keepalived+nginx双机热备+负载均衡

keepalived+nginx双机热备+负载均衡

最近因业务扩展，需要将当前的apache 转为nginx(web), 再在web前端放置nginx(负载均衡)。同时结合keepalived 对前端nginx实现HA。
nginx进程基于于Master+Slave(worker)多进程模型，自身具有非常稳定的子进程管理功能。在Master进程分配模式下，Master进程永远不进行业务处理，只是进行任务分发，从而达到Master进程的存活高可靠性，Slave(worker)进程所有的业务信号都 由主进程发出，Slave(worker)进程所有的超时任务都会被Master中止，属于非阻塞式任务模型。
Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接。二者结合，可以构架出比较稳定的软件lb方案。




准备4台电脑来做这个实验:

192.168.232.132        web服务器
192.168.232.133        web服务器
192.168.232.134        keepalived nginx
192.168.232.135        keepalived nginx

虚拟IP (VIP)：192.168.232.16
 

134\135两个主机配置虚拟IP

下面以135为例：

vi /etc/sysconfig/network-scripts/ifcfg-eth2:0

1. DEVICE=eth2:0

2. TYPE=Ethernet

3. ONBOOT=yes

4. BOOTPROTO=static

5. DNS1=192.168.232.2

6. IPADDR=192.168.232.16

7. NETMASK=255.255.255.0

8. GETWAY=192.168.232.2

service network restart
 

使用ifconfig查看效果：

 

1. eth2 Link encap:Ethernet HWaddr 00:0C:29:49:90:5B

2. inet addr:192.168.232.135 Bcast:192.168.232.255 Mask:255.255.255.0

3. inet6 addr: fe80::20c:29ff:fe49:905b/64 Scope:Link

4. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

5. RX packets:66322 errors:0 dropped:0 overruns:0 frame:0

6. TX packets:31860 errors:0 dropped:0 overruns:0 carrier:0

7. collisions:0 txqueuelen:1000

8. RX bytes:67624991 (64.4 MiB) TX bytes:2723877 (2.5 MiB)

9. Interrupt:19 Base address:0x2000

10.  

11. eth2:0 Link encap:Ethernet HWaddr 00:0C:29:49:90:5B

12. inet addr:192.168.232.16 Bcast:192.168.232.255 Mask:255.255.255.0

13. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

14. Interrupt:19 Base address:0x2000

15.  

16. lo Link encap:Local Loopback

17. inet addr:127.0.0.1 Mask:255.0.0.0

18. inet6 addr: ::1/128 Scope:Host

19. UP LOOPBACK RUNNING MTU:16436 Metric:1

20. RX packets:22622 errors:0 dropped:0 overruns:0 frame:0

21. TX packets:22622 errors:0 dropped:0 overruns:0 carrier:0

22. collisions:0 txqueuelen:0

23. RX bytes:1236328 (1.1 MiB) TX bytes:1236328 (1.1 MiB)

说明生效了。
keepalived安装：

安装依赖
yum -y install gcc gcc+ gcc-c++
yum install popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel

安装内核
yum -y install kernel kernel-devel
当前kernel代码建立连接 ln -s /usr/src/kerners/2.6....../ /usr/src/linux

安装keepalived
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar -zxvf keepalived-1.2.2.tar.gz  
cd keepalived-1.2.2  
./configure  
make  
make install   

拷贝相应的文件

cp /usr/local/sbin/keepalived /usr/sbin/ 
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/  
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/  
cp -r /usr/local/etc/keepalived/ /etc/  
 

配置keeplived和nginx主机

134/135执行都执行以下操作：
vi /etc/nginx/conf.d/default.conf
 

134\135两个主机安装keepalived和nginx

nginx安装：

1、导入外部软件库
rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/epel-release-6-5.noarch.rpm
rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/ius-release-1.0-10.ius.el6.noarch.rpm
rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
以下添加注释
mirrorlist=http://dmirr.iuscommunity.org/mirrorlist?repo=ius-el6&arch=$basearch
以下删除注释
#baseurl=http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/$basearch
2、yum安装nginx
yum install nginx

1. server {

2. listen 8088;

3. server_name localhost;

4.  

5. location / {

6. root /var/www/html;

7. index index.html index.htm;

8. }

9.  

10. error_page 500 502 503 504 /50x.html;

11. location = /50x.html {

12. root /usr/share/nginx/html;

13. }

14. }

135执行以下操作：
vi /var/www/html/index.html

 

 

1. <html>

2. <head>

3. <title>Welcome to nginx!</title>

4. </head>

5. <body bgcolor="white" text="black">

6. <center><h1>Welcome to nginx! 192.168.232.135</h1></center>

7. </body>

8. </html>

134执行以下操作：
vi /var/www/html/index.html

 

1. <html>

2. <head>

3. <title>Welcome to nginx!</title>

4. </head>

5. <body bgcolor="white" text="black">

6. <center><h1>Welcome to nginx! 192.168.232.134</h1></center>

7. </body>

8. </html>

134执行以下操作：
vi /etc/keepalived/keepalived.conf

 

1. ! Configuration File for keepalived

2.  

