实验场景: 我使用keepalived保证nginx的高可用,我想知道什么时候ip发生漂移,可以让ip发生漂移的时候 我的邮箱收到消息.
如果对keepalived不了解,这有详细解释:keepalived与nginx与MySQL-CSDN博客https://blog.csdn.net/m0_59933574/article/details/134189200?spm=1001.2014.3001.5501
实验步骤:
Nginx通过Upstream模块实现负载均衡
主机清单:
主机名 | IP | 系统 | 用途 |
---|---|---|---|
Proxy-master | 192.168.231.201 | centos7.5 | 主负载 |
Proxy-slave | 192.168.231.202 | centos7.5 | 主备 |
Real-server1 | 192.168.231.203 | Centos7.5 | web1 |
Real-server2 | 192.168.231.204 | centos7.5 | Web2 |
Vip for proxy | 192.168.231.225 |
所有机器都配置安装nginx,关闭防火墙与selinux
[root@proxy-master ~]# systemctl stop firewalld //关闭防火墙
[root@proxy-master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux //关闭selinux,重启生效
[root@proxy-master ~]# setenforce 0 //关闭selinux,临时生效安装nginx, 全部4台
[root@proxy-master ~]# cd /etc/yum.repos.d/
[root@proxy-master yum.repos.d]# vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
[root@proxy-master yum.repos.d]# yum install yum-utils -y
[root@proxy-master yum.repos.d]# yum install nginx -y
实验过程
1、选择两台nginx服务器作为代理服务器。
2、给两台代理服务器安装keepalived制作高可用生成VIP
3、配置nginx的负载均衡
选择201 202为代理服务器
201
# vim /etc/nginx/nginx.conf#Nginx配置文件
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {worker_connections 1024;
}
http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;include /etc/nginx/conf.d/*.conf;upstream backend { ####管理服务器组,设置权重server 192.168.231.204:80 weight=1 max_fails=3 fail_timeout=20s;server 192.168.231.203:80 weight=1 max_fails=3 fail_timeout=20s;}server {listen 80;server_name localhost;location / {proxy_pass http://backend;proxy_set_header Host $host:$proxy_port;proxy_set_header X-Forwarded-For $remote_addr;}}
}
202
# vim /etc/nginx/nginx.confuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {worker_connections 1024;
}
http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;include /etc/nginx/conf.d/*.conf;upstream backend { server 192.168.231.204:80 weight=1 max_fails=3 fail_timeout=20s;server 192.168.231.203:80 weight=1 max_fails=3 fail_timeout=20s;}server {listen 80;server_name localhost;location / {proxy_pass http://backend;proxy_set_header Host $host:$proxy_port;proxy_set_header X-Forwarded-For $remote_addr;}}
}
Keepalived实现调度器HA
主备都安装keepalived
[root@zhu ~]# yum install -y keepalived[root@bei ~]# yum install -y keepalived#主备都进行的操作cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak#主备都修改配置文件vim /etc/keepalived/keepalived.conf#这是主的配置文件
! Configuration File for keepalivedglobal_defs {router_id directory1 #辅助改为directory2
}vrrp_instance VI_1 {state MASTER #定义主还是备interface ens33 #VIP绑定接口virtual_router_id 80 #整个集群的调度器一致priority 100 #back改为50advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.231.225/24 # vip}
}#这是备的配置文件
! Configuration File for keepalivedglobal_defs {router_id directory2
}vrrp_instance VI_1 {state BACKUP #设置为backupinterface ens33nopreempt #设置到back上面,不抢占资源virtual_router_id 80priority 50 #辅助改为50advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.231.225/24}
}
主备均启动keepalived
开机自启
# systemctl enable keepalived
启动
systemctl start keepalived查看ip[root@zhu ~]# ip a | grep 225inet 192.168.231.225/24 scope global secondary ens33
对调度器Nginx健康检查(可选)两台都设置
思路:
让Keepalived以一定时间间隔执行一个外部脚本,脚本的功能是当Nginx失败,则关闭本机的Keepalived
主服务器
vim check_nginx_status.sh #!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
# /etc/init.d/keepalived stopsystemctl stop keepalived
fi 备服务器
vim check_nginx_status.sh #!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
# /etc/init.d/keepalived stopsystemctl stop keepalived
fi 给主备的脚本的执行权限!!!!
