Linux安装配置nginx+keepalived
程序员文章站
2022-05-07 08:21:01
...
1.安装nginx
nginx-user:
user.present:
- name: nginx
- shell: /sbin/nologin
- createhome: False
extract_nginx:
archive.extracted:
- name: /tmp
- source: salt://files/nginx/nginx-1.16.1.tar.gz
- user: yundiao
- group: yundiao
- overwrite: False
extract-pcre:
archive.extracted:
- name: /data/tool
- source: salt://files/nginx/pcre-8.40.tar.bz2
- user: yundiao
- group: yundiao
- overwrite: False
nginx-depend-pkg:
pkg.installed:
- names:
- gcc
- gcc-c++
- openssl
- openssl-devel
- pcre-devel
nginx-compile:
cmd.run:
- cwd: /tmp/nginx-1.16.1
- name: ./configure --prefix=/data/middleware/nginx-1.16.1 --user=nginx --group=nginx --with-http_ssl_module --with-stream --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-file-aio --with-http_secure_link_module --with-threads --with-pcre=/data/tool/pcre-8.40 &> /dev/null && make -j 4 &> /dev/null && make install &> /dev/null
- require:
- user: nginx-user
- pkg: nginx-depend-pkg
- archive: extract_nginx
- archive: extract-pcre
nginx-conf:
file.managed:
- name: /data/middleware/nginx-1.16.1/conf/nginx.conf
- source: salt://files/nginx/nginx.conf
- user: yundiao
- group: yundiao
- mode: 644
- require:
- cmd: nginx-compile
2.安装keepalived
yum install keepalived -y
#master
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
#这里是主机名称
router_id nmhs-pp-mw105107
}
vrrp_script chk_nginx {
#执行脚本位置
script "/etc/keepalived/chk_nginx.sh"
#检测时间间隔。除非使用了NTP,否则服务器间时间可能不同步,为避免这个问题,增大检测时间间隔
interval 10
#如果条件成立则权重减20(-20)
weight 20
}
vrrp_instance VI_1 {
#主
state MASTER
#当前服务器的网卡
interface eth2.1024
#本机IP
mcast_src_ip 192.168.105.107
#虚拟路由编号,主从要一致,每套都是独立的id
virtual_router_id 77
#优先级,数值越大,获取处理请求的优先级越高
priority 100
#检查间隔,默认为1s(vrrp组播周期秒数)
advert_int 1
#授权访问
authentication {
#设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth_type PASS
auth_pass yundiao
}
#执行脚本
track_script {
chk_nginx
}
# 定义虚拟ip(VIP),可多设,每行一个
virtual_ipaddress {
10.0.24.26
}
}
#slave
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
#这里是主机名称
router_id nmhs-pp-mw105108
}
vrrp_script chk_nginx {
#执行脚本位置
script "/etc/keepalived/chk_nginx.sh"
#检测时间间隔。除非使用了NTP,否则服务器间时间可能不同步,为避免这个问题,增大检测时间间隔
interval 10
#如果条件成立则权重减20(-20)
weight 20
}
vrrp_instance VI_1 {
#备
state BACKUP
#当前服务器的网卡
interface eth2.1024
#本机IP
mcast_src_ip 192.168.105.108
#虚拟路由编号,主从要一致,每套都是独立的id
virtual_router_id 77
#优先级,数值越大,获取处理请求的优先级越高
priority 90
#检查间隔,默认为1s(vrrp组播周期秒数)
advert_int 1
#授权访问
authentication {
#设置验证类型和密码,MASTER和BACKUP必须使用相同的密码才能正常通信
auth_type PASS
auth_pass yundiao
}
#执行脚本
track_script {
chk_nginx
}
# 定义虚拟ip(VIP),可多设,每行一个
virtual_ipaddress {
10.0.24.26
}
}
#nginx脚本
cat /etc/keepalived/chk_nginx.sh
#!/bin/bash
A=`ps -C nginx --no-header | grep -v grep | wc -l`
if [ $A -eq 0 ];then
#尝试重新启动nginx
/data/middleware/nginx/sbin/nginx
#睡眠2秒
sleep 2
if [ `ps -C nginx --no-header | grep -v grep | wc -l` -eq 0 ];then
#启动失败,将keepalived服务杀死。将vip漂移到其它备份节点
killall keepalived
fi
fi
下一篇: Nginx安全加固参考