3. global_defs {

4. notification_email {

5. #acassen@firewall.loc

6. #failover@firewall.loc

7. #sysadmin@firewall.loc

8. }

9. #notification_email_from Alexandre.Cassen@firewall.loc

10. #smtp_server 192.168.200.1

11. #smtp_connect_timeout 30

12. router_id LVS_DEVEL

13. }

14.  

15. vrrp_script chk_http_port {

16. script "</dev/tcp/127.0.0.1/8088"

17. interval 1

18. weight -2

19. }

20.  

21. vrrp_instance VI_1 {

22. state MASTER

23. interface eth2

24. virtual_router_id 51

25. priority 100

26. advert_int 1

27. authentication {

28. auth_type PASS

29. auth_pass 1111

30. }

31. virtual_ipaddress {

32. 192.168.232.16

33. }

34. track_script {

35. chk_http_port

36. }

37. }

135执行以下操作：
vi /etc/keepalived/keepalived.conf

 

1. ! Configuration File for keepalived

2.  

3. global_defs {

4. notification_email {

5. #acassen@firewall.loc

6. #failover@firewall.loc

7. #sysadmin@firewall.loc

8. }

9. #notification_email_from Alexandre.Cassen@firewall.loc

10. #smtp_server 192.168.200.1

11. #smtp_connect_timeout 30

12. router_id LVS_DEVEL

13. }

14.  

15. vrrp_script chk_http_port {

16. script "</dev/tcp/127.0.0.1/8088"

17. interval 1

18. weight -2

19. }

20.  

21. vrrp_instance VI_1 {

22. state BACKUP

23. interface eth2

24. virtual_router_id 51

25. priority 99

26. advert_int 1

27. authentication {

28. auth_type PASS

29. auth_pass 1111

30. }

31. virtual_ipaddress {

32. 192.168.232.16

33. }

34. track_script {

35. chk_http_port

36. }

37. }

Tips：

state   参数值：主的是MASTER、备用的是BACKUP
priority 参数值： MASTER > BACKUP
virtual_router_id： 参数值要一样
 

测试测试：

两台测试机134\135均启动keepalived和nginx
service keepalived restart
service keepalived nginx

验证nginx启动正常：
访问 master：http://192.168.232.134:8088/
访问 backup: http://192.168.232.135:8088/

查看keepalived的日志信息：

134\135均打开日志信息方便查看keepalived动态：
tail -f /var/log/messages

浏览器打开虚拟ip访问：http://192.168.232.16:8080/ ，此时显示IP为192.168.232.134
 

服务器层的双机热备（比如服务器宕机、keepalived宕了）测试：

kill 192.168.232.134（master) 的keepalived进程
killall keepalived
134的日志信息如下：

1. Jun 11 18:03:10 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16

2. Jun 11 18:03:15 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16

3. Jun 11 19:30:44 localhost Keepalived: Terminating on signal

4. Jun 11 19:30:44 localhost Keepalived: Stopping Keepalived v1.2.2 (06/10,2014)

5. Jun 11 19:30:44 localhost Keepalived_vrrp: Terminating VRRP child process on signal

6. Jun 11 19:30:44 localhost Keepalived_healthcheckers: Terminating Healthchecker child process on signal

135的日志信息如下：

 

 

1. Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.

2. Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

3. Jun 11 19:30:50 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added

4. Jun 11 19:30:55 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。

再次启动192.168.232.134的keepalived进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。
 

应用层（web）的双机热备（比如nginx进程被意外kill、web端口不通）试验：

关闭192.168.232.134（master) 的nginx服务：
service nginx stop

134的日志信息如下：

 

 

1. Jun 11 19:38:49 localhost Keepalived_vrrp: VRRP_Script(chk_http_port) failed

2. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert

3. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE

4. Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.

5. Jun 11 19:38:51 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 removed

135的日志信息如下：

 

1. Jun 11 19:38:52 localhost Keepalived_vrrp: VRRP_Instance(VI_1) forcing a new MASTER election

2. Jun 11 19:38:53 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE

3. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE

4. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.

5. Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

6. Jun 11 19:38:54 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added

7. Jun 11 19:38:59 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16

刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。

再次启动192.168.232.134的nginx进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。
 

为什么主备的参数state都是MASTER，对的你没有看错确实要都设置成一样的，不然并不能实现我们想要的VIP漂浮的效果，我测试很久才发现的.state都设置成MASTER后，会根据priority的值大小竞争来决定谁是真正的MASTER，脚本检测也是在失败的时候会把权重减去相应的值，比如原来master（181）的priority=100，如果脚本检测到端口8088无法连接，就会priority-2=98，< S-B（150）的priority（99），此时 S-B（150） 将竞争成为master，这样就实现了web应用的热备。

 

如果以上实验都没有问题了，那么就该nginx负载均衡的配置了，配置修改参见如下：http://blog.csdn.NET/e421083458/article/details/30086413