環境:
[root@node1 ~]# uname -a
Linux node1.magedu.com2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64GNU/Linux
準備:
VIP(192.168.41.222)
node1(nginx|haproxy’s master,192.168.41.133,安裝nginx|haproxy和keepalived)
node2(nginx|haproxy’s backup,192.168.41.134,安裝nginx|haproxy和keepalived)
node3(後端RS1,192.168.41.135,安裝httpd)
node4(後端RS2,192.168.41.136,安裝httpd)
注:node{1,2}要高可用,配置雙機互信,時間同步
1、keepalived+nginx(nginx的安裝參考《第三階段(十五)了解LNMP》):
node{1,2}-side:
[root@node1 ~]# yum -y groupinstall “Desktop Platform” “Desktop Platform Development” "Server Platform Development" “Development tools” “Compatibility libraries”(将這幾個開發平台和相容庫安裝上,防止編譯時依賴某個庫檔案還要單獨安裝)
[root@node1 ~]# tar xf keepalived-1.2.19.tar.gz
[root@node1 ~]# cd keepalived-1.2.19
[root@node1 keepalived-1.2.19]# ./configure --help
[root@node1 keepalived-1.2.19]# ./configure --prefix=/usr/local/keepalived
[root@node1 keepalived-1.2.19]# make && make install
[root@node1 keepalived-1.2.19]# cd /usr/local/keepalived/
[root@node1 keepalived]# ls
bin etc sbin share
[root@node1 keepalived]# cp bin/genhash /bin
[root@node1 keepalived]# cp etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
[root@node1 keepalived]# cp etc/sysconfig/keepalived /etc/sysconfig/
[root@node1 keepalived]# mkdir /etc/keepalived
[root@node1 keepalived]# cp -r etc/keepalived/* /etc/keepalived/
[root@node1 keepalived]# cp sbin/keepalived /sbin/
[root@node1 keepalived]# cd
[root@node1 ~]# vim /etc/man.config(添加一行,這樣可以直接使用#man keepalived.conf,否則要指定路徑#man -M /usr/local/keepalived/share/man keepalived.conf)
MANPATH /usr/local/keepalived/share/man
[root@node1 ~]# . !$
注:編譯安裝時可使用#./configure --sysconfidr=/etc --bindir=/bin --sbindir=/sbin--mandir=/usr --prefix=/usr/local/keepalived這樣在安裝完成後省去以上複制的幾步
[root@node1 ~]# chkconfig --add keepalived
[root@node1 ~]# chkconfig keepalived on
[root@node1 ~]# chkconfig --list keepalived
keepalived 0:off 1:off 2:on 3:on 4:on 5:on 6:off
node1-side:
[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# cp keepalived.conf keepalived.conf.bak
[root@node1 keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
mcast_src_ip 192.168.41.133
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.41.222/32 dev eth0 label eth0:0
[root@node1 keepalived]# scp keepalived.conf node2:/etc/keepalived/
keepalived.conf 100% 485 0.5KB/s 00:00
node2-side:
[root@node2 keepalived]# vim keepalived.conf
state BACKUP
virtual_router_id51
mcast_src_ip 192.168.41.134
priority 99
注:mcast_src_ip <IPADDR>(綁定目前node位址,多點傳播方式。default IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for multicast or unicast vrrp packets. (since it’s multicast, vrrpd will get the reply packet no matter what src_addr is used).)
[root@node1 ~]# vim /etc/nginx/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream websrvs {
server 192.168.41.135 weight=1 max_fails=2 fail_timeout=2;
server 192.168.41.136 weight=1 max_fails=2 fail_timeout=2;
server 127.0.0.1:8080 backup;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://websrvs;
proxy_set_header X-Real-IP $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
listen 8080;
server_name localhost;
root /web/errorpages;
index index.html;
[root@node1 ~]# cat /web/errorpages/index.html
Sorry,the server is maintaining
node{3,4}-side:
[root@node3 ~]# service httpd status
httpd (pid 2332) 正在運作...
[root@node4 ~]# service httpd status
httpd (pid 12734) 正在運作...
