Category Archives: Linux

CentOS Linux 7.0 1406 x86 64 iso official original image download

 For x86_64 architecture:
 CentOS-7.0-1406-x86_64-DVD.iso 06-Jul-2014 17:33      4G CentOS-7.0-1406-x86_64-DVD.torrent 07-Jul-2014 12:16    155K CentOS-7.0-1406-x86_64-Everything.iso 04-Jul-2014 22:16      7G CentOS-7.0-1406-x86_64-Everything.torrent 07-Jul-2014 12:16    264K CentOS-7.0-1406-x86_64-GnomeLive.iso 04-Jul-2014 17:22      1G CentOS-7.0-1406-x86_64-GnomeLive.torrent 07-Jul-2014 12:16     42K CentOS-7.0-1406-x86_64-KdeLive.iso 04-Jul-2014 17:44      1G CentOS-7.0-1406-x86_64-KdeLive.torrent 07-Jul-2014 12:16     49K CentOS-7.0-1406-x86_64-Minimal.iso 17-Jul-2014 14:16    566M CentOS-7.0-1406-x86_64-NetInstall.iso 04-Jul-2014 15:59    362M CentOS-7.0-1406-x86_64-NetInstall.torrent 07-Jul-2014 12:16     15K CentOS-7.0-1406-x86_64-livecd.iso 04-Jul-2014 17:00    687M CentOS-7.0-1406-x86_64-livecd.torrent 07-Jul-2014 12:16     27K

 Version description: DVD: # Standard installation image, commonly used. Minimal: # Minimum installation image, with the least software. Everything: # Integrate all software based on the standard, and the image is the largest. NetInstall: # Network installation image. The package is small, but it can only be installed through networking.

 For more versions, see《 Download CentOS ISO 》。

2025 Excellent Open Source Image Station

3 Replies

Enterprise station	URL
Tencent Cloud	http://mirrors.tencent.com/
Alibaba Cloud	https://developer.aliyun.com/mirror/
Netease	https://mirrors.163.com/
Huawei	https://mirrors.huaweicloud.com/
Capital Online	https://mirrors.yun-idc.com/

Education station	URL
Tsinghua University	https://mirrors.tuna.tsinghua.edu.cn/
University of Science and Technology of China	https://mirrors.ustc.edu.cn/
Beijing Jiaotong University	https://mirror.bjtu.edu.cn/
Zhejiang University	https://mirrors.zju.edu.cn/

Official station	URL
CentOS	https://mirrormanager.fedoraproject.org/mirrors
Ubuntu	https://launchpad.net/ubuntu/ +cdmirrors
Archlinux	http://www.archlinux.org/mirrors/status/
Debian	https://www.debian.org/mirror/list
Fedora	https://apps.fedoraproject.org/

