keepalived-nginx双主热备
环境介绍
两台服务器 ip 对应设置的两个虚拟IP
node1:192.168.150.129 Virtual IP1:192.168.150.132
node2:192.168.150.131 Virtual IP2:192.168.150.133
DNS域名解析至两个虚拟IP: 192.168.150.132、192.168.150.133
环境安装:
nginx-1.12.0.tar.gz
keepalived-2.0.7.tar.gz
部署
nginx安装不做详述
keepalived安装如下:
安装依赖:
yum -y install gcc gcc+ gcc-c++ popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel kernel kernel-headers kernel-devel yum install -y libnfnetlink-devel
cd /usr/local/script
wget http://www.keepalived.org/software/keepalived-2.0.7.tar.gz
tar zxvf keepalived-2.0.7.tar.gz
cd keepalived-2.0.7
./configure
make && make install
cp /usr/local/script/keepalived-2.0.7/keepalived/etc/init.d/keepalived /etc/init.d/
cp /usr/local/sbin/keepalived /usr/sbin/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
mkdir /etc/keepalived
cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/配置服务:
先关闭SElinux、配置防火墙 (两台负载均衡机都要做)
vim /etc/sysconfig/selinux
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
setenforce 0 #使配置立即生效查看防火墙状态: firewall-cmd --state
停止firewall:systemctl stop firewalld.service
禁止firewall开机启动:systemctl disable firewalld.service
启动命令:
/etc/init.d/keepalived start
/etc/init.d/keepalived stop配置node1:192.168.150.129
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email { #指定keepalived在发生事件时(比如切换)发送通知邮件的邮箱
}
}
vrrp_script chk_http_port { #检测nginx服务是否在运行。有很多方式,比如进程,用脚本检测等等
script "/usr/local/script/chk_nginx.sh" #脚本监测
interval 2 #脚本执行间隔,每2s检测一次
weight -5 #脚本结果导致的优先级变更,检测失败(脚本返回非0)则优先级 -5
fall 2 #检测连续2次失败才算确定是真失败。会用weight减少优先级(1-255之间
rise 1 #检测1次成功就算成功。但不修改优先级
}
# 虚拟IP1, 本机作为Master
vrrp_instance VI_1 { #keepalived在同一virtual_router_id中priority(0-255)最大的会成为master,也就是接管VIP,当priority最大的主机发生故障后次priority将会接管
state MASTER #指定keepalived的角色,MASTER表示此主机是主服务器,BACKUP表示此主机是备用服务器
interface ens33 #指定HA监测网络的接口。实例绑定的网卡,因为在配置虚拟IP的时候必须是在已有的网卡上添加
virtual_router_id 51 #虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识。即同一vrrp_instance下,MASTER和BACKUP必须保持一致
priority 100 #定义优先级,数字越大,优先级越高,在同一个vrrp_instance下,MASTER的优先级必须大于BACKUP的优先级
advert_int 1 #设定MASTER与BACKUP负载均衡器之间同步检查的时间间隔,单位是秒
authentication { #设置验证类型和密码。主从一样
auth_type PASS #设置vrrp验证类型,主要有PASS和AH两种
auth_pass 1111 #设置vrrp验证密码,在同一个vrrp_instance下,MASTER与BACKUP必须使用相同的密码才能正常通信
}
virtual_ipaddress { #VRRP HA 虚拟地址
192.168.150.132
}
track_script { #执行监控的服务。注意这个设置不能紧挨着写在vrrp_script配置块的后面,否则nginx监控失效
chk_http_port #引用VRRP脚本,即在 vrrp_script 部分指定的名字。定期运行它们来改变优先级,并最终引发主备切换。
}
}
# 虚拟IP2, 本机作为Backup
vrrp_instance VI_2 {
state BACKUP
interface ens33
virtual_router_id 52
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.150.133
}
}配置node2:192.168.150.131 (配置说明参考node1)
vi /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
}
}
vrrp_script chk_http_port {
script "/usr/local/script/chk_nginx.sh"
interval 2
weight -5
fall 2
rise 1
}
# 虚拟IP1, 本机作为 BACKUP
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 99
advert_int 1
track_interface {
ens33
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.150.132
}
}
# 虚拟IP2, 本机作为Master
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
track_interface {
ens33
}
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.150.133
}
track_script {
chk_http_port
}
}监测脚本:
cat /usr/local/script/chk_nginx.sh
#!/bin/bash
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/usr/sbin/nginx
sleep 2
counter=$(ps -C nginx --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
或者:
#!/bin/bash
if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]
then
/usr/local/nginx/sbin/nginx
sleep 2
if [ "$(ps -ef | grep "nginx: master process"| grep -v grep )" == "" ]
then
killall keepalived
fi
fi测试:
两台同时开启keepalived和nginx ,可以看到ip 132已经绑定到node1的机器上了,ip 133已经绑定到node2的机器上
node1:
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7b:13:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.150.129/24 brd 192.168.150.255 scope global noprefixroute dynamic ens33
valid_lft 1494sec preferred_lft 1494sec
inet 192.168.150.132/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::7df4:88b6:c428:e981/64 scope link noprefixroute
valid_lft forever preferred_lft forevernode2:
[root@node2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:98:96:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.150.131/24 brd 192.168.150.255 scope global dynamic ens33
valid_lft 1438sec preferred_lft 1438sec
inet 192.168.150.133/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8596:922d:c1d5:3d0a/64 scope link 在node1机器killall nginx查看监测脚本能否起作用,可以看到nginx会不断的重启。
[root@node1 ~]# ps -ef|grep nginx
root 89129 77881 0 18:17 ? 00:00:00 /bin/bash /usr/local/script/chk_nginx.sh
root 89134 1 0 18:17 ? 00:00:00 nginx: master process /usr/sbin/nginx
root 89137 1581 0 18:17 pts/1 00:00:00 grep --color=auto nginx
nginx 89138 89134 0 18:17 ? 00:00:00 nginx: worker process停止node1的keepalived,关掉node1的机器、关闭网络等,可以看到ip 132已经自动绑定到node2的机器上
[root@node1 ~]# /etc/init.d/keepalived stop
Stopping keepalived (via systemctl): [ OK ][root@node2 ~] ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:98:96:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.150.131/24 brd 192.168.150.255 scope global dynamic ens33
valid_lft 1708sec preferred_lft 1708sec
inet 192.168.150.133/32 scope global ens33
valid_lft forever preferred_lft forever
inet 192.168.150.132/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::8596:922d:c1d5:3d0a/64 scope link
valid_lft forever preferred_lft forever重启node1的keepalived:132重新绑定至node1上
[root@node1 ~]# /etc/init.d/keepalived start
Starting keepalived (via systemctl): [ OK ]
[root@app_mq_129 keepalived]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:7b:13:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.150.129/24 brd 192.168.150.255 scope global noprefixroute dynamic ens33
valid_lft 1571sec preferred_lft 1571sec
inet 192.168.150.132/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::7df4:88b6:c428:e981/64 scope link noprefixroute 部署完成!!!
论点鲜明,论据链环环相扣,论证有力。
文章结构紧凑,层次分明,逻辑严密,让人一读即懂。
作者对主题的挖掘深入骨髓,展现了非凡的洞察力和理解力。
建议增加田野调查素材,提升真实性。
作者的才华横溢,让这篇文章成为了一篇不可多得的艺术品。
文章的叙述风格独特,用词精准,让人回味无穷。
作者的观点新颖且实用,让人在阅读中获得了新的思考和灵感。