标签:10 keepalived nginx usr conf 2.2 local
1、前言
# 这里因为演示,用master2、master3主机做为高可用布署
2、keepalived
2.1、安装
yum install gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
tar xvf keepalived-2.2.2.tar.gz && cd keepalived-2.2.2 && ./configure --prefix=/usr/local/keepalived-2.2.2 && make && make install
cp /root/keepalived-2.2.2/keepalived/etc/init.d/keepalived /etc/init.d/
chmod 755 /etc/init.d/keepalived
2.2、安装后配置
# 1、修改脚本
[root@ ~]# vi /etc/init.d/keepalived
...
# Set KEEPALIVED_OPTIONS
. /usr/local/keepalived-2.2.2/etc/sysconfig/keepalived
# 配置环境变量
export KEEPALIVED_HOME=/usr/local/keepalived-2.2.2
export PATH=${PATH}:${KEEPALIVED_HOME}/sbin
...
# 2、设置keepalived配置文件的位置
[root@ ~]# vi /usr/local/keepalived-2.2.2/etc/sysconfig/keepalived
...
KEEPALIVED_OPTIONS="-D -f /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf"
2.3、开机自启动
cat > /lib/systemd/system/keepalived.service <<'EOF'
[Unit]
Description=keepalived server daemon
Documentation=/usr/local/keepalived-2.2.2/
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/keepalived start
ExecReload=/etc/init.d/keepalived reload
ExecStop=/etc/init.d/keepalived stop
Restart=/etc/init.d/keepalived restart
PrivateTmp=True
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable keepalived.service
2.4、Nginx健康检测试脚本
mkdir /usr/local/keepalived-2.2.2/script
cat >/usr/local/keepalived-2.2.2/script/check_nginx.sh <<'EOF'
#!/bin/bash
nginx_home=/usr/local/nginx-1.20.0/sbin/nginx
if [ $(ps -ef | grep -w $nginx_home | grep -v 'grep ' | wc -l) -eq 0 ];then
#/etc/init.d/keepalived stop #Centos 6.X使用的方法
/usr/bin/systemctl stop keepalived # Centos7.x使用的方法
echo "No Runing"
fi
EOF
chmod 755 /usr/local/keepalived-2.2.2/script/check_nginx.sh
3、Nginx
3.1、安装
wget http://nginx.org/download/nginx-1.20.1.tar.gz
yum install pcre pcre-devel openssl openssl-devel -y
useradd -s /sbin/nologin -M nginx
tar xvf nginx-1.20.1.tar.gz && cd nginx-1.20.1 && ./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx-1.20.0 \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-stream && make && make install
3.2、开机自启动
cat > /lib/systemd/system/nginx.service << 'EOF'
[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx-1.20.0/logs/nginx.pid
ExecStartPre=/usr/local/nginx-1.20.0/sbin/nginx -t -c /usr/local/nginx-1.20.0/conf/nginx.conf
ExecStart=/usr/local/nginx-1.20.0/sbin/nginx -c /usr/local/nginx-1.20.0/conf/nginx.conf
ExecReload=/usr/local/nginx-1.20.0/sbin/nginx -s reload
ExecStop=/usr/local/nginx-1.20.0/sbin/nginx -s stop
ExecQuit=/usr/local/nginx-1.20.0/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable nginx
3.3、nginx配置文件优化
mkdir /usr/local/nginx-1.20.0/conf/conf.d
vi /usr/local/nginx-1.20.0/conf/nginx.conf
...
}
include /usr/local/nginx-1.20.0/conf/conf.d/*.conf;
# 最末尾行
4、主Keepalived的配置
4.1、配置准备文件
ln -s /usr/local/keepalived-2.2.2 /usr/local/keepalived
cp /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf.default
4.2、keepalived配置
! Configuration File for keepalived
! extra script call demonstration
! scripts are supported in Instance and groups
! declarations.
! router_id 是不一样的
global_defs {
router_id K_2
script_user root
}
! 定义监控脚本位置
vrrp_script chk_nginx {
script "/usr/local/keepalived-2.2.2/script/check_nginx.sh"
interval 1
weight 2
fall 3
rise 1
}
! 注意 virtual_router_id必须一致,priority数值越高,越优先
vrrp_instance VI_1 {
state BACKUP
interface ens33
smtp_alert
! 非抢占
nopreempt
virtual_router_id 1
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass iVZWO
}
! 配置虚拟IP地址
virtual_ipaddress {
192.168.10.200 dev ens33 label ens33:1
}
! 这里是上面检测脚本的名称
track_script{
chk_nginx
}
}
主keepalived.conf
5、备Keepalived的配置
5.1、配置准备文件
ln -s /usr/local/keepalived-2.2.2 /usr/local/keepalived
cp /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf /usr/local/keepalived-2.2.2/etc/keepalived/keepalived.conf.default
5.2、keepalived配置
! Configuration File for keepalived
! extra script call demonstration
! scripts are supported in Instance and groups
! declarations.
! router_id 是不一样的
global_defs {
router_id K_1
script_user root
}
! 定义监控脚本位置
vrrp_script chk_nginx {
script "/usr/local/keepalived/script/check_nginx.sh"
interval 1
weight 2
fall 3
rise 1
}
! 注意 virtual_router_id必须一致,priority数值越高,越优先
vrrp_instance VI_1 {
state BACKUP
interface ens33
! 非抢占,有nopreempt配置不能state是MASTER,必须都是BACKUP
nopreempt
smtp_alert
virtual_router_id 1
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass iVZWO
}
! 配置虚拟IP地址
virtual_ipaddress {
192.168.10.200 dev ens33 label ens33:1
}
! 这里是上面检测脚本的名称
track_script{
chk_nginx
}
}
备keepalived.conf
6、验证VIP自动漂移
6.1、启动nginx
systemctl start nginx
6.2、启动keepalived
# 两台机器都启动服务
systemctl restart keepalived
6.3、检查方法
# 关闭nginx
systemctl stop nginx
# 查询vip是否切换
7、配置Nginx反向代理
7.1、配置背景
请求至VIP地址转发给master1、master2、master3进行处理
7.2、配置Nginx
7.2.1、http
# http反向代理的配置
cat >/usr/local/nginx-1.20.0/conf/conf.d/apiserver.conf<<'EOF'
upstream k8s-apiserver {
server 192.168.10.26:6443 weight=2;
server 192.168.10.27:6443 weight=1;
server 192.168.10.28:6443 weight=1;
}
server {
listen 6443;
location / {
proxy_pass http://k8s-apiserver;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数
proxy_connect_timeout 300; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 300; #后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 300; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
}
EOF
7.2.2、https【优先使用这个】
# https反向代理的配置【一般都是https优先使用这个】
cat >/usr/local/nginx-1.20.0/conf/conf.d/apiserver.conf<<'EOF'
stream {
upstream kube-apiserver {
server 192.168.10.26:6443 max_fails=3 fail_timeout=30s;
server 192.168.10.27:6443 max_fails=3 fail_timeout=30s;
server 192.168.10.28:6443 max_fails=3 fail_timeout=30s;
}
server {
listen 7443;
proxy_connect_timeout 2s;
proxy_timeout 900s;
proxy_pass kube-apiserver;
}
}
EOF
标签:10,
keepalived,
nginx,
usr,
conf,
2.2,
local
From: https://www.cnblogs.com/ygbh/p/17221687.html