Shell script cleans disks in batches and nails push notifications

Leave a reply

 # BLOG://renwole.com/ #The following scripts need to be executed in batch by using a springboard machine or a password free login machine, but can also be modified to be executed on a single machine. Just note out the login phase # tite=$(date "+%Y-%m-%d %H:%M:%S") #Hostnamelist="Host file list, one IP per line, without double quotation marks, for example; /mnt/renwolecom" hostnamelist="/tmp/renwole_com" #Clearing failed logs renwole_com_disk_clean_log="/tmp/renwole_clean_failure.log" #for envNamelist in ${Name[@]};  do #If you use the api interface to get the host list, you can use jq to filter josn, but first install jq 1.5 and above, yum install epel&&yum install jq, the default version of Centos 7 for epel source is 1.5+, and the Centos6+version is 1.3 #Curl - s can obtain the josn format through url and filter through jq | jq. data | jq - r. []. hostname #done >$hostnamelist #Nailing notification. Multiple notifications that do not meet the conditions can be specified according to if conditions dingding_Notice() { dingtalk_openapi_url="//oapi.dingtalk.com" dingtalk_openapi_token="Token" if [[ "$(disk_use)" -ge 80 ]];  then curl ''$dingtalk_openapi_url'/robot/send? access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "The system log has been cleared successfully, but the used space still exceeds 80%. Please repair it in time. The machine is: '" $hostname "'" } }' fi } #Check whether the machine can log in. Try 5 times at most and wait for 5 seconds each time (if the machine is extremely stuck, failure to retry may cause false alarms) check_login() { for i in $(seq 1 5);  do [ $i -gt 1 ] $login_docker 2> /dev/null exit && antl=0 && break || antl=$?; sleep 5 done echo $antl } #After logging in to the container, check whether the relevant commands are available, and retry 3 times in case of failure (some machines are extremely stuck, and will timeout or retry when getting the results) check_login_command() { for i in $(seq 1 3);  do [[ $i -gt 1 ]] $login_docker >/dev/null 2>&1 "type du" >/dev/null 2>&1 && antc=0 && break || antc=$?; sleep 5 done echo $antc } #Check whether the machine can be connected to the network normally. Retry 5 times if failure occurs, and wait 10 seconds for each retry (optional) check_login_command_netwotk() { #If the network is abnormal, please check this file on the container machine gateway="www.renwole.com" curl_timeout="curl -I -s --connect-timeout 16" for i in $(seq 1 5);  do [[ $i -gt 1 ]] $login_docker "$curl_timeout $gateway 2>/dev/null -w %{http_code} | tail -n1" && antn=200 && break || antn="$?"; sleep 10 done } #Get the current disk usage size remotely disk_use() { disk_uses=$($login_docker "df -P|sort -n|grep /dev |grep -v -E '(shm|tmp|boot)'") disk_status=$(echo $disk_uses | awk -F'[ %]+' '{print $5}') echo $disk_status } #Find the log directory and file type to be cleaned, and specify the size to be cleaned. Here, specify 20M system_log_file() { #Multiple directory patrols are supported, separated by spaces, and the '/' must be followed by renwole_log_dir=(/var/log/ /usr/local/nginx/logs/) for log_dirs in ${renwole_log_dir[*]};  do #Log in to the machine remotely, define the file type to be cleaned, and then throw it into the black hole $login_docker "find $log_dirs 2> /dev/null -type f -size +20M \( -name "*.data*" \ -o -name "message*" -o -iname "wtm*" -o -name "vsa*" -o -name "secu*" \ -o -name "cron*" -o -name "*.log*" \) -exec cp /dev/null {} \; " done } #Get which directories or files occupy large space, sort by size, and get the first two lines of file size directories system_file_size_check() { home_file_size=$($login_docker "du -h --max-depth=5 /home/* | sort -h | tail -n5 |head -n2") echo $home_file_size } #Pipeline token | Process concurrency renwole_com="/tmp/renwolcomfile" [ -e "$renwole_com" ] || mkfifo $renwole_com exec 3<>$renwole_com rm -rf $renwole_com for ((i=1;i<=1000;i++));  do echo >&3 done #Start to cycle check the use status of machine disks and disks. If the conditions are not met, an alarm will be given for hostname in `cat $hostnamelist`;  do read -u3 { #Remotely detect whether the machine can be logged in. The maximum attempt is 30s. Machines that cannot log in without password will automatically skip the login login_docker="timeout 30 ssh -o BatchMode=yes $hostname" if [[ $(check_login) -ne 0 ]];  then Echo "Container login failed $hostname">>$renwole_com_disk_clean_log #If conditions are met, terminate this cycle and continue the next cycle echo >&3 continue  fi if [[ $(check_login_command) -ne 0 ]];  then Echo "Cannot find du command $hostname">>$renwole_com_disk_clean_log echo >&3 continue fi if [[ $(disk_use)  -gt 80 ]];  then #If the disk utilization rate is greater than 80%, trigger cleaning system_log_file else Echo "The current disk usage $(disk_use)% does not exceed 80%, $hostname" echo >&3 continue fi if [[ $(disk_use)  -gt 80 ]];  then Echo "$title $hostname Disk cleaning failed. The current usage rate is $(disk_use)%. File size: $(system_file_size_check)">>$renwole_com_disk_clean_log Echo "Failed to clean the disk. The current usage rate is $(disk_use)% $hostname" else Echo "The disk is cleaned successfully. The usage rate after cleaning is $(disk_use)% $hostname" fi echo >&3 }& done wait #Close exec 3<&- exec 3>&- #Whether to enable nailing notification, which is closed by default # dingding_Notice

