草庐IT

Nginx反向代理-Keepalived做高可用

Jack丶韦 2023-03-28 原文

Keepalived-HA-主节点配置管理

1.软件安装

[root@ha1 nginx]# yum install -y keepalived
[root@ha1 nginx]# cd /etc/keepalived/
[root@ha1 keepalived]# mv keepalived.conf keepalived.conf.bak

2.主备配置-集群功能

[root@ha1 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #邮箱地址
smtp_connect_timeout 30
router_id keepalived_master # 真实路由器ID - 主备节点参数需要不同
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state MASTER #节点状态
interface ens33 #节点keepalived接⼝IP地址
virtual_router_id 131 #虚拟路由器ID - - 主备节点参数需要相同
#尽可能⾃定义 1-255 |防⽌冲突
priority 150 #选举优先级 - Master节点优先级⾼
advert_int 1 # ⼼跳通告时间间隔 advertisement-internal - 1S |检测倍数3倍
authentication {
auth_type PASS #开始认证
auth_pass Admin@123 #
}
virtual_ipaddress {
192.168.40.113
}
}

3.启动与自启动
[root@ha1 keepalived]# systemctl start keepalived.service && systemctl enable keepalived.service
[root@ha1 keepalived]# systemctl status keepalived.service
4.查看网址信息

[root@ha1 keepalived]# ip add
2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:15:8f:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.40.111/24 brd 192.168.40.255 scope global ens33 #本机⽹卡真实地址
valid_lft forever preferred_lft forever
inet 192.168.40.113/32 scope global ens33 # 集群虚拟IP地址 (主)

Keepalived-HA-备节点配置管理

1.软件安装

[root@ha2 nginx]# yum install -y keepalived
[root@ha2 nginx]# cd /etc/keepalived/
[root@ha2 keepalived]# mv keepalived.conf keepalived.conf.bak

2.文件配置

[root@ha2 keepalived]# vim keepalived.conf
! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #邮箱地址
smtp_connect_timeout 30
router_id keepalived_backup # 真实路由器ID - 主备节点参数需要不同
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_instance VI_1 {
state BACKUP #节点状态
interface ens33 #节点keepalived接⼝IP地址
virtual_router_id 131 #虚拟路由器ID - 主备节点参数需要相同
#尽可能⾃定义 1-255 |防⽌冲突
priority 90 #选举优先级 - Master节点优先级⾼
advert_int 1 # ⼼跳通告时间间隔 advertisement-internal - 1S |检测倍数3倍
authentication {
auth_type PASS #开始认证
auth_pass Admin@123 #
}
virtual_ipaddress {
192.168.40.113
}
}

3、启动与自启动

[root@ha2 keepalived]# systemctl start keepalived.service && systemctl enable keepalived.service
[root@ha2 keepalived]# systemctl status keepalived.service

4、查看网址信息
[root@ha2 keepalived]# ip add 2: ens33: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:30:ed:19 brd ff:ff:ff:ff:ff:ff inet 192.168.40.112/24 brd 192.168.40.255 scope global ens33


Keepalived-HA-主备倒换测试概述

主备倒换测试

1.模拟主节点故障 - 观察,⽤户访问流量是否能正常切换到备份节点。 ----- Keepalived服务停⽌

2.恢复主节点 - 观察,⽤户访问流量是否能正常回切到主节点。 ----- Keepalived服务正常打开


Keepalived-HA-主备倒换测试操作

[root@ha1 keepalived]# systemctl stop keepalived.service
root@ha2 keepalived]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-12-23 10:27:48 CST; 4h 20min ago
Main PID: 14663 (keepalived)
CGroup: /system.slice/keepalived.service
├─14663 /usr/sbin/keepalived -D
├─14664 /usr/sbin/keepalived -D
└─14665 /usr/sbin/keepalived -D

Dec 23 14:48:17 ha2 Keepalived_vrrp[14665]: VRRP_Instance(VI_1) Transition to MASTER STATE
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: VRRP_Instance(VI_1) Entering MASTER STATE #就是这个位置
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: VRRP_Instance(VI_1) setting protocol iptable drop rule
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: VRRP_Instance(VI_1) setting protocol VIPs.
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: Sending gratuitous ARP on ens33 for 192.168.40.113
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.40.113
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: Sending gratuitous ARP on ens33 for 192.168.40.113
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: Sending gratuitous ARP on ens33 for 192.168.40.113
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: Sending gratuitous ARP on ens33 for 192.168.40.113
Dec 23 14:48:18 ha2 Keepalived_vrrp[14665]: Sending gratuitous ARP on ens33 for 192.168.40.113

