配置前提:两台主机,主机名为NG1NG2,分别装有Nginxkeepalived,使用的均为RedHat 632位系统,其IP分部如下:

NG1IP=172.16.15.100

NG2IP=172.16.15.101

飘逸IP

IP=172.16.15.200

IP=172.16.15.201

Nginx的安装,需要手动编译;在NG1NG2主机分别编译安装nginx过程如下:

在编译时确保编译环境是否安好,且pcre-developenssl-devel是否安装?

安装编译环境:

# yum groupinstall 'Development Tools' 'Server Platform Libraries'# yum install pcre-devel openssl-devel

解压nginx包,并安装:

# groupadd -r nginx# useradd -r -g nginx -s /sbin/false -M nginx# tar -xf nginx-1.4.1.tar.gz# ./configure \--prefix=/usr \#默认安装路径--sbin-path=/usr/sbin/nginx \#可执行文件路径--conf-path=/etc/nginx/nginx.conf \#主配置文件路径--error-log-path=/var/log/nginx/error.log \#错误日志路径--http-log-path=/var/log/nginx/access.log \#访问日志路径--pid-path=/var/run/nginx/nginx.pid  \#pid文件路径--lock-path=/var/lock/nginx.lock \#锁文件路径--user=nginx \--group=nginx \--with-http_ssl_module \#安装ssl模块--with-http_flv_module \#安装flv模块--with-http_stub_status_module \#安装状态模块--with-http_gzip_static_module \#安装压缩模块--http-client-body-temp-path=/var/tmp/nginx/client/ \ #请求报文的主体缓冲路径--http-proxy-temp-path=/var/tmp/nginx/proxy/ \ #安装代理路径--http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ \--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \--http-scgi-temp-path=/var/tmp/nginx/scgi \--with-pcre#安装pcre# make && make install

创建Nginx的服务脚本

# vim /etc/rc.d/init.d/nginx#!/bin/sh## nginx - this script starts and stops the nginx daemon## chkconfig:   - 85 15# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \#               proxy and IMAP/POP3 proxy server# processname: nginx# config:      /etc/nginx/nginx.conf# config:      /etc/sysconfig/nginx# pidfile:     /var/run/nginx.pid# Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/network# Check that networking is up.[ "$NETWORKING" = "no" ] && exit 0nginx="/usr/sbin/nginx"prog=$(basename $nginx)NGINX_CONF_FILE="/etc/nginx/nginx.conf"[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginxlockfile=/var/lock/subsys/nginxmake_dirs() {# make required directoriesuser=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`options=`$nginx -V 2>&1 | grep 'configure arguments:'`for opt in $options; doif [ `echo $opt | grep '.*-temp-path'` ]; thenvalue=`echo $opt | cut -d "=" -f 2`if [ ! -d "$value" ]; then# echo "creating" $valuemkdir -p $value && chown -R $user $valuefifidone}start() {[ -x $nginx ] || exit 5[ -f $NGINX_CONF_FILE ] || exit 6make_dirsecho -n $"Starting $prog: "daemon $nginx -c $NGINX_CONF_FILEretval=$?echo[ $retval -eq 0 ] && touch $lockfilereturn $retval}stop() {echo -n $"Stopping $prog: "killproc $prog -QUITretval=$?echo[ $retval -eq 0 ] && rm -f $lockfilereturn $retval}restart() {configtest || return $?stopsleep 1start}reload() {configtest || return $?echo -n $"Reloading $prog: "killproc $nginx -HUPRETVAL=$?echo}force_reload() {restart}configtest() {$nginx -t -c $NGINX_CONF_FILE}rh_status() {status $prog}rh_status_q() {rh_status >/dev/null 2>&1}case "$1" instart)rh_status_q && exit 0$1;;stop)rh_status_q || exit 0$1;;restart|configtest)$1;;reload)rh_status_q || exit 7$1;;force-reload)force_reload;;status)rh_status;;condrestart|try-restart)rh_status_q || exit 0;;*)echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"exit 2:# chmod +x /etc/rc.d/init.d/nginx# chkconfig --add nginx# chkconfig nginx on# service nginx start

在浏览器上访问其地址,可以看到如下图,说明安装成功!

