美文网首页linux
RedHat+Keepalived+Apache HTTP Se

RedHat+Keepalived+Apache HTTP Se

作者: 小六的昵称已被使用 | 来源:发表于2019-02-21 13:59 被阅读19次

    title: RedHat+Keepalived+Apache HTTP Server实现高可用(源码安装)
    categories: Linux
    tags:
    - Keepalived
    - Apache
    - httpd
    - Cluster
    - HA
    timezone: Asia/Shanghai
    date: 2019-01-09


    Keepalived是基于vrrp协议的一款高可用软件。Keepailived有一台主服务器和多台备份服务器,在主服务器和备份服务器上面部署相同的服务配置,使用一个虚拟IP地址对外提供服务,当主服务器出现故障时,虚拟IP地址会自动漂移到备份服务器。

    环境(在RedHat6和7下分别测试通过)

    [root@redhat610-ch-02 ~]# cat /etc/redhat-release 
    Red Hat Enterprise Linux Server release 6.10 (Santiago)
    
    [root@localhost keepalived]# cat /etc/redhat-release 
    Red Hat Enterprise Linux Server release 7.3 (Maipo)
    

    环境介绍

    1.节点1部署httpd服务,并个性化主页  10.0.1.66
    2.节点2部署httpd服务,并个性化主页  10.0.1.67
    3.准备一个虚拟集群IP,保证没有被占用    10.0.1.100
    4.两个节点分别安装Keepalived并设置以实现高可用
    

    第零步:关闭系统默认防火墙

    setenforce 0
    sed -i -r "/^SELINUX=/c SELINUX=disabled" /etc/selinux/config
    which systemctl && systemctl stop firewalld
    which systemctl && systemctl disable firewalld
    which systemctl && systemctl stop iptables || service iptables stop
    which systemctl && systemctl disable iptables || chkconfig iptables off
    

    第一步:源码编译安装Apache HTTP Server

    1.配置本地yum并安装开发工具
    mkdir /mnt/cdrom
    mount /dev/cdrom /mnt/cdrom
    
    cat <<EOF >/etc/yum.repos.d/local.repo
    [local]
    name=local
    baseurl=file:///mnt/cdrom
    gpgcheck=0
    enabled=1
    EOF
    
    yum clean all       #清理本地缓存
    yum clean plugins   #清理插件缓存
    yum makecache       #构建缓存
    
    # 区分REHL6还是REHL7
    which systemctl && yum group install -y "Development Tools" || yum groupinstall -y "Development Tools"
    
    2.源码方式安装依赖项和Apache HTTP Server
    yum install -y expat-devel
    
    wget /home/pcre-8.42.tar.gz https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz
    tar vxzf pcre-8.42.tar.gz
    cd pcre-8.42
    ./configure
    make
    make install
    
    # 这里为了保证每一步都正确安装使用echo $?命令查看命令执行结果是否有问题
    # 0代表每问题,非0都是有问题的
    wget http://mirror.bit.edu.cn/apache//apr/apr-1.6.5.tar.gz
    tar -vxf apr-1.6.5.tar.gz
    cd apr-1.6.5
    ./configure --prefix=/usr/local/apr
    echo $?
    make
    echo $?
    make install
    echo $?
    
    wget http://mirror.bit.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
    tar -vxf apr-util-1.6.1.tar.gz
    cd apr-util-1.6.1
    ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
    echo $?
    make
    echo $?
    make install
    echo $?
    
    wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.37.tar.gz
    tar -vxf httpd-2.4.37.tar.gz
    cd httpd-2.4.37
    ./configure --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
    echo $?
    make
    echo $?
    make install
    echo $?
    