Keepalived-HA-Nginx-健康检测

[root@ha1 keepalived]# systemctl stop nginx
[root@ha1 keepalived]#
[root@ha1 keepalived]# ip add show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
link/ether 00:50:56:94:4a:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.111/24 brd 192.168.8.255 scope global ens192
valid_lft forever preferred_lft forever
inet 192.168.8.113/32 scope global ens192 #集群IP地址
valid_lft forever preferred_lft forever
# 当Nginx⽆法提供服务时,当前节点⾃动关闭keepalived

# 主节点Nginx⽆法提供服务时 ,keepalived⾃动关闭 - 不再发送⼼跳消息 - 备份节点如果nginx可

⽤切换keepalived主节点。


1、抓取个数

[root@ha1 keepalived]# netstat -ntlp | grep "nginx: master" | wc -l
1 #nginx端⼝监听成功
[root@ha2 keepalived]# netstat -ntlp | grep "nginx: master" | wc -l
0 #nginx端⼝监听失败
1.检测监听端⼝

2.监听没有开启 - 尝试拉活

3.如果⽆法拉活 - 关闭keepalived


2、自启脚本

cd /etc/keepalived
vim check_nginx_service_port.sh
#!/bin/bash
if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
then
systemctl restart nginx
sleep 2
if [ "$(netstat -ntlp | grep "nginx: master" | wc -l)" == "0" ]
then
systemctl stop keepalive
fi
fi
[root@ha1 keepalived]# chmod +x check_nginx_service_port.sh

! Configuration File for keepalived

global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #邮箱地址
smtp_connect_timeout 30
router_id keepalived_master # 真实路由器ID - 主备节点参数需要不同
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}

vrrp_script keepalived_check_nginx_service_port {
script "/etc/keepalived/check_nginx_service_port.sh"
interval 2 # 执⾏脚本时间间隔
}

vrrp_instance VI_1 {
state MASTER #节点状态
interface ens192 #节点keepalived接⼝IP地址
virtual_router_id 131 #虚拟路由器ID - - 主备节点参数需要相同
#尽可能⾃定义 1-255 |防⽌冲突
priority 150 #选举优先级 - Master节点优先级⾼
advert_int 1 # ⼼跳通告时间间隔 advertisement-internal - 1S |检测倍数3倍
authentication {
auth_type PASS #开始认证
auth_pass Admin@123 #
}

virtual_ipaddress {
192.168.8.113
}

track_script {
keepalived_check_nginx_service_port
}

}

#测试流程

systemctl stop nginx && systemctl stop keepalived
systemctl start nginx && systemctl start keepalived
systemctl is-active nginx && systemctl is-active keepalived
active
active


[root@ha1 keepalived]# systemctl is-active nginx
active
[root@ha1 keepalived]# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
2238/nginx: master
[root@ha1 keepalived]# systemctl is-active keepalived.service
active


systemctl stop nginx
[root@ha1 keepalived]# systemctl is-active nginx
inactive
[root@ha1 keepalived]# systemctl status keepalived.service | tail -n 5
Aug 01 05:42:21 ha1 Keepalived_vrrp[2472]:
/etc/keepalived/check_nginx_service_port.sh exited with status 127
Aug 01 05:42:23 ha1 Keepalived_vrrp[2472]:
/etc/keepalived/check_nginx_service_port.sh exited with status 127
Aug 01 05:42:25 ha1 Keepalived_vrrp[2472]:
/etc/keepalived/check_nginx_service_port.sh exited with status 127
Aug 01 05:42:27 ha1 Keepalived_vrrp[2472]:
/etc/keepalived/check_nginx_service_port.sh exited with status 127
Aug 01 05:42:29 ha1 Keepalived_vrrp[2472]:
/etc/keepalived/check_nginx_service_port.sh exited with status 127
Aug 01 05:42:31 ha1 Keepalived_vrrp[2472]:
原因是selinux没关闭。

