 Packages (+38 Dependent packages)
    Upgrade             (  5 Dependent packages)
    
    Total download size: 17 M
    Downloading packages:
    Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
    --------------------------------------------------------------------------------
    Total                                              667 kB/s |  17 MB  00:26
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Updating   : libdb-5.3.21-21.el7_4.x86_64                                1/50
      Updating   : expat-2.1.0-10.el7_3.x86_64                                 2/50
      Installing : apr-1.4.8-3.el7_4.1.x86_64                                  3/50
      Installing : apr-util-1.5.2-6.el7.x86_64                                 4/50
      Updating   : cyrus-sasl-lib-2.1.26-21.el7.x86_64                         5/50
      Updating   : openldap-2.4.44-5.el7.x86_64                                6/50
      Installing : apr-devel-1.4.8-3.el7_4.1.x86_64                            7/50
      Installing : cyrus-sasl-2.1.26-21.el7.x86_64                             8/50
      Installing : cyrus-sasl-devel-2.1.26-21.el7.x86_64                       9/50
      Installing : openldap-devel-2.4.44-5.el7.x86_64                         10/50
      Installing : httpd-tools-2.4.6-67.el7.centos.6.x86_64                   11/50
      Installing : expat-devel-2.1.0-10.el7_3.x86_64                          12/50
      Installing : libdb-devel-5.3.21-21.el7_4.x86_64                         13/50
      Installing : apr-util-devel-1.5.2-6.el7.x86_64                          14/50
      Installing : 1:perl-parent-0.225-244.el7.noarch                         15/50
      Installing : perl-HTTP-Tiny-0.033-3.el7.noarch                          16/50
      Installing : perl-podlators-2.5.1-3.el7.noarch                          17/50
      Installing : perl-Pod-Perldoc-3.20-4.el7.noarch                         18/50
      Installing : 1:perl-Pod-Escapes-1.04-292.el7.noarch                     19/50
      Installing : perl-Text-ParseWords-3.29-4.el7.noarch                     20/50
      Installing : perl-Encode-2.51-7.el7.x86_64                              21/50
      Installing : perl-Pod-Usage-1.63-3.el7.noarch                           22/50
      Installing : 4:perl-macros-5.16.3-292.el7.x86_64                        23/50
      Installing : 4:perl-libs-5.16.3-292.el7.x86_64                          24/50
      Installing : perl-Storable-2.45-3.el7.x86_64                            25/50
      Installing : perl-Exporter-5.68-3.el7.noarch                            26/50
      Installing : perl-constant-1.27-2.el7.noarch                            27/50
      Installing : perl-Time-Local-1.2300-2.el7.noarch                        28/50
      Installing : perl-Socket-2.010-4.el7.x86_64                             29/50
      Installing : perl-Carp-1.26-244.el7.noarch                              30/50
      Installing : 4:perl-Time-HiRes-1.9725-3.el7.x86_64                      31/50
      Installing : perl-PathTools-3.40-5.el7.x86_64                           32/50
      Installing : perl-Scalar-List-Utils-1.27-248.el7.x86_64                 33/50
      Installing : perl-File-Temp-0.23.01-3.el7.noarch                        34/50
      Installing : perl-File-Path-2.09-2.el7.noarch                           35/50
      Installing : perl-threads-shared-1.43-6.el7.x86_64                      36/50
      Installing : perl-threads-1.87-4.el7.x86_64                             37/50
      Installing : perl-Filter-1.49-3.el7.x86_64                              38/50
      Installing : 1:perl-Pod-Simple-3.28-4.el7.noarch                        39/50
      Installing : perl-Getopt-Long-2.40-2.el7.noarch                         40/50
      Installing : 4:perl-5.16.3-292.el7.x86_64                               41/50
      Installing : mailcap-2.1.41-2.el7.noarch                                42/50
      Installing : httpd-2.4.6-67.el7.centos.6.x86_64                         43/50
      Installing : httpd-devel-2.4.6-67.el7.centos.6.x86_64                   44/50
      Updating   : libdb-utils-5.3.21-21.el7_4.x86_64                         45/50
      Cleanup    : libdb-utils-5.3.21-19.el7.x86_64                           46/50
      Cleanup    : openldap-2.4.40-13.el7.x86_64                              47/50
      Cleanup    : cyrus-sasl-lib-2.1.26-20.el7_2.x86_64                      48/50
