Nginx+keepalived做双机热备，实现负载均衡（主主模式）

Posted 2020-10-11

Keepalived:

          简介：

Keepalived的作用是检测服务器的状态，如果有一台web服务器宕机，或工作出现故障，Keepalived将检测到，并将有故障的服务器从系统中剔除，同时使用其他服务器代替该服务器的工作，当服务器工作正常后Keepalived自动将服务器加入到服务器群中，这些工作全部自动完成，不需要人工干涉，需要人工做的只是修复故障的服务器。

优点：

主要用作RealServer的健康状态检查以及LoadBalance主机和BackUP主机之间failover的实现。 本文构建高可用web架构:nginx （反向代理）+ keepalived

          前言：

因业务扩展，需要将当前的apache 转为nginx(web), 再在web前端放置nginx(负载均衡)。同时结合keepalived对前端nginx实现HA。

          双机热备高可用模式：

            高可用-主备模式：一个VIP,一台主机对外提供服务，另外一台做备用机，当主服务器出现问            题，  备用服务器接管IP继续提供服务。

            高可用-主主模式：二个VIP或多个，两台主机都对外提供服务，可以是同一个服务，也可以是不        同的服务，两个VIP互为主备模式，当一台机发生故障时，另一台会接管此服务，这种模式提高了          硬件的投入，也对负载均衡起到一定的效果。

       

        搭建环境(centos7)：

        IP:10.0.0.128 （ nginx+keepalived）

        IP:10.0.0.131 （ nginx+keepalived）

            VIP1:10.0.0.200  master/128 backup/129

           VIP2:10.0.0.220  master/129 backup/128

        IP:10.0.0.129 （httpd）（www.zxb2.cn:80）

        IP:10.0.0.130  （httpd）（www.zxb3.cn:80）

        

方案实施：

 

① ．主机：10.0.0.128

一．    编译安装nginx

1.   安装软件依赖包.

 [[email protected] ~]# yum -y groupinstall"Development Tools" "Server Platform         Deveopment"

[[email protected] ~]# yum -y installopenssl-devel pcre-devel

2.   下载nginx包,并解压.

[[email protected] ~]# cd /usr/local/src/

    [[email protected]~]# wget http://nginx.org/download/nginx-1.12.0.tar.gz

    [[email protected] ~]# tar -zxvf nginx-1.12.0.tar.gz

3.   添加nginx运行的用户.

    [[email protected] ~]# useradd nginx

4.   编译安装.

    [[email protected] ~]# cd /nginx-1.12.0

[[email protected] ~]#./configure--prefix=/usr/local/nginx --user=nginx                 --group=nginx --with-http_ssl_module--with-http_flv_module --with-http_stub_status_module--with-http_gzip_static_module --with-pcre

[[email protected] ~]# make&& make install

二．   编辑nginx主配置文件，反向代理两台web服务器.(upstream模块应放在http和      server模块中间)

1.   [[email protected]~]# cat /usr/local/nginx/conf/nginx.conf

##这里用的是域名记得改hosts文件. 

upstream backend {

           server  www.zxb2.cn  max_fails=3 fail_timeout=10s;

           server  www.zxb3.cn  max_fails=3 fail_timeout=10s;

        }

server{

       listen 80;

        server_name www.test.cn;

 location / {

         proxy_pass http://backend;

        proxy_set_header   Host         $host;

       proxy_set_header   X-Real-IP        $remote_addr;

       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

       }

}

2.   启动nginx服务

[[email protected]~]#/usr/local/nginx/sbin/nginx

 三、安装keepalived并修改配置文件,配置nginx检测脚本.

1.安装keepalived并修改配置文件.

    [[email protected] ~]# yuminstall -y keepalived

[[email protected] ~]# cat/etc/ keepalived/keepalived.conf

! Configuration Filefor keepalived 

global_defs { 

  notification_email { 

    [email protected] 

    #[email protected] 

    #[email protected] 

  } 

  router_id LVS_DEVEL 

} 

 vrrp_scriptchk_http_port {       

   script "/root/scripts/monitor_nginx.sh"  

   interval 2                     

   weight -5                      

   fall 2                  

   rise 1                 

}

  

vrrp_instance VI_1{ 

   state MASTER

   interface ens33

   virtual_router_id 22

   priority 100 

   advert_int 1 

   authentication { 

       auth_type PASS 

       auth_pass 1111 

   } 

   virtual_ipaddress { 

       10.0.0.200 

   } 

}

 

vrrp_instance VI_2{ 

   state BACKUP

   interface ens33

   virtual_router_id 21

   priority 80

   advert_int 1 

   authentication { 

       auth_type PASS

       auth_pass 1111 

   }

   virtual_ipaddress {

       10.0.0.220

}

track_script {                    

   chk_http_port                

}

}

2.配置nginx检测脚本

##编写nginx状态检测脚本，放到/root/scripts/monitor_nginx.sh下(任意处)；（当检测到nginx stop 状态时，自动关闭keepalived服务）