Linux detects CPU | memory | disk usage Shell script (nailing notification)

Leave a reply

 #!/bin/bash # BLOG : //renwole.com now_time=$(date -u -d"+8 hour" +'%Y-%m-%d %H:%M:%S') #Get domain name hostnamelist=$(hostname) #When the CPU utilization rate is greater than the set threshold, an alarm is triggered cpu_warn="60" #Trigger the alarm when there is only 2048MB of memory left mem_warn="2048" #When the disk utilization rate is greater than the set threshold, an alarm is triggered disk_warn="80" #Each execution will generate the corresponding log on the machine renwole_check_log="/tmp/renwole_check_mem_cpu_disk.log" #Nailing alarm token dingtalk_openapi="//oapi.dingtalk.com" dingtalk_openapi_token="Token" #Get CPU usage item_cpu () { cpu_idle=$(top -b -n 1 | grep Cpu | awk '{print $2}' | cut -f 1 -d ".") Echo "$now Current CPU usage is $cpu_idle">>$renwole_check_log if [[ "$cpu_idle" -gt "$cpu_warn" ]];  then curl ''$dingtalk_openapi'/robot/send? access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The CPU utilization of the current machine '$hostnamelist' has reached 60%, please know " } }' else Echo "The CPU is healthy" fi } #Get memory consumption item_mem () { mem_free=$(free -m | grep "Mem" | awk '{print $4+$6}') Echo "$now The current remaining memory space is$ {mem_free}MB " >> $renwole_check_log if [[ "$mem_free" -lt "$mem_warn" ]];  then curl ''$dingtalk_openapi'/robot/send? access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The memory utilization rate of the current machine '$hostnamelist' is less than 2048MB, please know " } }' else Echo "The memory usage rate is normal, and you can use it with confidence" fi } #Get Disk Usage item_disk () { disk_use=$(df -P | grep /dev/sdb1 | grep -v -E '(tmp|boot)' | awk '{print $5}' | cut -f 1 -d "%") Echo "$now The current disk usage is $disk_use">>$renwole_check_log if [[ "$disk_use" -gt "$disk_warn" ]];  then curl ''$dingtalk_openapi'/robot/send? access_token='$dingtalk_openapi_token'' \ -H 'Content-Type: application/json' \ -d '{"msgtype": "text", "text": { "Content": "Warning: The disk utilization rate of the current machine '$hostnamelist' has reached 80%, please know " } }' else Echo "The hard disk utilization rate does not exceed 80%, so you can use it with confidence" fi } item_cpu item_mem item_disk

Shell Script Variable Judgment Parameter Command Learning Chapter

3 Replies

Recently, I have learned shell scripts in depth. I will review the most basic ones first. If I don't touch them for a long time, I may forget some parameters, so I will take notes here for future reference.

1. System variable

 $n Parameters passed to script or function. N is a number indicating the number of parameters. For example, the first parameter is $1, and the second parameter is $2 $? The exit status of the last command, or the return value of the function. 0 is returned on success, 1 on failure $# Number of parameters passed to script or function $* All these parameters are enclosed in double quotation marks. If a script receives two parameters, $* equals $1 $2 $0 is the name of the command being executed. For shell scripts, this is the path of the activated command When $@ is contained in double quotation marks (""), it is slightly different from $*. If a script receives two parameters, $@ is equivalent to $1 $2 $$The process number of the current shell. For shell script, this is the process ID when it is executing $! The process number of the previous background command

