title: RedHat+Keepalived+Apache HTTP Server实现高可用(源码安装)
categories: Linux
tags:
- Keepalived
- Apache
- httpd
- Cluster
- HA
timezone: Asia/Shanghai
date: 2019-01-09
Keepalived是基于vrrp协议的一款高可用软件。Keepailived有一台主服务器和多台备份服务器,在主服务器和备份服务器上面部署相同的服务配置,使用一个虚拟IP地址对外提供服务,当主服务器出现故障时,虚拟IP地址会自动漂移到备份服务器。
环境(在RedHat6和7下分别测试通过)
[root@redhat610-ch-02 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.10 (Santiago)
[root@localhost keepalived]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.3 (Maipo)
环境介绍
1.节点1部署httpd服务,并个性化主页 10.0.1.66
2.节点2部署httpd服务,并个性化主页 10.0.1.67
3.准备一个虚拟集群IP,保证没有被占用 10.0.1.100
4.两个节点分别安装Keepalived并设置以实现高可用
第零步:关闭系统默认防火墙
setenforce 0
sed -i -r "/^SELINUX=/c SELINUX=disabled" /etc/selinux/config
which systemctl && systemctl stop firewalld
which systemctl && systemctl disable firewalld
which systemctl && systemctl stop iptables || service iptables stop
which systemctl && systemctl disable iptables || chkconfig iptables off
第一步:源码编译安装Apache HTTP Server
1.配置本地yum并安装开发工具
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cat <<EOF >/etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt/cdrom
gpgcheck=0
enabled=1
EOF
yum clean all #清理本地缓存
yum clean plugins #清理插件缓存
yum makecache #构建缓存
# 区分REHL6还是REHL7
which systemctl && yum group install -y "Development Tools" || yum groupinstall -y "Development Tools"
2.源码方式安装依赖项和Apache HTTP Server
yum install -y expat-devel
wget /home/pcre-8.42.tar.gz https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz
tar vxzf pcre-8.42.tar.gz
cd pcre-8.42
./configure
make
make install
# 这里为了保证每一步都正确安装使用echo $?命令查看命令执行结果是否有问题
# 0代表每问题,非0都是有问题的
wget http://mirror.bit.edu.cn/apache//apr/apr-1.6.5.tar.gz
tar -vxf apr-1.6.5.tar.gz
cd apr-1.6.5
./configure --prefix=/usr/local/apr
echo $?
make
echo $?
make install
echo $?
wget http://mirror.bit.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
tar -vxf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
echo $?
make
echo $?
make install
echo $?
wget http://mirror.bit.edu.cn/apache//httpd/httpd-2.4.37.tar.gz
tar -vxf httpd-2.4.37.tar.gz
cd httpd-2.4.37
./configure --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
echo $?
make
echo $?
make install
echo $?
3.启动httpd
默认安装路径:/usr/local/apache2/
# 编辑配置文件增加以下行
vim /usr/local/apache2/conf/httpd.conf
ServerName 0.0.0.0:80
# 启动httpd
/usr/local/apache2/bin/apachectl -k start
-k start 启动
-k restart 重新启动
-k graceful 优雅的重启(重读配置文件,如果配置文件有问题,将继续用原来配置文件运行)
-k graceful-stop 优雅的停止
-k stop 停止
4.两个节点建立不同的主页,用来测试等下的高可用是否生效。
echo 111111 > /usr/local/apache2/htdocs/index.html
echo 222222 > /usr/local/apache2/htdocs/index.html
第三步:安装Keepalived并设置HA高可用
1.安装OpenSSL
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
tar vxzf openssl-1.1.1a.tar.gz
cd openssl-1.1.1a
./config
make
make install
执行openssl报错
解决方法for RedHad6:
ln -s /usr/local/lib/libpcre.so.1 /lib64
解决方法for RedHad7:
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
2.安装Keepalived
wget http://www.keepalived.org/software/keepalived-2.0.11.tar.gz
tar vxzf keepalived-2.0.11.tar.gz
cd keepalived-2.0.11
./configure
make
make install
keepalived --help
3.编辑配置文件
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
vim /etc/keepalived/keepalived.conf
Keepalived启动的时候会从/etc/keepalived/keepalived.conf读取配置文件.安装后默认的地址是在/usr/local/etc/keepalived/keepalived.conf所以需要复制过来。
两个节点配置文件不一样的地方只有state、priority和router_id,其他完全保持一致。
节点1配置:
! Configuration File for keepalived
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id node1
