• keepalived企业管理

    实践案例一:更改nginx反向代理只监听vip地址

    10.0.0.3/nana.html 可以使用

    10.0.0.5/nana.html  不可以使用

    10.0.0.6/nana.html  不可以使用

    第一个里程碑:修改反向代理服务配置文件,只监听vip地址

    ####lb01 lb02  nginx.conf 

    worker_processes  1;

    events {

        worker_connections  1024;

    }

    http {

        include       mime.types;

        default_type  application/octet-stream;

        sendfile        on;

        keepalive_timeout  65;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                          '$status $body_bytes_sent "$http_referer" '

                          '"$http_user_agent" "$http_x_forwarded_for"';

                                        

                                        

        upstream server_pools {

            server 10.0.0.7;

            server 10.0.0.8;

            server 10.0.0.9;

        }

        server {

            listen 10.0.0.3:80;

            server_name www.etiantian.org;

            location / {

                proxy_pass http://server_pools;

                         proxy_set_header Host $host;

                   proxy_set_header X-Forwarded-For $remote_addr;

            }

                  access_log  logs/access_www.log  main;

                 

           }    

               server {

            listen 10.0.0.3:80;

            server_name blog.etiantian.org;

            location / {

                proxy_pass http://server_pools;

                         proxy_set_header Host $host;

                   proxy_set_header X-Forwarded-For $remote_addr;

            }

                  access_log  logs/access_blog.log  main;

                 

           }

    }

    说明:在修改反向代理服务器配置文件监听地址时,多个server都需要配置监听地址,否则仍旧使用默认监听所有

    第二个里程碑:lb02上不存在vip地址,无法监听,需要修改内核文件

    [root@lb01 conf]# /application/nginx/sbin/nginx -t

    nginx: the configuration file /application/nginx-1.10.2/conf/nginx.conf syntax is ok

    nginx: [emerg] bind() to 10.0.0.3:80 failed (99: )

    nginx: configuration file /application/nginx-1.10.2/conf/nginx.conf test failed

    [root@lb01 conf]# ip a s eth0

    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

        link/ether 00:0c:29:27:4e:e9 brd ff:ff:ff:ff:ff:ff

        inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0

        inet6 fe80::20c:29ff:fe27:4ee9/64 scope link

           valid_lft forever preferred_lft forever

    [root@lb01 conf]# ###nginx 没有办法 监听 本地不存在的ip地址

    解决方法:

    echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf   ---实现监听本地不存在的ip地址

    ##/etc/sysctl.conf 加上

    sysctl -p

    第三个里程碑:进行测试

    1.1 企业实践案例二:让keepalived监控nginx反向代理服务

    ###vip什么时候 什么条件 才会飘走 ?

    1.当服务器宕机

    2.防火墙

    #### nginx挂了

    如何让keepalived监控nginx nginx挂了,keepalived跟着殉情

    ####第一个里程碑-keepalived监控nginx条件

     1.如何nginx挂了---我如何知道nginx挂了?

     1)端口

     2)进程

     ps -ef |grep nginx |grep -v grep |wc -l

     2.keepalived挂了

     /etc/init.d/keepalived stop

     ##>  -gt    greater than 

     ##>= -ge    greater equal

     ##<  -lt    less than

     ##<= -le    less equal

     ##== -eq    equal

     ##!= -ne    no equal

     ####第二个里程碑-根据条件-书写脚本

     #!/bin/bash

    if [ `ps -ef |grep nginx |grep -v grep |wc -l` -lt 2  ];

    then

         /etc/init.d/keepalived stop

     fi

    ####第三个里程碑-添加权限   chmod +x /server/scripts/check_web.sh

    注意  脚本名称不要和服务一样

    ####第四个里程碑-测试

    ####第五个里程碑-放入到keepalived.conf

    ####下面是lb02的配置文件  lb01上面自己修改下。

     global_defs {

       router_id LVS_02

    }

    vrrp_script check_web {

    script "/server/scripts/ check_web.sh "    --- 表示将一个脚本信息赋值给变量check_web

    interval 2                               --- 执行监控脚本的间隔时间

    weight 2                                 --- 利用权重值和优先级进行运算,从而降低主服务优先级

                                                 使之变为备服务器(建议先忽略)