      Cleanup    : libdb-5.3.21-19.el7.x86_64                                 49/50
      Cleanup    : expat-2.1.0-8.el7.x86_64                                   50/50
      Verifying  : perl-HTTP-Tiny-0.033-3.el7.noarch                           1/50
      Verifying  : mailcap-2.1.41-2.el7.noarch                                 2/50
      Verifying  : perl-threads-shared-1.43-6.el7.x86_64                       3/50
      Verifying  : perl-Storable-2.45-3.el7.x86_64                             4/50
      Verifying  : apr-1.4.8-3.el7_4.1.x86_64                                  5/50
      Verifying  : perl-Exporter-5.68-3.el7.noarch                             6/50
      Verifying  : perl-constant-1.27-2.el7.noarch                             7/50
      Verifying  : perl-PathTools-3.40-5.el7.x86_64                            8/50
      Verifying  : 4:perl-macros-5.16.3-292.el7.x86_64                         9/50
      Verifying  : perl-File-Temp-0.23.01-3.el7.noarch                        10/50
      Verifying  : httpd-devel-2.4.6-67.el7.centos.6.x86_64                   11/50
      Verifying  : expat-devel-2.1.0-10.el7_3.x86_64                          12/50
      Verifying  : 1:perl-parent-0.225-244.el7.noarch                         13/50
      Verifying  : 4:perl-5.16.3-292.el7.x86_64                               14/50
      Verifying  : cyrus-sasl-lib-2.1.26-21.el7.x86_64                        15/50
      Verifying  : httpd-tools-2.4.6-67.el7.centos.6.x86_64                   16/50
      Verifying  : cyrus-sasl-devel-2.1.26-21.el7.x86_64                      17/50
      Verifying  : 1:perl-Pod-Simple-3.28-4.el7.noarch                        18/50
      Verifying  : perl-Time-Local-1.2300-2.el7.noarch                        19/50
      Verifying  : 4:perl-libs-5.16.3-292.el7.x86_64                          20/50
      Verifying  : perl-Pod-Perldoc-3.20-4.el7.noarch                         21/50
      Verifying  : perl-Socket-2.010-4.el7.x86_64                             22/50
      Verifying  : perl-Carp-1.26-244.el7.noarch                              23/50
      Verifying  : perl-podlators-2.5.1-3.el7.noarch                          24/50
      Verifying  : apr-util-1.5.2-6.el7.x86_64                                25/50
      Verifying  : 4:perl-Time-HiRes-1.9725-3.el7.x86_64                      26/50
      Verifying  : openldap-2.4.44-5.el7.x86_64                               27/50
      Verifying  : perl-Scalar-List-Utils-1.27-248.el7.x86_64                 28/50
      Verifying  : 1:perl-Pod-Escapes-1.04-292.el7.noarch                     29/50
      Verifying  : libdb-5.3.21-21.el7_4.x86_64                               30/50
      Verifying  : perl-Pod-Usage-1.63-3.el7.noarch                           31/50
      Verifying  : libdb-devel-5.3.21-21.el7_4.x86_64                         32/50
      Verifying  : perl-Encode-2.51-7.el7.x86_64                              33/50
      Verifying  : libdb-utils-5.3.21-21.el7_4.x86_64                         34/50
      Verifying  : perl-Getopt-Long-2.40-2.el7.noarch                         35/50
      Verifying  : apr-devel-1.4.8-3.el7_4.1.x86_64                           36/50
      Verifying  : perl-File-Path-2.09-2.el7.noarch                           37/50
      Verifying  : apr-util-devel-1.5.2-6.el7.x86_64                          38/50
      Verifying  : httpd-2.4.6-67.el7.centos.6.x86_64                         39/50
      Verifying  : perl-threads-1.87-4.el7.x86_64                             40/50
      Verifying  : expat-2.1.0-10.el7_3.x86_64                                41/50
      Verifying  : perl-Filter-1.49-3.el7.x86_64                              42/50
      Verifying  : perl-Text-ParseWords-3.29-4.el7.noarch                     43/50
      Verifying  : openldap-devel-2.4.44-5.el7.x86_64                         44/50
      Verifying  : cyrus-sasl-2.1.26-21.el7.x86_64                            45/50
      Verifying  : cyrus-sasl-lib-2.1.26-20.el7_2.x86_64                      46/50
      Verifying  : libdb-5.3.21-19.el7.x86_64                                 47/50
      Verifying  : expat-2.1.0-8.el7.x86_64                                   48/50
      Verifying  : libdb-utils-5.3.21-19.el7.x86_64                           49/50
      Verifying  : openldap-2.4.40-13.el7.x86_64                              50/50
    