2. File or directory judgment

 -B file True if the file exists and is a block special file -C file True if the file exists and is a special character file -D file True if the file exists and is a directory -E file True if the file exists -F file True if the file exists and is a rule file -G file True if the file exists and the value of SGID bit is set -H file True if the file is a soft link -K file If the file exists and the value of "sticky" bit is set -L file True if the file is a symbolic link -P file True if the file exists and is a named pipe -R file True if the file is readable -S file Judge whether the file exists and is non empty. If it is not empty, it is true -S file to determine whether the file exists and whether it is a socket file -T file file descriptor (1 by default) is true when the specified device is a terminal -U file True if the file exists and SUID bit is set -W file True if the file is writable -X file True if the file is executable [file1 - nt file2] True if file1 is newer than file2, or if file1 exists but file2 does not exist [file1 - ot file2] True if file1 is older than file2, or if file2 exists but file1 does not exist [file1 - ef file2] Returns true if file1 and file2 point to the same device and node number

3. Integer judgment

 -If two eq numbers are equal, it is a true example: if ["$a" - eq "$b"] -If ne is not equal, it is a true example: if ["$a" - ne "$b"] -If gt a is greater than b, it is a true example: if ["$a" - gt "$b"] -If ge is greater than or equal to, it is a true example: if ["$a" - ge "$b"] -Lt a is less than b, it is a true example: if ["$a" - lt "$b"] -If le a is less than or equal to b, it is a true example: if ["$a" - le "$b"] <less than (double brackets are required) Example: (("$a"<"$b")) <=less than or equal to (double brackets are required) Example: ("$a"<="$b") >Greater than (need double brackets) Example: (("$a">"$b")) >=Greater than or equal to (double brackets are required) Example: (("$a">="$b"))

Small data comparison can be used AWK 。

4. Logical operation judge

 ! [! False] Returns true Logical No, the condition is false, and the result is true -A [$a - lt 2 - a $b - gt 5] returns true logical AND. If both expressions are true, it is true -O [$a - lt 2 - o $b - gt 5] Returns true logical OR, which is true as long as one expression is true [] | | [] Use OR to merge two conditions []&&[] Combine two conditions with AND

5. String judgment

 ==True if two strings are the same, equivalent to=: ["str1"="str2"] !=If the strings are different, it is a true example: ["str1"!="str2"] <If the str1 dictionary is sorted before str2, it is a true example: [["str1"<"str2"]]>If the str1 dictionary is sorted after str2, it is a true example: ["str1" >"str2"] -N If str length is non-zero, it is true, that is, it is not empty Example: [- n "str1"] -Z If the file length is zero, that is, empty, it is a true example: [- z "str1"]

Note: On [] In structure " < "It needs to be escaped, for example: [ "str1" /< "str2" ] , there is no need to escape in double brackets.

Summary:

use -n To test in the [] structure, you must use "" Lead the variable and use a "" String, please use ! -z If you use a variable without double quotation marks, it can work, but it is not safe. It is a good habit to use double quotation marks to enclose variable test strings.
In addition, [[ ]] Structural ratio [ ] The structure is more general.

Centos 7 uses memory to optimize disk cache read and write speed

3 Replies

In Linux /dev/shm The directory does not belong to the disk, but the memory. If you use /dev/shm/ As the disk file read/write cache in Linux, the directory is surprisingly efficient.

default /dev/shm The directory is not mounted. You need to mount it manually.

Add the following at the end of the following file:

 $ vim /etc/fstab

 tmps /dev/shm tmpfs defaults,size=1G 0 0

Please add according to the size of your physical memory, generally about 10-50% of the physical memory.

mount /dev/shm/ catalog:

 $ mount -o remount /dev/shm/ $ mkdir /dev/shm/tmp $ chmod 755 /dev/shm/tmp $ mount -B /dev/shm/tmp /tmp

be careful:

/dev/shm/tmp After the system restarts, the mount will be lost, and you need to reset the mount. Here is a shell script, which you can add to the startup automatically:

 $ vim /etc/init.d/shmtmp.sh

 #!/bin/bash mkdir /dev/shm/tmp chmod 755 /dev/shm/tmp mount -B /dev/shm/tmp/ /tmp

Then add the following at the end of the following documents:

 $ vim /etc/rc.local

 sh /etc/init.d/shmtmp.sh

In this way, you can restart and mount automatically. You can use memory to improve read-write performance, for example: session , and other caches /tmp Under the directory, the speed and efficiency are multiplied.

