本文是手动部署6节点应用,后期会更新自动化。

1.所有服务器的部署前准备工作

1) ``#``关闭防火墙或放通端口(以关闭做示例)
[root@localhost ~]``# systemctl stop firewalld
[root@localhost ~]``# systemctl disable firewalld.service
2) ``#``关闭selinux
[root@localhost ~]``# /usr/sbin/sestatus -v
[root@localhost ~]``#
[root@localhost ~]``# vi /etc/selinux/config
将SELINUX=enforcing改为SELINUX=disabled
[root@localhost ~]``# setenforce 0
3) ``#``安装依赖包 (内网环境需挂载iso配置yum源)
[root@localhost ~]``# yum install -y popt-devel curl gcc gcc-c++ libnl3-devel net-snmp-devel libnfnetlink-devel pcre pcre-devel zlib zlib-devel openssl openssl-devel
4``)``#``准备mysql-5.7安装包
#``准备nginx-1.17.0安装包
#``准备keepalive-2.0.10安装包
#``我准备好的可下载
链接: [https://pan.baidu.com/s/126hnAlnz1w9hdfGIfyDyhw](https://pan.baidu.com/s/126hnAlnz1w9hdfGIfyDyhw) 密码: odb1

2.部署mysql高可用环境(主主+keepalive)

2.1. 安装mysql(cmp-mysql-m1节点和cmp-mysql-m2节点都安装【ip:10.1.13.196和10.1.13.197】)

1``)卸载mariadb
# ``在执行安装之前,先检查是否已经安装过(CentOS7 以后默认安装的 mariadb)
[root@localhost ~]``# rpm -qa|egrep "mariadb|mysql"
mariadb-libs-5.5.60-1.el7_5.x86_64
# ``我这里存在 mariadb-libs 会造成冲突,所以卸载掉
[root@localhost ~]``# rpm -e --nodeps mariadb-libs-5.5.60-1.el7_5.x86_64

2``)上传mysql5.7包并解压缩
# ``用sftp工具将5.7包上传到服务器
[root@localhost ~]``# tar -zxvf mysql-5.7.32-linux-glibc2.12-x86_64.tar.gz -C /usr/local/

3``)安装mysql5.7
# ``注:我的安装目录/usr/local,数据目录/usr/local/mysql/data
# ``注:记住初始化后的随机密码
[root@localhost ~]``# cd /usr/local
[root@localhost ``local``]``# groupadd -r -g 306 mysql
[root@localhost ``local``]``# useradd -g 306 -r -u 306 mysql
[root@localhost ``local``]``# chown -R mysql.mysql mysql*
[root@localhost ``local``]``# mysql/bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data

[root@localhost mysql]``# vim /etc/my.cnf
# ``此配置按照实际需求编写
# ``在配置文件中加入,这里先启动,其他配置下边配置主主再加
[mysqld]
datadir=/usr/local/mysql/data
socket=/usr/local/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
[client]
port=3306
socket=/usr/local/mysql/mysql.sock

[root@localhost mysql]``# cd /usr/local/mysql
[root@localhost mysql]``# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@localhost mysql]``# chmod +x /etc/rc.d/init.d/mysqld

4``)启动mysql
[root@localhost mysql]``# chkconfig --add mysqld
[root@localhost mysql]``# chkconfig mysqld on
[root@localhost mysql]``# systemctl start mysql
[root@localhost mysql]``# systemctl status mysql
###``注意:如果报各种启动错误###
#``原因就是pid和data目录错了,其次就是没有赋予mysql权限

# ``设置环境变量
[root@localhost mysql]``# vi /etc/profile.d/mysql.sh
export PATH=$PATH:/usr/local/mysql/bin
[root@localhost profile.d]``# source /etc/profile

5``)登录并修改密码
[root@localhost profile.d]``# mysql -uroot -p
mysql > ALTER USER ``'root'``@``'localhost' IDENTIFIED BY ``'Calong@2015'``;
mysql > update user ``set host = ``'%' where user =root;
mysql > flush privileges;