[root@ha1 ~]# sestatus -v | grep -i mode
Current mode: enforcing
Mode from config file: permissive

[root@ha1 ~]# setenforce 0
[root@ha1 ~]# sestatus -v | grep -i mode
Current mode: permissive
Mode from config file: permissive

#继续再次测试
[root@ha1 ~]# systemctl stop nginx
[root@ha1 ~]# systemctl is-active nginx
active
[root@ha1 ~]# systemctl status keepalived.service | tail -n 10
Aug 01 05:49:17 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: VRRP_Instance(VI_1) Sending/queueing
gratuitous ARPs on ens192 for 192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:22 ha1 Keepalived_vrrp[9783]: Sending gratuitous ARP on ens192 for
192.168.8.113
Aug 01 05:49:48 ha1 Keepalived_vrrp[9783]:
VRRP_Script(keepalived_check_nginx_service_port) timed out
Aug 01 05:49:48 ha1 Keepalived_vrrp[9783]:
/etc/keepalived/check_nginx_service_port.sh exited due to signal 15
Aug 01 05:49:48 ha1 Keepalived_vrrp[9783]:
VRRP_Script(keepalived_check_nginx_service_port) succeeded

Keepalived-HA-Nginx-健康检测-备份节点


! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 #邮箱地址
smtp_connect_timeout 30
router_id keepalived_backup # 真实路由器ID - 主备节点参数需要不同
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script keepalived_check_nginx_service_port {
script "/etc/keepalived/check_nginx_service_port.sh"
interval 2 # 执⾏脚本时间间隔
}
vrrp_instance VI_1 {
state BACKUP #节点状态
interface ens192 #节点keepalived接⼝IP地址
virtual_router_id 131 #虚拟路由器ID - - 主备节点参数需要相同
#尽可能⾃定义 1-255 |防⽌冲突
priority 90 #选举优先级 - Master节点优先级⾼
advert_int 1 # ⼼跳通告时间间隔 advertisement-internal - 1S |检测倍数3倍
authentication {
auth_type PASS #开始认证
auth_pass Admin@123 #
}
virtual_ipaddress {
192.168.8.113
}
track_script {
keepalived_check_nginx_service_port
}
}

反向KeepalivedsectionkeepalivedbrnginxIP优先级Nginx服务器yyds干货盘点

有关Nginx反向代理-Keepalived做高可用的更多相关文章

  1. ruby-on-rails - 如何优雅地重启 thin + nginx? - 2

    我的瘦服务器配置了nginx,我的ROR应用程序正在它们上运行。在我发布代码更新时运行thinrestart会给我的应用程序带来一些停机时间。我试图弄清楚如何优雅地重启正在运行的Thin实例,但找不到好的解决方案。有没有人能做到这一点? 最佳答案 #Restartjustthethinserverdescribedbythatconfigsudothin-C/etc/thin/mysite.ymlrestartNginx将继续运行并代理请求。如果您将Nginx设置为使用多个上游服务器,例如server{listen80;server

  2. ruby-on-rails - 如何使辅助方法在 Rails 集成测试中可用? - 2

    我在app/helpers/sessions_helper.rb中有一个帮助程序文件,其中包含一个方法my_preference,它返回当前登录用户的首选项。我想在集成测试中访问该方法。例如,这样我就可以在测试中使用getuser_path(my_preference)。在其他帖子中,我读到这可以通过在测试文件中包含requiresessions_helper来实现,但我仍然收到错误NameError:undefinedlocalvariableormethod'my_preference'.我做错了什么?require'test_helper'require'sessions_hel

  3. ruby - HTTP 请求中的用户代理,Ruby - 2

    我是Ruby的新手。我试过查看在线文档,但没有找到任何有效的方法。我想在以下HTTP请求botget_response()和get()中包含一个用户代理。有人可以指出我正确的方向吗?#PreliminarycheckthatProggitisupcheck=Net::HTTP.get_response(URI.parse(proggit_url))ifcheck.code!="200"puts"ErrorcontactingProggit"returnend#Attempttogetthejsonresponse=Net::HTTP.get(URI.parse(proggit_url)