    3.启动httpd

    默认安装路径:/usr/local/apache2/

    # 编辑配置文件增加以下行
    vim /usr/local/apache2/conf/httpd.conf
    ServerName 0.0.0.0:80
    
    # 启动httpd
    /usr/local/apache2/bin/apachectl -k start
        
        -k start        启动
        -k restart      重新启动
        -k graceful     优雅的重启(重读配置文件,如果配置文件有问题,将继续用原来配置文件运行)
        -k graceful-stop    优雅的停止
        -k stop         停止
    
    4.两个节点建立不同的主页,用来测试等下的高可用是否生效。
    echo 111111 > /usr/local/apache2/htdocs/index.html
    echo 222222 > /usr/local/apache2/htdocs/index.html
    

    第三步:安装Keepalived并设置HA高可用

    1.安装OpenSSL
    wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
    tar vxzf openssl-1.1.1a.tar.gz
    cd openssl-1.1.1a
    ./config
    make
    make install
    
    执行openssl报错
    解决方法for RedHad6:
    ln -s /usr/local/lib/libpcre.so.1 /lib64
    
    解决方法for RedHad7:
    ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
    ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
    
    2.安装Keepalived
    wget http://www.keepalived.org/software/keepalived-2.0.11.tar.gz
    tar vxzf keepalived-2.0.11.tar.gz
    cd keepalived-2.0.11
    ./configure
    make
    make install
    
    keepalived --help
    
    3.编辑配置文件
    mkdir /etc/keepalived
    cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
    vim /etc/keepalived/keepalived.conf
    

    Keepalived启动的时候会从/etc/keepalived/keepalived.conf读取配置文件.安装后默认的地址是在/usr/local/etc/keepalived/keepalived.conf所以需要复制过来。

    两个节点配置文件不一样的地方只有state、priority和router_id,其他完全保持一致。

    节点1配置:

    ! Configuration File for keepalived
    
    global_defs {
    #   notification_email {
    #     acassen@firewall.loc
    #     failover@firewall.loc
    #     sysadmin@firewall.loc
    #   }
    #   notification_email_from Alexandre.Cassen@firewall.loc
    #   smtp_server 192.168.200.1
    #   smtp_connect_timeout 30
       router_id node1
    #   vrrp_skip_check_adv_addr
    #   vrrp_strict
    #   vrrp_garp_interval 0
    #   vrrp_gna_interval 0
    }
    
    vrrp_script chk_httpd {
        script "/etc/keepalived/check_httpd.sh"
        interval 1
        weight -20
    }
    
    vrrp_instance VI_1 {
        state MASTER                ## 这里只能接受MASTER和BACKUP,而且必须为大写
        interface ens33             ## 绑定虚拟IP的网卡接口
        virtual_router_id 51        ## 虚拟ID,同一个ID之间互相通讯,两个节点之间必须保持一致
        priority 100                ## 优先级(0-254),一般设置100左右,主节点要比从节点高
        advert_int 1                ## 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)。
        authentication {
            auth_type PASS          ## 设置验证方式,这里采用的是明文密码认证,两个节点必须保持一致
            auth_pass 1111
        }
        virtual_ipaddress {
            10.0.1.100              ## 虚拟IP,可以设置多个
    #        192.168.200.16
    #        192.168.200.17
    #        192.168.200.18
        }
    
        track_script {
           chk_nginx  # httpd存活状态检测脚本
        }
    }
    

    节点2配置:

    ! Configuration File for keepalived
    
    global_defs {
    #   notification_email {
    #     acassen@firewall.loc
    #     failover@firewall.loc
    #     sysadmin@firewall.loc
    #   }
    #   notification_email_from Alexandre.Cassen@firewall.loc
    #   smtp_server 192.168.200.1
    #   smtp_connect_timeout 30
       router_id node2
    #   vrrp_skip_check_adv_addr
    #   vrrp_strict
    #   vrrp_garp_interval 0
    #   vrrp_gna_interval 0
    }
    
    vrrp_script chk_httpd {
        script "/etc/keepalived/check_httpd.sh"
        interval 1
        weight -20
    }
    
    vrrp_instance VI_1 {
        state BACKUP                ## 这里只能接受MASTER和BACKUP,而且必须为大写
        interface ens33             ## 绑定虚拟IP的网卡接口
        virtual_router_id 51        ## 虚拟ID,同一个ID之间互相通讯,两个节点之间必须保持一致
        priority 90         ## 优先级(0-254),一般设置100左右,主节点要比从节点高
        advert_int 1                ## 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)。
        authentication {
            auth_type PASS          ## 设置验证方式,这里采用的是明文密码认证,两个节点必须保持一致
            auth_pass 1111
        }
        virtual_ipaddress {
            10.0.1.100              ## 虚拟IP,可以设置多个
    #        192.168.200.16
    #        192.168.200.17
    #        192.168.200.18
        }
        track_script {
           chk_httpd  # httpd存活状态检测脚本
        }
    }
    
