nginx+keepalived实现高可用案例

作业：
什么是脑裂：互相认为对方服务器瘫痪了，两边都有资源，导致哪个都不能访问。
1、NFS+DRBD +Heartbeat
2、nginx+keepalived实现高可用

===============================================================

实验： nginx+keepalived实现高可用

1、准备四台虚拟机，两台tomcat，两台nginx
2、两台tomcat配置相同，测试页不同
安装jdk
[root@localhost ~]#  tar xf  jdk-8u191-linux-x64.tar.gz
[root@localhost ~]# mv jdk1.8.0_191 /usr/local/java
[root@localhost ~]# vi /etc/profile
在最后添加
export JAVA_HOME=/usr/local/java
export PATH=$PATH:$JAVA_HOME/bin
[root@localhost ~]# source /etc/profile
安装tomcat
[root@localhost ~]# tar xf apache-tomcat-8.5.16.tar.gz
[root@localhost ~]# mv apache-tomcat-8.5.16 /usr/local/tomcat
[root@localhost ~]# /usr/local/tomcat/bin/startup.sh
Tomcat1测试页：
[root@localhost ~]# echo “111111” > /usr/local/tomcat/webapps/ROOT/index.jsp
Tomcat2测试页：
[root@localhost ~]# echo “222222” > /usr/local/tomcat/webapps/ROOT/index.jsp
 
2、两台nginx配置完全相同
[root@localhost ~]# tar xf xf nginx-1.15.9.tar.gz -C /usr/src
[root@localhost ~]# cd /usr/src/nginx-1.15.9
[root@localhost~]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-file-aio --with-http_stub_status_module --with-http_gzip_static_module --with-http_flv_module --with-http_ssl_module --with-pcre
[root@localhost~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin
[root@localhost~]# nginx
[root@localhost~]# vi /usr/local/nginx/conf/nginx.conf
user  nginx nginx;
worker_processes  1;
error_log  logs/error.log;
pid        logs/nginx.pid;
events {
    use epoll;
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    upstream tomcat_server {
        server 192.168.200.112:8080 weight=1;
        server 192.168.200.113:8080 weight=1;
    }
    server {
        listen       192.168.200.254:80;
        server_name  localhost;
        charset utf-8;
        access_log  logs/host.access.log  main;
        location / {
            root   html;
            index  index.html index.htm index.jsp;
            proxy_pass http://tomcat_server;
            proxy_set_header Host $http_host;
        }
    }
}
[root@localhost~]# killall -9 nginx
[root@localhost~]# nginx
 
4、keepalived配置
[root@localhost~]# yum -y install keepalived
[root@localhost~]# vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {

   router_id 192.168.200.66  //备用的用192.168.200.69
   notification_email {
     acassen@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_MASTER //备用BACKUP
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_script chk_http_port {    #检测nginx服务是否在运行。有很多方式，比如进程，用脚本检测等等
    script "/root/nginx.sh"    #这里通过脚本监测
    interval 2    #每两秒检测一次
    weight -5    #脚本结果导致的优先级变更，检测失败（脚本返回非0）则优先级 -5
    fall 2    #检测连续2次失败才算确定是真失败。会用weight减少优先级（1-255之间）
    rise 1    #检测1次成功就算成功。但不修改优先级
}
 
vrrp_instance VI_1 {
    state MASTER //备用BACKUP
    interface ens32
    virtual_router_id 51
    priority 100  //备用 的要进行降级  例如90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.200.254   //虚拟VIP
    }
track_script {  #执行监控的服务。
   chk_http_port   #引用VRRP脚本，即在 vrrp_script 部分指定的名字。
}
}
 
检测nginx的脚本
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
    /usr/local/nginx/sbin/nginx
    sleep 2
    counter=$(ps -C nginx --no-heading|wc -l)
    if [ "${counter}" = "0" ]; then
        systemctl stop keepalived
    fi
fi
[root@localhost~]#  chmod +x /root/nginx.sh
[root@localhost~]#  systemctl restart keeplived

iptables -F  //在关闭一次防火墙

浏览器中访问192.168.200.254    

 

完成！！

！！！！！！！！！！！！！！！！！

！！！！！！！！！！！！！！！！！！！！！！