    Installed:
      httpd.x86_64 0:2.4.6-67.el7.centos.6
      httpd-devel.x86_64 0:2.4.6-67.el7.centos.6
    
    Dependency Installed:
      apr.x86_64 0:1.4.8-3.el7_4.1
      apr-devel.x86_64 0:1.4.8-3.el7_4.1
      apr-util.x86_64 0:1.5.2-6.el7
      apr-util-devel.x86_64 0:1.5.2-6.el7
      cyrus-sasl.x86_64 0:2.1.26-21.el7
      cyrus-sasl-devel.x86_64 0:2.1.26-21.el7
      expat-devel.x86_64 0:2.1.0-10.el7_3
      httpd-tools.x86_64 0:2.4.6-67.el7.centos.6
      libdb-devel.x86_64 0:5.3.21-21.el7_4
      mailcap.noarch 0:2.1.41-2.el7
      openldap-devel.x86_64 0:2.4.44-5.el7
      perl.x86_64 4:5.16.3-292.el7
      perl-Carp.noarch 0:1.26-244.el7
      perl-Encode.x86_64 0:2.51-7.el7
      perl-Exporter.noarch 0:5.68-3.el7
      perl-File-Path.noarch 0:2.09-2.el7
      perl-File-Temp.noarch 0:0.23.01-3.el7
      perl-Filter.x86_64 0:1.49-3.el7
      perl-Getopt-Long.noarch 0:2.40-2.el7
      perl-HTTP-Tiny.noarch 0:0.033-3.el7
      perl-PathTools.x86_64 0:3.40-5.el7
      perl-Pod-Escapes.noarch 1:1.04-292.el7
      perl-Pod-Perldoc.noarch 0:3.20-4.el7
      perl-Pod-Simple.noarch 1:3.28-4.el7
      perl-Pod-Usage.noarch 0:1.63-3.el7
      perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
      perl-Socket.x86_64 0:2.010-4.el7
      perl-Storable.x86_64 0:2.45-3.el7
      perl-Text-ParseWords.noarch 0:3.29-4.el7
      perl-Time-HiRes.x86_64 4:1.9725-3.el7
      perl-Time-Local.noarch 0:1.2300-2.el7
      perl-constant.noarch 0:1.27-2.el7
      perl-libs.x86_64 4:5.16.3-292.el7
      perl-macros.x86_64 4:5.16.3-292.el7
      perl-parent.noarch 1:0.225-244.el7
      perl-podlators.noarch 0:2.5.1-3.el7
      perl-threads.x86_64 0:1.87-4.el7
      perl-threads-shared.x86_64 0:1.43-6.el7
    
    Dependency Updated:
      cyrus-sasl-lib.x86_64 0:2.1.26-21.el7   expat.x86_64 0:2.1.0-10.el7_3
      libdb.x86_64 0:5.3.21-21.el7_4          libdb-utils.x86_64 0:5.3.21-21.el7_4
      openldap.x86_64 0:2.4.44-5.el7
    
    Complete!
    [root@web01 software]#
    
    [root@web02 software]# yum -y install httpd httpd-devel | tee -a yum_install_apache_20180417.log
    
    [root@web01 software]# systemctl start httpd
    [root@web01 software]# systemctl enable httpd
    Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
    [root@web01 software]# echo web01-192.168.2.187 > /var/www/html/index.html
    [root@web01 software]#
    
    [root@web02 software]# systemctl start httpd
    [root@web02 software]# systemctl enable httpd
    Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
    [root@web02 software]#  echo web02-192.168.2.188 > /var/www/html/index.html
    [root@web02 software]#

    关闭所有服务器的防火墙和selinux

    [root@nginx01 ~]# systemctl stop firewalld.service
    [root@nginx01 ~]# systemctl disable firewalld.service
    Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
    Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
    [root@nginx01 ~]# firewall-cmd --state
    not running
    [root@nginx01 ~]# sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    [root@nginx01 ~]# setenforce 0
    [root@nginx01 ~]# sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   permissive
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    [root@nginx01 ~]# vi /etc/selinux/config
    [root@nginx01 ~]# grep -v '#' /etc/selinux/config
    SELINUX=disabled
    SELINUXTYPE=targeted
    [root@nginx01 ~]#