2.2. 设置两台服务器互为主备

1) ``修改``cmp``-mysql-m1 10.1.13.196``的配置文件
[root@localhost ~]``# vi /etc/my.cnf

[mysqld]
datadir=/usr/local/mysql/data
socket=/usr/local/mysql/mysql.sock
symbolic-links=0
log-error=/var/log/mysqld.log
# ``开启mysql binlog功能
log-bin=mysql-bin
# binlog``记录内容的方式
binlog_format=mixed
# ``服务的唯一编号(另一个写2)
server-``id``=1
# ``自增长字段从哪个数开始(另一个写2)
auto_increment_offset=1
# ``自增长字段每次递增的量
auto_increment_increment=2
default-storage-engine=INNODB
character_set_server=utf8
lower_case_table_names=1
table_open_cache=128
max_connections=2000
max_connect_errors=6000
innodb_file_per_table=1
innodb_buffer_pool_size=1G
max_allowed_packet=64M
transaction_isolation=READ-COMMITTED
innodb_flush_method=O_DIRECT
innodb_lock_wait_timeout=1800
innodb_flush_log_at_trx_commit=0
sync_binlog=0
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
skip-name-resolve
[client]
# ``字符集编码
port=3306
socket=/usr/local/mysql/mysql.sock
default-character-``set``=utf8
[mysql.server]

2) ``修改``cmp``-mysql-m2 10.1.13.197``的配置文件
m2``与m1保持一致,除了server-``id``和auto_increment_offset属性。

3) ``重启两个节点的mysql
[root@worker opt]``# systemctl restart mysqld

4``)互相授权配置
### m1``做主,m2做从的情况:
### ``在m1上操作:
# ``自动创建用户
mysql> grant replication slave,replication client on *.* to ``'sync'``@``'%' identified by ``'fit2cloud'``;
Query OK, 0 rows affected, 1 warning (0.00 sec)
# ``查看node1的master状态
mysql> show master status;
+------------------+----------+--------------+------------------+-------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+------------------+----------+--------------+------------------+-------------------+
| mysql-bin.000001 | 467 | | | |
+------------------+----------+--------------+------------------+-------------------+
1 row ``**in** set (0.00 sec)

在m2上操作:
mysql> change master to master_host=``'10.1.13.196'``,master_user=``'sync'``,master_password=``'fit2cloud'``,master_log_file=``'mysql-bin.000001'``,master_log_pos=467;
Query OK, 0 rows affected, 2 warnings (0.01 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status\\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting **for** master to send event
Master_Host: 10.1.13.196
Master_User: sync
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 467
Relay_Log_File: master-relay-bin.000002
Relay_Log_Pos: 320
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
查看Slave_IO_Running和Slave_SQL_Running状态为Yes说明设置成功。

### m2``做主,node1做从的情况:
### ``先在m2上操作:

mysql> grant replication slave,replication client on *.* to ``'sync'``@``'%' identified by ``'fit2cloud'``;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> show master status;
+------------------+----------+--------------+------------------+-------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+------------------+----------+--------------+------------------+-------------------+
| mysql-bin.000001 | 467 | | | |
+------------------+----------+--------------+------------------+-------------------+
1 row ``**in** set (0.00 sec)

在m1上操作:
mysql> change master to master_host=``'10.1.13.197'``,master_user=``'sync'``,master_password=``'fit2cloud'``,master_log_file=``'mysql-bin.000001'``,master_log_pos=467;
Query OK, 0 rows affected, 2 warnings (0.00 sec)

mysql> start slave;
Query OK, 0 rows affected (0.01 sec)

mysql> show slave status\\G;
*************************** 1. row ***************************
Slave_IO_State: Waiting **for** master to send event
Master_Host: 10.1.13.197
Master_User: sync
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 467
Relay_Log_File: worker-relay-bin.000002
Relay_Log_Pos: 320
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

## ``测试
## ``在m1上创建sync01数据库

mysql> create database sync01;
Query OK, 1 row affected (0.01 sec)

在m2上查看数据库:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sync01 |
| sys |
+--------------------+
5 rows ``**in** set (0.00 sec)

###``! 注意,如果防火墙开启请设置! ###
# ``永久放行
[root@master services]``# firewall-cmd --add-service=mysql --permanent
success
# ``重新加载使生效,不用重启
[root@master services]``# firewall-cmd --reload
success
# ``查看已放行的服务
[root@master services]``# firewall-cmd --list-service
ssh dhcpv6-client mysql

