9.5 安装前准备

规划：node1和node5作为负载均衡服务器，node2上的tomcat1和tomcat2还是RS服务器。

修改node2的tomcat1和tomcat2上的index.jps,去掉样式和图片，去掉动静分离的干扰。

tomcat1的index.jsp

xxxxxxxxxx
from 192.168.20.102:8080 tomcat1

tomcat2上的index.jsp

xxxxxxxxxx
from 192.168.20.102:9090 tomcat2

9.6 安装步骤

1. 修改node1上的nginx.conf文件

xxxxxxxxxx
upstream rss {
    server 192.168.20.102:8080;
    server 192.168.20.102:9090;
}
server { # check_nginx.sh脚本执行时使用
    listen       80;
    server_name  localhost;
    location / {
        root html;
    }
}
server {
    listen       80;
    server_name 192.168.20.200; 
    location / {
        proxy_pass http://rss/;
    }
}

3. 备份node3的配置文件nginx.conf,将node1上的配置文件远程拷贝到node5上。

xxxxxxxxxx
[root@node1 ~]# cd /usr/local/nginx/conf/
[root@node1 conf]# scp nginx.conf 192.168.20.105:`pwd`

4. 在node1的/home/目录下编写check_nginx.sh

xxxxxxxxxx
#!/bin/bash
#通过访问check.html页面来检查nginx是否宕机
url="http://127.0.0.1/check.html"
code=`curl -s -o /dev/null -w %{http_code} $url`
#通过判断相应编码是否是200来确定nginx宕机
if [ $code -ne 200 ];then
  sleep 1
  code=`curl -s -o /dev/null -w %{http_code} $url`
  if [ $code -ne 200 ];then
    #确定nginx是宕机，关闭本机的keepalived
    systemctl stop keepalived
  fi
fi

5. 添加权限：chmod +x /home/check_nginx.sh
6. 然后将node1上的/home/check_nginx.sh拷贝到node5上

xxxxxxxxxx
scp /home/check_nginx.sh node5:/home

7. 在node1上的/usr/local/nginx/html目录创建一个check.html

xxxxxxxxxx
[root@node1 home]# cd /usr/local/nginx/html
[root@node1 html]# vim check.html
check nginx

8. 然后将node1上的/usr/local/nginx/html/check.html拷贝到node3上相同目录下

xxxxxxxxxx
[root@node1 html]# scp check_nginx.sh 192.168.20.105:/home/

9. 分别在node1和node5上的/usr/local/nginx/html目录下创建一个check.html

   xxxxxxxxxx
   [root@node1 home]# cd /usr/local/nginx/html/
   [root@node1 html]# pwd
   /usr/local/nginx/html
   [root@node1 html]# vim check.html
   check nginx
   

10. 分别在node1上和node5上测试check_nginx.sh是否可以正确的检查出nginx是否宕机：

xxxxxxxxxx
[root@node1 ~]# sh -x /home/check_nginx.sh 
+ url=http://127.0.0.1/check.html
++ curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1/check.html
+ code=200
+ '[' 200 -ne 200 ']'

以上提示表示nginx正常提供服务。

xxxxxxxxxx
[root@nginx1 ~]# sh -x /home/check_nginx.sh
+ url=http://127.0.0.1/check.html
++ curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1/check.html
+ code=404  或 502 或 ...   非200的值
+ '[' 502 -ne 200 ']'

以上提示表示nginx已经宕机了。

10. 在node1和node5上通过yum安装keepalived

xxxxxxxxxx
[root@node1 ~]# yum install keepalived -y
[root@node5 ~]# yum install keepalived -y

11. node1上配置/etc/keepalived/keepalived.conf文件如下

如果某项不记得如何配置，可以新开一个终端，通过man keepalived.conf命令进行查看配置说明

xxxxxxxxxx
global_defs {
   #配置接收邮件的邮箱地址，指定keepalived在发生切换时需要发送email到的邮箱地址，一行一个
   notification_email {
     gtjin@bjsxt.com
   }
   notification_email_from keepmanager@126.com #指定发件人
   smtp_server 192.168.20.1 #指定邮件smtp服务器的地址
   smtp_connect_timeout 30 #指定smtp连接的超时时间
   router_id node1 #运行keepalived机器的一个标识
}
#手动定义一个检查机制
vrrp_script chk_nginx {
    script "/home/check_nginx.sh"
    interval 2#每隔2秒检查一次
    weight -20
}
vrrp_instance VI_1 {
    #指定实例的初始化状态，两台路由器都启动后，马上会发生竞选。priority优先级高的被选为Master
    #这里的MASTER并不能代表当前实例一直未MASTER
    state MASTER
    interface ens33 #实例绑定的网卡设备
    virtual_router_id 101#VRID的标记(0-255)
    priority 100#优先级 该值高的实例优先竞选为MASTER，低的为BACKUP
    advert_int 1 #检查间隔，默认为1s
    #认证的设置
    authentication {
        auth_type PASS#认证的方式 PASS 或AH
        auth_pass 1111 # 认证的密码
    }
    #指定虚拟ip地址，也是VIP
    virtual_ipaddress {
        192.168.20.200/24 dev ens33 label ens33:3
    }
    track_script {
        chk_nginx #调用上面定义好检测
    }
}

