三十功名尘与土、八千里路云和月
分类: 系统运维
2015-09-02 13:41:21
_________________________________
ESB实施项目
Ngix+keepalived安装配置手册
_________________________________
文档信息表
|
文档基本信息 |
|||||||
|
项目名称 |
|
||||||
|
当前项目阶段 |
|
||||||
|
文档名称 |
|
||||||
|
文档版本 |
|
是否为正式交付件 |
|
||||
|
文档创建日期 |
|
当前修订日期 |
|
||||
|
文档存放路径 |
|
文档审批要求 |
|
||||
|
文档审批信息 |
|||||||
|
审阅人 |
职务 |
审阅时间 |
审阅意见 |
||||
|
|
|
|
|
||||
|
|
|
|
|
||||
|
|
|
|
|
||||
|
文档修订信息 |
|||||||
|
版本 |
修正章节 |
日期 |
作者 |
变更记录 |
|||
|
|
|
|
|
|
|||
|
|
|
|
|
|
|||
|
|
|
|
|
|
|||
目录
此文档记录QA keepalived和nginx安装部署步骤
QA测试环境
|
主机名 |
IP地址 |
配置 |
作用 |
备注 |
|
esbapp1 |
10.26.218.222 |
OEL 6.2 4C 16 GB RAM 80GB HDD |
HTTP负载均衡 |
|
|
esbapp2 |
10.26.218.49 |
OEL 6.2 4C 16 GB RAM 80GB HDD |
HTTP负载均衡 |
|
|
VIP |
10.26.218.216 |
|
统一IP |
|
以root用户登录,上传keepalived和nginx软件
#进入到/home目录
cd /home
#给目录授权755
chmod –R 755 httpls
#计入到nginx和keepalived的目录下
cd httpls
在物理网卡里面虚拟出来一个IP
如果主物理网卡的名称是:ifcfg-Auto_eth0
添加虚拟网卡别名称是:ifcfg-Auto_eth0:1
cd /etc/sysconfig/network-scripts/
#拷贝一个命名为ifcfg_Auto_eth0:1并进行编辑,特别注意物理网卡和名称
cp ifcfg-Auto_eth0 ifcfg-Auto_eth0:1
HWADDR=00:50:56:A4:F9:B2 //本机物理网卡地址
TYPE=Ethernet
BOOTPROTO=none
IPADDR=10.26.218.216 //虚拟IP
PREFIX=24
GATEWAY=10.26.218.254 //本地网关
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="Auto eth0:1" //改为0:1
UUID=77908463-5fcf-474f-be9e-6a5071af228e
ONBOOT=yes
LAST_CONNECT=1437989782
DEVICE=Auto_eth0:1 //改为0:1
USERCTL=no
~
重启机器
#重启命令,注意一般生产机器不要随意重启,并需要和相关负责人进行
reboot
Yum源的配置
此处目前为Redhat 6.4_64版本
/etc/yum.repos.d/rh64.repo(创建并编辑此文件,加入如下内容):
[DPCA-redhat64]
name=Red Hat Enterprise Linux 6.4
baseurl=
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
安装系统组件(LINUX的系统盘挂载完毕后)
yum -y install gcc gcc-c++ popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel pcre pcre-devel zlib zlib-devel
libssl-dev为非必要安装包
下载nginx组件并上传组件到/home/httpls目录
可以看到上传的文件nginx-1.8.0.tar.gz
给目录授权
chmod -R 755 httpls
tar –zxvf nginx-1.8.0.tar.gz
安装nginx
cd nginx-1.8.0
#安装那些组件
./configure --with-http_stub_status_module
最后显示如下:
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ md5: using system crypto library
+ sha1: using system crypto library
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
编译和安装nginx
make && make install
安装keepavlived
#解压文件
tar -zxvf keepalived-1.2.18.tar.gz
#进入目录
cd keepalived-1.2.18
#默认配置安装
./configure
显示如下:
Keepalived configuration
------------------------
Keepalived version : 1.2.18
Compiler : gcc
Compiler flags : -g -O2 -DFALLBACK_LIBNL1
Extra Lib : -lssl -lcrypto -lcrypt -lnl
Use IPVS Framework : Yes
IPVS sync daemon support : Yes
IPVS use libnl : Yes
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
SNMP support : No
SHA1 support : No
Use Debug flags : No
#编译源代码
make
显示如下:
Make complete
