Shulou(Shulou.com)06/03 Report--

Download from the official website:

Keepalived-2.0.12.tar

Nginx-1.14.2.tar

Host Avatar 192.168.0.110Accord 24

Host BRV 192.168.0.120max 24

VRRP:192.168.0.200/24

Upload files to / usr/local/ using winscp

Cd / usr/local/

Install keepalived:

(2) # cd / usr/local/

(3) # tar-zxvf keepalived-2.0.12.tar.gz

(4) # cd keepalived-2.0.12

(5) #. / configure-prefix=/usr/local/keepalived

(6) # make & & make install

[root@localhost local] # tar-zxvf keepalived-2.0.12.tar.gz

Installation path: / usr/local/keepalived

[root@localhost keepalived-2.0.12] # / configure-- prefix=/usr/local/keepalived [root@localhost keepalived-2.0.12] # make & & make install

If you need to install a dependency package for a new system installation, you can mount the CD with a local yum installation.

[root@localhost keepalived-2.0.12] # mkdir / mnt/cdrom [root@localhost keepalived-2.0.12] # mount / dev/cdrom / mnt/cdrom/mount: / dev/sr0 is write-protected, mounting read-only cd / etc/yum.repos.d/ cp CentOS-Base.repo CentOS-Base.repo.bak vi CentOS-Base.repo

Save

[root@localhost yum.repos.d] # yum repolist

Error 1:

Solve the dependency package problem at once

[root@localhost yum.repos.d] # yum-y install openssl-devel gcc libnl-devel [root@localhost keepalived-2.0.12] # yum-y install gcc solution

Error 2:

[root@localhost keepalived-2.0.12] # yum-y install openssl-devel solution

Error 3:

[root@localhost keepalived-2.0.12] # yum-y install libnl-devel solution

Execute again

. / configure-- prefix=/usr/local/keepalived & & make & & make install is installed as

There are no errors.

Add keepalived to the system service

# copy execution file cp / usr/local/keepalived/sbin/keepalived / usr/sbin/# copy initialization script to system initialization directory cp / usr/local/keepalived-2.0.10/keepalived/etc/init.d/keepalived / etc/init.d/# copy keepalived configuration file to cp / usr/local/keepalived-2.0.10/keepalived/etc/sysconfig/keepalived / etc/sysconfig/# under etc to create keepalived folder Mkdir / etc/keepalived/# copy keepalived configuration file to etc cp / usr/local/keepalived-2.0.10/keepalived/etc/keepalived/keepalived.conf / etc/keepalived/# add executable permissions chmod + x / etc/init.d/keepalived# add keepalived to boot chkconfig-- add keepalivedchkconfig keepalived on

At this point, the system service can be started using services.

# start service keepalived start#, stop service keepalived stop#, restart service keepalived restart# to check the startup status ps-aux | grep keepalived

Modify the configuration file just added to the system: vi / etc/keepalived/keepalived.conf

Locate the virtual routing node vrrp_instance (Virtual Router Redundancy Protocol)

Global_defs {notification_email {acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc} notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL01 / / router_id cannot think the same as vrrp_skip_check_adv_addr vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0} vrrp_instance VI_1 { State MASTER / / MASTER master node The setting of the network card set to state BACKUP interface ens32 / / bound virtual machine IP on the standby node is the same as that of the corresponding network card address virtual_router_id 51 / / VRRP group name according to ipaddr. The primary and secondary node settings must be the same, indicating that each node belongs to the same VRRP group, and the nodes of the same group compete with each other for IP priority 100 / / priority (between 1x254) The backup node must have a lower priority than the primary node in advert_int 1 / / Multicast message sending interval, the two node settings must be the same authentication {/ / set authentication information, the two node settings must be the same, and the encryption auth_type PASS auth_pass 1111} virtual_ipaddress {/ / Virtual IP settings for information forwarding between nodes must be the same. Two nodes grab an io 192.168.0.200 io 24 / / if the ip of two nginx is 192.168.0.110, respectively, then the virtual ip here can represent the subnet mask of three 255s on the same network segment as the two.

If you want to ping 192.168.0.200, you also need to comment out # vrrp_strict in the configuration file.

-*-

Both master and backup have grabbed the virtual ip.

After mounting the CD, you can install tcpdump directly.

Yum-y install tcpdump

Using tcpdump to capture the packet location problem, the following is the packet capture result of the master node in 192.168.0.110

Tcpdump-I ens32 vrrp-n

As can be seen from the figure above, two IP, 192.168.93.140 and 192.168.93.141, are sending multicast signals in turn. Normally, the MASTER server should send multicast. If the BACKUP cannot receive the multicast signal of the MASTER, then it is determined that the MASTER is down, and BACKUP will take over the VIP.

The problem is here in the firewall, which prevents vrrp packets from being sent.