Let's Encrypt SSL certificate renewal failure ascii codec cannot encode

Leave a reply

Today, I reviewed the SSL certificate of the server and found that the Let's Encrypt certificate is about to expire. Check the scheduled task plan log of the crontab and it is also executed normally. For example:

 $ cat /var/log/cron

 ... CROND[31471]: (root) CMD ( /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx ) CROND[31470]: (root) MAIL (mailed 375 bytes of output but got status 0x004b#012) CROND[31482]: (root) CMD (run-parts /etc/cron.hourly) ...

Strangely, the certificate was not renewed normally. Why? Later, the certificate was updated manually:

 $ /usr/bin/certbot renew --quiet

 Attempting to renew cert from /etc/letsencrypt/renewal/renwole.com.conf produced an unexpected error: 'ascii' codec can't encode characters in position 247-248: ordinal not in range(128). Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/renwole.com.conf/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)

Update failed, prompt“ ascii ”The codec cannot encode characters.

After analysis and research, it is found that the developer has modified the root directory of the website, resulting in LetsEncrypt not finding the relevant configuration file.
PS: Alas, if something goes wrong, it's all about operation and maintenance.

Solution

Modify the site root directory in the following configuration file:

 $ vim /etc/letsencrypt/renewal/renwole.com.conf

 ... # Options used in the renewal process [renewalparams] authenticator = webroot installer = None account = a07a7160ea489g586aeaada1368ce0d6 [[webroot_map]] renwole.com = /apps/data/www/renwolecom ...

Modify the root directory specified by Nginx in blue, and save it by default.

The certificate was updated again successfully.

Use the following command to view the renewal status:

 $ certbot certificates

How does Centos 7 back up and restore Redis data

Leave a reply

What is Redis?

Redis is a key value cache and storage in memory (i.e. database), and can also be permanently saved to disk. In this article, you will learn how to back up and restore your Redis database on Centos 7.

Backup Restore Instructions

By default, Redis data will be saved to the. rdb file on the disk, which is a point in time snapshot of the Redis dataset. Snapshots are taken at specified intervals, so they are perfect for backup.

1. Data backup

In Centos 7 and other Linux distributions, the default Redis database directory is/var/lib/Redis. However, if you change the Redis storage location, you can find it by typing the following command:

 [ root@renwolecom  ~]# find / -name *rdb

Use the redis cli management tool to access the database:

 [ root@renwolecom  ~]# redis-cli

Since most of the data runs in memory, Redis only saves it every other period of time. To get the latest copy, execute the following command:

 10.10.204.64:6379> save OK (1.02s)

In addition, if Redis has set user authentication, it needs to be verified before saving, for example:

 10.10.204.64:6379> auth RenwoleQxl5qpKHrh9khuTW 10.10.204.64:6379> save

Then backup, for example:

 [ root@renwolecom  ~]# cp /var/lib/redis/dump.rdb /apps/redis-backup-20180129

2. Data restoration

To restore the backup, you need to replace the existing Redis database file with the recovery file. To ensure that the original data files are not damaged, we recommend that you restore to the new Redis server as much as possible.

Stop the Redis database. Once stopped, the Redis database will be offline.

 [ root@renwolecom  ~]# systemctl stop redis

If restoring to the original Redis server, please rename the current data file before restoring:

 [ root@renwolecom  ~]# mv /var/lib/redis/dump.rdb /var/lib/redis/dump.rdb.old [ root@renwolecom  ~]# cp -p /apps/redis-backup-20180129/dump.rdb /var/lib/redis/dump.rdb

Set the dump.rdb file permissions. The copied data files may not have the Redis user and read permissions, which need to be manually given:

 [ root@renwolecom  ~]# chown redis:redis /var/lib/redis/dump.rdb [ root@renwolecom  ~]# chmod 660 /var/lib/redis/dump.rdb

Start Redis

 [ root@renwolecom  ~]# systemctl start redis

be accomplished! Now you can log in to Redis to verify the data.