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
vrrp_script chk_httpd {
script "/etc/keepalived/check_httpd.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER ## 这里只能接受MASTER和BACKUP,而且必须为大写
interface ens33 ## 绑定虚拟IP的网卡接口
virtual_router_id 51 ## 虚拟ID,同一个ID之间互相通讯,两个节点之间必须保持一致
priority 100 ## 优先级(0-254),一般设置100左右,主节点要比从节点高
advert_int 1 ## 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)。
authentication {
auth_type PASS ## 设置验证方式,这里采用的是明文密码认证,两个节点必须保持一致
auth_pass 1111
}
virtual_ipaddress {
10.0.1.100 ## 虚拟IP,可以设置多个
# 192.168.200.16
# 192.168.200.17
# 192.168.200.18
}
track_script {
chk_nginx # httpd存活状态检测脚本
}
}
节点2配置:
! Configuration File for keepalived
global_defs {
# notification_email {
# acassen@firewall.loc
# failover@firewall.loc
# sysadmin@firewall.loc
# }
# notification_email_from Alexandre.Cassen@firewall.loc
# smtp_server 192.168.200.1
# smtp_connect_timeout 30
router_id node2
# vrrp_skip_check_adv_addr
# vrrp_strict
# vrrp_garp_interval 0
# vrrp_gna_interval 0
}
vrrp_script chk_httpd {
script "/etc/keepalived/check_httpd.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP ## 这里只能接受MASTER和BACKUP,而且必须为大写
interface ens33 ## 绑定虚拟IP的网卡接口
virtual_router_id 51 ## 虚拟ID,同一个ID之间互相通讯,两个节点之间必须保持一致
priority 90 ## 优先级(0-254),一般设置100左右,主节点要比从节点高
advert_int 1 ## 发VRRP包的时间间隔,即多久进行一次master选举(可以认为是健康查检时间间隔)。
authentication {
auth_type PASS ## 设置验证方式,这里采用的是明文密码认证,两个节点必须保持一致
auth_pass 1111
}
virtual_ipaddress {
10.0.1.100 ## 虚拟IP,可以设置多个
# 192.168.200.16
# 192.168.200.17
# 192.168.200.18
}
track_script {
chk_httpd # httpd存活状态检测脚本
}
}
4.分别启动Keepalived
如果配置文件有错误的话,启动程序的时候不会提示的,所以启动程序的时候一定要注意观察日志是否正常。
keepalived -D
5.查看运行状态和日志
通过ip a可以看到1.100只绑定在MASTER节点
inet 10.0.1.100/32 scope global eth1
ps命令查看进程,yum方式安装的有3个进程,源码安装的有2个进程
ps -ef | grep keepalived
日志默认保存在/var/log/messages文件
tail -f -n 5 /var/log/messages
通过抓包软件检测
tcpdump -i eth1 -n 'host 10.0.1.101'
5.关闭主节点,看vip是否能自动切换到BACKUP节点。
通过ping 10.0.1.100可以看到中间只断一个包,然后就马上恢复了。至此HA高可用配置成功。
6.默认为抢占模式,也就是如果这个时候将节点1再启动的话,vip会自动再切换回节点1
第四步:配置httpd检测脚本,实现对httpd状态的监控(by all)
1.编辑检测脚本,此脚本实现监控httpd状态,如果发现没有进程会自动启动,如果启动失败将自动结束掉Keepalived
vim /etc/keepalived/check_httpd.sh
#!/bin/bash
counter=$(ps -C httpd --no-heading|wc -l)
if [ "${counter}" = "0" ]
then
/usr/local/apache2/bin/apachectl -k start
sleep 2
counter=$(ps -C httpd --no-heading|wc -l)
if [ "${counter}" = "0" ]
then
kill -9 `ps -ef | grep keepalived | grep D`
fi
fi
chmod +x /etc/keepalived/check_httpd.sh
2.修改Keepalived配置文件,增加检测脚本部分
vim /etc/keepalived/keepalived.conf
在全局配置和vrrp_instance VI_1中间增加以下内容:
vrrp_script chk_httpd {
script "/etc/keepalived/check_httpd.sh" # 这里要写绝对路径
interval 2 # 每2秒检测一次httpd的运行状态
在vrrp_instance VI_1增加以下内容:
track_script {
chk_httpd # httpd存活状态检测脚本
}
3.重启Keepalived服(只需要开启keepalived即可,因为有自动检测脚本,开启的同时会自动启动httpd)
keepalived
附录:
Keepalived官网:http://www.keepalived.org/
Apache官网:http://httpd.apache.org/download.cgi
PCRE官网:http://www.pcre.org/
OpenSSL官网:https://www.openssl.org/
zile官网:http://www.zlib.net/
keepalived-2.0.11.tar.gz下载地址:https://pan.baidu.com/s/14kCDGvhMnJ8LI0LHq-Vn4w
pcre-8.42.tar.gz下载地址:https://pan.baidu.com/s/1R_Iun0r4gKwotGQ3ctVm7Q
apr-util-1.6.1.tar.gz下载地址:https://pan.baidu.com/s/1pvzRC6dQT4GDtn44mONxlQ
apr-1.6.5.tar.gz下载地址:https://pan.baidu.com/s/1KHosgnzTL-N1oUnl6xi6kw
httpd-2.4.37.tar.gz下载地址:https://pan.baidu.com/s/12-1kWwhm5obpu5WXYY2qHw
openssl-1.1.1a.tar.gz下载地址:https://pan.baidu.com/s/1w6twBzCog54jY-6z80Ea-A
网友评论