知识共享许可协议
本作品采用知识共享署名-非商业性使用-禁止演绎 3.0 未本地化版本许可协议进行许可。

说明
system: CentOS release 6.5 (Final)
linux kernel: 2.6.32-431.el6.x86_64 

hostname: host-1, IP: 10.211.55.65 VIP: 10.211.55.67
hostname: host-2, IP: 10.211.55.66 VIP: 10.211.55.68
更新源
两台机器都需要更新源

yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
yum clean all
yum makecache
安装依赖
yum install gcc gcc-c++ make cmake ncurses-devel pcre-devel openssl-devel ipvsadm kernel-devel libnl-devel popt-devel -y    
防火墙设置
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -d 224.0.0.0/8 -j ACCEPT
iptables -I INPUT -p vrrp -j ACCEPT

service iptables save
service iptables restart
安装Nginx
两台机器都需要安装Nginx
  • 下载

    wget http://nginx.org/download/nginx-1.7.9.tar.gz
    tar zxvf nginx-1.7.9.tar.gz
    cd nginx-1.7.9
    
  • 安装

    useradd -M -r -b /tmp -s /sbin/nologin -d /opt/nginx nginx
    
    ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module
    make -j 4
    make install
    
  • 设置启动文件

    vi /etc/rc.d/init.d/nginx
    
    #!/bin/sh
    #
    # nginx – this script starts and stops the nginx daemongg
    #
    # chkconfig: - 85 15
    # description: Nginx is an HTTP(S) server, HTTP(S) reverse \
    # proxy and IMAP/POP3 proxy server
    # processname: nginx
    # config: /opt/nginx/conf/nginx.conf
    # pidfile: /opt/nginx/logs/nginx.pid
    
    # Source function library.
    . /etc/rc.d/init.d/functions
    
    # Source networking configuration.
    . /etc/sysconfig/network
    
    # Check that networking is up.
    [ "$NETWORKING" = "no" ] && exit 0
    
    nginx="/opt/nginx/sbin/nginx"
    prog=$(basename $nginx)
    
    NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
    
    lockfile=/var/lock/subsys/nginx
    
    start() {
        [ -x $nginx ] || exit 5
        [ -f $NGINX_CONF_FILE ] || exit 6
        echo -n $"Starting $prog: "
        daemon $nginx -c $NGINX_CONF_FILE
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc $prog -QUIT
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        configtest || return $?
        stop
        start
    }
    
    reload() {
        configtest || return $?
        echo -n $”Reloading $prog: ”
        killproc $nginx -HUP
        RETVAL=$?
        echo
    }
    
    force_reload() {
        restart
    }
    
    configtest() {
        $nginx -t -c $NGINX_CONF_FILE
    }
    
    rh_status() {
        status $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart|configtest)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
            exit 2
        esac
    
    chmod +x /etc/rc.d/init.d/nginx
    service nginx start
    
安装Keepalived
两台机器都需要安装Keepalived
  • 下载

    wget http://www.keepalived.org/software/keepalived-1.2.15.tar.gz
    tar zxvf keepalived-1.2.15.tar.gz
    cd keepalived-1.2.15
    
  • 安装

    ./configure --prefix=/opt/keepalived
    
    Keepalived configuration
    ------------------------
    Keepalived version       : 1.2.15
    Compiler                 : gcc
    Compiler flags           : -g -O2 -DFALLBACK_LIBNL1
    Extra Lib                : -lssl -lcrypto -lcrypt  -lnl  
    Use IPVS Framework       : Yes
    IPVS sync daemon support : Yes
    IPVS use libnl           : Yes
    fwmark socket support    : Yes
    Use VRRP Framework       : Yes
    Use VRRP VMAC            : Yes
    SNMP support             : No
    SHA1 support             : No
    Use Debug flags          : No
    
    make -j 4
    make install
    
    cp /opt/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/
    chmod +x /etc/init.d/keepalived 
    cp /opt/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
    mkdir -p /etc/keepalived
    cp /opt/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
    ln -s /opt/keepalived/sbin/keepalived /sbin/
    