Note:

Close AOF as required, and AOF tracks every write operation to the Redis database. Since we are trying to recover from a point in time backup, we do not want Redis to recreate the operations stored in its AOF file.

Whether to enable AOF can be learned by viewing the file:

 [ root@renwolecom  ~]# ls /var/lib/redis/

If you see a file with the suffix. aof, you have enabled AOF.

Rename the. aof file,

 [ root@renwolecom  ~]# mv /var/lib/redis/*.aof /var/lib/redis/appendonly.aof.old

If there are multiple. aof files, please name them separately.

Edit your Redis profile and temporarily close AOF:

 [ root@renwolecom  ~]# vim /etc/redis/redis.conf appendonly no

If you have any questions during the backup, please leave a message.

Centos 7 Add/Remove Swap Partition

Leave a reply

Swap Introduction:

Linux divides physical memory into memory segments, called pages. Swapping refers to the process of copying memory pages to the preset hard disk space (called swap space), in order to free memory for pages. The total size of physical memory and swap space is the total amount of virtual memory available.

Swap is to swap partitions, which is similar to the virtual memory of Windows, but when the physical memory is insufficient, part of the hard disk space is used as virtual memory, thus solving the problem of insufficient physical memory capacity.

Advantages: cost saving.
Disadvantages: insufficient performance.

This method is not limited to Centos 7, and can be used on Linux systems.

Operating user: root.

1. Add swap partition space

Use dd command to create swap partition file /dev/mapper/centos-swap , size 2G:

 $ dd if=/dev/zero of=/dev/mapper/centos-swap bs=1024 count=2048000

Format the swap partition:

 $ mkswap /dev/mapper/centos-swap

Set the swap partition:

 $ mkswap -f /dev/mapper/centos-swap

Activate the swap partition:

 $ swapon /dev/mapper/centos-swap

Set to start automatically:

 $ vim /etc/fstab

Add the following at the bottom of the file:

 /dev/mapper/centos-swap swap swap default 0 0

2. Delete the swap partition

Stop the swap partition in use:

 $ swapoff /dev/mapper/centos-swap

Delete the swap partition file:

 $ rm /dev/mapper/centos-swap

Delete or comment in /etc/fstab The following contents of the file are automatically attached after startup:

 /dev/mapper/centos-swap swap swap default 0 0

be accomplished!

Keepalive Nginx dual network (internal and external network) fault asynchronous drift dual active dual main mode (actual combat)

1 Reply

Introduction:

With a high-performance combination like keepalived+Lvs, why do we need keepalived+Nginx. Keepalived is designed for Lvs. Lvs is a four tiered load balancing device. Although it has the advantage of high performance, it does not have a back-end server health check mechanism. Keepalived provides a series of health check mechanisms for lvs, such as TCP_CHECK, UDP_CHECK, HTTP_GET, etc. At the same time, lvs can also write its own health check script. Or combine ldirectory to implement backend health detection. However, LVS has always been unable to get rid of the fact that it is a four layer device and cannot parse the upper layer protocol. Nginx is different. Nginx is a 7-tier device that can parse the 7-tier protocol, filter some requests, and cache the request results. These are the unique advantages of Nginx. However, keepalived does not provide health detection for Nginx. You need to write some footsteps to conduct health inspection.

The following mainly explains the Keepalived+Nginx mode, excluding lvs. If it is not a large load, LVS is generally unavailable. Of course, you can also refer to:《 Keepalive LVS-DR Nginx single network dual active dual main configuration mode (actual combat) 》Article.