node-side:
[root@node1 ~]# elinks -dump http://192.168.41.135
RS1.magedu.com
[root@node1 ~]# elinks -dump http://192.168.41.136
RS2.magedu.com
[root@node1 ~]# service nginx start
正在啟動 nginx: [确定]
[root@node1 ~]# service keepalived start
正在啟動 keepalived: [确定]
[root@node2 ~]# elinks -dump http://192.168.41.136
[root@node2 ~]# elinks -dump http://192.168.41.135
[root@node2 ~]# service nginx start
[root@node2 ~]# service keepalived start
測試:
<a href="http://s4.51cto.com/wyfs02/M01/79/65/wKiom1aPvlDAZGCBAABHG7d8c8k749.jpg" target="_blank"></a>
再次重新整理後
<a href="http://s1.51cto.com/wyfs02/M02/79/64/wKioL1aPvorDHuHnAABGXIls-fU698.jpg" target="_blank"></a>
[root@node1 ~]# ifconfig eth0:0(由此可知目前是node1是活動狀态)
eth0:0 Link encap:Ethernet HWaddr00:0C:29:E2:18:0E
inet addr:192.168.41.222 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[root@node2 ~]# ifconfig eth0:0
eth0:0 Link encap:Ethernet HWaddr00:0C:29:CC:D9:CD
[root@node3 ~]# service httpd stop
停止httpd: [确定]
[root@node4 ~]# service httpd stop
停止 httpd: [确定]
再次重新整理頁面
<a href="http://s1.51cto.com/wyfs02/M00/79/64/wKioL1aPvpjha9IaAABK35XDcME516.jpg" target="_blank"></a>
[root@node3 ~]# service httpd start
正在啟動 httpd: [确定]
[root@node4 ~]# service httpd start
[root@node1 ~]# service keepalived stop
停止 keepalived: [确定]
再次通路網頁正常
[root@node1 ~]# ifconfig eth0:0
[root@node2 ~]# ifconfig eth0:0(将node1上的keepalived停掉,切換至node2,可正常提供服務)
inet addr:192.168.41.222 Bcast:0.0.0.0 Mask:255.255.255.255
以上僅實作當node1或node2主機故障(或網絡故障,或keepalived服務故障)時,可自動切換,但在nginx服務故障時并不能檢測到,由此進一步配置
[root@node1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_script nginx_check {
script "[[ `ps -C nginx --no-header` -eq 0 ]] && exit 1 || exit 0"
interval 1
weight -5
fall 2
rise 1
state MASTER
virtual_router_id 51
mcast_src_ip 192.168.41.133
priority 100
track_script {
nginx_check
這樣能實作在node1(master)上的nginx服務down掉或者故障後會自動轉移到node2(backup)
2、keepalived+haproxy:
[root@node1 ~]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
mode http
bind 0.0.0.0:1080
stats enable
stats hide-version
stats uri /haproxyadmin?stats
stats realm Haproxy\ Statistics
stats auth admin:admin
stats admin if TRUE
frontend http-in
bind *:80
log global
option httpclose
option logasap
option dontlognull
capture request header Host len20
capture request header Refererlen 60
default_backend servers
backend servers
balance roundrobin
server websrv1 192.168.41.135:80 check maxconn 2000
server websrv2 192.168.41.136:80 check maxconn 2000
root@localhost
notification_email_from keepalived@localhost
vrrp_script haproxy_check {
script "/etc/keepalived/haproxy_check.sh"
interval 1
weight 5
priority 100
192.168.41.222/32 dev eth0 label eth0:0
track_script{
haproxy_check
}
[root@node2 ~]# vim /etc/keepalived/keepalived.conf
mcast_src_ip 192.168.41.134
priority 99
[root@node1 ~]# vim /etc/keepalived/haproxy_check.sh
#!/bin/bash
#
if [ `ps -C haproxy --no-header | wc -l` -eq 0 ] ; then
service haproxy start
fi
service keepalived stop
[root@node1 ~]# chmod +x !$
[root@node1 ~]# scp /etc/keepalived/haproxy_check.sh node2:/etc/keepalived/
[root@node1 ~]# service haproxy start
正在啟動 haproxy: [确定]
正在啟動 keepalived: [确定]
[root@node2 ~]# service haproxy start
<a href="http://s5.51cto.com/wyfs02/M02/79/65/wKiom1aPvofDD9h9AABGoo4jwCs520.jpg" target="_blank"></a>
<a href="http://s3.51cto.com/wyfs02/M00/79/64/wKioL1aPvsKgSgnCAABElXdoGOY642.jpg" target="_blank"></a>
<a href="http://s5.51cto.com/wyfs02/M00/79/65/wKiom1aPvqXTb1hWAACP4Rj-wko807.jpg" target="_blank"></a>
[root@node1 ~]# ifconfig eth0:0(目前活動節點在node1上)
inet addr:192.168.41.222 Bcast:0.0.0.0 Mask:255.255.255.255
[root@node1 ~]# service haproxy stop(停止haproxy服務後,依照haproxy_check.sh腳本會再次啟動它,如果仍無法啟動時将會把目前活動node的keepalived服務停掉,停掉後會自動切換出去)
停止 haproxy: [确定]
[root@node1 ~]# service haproxy status
haproxy (pid 43028) 正在運作...
[root@node1 ~]# service keepalived stop(模拟keepalived服務停止後,切換至node2)
[root@node2 keepalived]# cd
本文轉自 chaijowin 51CTO部落格,原文連結:http://blog.51cto.com/jowin/1733102,如需轉載請自行聯系原作者
![ACS基本配置-權限等級管理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)