If it is a Firewalld firewall, both the master and standby run the following command

[root@localhost etc] # firewall-cmd-- direct-- permanent-- add-rule ipv4 filter INPUT 0-- in-interface ens32-- destination 224.0.0.18-- protocol vrrp-j ACCEPTsuccess or [root@localhost etc] # firewall-cmd-direct-- permanent-add-rule ipv4 filter INPUT 0-- in-interface ens32-- protocol vrrp-j ACCEPTsuccess [root@localhost etc] # firewall-cmd-- reloadsuccess [root@localhost etc] #

If it is added and the server is not restarted normally

It is normal after reboot.

Server A:

Server B:

At this point, Keepalived installation is complete.

Install Nginx

Environment required for installation

Nginx is a C language development, it is recommended to run on Linux, of course, you can also install the Windows version, this article uses CentOS 7 as the installation environment.

one。 Gcc installation

To install nginx, you need to compile the source code downloaded from the official website. The compilation depends on the gcc environment. If there is no gcc environment, you need to install:

Yum install gcc-c++

two。 PCRE pcre-devel installation

PCRE (Perl Compatible Regular Expressions) is a Perl library, including a perl-compatible library of regular expressions. Nginx's http module uses pcre to parse regular expressions, so you need to install the pcre library on linux. Pcre-devel is a secondary development library developed using pcre. This library is also required for nginx. Command:

Yum install-y pcre pcre-devel

three。 Zlib installation

The zlib library provides many ways to compress and decompress. Nginx uses zlib to gzip the contents of the http package, so you need to install the zlib library on Centos.

Yum install-y zlib zlib-devel

four。 OpenSSL installation

OpenSSL is a powerful secure socket layer cipher library that includes major cryptographic algorithms, commonly used key and certificate encapsulation management functions, and SSL protocols, and provides rich applications for testing or other purposes.

Nginx supports not only the http protocol, but also https (that is, http over the ssl protocol), so you need to install the OpenSSL library on Centos.

Yum install-y openssl openssl-devel

However, when installing keepalived, you have installed these dependent packages, so you can install them directly.

[root@localhost ~] # cd / usr/local/ [root@localhost local] # tar-zxvf nginx-1.14.2.tar.gz [root@localhost local] # cd nginx-1.14.2 [root@localhost nginx-1.14.2] #. / configure-- prefix=/usr/local/nginx

There will be no problem with this.

[root@localhost nginx-1.14.2] # make & & nake install

If no Nginx folder is generated, execute 1. Make 2. Make install separately

Nginx command

5. Start $/ usr/local/nginx/sbin/nginx to check whether the startup is successful: open a browser to access the machine's IP, if the browser appears Welcome to nginx! Indicates that Nginx is installed and running successfully. Some commands are as follows: restart: $/ usr/local/nginx/sbin/nginx-s reload stop: $/ usr/local/nginx/sbin/nginx-s stop Test configuration file is normal: $/ usr/local/nginx/sbin/nginx-tnginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful forcibly close: $pkill nginx

After compiling, installing and resolving the problem, Nginx is running normally, but Nginx is not added to the system service at this time. Next, Nginx is added to the system service and boot is set up.

Add nginx.service to the / usr/lib/systemd/system directory as follows

[Unit] Description=nginx-high performance web serverDocumentation= http://nginx.org/en/docs/After=network.target remote-fs.target nss- lookup.target [service] Type=forkingPIDFile=/usr/local/nginx/logs/nginx.pidExecStartPre=/usr/local/nginx/sbin/nginx-t-c / usr/local/nginx/conf/nginx.confExecStart=/usr/local/nginx/sbin/nginx-c / usr/local/nginx/conf/nginx.confExecReload=/bin/kill-s HUP $MAINPIDExecStop=/bin/kill-s QUIT $MAINPIDPrivateTmp= true [install] WantedBy=multi-user.target

Let's take a look at it after it has been added.

Enter systemctl start nginx to start

Then enter systemctl enable nginx to set boot up

Nginx installed successfully.

Let's test the active and standby nginx.

[root@localhost ~] # cd / usr/local/nginx/html/

Modify the host index.html

Add MASTTER:192.168.0.110

Modify standby index.html

Add BACKUP:192.168.0.120

Remember to restart nginx after modification

[root@localhost html] # systemctl restart nginx

If you can't access WEB, add it on the fire wall.

[root@localhost html] # firewall-cmd-- zone=public-- permanent-- add-port=80/tcpsuccess [root@localhost html] # firewall-cmd-reloadsuccess

This is normal access:

The following is the page that closes the access to server A

Then open server A to visit the web page.

Then add a nginx script: create a new chk_nginx.sh

[root@localhost ~] # cd / etc/keepalived [root@localhost keepalived] # touch chk_nginx.sh

The contents are as follows

[root@localhost keepalived] # chmod + x chk_nginx.sh add execution permission

Modify keepalived.conf

[root@localhost keepalived] # systemctl restart keepalived

The ok test script is executed first

[root@localhost keepalived] # systemctl stop nginx

Then visit the web page and find that it has been transferred to the standby computer.

The experiment is complete.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.