Prepare four servers or virtual machines:

Web Nginx Intranet: 10.16.8.8/10.16.8.9

Keepalived Intranet: 10.16.8.10 (ka67)/10.16.8.11 (ka68)
Keepalived public network: 172.16.8.10/172.16.8.11

Keepalived Intranet VIP: 10.16.8.100/10.16.8.101
Keepalived public network VIP: 172.16.8.100/172.16.8.101

OS：CentOS Linux release 7.4.1708 (Core)

precondition:

Install keepalived.
Time synchronization.
Set SELinux and firewall.
Between each other /etc/hosts Add the opposite host name to the file (optional).
Confirm that the network interface supports multicast (multicast) by default.

For the above deployment, please refer to:《 Keepalived installation and configuration file explanation 》。

1. ka67 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state MASTER interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"   } vrrp_instance External_2 { state BACKUP interface eth1 virtual_router_id 172 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"   } vrrp_instance Internal_1 { state MASTER interface eth0 virtual_router_id 191 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           } vrrp_instance Internal_2 { state BACKUP interface eth0 virtual_router_id 192 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           }

2. ka68 configuration file

 global_defs { notification_email { root@localhost } notification_email_from  ka@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 vrrp_mcast_group4 224.0.0.111 } vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           } vrrp_instance External_2 { state MASTER interface eth1 virtual_router_id 172 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole1 } virtual_ipaddress { 10.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           } vrrp_instance Internal_1 { state BACKUP interface eth0 virtual_router_id 191 priority 95 advert_int 1 authentication { auth_type PASS auth_pass renwole2 } virtual_ipaddress { 172.16.8.100 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           } vrrp_instance Internal_2 { state MASTER interface eth0 virtual_router_id 192 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole3 } virtual_ipaddress { 172.16.8.101 } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_fault "/usr/local/keepalived/etc/keepalived/notify.sh fault"           }

3. Create a common script for detection

 $ vim /usr/local/keepalived/etc/keepalived/notify.sh

 #!/bin/bash # contact=' root@localhost ' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master    ;; backup) notify backup systemctl start nginx #After configuring here, the Nginx service can automatically start if it hangs ;; fault) notify fault     ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac

4. Start the keepalived service and test

Check the network card status after starting ka67:

 [ root@ka67  ~]# systemctl start keepalived

 [ root@ka67  ~]# ip a

 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever

When ka68 is not started, ka67 adds four VIPs:

Public network eth0:

172.16.8.100/32
172.16.8.101/32

Intranet eth1:

10.16.8.100/32
10.16.8.101/32

Check the network card status after starting ka68:

 [ root@ka68  ~]# systemctl start keepalived

 [ root@ka68  ~]# ip a

 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:79 brd ff:ff:ff:ff:ff:ff inet 172.16.8.11/24 brd 103.28.204.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.101/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::3d2c:ecdc:5e6d:70ba/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:82 brd ff:ff:ff:ff:ff:ff inet 10.16.8.11/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.101/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::4fb3:d0a8:f08c:4536/64 scope link valid_lft forever preferred_lft forever

Ka68 added two VIPs, namely:

Public network eth0:

172.16.8.101/32

Intranet eth1:

10.16.8.101/32

Check the network card status information of ka67 again:

 [ root@ka67  ~]# ip a

 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:78 brd ff:ff:ff:ff:ff:ff inet 172.16.8.10/24 brd 172.16.8.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.16.8.100/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::436e:b837:43b:797c/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:5d:ae:02:84 brd ff:ff:ff:ff:ff:ff inet 10.16.8.10/24 brd 10.16.8.255 scope global eth1 valid_lft forever preferred_lft forever inet 10.16.8.100/32 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::1261:7633:b595:7719/64 scope link valid_lft forever preferred_lft forever

be aware 172.16.8.101/10.16.8.101 It has been removed. At this time, no matter whether any server is stopped, the 4 VIPs will not stop communication.

In addition, you can ka67/ka68 View the heartbeat status of the multicast address through the following command:

 [ root@ka67  ~]# tcpdump -nn -i eth1 host 224.0.0.111

 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes 02:00:15.690389 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:15.692654 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:16.691552 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20 02:00:16.693814 IP 10.16.8.11 > 224.0.0.111: VRRPv2, Advertisement, vrid 172, prio 100, authtype simple, intvl 1s, length 20 02:00:17.692710 IP 10.16.8.10 > 224.0.0.111: VRRPv2, Advertisement, vrid 171, prio 100, authtype simple, intvl 1s, length 20

up to now, vrrp High availability configuration of&test completed, let's continue to configure Web Nginx service.