    重启所有服务

    [root@nginx01 ~]# nginx -s reload
    [root@nginx01 ~]# systemctl restart keepalived
    [root@nginx02 ~]# nginx -s reload
    [root@nginx02 ~]# systemctl restart keepalived
    [root@nginx02 ~]#
    [root@web01 software]# systemctl restart httpd
    [root@web01 software]#
    [root@web02 software]# systemctl restart httpd
    [root@web02 software]#

    高可用测试

    [root@nginx01 ~]# ip ad
    1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host
           valid_lft forever preferred_lft forever
    2: ens33:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 00:0c:29:6f:aa:40 brd ff:ff:ff:ff:ff:ff
        inet 192.168.2.185/24 brd 192.168.2.255 scope global ens33
           valid_lft forever preferred_lft forever
        inet 192.168.2.189/32 scope global ens33
           valid_lft forever preferred_lft forever
        inet6 fe80::6ceb:c635:2a8e:56b1/64 scope link
           valid_lft forever preferred_lft forever
        inet6 fe80::acee:8487:9f9d:5909/64 scope link tentative dadfailed
           valid_lft forever preferred_lft forever
        inet6 fe80::1766:5ed5:664c:7324/64 scope link tentative dadfailed
           valid_lft forever preferred_lft forever
    [root@nginx01 ~]#

    无法通过访问192.168.2.189

    修改keepalived 配置
    [root@nginx01 ~]# cat  /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id proxy1
       #vrrp_skip_check_adv_addr
       #vrrp_strict
       #vrrp_garp_interval 0
       #vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 1
      rise 10
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }
    [root@nginx01 ~]#
    
    [root@nginx02 ~]# cat  /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id proxy2
       #vrrp_skip_check_adv_addr
       #vrrp_strict
       #vrrp_garp_interval 0
       #vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 2
      rise 1
    }
    vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 51
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }
    [root@nginx02 ~]#

    重启上面2个keepalived.

    继续测试

    1.先确保web01和web02可以直接访问
    Web01:
    ![](https://s1.51cto.com/images/blog/201804/23/0f18667d461dd918adcc7697d846b0c2.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    
    Web02:
    ![](https://s1.51cto.com/images/blog/201804/23/9be3721d1c53559cc4a0e87455030c6d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    
    查看nginx01和nginx02 IP
    [root@nginx01 ~]# ip ad | grep  192.168
        inet 192.168.2.185/24 brd 192.168.2.255 scope global ens33
        inet 192.168.2.189/32 scope global ens33
    
    [root@nginx02 ~]# ip ad | grep  192.168
        inet 192.168.2.186/24 brd 192.168.2.255 scope global ens33
    [root@nginx02 ~]#
    
    可见当前是nginx01提供keepalived 服务
    
    访问vritual IP 192.168.2.189
    可见keepalived 是基于nginx已IP轮询方式提供服务
    
    ![](https://s1.51cto.com/images/blog/201804/18/8b3de4baae37910a8cbf503ce2926f71.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    
    ![](https://s1.51cto.com/images/blog/201804/18/1d103fb7da2c969a25bd58e2fd7763d4.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    
    停掉nginx01上的keepalived 相当于nginx01宕机
    [root@nginx01 ~]# systemctl stop keepalived
    [root@nginx01 ~]# ip ad | grep  192.168
        inet 192.168.2.185/24 brd 192.168.2.255 scope global ens33
    [root@nginx01 ~]#
    
    [root@nginx02 ~]# ip ad | grep  192.168
        inet 192.168.2.186/24 brd 192.168.2.255 scope global ens33
        inet 192.168.2.189/32 scope global ens33
    
    此时nginx02上的keepalived从backup提升为master
    刷新访问virtual IP 192.168.2.189 ,keepalived 会以nginx 轮询方式接受访问web服务器。
    
    ![](https://s1.51cto.com/images/blog/201804/18/83fe30f8b9cdc5d7cf5d9ada4981844d.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    
    ![](https://s1.51cto.com/images/blog/201804/18/90e00cd64619a9c3aefe19cff9c17111.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