make[1]: Leaving directory `/home/httpls/keepalived-1.2.18/genhash'
Make complete
#安装
make install
完成后提示:
make[1]: Leaving directory `/home/httpls/keepalived-1.2.18/genhash'
mkdir -p /usr/share/snmp/mibs/
cp -f doc/VRRP-MIB /usr/share/snmp/mibs/
cp -f doc/KEEPALIVED-MIB /usr/share/snmp/mibs/
修改nginx的配置文件
#进入到nginx的配置目录下
cd /usr/local/nginx/conf
#编辑nginx.conf
vi nginx.conf
#user nobody;
#cpu使用的几核
worker_processes 1;
#日志记录
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#反向代理模块,主要功能做负载分发功能
upstream webserver {
server 10.26.218.222:8089;
server 10.26.218.49:8089;
#//地址为实际LB两台机器地址,端口与后面listen一致
#weight负载分发权重
server 10.26.218.222:8089 weight=2;
server 10.26.218.49:8089 weight=1;
#数字大的表示主服务器,不能为0
}
#IP按照IP哈希策略进行分发,最大检测2次,每次30s,如果失败,发送到另外一个连接
upstream server_pool_m1 {
ip_hash;
server 10.26.218.222:8089 max_fails=2 fail_timeout=30s;
server 10.26.218.49:8089 max_fails=2 fail_timeout=30s;
}
#启动的服务器端口,有这个模块进行转发,反向代理到upstream 模块
server {
listen 8088;
server_name localhost;
location / {
proxy_pass
}
}
server {
listen 8089;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
修改keepalived.conf文件
Vi /usr/local/etc/keepalived/keepalived.conf
#配置文件:
! Configuration File for keepalived
bal_defs {
notification_email {
#acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
#router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script "</dev/tcp/127.0.0.1/8089" #配置成为nginx配置文件里面的监听端口
interval 1
weight -4
}
vrrp_instance VI_1 {
state MASTER
interface Auto_eth0
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.26.218.216 #填写虚拟IP
}
track_script {
chk_http_port
}
}
#拷贝配置文件到/etc/keepalived目录下,或者直接在/etc/keepalived/目录下创建文件keepalived.conf文件内容为上节(修改keepalived.conf)所述内容
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
keepalived做成服务方便启动和停止
#拷贝安装的keepalived到系统运行目录下
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
#拷贝配置文件到系统 /etc/sysconfig 目录下
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
#创建/etc/keepalived目录
mkdir /etc/keepalived
#拷贝配置文件到系统执行文件/usr/sbin目录下
cp /usr/local/sbin/keepalived /usr/sbin/
#keepalived服务的启动:
service keepalived start
#keepalived服务的停用
service keepalived stop
开机启动:
#设置nginx开机启动
echo "/usr/local/nginx/sbin/nginx" >> /etc/rc.local
#设置keepalived开机启动
echo "/etc/init.d/keepalived start" >> /etc/rc.local
启动nginx和关闭nginx
#进入nginx到可执行脚本目录
cd /usr/local/nginx/sbin
#启动nginx
./nginx
#关闭nginx
./nginx –s stop
验证方法:
#修改页面文件
cd /usr/local/nginx/html
vi index.html
#结尾处添加本机IP地址,用于测试访问时区别不同的服务提供机。
安装第二台机器
同上
负载均衡测试
负载测试第二次
网站链接参考:
调优参考:
http://blog.csdn.net/xifeijian/article/details/20956605
http://blog.chinaunix.net/uid-20662363-id-3049713.html
http://blog.csdn.net/babydavic/article/details/8554807
书籍参考:
《实战Nginx:取代Apache的高性能Web服务器》张宴著
《深入理解Nginx》 陶辉著