5. Install and configure Nginx

In the back-end server 10.16.8.8/10.16.8.9 Install Nginx:

For Nginx see:《 Centos 7 source code compilation and installation Nginx 》。

Or by yum Install Nginx; Simple and fast:

 $ yum install epel-release -y $ yum install nginx -y

In order to distinguish different machines in the test environment, the server IP address is set for the web page, but the content obtained in the production environment is consistent.

Respectively in 10.16.8.8/10.16.8.9 Execute the following command:

 $ echo "Server 10.16.8.8" > /usr/share/nginx/html/index.html $ echo "Server 10.16.8.9" > /usr/share/nginx/html/index.html

Test whether the access is normal:

 $ curl //10.16.8.8 Server 10.16.8.8

Respectively in ka67/ka68 Install Nginx on the. I use it here yum Installation:

 $ yum install nginx psmisc -y

explain: psmisc Includes: fuser , killall , pstree And so on.

stay ka67/ka68 Configure Nginx on:

Backup default configuration file:

 $ mv /etc/nginx/conf.d/default.conf{,.bak} $ mv /etc/nginx/nginx.conf{,.bak}

Respectively in ka67/ka68 Add the following content to the nginx main configuration file:

 $ vim /etc/nginx/nginx.conf

 user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log  /var/log/nginx/access.log  main; sendfile            on; tcp_nopush          on; tcp_nodelay         on; keepalive_timeout   65; types_hash_max_size 2048; include             /etc/nginx/mime.types; default_type        application/octet-stream; include /etc/nginx/conf.d/*.conf; upstream webserverapps { server 10.16.8.8:80; server 10.16.8.9:80; #server 127.0.0.1:8080 backup; }

 server { listen 80; server_name _; location / { proxy_pass //webserverapps; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; add_header Access-Control-Allow-Origin *; } } }

Note: The blue part is mainly added to the above configuration. Other defaults are only for testing. Please adjust the configuration of the production environment according to your own needs.

stay ka67/ka68 Restart Nginx service:

 $ systemctl restart nginx

Test on ka67/ka68 respectively:

 [ root@ka67  ~]# for i in `seq 10`;  do curl 10.16.8.10;  done Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.8 Server 10.16.8.9 Server 10.16.8.9 Server 10.16.8.9

So far, Nginx reverse generation has also been realized. Next, we will combine Nginx with Keepalived to make Nginx support high availability.

6. Configure Keepalive Nginx high availability

Respectively in ka67/ka68 configuration file /usr/local/keepalived/etc/keepalived/keepalived.conf Global configuration block for global_defs Add below vrrp_script Configuration block:

 vrrp_script chk_nginx { script "killall -0 nginx" interval 2 weight -10 fall 2 rise 2 }

At all vrrp_instance Instance block, add track_script Blocks:

 track_script { chk_nginx }

For example:

 ... vrrp_instance External_1 { state BACKUP interface eth1 virtual_router_id 171 priority 100 advert_int 1 authentication { auth_type PASS auth_pass renwole0 } virtual_ipaddress { 10.16.8.100 } track_script { chk_nginx } notify_master "/usr/local/keepalived/etc/keepalived/notify.sh master" notify_backup "/usr/local/keepalived/etc/keepalived/notify.sh backup" notify_"/usr/local/keepalived/etc/keepalived/notify.sh fault" } ...

After configuration, restart ka67/ka68 's keepalived service:

 $ systemctl stop keepalived $ systemctl start keepalived

Summary:

During the configuration process, there is a problem that cannot be drifted and cross network segments. To solve the channel problem, we need to see more logs, analyze and judge more, and finally we can solve the problem. In any case, since you have chosen to keep alive, you should firmly believe in your original intention.
If you have any problem in the configuration process, please leave a message to solve the problem together.