    4.分别启动Keepalived

    如果配置文件有错误的话,启动程序的时候不会提示的,所以启动程序的时候一定要注意观察日志是否正常。

    keepalived -D
    
    5.查看运行状态和日志
    通过ip a可以看到1.100只绑定在MASTER节点
    inet 10.0.1.100/32 scope global eth1
    
    ps命令查看进程,yum方式安装的有3个进程,源码安装的有2个进程
    ps -ef | grep keepalived
    
    日志默认保存在/var/log/messages文件
    tail -f -n 5 /var/log/messages
    
    通过抓包软件检测
    tcpdump -i eth1 -n 'host 10.0.1.101'
    
    5.关闭主节点,看vip是否能自动切换到BACKUP节点。
    通过ping 10.0.1.100可以看到中间只断一个包,然后就马上恢复了。至此HA高可用配置成功。
    
    6.默认为抢占模式,也就是如果这个时候将节点1再启动的话,vip会自动再切换回节点1

    第四步:配置httpd检测脚本,实现对httpd状态的监控(by all)

    1.编辑检测脚本,此脚本实现监控httpd状态,如果发现没有进程会自动启动,如果启动失败将自动结束掉Keepalived

    vim /etc/keepalived/check_httpd.sh
    
    #!/bin/bash
    counter=$(ps -C httpd --no-heading|wc -l)
    if [ "${counter}" = "0" ]
        then
        /usr/local/apache2/bin/apachectl -k start
        sleep 2
        
        counter=$(ps -C httpd --no-heading|wc -l)
        if [ "${counter}" = "0" ] 
        then
            kill -9 `ps -ef | grep keepalived | grep D`
        fi
    fi
    
    chmod +x /etc/keepalived/check_httpd.sh
    

    2.修改Keepalived配置文件,增加检测脚本部分

    vim /etc/keepalived/keepalived.conf
    
    在全局配置和vrrp_instance VI_1中间增加以下内容:
    vrrp_script chk_httpd {
    script "/etc/keepalived/check_httpd.sh" # 这里要写绝对路径
    interval 2      # 每2秒检测一次httpd的运行状态
    
    在vrrp_instance VI_1增加以下内容:
    track_script {
       chk_httpd  # httpd存活状态检测脚本
    }
    

    3.重启Keepalived服(只需要开启keepalived即可,因为有自动检测脚本,开启的同时会自动启动httpd)

    keepalived
    

    附录:

    Keepalived官网:http://www.keepalived.org/

    Apache官网:http://httpd.apache.org/download.cgi

    PCRE官网:http://www.pcre.org/

    OpenSSL官网:https://www.openssl.org/

    zile官网:http://www.zlib.net/

    keepalived-2.0.11.tar.gz下载地址:https://pan.baidu.com/s/14kCDGvhMnJ8LI0LHq-Vn4w

    pcre-8.42.tar.gz下载地址:https://pan.baidu.com/s/1R_Iun0r4gKwotGQ3ctVm7Q

    apr-util-1.6.1.tar.gz下载地址:https://pan.baidu.com/s/1pvzRC6dQT4GDtn44mONxlQ

    apr-1.6.5.tar.gz下载地址:https://pan.baidu.com/s/1KHosgnzTL-N1oUnl6xi6kw

    httpd-2.4.37.tar.gz下载地址:https://pan.baidu.com/s/12-1kWwhm5obpu5WXYY2qHw

    openssl-1.1.1a.tar.gz下载地址:https://pan.baidu.com/s/1w6twBzCog54jY-6z80Ea-A

    相关文章

      网友评论

        本文标题:RedHat+Keepalived+Apache HTTP Se

        本文链接:https://www.haomeiwen.com/subject/iarkyqtx.html