Confd實(shí)現(xiàn)Nginx配置文件自動(dòng)管理

Confd是一個(gè)輕量級(jí)的配置管理工具。通過(guò)查詢Etcd，結(jié)合配置模板引擎，保持本地配置最新，同時(shí)具備定期探測(cè)機(jī)制，配置變更自動(dòng)reload。其后端支持的數(shù)據(jù)類型有：etcd、consul、vault、environment variables、redis、zookeeper、dynamodb、stackengine、rancher。不過(guò)一般使用Confd和etcd的配合使用比較多。

前端服務(wù)器：
服務(wù)器IP 主機(jī)名 安裝組件 備注
192.168.27.211 Client1 etcd+confd+nginx+keepalived 192.168.27.110（Vip）
(http://nginx.jerry.com)
192.168.27.212 Client2 etcd+confd+nginx+keepalived
192.168.27.213 Client3 etcd+confd+nginx+keepalived
192.168.27.210 master ansible 堡壘機(jī)

后端服務(wù)器（web站）：
服務(wù)器IP 功能
192.168.26.210 web1
192.168.26.211 web2
192.168.26.212 web3

安裝etcd集群確保正常略（ansible k8s -m shell -a'etcdctl endpoint health'）。

后端web服務(wù)器安裝配置略（注意VIP域名映射關(guān)系）：
簡(jiǎn)略介紹安裝keepalived安裝配置：
[root@client1 ~]# yum install keepalived –y


192.168.27.211：
[root@client1 keepalived]# cat keepalived.conf
! Configuration File for keepalived

global_defs {
router_id nginx1
}
vrrp_script chk_http_port {
script "/etc/keepalived/chk_nginx.sh"
interval 2
weight 2

}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 20
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass jerry520
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.27.110/22
}
}

192.168.27.212：
! Configuration File for keepalived

global_defs {
router_id nginx2
}
vrrp_script chk_http_port {
script "/etc/keepalived/chk_nginx.sh"
interval 2
weight 2

}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 20
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass jerry520
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.27.110/22
}
}
192.168.27.213:
! Configuration File for keepalived

global_defs {
router_id nginx3
}
vrrp_script chk_http_port {
script "/etc/keepalived/chk_nginx.sh"
interval 2
weight 2

}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 20
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass jerry520
}
track_script {
chk_http_port
}
virtual_ipaddress {
192.168.27.110/22
}
}
Nginx檢測(cè)腳本：三臺(tái)服務(wù)器上都需要配置（一樣的）vim /etc/keepalived/chk_nginx.sh
[root@client1 keepalived]# cat chk_nginx.sh
#!/bin/bash
A=ps -C nginx --no-header |wc -l
if [ $A -eq 0 ];then
echo 'nginx server is died'
/etc/init.d/keepalived stop
fi

nginx安裝：
yum install nginx -y
nginx.conf配置文件：三臺(tái)服務(wù)器保持一樣 vim /etc/nginx/nginx.conf
user nginx ;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream nginx.jerry.com {
server 192.168.26.210:80;
server 192.168.26.211:80;
server 192.168.26.212:80;

}
server {
listen 80;
server_name nginx.jerry.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://nginx.jerry.com;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
分別安裝配置好KEEPALIved和nginx（轉(zhuǎn)發(fā)器）并啟動(dòng)運(yùn)行觀察效果：

Confd安裝配置：

[root@master etc]# ansible k8s -m copy -a"src=/etc/confd dest=/etc/"

[root@master bin]# ansible k8s -m copy -a"src=/usr/bin/confd dest=/usr/bin/confd"
[root@master bin]# ansible k8s -m shell -a"cd /usr/bin;chmod +x confd "
[root@master conf.d]# ansible k8s -m shell -a'ls /usr/bin/confd -l'



創(chuàng)建配置目錄
mkdir -p /etc/confd/{conf.d,templates}
conf.d # 資源模板，下面文件必須以toml后綴
templates # 配置文件模板，下面文件必須以tmpl后綴

創(chuàng)建confd配置文件:
[root@client1 confd]# cat conf.d/sync_nginx.toml
[template]
prefix = "/nginx/www"
src = "nginx.conf.tmpl"
dest = "/etc/nginx/conf.d/mynginx.conf"
owner = "nginx"
mode = "0644"
keys = [
"/server_name",
"/upstream",
]
reload_cmd = "/usr/sbin/nginx -s reload"
創(chuàng)建模板文件：
upstream {{getv "/server_name"}}.jerry.com {
{{ range getvs "/upstream/*"}}
server {{.}};
{{end}}
}
server {
listen 80;
server_name {{getv "/server_name"}}.jerry.com;
location / {
root html;
index index.html index.htm;
proxy_pass http://{{getv "/server_name"}}.jerry.com;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

[root@client1 templates]# confd -watch -backend="etcdv3" -node http://192.168.27.211:2379

[root@client1 conf.d]# etcdctl put /nginx/www/upstream/serverweb1 "192.168.26.210"
[root@client1 conf.d]# etcdctl put /nginx/www/upstream/serverweb2 "192.168.26.211"
[root@client1 conf.d]# etcdctl put /nginx/www/upstream/serverweb3 "192.168.26.212"
[root@client1 conf.d]# etcdctl put /nginx/www/server_name "nginx"
觀察集群中每一個(gè)結(jié)點(diǎn)NGINX反向代理配置文件變化：
27.212:

27.213:

27.211:

我們?cè)賮?lái)一次觀察下變化，這次通過(guò)27.212更換鍵值/nginx/www/server_name 我們把值改為httpd(原來(lái)為nginx)觀察27.211上NGINX配置文件是否更改變化。
[root@client2 conf.d]# etcdctl put /nginx/www/server_name "httpd"

配置文件瞬間更改：

測(cè)試：假如要增刪改后端服務(wù)器(把后端WEB服務(wù)192.168.26.210進(jìn)行刪除操作).
[root@client2 conf.d]# etcdctl del /nginx/www/upstream/serverweb1

配置文件中已經(jīng)將后端服務(wù)器192.168.26.210無(wú)感知地移出并重新加載配置

訪問(wèn)也變了

用公網(wǎng)IP：192.168.27.100(vip)訪問(wèn)（負(fù)載均衡采用輪詢）:



通過(guò)域名（http://nginx.jerry.com）訪問(wèn)后端站點(diǎn)（負(fù)載均衡采用輪詢）：
記得做公網(wǎng)域名解析或更換本地HOST文件：

參考文獻(xiàn)：https://github.com/kelseyhightower/confd/blob/master/docs/quick-start-guide.md
https://github.com/kelseyhightower/confd/blob/master/docs/template-resources.md
https://github.com/kelseyhightower/confd/blob/master/docs/templates.md