2.3 部署配置keepalive(cmp-mysql-m1节点和cmp-mysql-m2节点都安装【ip:10.1.13.196和10.1.13.197】)

mysql-vip``为: 10.1.13.200
1``)安装keepalive
# ``解压
[root@``local opt]``# tar -zxvf keepalived-2.0.10.tar.gz
# ``进入安装目录,编译,安装。
[root@``local opt]``# cd keepalived-2.0.10
[root@master keepalived-2.0.10]``# ./configure --prefix=/opt/keepalived
# ``编译
[root@master keepalived-2.0.10]``# make && make install
# ``安装后目录如下
[root@master keepalived-2.0.10]``# cd /opt/keepalived
[root@master keepalived]``# ll
total 0
drwxr-xr-x. 2 root root 21 Jul 17 14:48 bin
drwxr-xr-x. 4 root root 41 Jul 17 14:48 etc
drwxr-xr-x. 2 root root 24 Jul 17 14:48 sbin
drwxr-xr-x. 5 root root 40 Jul 17 14:48 share

2) Keepalive``配置
# ``可执行文件直接执行
[root@master keepalived]``# cp /opt/keepalived/sbin/keepalived /usr/sbin/
# ``加入开机启动
[root@master keepalived]``# cp /opt/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/init.d/
# ``加入配置 网卡
[root@master keepalived]``# cp /opt/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# ``创建keepalive配置文件夹并拷贝配置文件
[root@master keepalived]``# mkdir -p /etc/keepalived
[root@master keepalived]``# cp /opt/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# ``开机启动文件增加可执行权限
[root@master keepalived]``# chmod +x /etc/init.d/keepalived

# ``编辑Keepalived关闭脚本
[root@master keepalived]``# vim /usr/local/mysql/killkeepalived.sh
**#!/bin/sh **
systemctl stop keepalived

# ``保存退出后给脚本增加执行权限
[root@master mysql]``# cd /usr/local/mysql
[root@master mysql]``# chmod +x killkeepalived.sh

#################################################################################################

3) ``编辑keepalived.conf文件
说明:
state BACKUP #VRRP ``实例state MASTER // MASTER 或BACKUP,为了防止脑裂现象,主备均需要设置为backup 模式,master 模式会抢占VIP
priority 100 #``主节点权重100,备节点权重小于100,例如90
interface ens192 #``节点固有IP(非VIP)的网卡,用来发VRRP 包
virtual_router_id 51 #``取值在0-255 之间,用来区分多个instance 的VRRP 组播priority 100 //优先级,同一个vrrp_instance 的MASTER优先级必须比BACKUP 高nopreempt //非抢占,配合backup,防止切换后,主库服务恢复正常后,IP 漂移过来advert_int 1// MASTER 与BACKUP 负载均衡器之间同步检查的时间间隔,单位为秒。
virtual_ipaddress #``虚拟ip 地址,可以有多个地址,每个地址占一行,不需要子网掩码
delay_loop 6 #``健康检查间隔,单位为秒
persistence_timeout 50 #``会话保持时间,就是把用户请求转发给同一个服务器
protocol TCP #``转发协议,有TCP 和UDP 两种,一般用TCP
real_server 192.168.132.121 3306 #``真实服务器,包括IP和端口号
TCP_CHECK #``通过tcpcheck 判断RealServer 的健康状态
connect_timeout 3 #``连接超时时间
nb_get_retry 3 #``重连次数
delay_before_retry 3 #``重连时间间隔
connect_port 3306 #``检测端口


# ``先编辑m1节点的
[root@master mysql]``# cd /etc/keepalived/
[root@master keepalived]``# vim keepalived.conf
内容如下:

! Configuration File ``**for** keepalived
global_defs {
router_id MySQL-HA
}
vrrp_instance VI_1 {
state BACKUP
interface ens192
virtual_router_id 51
priority 100
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.13.200
}
}

virtual_server 10.1.13.200 3306 {
delay_loop 6
# lb_algo wrr
# lb_kind DR
persistence_timeout 50
protocol TCP
nat_mask 255.255.255.0

real_server 10.1.13.196 3306 {
weight 3
notify_down /usr/local/mysql/killkeepalived.sh
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}


# ``再编辑m2节点的
[root@master mysql]``# cd /etc/keepalived/
[root@master keepalived]``# vim keepalived.conf
内容如下:

! Configuration File ``**for** keepalived
global_defs {
router_id MySQL-HA
}

vrrp_instance VI_1 {
state BACKUP
interface ens192
virtual_router_id 51
priority 80
advert_int 1
nopreempt
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.13.200
}
}

virtual_server 10.1.13.200 3306 {
delay_loop 6
# lb_algo wrr
# lb_kind DR
persistence_timeout 50
protocol TCP
nat_mask 255.255.255.0

real_server 10.1.13.197 3306 {
weight 3
notify_down /usr/local/mysql/killkeepalived.sh
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 3306
}
}
}

