一、环境准备
🔗在Ubuntu中安装docker |
二、主机
1、环境搭建
1.1 镜像拉取
docker pull ubuntu:16.04
1.2 创建网桥
docker network create -d=bridge --subnet=192.168.126.0/24 br1
1.3 启动容器
docker run -it --name ubuntu-1 --privileged -v /home/vac/linux:/mnt/software -p 8801:80 --net=br1 ubuntu:16.04 bash
1.4 下载工具包
先更新以下
apt update
ifconfig、route命令使用的net-tools工具包
apt -y install net-tools
vim编辑器
apt -y install vim
ping命令工具包
apt -y install iputils-ping
1.5 下载nginx
apt -y install nginx
1.6 下载keepalived
apt -y install keepalived
2、配置
2.1 配置keepalived
编辑keepalived.conf文件
vim /etc/keepalived/keepalived.conf
输入以下内容
! Configuration File for keepalived
global_defs {
#路由id:当前安装keepalived节点主机的标识符,全局唯一
router_id keep_130
}
vrrp_instance VI_1 {
# 表示的状态,当前的130服务器为nginx的主节点,MASTER/BACKUP
state MASTER
# 当前实例绑定的网卡
interface eth0
# 保证主备节点一致
virtual_router_id 51
# 优先级/权重,谁的优先级高,在MASTER挂掉以后,就能成为MASTER
priority 100
# 主备之间同步检查的时间间隔,默认1s
advert_int 1
# 认证授权的密码,防止非法节点的进入
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
}
}
2.2 配置nginx
2.2.1 查看nginx.conf
输入命令
vim /etc/nginx/nginx.conf
内容如下
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
2.2.2 修改index.html
输入命令
vim /usr/share/nginx/html/index.html
输入以下内容
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!(192.168.126.2)</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
3、启动
3.1 启动nginx
输入命令
nginx
3.2 启动keepalived
keepalived -l -f /etc/keepalived/keepalived.conf
4、状态查看
4.1 查看nginx状态
输入命令
service nginx status
打印返回
* nginx is running
4.2 查看keepalived进程
输入命令
ps -ef|grep keepalived
打印返回
root 31 1 1 07:50 ? 00:00:00 keepalived -l -f /etc/keepalived/keepalived.conf
root 32 31 3 07:50 ? 00:00:00 keepalived -l -f /etc/keepalived/keepalived.conf
root 33 31 4 07:50 ? 00:00:00 keepalived -l -f /etc/keepalived/keepalived.conf
root 35 11 0 07:51 pts/1 00:00:00 grep --color=auto keepalived
4.3 查看vip挂载情况
输入命令
ip a
打印返回
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:7e:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.126.2/24 brd 192.168.126.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.200.16/32 scope global eth0
valid_lft forever preferred_lft forever
4、停止
4.1 停止nginx
nginx -s stop
4.2 停止keepalived
pkill keepalived
三、从机
1、方法一
1.1 重复主机环境步骤
1.2 将步骤 1.2 创建网桥的IP地址改成其他段
docker network create -d=bridge --subnet=192.168.127.0/24 br1
1.3 将步骤2.1 配置keepalived内容改为如下
! Configuration File for keepalived
global_defs {
#路由id:当前安装keepalived节点主机的标识符,全局唯一
router_id keep_131
}
vrrp_instance VI_1 {
# 表示的状态,当前的130服务器为nginx的主节点,MASTER/BACKUP
state BACKUP
# 当前实例绑定的网卡
interface eth0
# 保证主备节点一致
virtual_router_id 51
# 优先级/权重,谁的优先级高,在MASTER挂掉以后,就能成为MASTER
priority 80
# 主备之间同步检查的时间间隔,默认1s
advert_int 1
# 认证授权的密码,防止非法节点的进入
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
}
}
2、方法二(推荐!省事)
2.1 将主机虚拟机关机完整克隆一份作为从机
2.2 修改keepalived的配置
输入命令
vim /etc/keepalived/keepalived.conf
内容如下
! Configuration File for keepalived
global_defs {
#路由id:当前安装keepalived节点主机的标识符,全局唯一
router_id keep_131
}
vrrp_instance VI_1 {
# 表示的状态,当前的130服务器为nginx的主节点,MASTER/BACKUP
state BACKUP
# 当前实例绑定的网卡
interface eth0
# 保证主备节点一致
virtual_router_id 51
# 优先级/权重,谁的优先级高,在MASTER挂掉以后,就能成为MASTER
priority 50
# 主备之间同步检查的时间间隔,默认1s
advert_int 1
# 认证授权的密码,防止非法节点的进入
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
}
}
2.3 启动keepalived服务
keepalived -l -f /etc/keepalived/keepalived.conf
2.4 启动nginx服务
nginx
注: keepalived过程中出现的其他问题,详见 🔗在docker的ubuntu中安装keepalived
四、路由环境
具体路由如下图
1、主机
1.1 网卡情况
输入命令
ip a
打印返回
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b6:5d:6c brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.100.157/24 brd 192.168.100.255 scope global dynamic noprefixroute ens33
valid_lft 59332sec preferred_lft 59332sec
inet6 fe80::f040:fdbe:78e1:5077/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:65:2d:ef:09 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:65ff:fe2d:ef09/64 scope link