220038134.png

为了能更好的显示keepalived双主模型,将两台主机提供不同的页面!

NG1

# mkdir -pv /web/html# echo “
NG1.jun.com
” >> /web/html/index.html# vim /etc/nginx/nginx.confServer {listen 80;server_name localhost;location / {root /web/html;index index.html index.htm}# service nginx reload

访问结果如图:

220052714.png

NG2

# mkdir -pv /web/html# echo “
NG2.jun.com
” >> /web/html/index.html# vim /etc/nginx/nginx.confServer {listen 80;server_name localhost;location / {root /web/html;index index.html index.htm}# nginx -t    测试配置是否有误# service nginx reload

访问测试结果如下图:

220109385.png

一切就绪,开始手动编译安装keepalived-1.2.7,在编译前请确保openssl-develpopt-devel是否安装了,不然在编译时会出错!

NG1:

# yum install ipvsadm# tar -xf keepalived-1.2.7.tar.gz# cd keepalived-1.2.7# ./configure --prefix=/usr# make && make install

Keepalived-1.2.7在安装完成后,其配置文件放在了/usr/etc/keepalived/keepalived.conf,而服务器脚本则放在了/usr/etc/rc.d/init.d/keepalived;为了方便管理应将其配置文件,服务脚本均放在/etc下!

# mkdir /etc/keepalived# cp /usr/etc/keepalived/keepalived.conf /etc/keepalived/# cp /usr/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/

修改keepalived的服务脚本:

# vim /etc/rc.d/init.d/keepalived

只需修改如下内容:. /usr/etc/sysconfig/keepalived

配置keepalived.conf实现nginx的高可用:

# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {root@jun.com}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 172.16.15.100smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_instance VI_1 {stateMASTERinterface eth0virtual_router_id 15priority 101advert_int 1authentication {auth_type PASSauth_pass 1111}track_interface {eth0}virtual_ipaddress {172.16.15.200/16 dev eth0 label eth0:0}}virtual_server 172.16.15.200 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.0.0persistence_timeout 50protocol TCPreal_server 172.16.15.100 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}real_server 172.16.15.101 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}}vrrp_instance VI_2 {state BACKUPinterface eth0virtual_router_id 13priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}track_interface {eth0}virtual_ipaddress {172.16.15.201/16 dev eth0 label eth0:1}}virtual_server 172.16.15.201 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.0.0persistence_timeout 50protocol TCPreal_server 172.16.15.100 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}real_server 172.16.15.101 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}}# ipvsadm -L -n

220128490.png

通过浏览器访问飘逸IP172.16.15.200,如下图:220146673.png

 

 

NG2的配置、安装和NG1一样!只不过keepalived.conf的配置和NG2有所不同

# vim /etc/keepalived/keepalived.conf! Configuration File for keepalivedglobal_defs {notification_email {root@jun.com}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 172.16.15.101smtp_connect_timeout 30router_id LVS_DEVEL}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 15priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}track_interface {eth0}virtual_ipaddress {172.16.15.200/16 dev eth0 label eth0:0}}virtual_server 172.16.15.200 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.0.0persistence_timeout 50protocol TCPreal_server 172.16.15.100 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}real_server 172.16.15.101 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}}vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 13priority 101advert_int 1authentication {auth_type PASSauth_pass 1111}track_interface {eth0}virtual_ipaddress {172.16.15.201/16 dev eth0 label eth0:1}}virtual_server 172.16.15.201 80 {delay_loop 6lb_algo rrlb_kind DRnat_mask 255.255.0.0persistence_timeout 50protocol TCPreal_server 172.16.15.100 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}real_server 172.16.15.101 80 {weight 1HTTP_GET {url {path /status_code 200}connect_timeout 2nb_get_retry 3delay_before_retry 1}}}

 

通过浏览器访问飘逸IP172.16.15.201,结果如下图:

220203205.png

模拟NG2主机损坏,看NG2中的飘逸IP的变化!

# service keepalived stop# ifconfig

可以看到eth0:1不在显示,此IP飘逸到了NG1主机上了,如下图!

220217696.png

Nginx的高可用实现成功!