## ``注意:两份文件只有priority参数和real_server参考不一样,别的都一样。
## ``这里判断MySQL服务是否正常是通过TCP_CHECK,没有通过脚本判断。


4) Keepalived``启动
两节点启动keepalived服务并查看,启动指令如下:
[root@``local keepalived]``# systemctl start keepalived
[root@``local keepalived]``# systemctl status keepalived

● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2020-07-18 15:45:14 CST; 18min ago
Process: 10644 ExecStart=/opt/keepalived/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 10645 (keepalived)
CGroup: /system.slice/keepalived.service
├─10645 /opt/keepalived/sbin/keepalived -D
├─10646 /opt/keepalived/sbin/keepalived -D
└─10647 /opt/keepalived/sbin/keepalived -D

Jul 18 15:46:16 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:16 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:16 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:16 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: (VI_1) Sending/queueing gratuitous ARPs on eth0 ``**for** 10.1.13.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200
Jul 18 15:46:21 master.learn.bigdata Keepalived_vrrp[10647]: Sending gratuitous ARP on eth0 ``**for** 192.168.183.200

5) ``查看node1是否有虚拟IP
[root@master keepalived]``# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:88:a5:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.183.102/24 brd 192.168.183.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.183.200/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe88:a535/64 scope link
valid_lft forever preferred_lft forever

6``)设置Keepalived开机启动
[root@worker mysql]``# systemctl enable keepalived
Created ``symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

7``)验证节点漂移
两个节点同时打开查看日志/var/log/message
[root@master keepalived]``# tail -100f /var/log/messages
Jul 18 15:45:20 master Keepalived_healthcheckers[10646]: TCP connection to [10.1.13.196]:tcp:3306 success.
Jul 18 15:46:15 master Keepalived_vrrp[10647]: (VI_1) Backup received priority 0 advertisement
Jul 18 15:46:16 master Keepalived_vrrp[10647]: (VI_1) Receive advertisement timeout
Jul 18 15:46:16 master Keepalived_vrrp[10647]: (VI_1) Entering MASTER STATE
Jul 18 15:46:16 master Keepalived_vrrp[10647]: (VI_1) setting VIPs.
Jul 18 15:46:16 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:16 master Keepalived_vrrp[10647]: (VI_1) Sending/queueing gratuitous ARPs on ens192 ``**for** 10.1.13.200
Jul 18 15:46:16 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:16 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:16 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:16 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: (VI_1) Sending/queueing gratuitous ARPs on eth0 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 15:46:21 master Keepalived_vrrp[10647]: Sending gratuitous ARP on ens192 ``**for** 10.1.13.200
Jul 18 16:01:01 master systemd: Started Session 8 of user root.
Jul 18 16:01:01 master systemd: Starting Session 8 of user root.
Jul 18 16:06:45 master systemd: Reloading.

## ``在节点1上关闭mysql服务,再次查看两节点虚拟IP和日志信息。
## ``只有mysqld启动成功才能启动keepalived,mysqld服务宕机,keepalive也会停止并飘向另外一台

8``)脑裂现象
一主一备有可能出现两个结点都有VIP,注意一定要注意查找虚机是否默认关闭了防火墙
Keepalived``是一个轻量级的HA集群解决方案,但开启防火墙后各节点无法感知其它节点的状态,各自都绑定了虚拟IP。网上很多文章讲要配置防火墙放过tcp/112,在CentOS7下是无效的,正确的做法是配置放过vrrp协议,方法如下:

firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
firewall-cmd --reload

3. 部署WEB应用平台(cmp-m1节点和cmp-m2节点都安装【ip:10.1.13.198和10.1.13.199】)

此步骤略,根据不同项目需求进行部署。

4. 部署Nginx+keepalive(cmp-nginx-m1节点和cmp-nginx-m2节点都安装【ip:10.1.13.192和10.1.13.195】)