    测试通过。

    双活架构模式:
    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    配置
    主机 ip 操作系统 软件 vip

    nginx01 192.168.2.185   Centos7 nginx 端口82 
    keepalived  192.168.2.189
    nginx02 192.168.2.186   Centos7 nginx 端口82
    keepalived  192.168.2.190
    web01   192.168.2.187   Centos7 apache 端口80 /
    web02   192.168.2.188   Centos7 apache 端口80 /
    
    Nginx01配置:
    [root@nginx01 ~]# cp -p /etc/keepalived/keepalived.conf /etc/keepal    ived/keepalived.conf.bk.20140418_master_backup_mode
    
    [root@nginx01 ~]# cat /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id proxy1
       #vrrp_skip_check_adv_addr
       #vrrp_strict
       #vrrp_garp_interval 0
       #vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 1
      rise 10
    }
    
    vrrp_instance VI_1 {
        state MASTER
        interface ens33
        virtual_router_id 51
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }
    
    vrrp_instance VI_2 {
        state BACKUP
        interface ens33
        virtual_router_id 52
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.190
        }
        track_script {
            chk_nginx
        }
    }
    [root@nginx01 ~]# systemctl restart keepalived
    [root@nginx01 ~]# ip a | grep  192.168
        inet 192.168.2.185/24 brd 192.168.2.255 scope global ens33
        inet 192.168.2.189/32 scope global ens33
    
    Nginx02的配置
    [root@nginx02 ~]#  cp -p /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bk.20140418_master_backup_mode
    
    [root@nginx02 ~]# cat /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
         acassen@firewall.loc
         failover@firewall.loc
         sysadmin@firewall.loc
       }
       notification_email_from Alexandre.Cassen@firewall.loc
       #smtp_server 192.168.200.1
       #smtp_connect_timeout 30
       router_id proxy2
       #vrrp_skip_check_adv_addr
       #vrrp_strict
       #vrrp_garp_interval 0
       #vrrp_gna_interval 0
    }
    vrrp_script chk_nginx {
      script "/etc/keepalived/check_nginx.sh"
      interval 2
      weight 20
      fall 2
      rise 1
    }
    vrrp_instance VI_1 {
        state BACKUP
        interface ens33
        virtual_router_id 51
        priority 90
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.189
        }
        track_script {
            chk_nginx
        }
    }
    
    vrrp_instance VI_2 {
        state MASTER
        interface ens33
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.2.190
        }
        track_script {
            chk_nginx
        }
    }
    [root@nginx02 ~]# ip a | grep  192.168
        inet 192.168.2.186/24 brd 192.168.2.255 scope global ens33
        inet 192.168.2.190/32 scope global ens33

    页面访问测试

    VIP 1 192.168.2.189
    ![](https://s1.51cto.com/images/blog/201804/18/96fe794ef04c0967eaf59253ec704d77.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    

    可知其以轮询方式去访问

    VIP192.168.2.190
    ![](https://s1.51cto.com/images/blog/201804/18/bc389d5fef3a689a8f591ea54a6df723.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)
    

    高可用测试

    Stop nginx上的 keepalived 模拟宕机
    [root@nginx01 ~]# systemctl stop keepalived
    [root@nginx01 ~]# ip a | grep  192.168
        inet 192.168.2.185/24 brd 192.168.2.255 scope global ens33
    [root@nginx01 ~]#
    
    [root@nginx02 ~]# ip a | grep  192.168
        inet 192.168.2.186/24 brd 192.168.2.255 scope global ens33
        inet 192.168.2.190/32 scope global ens33
        inet 192.168.2.189/32 scope global ens33
    [root@nginx02 ~]#

    页面访问:

    VIP 1 192.168.2.189
    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    VIP 1 192.168.2.190
    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    keepalived + nginx轮询方式 做高可用和负载均衡 访问后端apache web 服务

    发现vip1和vip2访问web服务正常

    现vip1漂移至vip2,nginx02接管nginx01的vip1,此时nginx02单独对外提供服务。

      总结:
      1.主备模式对外只提供一个vip,访问便捷,但同时只有一台服务器对外提供服务;
    
      2.双活模式对外提供两个vip,访问比较麻烦,但同时又两台服务器对外提供服务;
    
      3.不管主备模式还是双活模式都能高可用运行。
分享:

文章评论

    • wxpython 学习笔记 第一天
    • python文本数据处理学习笔记详解