chmod +x check_nginx_status.sh
将脚本引用在keepalived的配置文件中
主服务器的keepalived的配置文件
! Configuration File for keepalivedglobal_defs {router_id directory1
}
vrrp_script check_nginx { #引用脚本script "/etc/keepalived/check_nginx_status.sh"interval 5
}
vrrp_instance VI_1 {state MASTER interface ens33 virtual_router_id 80 priority 100 advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.231.225/24 }
track_script {check_nginx}
}
备服务器的keepalived的配置文件
[root@bei ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalived
global_defs {router_id directory2
}
vrrp_script check_nginx {script "/etc/keepalived/check_nginx_status.sh"interval 5
}
vrrp_instance VI_1 {state BACKUP interface ens33nopreempt virtual_router_id 80priority 50 advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.231.225/24}track_script {check_nginx}
}
现在我们就可以实现keepalived的高可用,实现IP漂移,如何以邮件的方式收到呢
我们以QQ邮箱为例
我是自己给自己发,因此我的收件人与发件人 都写了自己的QQ
获取最重要的授权码,授权码拿到手以后
在主备服务器进行相同的操作
主备均下载yum install -y mailx编写配置文件
vim /etc/mail.rcset bsdcompat
set from=xxxxxxxxx@qq.com ###发送者
set smtp=smtp.qq.com
set smtp-auth-user=xxxxxxxxx@qq.com
set smtp-auth-password=jawypsdsdsddbeg ####前面获取到的授权码
set smtp-auth=login
set ssl-verify=ignore
主备编写邮件脚本
主备均进行的操作
cd /etc/keepalived/vim sendmail.sh#!/bin/bash
to_email='xxxxxxxx@qq.com' #这是收件人,
ipaddress=`ip -4 a show dev ens33 | awk '/brd/{print $2}'`
notify() {mailsubject="${ipaddress}to be $1, vip转移"mailbody="$(date +'%F %T'): vrrp 飘移, $(hostname) 切换到 $1"echo "$mailbody" | mail -s "$mailsubject" $to_email
}
case $1 in
master)notify master;;
backup)notify backup;;
fault)notify fault;;
*)echo "Usage: $(basename $0) {master|backup|fault}"exit 1;;
esac
记得给脚本执行权限 chmod +x sendmail.sh
在keepalived的配置文件内引用邮件脚本,主备的配置文件都需要操作
! Configuration File for keepalivedglobal_defs {router_id directory1
}vrrp_script check_nginx {script "/etc/keepalived/check_nginx_status.sh"interval 5
}vrrp_instance VI_1 {state MASTER interface ens33 virtual_router_id 80 priority 100 advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.231.225/24 }track_script {check_nginx}#引用邮件脚本,主备都只需要加这三行即可notify_master "/etc/keepalived/sendmail.sh master"notify_backup "/etc/keepalived/sendmail.sh backup"notify_fault "/etc/keepalived/sendmail.sh fault"}
系统重载,让所有配置文件都重新加载一下
主备都进行
systemctl daemon-reload
开始演示
此时我们的vip在备服务器上
[root@bei ~]# ip a | grep 225inet 192.168.231.225/24 scope global secondary ens33
我们开启主服务器的nginx服务,以及keepalived
[root@zhu ~]# systemctl start nginx [root@zhu ~]# systemctl start keepalived
按照脚本,vip也会从备漂移到主服务器
[root@bei ~]# ip a | grep 225
[root@bei ~]# root@zhu ~]# ip a | grep 225inet 192.168.231.225/24 scope global secondary ens33
收到邮件
实验注意事项
1.写完脚本记得给执行权限
2.每次修改完配置文件记得要重启服务
3.获取qq授权码比较繁琐