    }

    vrrp_instance VI_1 {

        state BACKUP

        interface eth0

        virtual_router_id 51

        priority 100

        advert_int 1

        authentication {

            auth_type PASS

            auth_pass 1111

        }

        virtual_ipaddress {

         10.0.0.3/24 dev eth0 label eth0:1

        }

      track_script {

             check_web

      }

    }

    ####第六个里程碑-测试

    1.2 企业实践案例三:keepalived多实例配置 双主

    ####第一个里程碑-配置keepalived-配置双主

    ####lb01

    ! Configuration File for keepalived

    global_defs {

       router_id lb01

    }

    vrrp_script check_web {

      script "/server/scripts/check_web.sh"

      interval 2                             

      weight -10                               

    }

    vrrp_instance group_1 {

        state MASTER

        interface eth0

        virtual_router_id 45

        priority 150

        advert_int 2

        authentication {

            auth_type PASS

            auth_pass 6666

        }

        virtual_ipaddress {

            10.0.0.3

        }

    }

    vrrp_instance group_2 {

        state BACKUP

        interface eth0

        virtual_router_id 46

        priority 100

        advert_int 2

        authentication {

            auth_type PASS

            auth_pass 6666

        }

        virtual_ipaddress {

            10.0.0.4

        }

    }

    #lb02

    ! Configuration File for keepalived

    global_defs {

       router_id lb02

    }

    vrrp_instance group_1 {

        state BACKUP

        interface eth0

        virtual_router_id 45

        priority 100

        advert_int 2

        authentication {

            auth_type PASS

            auth_pass 6666

        }

        virtual_ipaddress {

            10.0.0.3

        }

    }

    vrrp_instance group_2 {

        state MASTER

        interface eth0

        virtual_router_id 46

        priority 150

        advert_int 2

        authentication {

            auth_type PASS

            auth_pass 6666

        }

        virtual_ipaddress {

            10.0.0.4

        }

    }

    #########第二个里程碑-配置nginx 负载均衡

    ####lb01 lb02  nginx.conf

    worker_processes  1;

    events {

        worker_connections  1024;

    }

    http {

        include       mime.types;

        default_type  application/octet-stream;

        sendfile        on;

        keepalive_timeout  65;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                          '$status $body_bytes_sent "$http_referer" '

                          '"$http_user_agent" "$http_x_forwarded_for"';                      

        upstream server_pools {

            server 10.0.0.7;

            server 10.0.0.8;

            server 10.0.0.9;

        }

        server {

            listen 10.0.0.3:80;

            server_name www.etiantian.org;

            location / {

                proxy_pass http://server_pools;

                         proxy_set_header Host $host;

                   proxy_set_header X-Forwarded-For $remote_addr;

            }

                  access_log  logs/access_www.log  main;

           }

               server {

            listen 10.0.0.4:80;

            server_name blog.etiantian.org;

            location / {

                proxy_pass http://server_pools;

                         proxy_set_header Host $host;

                   proxy_set_header X-Forwarded-For $remote_addr;

            }

                  access_log  logs/access_blog.log  main;

                 

           }

    }

    #########第三个里程碑-windows hosts解析

    10.0.0.3  www.etiantian.org

    10.0.0.4  bbs.etiantian.org
  • 相关阅读:
    iostableview
    asio教程 Mac
    docker教程
    cpp0602
    在内网中使用leaflet和leafletgeoman
    买车流程
    Es的分布式架构原理(es是如何实现分布式的)
    Java虚拟机:内存区域与内存模型、垃圾收集、类文件结构及类加载机制、线程与锁优化、jdk命令行与可视化工具
    Verdi笔记(E课网教程)
    Django框架15 /Python使用license设置项目有效期
  • 原文地址:https://www.cnblogs.com/zdqc/p/9447429.html
Copyright © 2020-2023  润新知