4.1. ``两节点部署nginx
1) ``安装nginx(两个节点安装)
[root@fit2cloud-HA ~]``# cd /opt/
[root@fit2cloud-HA opt]``# tar -zxvf nginx-1.17.0.tar.gz
[root@fit2cloud-HA opt]``# cd nginx-1.17.0
[root@fit2cloud-HA nginx-1.17.0]``# mkdir -p /var/temp/nginx
[root@fit2cloud-HA nginx-1.17.0]``# ./configure --user=nobody --group=nobody --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/conf/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --with-http_ssl_module --with-http_gzip_static_module --with-stream
[root@fit2cloud-HA nginx-1.17.0]``# make
[root@fit2cloud-HA nginx-1.17.0]``# make install
[root@fit2cloud-HA nginx-1.17.0]``# systemctl enable nginx

2) ``添加nginx服务
[root@fit2cloud-HA nginx-1.17.0]``# vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=``true
[Install]
WantedBy=multi-user.target

3) ``配置nginx
修改 /usr/local/nginx/conf/nginx.conf 文件,加上 include /usr/local/nginx/conf.d/*.conf;
[root@fit2cloud-HA nginx-1.17.0]``# vim /usr/local/nginx/conf/nginx.conf
如下位置即可:
http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
include /usr/local/nginx/conf.d/*.conf;
#gzip on;

server {
listen 80;

4``)创建配置文件 f2c.conf
#``创建配置文件目录 /usr/local/nginx/conf.d
[root@fit2cloud-HA nginx-1.17.0]``# mkdir -p /usr/local/nginx/conf.d
[root@fit2cloud-HA nginx-1.17.0]``# vim /usr/local/nginx/conf.d/f2c.conf

upstream servers.``cmp``.com {
ip_hash;
server 10.1.13.198:80 weight=2 fail_timeout=10s max_fails=1;
server 10.1.13.199:80 weight=1 fail_timeout=10s max_fails=1;
}
` <br />server {<br /> listen 80;<br /> location / {<br /> proxy_pass http://servers.cmp.com;`
add_header X-Upstream $upstream_addr;
proxy_set_header X-Real-IP $remote_addr;
# proxy_next_upstream``配置当前定向到的后端,返回下列内容时重新分配新的后端
proxy_next_upstream error timeout http_404 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

5) ``重启 nginx 服务
[root@fit2cloud-HA conf.d]``# /bin/systemctl restart nginx.service

4.2 ``两个节点部署keepalive
1``)安装keepalive
# ``解压
[root@``local opt]``# tar -zxvf keepalived-2.0.10.tar.gz
# ``进入安装目录,编译,安装。
[root@``local opt]``# cd keepalived-2.0.10
[root@``local keepalived-2.0.10]``# ./configure --prefix=/opt/keepalived
# ``编译
[root@``local keepalived-2.0.10]``# make && make install
# ``安装后目录如下
[root@``local keepalived-2.0.10]``# cd /opt/keepalived
[root@``local keepalived]``# ll
total 0
drwxr-xr-x. 2 root root 21 Jul 17 14:48 bin
drwxr-xr-x. 4 root root 41 Jul 17 14:48 etc
drwxr-xr-x. 2 root root 24 Jul 17 14:48 sbin
drwxr-xr-x. 5 root root 40 Jul 17 14:48 share

2) Keepalive``配置
# ``可执行文件直接执行
[root@``local keepalived]``# cp /opt/keepalived/sbin/keepalived /usr/sbin/
# ``加入开机启动
[root@``local keepalived]``# cp /opt/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/init.d/
# ``加入配置 网卡
[root@``local keepalived]``# cp /opt/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
# ``创建keepalive配置文件夹并拷贝配置文件
[root@``local keepalived]``# mkdir -p /etc/keepalived
[root@``local keepalived]``# cp /opt/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
# ``开机启动文件增加可执行权限
[root@``local keepalived]``# chmod +x /etc/init.d/keepalived
# ``设置Keepalived开机启动
[root@``local mysql]``# systemctl enable keepalived

#################################################################################################

