keepalived实现nginx高可用
环境
设备 | ip地址 |
---|---|
centos7 | 192.168.89.130 |
centos7 | 192.168.89.129 |
1.两台设备都安装keepalived
[root@localhost ~]# yum -y install epel-release vim wget gcc gcc-c++
[root@localhost ~]# yum install keepalived -y
[root@localhost ~]# rpm -ql keepalived
/etc/keepalived/keepalived.conf keepalived服务主配置文件
/etc/rc.d/init.d/keepalived 服务启动脚本
/etc/sysconfig/keepalived
/usr/bin/genhash
/usr/lib/systemd/system/keepalived.service 服务控制文件
/usr/libexec/keepalived
/usr/sbin/keepalived
2.两台设备都安装nginx
2.1MASTER端
[root@localhost ~]# yum -y install nginx
[root@localhost ~]# cd /usr/share/nginx/html/
[root@localhost html]# mv index.html /root/
[root@localhost html]# echo 'master:192.168.89.130' > index.html
[root@localhost html]# systemctl start nginx
[root@localhost html]# systemctl enable nginx
[root@localhost html]# curl http://192.168.89.130
master:192.168.89.130
2.2SLAVE端
[root@localhost ~]# yum -y install nginx
[root@localhost ~]# cd /usr/share/nginx/html/
[root@localhost html]# mv index.html /root/
[root@localhost html]# echo 'slave:192.168.89.129' > index.html
[root@localhost html]# systemctl start nginx
[root@localhost html]# systemctl enable nginx
[root@localhost html]# curl http://192.168.89.130
master:192.168.89.130
3.keepalived配置
##3.1 配置master端keepalived
[root@localhost html]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
virtual_router_id 51
priority 100
advert_int 1
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.89.150
}
}
virtual_server 192.168.89.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.89.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.89.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@localhost html]# systemctl start keepalived
[root@localhost html]# systemctl enable keepalived
3.2 备用段配置keepalived
[root@localhost html]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.89.150
}
}
virtual_server 192.168.89.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.89.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.89.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@localhost html]# systemctl start keepalived
[root@localhost html]# systemctl enable keepalived
3.3master端查看
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e1:46:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.89.130/24 brd 192.168.89.255 scope global noprefixroute dynamic ens33
valid_lft 1185sec preferred_lft 1185sec
inet 192.168.89.150/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::ed9:2153:d66f:1db9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3.4slave端查看
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:47:80:d4 brd ff:ff:ff:ff:ff:ff
inet 192.168.89.129/24 brd 192.168.89.255 scope global noprefixroute dynamic ens33
valid_lft 1302sec preferred_lft 1302sec
inet6 fe80::87d5:9fca:fb19:7de0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4.修改内核参数,开启监听VIP功能
4.1master端设置
[root@localhost ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
4.2slave端设置
[root@localhost ~]# echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
5.让keepalived监控nginx负载均衡
5.1在master编写脚本
[root@localhost ~]# vim check_n.sh
#!/bin/bash
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl stop keepalived
fi
[root@localhost ~]# vim nptofy.sh
#!/bin/bash
VIP=$2
sendmail (){
subject="${VIP}'s server keepalived state is translate"
content="`date +'%F %T'`: `hostname`'s state change to master"
echo $content | mail -s "$subject" 664506081@qq.com
}
case "$1" in
master)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -lt 1 ];then
systemctl start nginx
fi
sendmail
;;
backup)
nginx_status=$(ps -ef|grep -Ev "grep|$0"|grep '\bnginx\b'|wc -l)
if [ $nginx_status -gt 0 ];then
systemctl stop nginx
fi
;;
*)
echo "Usage:$0 master|backup VIP"
;;
esac
[root@localhost ~]# ll
总用量 16
-rw-------. 1 root root 1204 9月 27 14:48 anaconda-ks.cfg
-rw-r--r-- 1 root root 140 10月 31 11:12 check_n.sh
-rw-r--r-- 1 root root 3700 3月 6 2018 index.html
-rw-r--r-- 1 root root 557 10月 31 11:13 nptofy.sh
[root@localhost ~]# chmod +x check_n.sh nptofy.sh
[root@localhost ~]# ll
总用量 16
-rw-------. 1 root root 1204 9月 27 14:48 anaconda-ks.cfg
-rwxr-xr-x 1 root root 140 10月 31 11:12 check_n.sh
-rw-r--r-- 1 root root 3700 3月 6 2018 index.html
-rwxr-xr-x 1 root root 557 10月 31 11:13 nptofy.sh
[root@localhost ~]# mkdir /kongbai
[root@localhost ~]# mv check_n.sh nptofy.sh /kongbai/
5.2slave编写脚本
脚本内容一致,直接将master段脚本发送过来即可
[root@localhost ~]# ll
总用量 16
-rw-------. 1 root root 1201 10月 16 19:40 anaconda-ks.cfg
-rwxr-xr-x 1 root root 140 10月 31 11:17 check_n.sh
-rw-r--r-- 1 root root 3700 3月 6 2018 index.html
-rwxr-xr-x 1 root root 556 10月 31 11:17 nptofy.sh
[root@localhost ~]# mv check_n.sh nptofy.sh /etc/keepalived/
6.keepalived加入监控脚本的配置
6.1 MASTER端
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
script nginx_check {
script "/kongbai/check_n.sh"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.89.150
}
track_script {
nginx_check
}
notify_master "/etc/keepalived/notify.sh master 192.168.89.150"
notify_backup "/etc/keepalived/notify.sh backup 192.168.89.150"
}
virtual_server 192.168.89.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.89.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.89.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@localhost ~]# systemctl restart keepalived
6.2 SLAVE端
备用段不许需要检测nginx 的是否正常,升级为master是自动启动nginx,降级是关闭
[root@localhost ~]# vim /etc/keepalived/keepalived.conf
···
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.89.150
}
track_script {
nginx_check
}
notify_master "/etc/keepalived/notify.sh master 192.168.89.150"
notify_backup "/etc/keepalived/notify.sh backup 192.168.89.150"
}
virtual_server 192.168.89.150 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.89.130 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 192.168.89.129 80 {
weight 1
TCP_CHECK {
connect_port 80
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@localhost ~]# systemctl restart keepalived
7.查看效果
[root@localhost ~]# curl http://192.168.89.150
master:192.168.89.130
[root@localhost ~]# curl http://192.168.89.130
master:192.168.89.130
[root@localhost ~]# curl http://192.168.89.129
slave:192.168.89.129
[root@localhost ~]# nginx -s stop
[root@localhost ~]# curl http://192.168.89.150
curl: (7) Failed connect to 192.168.89.150:80; 拒绝连接 等待一会即可
[root@localhost ~]# curl http://192.168.89.150
slave:192.168.89.129
[root@localhost ~]# nginx
[root@localhost ~]# curl http://192.168.89.150
master:192.168.89.130