3.将配置文件远程拷贝到node5上一份

xxxxxxxxxx
 [root@node1 ~]# scp /etc/keepalived/keepalived.conf root@192.168.20.105:/etc/keepalived/
root@192.168.20.105's password: 
keepalived.conf                                                                                   100% 1434   926.0KB/s   00:00 

4.去node5上修改keepalived.conf文件

xxxxxxxxxx
router_id node5
....
vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 105
    priority 90
    ……
}

5.node1上启动keepalived

xxxxxxxxxx
[root@node1 keepalived]# systemctl start keepalived
[root@node1 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-09-01 18:10:50 CST; 26s ago
  Process: 14753 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 14754 (keepalived)
    Tasks: 2 (limit: 4911)
   Memory: 5.4M
   CGroup: /system.slice/keepalived.service
           ├─14754 /usr/sbin/keepalived -D
           └─14755 /usr/sbin/keepalived -D

8月 04 18:10:54 node0 Keepalived_vrrp[14755]: Sending gratuitous ARP on ens33 for 192.168.20.200

6.node1上检查

xxxxxxxxxx
[root@node1 keepalived]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
       ......
ens33:3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.20.200  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:01:4c:80  txqueuelen 1000  (Ethernet)

浏览器访问测试：http://192.168.20.200,并不断刷新，网页显示结果在8080和9090之间切换。

7.node5上启动keepalived

xxxxxxxxxx
[root@node5 keepalived]# systemctl start keepalived
[root@node5 keepalived]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since 三 2021-09-01 12:19:18 CST; 6s ago
  Process: 9666 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 9667 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─9667 /usr/sbin/keepalived -D
           ├─9668 /usr/sbin/keepalived -D
           └─9669 /usr/sbin/keepalived -D

9月 01 12:19:18 node5 Keepalived_vrrp[9669]: VRRP_Script(chk_nginx) succeeded
9月 01 12:19:21 node5 Keepalived_vrrp[9669]: VRRP_Instance(VI_1) Transition to MASTER STATE
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: VRRP_Instance(VI_1) Entering MASTER STATE
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: VRRP_Instance(VI_1) setting protocol VIPs.
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: Sending gratuitous ARP on ens33 for 192.168.20.200
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: VRRP_Instance(VI_1) Sending/queueing gratuitous ARPs on ens33 for 192.168.20.200
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: Sending gratuitous ARP on ens33 for 192.168.20.200
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: Sending gratuitous ARP on ens33 for 192.168.20.200
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: Sending gratuitous ARP on ens33 for 192.168.20.200
9月 01 12:19:22 node5 Keepalived_vrrp[9669]: Sending gratuitous ARP on ens33 for 192.168.20.200

8.node5上检查,没有启动ens:3的网卡 ??? 为何也有？

xxxxxxxxxx
[root@node5 keepalived]# ifconfig
……

9.将node1上的nginx down掉并测试

xxxxxxxxxx
[root@node1 keepalived]# systemctl stop nginx 
[root@node1 keepalived]# ifconfig

node5上查看，

xxxxxxxxxx
[root@node5 keepalived]# ifconfig

10.将node1上的nginx和keepalived起来并测试

xxxxxxxxxx
[root@node1 keepalived]# systemctl  start nginx
[root@node1 keepalived]# systemctl  start keepalived 

node1上查看，

xxxxxxxxxx
[root@node1 keepalived]# ifconfig
[root@node1 ~]# ps aux |grep keepalived

关闭Nginx的时候，keepalived不能被关闭，出现如下错误提示（/var/log/messages）：

xxxxxxxxxx
Aug  9 12:46:02 node3 setroubleshoot[34963]: failed to retrieve rpm info for /home/check_nginx.sh
Aug  9 12:46:02 node3 setroubleshoot[34963]: SELinux is preventing keepalived from getattr access on the file /home/check_nginx.sh. For complete SELinux messages run: sealert -l e024cc7f-9ba2-41fd-acb1-6c0e12ed25f9

检查SELinux子系统是否启动：

xxxxxxxxxx
[root@node5 ~]# getenforce 
Enforcing #表示正在启用
[root@node5 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing  #在启用
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31

临时关闭SELinux:

xxxxxxxxxx
[root@node5 ~]# setenforce 0
[root@node5 ~]# getenforce 
Permissive #说明临时关闭成功

重启系统后，临时关闭将失效。所以需要再次进行永久关闭：

xxxxxxxxxx
[root@node5 ~]# vim /etc/selinux/config
SELINUX=disabled  #默认值是enforcing

重启keepalived，再次查看/var/log/messages,不再出现之前bug。