3) ``编辑keepalived.conf文件
说明:
state BACKUP #VRRP ``实例state MASTER // MASTER 或BACKUP,为了防止脑裂现象,主备均需要设置为backup 模式,master 模式会抢占VIP
priority 100 #``主节点权重100,备节点权重小于100,例如90
interface ens192 #``节点固有IP(非VIP)的网卡,用来发VRRP 包
virtual_router_id 51 #``取值在0-255 之间,用来区分多个instance 的VRRP 组播priority 100 //优先级,同一个vrrp_instance 的MASTER优先级必须比BACKUP 高nopreempt //非抢占,配合backup,防止切换后,主库服务恢复正常后,IP 漂移过来advert_int 1// MASTER 与BACKUP 负载均衡器之间同步检查的时间间隔,单位为秒。
virtual_ipaddress #``虚拟ip 地址,可以有多个地址,每个地址占一行,不需要子网掩码
delay_loop 6 #``健康检查间隔,单位为秒
persistence_timeout 50 #``会话保持时间,就是把用户请求转发给同一个服务器
protocol TCP #``转发协议,有TCP 和UDP 两种,一般用TCP
real_server 192.168.132.121 3306 #``真实服务器,包括IP和端口号
TCP_CHECK #``通过tcpcheck 判断RealServer 的健康状态
connect_timeout 3 #``连接超时时间
nb_get_retry 3 #``重连次数
delay_before_retry 3 #``重连时间间隔
connect_port 3306 #``检测端口


# ``先编辑m1节点的 (10.1.13.192)
[root@``local keepalived]``# vim /etc/keepalived/keepalived.conf
# ``直接覆盖就行
# ``可用cat << EOF > /etc/keepalived/keepalived.conf
# EOF``结尾

! Configuration File ``**for** keepalived

global_defs {
smtp_connect_timeout 30
router_id lb01
}

vrrp_script nginx_check {
script ``"/etc/keepalived/nginx_check.sh"
interval 1
weight -20
}

vrrp_instance VI_1 {
state MASTER ``#``主节点为MASTER,备节点为BACKUP,注意要用大写
interface ens192 ``#``注意系统内网卡名配置,修改为对应的名称
virtual_router_id 51
priority 100 ``#``主节点权重100,备节点权重小于100,例如90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.13.190 ``#``虚拟IP
}
track_script {
nginx_check
}
}

# ``再编辑m2节点的 (10.1.13.195)
[root@``local keepalived]``# vim /etc/keepalived/keepalived.conf

! Configuration File ``**for** keepalived

global_defs {
smtp_connect_timeout 30
router_id lb01
}

vrrp_script nginx_check {
script ``"/etc/keepalived/nginx_check.sh"
interval 1
weight -20
}

vrrp_instance VI_1 {
state BACKUP ``#``主节点为MASTER,备节点为BACKUP,注意要用大写
interface ens192 ``#``注意系统内网卡名配置,修改为对应的名称
virtual_router_id 51
priority 90 ``#``主节点权重100,备节点权重小于100,例如90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.13.190 ``#``虚拟ip
}
track_script {
nginx_check
}
}

4``)为两节点添加检查脚本
[root@master keepalived]``# vim /etc/keepalived/nginx_check.sh
**#!/bin/bash**
set -x
ID=```ps -C nginx --no-header &#124;``wc -l``<br />if`[ $ID -``**eq** 0 ];``**then**
echo ``date`````': nginx is not healthy, try to restart keepalived and nginx'` `>> /etc/keepalived/keepalived.log`<br />`systemctl restart keepalived`<br />`systemctl restart nginx`<br />`**fi**`<br />`#赋予脚本执行权限<br />[root@local` `keepalived]# chmod 755 /etc/keepalived/nginx_check.sh<br /> <br />5) Keepalived启动`<br />`#两节点启动keepalived服务并查看,启动指令如下:<br />[root@local` `keepalived]# systemctl start keepalived<br />[root@local` `keepalived]# systemctl status keepalived<br />[root@local` `keepalived]# ip a # 如果两个节点都出现vip则脑裂`<br /> <br />`6)脑裂现象<br />#一主一备有可能出现两个结点都有VIP,在CentOS7下正确的做法是配置放过vrrp协议,方法如下:`<br />`#注:224.0.0.18 为vrrp组播地址<br />[root@local` `keepalived]# firewall-cmd —direct —permanent —add-rule ipv4 filter INPUT 0 —destination 224.0.0.18 —protocol vrrp -j ACCEPT<br />[root@local` `keepalived]# firewall-cmd —direct —permanent —add-rule ipv4 filter OUTPUT 0 —destination 224.0.0.18 —protocol vrrp -j ACCEPT<br />[root@local` `keepalived]# firewall-cmd —reload<br /> <br />7) 验证`<br />`#查看两个节点nginx、keepalive是否同时开启,keepalive在主节点。<br />#访问10.1.13.190`<br />`#打开两节点访问日志 /usr/local/nginx/logs/access.log<br />#关闭主节点nginx,查看云管平台是否正常访问。`<br />`#查看备节点是否有vip,备节点nginx日志是否运行。`