valid_lft forever preferred_lft forever
18: br-5485ae4ce244: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:46:41:1a:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.126.1/24 brd 192.168.126.255 scope global br-5485ae4ce244
valid_lft forever preferred_lft forever
inet6 fe80::42:46ff:fe41:1a20/64 scope link
valid_lft forever preferred_lft forever
25: vethd5c0922@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5485ae4ce244 state UP group default
link/ether a2:75:3c:3c:0d:62 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::a075:3cff:fe3c:d62/64 scope link
valid_lft forever preferred_lft forever
27: vethec20693@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4bd1ee90e211 state UP group default
link/ether 92:80:a3:b4:06:4a brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::9080:a3ff:feb4:64a/64 scope link
valid_lft forever preferred_lft forever
1.2 查看路由
输入命令
route -n
打印返回
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 100 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.126.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5485ae4ce244
1.3 添加路由
主机到从机的路由
route add -net 192.168.127.0/24 gw 192.168.100.158
主机到vip的路由
route add -net 192.168.200.0/24 gw 192.168.126.2
vip到从机的路由
route add -net 192.168.200.0/24 gw 192.168.100.158
1.4 最后路由表
输入命令
route -n
打印返回
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 100 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.126.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5485ae4ce244
192.168.127.0 192.168.100.158 255.255.255.0 UG 0 0 0 ens33
192.168.200.0 192.168.126.2 255.255.255.0 UG 0 0 0 br-5485ae4ce244
192.168.200.0 192.168.100.158 255.255.255.0 UG 0 0 0 ens33
2、从机
2.1 网卡情况
输入命令
ip a
打印返回
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:6a:2e:27 brd ff:ff:ff:ff:ff:ff
altname enp2s1
inet 192.168.100.158/24 brd 192.168.100.255 scope global dynamic noprefixroute ens33
valid_lft 64476sec preferred_lft 64476sec
inet6 fe80::5d22:1c65:d887:63e6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:69:89:fc:8c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:69ff:fe89:fc8c/64 scope link
valid_lft forever preferred_lft forever
4: br-c0c4641ba16b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:a3:ee:77:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.127.1/24 brd 192.168.127.255 scope global br-c0c4641ba16b
valid_lft forever preferred_lft forever
inet6 fe80::42:a3ff:feee:7797/64 scope link
valid_lft forever preferred_lft forever
10: vethbe7b7fe@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-c0c4641ba16b state UP group default
link/ether 1a:e7:2f:a9:3b:8e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::18e7:2fff:fea9:3b8e/64 scope link
valid_lft forever preferred_lft forever
2.2 查看路由
输入命令
route -n
打印返回
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 100 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.127.0 0.0.0.0 255.255.255.0 U 0 0 0 br-c0c4641ba16b
2.3 添加路由
从机到主机的路由
route add -net 192.168.126.0/24 gw 192.168.100.157
从机到vip的路由
route add -net 192.168.200.0/24 gw 192.168.127.2
vip到主机的路由
route add -net 192.168.200.0/24 gw 192.168.100.157
2.4 最后路由情况
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 100 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
192.168.126.0 192.168.100.157 255.255.255.0 UG 0 0 0 ens33
192.168.127.0 0.0.0.0 255.255.255.0 U 0 0 0 br-c0c4641ba16b
192.168.200.0 192.168.126.2 255.255.255.0 UG 0 0 0 br-c0c4641ba16b
192.168.200.0 192.168.100.157 255.255.255.0 UG 0 0 0 ens33
3、宿主机(windows主机)
3.1 添加路由
vip到主机
route add 192.168.200.0 mask 255.255.255.0 192.168.100.157
vip到从机
route add 192.168.200.0 mask 255.255.255.0 192.168.100.158