  4. ruby-on-rails - capybara poltergeist - 覆盖用户代理 - 2

    有人知道如何将capybarapoltergeist的用户代理覆盖到移动用户代理以进行测试吗?我发现了一些有关为seleniumwebdriver配置它的信息:http://blog.plataformatec.com.br/2011/03/configuring-user-agents-with-capybara-selenium-webdriver/这在capybara闹鬼中怎么可能? 最佳答案 请参阅poltergeistgithub页面上的链接:https://github.com/teampoltergeist/polte

  5. ruby - 如何配置 Ruby Mechanize 代理以通过 Charles Web 代理工作? - 2

    我正在使用Ruby/Mechanize编写一个“自动填写表格”应用程序。它几乎可以工作。我可以使用精彩CharlesWeb代理以查看服务器和我的Firefox浏览器之间的交换。现在我想使用Charles查看服务器和我的应用程序之间的交换。Charles在端口8888上代理。假设服务器位于https://my.host.com。.一件不起作用的事情是:@agent||=Mechanize.newdo|agent|agent.set_proxy("my.host.com",8888)end这会导致Net::HTTP::Persistent::Error:...lib/net/http/pe

  6. ruby-on-rails - 如何用不同的用户运行nginx主进程 - 2

    A/ctohttp://wiki.nginx.org/CoreModule#usermaster进程曾经以root用户运行,是否可以以不同的用户运行nginxmaster进程? 最佳答案 只需以非root身份运行init脚本(即/etc/init.d/nginxstart),就可以用不同的用户运行nginxmaster进程。如果这真的是你想要做的,你将需要确保日志和pid目录(通常是/var/log/nginx&/var/run/nginx.pid)对该用户是可写的,并且您所有的listen调用都是针对大于1024的端口(因为绑定(

  7. ruby-on-rails - self 在 Rails 模型中的值(value)是什么?为什么没有明显的实例方法可用? - 2

    我的rails3.1.6应用程序中有一个自定义访问器方法,它为一个属性分配一个值,即使该值不存在。my_attr属性是一个序列化的哈希,除非为空白,否则应与给定值合并指定了值,在这种情况下,它将当前值设置为空值。(添加了检查以确保值是它们应该的值,但为简洁起见被删除,因为它们不是我的问题的一部分。)我的setter定义为:defmy_attr=(new_val)cur_val=read_attribute(:my_attr)#storecurrentvalue#makesureweareworkingwithahash,andresetvalueifablankvalueisgiven

  8. ruby - 如何捕获所有 HTTP 流量(本地代理) - 2

    我希望访问我机器上的所有HTTP流量(我的Windows机器-不是服务器)。据我了解,拥有一个本地代理是所有流量路线的必经之路。我一直在谷歌搜索但未能找到任何资源(关于Ruby)来帮助我。非常感谢任何提示或链接。 最佳答案 WEBrick中有一个HTTP代理(Rubystdlib的一部分)和here's一个实现示例。如果你喜欢生活在边缘,还有em-proxy伊利亚·格里戈里克。这postIlya暗示它似乎确实需要一些调整来解决您的问题。 关于ruby-如何捕获所有HTTP流量(本地代理)

  9. ruby-on-rails - 如何在 Ruby Net::FTP 中使用代理服务器? - 2

    我正在使用Net::FTPruby​​库连接到FTP服务器并下载文件。一切正常,但现在我需要使用出站代理,因为他们的防火墙将IP地址列入白名单,并且我正在使用Heroku来托管该站点。我正在试用新的Proximo附加组件,它看起来很有前途,但我无法让Net::FTP使用它。我在Net::FTPdocs中看到以下内容:connect(host,port=FTP_PORT)EstablishesanFTPconnectiontohost,optionallyoverridingthedefaultport.IftheenvironmentvariableSOCKS_SERVERisset,

  10. ruby - 输出液体模板中的可用对象和属性 - 2

    有没有办法在liquidtemplate中输出(用于调试/信息目的)可用对象和对象属性??也就是说,假设我正在使用jekyll站点生成工具,并且我在我的index.html模板中(据我所知,这是一个液体模板)。它可能看起来像这样{%forpostinsite.posts%}{{post.date|date_to_string}}»{{post.title}}{%endfor%}是否有任何我可以使用的模板标签会告诉我/输出名为post的变量在此模板(以及其他模板)中可用。此外,是否有任何模板标签可以告诉我post对象具有键date、title、url、摘录、永久链接等

随机推荐