keepalived+nginx二进制安装

keepalived二进制安装
1、下载keepalived安装包：
keepalived下载地址：https://www.keepalived.org/download.html
wget http://www.keepalived.org/software/keepalived-2.0.18.tar.gz

2、环境：
主：192.168.1.5 vm5
备：192.168.1.6 vm6
准备前工作先安装依赖：
yum install -y openssl openssl-devel libnl libnl-devel libnl3-devel

3、解压keepalived安装包：
tar -zxvf keepalived-2.0.18.tar.gz
4、安装keepalived：
mkdir /usr/local/keepalived
cd keepalived-2.0.18
./configure --prefix=/usr/local/keepalived  #指定位置下安装目录
make
make install
检查keepalived版本号
/usr/local/keepalived/sbin/keepalived -v

复制keepalived配置文件到 /etc/keepalived/ 目录下：
mkdir /etc/keepalived
cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
（启动 keepalived 时，默认会去 /etc/keepalived 目录下找 keepalived.conf 文件）
keepalived日志文件路径：/var/log/messages

4 修改配置：
主节点修改配置文件/etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_MASTER
}
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    # 虚拟IP
    virtual_ipaddress {
        192.168.1.100/24
    }
    track_script {
        check_nginx
    }
}


nginx检查脚本：
cat /etc/keepalived/check_nginx.sh
#!/bin/bash
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")

if [ "$count" -eq 0 ];then
    exit 1
else
    exit 0
fi



备节点修改配置文件/etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id NGINX_BACKUP
}
vrrp_script check_nginx {
    script "/etc/keepalived/check_nginx.sh"
}
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.100/24
    }
    track_script {
        check_nginx
    }
}

配置keepalived开机自启：
systemctl daemon-reload
systemctl start keepalived
systemctl enable keepalived


二 nginx二进制安装

nginx二进制包下载地址：https://nginx.org/en/download.html
useradd nginx
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxf nginx-1.20.1.tar.gz
cd nginx-1.20.1
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-stream --user=nginx --group=nginx 

(主节点和备节点一样)修改nginx配置:/usr/local/nginx/conf/nginx.conf
cat /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
error_log /usr/local/nginx/logs/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}


stream {

    log_format  main  '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';

    access_log  /usr/local/nginx/logs/k8s-access.log  main;

    upstream k8s-apiserver {
       server 192.168.1.5:6443;
       server 192.168.1.6:6443;
       server 192.168.1.7:6443;
    }
    
    server {
       listen 6443;
       proxy_pass k8s-apiserver;
    }
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /usr/local/nginx/logs/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /usr/local/nginx/conf/mime.types;
    default_type        application/octet-stream;

    server {
        listen       80 default_server;
        server_name  _;

        location / {
        }
    }
}

设置nginx自启动:/usr/lib/systemd/system/nginx.service
cat /usr/lib/systemd/system/nginx.service 
[Unit]
Description=nginx service
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target


配置开机启动：
systemctl daemon-reload
systemctl start nginx
systemctl enable nginx

验证：
在主节点上停止nginx，看vip是否漂移至备节点

[root@vm5 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.【‘【0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:91:c0:26 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.5/24 brd 192.168.1.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6735:3111:2325:e44e/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::3cda:3b19:334b:896a/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::8776:aa8b:537e:2dc6/64 scope link noprefixroute 
       valid_lft forever preferred_lft foreve