keepalived+nginx二进制安装
keepalived二进制安装 1、下载keepalived安装包: keepalived下载地址:https://www.keepalived.org/download.html wget http://www.keepalived.org/software/keepalived-2.0.18.tar.gz 2、环境: 主:192.168.1.5 vm5 备:192.168.1.6 vm6 准备前工作先安装依赖: yum install -y openssl openssl-devel libnl libnl-devel libnl3-devel 3、解压keepalived安装包: tar -zxvf keepalived-2.0.18.tar.gz 4、安装keepalived: mkdir /usr/local/keepalived cd keepalived-2.0.18 ./configure --prefix=/usr/local/keepalived #指定位置下安装目录 make make install 检查keepalived版本号 /usr/local/keepalived/sbin/keepalived -v 复制keepalived配置文件到 /etc/keepalived/ 目录下: mkdir /etc/keepalived cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/ (启动 keepalived 时,默认会去 /etc/keepalived 目录下找 keepalived.conf 文件) keepalived日志文件路径:/var/log/messages 4 修改配置: 主节点修改配置文件/etc/keepalived/keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } # 虚拟IP virtual_ipaddress { 192.168.1.100/24 } track_script { check_nginx } } nginx检查脚本: cat /etc/keepalived/check_nginx.sh #!/bin/bash count=$(ps -ef |grep nginx |egrep -cv "grep|$$") if [ "$count" -eq 0 ];then exit 1 else exit 0 fi 备节点修改配置文件/etc/keepalived/keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_BACKUP } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.1.100/24 } track_script { check_nginx } } 配置keepalived开机自启: systemctl daemon-reload systemctl start keepalived systemctl enable keepalived 二 nginx二进制安装 nginx二进制包下载地址:https://nginx.org/en/download.html useradd nginx wget http://nginx.org/download/nginx-1.20.1.tar.gz tar -zxf nginx-1.20.1.tar.gz cd nginx-1.20.1 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --user=nginx --group=nginx (主节点和备节点一样)修改nginx配置:/usr/local/nginx/conf/nginx.conf cat /usr/local/nginx/conf/nginx.conf user nginx; worker_processes auto; error_log /usr/local/nginx/logs/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } stream { log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; access_log /usr/local/nginx/logs/k8s-access.log main; upstream k8s-apiserver { server 192.168.1.5:6443; server 192.168.1.6:6443; server 192.168.1.7:6443; } server { listen 6443; proxy_pass k8s-apiserver; } } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /usr/local/nginx/logs/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /usr/local/nginx/conf/mime.types; default_type application/octet-stream; server { listen 80 default_server; server_name _; location / { } } } 设置nginx自启动:/usr/lib/systemd/system/nginx.service cat /usr/lib/systemd/system/nginx.service [Unit] Description=nginx service After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target 配置开机启动: systemctl daemon-reload systemctl start nginx systemctl enable nginx 验证: 在主节点上停止nginx,看vip是否漂移至备节点 [root@vm5 keepalived]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.【‘【0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:91:c0:26 brd ff:ff:ff:ff:ff:ff inet 192.168.1.5/24 brd 192.168.1.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::6735:3111:2325:e44e/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::3cda:3b19:334b:896a/64 scope link tentative noprefixroute dadfailed valid_lft forever preferred_lft forever inet6 fe80::8776:aa8b:537e:2dc6/64 scope link noprefixroute valid_lft forever preferred_lft foreve