[[email protected] ~]# cat/root/scripts/monitor_nginx.sh

#!/bin/bash

NGINX=`ps-C nginx --no-heading| wc -l`

if[ "${NGINX}" = "0" ]; then

        service stop keepalived

fi

②．主机：10.0.0.129

一．   安装nginx和keepalived 同上一样。

二．Copy主机10.0.0.128 keepalived.conf 进行修改

! Configuration Filefor keepalived 

global_defs { 

  notification_email { 

    [email protected] 

    #[email protected] 

    #[email protected] 

  } 

  router_id LVS_DEVEL 

} 

 vrrp_scriptchk_http_port {       

   script "/root/scripts/monitor_nginx.sh"  

   interval 2                     

   weight -5                      

   fall 2                  

   rise 1                 

}

  

vrrp_instance VI_1{ 

   state BACKUP

   interface ens33

   virtual_router_id 22

   priority 80

   advert_int 1 

   authentication { 

       auth_type PASS 

       auth_pass 1111 

   } 

   virtual_ipaddress { 

       10.0.0.200 

   } 

}

 

vrrp_instance VI_2{ 

   state MASTER

   interface ens33

   virtual_router_id 21

   priority 100

   advert_int 1 

   authentication { 

       auth_type PASS

       auth_pass 1111 

   }

   virtual_ipaddress {

       10.0.0.220

}

track_script {                    

   chk_http_port                

}

}

三．修改nginx配置文件和编写nginx状态检测脚本同上；

③IP:10.0.0.129:80  Ip:10.0.0.130:80(配置一样)

  [[email protected] ~ ]echo "web1-www.zxb2.cn" >/var/www/html/index.html

  [[email protected] ~ ]echo "web1-www.zxb3.cn" >/var/www/html/index.html

测试：

 1.首先主机：10.0.0.128启动keepalived,会有两个vip,当主机:10.0.0.131启动keepalived后vip2会被抢占过去。

-----------------------------------------------------------------------------

[[email protected] ~]# systemctl start keepalived
[[email protected] ~]# cat /var/log/messages |tail -n 2

Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: VRRP_Instance(VI_1{) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:42 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.200
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: VRRP_Instance(VI_2{) Sending/queueing gratuitous ARPs on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
Oct 20 17:24:45 zxb Keepalived_vrrp[12171]: Sending gratuitous ARP on ens33 for 10.0.0.220
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 10.0.0.200/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet 10.0.0.220/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link
       valid_lft forever preferred_lft forever
-----------------------------------------------------------------------------

[[email protected] ~]# systemctl start keepalived
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:10:e1:cf brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 10.0.0.220/32 scope global ens33##抢占
       valid_lft forever preferred_lft forever
    inet6 fe80::44f2:ef47:efec:8b07/64 scope link
       valid_lft forever preferred_lft forever
-----------------------------------------------------------------------------

访问：

[[email protected] ~]# curl 10.0.0.200
web1-www.zxb2.cn
[[email protected] ~]# curl 10.0.0.200
web2--www.zxb3.cn
[[email protected] ~]# curl 10.0.0.220
web1-www.zxb2.cn
[[email protected] ~]# curl 10.0.0.220
web2--www.zxb3.cn
[[email protected] ~]#
-----------------------------------------------------------------------------

2.停止两台nginx上是vip 的nginx服务，执行监控nginx进程脚本看是否会自动停止keepalived服务，使主机10.0.0.128的vip1转移到主机10.0.0.131上，并访问测试.

-----------------------------------------------------------------------------

[[email protected] ~]# ps -ef |grep nginx|awk ‘{print $2}‘|xargs kill -9
kill: 向 12236 发送信号失败: 没有那个进程
[[email protected] ~]# ps -ef |grep nginx
root      12241  12145  0 17:35 pts/0    00:00:00 grep --color=auto nginx
[[email protected] ~]# bash /root/scripts/monitor_nginx.sh
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:64:e3:62 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.128/24 brd 10.0.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::8a1e:39ba:9beb:4aa9/64 scope link
-----------------------------------------------------------------------------
[[email protected] ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:10:e1:cf brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.131/24 brd 10.0.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet 10.0.0.220/32 scope global ens33
       valid_lft forever preferred_lft forever
    inet 10.0.0.200/32 scope global ens33
-----------------------------------------------------------------------------

访问：

[[email protected] ~]# curl 10.0.0.200
web1-www.zxb2.cn
[[email protected] ~]# curl 10.0.0.220
web2--www.zxb3.cn
[[email protected] ~]# curl 10.0.0.220
web1-www.zxb2.cn
[[email protected] ~]# curl 10.0.0.220
web2--www.zxb3.cn

本文出自 “XiaoBingZ” 博客，请务必保留此出处http://17267340368.blog.51cto.com/13407496/1974726