    chkconfig keepalived on
    
主服务器(10.211.55.65)配置keepalived
  • keepalived.conf

    vi /etc/keepalived/keepalived.conf
    
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            nate.yhz@gmail.com #告警邮箱
       }
       notification_email_from root@localhost #发信邮箱
       smtp_server 127.0.0.1 
       smtp_connect_timeout 30
       router_id LVS_DEVEL
    }
    
    vrrp_script chk_nginx {
        script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本
        interval 2
        weight 2
    }
    
    vrrp_instance VI_1 {
        state MASTER #主服务器
        interface eth0 #网络设备
        virtual_router_id 51 #虚拟路由ID
        priority 100 #优先级,master要比slave 大
        advert_int 1 #心跳时间
        authentication { 
            auth_type PASS
            auth_pass yhz.me #认证的密码
        }
        track_script {
            chk_nginx
        }
        virtual_ipaddress { #虚拟IP
            10.211.55.67
        }
    }
    
    vrrp_instance VI_2 {
        state BACKUP
        interface eth0
        virtual_router_id 52
        priority 99
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass yhz.me
        }
        virtual_ipaddress {
            10.211.55.68
        }
    }
    
  • chk_nginx.sh

    vi /etc/keepalived/chk_nginx.sh
    
    #!/bin/bash
    A=`ps -C nginx --no-header |wc -l`               
    if [ $A -eq 0 ];then                                       
            /etc/init.d/nginx restart
            sleep 3
            if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
                   killall keepalived
            fi
    fi
    
从服务器(10.211.55.66)配置keepalived
  • keepalived.conf

    vi /etc/keepalived/keepalived.conf
    
    ! Configuration File for keepalived
    
    global_defs {
       notification_email {
            nate.yhz@gmail.com #告警邮箱
       }
       notification_email_from root@localhost #发信邮箱
       smtp_server 127.0.0.1 
       smtp_connect_timeout 30
       router_id LVS_DEVEL
    }
    
    vrrp_script chk_nginx {
        script "/etc/keepalived/chk_nginx.sh" #检测nginx是否运行的脚本
        interval 2
        weight 2
    }
    
    vrrp_instance VI_1 {
        state BACKUP #从服务器
        interface eth0 #网络设备
        virtual_router_id 51 #虚拟路由ID
        priority 99 #优先级,master要比slave 大
        advert_int 1
        authentication { 
            auth_type PASS
            auth_pass yhz.me #认证的密码
        }
        virtual_ipaddress { #虚拟IP
            10.211.55.67
        }
    }
    
    vrrp_instance VI_2 {
        state MASTER
        interface eth0
        virtual_router_id 52
        priority 100
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass yhz.me
        }
        track_script {
            chk_nginx
        }
        virtual_ipaddress {
            10.211.55.68
        }
    }
    
  • chk_nginx.sh

    vi /etc/keepalived/chk_nginx.sh
    
    #!/bin/bash
    A=`ps -C nginx --no-header |wc -l`               
    if [ $A -eq 0 ];then                                       
            /etc/init.d/nginx restart
            sleep 3
            if [ `ps -C nginx --no-header |wc -l` -eq 0 ];then
                   killall keepalived
            fi
    fi
    
Keepalived操作
  • 启动

    service keepalived start
    
  • 查看是否绑定了虚拟IP

    ip a 
    
  • 停止

    service keepalived stop
    
  • 重启

    service keepalived restart
    
正常情况的IP显示
  • 10.211.55.65

    inet 10.211.55.65/24 brd 10.211.55.255 scope global eth0
    inet 10.211.55.67/32 scope global eth0
    
  • 10.211.55.66

    inet 10.211.55.66/24 brd 10.211.55.255 scope global eth0
    inet 10.211.55.68/32 scope global eth0
    
测试
ping 10.211.55.67

10.211.55.65这台机断网, 重启网络

ping 10.211.55.68

10.211.55.66这台机断网, 重启网络

Nginx的服务测试
打开 http://10.211.55.67

service nginx stop