nginx keepalived双网卡双网段热备配置
系统2年前 (2021-08-23)
环境介绍
【web1】
ens33:192.168.3.220 ens37:172.16.1.220
【web2】
ens33:192.168.3.230 ens37:172.16.1.230
【VIP】
vip1:192.168.3.240 vip2:172.16.1.240
修改计算机名
hostnamectl --static set-hostname web1 && su hostnamectl --static set-hostname web2 && su
关闭selinux和firewalld
setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld
更换源
mv /etc/yum.repos.d/* /tmp && curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo && curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo && yum makecache
安装nginx和keepalived
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm yum install nginx keepalived -y systemctl restart nginx && systemctl enable nginx
生成测试页面
echo 'web1-192.168.3.220' > /usr/share/nginx/html/index.html echo 'web2-192.168.3.230' > /usr/share/nginx/html/index.html
添加nginx检测脚本
检测nginx进程是否存在,若不存在则重启,若重启失败则直接杀掉keepalived进程触发切换
vim /etc/keepalived/nginx_check.sh 添加 #!/bin/bash A=`ps -C nginx --no-header |wc -l` if [ $A -eq 0 ];then /usr/local/nginx/sbin/nginx if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then pkill keep fi fi 执行chmod u+x /etc/keepalived/nginx_check.sh
web1修改keepalived配置
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vim /etc/keepalived/keepalived.conf
添加
global_defs {
router_id nginx1
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight 20
fall 1
rise 10
}
vrrp_instance VI_NGINX_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
192.168.3.240
}
track_script {
chk_nginx
}
}
vrrp_instance VI_NGINX_2 {
state BACKUP
interface ens37
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
172.16.1.240
}
track_script {
chk_nginx
}
}
#执行systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
web2修改keepalived配置
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vim /etc/keepalived/keepalived.conf
添加
global_defs {
router_id nginx2
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_check.sh"
interval 2
weight 20
fall 2
rise 1
}
vrrp_instance VI_NGINX_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
192.168.3.240
}
track_script {
chk_nginx
}
}
vrrp_instance VI_NGINX_2 {
state MASTER
interface ens37
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
172.16.1.240
}
track_script {
chk_nginx
}
}
#执行systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived
测试
搭建好后,正常状态应该为web1负责vip1,web2负责vip2
现在将web1关闭web1上的keepalived,触发切换
pkill keep ps -ef|grep keep
web1已经将keepailved进程杀死,检查ip已经看不到任何vip
测试访问vip1和vip2,发现web2已经全部接管vip
如果nginx为docker模式
[IP规划]nginx1为master nginx2为backup
业务网
nginx1:192.168.0.20 nginx2:192.168.0.21 nginx vip:192.168.0.30
局域网
nginx1:10.211.131.20 nginx2:10.211.131.21 nginx vip:10.211.131.30
[解决双网卡双网关问题]
vim /etc/rc.d/rc.local route add -net 10.211.131.0 netmask 255.255.255.0 dev ens224 route add -net 10.211.131.0 netmask 255.255.255.0 gw 10.211.131.254 chmod +x /etc/rc.d/rc.local
[换源]
mv /etc/yum.repos.d/* /tmp && curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo && curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo && yum makecache yum install open-vm-tools wget vim tree -y
[系统配置]
节点1 hostnamectl --static set-hostname nginx1 && su 节点2 hostnamectl --static set-hostname nginx1 && su systemctl start firewalld && systemctl status firewalld 节点1 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.21" protocol value="vrrp" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.211.131.21" protocol value="vrrp" accept" firewall-cmd --reload 节点2 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.20" protocol value="vrrp" accept" firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.211.131.20" protocol value="vrrp" accept" firewall-cmd --reload
[nginx配置]
docker pull nginx
docker run --name nginx-container -d nginx:latest
mkdir -p /home/docker/nginx/conf
docker cp nginx-container:/etc/nginx/nginx.conf /home/docker/nginx/conf
docker rm -f nginx-container
vim /root/docker_nginx.sh
添加
#!/bin/bash
docker run --name nginx --restart=always -p 80:80 \
-v /home/docker/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /home/docker/nginx/conf/conf.d:/etc/nginx/conf.d \
-v /home/docker/nginx/html:/usr/share/nginx/html \
-v /home/docker/nginx/logs:/var/log/nginx \
-d nginx:latest
执行chmod +x docker_nginx.sh
systemctl restart docker && sh /root/docker_nginx.sh
#如果挂载错误,删除容器后重新执行运行
#docker container rm nginx
#docker container ls -all
节点1
echo 'web1-192.168.0.20' > /home/docker/nginx/html/index.html
节点2
echo 'web2-192.168.0.21' > /home/docker/nginx/html/index.html
vim /home/docker/nginx/conf/nginx.conf
添加
server {
listen 80;
server_name localhosttest.com;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
#root html;
}
}
执行docker restart nginx
#docker exec -it nginx bash[安装keepalived]
yum install keepalived -y
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
vim /etc/keepalived/nginx_pid.sh
添加
#!/bin/bash
A=`docker inspect --format '{{.State.Running}}' nginx`
if [ "${A}" != "true" ]; then
docker restart nginx
sleep 3
if [ `docker inspect --format '{{.State.Running}}' nginx` != "true" ]; then
systemctl stop keepalived
fi
fi
执行chmod +x /etc/keepalived/nginx_pid.sh
节点1
vim /etc/keepalived/keepalived.conf
改为
global_defs {
router_id nginx1
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_pid.sh"
interval 2
weight 20
}
vrrp_instance VI_NGINX_1 {
state MASTER
interface ens192
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
192.168.0.30
}
track_script {
chk_nginx
}
}
vrrp_instance VI_NGINX_2 {
state MASTER
interface ens224
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
10.221.131.30
}
track_script {
chk_nginx
}
}
节点2
global_defs {
router_id nginx2
}
vrrp_script chk_nginx {
script "/etc/keepalived/nginx_pid.sh"
interval 2
weight 20
}
vrrp_instance VI_NGINX_1 {
state BACKUP
interface ens192
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
192.168.0.30
}
track_script {
chk_nginx
}
}
vrrp_instance VI_NGINX_2 {
state BACKUP
interface ens224
virtual_router_id 52
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass ikingtech
}
virtual_ipaddress {
10.221.131.30
}
track_script {
chk_nginx
}
}
执行systemctl enable keepalived && systemctl start keepalived && systemctl status keepalived[测试]
docker stop nginx
本站所有文章均可随意转载,转载时请保留原文链接及作者。
,想必也是非常愉悦的事!
